wip

Author: hvitved

rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll

@@ -290,7 +290,7 @@ predicate lambdaCreationExpr(Expr creation) {
  * Holds if `call` is a lambda call of kind `kind` where `receiver` is the
  * invoked expression.
  */
-predicate lambdaCallExpr(ClosureCall call, LambdaCallKind kind, Expr receiver) {
+predicate lambdaCallExpr(ClosureCallExpr call, LambdaCallKind kind, Expr receiver) {
   receiver = call.getClosureExpr() and
   exists(kind)
 }
@@ -823,7 +823,7 @@ module RustDataFlow implements InputSig<Location> {
    */
   predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) {
     (
-      receiver.asExpr() = call.asCall().(ClosureCall).getClosureExpr()
+      receiver.asExpr() = call.asCall().(ClosureCallExpr).getClosureExpr()
       or
       call.isSummaryCall(_, receiver.(FlowSummaryNode).getSummaryNode())
     ) and

rust/ql/lib/codeql/rust/elements/Call.qll

@@ -7,22 +7,6 @@ private import internal.CallImpl
 
 final class Call = Impl::Call;
 
-// todo: remove once internal query has been updated
-final class CallExpr extends ParenArgsExpr {
-  Expr getFunction() { result = this.getBase() }
-
-  Expr getArg(int i) { result = this.getArgument(i) }
-
-  int getNumberOfArgs() { result = this.getNumberOfArguments() }
-}
-
-private predicate isClosureCall(ParenArgsExpr call) {
-  exists(Expr receiver | receiver = call.getBase() |
-    // All calls to complex expressions and local variable accesses are lambda calls
-    receiver instanceof PathExpr implies receiver = any(Variable v).getAnAccess()
-  )
-}
-
 private predicate isGuaranteedMethodCall(ArgsExpr call) {
   call instanceof MethodCallExpr
   or
@@ -36,7 +20,7 @@ private predicate isGuaranteedMethodCall(ArgsExpr call) {
  *
  * Either
  *
- * - a `ParenArgsExpr` where we can resolve the target as a method,
+ * - a `CallExpr` where we can resolve the target as a method,
  * - a `MethodCallExpr`,
  * - an `Operation` that targets an overloadable opeator, or
  * - an `IndexExpr`.
@@ -51,16 +35,3 @@ final class MethodCall extends Call {
   /** Gets the static target of this method call, if any. */
   Method getStaticTarget() { result = super.getStaticTarget() }
 }
-
-/**
- * A call expression that targets a closure.
- *
- * Closure calls never have a static target, and the set of potential
- * run-time targets is only available internally to the data flow library.
- */
-final class ClosureCall extends Call instanceof ParenArgsExpr {
-  ClosureCall() { isClosureCall(this) }
-
-  /** Gets the closure expression being called. */
-  Expr getClosureExpr() { result = super.getBase() }
-}

rust/ql/lib/codeql/rust/elements/CallExpr.qll

@@ -0,0 +1,10 @@
+/**
+ * This module provides the public class `CallExpr`.
+ */
+
+private import rust
+private import internal.CallExprImpl
+
+final class CallExpr = Impl::CallExpr;
+
+final class ClosureCallExpr = Impl::ClosureCallExpr;

rust/ql/lib/codeql/rust/elements/internal/ArgsExprImpl.qll

@@ -19,14 +19,6 @@ module Impl {
     /** Gets the number of positional arguments of this expression. */
     int getNumberOfArguments() { result = count(Expr arg | arg = this.getArgument(_)) }
 
