debug

Author: hvitved

rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll

@@ -1,6 +1,6 @@
 private import rust
 private import codeql.rust.controlflow.ControlFlowGraph
-private import codeql.rust.elements.internal.generated.ParentChild
+private import codeql.rust.elements.internal.generated.ParentChild as ParentChild
 private import codeql.rust.elements.internal.PathImpl::Impl as PathImpl
 private import codeql.rust.elements.internal.PathExprBaseImpl::Impl as PathExprBaseImpl
 private import codeql.rust.elements.internal.FormatTemplateVariableAccessImpl::Impl as FormatTemplateVariableAccessImpl
@@ -36,9 +36,37 @@ module Impl {
     ClosureBodyScope() { this = any(ClosureExpr ce).getBody() }
   }
 
-  class IfExprScope extends VariableScope, IfExpr { }
+  /**
+   * A scope for conditions, which may introduce variables using `let`
+   * expressions, which are available only in the `then` branch or
+   * loop body.
+   */
+  class ConditionScope extends VariableScope, Expr {
+    private AstNode parent;
+    private AstNode body;
+
+    ConditionScope() {
+      parent =
+        any(IfExpr ie |
+          this = ie.getCondition() and
+          body = ie.getThen()
+        )
+      or
+      parent =
+        any(WhileExpr we |
+          this = we.getCondition() and
+          body = we.getLoopBody()
+        )
+    }
 
-  class WhileExprScope extends VariableScope, WhileExpr { }
+    /** Gets the parent of this condition. */
+    AstNode getParent() { result = parent }
+
+    /**
+     * Gets the body in which variables introduced in this scope are available.
+     */
+    AstNode getBody() { result = body }
+  }
 
   private Pat getAPatAncestor(Pat p) {
     (p instanceof IdentPat or p instanceof OrPat) and
@@ -203,45 +231,38 @@ module Impl {
     string getName() { result = name_ }
   }
 
-  private AstNode getElseBranch(
-    AstNode elseParentParent, int index, AstNode elseParent, int elseIndex
-  ) {
-    elseParent = getImmediateChild(elseParentParent, index) and
-    result = getImmediateChild(elseParent, elseIndex) and
-    (
-      result = elseParent.(LetStmt).getLetElse()
-      or
-      result = elseParent.(IfExpr).getElse()
-    )
-  }
-
-  private AstNode getLoopBody(LoopingExpr loop) { result = loop.getLoopBody() }
-
   pragma[nomagic]
-  private Element getImmediateChildAdj(Element e, int preOrd, int index, int postOrd) {
-    result = getImmediateChild(e, index) and
+  private Element getImmediateChildAdj(Element e, int preOrd, int index) {
+    result = ParentChild::getImmediateChild(e, index) and
     preOrd = 0 and
-    postOrd = 0 and
-    not result = getElseBranch(_, _, e, index) and
-    not result = getLoopBody(e)
-    or
-    result = getElseBranch(e, index, _, _) and
-    preOrd = 0 and
-    postOrd = -1
+    not exists(ConditionScope cs |
+      e = cs.getParent() and
+      result = cs.getBody()
+    )
     or
-    result = getLoopBody(e) and
-    index = 0 and
+    result = e.(ConditionScope).getBody() and
     preOrd = 1 and
-    postOrd = 0
+    index = 0
   }
 
+  /**
+   * An adjusted version of `ParentChild::getImmediateChild`, which makes the following
+   * two adjustments:
+   *
+   * 1. For conditions like `if cond body`, instead of letting `body` be the second child
+   *    of `if`, we make it the last child of `cond`. This ensures that variables
+   *    introduced in the `cond` scope are available in `body`.
+   *
+   * 2. A similar adjustment is made for `while` loops: the body of the loop is made a
+   *    child of the loop condition instead of the loop itself.
+   */
   pragma[nomagic]
   private Element getImmediateChildAdj(Element e, int index) {
     result =
-      rank[index + 1](Element res, int i, int preOrd, int postOrd |
-        res = getImmediateChildAdj(e, preOrd, i, postOrd)
+      rank[index + 1](Element res, int preOrd, int i |
+        res = getImmediateChildAdj(e, preOrd, i)
       |
-        res order by preOrd, i, postOrd
+        res order by preOrd, i
       )
   }
 
@@ -252,7 +273,7 @@ module Impl {
       n instanceof Pat or
       n instanceof VariableAccessCand or
       n instanceof LetStmt or
-      n instanceof LetExpr or
+      n = any(LetExpr le).getScrutinee() or
       n instanceof VariableScope
     ) and
     exists(AstNode n0 |
@@ -298,7 +319,7 @@ module Impl {
       this instanceof VariableScope or
       this instanceof VariableAccessCand or
       this instanceof LetStmt or
-      this instanceof LetExpr or
+      this = any(LetExpr le).getScrutinee() or
       getImmediateChildAdj(this, _) instanceof RelevantElement
     }
 
