Rust: Make SummarizedCallable extend Function instead of string

Author: hvitved

rust/ql/lib/codeql/rust/dataflow/FlowSummary.qll

@@ -2,42 +2,17 @@
 
 private import rust
 private import internal.FlowSummaryImpl as Impl
-private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl
 
 // import all instances below
 private module Summaries {
   private import codeql.rust.Frameworks
   private import codeql.rust.dataflow.internal.ModelsAsData
 }
 
-/** Provides the `Range` class used to define the extent of `LibraryCallable`. */
-module LibraryCallable {
-  /** A callable defined in library code, identified by a unique string. */
-  abstract class Range extends string {
-    bindingset[this]
-    Range() { any() }
-
-    /** Gets a call to this library callable. */
-    CallExprBase getACall() {
-      exists(Resolvable r, string crate |
-        r = CallExprBaseImpl::getCallResolvable(result) and
-        this = crate + r.getResolvedPath()
-      |
-        crate = r.getResolvedCrateOrigin() + "::_::"
-        or
-        not r.hasResolvedCrateOrigin() and
-        crate = ""
-      )
-    }
-  }
-}
-
-final class LibraryCallable = LibraryCallable::Range;
-
 /** Provides the `Range` class used to define the extent of `SummarizedCallable`. */
 module SummarizedCallable {
   /** A callable with a flow summary, identified by a unique string. */
-  abstract class Range extends LibraryCallable::Range, Impl::Public::SummarizedCallable {
+  abstract class Range extends Impl::Public::SummarizedCallable {
     bindingset[this]
     Range() { any() }
 

rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll

@@ -43,10 +43,12 @@ final class DataFlowCallable extends TDataFlowCallable {
   /**
    * Gets the underlying library callable, if any.
    */
-  LibraryCallable asLibraryCallable() { this = TLibraryCallable(result) }
+  SummarizedCallable asSummarizedCallable() { this = TSummarizedCallable(result) }
 
   /** Gets a textual representation of this callable. */
-  string toString() { result = [this.asCfgScope().toString(), this.asLibraryCallable().toString()] }
+  string toString() {
+    result = [this.asCfgScope().toString(), this.asSummarizedCallable().toString()]
+  }
 
   /** Gets the location of this callable. */
   Location getLocation() { result = this.asCfgScope().getLocation() }
@@ -67,12 +69,9 @@ final class DataFlowCall extends TDataFlowCall {
   }
 
   DataFlowCallable getEnclosingCallable() {
-    result = TCfgScope(this.asCallBaseExprCfgNode().getExpr().getEnclosingCfgScope())
+    result.asCfgScope() = this.asCallBaseExprCfgNode().getExpr().getEnclosingCfgScope()
     or
-    exists(FlowSummaryImpl::Public::SummarizedCallable c |
-      this.isSummaryCall(c, _) and
-      result = TLibraryCallable(c)
-    )
+    this.isSummaryCall(result.asSummarizedCallable(), _)
   }
 
   string toString() {
@@ -434,9 +433,13 @@ module RustDataFlow implements InputSig<Location> {
 
   /** Gets a viable implementation of the target of the given `Call`. */
   DataFlowCallable viableCallable(DataFlowCall call) {
-    result.asCfgScope() = call.asCallBaseExprCfgNode().getCallExprBase().getStaticTarget()
-    or
-    result.asLibraryCallable().getACall() = call.asCallBaseExprCfgNode().getCallExprBase()
+    exists(Callable target |
+      target = call.asCallBaseExprCfgNode().getCallExprBase().getStaticTarget()
+    |
+      target = result.asCfgScope()
+      or
+      target = result.asSummarizedCallable()
+    )
   }
 
   /**
@@ -784,7 +787,7 @@ module RustDataFlow implements InputSig<Location> {
   predicate allowParameterReturnInSelf(ParameterNode p) {
     exists(DataFlowCallable c, ParameterPosition pos |
       p.isParameterOf(c, pos) and
-      FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(c.asLibraryCallable(), pos)
+      FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(c.asSummarizedCallable(), pos)
     )
     or
     VariableCapture::Flow::heuristicAllowInstanceParameterReturnInSelf(p.(ClosureParameterNode)
@@ -995,7 +998,7 @@ private module Cached {
   cached
   newtype TDataFlowCallable =
     TCfgScope(CfgScope scope) or
-    TLibraryCallable(LibraryCallable c)
+    TSummarizedCallable(SummarizedCallable c)
 
