wip3

Author: hvitved

rust/ql/lib/codeql/rust/internal/typeinference/FunctionOverloading.qll

@@ -76,20 +76,24 @@ private predicate implSiblings(TraitItemNode trait, Impl impl1, Impl impl2) {
 pragma[nomagic]
 private predicate implHasSibling(ImplItemNode impl, Trait trait) { implSiblings(trait, impl, _) }
 
+/**
+ * Holds if `f` is a function declared inside `trait`, and the type of `f` at
+ * `pos` and `path` is `traitTp`, which is a type parameter of `trait`.
+ */
 pragma[nomagic]
 predicate traitTypeParameterOccurrence(
   TraitItemNode trait, Function f, string functionName, FunctionPosition pos, TypePath path,
-  TypeParameter tp
+  TypeParameter traitTp
 ) {
   f = trait.getAssocItem(functionName) and
-  tp = getAssocFunctionTypeAt(f, trait, pos, path) and
-  tp = trait.(TraitTypeAbstraction).getATypeParameter()
+  traitTp = getAssocFunctionTypeAt(f, trait, pos, path) and
+  traitTp = trait.(TraitTypeAbstraction).getATypeParameter()
 }
 
 pragma[nomagic]
-private predicate functionResolutionDependsOnArgument0(
+private predicate functionResolutionDependsOnArgumentCand(
   ImplItemNode impl, Function f, string functionName, TypeParameter traitTp, FunctionPosition pos,
-  TypePath path, Type type
+  TypePath path
 ) {
   /*
    * As seen in the example below, when an implementation has a sibling for a
@@ -119,57 +123,114 @@ private predicate functionResolutionDependsOnArgument0(
   exists(TraitItemNode trait |
     implHasSibling(impl, trait) and
     traitTypeParameterOccurrence(trait, _, functionName, pos, path, traitTp) and
-    type = getAssocFunctionTypeAt(f, impl, pos, path) and
-    f = impl.getASuccessor(functionName)
+    f = impl.getASuccessor(functionName) and
+    not pos.isSelf()
+  )
+}
+
+private predicate functionResolutionDependsOnPositionalArgument(
+  ImplItemNode impl, Function f, string functionName, TypeParameter traitTp
+) {
+  exists(FunctionPosition pos |
+    functionResolutionDependsOnArgumentCand(impl, f, functionName, traitTp, pos, _) and
+    pos.isPosition()
   )
 }
 
