Rust: Account for borrows in operators in type inference

Author: paldepind

rust/ql/lib/codeql/rust/elements/internal/CallImpl.qll

@@ -133,14 +133,19 @@ module Impl {
   private class OperatorCall extends Call instanceof Operation {
     Trait trait;
     string methodName;
+    int borrows;
 
-    OperatorCall() { super.isOverloaded(trait, methodName) }
+    OperatorCall() { super.isOverloaded(trait, methodName, borrows) }
 
     override string getMethodName() { result = methodName }
 
     override Trait getTrait() { result = trait }
 
-    override predicate implicitBorrowAt(ArgumentPosition pos) { none() }
+    override predicate implicitBorrowAt(ArgumentPosition pos) {
+      pos.isSelf() and borrows >= 1
+      or
+      pos.asPosition() = 0 and borrows = 2
+    }
 
     override Expr getArgument(ArgumentPosition pos) {
       pos.isSelf() and result = super.getOperand(0)

rust/ql/lib/codeql/rust/elements/internal/OperationImpl.qll

@@ -9,79 +9,80 @@ private import codeql.rust.elements.internal.ExprImpl::Impl as ExprImpl
 
 /**
  * Holds if the operator `op` with arity `arity` is overloaded to a trait with
- * the canonical path `path` and the method name `method`.
+ * the canonical path `path` and the method name `method`, and if it borrows its
+ * first `borrows` arguments.
  */
-private predicate isOverloaded(string op, int arity, string path, string method) {
+private predicate isOverloaded(string op, int arity, string path, string method, int borrows) {
   arity = 1 and
   (
     // Negation
-    op = "-" and path = "core::ops::arith::Neg" and method = "neg"
+    op = "-" and path = "core::ops::arith::Neg" and method = "neg" and borrows = 0
     or
     // Not
-    op = "!" and path = "core::ops::bit::Not" and method = "not"
+    op = "!" and path = "core::ops::bit::Not" and method = "not" and borrows = 0
     or
     // Dereference
-    op = "*" and path = "core::ops::deref::Deref" and method = "deref"
+    op = "*" and path = "core::ops::deref::Deref" and method = "deref" and borrows = 0
   )
   or
   arity = 2 and
   (
     // Comparison operators
-    op = "==" and path = "core::cmp::PartialEq" and method = "eq"
+    op = "==" and path = "core::cmp::PartialEq" and method = "eq" and borrows = 2
     or
-    op = "!=" and path = "core::cmp::PartialEq" and method = "ne"
+    op = "!=" and path = "core::cmp::PartialEq" and method = "ne" and borrows = 2
     or
-    op = "<" and path = "core::cmp::PartialOrd" and method = "lt"
+    op = "<" and path = "core::cmp::PartialOrd" and method = "lt" and borrows = 2
     or
-    op = "<=" and path = "core::cmp::PartialOrd" and method = "le"
+    op = "<=" and path = "core::cmp::PartialOrd" and method = "le" and borrows = 2
     or
-    op = ">" and path = "core::cmp::PartialOrd" and method = "gt"
+    op = ">" and path = "core::cmp::PartialOrd" and method = "gt" and borrows = 2
     or
-    op = ">=" and path = "core::cmp::PartialOrd" and method = "ge"
+    op = ">=" and path = "core::cmp::PartialOrd" and method = "ge" and borrows = 2
     or
     // Arithmetic operators
-    op = "+" and path = "core::ops::arith::Add" and method = "add"
+    op = "+" and path = "core::ops::arith::Add" and method = "add" and borrows = 0
     or
-    op = "-" and path = "core::ops::arith::Sub" and method = "sub"
+    op = "-" and path = "core::ops::arith::Sub" and method = "sub" and borrows = 0
     or
-    op = "*" and path = "core::ops::arith::Mul" and method = "mul"
+    op = "*" and path = "core::ops::arith::Mul" and method = "mul" and borrows = 0
     or
