Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Rust: Data flow through trait methods #19881

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Rust: Data flow through trait methods #19881

wants to merge 4 commits into from
+938 −578

Conversation

hvitved
Copy link
Contributor

@hvitved hvitved commented Jun 25, 2025
edited
Loading

This PR makes two improvements to data flow:

  1. For calls where the static target is a trait function, such as foo<T : Trait>(x : T) { x.trait_method() }, data flow will now dispatch to all possible implementations of the trait method, just like we do for virtual dispatch in OO languages like C# and Java.
  2. For a models-as-data definition that apply to a trait function, we now also apply the model to all implementations of that trait function, but only for implementations where we do not have the source code available.

The first improvement is likely to result in some false positive flow, which we can address to some extent later by tracking types in data flow.

@github-actions github-actions bot added the Rust Pull requests that update Rust code label Jun 25, 2025
@hvitved hvitved force-pushed the rust/dataflow-traits branch from 2ef6a9f to 5e79203 Compare June 25, 2025 19:19
@hvitved hvitved force-pushed the rust/dataflow-traits branch from 5e79203 to 8c24039 Compare June 25, 2025 19:32
@hvitved hvitved marked this pull request as ready for review June 26, 2025 08:46
@Copilot Copilot AI review requested due to automatic review settings June 26, 2025 08:46
@hvitved hvitved requested a review from a team as a code owner June 26, 2025 08:46
@hvitved hvitved requested a review from geoffw0 June 26, 2025 08:46
Copilot
Copilot AI reviewed Jun 26, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Enhance data-flow tracking by dispatching trait method calls to all implementations and by applying data-flow models to implementations without source code.

  • Extend models to include Ord::max and PartialOrd::lt trait methods
  • Update tests to cover trait dispatch scenarios and adjust expectations
  • Introduce QL predicates for runtime trait dispatch (getARuntimeTarget, implements) and adjust DataFlowImpl to use them

Reviewed Changes

Copilot reviewed 14 out of 14 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
rust/ql/test/library-tests/dataflow/models/models.ext.yml Add models for <_ as Ord>::max and <_ as PartialOrd>::lt
rust/ql/test/library-tests/dataflow/models/models.expected Update expected summaries to include new trait models
rust/ql/test/library-tests/dataflow/models/main.rs Add test_trait_model and trait implementations for Ord
rust/ql/test/library-tests/dataflow/global/main.rs Introduce MyTrait, MyTrait2, and trait-dispatch tests
rust/ql/lib/codeql/rust/internal/PathResolution.qll Add getAssocItem(name) helper
rust/ql/lib/codeql/rust/elements/internal/CallImpl.qll Define getARuntimeTarget for dispatching to impls
rust/ql/lib/codeql/rust/elements/internal/AssocItemImpl.qll Implement implements relation for associated items
rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll Override hasProvenance to pick up summary models
rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll Enhance viableCallable to consider runtime trait dispatch
rust/ql/.gitattributes Remove generated marker for AssocItemImpl.qll
rust/ql/.generated.list Remove AssocItemImpl.qll from generated list
Comments suppressed due to low confidence (2)

rust/ql/test/library-tests/dataflow/global/main.rs:280

  • [nitpick] Using a numeric suffix in the trait name (MyTrait2) can be confusing; consider a more descriptive name or merge it into the existing trait to avoid ambiguity.
trait MyTrait2 {

rust/ql/lib/codeql/rust/elements/internal/CallImpl.qll:71

  • [nitpick] Method name getARuntimeTarget is a bit verbose and uses mixed-case acronym; consider renaming to getRuntimeTarget for consistency with your naming conventions.
    Function getARuntimeTarget() {

rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll
@@ -404,10 +404,20 @@ module RustDataFlow implements InputSig<Location> {

/** Gets a viable implementation of the target of the given `Call`. */
DataFlowCallable viableCallable(DataFlowCall call) {
Copy link
Preview

Copilot AI Jun 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The viableCallable definition contains deeply nested exists and or expressions; extracting the trait-dispatch logic into a helper predicate could improve readability and maintenance.

Copilot uses AI. Check for mistakes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@geoffw0 geoffw0 Awaiting requested review from geoffw0

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Rust Pull requests that update Rust code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@hvitved