+pragma[nomagic]
+private Type getAssocFunctionNonTypeParameterTypeAt(
+  ImplItemNode impl, Function f, FunctionPosition pos, TypePath path
+) {
+  result = getAssocFunctionTypeAt(f, impl, pos, path) and
+  not result instanceof TypeParameter
+}
+
 /**
- * Holds if resolving the function `f` in `impl` requires inspecting the type
- * of applied _arguments_ at position `pos` (possibly including the return type)
- * in order to determine whether it is the correct resolution.
+ * Holds if `f` inside `impl` has a sibling implementation inside `sibling`, where
+ * those two implementations agree on the instantiation of `traitTp`, which occurs
+ * in a positional position inside `f`.
  */
 pragma[nomagic]
-predicate functionResolutionDependsOnArgument(
-  ImplItemNode impl, Function f, TypeParameter traitTp, FunctionPosition pos, TypePath path,
-  Type type
+private predicate hasEquivalentPositionalSibling(
+  ImplItemNode impl, ImplItemNode sibling, Function f, TypeParameter traitTp
 ) {
-  exists(string functionName |
-    functionResolutionDependsOnArgument0(impl, f, functionName, traitTp, pos, path, type) and
-    not pos.isSelf()
+  exists(string functionName, FunctionPosition pos, TypePath path |
+    functionResolutionDependsOnArgumentCand(impl, f, functionName, traitTp, pos, path) and
+    pos.isPosition()
   |
-    exists(FunctionPosition pos0 |
-      functionResolutionDependsOnArgument0(impl, f, functionName, traitTp, pos0, _, _)
+    exists(Function f1 |
+      implSiblings(_, impl, sibling) and
+      f1 = sibling.getASuccessor(functionName)
     |
-      pos0.isPosition()
-      or
-      pos0.isReturn() and
-      not exists(FunctionPosition pos1 |
-        functionResolutionDependsOnArgument0(impl, f, functionName, _, pos1, _, _) and
-        pos1.isPosition()
+      forall(TypePath path0, Type t |
+        t = getAssocFunctionNonTypeParameterTypeAt(impl, f, pos, path0) and
+        (path = path0.getAPrefix() or path = path0)
+      |
+        t = getAssocFunctionNonTypeParameterTypeAt(sibling, f1, pos, path0)
+      ) and
+      forall(TypePath path0, Type t |
+        t = getAssocFunctionNonTypeParameterTypeAt(sibling, f1, pos, path0) and
+        (path = path0.getAPrefix() or path = path0)
+      |
+        t = getAssocFunctionNonTypeParameterTypeAt(impl, f, pos, path0)
       )
     )
-    // |
-    //   pos.isPosition()
-    //   or
-    //   // Only disambiguate based on return type when all other positions are trivially
-    //   // satisfied for all arguments.
-    //   pos.isReturn() and
-    //   forall(FunctionPosition pos0, TypePath path0, Type type0 |
-    //     pos0.isPosition() and
-    //     functionResolutionDependsOnArgument0(impl, f, _, _, pos0, path0, type0)
-    //   |
-    //     type0.(TypeParamTypeParameter).getTypeParam() = any(TypeParam tp | not tp.hasTypeBound())
-    //     or
-    //     forall(ImplItemNode impl1, Function f1, Type type1 |
-    //       implSiblings(_, impl, impl1) and
-    //       f1 = impl1.getASuccessor(functionName) and
-    //       type1 = getAssocFunctionTypeAt(f1, impl1, pos0, path0)
-    //     |
-    //       type1.(TypeParamTypeParameter).getTypeParam() = any(TypeParam tp | not tp.hasTypeBound())
-    //       or
-    //       type0 = type1
-    //     )
-    //   )
+  )
+}
+
+/**
+ * Holds if resolving the function `f` in `impl` requires inspecting the type
+ * of applied _arguments_ (possibly including knowing the return type).
+ *
+ * `traitTp` is a type parameter of the trait being implemented by `impl`, and
+ * we need to check that the type of `f` corresponding to `traitTp` is satisfied
+ * at any one of the positions `pos` in which that type occurs in `f`.
+ *
+ * Type parameters that only occur in return positions are only included when
+ * all other type parameters that occur in a positional position are insufficient
+ * to disambiguate.
+ *
+ * Example:
+ *
+ * ```rust
+ * trait Trait1<T1> {
+ *   fn f(self, x: T1) -> T1;
+ * }
+ *
+ * impl Trait1<i32> for i32 {
+ *   fn f(self, x: i32) -> i32 { 0 } // f1
+ * }
+ *
+ * impl Trait1<i64> for i32 {
+ *   fn f(self, x: i64) -> i64 { 0 } // f2
+ * }
+ * ```
+ *
+ * The type for `T1` above occurs in both a positional position and a return position
+ * in `f`, so both may be used to disambiguate between `f1` and `f2`. That is, `f(0i32)`
+ * is sufficient to resolve to `f1`, and so is `let y: i64 = f(Default::default())`.
+ */
+pragma[nomagic]
+predicate functionResolutionDependsOnArgument(
+  ImplItemNode impl, Function f, TypeParameter traitTp, FunctionPosition pos
+) {
+  exists(string functionName, TypePath path |
+    functionResolutionDependsOnArgumentCand(impl, f, functionName, traitTp, pos, path)
+  |
+    // Only include type parameters occuring in return positions when there are
+    // no other type parameters occuring in positional positions. Note that if
+    // a type parameter occurs in both a positional and a return position, then
+    // both argument type and return type can be used to satisfy the constraint.
+    if functionResolutionDependsOnPositionalArgument(impl, f, functionName, traitTp)
+    then any()
+    else
+      exists(ImplItemNode sibling |
+        implSiblings(_, impl, sibling) and
+        forall(TypeParameter otherTraitTp |
+          functionResolutionDependsOnPositionalArgument(impl, f, functionName, otherTraitTp)
+        |
+          hasEquivalentPositionalSibling(impl, sibling, f, otherTraitTp)
+        )
+      )
   )
 }

rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll

@@ -416,6 +416,8 @@ module ArgsAreInstantiationsOf<ArgsAreInstantiationsOfInputSig Input> {
   /**
    * Holds if all arguments of `call` have types that are instantiations of the
    * types of the corresponding parameters of `f` inside `i`.
+   *
+   * TODO: Check type parameter constraints as well.
    */
   pragma[nomagic]
   predicate argsAreInstantiationsOf(Input::Call call, ImplOrTraitItemNode i, Function f) {
@@ -451,6 +453,8 @@ module ArgsAreInstantiationsOf<ArgsAreInstantiationsOfInputSig Input> {
   /**
    * Holds if _some_ argument of `call` has a type that is not an instantiation of the
    * type of the corresponding parameter of `f` inside `i`.
+   *
+   * TODO: Check type parameter constraints as well.
    */
   pragma[nomagic]
   predicate argsAreNotInstantiationsOf(Input::Call call, ImplOrTraitItemNode i, Function f) {

rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll

@@ -2143,7 +2143,7 @@ private module MethodResolution {
     pragma[nomagic]
     Method resolveCallTarget(ImplOrTraitItemNode i) {
       result = this.resolveCallTargetCand(i) and
-      not FunctionOverloading::functionResolutionDependsOnArgument(i, result, _, _, _, _)
+      not FunctionOverloading::functionResolutionDependsOnArgument(i, result, _, _)
       or
       MethodArgsAreInstantiationsOf::argsAreInstantiationsOf(this, i, result)
     }
@@ -2378,10 +2378,7 @@ private module MethodResolution {
    */
   private module MethodArgsAreInstantiationsOfInput implements ArgsAreInstantiationsOfInputSig {
     predicate toCheck(ImplOrTraitItemNode i, Function f, TypeParameter traitTp, FunctionPosition pos) {
-      exists(TypePath path, Type t0 |
-        FunctionOverloading::functionResolutionDependsOnArgument(i, f, traitTp, pos, path, t0) and
-        typeCanBeUsedForDisambiguation(t0)
-      )
+      FunctionOverloading::functionResolutionDependsOnArgument(i, f, traitTp, pos)
     }
 
     class Call extends MethodCallCand {
@@ -2825,7 +2822,7 @@ private module NonMethodResolution {
     pragma[nomagic]
     NonMethodFunction resolveCallTargetViaTypeInference(ImplOrTraitItemNode i) {
       result = this.resolveCallTargetBlanketCand(i) and
-      not FunctionOverloading::functionResolutionDependsOnArgument(_, result, _, _, _, _)
+      not FunctionOverloading::functionResolutionDependsOnArgument(_, result, _, _)
       or
       NonMethodArgsAreInstantiationsOfBlanket1::argsAreInstantiationsOf(this, i, result)
       or
@@ -2933,9 +2930,7 @@ private module NonMethodResolution {
     ArgsAreInstantiationsOfInputSig
   {
     predicate toCheck(ImplOrTraitItemNode i, Function f, TypeParameter traitTp, FunctionPosition pos) {
-      exists(Type t0 | typeCanBeUsedForDisambiguation(t0) |
-        FunctionOverloading::functionResolutionDependsOnArgument(i, f, traitTp, pos, _, t0)
-      )
+      FunctionOverloading::functionResolutionDependsOnArgument(i, f, traitTp, pos)
     }
 
     final class Call extends NonMethodCall {
@@ -2979,10 +2974,7 @@ private module NonMethodResolution {
     ArgsAreInstantiationsOfInputSig
   {
     predicate toCheck(ImplOrTraitItemNode i, Function f, TypeParameter traitTp, FunctionPosition pos) {
-      // NonMethodArgsAreInstantiationsOfBlanketInput::toCheck(i, f, pos, t)
-      exists(Type t0 | typeCanBeUsedForDisambiguation(t0) |
-        FunctionOverloading::functionResolutionDependsOnArgument(i, f, traitTp, pos, _, t0)
-      )
+      FunctionOverloading::functionResolutionDependsOnArgument(i, f, traitTp, pos)
     }
 
     class Call extends NonMethodCall {

rust/ql/test/library-tests/type-inference/CONSISTENCY/PathResolutionConsistency.expected

@@ -1,2 +1,4 @@
 multipleResolvedTargets
+| main.rs:2220:9:2220:31 | ... .my_add(...) |
+| main.rs:2222:9:2222:29 | ... .my_add(...) |
 | main.rs:2720:13:2720:17 | x.f() |

rust/ql/test/library-tests/type-inference/overloading.rs

@@ -151,6 +151,53 @@ pub mod impl_overlap {
     }
 }
 
+mod foo {
+    trait Trait1<T1> {
+        fn f(self, x: T1) -> T1;
+    }
+
+    impl Trait1<i32> for i32 {
+        // f1
+        fn f(self, x: i32) -> i32 {
+            0
+        }
+    }
+
+    impl Trait1<i64> for i32 {
+        // f2
+        fn f(self, x: i64) -> i64 {
+            0
+        }
+    }
+
+    fn f() {
+        let x = 0;
+        let y = x.f(0i32); // $ target=f1
+        let z: i32 = x.f(Default::default()); // $ target=f1
+        let z = x.f(0i64); // $ target=f2
+        let z: i64 = x.f(Default::default()); // $ target=f2
+        let z: i64 = x.g(0i32); // $ target=g4
+    }
+
+    trait Trait2<T1, T2> {
+        fn g(self, x: T1) -> T2;
+    }
+
+    impl Trait2<i32, i32> for i32 {
+        // g3
+        fn g(self, x: i32) -> i32 {
+            0
+        }
+    }
+
+    impl Trait2<i32, i64> for i32 {
+        // g4
+        fn g(self, x: i32) -> i64 {
+            0
+        }
+    }
+}
+
 mod from_default {
     #[derive(Default)]
     struct S;