-    op = "/" and path = "core::ops::arith::Div" and method = "div"
+    op = "/" and path = "core::ops::arith::Div" and method = "div" and borrows = 0
     or
-    op = "%" and path = "core::ops::arith::Rem" and method = "rem"
+    op = "%" and path = "core::ops::arith::Rem" and method = "rem" and borrows = 0
     or
     // Arithmetic assignment expressions
-    op = "+=" and path = "core::ops::arith::AddAssign" and method = "add_assign"
+    op = "+=" and path = "core::ops::arith::AddAssign" and method = "add_assign" and borrows = 1
     or
-    op = "-=" and path = "core::ops::arith::SubAssign" and method = "sub_assign"
+    op = "-=" and path = "core::ops::arith::SubAssign" and method = "sub_assign" and borrows = 1
     or
-    op = "*=" and path = "core::ops::arith::MulAssign" and method = "mul_assign"
+    op = "*=" and path = "core::ops::arith::MulAssign" and method = "mul_assign" and borrows = 1
     or
-    op = "/=" and path = "core::ops::arith::DivAssign" and method = "div_assign"
+    op = "/=" and path = "core::ops::arith::DivAssign" and method = "div_assign" and borrows = 1
     or
-    op = "%=" and path = "core::ops::arith::RemAssign" and method = "rem_assign"
+    op = "%=" and path = "core::ops::arith::RemAssign" and method = "rem_assign" and borrows = 1
     or
     // Bitwise operators
-    op = "&" and path = "core::ops::bit::BitAnd" and method = "bitand"
+    op = "&" and path = "core::ops::bit::BitAnd" and method = "bitand" and borrows = 0
     or
-    op = "|" and path = "core::ops::bit::BitOr" and method = "bitor"
+    op = "|" and path = "core::ops::bit::BitOr" and method = "bitor" and borrows = 0
     or
-    op = "^" and path = "core::ops::bit::BitXor" and method = "bitxor"
+    op = "^" and path = "core::ops::bit::BitXor" and method = "bitxor" and borrows = 0
     or
-    op = "<<" and path = "core::ops::bit::Shl" and method = "shl"
+    op = "<<" and path = "core::ops::bit::Shl" and method = "shl" and borrows = 0
     or
-    op = ">>" and path = "core::ops::bit::Shr" and method = "shr"
+    op = ">>" and path = "core::ops::bit::Shr" and method = "shr" and borrows = 0
     or
     // Bitwise assignment operators
-    op = "&=" and path = "core::ops::bit::BitAndAssign" and method = "bitand_assign"
+    op = "&=" and path = "core::ops::bit::BitAndAssign" and method = "bitand_assign" and borrows = 1
     or
-    op = "|=" and path = "core::ops::bit::BitOrAssign" and method = "bitor_assign"
+    op = "|=" and path = "core::ops::bit::BitOrAssign" and method = "bitor_assign" and borrows = 1
     or
-    op = "^=" and path = "core::ops::bit::BitXorAssign" and method = "bitxor_assign"
+    op = "^=" and path = "core::ops::bit::BitXorAssign" and method = "bitxor_assign" and borrows = 1
     or
-    op = "<<=" and path = "core::ops::bit::ShlAssign" and method = "shl_assign"
+    op = "<<=" and path = "core::ops::bit::ShlAssign" and method = "shl_assign" and borrows = 1
     or
-    op = ">>=" and path = "core::ops::bit::ShrAssign" and method = "shr_assign"
+    op = ">>=" and path = "core::ops::bit::ShrAssign" and method = "shr_assign" and borrows = 1
   )
 }
 
@@ -114,9 +115,9 @@ module Impl {
      * Holds if this operation is overloaded to the method `methodName` of the
      * trait `trait`.
      */
-    predicate isOverloaded(Trait trait, string methodName) {
+    predicate isOverloaded(Trait trait, string methodName, int borrows) {
       isOverloaded(this.getOperatorName(), this.getNumberOfOperands(), trait.getCanonicalPath(),
-        methodName)
+        methodName, borrows)
     }
   }
 }