-    /**
-     * Gets the receiver of this expression, if any.
-     *
-     * This is either an actual receiver of a method call, the first operand of an operation,
-     * or the base expression of an index expression.
-     */
-    Expr getReceiver() { none() }
-
     /** Gets the resolved target (function or tuple struct/variant) of this call, if any. */
     Addressable getResolvedTarget() { result = TypeInference::resolveCallTarget(this) }
   }

rust/ql/lib/codeql/rust/elements/internal/CallExprImpl.qll

@@ -0,0 +1,71 @@
+/**
+ * INTERNAL: This module contains the customizable definition of `CallExpr` and should not
+ * be referenced directly.
+ */
+module Impl {
+  private import rust
+  private import codeql.rust.elements.internal.CallImpl::Impl as CallImpl
+  private import codeql.rust.elements.internal.ParenArgsExprImpl::Impl as ParenArgsExprImpl
+  private import codeql.rust.internal.TypeInference as TypeInference
+
+  private predicate isClosureCall(ParenArgsExpr call) {
+    exists(Expr receiver | receiver = call.getBase() |
+      // All calls to complex expressions and local variable accesses are lambda calls
+      receiver instanceof PathExpr implies receiver = any(Variable v).getAnAccess()
+    )
+  }
+
+  /**
+   * A call expression. For example:
+   * ```rust
+   * foo(42);
+   * foo::<u32, u64>(42);
+   * foo[0](42);
+   * foo(1) = 4;
+   * ```
+   */
+  class CallExpr extends CallImpl::Call, ParenArgsExprImpl::ParenArgsExpr {
+    CallExpr() {
+      forall(Addressable target |
+        // Cannot use `this.getResolvedTarget()` as that results in non-monotonic recursion
+        target = TypeInference::resolveCallTarget(this)
+      |
+        target instanceof Callable
+      )
+      or
+      isClosureCall(this)
+    }
+
+    private predicate isMethodCall() { this.getResolvedTarget() instanceof Method }
+
+    override Expr getArgument(int i) {
+      if this.isMethodCall()
+      then result = super.getArgList().getArg(i + 1)
+      else result = super.getArgList().getArg(i)
+    }
+
+    override Expr getReceiver() { this.isMethodCall() and result = super.getArgList().getArg(0) }
+
+    // todo: remove once internal query has been updated
+    Expr getFunction() { result = this.getBase() }
+
+    // todo: remove once internal query has been updated
+    Expr getArg(int i) { result = this.getArgument(i) }
+
+    // todo: remove once internal query has been updated
+    int getNumberOfArgs() { result = this.getNumberOfArguments() }
+  }
+
+  /**
+   * A call expression that targets a closure.
+   *
+   * Closure calls never have a static target, and the set of potential
+   * run-time targets is only available internally to the data flow library.
+   */
+  class ClosureCallExpr extends CallExpr {
+    ClosureCallExpr() { isClosureCall(this) }
+
+    /** Gets the closure expression being called. */
+    Expr getClosureExpr() { result = super.getBase() }
+  }
+}

rust/ql/lib/codeql/rust/elements/internal/CallImpl.qll

@@ -3,37 +3,25 @@ private import rust
 module Impl {
   private import codeql.rust.internal.TypeInference as TypeInference
   private import codeql.rust.elements.internal.ExprImpl::Impl as ExprImpl
+  private import codeql.rust.elements.internal.ArgsExprImpl::Impl as ArgsExprImpl
 
   /**
    * A call.
    *
    * Either
    *
-   * - a `ParenArgsExpr` that targets a function,
+   * - a `CallExpr`,
    * - a `MethodCallExpr`,
    * - an `Operation` that targets an overloadable opeator, or
    * - an `IndexExpr`.
    */
-  abstract class Call extends ExprImpl::Expr {
-    /** Gets the `i`th positional argument of this call, if any. */
-    Expr getArgument(int i) { none() }
-
-    // todo: remove once internal query has been updated
-    Expr getArg(int i) { result = this.getArgument(i) }
-
-    /** Gets a positional argument of this call, if any. */
-    Expr getAnArgument() { result = this.getArgument(_) }
-
-    /** Gets the number of positional arguments of this call. */
-    int getNumberOfArguments() { result = count(Expr arg | arg = this.getArgument(_)) }
-
-    // todo: remove once internal query has been updated
-    int getNumberOfArgs() { result = this.getNumberOfArguments() }
-
+  abstract class Call extends ArgsExprImpl::ArgsExpr {
     /**
      * Gets the receiver of this call, if any.
      *
-     * This is either an actual receiver of a method call, the first operand of an operation,
+     * This is either an actual receiver of a method call, the first argument of a call
+     * to a method
+     *  the first operand of an operation,
      * or the base expression of an index expression.
      */
     Expr getReceiver() { none() }

