wip

Author: hvitved

rust/ql/lib/codeql/rust/internal/typeinference/FunctionOverloading.qll

@@ -84,7 +84,7 @@ private module MkSiblingImpls<resolveTypeMentionAtSig/2 resolveTypeMentionAt> {
   predicate implHasSibling(ImplItemNode impl, Trait trait) { implSiblings(trait, impl, _) }
 
   pragma[nomagic]
-  predicate implHasAmbigousSiblingAt(ImplItemNode impl, Trait trait, TypePath path) {
+  predicate implHasAmbiguousSiblingAt(ImplItemNode impl, Trait trait, TypePath path) {
     exists(ImplItemNode impl2, Type t1, Type t2 |
       implSiblings(trait, impl, impl2) and
       t1 = resolveTypeMentionAt(impl.getTraitPath(), path) and
@@ -103,7 +103,7 @@ private Type resolvePreTypeMention(AstNode tm, TypePath path) {
 
 private module PreSiblingImpls = MkSiblingImpls<resolvePreTypeMention/2>;
 
-predicate preImplHasAmbigousSiblingAt = PreSiblingImpls::implHasAmbigousSiblingAt/3;
+predicate preImplHasAmbiguousSiblingAt = PreSiblingImpls::implHasAmbiguousSiblingAt/3;
 
 private Type resolveTypeMention(AstNode tm, TypePath path) {
   result = tm.(TypeMention).getTypeAt(path)

rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll

@@ -212,6 +212,10 @@ private module Input2Common {
       )
     )
   }
+
+  predicate typeParameterIsFunctionallyDetermined(TypeParameter tp) {
+    tp instanceof AssociatedTypeTypeParameter
+  }
 }
 
 private module PreInput2 implements InputSig2<PreTypeMention> {
@@ -227,11 +231,14 @@ private module PreInput2 implements InputSig2<PreTypeMention> {
     Input2Common::conditionSatisfiesConstraint(abs, condition, constraint, transitive)
   }
 
-  predicate typeAbstractionHasAmbigousConstraintAt(
+  predicate typeAbstractionHasAmbiguousConstraintAt(
     TypeAbstraction abs, Type constraint, TypePath path
   ) {
-    FunctionOverloading::preImplHasAmbigousSiblingAt(abs, constraint.(TraitType).getTrait(), path)
+    FunctionOverloading::preImplHasAmbiguousSiblingAt(abs, constraint.(TraitType).getTrait(), path)
   }
+
+  predicate typeParameterIsFunctionallyDetermined =
+    Input2Common::typeParameterIsFunctionallyDetermined/1;
 }
 
 /** Provides an instantiation of the shared type inference library for `PreTypeMention`s. */
@@ -250,11 +257,14 @@ private module Input2 implements InputSig2<TypeMention> {
     Input2Common::conditionSatisfiesConstraint(abs, condition, constraint, transitive)
   }
 
-  predicate typeAbstractionHasAmbigousConstraintAt(
+  predicate typeAbstractionHasAmbiguousConstraintAt(
     TypeAbstraction abs, Type constraint, TypePath path
   ) {
-    FunctionOverloading::implHasAmbigousSiblingAt(abs, constraint.(TraitType).getTrait(), path)
+    FunctionOverloading::implHasAmbiguousSiblingAt(abs, constraint.(TraitType).getTrait(), path)
   }
+
+  predicate typeParameterIsFunctionallyDetermined =
+    Input2Common::typeParameterIsFunctionallyDetermined/1;
 }
 
 private import Input2

rust/ql/lib/codeql/rust/internal/typeinference/TypeMention.qll

@@ -7,6 +7,7 @@ private import Type
 private import TypeAbstraction
 private import TypeInference
 private import AssociatedType
+private import codeql.util.Unit
 
 bindingset[trait, name]
 pragma[inline_late]
@@ -754,6 +755,10 @@ private module PathSatisfiesConstraintInput implements
   predicate relevantConstraint(PreTypeMention tm, TraitOrTmTrait constraint) {
     pathConcreteTypeAssocType(_, tm, _, constraint, _)
   }
+
+  class TypeMatchingContext = Unit;
+
+  TypeMatchingContext getTypeMatchingContext(PreTypeMention tm) { none() }
 }
 