rust/ql/lib/codeql/rust/internal/TypeInference.qll

@@ -705,7 +705,7 @@ private module CallExprBaseMatchingInput implements MatchingInputSig {
   predicate adjustAccessType(
     AccessPosition apos, Declaration target, TypePath path, Type t, TypePath pathAdj, Type tAdj
   ) {
-    if apos.getArgumentPosition().isSelf() and apos.isBorrowed()
+    if apos.isBorrowed()
     then
       exists(Type selfParamType |
         selfParamType =
@@ -767,13 +767,10 @@ private Type inferCallExprBaseType(AstNode n, TypePath path) {
   |
     n = a.getNodeAt(apos) and
     result = CallExprBaseMatching::inferAccessType(a, apos, path0) and
-    // temporary workaround until implicit borrows are handled correctly
-    if a instanceof Operation then apos.isReturn() else any()
-  |
-    if apos.getArgumentPosition().isSelf()
+    if apos.isBorrowed()
     then
-      exists(Type receiverType | receiverType = inferType(n) |
-        if receiverType = TRefType()
+      exists(Type argType | argType = inferType(n) |
+        if argType = TRefType()
         then
           path = path0 and
           path0.isCons(TRefTypeParameter(), _)
@@ -784,7 +781,7 @@ private Type inferCallExprBaseType(AstNode n, TypePath path) {
           path = TypePath::cons(TRefTypeParameter(), path0)
         else (
           not (
-            receiverType.(StructType).asItemNode() instanceof StringStruct and
+            argType.(StructType).asItemNode() instanceof StringStruct and
             result.(StructType).asItemNode() instanceof Builtins::Str
           ) and
           (

rust/ql/test/library-tests/type-inference/main.rs

@@ -1678,7 +1678,7 @@ mod overloadable_operators {
         let vec2_not = !v1; // $ type=vec2_not:Vec2 method=Vec2::not
 
         // Here the type of `default_vec2` must be inferred from the `+` call.
-        let default_vec2 = Default::default(); // $ MISSING: type=default_vec2:Vec2
+        let default_vec2 = Default::default(); // $ type=default_vec2:Vec2
         let vec2_zero_plus = Vec2 { x: 0, y: 0 } + default_vec2; // $ method=Vec2::add
     }
 }

rust/ql/test/library-tests/type-inference/type-inference.expected

@@ -2464,13 +2464,16 @@ inferType
 | main.rs:1678:13:1678:20 | vec2_not |  | main.rs:1322:5:1327:5 | Vec2 |
 | main.rs:1678:24:1678:26 | ! ... |  | main.rs:1322:5:1327:5 | Vec2 |
 | main.rs:1678:25:1678:26 | v1 |  | main.rs:1322:5:1327:5 | Vec2 |
+| main.rs:1681:13:1681:24 | default_vec2 |  | main.rs:1322:5:1327:5 | Vec2 |
+| main.rs:1681:28:1681:45 | ...::default(...) |  | main.rs:1322:5:1327:5 | Vec2 |
 | main.rs:1682:13:1682:26 | vec2_zero_plus |  | main.rs:1322:5:1327:5 | Vec2 |
 | main.rs:1682:30:1682:48 | Vec2 {...} |  | main.rs:1322:5:1327:5 | Vec2 |
 | main.rs:1682:30:1682:63 | ... + ... |  | main.rs:1322:5:1327:5 | Vec2 |
 | main.rs:1682:40:1682:40 | 0 |  | {EXTERNAL LOCATION} | i32 |
 | main.rs:1682:40:1682:40 | 0 |  | {EXTERNAL LOCATION} | i64 |
 | main.rs:1682:46:1682:46 | 0 |  | {EXTERNAL LOCATION} | i32 |
 | main.rs:1682:46:1682:46 | 0 |  | {EXTERNAL LOCATION} | i64 |
+| main.rs:1682:52:1682:63 | default_vec2 |  | main.rs:1322:5:1327:5 | Vec2 |
 | main.rs:1692:18:1692:21 | SelfParam |  | main.rs:1689:5:1689:14 | S1 |
 | main.rs:1695:25:1697:5 | { ... } |  | main.rs:1689:5:1689:14 | S1 |
 | main.rs:1696:9:1696:10 | S1 |  | main.rs:1689:5:1689:14 | S1 |