@@ -410,12 +431,13 @@ module Impl {
           ord = getLastPreOrderNumbering(scope, let) + 1
         )
         or
-        exists(LetExpr let |
+        exists(LetExpr let, Expr scrutinee |
           let.getPat() = pat and
-          scope = getEnclosingScope(let) and
-          // for `let` expressions, variables are bound _after_ the statement, i.e.
+          scrutinee = let.getScrutinee() and
+          scope = getEnclosingScope(scrutinee) and
+          // for `let` expressions, variables are bound _after_ the expression, i.e.
           // not in the RHS
-          ord = getLastPreOrderNumbering(scope, let) + 1
+          ord = getLastPreOrderNumbering(scope, scrutinee) + 1
         )
         or
         exists(ForExpr fe |

rust/ql/test/library-tests/variables/Ssa.expected

@@ -274,6 +274,7 @@ read
 | main.rs:335:20:335:20 | x | main.rs:335:20:335:20 | x | main.rs:337:19:337:19 | x |
 | main.rs:346:9:346:9 | x | main.rs:346:9:346:9 | x | main.rs:348:7:348:7 | x |
 | main.rs:346:9:346:9 | x | main.rs:346:9:346:9 | x | main.rs:353:7:353:7 | x |
+| main.rs:346:9:346:9 | x | main.rs:346:9:346:9 | x | main.rs:357:19:357:19 | x |
 | main.rs:347:16:347:16 | x | main.rs:347:16:347:16 | x | main.rs:350:19:350:19 | x |
 | main.rs:352:20:352:20 | x | main.rs:352:20:352:20 | x | main.rs:355:19:355:19 | x |
 | main.rs:362:5:362:6 | a8 | main.rs:362:5:362:6 | a8 | main.rs:368:15:368:16 | a8 |
@@ -567,6 +568,7 @@ adjacentReads
 | main.rs:318:14:318:14 | x | main.rs:318:14:318:14 | x | main.rs:321:5:321:5 | x | main.rs:323:19:323:19 | x |
 | main.rs:332:9:332:9 | x | main.rs:332:9:332:9 | x | main.rs:333:11:333:11 | x | main.rs:341:15:341:15 | x |
 | main.rs:346:9:346:9 | x | main.rs:346:9:346:9 | x | main.rs:348:7:348:7 | x | main.rs:353:7:353:7 | x |
+| main.rs:346:9:346:9 | x | main.rs:346:9:346:9 | x | main.rs:353:7:353:7 | x | main.rs:357:19:357:19 | x |
 | main.rs:389:9:389:10 | c2 | main.rs:382:13:382:14 | c2 | main.rs:395:9:395:10 | c2 | main.rs:399:15:399:16 | c2 |
 | main.rs:390:9:390:10 | b4 | main.rs:381:13:381:14 | b4 | main.rs:394:9:394:10 | b4 | main.rs:398:15:398:16 | b4 |
 | main.rs:390:9:390:10 | b4 | main.rs:381:13:381:14 | b4 | main.rs:398:15:398:16 | b4 | main.rs:412:15:412:16 | b4 |

rust/ql/test/library-tests/variables/variables.expected

@@ -1,6 +1,4 @@
 testFailures
-| main.rs:357:19:357:19 | x | Unexpected result: read_access=x2 |
-| main.rs:357:32:357:50 | //... | Missing result: read_access=x1 |
 variable
 | main.rs:5:14:5:14 | s |
 | main.rs:10:14:10:14 | i |
@@ -227,7 +225,7 @@ variableAccess
 | main.rs:350:19:350:19 | x | main.rs:347:16:347:16 | x |
 | main.rs:353:7:353:7 | x | main.rs:346:9:346:9 | x |
 | main.rs:355:19:355:19 | x | main.rs:352:20:352:20 | x |
-| main.rs:357:19:357:19 | x | main.rs:347:16:347:16 | x |
+| main.rs:357:19:357:19 | x | main.rs:346:9:346:9 | x |
 | main.rs:368:15:368:16 | a8 | main.rs:362:5:362:6 | a8 |
 | main.rs:369:15:369:16 | b3 | main.rs:364:9:364:10 | b3 |
 | main.rs:370:15:370:16 | c1 | main.rs:365:9:365:10 | c1 |
@@ -451,7 +449,7 @@ variableReadAccess
 | main.rs:350:19:350:19 | x | main.rs:347:16:347:16 | x |
 | main.rs:353:7:353:7 | x | main.rs:346:9:346:9 | x |
 | main.rs:355:19:355:19 | x | main.rs:352:20:352:20 | x |
-| main.rs:357:19:357:19 | x | main.rs:347:16:347:16 | x |
+| main.rs:357:19:357:19 | x | main.rs:346:9:346:9 | x |
 | main.rs:368:15:368:16 | a8 | main.rs:362:5:362:6 | a8 |
 | main.rs:369:15:369:16 | b3 | main.rs:364:9:364:10 | b3 |
 | main.rs:370:15:370:16 | c1 | main.rs:365:9:365:10 | c1 |