   /** This is the local flow predicate that is exposed. */
   cached

rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll

@@ -13,7 +13,7 @@ module Input implements InputSig<Location, RustDataFlow> {
   private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl
   private import codeql.rust.frameworks.stdlib.Stdlib
 
-  class SummarizedCallableBase = string;
+  class SummarizedCallableBase = Function;
 
   abstract private class SourceSinkBase extends AstNode {
     /** Gets the associated call. */
@@ -153,7 +153,7 @@ private import Make<Location, RustDataFlow, Input> as Impl
 
 private module StepsInput implements Impl::Private::StepsInputSig {
   DataFlowCall getACall(Public::SummarizedCallable sc) {
-    result.asCallBaseExprCfgNode().getCallExprBase() = sc.(LibraryCallable).getACall()
+    result.asCallBaseExprCfgNode().getCallExprBase().getStaticTarget() = sc
   }
 
   RustDataFlow::Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) {

rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll

@@ -47,6 +47,7 @@ private import rust
 private import codeql.rust.dataflow.FlowSummary
 private import codeql.rust.dataflow.FlowSource
 private import codeql.rust.dataflow.FlowSink
+private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl
 
 /**
  * Holds if in a call to the function with canonical path `path`, defined in the
@@ -114,13 +115,30 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
   )
 }
 
+private predicate sdf(CallExprBase call, Function f) {
+  CallExprBaseImpl::getCallResolvable(call).getResolvedPath() = "<crate::option::Option>::unwrap" and
+  // CallExprBaseImpl::getCallResolvable(call).getResolvedCrateOrigin() = "lang:core" and
+  f = call.getStaticTarget()
+}
+
+private predicate sdf2(CallExprBase call) {
+  CallExprBaseImpl::getCallResolvable(call).getResolvedPath() = "<crate::option::Option>::unwrap"
+  // CallExprBaseImpl::getCallResolvable(call).getResolvedCrateOrigin() = "lang:core" and
+  // f = call.getStaticTarget()
+}
+
 private class SummarizedCallableFromModel extends SummarizedCallable::Range {
   private string crate;
   private string path;
 
   SummarizedCallableFromModel() {
     summaryModel(crate, path, _, _, _, _, _) and
-    this = crate + "::_::" + path
+    exists(CallExprBase call, Resolvable r |
+      call.getStaticTarget() = this and
+      r = CallExprBaseImpl::getCallResolvable(call) and
+      r.getResolvedPath() = path and
+      r.getResolvedCrateOrigin() = crate
+    )
   }
 
   override predicate propagatesFlow(

rust/ql/lib/codeql/rust/dataflow/internal/Node.qll

@@ -44,7 +44,7 @@ abstract class NodePublic extends TNode {
 
 abstract class Node extends NodePublic {
   /** Gets the enclosing callable. */
-  DataFlowCallable getEnclosingCallable() { result = TCfgScope(this.getCfgScope()) }
+  DataFlowCallable getEnclosingCallable() { result.asCfgScope() = this.getCfgScope() }
 
   /** Do not call: use `getEnclosingCallable()` instead. */
   abstract CfgScope getCfgScope();
@@ -102,9 +102,9 @@ class FlowSummaryNode extends Node, TFlowSummaryNode {
   }
 
   override DataFlowCallable getEnclosingCallable() {
-    result.asLibraryCallable() = this.getSummarizedCallable()
-    or
     result.asCfgScope() = this.getCfgScope()
+    or
+    result.asSummarizedCallable() = this.getSummarizedCallable()
   }
 
   override Location getLocation() {
@@ -195,7 +195,7 @@ final class SummaryParameterNode extends ParameterNode, FlowSummaryNode {
   }
 
   override predicate isParameterOf(DataFlowCallable c, ParameterPosition pos) {
-    this.getSummarizedCallable() = c.asLibraryCallable() and pos = pos_
+    this.getSummarizedCallable() = c.asSummarizedCallable() and pos = pos_
   }
 }
 