rust/ql/lib/codeql/rust/elements/internal/IndexExprImpl.qll

@@ -32,10 +32,4 @@ module Impl {
 
     override Expr getReceiver() { result = this.getBase() }
   }
-
-  private class IndexArgsExpr extends ArgsExprImpl::ArgsExpr instanceof IndexExpr {
-    override Expr getArgument(int i) { result = IndexExpr.super.getArgument(i) }
-
-    override Expr getReceiver() { result = IndexExpr.super.getReceiver() }
-  }
 }

rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll

@@ -49,10 +49,4 @@ module Impl {
 
     override Expr getReceiver() { result = Generated::MethodCallExpr.super.getReceiver() }
   }
-
-  private class MethodCallArgsExpr extends ArgsExprImpl::ArgsExpr instanceof MethodCallExpr {
-    override Expr getArgument(int i) { result = MethodCallExpr.super.getArgument(i) }
-
-    override Expr getReceiver() { result = MethodCallExpr.super.getReceiver() }
-  }
 }

rust/ql/lib/codeql/rust/elements/internal/OperationImpl.qll

@@ -115,9 +115,10 @@ module Impl {
     /** Gets the `n`th operand of this operation, if any. */
     abstract Expr getOperand(int n);
 
-    override Expr getArgument(int i) { result = this.getOperand(i + 1) and i >= 0 }
-
-    override Expr getReceiver() { result = this.getOperand(0) }
+    override Expr getArgument(int i) {
+      not this.isOverloaded(_, _, _) and
+      result = this.getOperand(i)
+    }
 
     /**
      * Gets the number of operands of this operation.
@@ -142,8 +143,8 @@ module Impl {
   private class CallOperation extends CallImpl::Call instanceof Operation {
     CallOperation() { super.isOverloaded(_, _, _) }
 
-    override Expr getArgument(int i) { result = Operation.super.getArgument(i) }
+    override Expr getArgument(int i) { result = super.getOperand(i + 1) and i >= 0 }
 
-    override Expr getReceiver() { result = Operation.super.getReceiver() }
+    override Expr getReceiver() { result = super.getOperand(0) }
   }
 }

rust/ql/lib/codeql/rust/elements/internal/ParenArgsExprImpl.qll

@@ -12,7 +12,6 @@ private import codeql.rust.elements.internal.generated.ParenArgsExpr
  */
 module Impl {
   private import rust
-  private import codeql.rust.elements.internal.CallImpl::Impl as CallImpl
   private import codeql.rust.elements.internal.ArgsExprImpl::Impl as ArgsExprImpl
   private import codeql.rust.internal.PathResolution as PathResolution
 
@@ -66,20 +65,4 @@ module Impl {
       )
     }
   }
-
-  private class ParenArgsCallExpr extends CallImpl::Call instanceof ParenArgsExpr {
-    ParenArgsCallExpr() {
-      forall(Addressable target | target = super.getResolvedTarget() | target instanceof Callable)
-    }
-
-    private predicate isMethodCall() { super.getResolvedTarget() instanceof Method }
-
-    override Expr getArgument(int i) {
-      if this.isMethodCall()
-      then result = super.getArgList().getArg(i + 1)
-      else result = super.getArgList().getArg(i)
-    }
-
-    override Expr getReceiver() { this.isMethodCall() and result = super.getArgList().getArg(0) }
-  }
 }