Rust: Fix candidate receiver type calculation for trait bounds #21043
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| string derefChain, boolean borrow, TypePath path | ||
| ) { | ||
| result = substituteLookupTraits(this.getACandidateReceiverTypeAt(derefChain, borrow, path)) | ||
| Type getANonPseudoCandidateReceiverTypeAt(string derefChain, boolean borrow, TypePath path) { |
Check warning
Code scanning / CodeQL
Missing QLDoc for parameter Warning
There was a problem hiding this comment.
Pull request overview
This PR fixes a bug in the Rust type inference for trait bounds where method lookup incorrectly required finding a method in either trait bound instead of requiring it to be absent from both trait bounds before progressing to the next candidate receiver type (e.g., from Bar and Baz to &Bar and &Baz). The fix uses ranked recursion to efficiently implement the "for all exists" (forex) pattern needed for this check.
Key changes:
- Introduced
getNthLookupTypeandgetLastLookupTypeIndexhelper predicates to enumerate trait bounds in a deterministic order - Refactored the
hasNoCompatibleTarget*predicates to use recursive predicates that check all trait bounds using ranked recursion - Added test case demonstrating the fix with overlapping trait bounds
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| rust/ql/lib/codeql/rust/internal/typeinference/FunctionType.qll | Added helper predicates getNthLookupType and getLastLookupTypeIndex to enumerate lookup traits in a deterministic order for efficient forex implementation |
| rust/ql/lib/codeql/rust/internal/TypeInference.qll | Refactored method resolution predicates to use recursive helpers that check all trait bounds rather than just one, implementing the correct "all traits" semantics |
| rust/ql/test/library-tests/type-inference/main.rs | Added test case bound_overlap demonstrating trait bounds with overlapping method names correctly resolved based on receiver type |
| rust/ql/test/library-tests/type-inference/blanket_impl.rs | Updated test expectation from MISSING to correctly identifying S1::m1 as the resolution target |
| rust/ql/test/library-tests/type-inference/CONSISTENCY/PathResolutionConsistency.expected | Updated line numbers to reflect additions to main.rs test file |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| } | ||
|
|
||
| /** | ||
| * Gets the `n`th `substituteLookupTraits` type for `t`, per some abitrary order. |
There was a problem hiding this comment.
Spelling error: "abitrary" should be "arbitrary".
| * Gets the `n`th `substituteLookupTraits` type for `t`, per some abitrary order. | |
| * Gets the `n`th `substituteLookupTraits` type for `t`, per some arbitrary order. |
1 participant
When inferring call targets involving traits bounds such as
we substitute in the trait bounds in the receiver type (using
substituteLookupTraits), meaning we treatxas having both typesBarandBaz. That is, we attempt to lookupmin bothBarandBaz. However, when computing candidate receiver types we should only progress to&Barand&Bazwhenmcannot be found in bothBarandBaz, which previously was implemented as eitherBarorBaz.This PR fixes the issue above, and as usual we use ranked recursion to implement efficient
forex.DCA is fine.