Rust: Data flow through variants #18078
Conversation
hvitved
force-pushed
the
rust/variant-flow
branch
2 times, most recently
from
02c27dd
to
966b0f4
Compare
hvitved
changed the title
hvitved
force-pushed
the
rust/variant-flow
branch
from
966b0f4
to
7f52abf
Compare
hvitved
changed the title
hvitved
force-pushed
the
rust/variant-flow
branch
2 times, most recently
from
58c6327
to
4ec9dce
Compare
hvitved
force-pushed
the
rust/variant-flow
branch
from
4ec9dce
to
5e7cd46
Compare
| or | ||
| SsaFlow::localFlowStep(_, nodeFrom, nodeTo, _) | ||
| or | ||
| exists(AssignmentExprCfgNode a | | ||
| a.getRhs() = nodeFrom.getCfgNode() and | ||
| a.getLhs() = nodeTo.getCfgNode() | ||
| ) | ||
| or | ||
| exists(MatchExprCfgNode match | | ||
| nodeFrom.asExpr() = match.getScrutinee() and |
There was a problem hiding this comment.
Love how much more readable this got after @redsun82's PR.
| } | ||
|
|
||
| /** | ||
| * A reference contained in an object. For example a field in a struct. |
There was a problem hiding this comment.
| * A reference contained in an object. For example a field in a struct. | |
| * A path to a value contained in an object. For example a field name of a struct. |
| // TODO: Remove once library types are extracted | ||
| crate.isNone() and | ||
| path = "crate::std::option::Option" and | ||
| name = "Some" |
There was a problem hiding this comment.
I think we'd get a lot of mileage out of also special casing Result here.
| abstract Content getAReadContent(); | ||
| } | ||
|
|
||
| private class SingletonContentSet extends ContentSet, TSingletonContentSet { |
There was a problem hiding this comment.
| private class SingletonContentSet extends ContentSet, TSingletonContentSet { | |
| final private class SingletonContentSet extends ContentSet, TSingletonContentSet { |
There was a problem hiding this comment.
It's not super important, as the class is not exposed, but ok.
| hasExtendedCanonicalPath(result, crate, path) and | ||
| resolvesExtendedCanonicalPath(call, crate, path) | ||
| hasExtendedCanonicalPath(result.asCfgScope(), crate, path) and | ||
| callResolveExtendedCanonicalPath(call.asCallBaseExprCfgNode().getExpr(), crate, path) |
There was a problem hiding this comment.
If DataFlowCall had this getResolvable predicate then this line could be (could also be a private predicate if we don't want a member predicate on DataFlowCall):
| callResolveExtendedCanonicalPath(call.asCallBaseExprCfgNode().getExpr(), crate, path) | |
| resolveExtendedCanonicalPath(call.getResolvable(), crate, path) |
And callResolveExtendedCanonicalPath could be deleted. That seems simpler and factors out "get resolveable" from "call resolveExtendedCanonicalPath" which are currently together inresolveExtendedCanonicalPath.
|
|
||
| final class ContentApprox = Void; | ||
| final class ContentApprox = Content; // todo |
There was a problem hiding this comment.
| final class ContentApprox = Content; // todo | |
| final class ContentApprox = Content; // TODO: Implement content approximation. |
| node1.asPat() = | ||
| any(TupleStructPatCfgNode pat, int pos | | ||
| tupleVariantDestruction(pat.getPat(), c.(TupleVariantContent).getVariantCanonicalPath(pos)) and | ||
| node2.asPat() = pat.getField(pos) | ||
| | | ||
| pat | ||
| ) |
There was a problem hiding this comment.
What about using exists instead (also below)? I find that easier to read.
| node1.asPat() = | |
| any(TupleStructPatCfgNode pat, int pos | | |
| tupleVariantDestruction(pat.getPat(), c.(TupleVariantContent).getVariantCanonicalPath(pos)) and | |
| node2.asPat() = pat.getField(pos) | |
| | | |
| pat | |
| ) | |
| exists(TupleStructPatCfgNode pat, int pos | | |
| node1.asPat() = pat and | |
| tupleVariantDestruction(pat.getPat(), c.(TupleVariantContent).getVariantCanonicalPath(pos)) and | |
| node2.asPat() = pat.getField(pos) | |
| ) |
|
|
||
| private class DataFlowCallAlias = DataFlowCall; | ||
| /** A tuple variant. */ | ||
| private class TupleVariantContent extends VariantContent, TTupleVariantContent { |
There was a problem hiding this comment.
What about naming this TupleVariantPosContent to emphasize that its content stored in a specific position in a specific variant. I initially thought it was only the latter. Similarly, RecordVariantContent could be RecordVariantFieldContent.
|
|
||
| pragma[nomagic] | ||
| private predicate variantHasExtendedCanonicalPath( | ||
| Enum e, Variant v, CrateOriginOption crate, string path, string name |
There was a problem hiding this comment.
Question: I've noticed that in QL predicates sometimes take more parameters than I would think necessary. Like here where name only depends on v and nothing else. Is that for performance reasons or because it's just convenient to have one relation with all the things and then use it with _?
There was a problem hiding this comment.
It can be both, here it is mainly for convenience.
This PR adds support for tracking data flow through construction and deconstruction of enum variants. For example, we can now identify flow in cases such as
Commit-by-commit review is suggested.