Rust: Generalize certain type inference logic

Author: hvitved

rust/ql/lib/codeql/rust/internal/TypeInference.qll

@@ -257,11 +257,6 @@ private Type inferAnnotatedType(AstNode n, TypePath path) {
 
 /** Module for inferring certain type information. */
 private module CertainTypeInference {
-  /** Holds if the type mention does not contain any inferred types `_`. */
-  predicate typeMentionIsComplete(TypeMention tm) {
-    not exists(InferTypeRepr t | t.getParentNode*() = tm)
-  }
-
   /**
    * Holds if `ce` is a call where we can infer the type with certainty and if
    * `f` is the target of the call and `p` the path invoked by the call.
@@ -373,13 +368,46 @@ private module CertainTypeInference {
   Type inferCertainType(AstNode n, TypePath path) {
     exists(TypeMention tm |
       tm = getTypeAnnotation(n) and
-      typeMentionIsComplete(tm) and
       result = tm.resolveTypeAt(path)
     )
     or
     result = inferCertainCallExprType(n, path)
     or
     result = inferCertainTypeEquality(n, path)
+    or
+    infersCertainTypeAt(n, path, result.getATypeParameter())
+  }
+
+  /**
+   * Holds if `n` has complete and certain type information at the type path
+   * `prefix.tp`. This entails that the type at `prefix` must be the type
+   * that declares `tp`.
+   */
+  pragma[nomagic]
+  private predicate infersCertainTypeAt(AstNode n, TypePath prefix, TypeParameter tp) {
+    exists(TypePath path |
+      exists(inferCertainType(n, path)) and
+      path.isSnoc(prefix, tp)
+    )
+  }
+
+  /**
+   * Holds if `n` has complete and certain type information at _some_ type path.
+   */
+  pragma[nomagic]
+  predicate hasInferredCertainType(AstNode n) { exists(inferCertainType(n, _)) }
+
+  bindingset[n, path, t]
+  pragma[inline_late]
+  predicate certainTypeConflict(AstNode n, TypePath path, Type t) {
+    inferCertainType(n, path) != t
+    or
+    exists(TypePath prefix, TypePath suffix, TypeParameter tp, Type certainType |
+      path = prefix.appendInverse(suffix) and
+      tp = suffix.getHead() and
+      inferCertainType(n, prefix) = certainType and
+      not certainType.getATypeParameter() = tp
+    )
   }
 }
 
@@ -531,9 +559,6 @@ private predicate typeEquality(AstNode n1, TypePath prefix1, AstNode n2, TypePat
 
 pragma[nomagic]
 private Type inferTypeEquality(AstNode n, TypePath path) {
-  // Don't propagate type information into a node for which we already have
-  // certain type information.
-  not exists(CertainTypeInference::inferCertainType(n, _)) and
   exists(TypePath prefix1, AstNode n2, TypePath prefix2, TypePath suffix |
     result = inferType(n2, prefix2.appendInverse(suffix)) and
     path = prefix1.append(suffix)
@@ -2282,62 +2307,72 @@ private module Cached {
     Stages::TypeInferenceStage::ref() and
     result = CertainTypeInference::inferCertainType(n, path)
     or
-    result = inferAnnotatedType(n, path)
-    or
-    result = inferLogicalOperationType(n, path)
-    or
-    result = inferAssignmentOperationType(n, path)
-    or
-    result = inferTypeEquality(n, path)
-    or
-    result = inferImplicitSelfType(n, path)
-    or
-    result = inferStructExprType(n, path)
-    or
-    result = inferTupleRootType(n) and
-    path.isEmpty()
-    or
-    result = inferPathExprType(n, path)
-    or
-    result = inferCallExprBaseType(n, path)
-    or
-    result = inferFieldExprType(n, path)
-    or
-    result = inferTupleIndexExprType(n, path)
-    or
-    result = inferTupleContainerExprType(n, path)
-    or
-    result = inferRefNodeType(n) and
-    path.isEmpty()
-    or
-    result = inferTryExprType(n, path)
-    or
-    result = inferLiteralType(n, path)
-    or
-    result = inferAsyncBlockExprRootType(n) and
-    path.isEmpty()
-    or
-    result = inferAwaitExprType(n, path)
-    or
-    result = inferArrayExprType(n) and
-    path.isEmpty()
-    or
-    result = inferRangeExprType(n) and
-    path.isEmpty()
-    or
-    result = inferIndexExprType(n, path)
-    or
-    result = inferForLoopExprType(n, path)
-    or
-    result = inferDynamicCallExprType(n, path)
-    or
-    result = inferClosureExprType(n, path)
-    or
-    result = inferCastExprType(n, path)
-    or
-    result = inferStructPatType(n, path)
-    or
-    result = inferTupleStructPatType(n, path)
+    // Don't propagate type information into a node for which we already have
+    // certain type information.
+    (
+      if CertainTypeInference::hasInferredCertainType(n)
+      then not CertainTypeInference::certainTypeConflict(n, path, result)
+      else any()
+    ) and
+    // not exists(CertainTypeInference::inferCertainType(n, path)) and
+    (
+      result = inferAnnotatedType(n, path)
+      or
+      result = inferLogicalOperationType(n, path)
+      or
+      result = inferAssignmentOperationType(n, path)
+      or
+      result = inferTypeEquality(n, path)
+      or
+      result = inferImplicitSelfType(n, path)
+      or
+      result = inferStructExprType(n, path)
+      or
+      result = inferTupleRootType(n) and
+      path.isEmpty()
+      or
+      result = inferPathExprType(n, path)
+      or
+      result = inferCallExprBaseType(n, path)
+      or
+      result = inferFieldExprType(n, path)
+      or
+      result = inferTupleIndexExprType(n, path)
+      or
+      result = inferTupleContainerExprType(n, path)
+      or
+      result = inferRefNodeType(n) and
+      path.isEmpty()
+      or
+      result = inferTryExprType(n, path)
+      or
+      result = inferLiteralType(n, path)
+      or
+      result = inferAsyncBlockExprRootType(n) and
+      path.isEmpty()
+      or
+      result = inferAwaitExprType(n, path)
+      or
+      result = inferArrayExprType(n) and
+      path.isEmpty()
+      or
+      result = inferRangeExprType(n) and
+      path.isEmpty()
+      or
+      result = inferIndexExprType(n, path)
+      or
+      result = inferForLoopExprType(n, path)
+      or
+      result = inferDynamicCallExprType(n, path)
+      or
+      result = inferClosureExprType(n, path)
+      or
+      result = inferCastExprType(n, path)
+      or
+      result = inferStructPatType(n, path)
+      or
+      result = inferTupleStructPatType(n, path)
+    )
   }
 }
 
