wip2

Author: hvitved

rust/ql/lib/codeql/rust/dataflow/internal/DataFlowConsistency.qll

@@ -19,8 +19,6 @@ private module Input implements InputSig<Location, RustDataFlow> {
   predicate postWithInFlowExclude(RustDataFlow::Node n) {
     n instanceof Node::FlowSummaryNode
     or
-    n.(Node::PostUpdateNode).getPreUpdateNode().asExpr() = getPostUpdateReverseStep(_, _)
-    or
     FlowSummaryImpl::Private::Steps::sourceLocalStep(_, n, _)
   }
 

rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll

@@ -275,6 +275,18 @@ module LocalFlow {
     or
     nodeFrom.asPat().(OrPat).getAPat() = nodeTo.asPat()
     or
+    // or
+    // // x.foo -> (&x).foo
+    // // [post] &x -> [post] x
+    // //
+    // // x.foo -> (*x).foo
+    // // [post] *x -> [post] x
+    // nodeFrom.(PostUpdateNode).getPreUpdateNode().(DerefBorrowNode).getNode() =
+    //   nodeTo.(PostUpdateNode).getPreUpdateNode().asExpr()
+    // or
+    // // *x -> *Deref::deref(&x)
+    // nodeFrom.(PostUpdateNode).getPreUpdateNode().(DerefOutNode).getDerefExpr() =
+    //   nodeTo.(PostUpdateNode).getPreUpdateNode().asExpr()
     nodeTo.(PostUpdateNode).getPreUpdateNode().asExpr() =
       getPostUpdateReverseStep(nodeFrom.(PostUpdateNode).getPreUpdateNode().asExpr(), true)
   }
@@ -721,10 +733,10 @@ module RustDataFlow implements InputSig<Location> {
     VariableCapture::storeStep(node1, c, node2)
     or
     implicitBorrow(node1, node2, c)
-    or
-    // A store step dual to the read step for implicit dereferences.
-    implicitDeref(node2.(PostUpdateNode).getPreUpdateNode(),
-      node1.(PostUpdateNode).getPreUpdateNode(), c)
+    // or
+    // // A store step dual to the read step for implicit dereferences.
+    // implicitDeref(node2.(PostUpdateNode).getPreUpdateNode(),
+    //   node1.(PostUpdateNode).getPreUpdateNode(), c)
   }
 
   /**

rust/ql/lib/codeql/rust/frameworks/stdlib/alloc.model.yml

@@ -24,7 +24,7 @@ extensions:
       extensible: summaryModel
     data:
       # Box
-      - ["<alloc::boxed::Box as core::ops::deref::Deref>::deref", "Argument[self].Field[alloc::boxed::Box(0)]", "ReturnValue.Reference", "value", "manual"]
+      - ["<alloc::boxed::Box as core::ops::deref::Deref>::deref", "Argument[self].Reference.Field[alloc::boxed::Box(0)]", "ReturnValue.Reference", "value", "manual"]
       - ["<alloc::boxed::Box>::pin", "Argument[0]", "ReturnValue.Field[core::pin::Pin::pointer].Field[alloc::boxed::Box(0)]", "value", "manual"]
       - ["<alloc::boxed::Box>::new", "Argument[0]", "ReturnValue.Field[alloc::boxed::Box(0)]", "value", "manual"]
       - ["<alloc::boxed::Box>::into_pin", "Argument[0]", "ReturnValue.Field[core::pin::Pin::pointer]", "value", "manual"]

rust/ql/lib/codeql/rust/internal/TypeInference.qll

@@ -3563,8 +3563,8 @@ private module Debug {
   Locatable getRelevantLocatable() {
     exists(string filepath, int startline, int startcolumn, int endline, int endcolumn |
       result.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
-      filepath.matches("%/sqlx.rs") and
-      startline = [56 .. 60]
+      filepath.matches("%/main.rs") and
+      startline = 116
     )
   }
 
@@ -3573,9 +3573,10 @@ private module Debug {
     result = inferType(n, path)
   }
 
-  Addressable debugResolveCallTarget(Call c) {
+  Addressable debugResolveCallTarget(Call c, string can) {
     c = getRelevantLocatable() and
-    result = resolveCallTarget(c)
+    result = resolveCallTarget(c) and
+    can = result.getCanonicalPath()
   }
 