 private module PathSatisfiesConstraint =

rust/ql/test/library-tests/type-inference/overloading.rs

@@ -516,8 +516,8 @@ mod trait_bound_impl_overlap {
         let y = call_f::<i32, _>(x); // $ target=call_f type=y:i32
 
         let x = S(0);
-        let y = call_f2(S(0i32), x); // $ target=call_f2 $ MISSING: type=y:i32
+        let y = call_f2(S(0i32), x); // $ target=call_f2 type=y:i32
         let x = S(0);
-        let y = call_f2(S(0i64), x); // $ target=call_f2 $ MISSING: type=y:i64
+        let y = call_f2(S(0i64), x); // $ target=call_f2 type=y:i64
     }
 }

rust/ql/test/library-tests/type-inference/type-inference.expected

@@ -12948,6 +12948,8 @@ inferType
 | overloading.rs:518:17:518:20 | S(...) |  | overloading.rs:464:5:464:19 | S |
 | overloading.rs:518:17:518:20 | S(...) | T | {EXTERNAL LOCATION} | i32 |
 | overloading.rs:518:19:518:19 | 0 |  | {EXTERNAL LOCATION} | i32 |
+| overloading.rs:519:13:519:13 | y |  | {EXTERNAL LOCATION} | i32 |
+| overloading.rs:519:17:519:35 | call_f2(...) |  | {EXTERNAL LOCATION} | i32 |
 | overloading.rs:519:25:519:31 | S(...) |  | overloading.rs:464:5:464:19 | S |
 | overloading.rs:519:25:519:31 | S(...) | T | {EXTERNAL LOCATION} | i32 |
 | overloading.rs:519:27:519:30 | 0i32 |  | {EXTERNAL LOCATION} | i32 |
@@ -12958,6 +12960,8 @@ inferType
 | overloading.rs:520:17:520:20 | S(...) |  | overloading.rs:464:5:464:19 | S |
 | overloading.rs:520:17:520:20 | S(...) | T | {EXTERNAL LOCATION} | i32 |
 | overloading.rs:520:19:520:19 | 0 |  | {EXTERNAL LOCATION} | i32 |
+| overloading.rs:521:13:521:13 | y |  | {EXTERNAL LOCATION} | i64 |
+| overloading.rs:521:17:521:35 | call_f2(...) |  | {EXTERNAL LOCATION} | i64 |
 | overloading.rs:521:25:521:31 | S(...) |  | overloading.rs:464:5:464:19 | S |
 | overloading.rs:521:25:521:31 | S(...) | T | {EXTERNAL LOCATION} | i64 |
 | overloading.rs:521:27:521:30 | 0i64 |  | {EXTERNAL LOCATION} | i64 |

shared/typeinference/codeql/typeinference/internal/TypeInference.qll

@@ -126,6 +126,7 @@ overlay[local?]
 module;
 
 private import codeql.util.Location
+private import codeql.util.Unit
 
 /** Provides the input to `Make1`. */
 signature module InputSig1<LocationSig Location> {
@@ -388,7 +389,7 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
 
     /**
      * Holds if the constraint belonging to `abs` with root type `constraint` is
-     * ambigous at `path`, meaning that there is _some_ other abstraction `abs2`
+     * ambiguous at `path`, meaning that there is _some_ other abstraction `abs2`
      * with a structurally identical condition and same root constraint type
      * `constraint`, and where the constraints differ at `path`.
      *
@@ -412,9 +413,18 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
      * `condition` and `condition2`, and they differ at the path `"T1"`, but
      * not at the path `"T2"`.
      */
-    predicate typeAbstractionHasAmbigousConstraintAt(
+    predicate typeAbstractionHasAmbiguousConstraintAt(
       TypeAbstraction abs, Type constraint, TypePath path
     );
+
+    /**
+     * Holds if all instantiations of `tp` are functionally determined by the
+     * instantiations of the other type parameters in the same abstraction.
+     *
+     * For example, in Rust all associated types act as functionally determined
+     * type parameters.
+     */
+    predicate typeParameterIsFunctionallyDetermined(TypeParameter tp);
   }
 