rust/ql/lib/codeql/rust/elements/internal/SelfParamImpl.qll

@@ -6,13 +6,8 @@ private import codeql.rust.dataflow.FlowSummary
 /** A `clone` method. */
 final class CloneCallable extends SummarizedCallable::Range {
   CloneCallable() {
-    // NOTE: The function target may not exist in the database, so we base this
-    // on method calls.
-    exists(MethodCallExpr c |
-      c.getIdentifier().getText() = "clone" and
-      c.getArgList().getNumberOfArgs() = 0 and
-      this = c.getResolvedCrateOrigin() + "::_::" + c.getResolvedPath()
-    )
+    this.getParamList().getNumberOfParams() = 1 and
+    this.getName().getText() = "clone"
   }
 
   final override predicate propagatesFlow(

rust/ql/lib/codeql/rust/frameworks/stdlib/Clone.qll

@@ -1317,8 +1317,8 @@ private module Debug {
   private Locatable getRelevantLocatable() {
     exists(string filepath, int startline, int startcolumn, int endline, int endcolumn |
       result.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
-      filepath.matches("%/illegal/main.rs") and
-      startline = 51
+      filepath.matches("%/main.rs") and
+      startline = 8
     )
   }
 
@@ -1327,6 +1327,14 @@ private module Debug {
     result = resolvePath(path)
   }
 
+  private ItemNode sdfsf(RelevantPath path, ImplItemNode impl, ItemNode frm) {
+    path = getRelevantLocatable() and
+    result = resolvePath(path) and
+    result = impl.resolveSelfTy() and
+    frm = impl.getASuccessorRec("from") and
+    frm instanceof AssocItemNode
+  }
+
   predicate debugUseImportEdge(Use use, string name, ItemNode item) {
     use = getRelevantLocatable() and
     useImportEdge(use, name, item)
@@ -1347,3 +1355,59 @@ private module Debug {
     fileImport(m, f)
   }
 }
+
+private predicate sdfs(ImplItemNode impl) {
+  // resolvePath(impl.getSelfPath()).getLocation().getStartLine() = [35, 36]
+  impl.getLocation().getFile().getBaseName() = "main.rs" //and
+  // impl.getLocation().getStartLine() = [35 .. 38]
+}
+
+private import Type
+private import TypeInference
+
+private predicate sdf3(
+  AstNode n, Type t, ImplItemNode impl, string path, RelevantPath p, ImplOrTraitItemNode i,
+  TraitType tt, Function f, string name
+) {
+  t = inferType(n) and
+  n.getLocation().getStartLine() = 29 and
+  t = TStruct(impl.resolveSelfTy()) and
+  // t = debugInferType(_, _) and
+  impl.toString() = "impl ...::Iterator for ...::Args { ... }" and
+  path = p.toStringDebug() and
+  p = impl.getTraitPath().getQualifier*() and
+  i = resolvePath(p) and
+  impl.isFullyParametric() and
+  tt = TTrait(i) and
+  f = tt.getMethod(name) and
+  f = i.getAnAssocItem() and
+  name = "collect" and
+  f = impl.resolveSelfTy().getASuccessor(name)
+}
+
+private predicate sdf4(
+  ImplItemNode impl, string path, RelevantPath p, ItemNode iter, Use u, string usePath,
+  RelevantPath usePathPrefix, ItemNode useResolved
+) {
+  // t = debugInferType(_, _) and
+  impl.toString() = "impl ...::Iterator for ...::Args { ... }" and
+  path = p.toStringDebug() and
+  p = impl.getTraitPath().getQualifier*() and
+  iter = resolvePath(p) and
+  iter.getName() = "iter" and
+  u = iter.(Module).getItemList().getAnItem() and
+  usePath = u.getUseTree().getPath().toStringDebug() and
+  usePath = "self::traits::Iterator" and
+  usePathPrefix = u.getUseTree().getPath().getQualifier*() and
+  useResolved = resolvePath(usePathPrefix)
+}
+
+private predicate sdf5(ImplItemNode impl, string path, RelevantPath p, ItemNode iter, Module m) {
+  // t = debugInferType(_, _) and
+  impl.toString() = "impl ...::Iterator for ...::Args { ... }" and
+  path = p.toStringDebug() and
+  p = impl.getTraitPath().getQualifier*() and
+  iter = resolvePath(p) and
+  iter.getName() = "iter" and
+  m = iter.(Module).getItemList().getAnItem()
+}