   predicate debugConditionSatisfiesConstraint(

rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected

@@ -825,8 +825,8 @@ localStep
 | main.rs:616:36:616:41 | [post] MacroExpr | main.rs:616:36:616:39 | [post] ...::new(...) |
 readStep
 | main.rs:50:9:50:15 | Some(...) | {EXTERNAL LOCATION} | Some | main.rs:50:14:50:14 | _ |
+| main.rs:116:10:116:11 | * ... [pre-dereferenced] | file://:0:0:0:0 | &ref | main.rs:116:10:116:11 | * ... |
 | main.rs:116:11:116:11 | [post] i [borrowed] | file://:0:0:0:0 | &ref | main.rs:116:11:116:11 | [post] i |
-| main.rs:116:11:116:11 | i | file://:0:0:0:0 | &ref | main.rs:116:10:116:11 | * ... |
 | main.rs:124:10:124:10 | a | file://:0:0:0:0 | tuple.0 | main.rs:124:10:124:12 | a.0 |
 | main.rs:125:10:125:10 | a | file://:0:0:0:0 | tuple.1 | main.rs:125:10:125:12 | a.1 |
 | main.rs:130:9:130:20 | TuplePat | file://:0:0:0:0 | tuple.0 | main.rs:130:10:130:11 | a0 |
@@ -934,30 +934,30 @@ readStep
 | main.rs:506:13:506:13 | [post] a [borrowed] | file://:0:0:0:0 | &ref | main.rs:506:13:506:13 | [post] a |
 | main.rs:519:10:519:11 | [post] vs [borrowed] | file://:0:0:0:0 | &ref | main.rs:519:10:519:11 | [post] vs |
 | main.rs:519:10:519:11 | vs | file://:0:0:0:0 | element | main.rs:519:10:519:14 | vs[0] |
-| main.rs:520:11:520:35 | ... .unwrap() | file://:0:0:0:0 | &ref | main.rs:520:10:520:35 | * ... |
+| main.rs:520:10:520:35 | * ... [pre-dereferenced] | file://:0:0:0:0 | &ref | main.rs:520:10:520:35 | * ... |
 | main.rs:520:11:520:35 | [post] ... .unwrap() [borrowed] | file://:0:0:0:0 | &ref | main.rs:520:11:520:35 | [post] ... .unwrap() |
-| main.rs:521:11:521:35 | ... .unwrap() | file://:0:0:0:0 | &ref | main.rs:521:10:521:35 | * ... |
+| main.rs:521:10:521:35 | * ... [pre-dereferenced] | file://:0:0:0:0 | &ref | main.rs:521:10:521:35 | * ... |
 | main.rs:521:11:521:35 | [post] ... .unwrap() [borrowed] | file://:0:0:0:0 | &ref | main.rs:521:11:521:35 | [post] ... .unwrap() |
 | main.rs:523:14:523:15 | vs | file://:0:0:0:0 | element | main.rs:523:9:523:9 | v |
 | main.rs:526:9:526:10 | &... | file://:0:0:0:0 | &ref | main.rs:526:10:526:10 | v |
 | main.rs:526:15:526:23 | vs.iter() | file://:0:0:0:0 | element | main.rs:526:9:526:10 | &... |
 | main.rs:531:9:531:10 | &... | file://:0:0:0:0 | &ref | main.rs:531:10:531:10 | v |
 | main.rs:531:15:531:17 | vs2 | file://:0:0:0:0 | element | main.rs:531:9:531:10 | &... |
+| main.rs:535:28:535:29 | * ... [pre-dereferenced] | file://:0:0:0:0 | &ref | main.rs:535:28:535:29 | * ... |
 | main.rs:535:29:535:29 | [post] x [borrowed] | file://:0:0:0:0 | &ref | main.rs:535:29:535:29 | [post] x |
-| main.rs:535:29:535:29 | x | file://:0:0:0:0 | &ref | main.rs:535:28:535:29 | * ... |
+| main.rs:536:33:536:34 | * ... [pre-dereferenced] | file://:0:0:0:0 | &ref | main.rs:536:33:536:34 | * ... |
 | main.rs:536:34:536:34 | [post] x [borrowed] | file://:0:0:0:0 | &ref | main.rs:536:34:536:34 | [post] x |
-| main.rs:536:34:536:34 | x | file://:0:0:0:0 | &ref | main.rs:536:33:536:34 | * ... |
 | main.rs:538:14:538:27 | vs.into_iter() | file://:0:0:0:0 | element | main.rs:538:9:538:9 | v |
 | main.rs:544:10:544:15 | [post] vs_mut [borrowed] | file://:0:0:0:0 | &ref | main.rs:544:10:544:15 | [post] vs_mut |
 | main.rs:544:10:544:15 | vs_mut | file://:0:0:0:0 | element | main.rs:544:10:544:18 | vs_mut[0] |
-| main.rs:545:11:545:39 | ... .unwrap() | file://:0:0:0:0 | &ref | main.rs:545:10:545:39 | * ... |
+| main.rs:545:10:545:39 | * ... [pre-dereferenced] | file://:0:0:0:0 | &ref | main.rs:545:10:545:39 | * ... |
 | main.rs:545:11:545:39 | [post] ... .unwrap() [borrowed] | file://:0:0:0:0 | &ref | main.rs:545:11:545:39 | [post] ... .unwrap() |
-| main.rs:546:11:546:39 | ... .unwrap() | file://:0:0:0:0 | &ref | main.rs:546:10:546:39 | * ... |
+| main.rs:546:10:546:39 | * ... [pre-dereferenced] | file://:0:0:0:0 | &ref | main.rs:546:10:546:39 | * ... |
 | main.rs:546:11:546:39 | [post] ... .unwrap() [borrowed] | file://:0:0:0:0 | &ref | main.rs:546:11:546:39 | [post] ... .unwrap() |
 | main.rs:548:9:548:14 | &mut ... | file://:0:0:0:0 | &ref | main.rs:548:14:548:14 | v |
 | main.rs:548:19:548:35 | vs_mut.iter_mut() | file://:0:0:0:0 | element | main.rs:548:9:548:14 | &mut ... |
+| main.rs:562:10:562:15 | * ... [pre-dereferenced] | file://:0:0:0:0 | &ref | main.rs:562:10:562:15 | * ... |
 | main.rs:562:11:562:15 | [post] c_ref [borrowed] | file://:0:0:0:0 | &ref | main.rs:562:11:562:15 | [post] c_ref |
-| main.rs:562:11:562:15 | c_ref | file://:0:0:0:0 | &ref | main.rs:562:10:562:15 | * ... |
 storeStep
 | main.rs:116:11:116:11 | i | file://:0:0:0:0 | &ref | main.rs:116:11:116:11 | i [borrowed] |
 | main.rs:123:14:123:22 | source(...) | file://:0:0:0:0 | tuple.0 | main.rs:123:13:123:26 | TupleExpr |