   module Make2<HasTypeTreeSig TypeMention, InputSig2<TypeMention> Input2> {
@@ -691,6 +701,7 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
        * Holds if the type mention `condition` satisfies `constraint` with the
        * type `t` at the path `path`.
        */
+      pragma[nomagic]
       predicate conditionSatisfiesConstraintTypeAt(
         TypeAbstraction abs, TypeMention condition, TypeMention constraint, TypePath path, Type t
       ) {
@@ -854,6 +865,19 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
     signature module SatisfiesConstraintInputSig<HasTypeTreeSig Term, HasTypeTreeSig Constraint> {
       /** Holds if it is relevant to know if `term` satisfies `constraint`. */
       predicate relevantConstraint(Term term, Constraint constraint);
+
+      class TypeMatchingContext;
+
+      TypeMatchingContext getTypeMatchingContext(Term t);
+
+      /**
+       * Holds if `tp` can be matched with the type `t` at `path` in the context of `term`.
+       *
+       * This may be used to disambiguate between multiple constraints that `term` may satisfy.
+       */
+      default predicate typeMatch(TypeMatchingContext ctx, TypeParameter tp, TypePath path, Type t) {
+        none()
+      }
     }
 
     module SatisfiesConstraint<
@@ -975,18 +999,74 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
       pragma[nomagic]
       private predicate satisfiesConstraintTypeMention0(
         Term term, Constraint constraint, TypeMention constraintMention, TypeAbstraction abs,
-        TypeMention sub, TypePath path, Type t, boolean ambigous
+        TypeMention sub, TypePath path, Type t, boolean ambiguous
       ) {
         exists(Type constraintRoot |
           hasConstraintMention(term, abs, sub, constraint, constraintRoot, constraintMention) and
           conditionSatisfiesConstraintTypeAt(abs, sub, constraintMention, path, t) and
           if
             exists(TypePath prefix |
-              typeAbstractionHasAmbigousConstraintAt(abs, constraintRoot, prefix) and
+              typeAbstractionHasAmbiguousConstraintAt(abs, constraintRoot, prefix) and
               prefix.isPrefixOf(path)
             )
-          then ambigous = true
-          else ambigous = false
+          then ambiguous = true
+          else ambiguous = false
+        )
+      }
+
+      pragma[nomagic]
+      private predicate conditionSatisfiesConstraintTypeAtForDisambiguation(
+        TypeAbstraction abs, TypeMention condition, TypeMention constraint, TypePath path, Type t
+      ) {
+        conditionSatisfiesConstraintTypeAt(abs, condition, constraint, path, t) and
+        not t instanceof TypeParameter and
+        not typeParameterIsFunctionallyDetermined(path.getHead())
+      }
+
+      pragma[nomagic]
+      private predicate constraintTypeMatchForDisambiguation0(
+        Term term, Constraint constraint, TypePath path, TypePath suffix, TypeParameter tp
+      ) {
+        exists(
+          TypeMention constraintMention, TypeAbstraction abs, TypeMention sub, TypePath prefix
+        |
+          satisfiesConstraintTypeMention0(term, constraint, constraintMention, abs, sub, _, _, true) and
+          conditionSatisfiesConstraintTypeAtForDisambiguation(abs, sub, constraintMention, path, _) and
+          tp = constraint.getTypeAt(prefix) and
+          path = prefix.appendInverse(suffix)
+        )
+      }
+
+      pragma[nomagic]
+      private predicate constraintTypeMatchForDisambiguation1(
+        Term term, Constraint constraint, TypePath path, TypeMatchingContext ctx, TypePath suffix,
+        TypeParameter tp
+      ) {
+        constraintTypeMatchForDisambiguation0(term, constraint, path, suffix, tp) and
+        ctx = getTypeMatchingContext(term)
+      }
+
+      /**
+       * Holds if the type of `constraint` at `path` is `t` because it is possible
+       * to match some type parameter that occurs in `constraint` at a prefix of
+       * `path` in the context of `term`.
+       *
+       * For example, if we have
+       *
+       * ```rust
+       * fn f<T1, T2: SomeTrait<T1>>(x: T1, y: T2) -> T2::Output { ... }
+       * ```
+       *
+       * then at a call like `f(true, ...)` the constraint `SomeTrait<T1>` has the
+       * type `bool` substituted for `T1`.
+       */
+      pragma[nomagic]
+      private predicate constraintTypeMatchForDisambiguation(
+        Term term, Constraint constraint, TypePath path, Type t
+      ) {
+        exists(TypeMatchingContext ctx, TypeParameter tp, TypePath suffix |
+          constraintTypeMatchForDisambiguation1(term, constraint, path, ctx, suffix, tp) and
+          typeMatch(ctx, tp, suffix, t)
         )
       }
 