@@ -2438,6 +2473,11 @@ private module Debug {
     c = max(countTypePaths(_, _, _))
   }
 
+  Type debugInferCertainType(AstNode n, TypePath path) {
+    n = getRelevantLocatable() and
+    result = CertainTypeInference::inferCertainType(n, path)
+  }
+
   Type debugInferCertainNonUniqueType(AstNode n, TypePath path) {
     n = getRelevantLocatable() and
     Consistency::nonUniqueCertainType(n, path) and

rust/ql/test/library-tests/type-inference/main.rs

@@ -2074,7 +2074,7 @@ mod indexers {
         // implicit dereference. We cannot currently handle a position that is
         // both implicitly dereferenced and implicitly borrowed, so the extra
         // type sneaks in.
-        let x = slice[0].foo(); // $ target=foo type=x:S target=index SPURIOUS: type=slice:[]
+        let x = slice[0].foo(); // $ target=foo type=x:S target=index
     }
 
     pub fn f() {

rust/ql/test/library-tests/type-inference/type-inference.expected

@@ -401,7 +401,6 @@ inferType
 | dereference.rs:123:32:123:41 | key_to_key | K | file://:0:0:0:0 | & |
 | dereference.rs:123:32:123:41 | key_to_key | K.&T | dereference.rs:99:5:100:21 | Key |
 | dereference.rs:123:32:123:41 | key_to_key | S | {EXTERNAL LOCATION} | RandomState |
-| dereference.rs:123:32:123:41 | key_to_key | V | dereference.rs:99:5:100:21 | Key |
 | dereference.rs:123:32:123:41 | key_to_key | V | file://:0:0:0:0 | & |
 | dereference.rs:123:32:123:41 | key_to_key | V.&T | dereference.rs:99:5:100:21 | Key |
 | dereference.rs:123:32:123:50 | key_to_key.get(...) |  | {EXTERNAL LOCATION} | Option |
@@ -425,13 +424,9 @@ inferType
 | dereference.rs:127:9:127:18 | key_to_key |  | {EXTERNAL LOCATION} | HashMap |
 | dereference.rs:127:9:127:18 | key_to_key | K | file://:0:0:0:0 | & |
 | dereference.rs:127:9:127:18 | key_to_key | K.&T | dereference.rs:99:5:100:21 | Key |
-| dereference.rs:127:9:127:18 | key_to_key | K.&T | file://:0:0:0:0 | & |
-| dereference.rs:127:9:127:18 | key_to_key | K.&T.&T | dereference.rs:99:5:100:21 | Key |
 | dereference.rs:127:9:127:18 | key_to_key | S | {EXTERNAL LOCATION} | RandomState |
 | dereference.rs:127:9:127:18 | key_to_key | V | file://:0:0:0:0 | & |
 | dereference.rs:127:9:127:18 | key_to_key | V.&T | dereference.rs:99:5:100:21 | Key |
-| dereference.rs:127:9:127:18 | key_to_key | V.&T | file://:0:0:0:0 | & |
-| dereference.rs:127:9:127:18 | key_to_key | V.&T.&T | dereference.rs:99:5:100:21 | Key |
 | dereference.rs:127:9:127:35 | key_to_key.insert(...) |  | {EXTERNAL LOCATION} | Option |
 | dereference.rs:127:9:127:35 | key_to_key.insert(...) | T | file://:0:0:0:0 | & |
 | dereference.rs:127:9:127:35 | key_to_key.insert(...) | T.&T | dereference.rs:99:5:100:21 | Key |
@@ -3941,7 +3936,6 @@ inferType
 | main.rs:2070:22:2070:26 | slice | &T.[T] | main.rs:2037:5:2038:13 | S |
 | main.rs:2077:13:2077:13 | x |  | main.rs:2037:5:2038:13 | S |