rust/ql/lib/codeql/rust/internal/PathResolution.qll

@@ -1035,3 +1035,55 @@ import Cached
  * Gets a type that `n` infers to, if any.
  */
 Type inferType(AstNode n) { result = inferType(n, TypePath::nil()) }
+
+/** Provides predicates for debugging the type inference implementation. */
+private module Debug {
+  private Locatable getRelevantLocatable() {
+    exists(string filepath, int startline, int startcolumn, int endline, int endcolumn |
+      result.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and
+      filepath.matches("%/main.rs") and
+      startline = [5 .. 10]
+    )
+  }
+
+  Type debugInferType(AstNode n, TypePath path) {
+    n = getRelevantLocatable() and
+    result = inferType(n, path)
+  }
+
+  private predicate sdf(Type t, ImplItemNode impl, TraitItemNode trait) {
+    t = debugInferType(_, _) and
+    t = TStruct(impl.resolveSelfTy()) and
+    trait = impl.resolveTraitTy()
+  }
+
+  private predicate sdf3(Type t, ImplItemNode impl) {
+    t = debugInferType(_, _) and
+    t = TStruct(impl.resolveSelfTy()) and
+    not impl.(Impl).hasTrait()
+  }
+
+  private predicate sdf2(Type t, ImplItemNode impl, string path) {
+    // t = debugInferType(_, _) and
+    impl.toString() = "impl ...::Iterator for ...::Args { ... }" and
+    t = TStruct(impl.resolveSelfTy()) and
+    path = impl.getTraitPath().toStringDebug()
+  }
+
+  Function debugResolveMethodCallExpr(MethodCallExpr mce) {
+    mce = getRelevantLocatable() and
+    result = resolveMethodCallExpr(mce)
+  }
+
+  private Function testdebugResolveMethodCallExpr(MethodCallExpr mce, Param self) {
+    mce = getRelevantLocatable() and
+    result = resolveMethodCallExpr(mce) and
+    self = result.getParamList().getAParam()
+  }
+
+  private Function testdebugResolveMethodCallExpr2(MethodCallExpr mce, SelfParam self) {
+    mce = getRelevantLocatable() and
+    result = resolveMethodCallExpr(mce) and
+    self = result.getParamList().getSelfParam()
+  }
+}

rust/ql/lib/codeql/rust/internal/TypeInference.qll

@@ -60,10 +60,10 @@
 | main.rs:238:17:238:25 | source(...) | main.rs:1:1:3:1 | fn source |
 | main.rs:239:9:239:15 | sink(...) | main.rs:5:1:7:1 | fn sink |
 | main.rs:242:5:242:17 | sink(...) | main.rs:5:1:7:1 | fn sink |
-| main.rs:246:13:246:55 | ...::block_on(...) | file://:0:0:0:0 | repo:https://github.com/rust-lang/futures-rs:futures-executor::_::crate::local_pool::block_on |
+| main.rs:246:13:246:55 | ...::block_on(...) | file://:0:0:0:0 | fn block_on |
 | main.rs:246:41:246:54 | async_source(...) | main.rs:227:1:231:1 | fn async_source |
 | main.rs:247:5:247:11 | sink(...) | main.rs:5:1:7:1 | fn sink |
-| main.rs:249:5:249:62 | ...::block_on(...) | file://:0:0:0:0 | repo:https://github.com/rust-lang/futures-rs:futures-executor::_::crate::local_pool::block_on |
+| main.rs:249:5:249:62 | ...::block_on(...) | file://:0:0:0:0 | fn block_on |
 | main.rs:249:33:249:61 | test_async_await_async_part(...) | main.rs:233:1:243:1 | fn test_async_await_async_part |
 | main.rs:253:5:253:22 | data_out_of_call(...) | main.rs:16:1:19:1 | fn data_out_of_call |
 | main.rs:254:5:254:35 | data_out_of_call_side_effect1(...) | main.rs:35:1:40:1 | fn data_out_of_call_side_effect1 |