@@ -995,20 +1075,24 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
         Term term, Constraint constraint, TypeAbstraction abs, TypeMention sub, TypePath path,
         Type t
       ) {
-        exists(TypeMention constraintMention, boolean ambigous |
+        exists(TypeMention constraintMention, boolean ambiguous |
           satisfiesConstraintTypeMention0(term, constraint, constraintMention, abs, sub, path, t,
-            ambigous)
+            ambiguous)
         |
-          if ambigous = true
+          if ambiguous = true
           then
             // When the constraint is not uniquely satisfied, we check that the satisfying
             // abstraction is not more specific than the constraint to be satisfied. For example,
             // if the constraint is `MyTrait<i32>` and there is both `impl MyTrait<i32> for ...` and
             // `impl MyTrait<i64> for ...`, then the latter will be filtered away
-            not exists(TypePath path1, Type t1 |
-              conditionSatisfiesConstraintTypeAt(abs, sub, constraintMention, path1, t1) and
-              not t1 instanceof TypeParameter and
-              t1 != constraint.getTypeAt(path1)
+            forall(TypePath path1, Type t1 |
+              conditionSatisfiesConstraintTypeAtForDisambiguation(abs, sub, constraintMention,
+                path1, t1)
+            |
+              t1 = constraint.getTypeAt(path1)
+              or
+              // The constraint may contain a type parameter, which we can match to the right type
+              constraintTypeMatchForDisambiguation(term, constraint, path1, t1)
             )
           else any()
         )
@@ -1142,6 +1226,10 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
         predicate relevantConstraint(Term term, TypeAsTypeTree constraint) {
           Input::relevantConstraint(term, constraint)
         }
+
+        class TypeMatchingContext = Unit;
+
+        TypeMatchingContext getTypeMatchingContext(Term t) { none() }
       }
 
       import SatisfiesConstraint<Term, TypeAsTypeTree, SatisfiesConstraintInput>
@@ -1367,7 +1455,7 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
       }
 
       private module AccessConstraint {
-        predicate relevantAccessConstraint(
+        private predicate relevantAccessConstraint(
           Access a, AccessEnvironment e, Declaration target, AccessPosition apos, TypePath path,
           TypeMention constraint
         ) {
@@ -1392,6 +1480,7 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
 
           RelevantAccess() { this = MkRelevantAccess(a, apos, e, path) }
 
+          pragma[nomagic]
           Type getTypeAt(TypePath suffix) {
             result = a.getInferredType(e, apos, path.appendInverse(suffix))
           }
@@ -1414,6 +1503,17 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
           predicate relevantConstraint(RelevantAccess at, TypeMention constraint) {
             constraint = at.getConstraint(_)
           }
+
+          class TypeMatchingContext = Access;
+
+          TypeMatchingContext getTypeMatchingContext(RelevantAccess at) {
+            at = MkRelevantAccess(result, _, _, _)
+          }
+
+          pragma[nomagic]
+          predicate typeMatch(TypeMatchingContext ctx, TypeParameter tp, TypePath path, Type t) {
+            typeMatch(ctx, _, _, path, t, tp)
+          }
         }
 
         private module SatisfiesTypeParameterConstraint =