 | main.rs:2077:17:2077:21 | slice |  | file://:0:0:0:0 | & |
-| main.rs:2077:17:2077:21 | slice |  | file://:0:0:0:0 | [] |
 | main.rs:2077:17:2077:21 | slice | &T | file://:0:0:0:0 | [] |
 | main.rs:2077:17:2077:21 | slice | &T.[T] | main.rs:2037:5:2038:13 | S |
 | main.rs:2077:17:2077:24 | slice[0] |  | main.rs:2037:5:2038:13 | S |
@@ -4031,7 +4025,6 @@ inferType
 | main.rs:2144:16:2144:19 | self | T | main.rs:2139:10:2139:17 | T |
 | main.rs:2144:16:2144:21 | self.0 |  | main.rs:2139:10:2139:17 | T |
 | main.rs:2144:31:2144:35 | other |  | main.rs:2137:5:2137:19 | S |
-| main.rs:2144:31:2144:35 | other | T | main.rs:2099:5:2104:5 | Self [trait MyAdd] |
 | main.rs:2144:31:2144:35 | other | T | main.rs:2139:10:2139:17 | T |
 | main.rs:2144:31:2144:37 | other.0 |  | main.rs:2099:5:2104:5 | Self [trait MyAdd] |
 | main.rs:2144:31:2144:37 | other.0 |  | main.rs:2139:10:2139:17 | T |
@@ -4047,7 +4040,6 @@ inferType
 | main.rs:2153:16:2153:19 | self |  | main.rs:2137:5:2137:19 | S |
 | main.rs:2153:16:2153:19 | self | T | main.rs:2148:10:2148:17 | T |
 | main.rs:2153:16:2153:21 | self.0 |  | main.rs:2148:10:2148:17 | T |
-| main.rs:2153:31:2153:35 | other |  | main.rs:2099:5:2104:5 | Self [trait MyAdd] |
 | main.rs:2153:31:2153:35 | other |  | main.rs:2148:10:2148:17 | T |
 | main.rs:2164:19:2164:22 | SelfParam |  | main.rs:2137:5:2137:19 | S |
 | main.rs:2164:19:2164:22 | SelfParam | T | main.rs:2157:14:2157:14 | T |

shared/typeinference/codeql/typeinference/internal/TypeInference.qll

@@ -331,10 +331,30 @@ module Make1<LocationSig Location, InputSig1<Location> Input1> {
     bindingset[this, prefix]
     TypePath stripPrefix(TypePath prefix) { this = prefix + result }
 
+    /** Gets the path obtained by removing `suffix` from this path. */
+    bindingset[this, suffix]
+    TypePath stripSuffix(TypePath suffix) { this = result + suffix }
+
+    /** Gets the path obtained by removing `prefix` from this path. */
+    bindingset[this]
+    predicate startsWith(TypePath prefix) { prefix = this.prefix(this.indexOf(".") + 1) }
+
     /** Holds if this path starts with `tp`, followed by `suffix`. */
     bindingset[this]
     predicate isCons(TypeParameter tp, TypePath suffix) {
-      suffix = this.stripPrefix(TypePath::singleton(tp))
+      exists(string regexp | regexp = "([0-9]+)\\.(.*)" |
+        tp = TypeParameter::decode(this.regexpCapture(regexp, 1)) and
+        suffix = this.regexpCapture(regexp, 2)
+      )
+    }
+
+    /** Holds if this path starts with `prefix`, followed by `tp`. */
+    bindingset[this]
+    predicate isSnoc(TypePath prefix, TypeParameter tp) {
+      exists(string regexp | regexp = "(|.+\\.)([0-9]+)\\." |
+        prefix = this.regexpCapture(regexp, 1) and
+        tp = TypeParameter::decode(this.regexpCapture(regexp, 2))
+      )
     }
 
     /** Gets the head of this path, if any. */