Rust: Adapt to changes in FlowSummaryImpl

hvitved · hvitved · commit 29cbc3f06211 · 2026-01-13T14:44:54.000+01:00
diff --git a/rust/ql/lib/codeql/rust/dataflow/FlowSummary.qll b/rust/ql/lib/codeql/rust/dataflow/FlowSummary.qll
@@ -17,9 +17,13 @@ module SummarizedCallable {
     Range() { any() }
 
     override predicate propagatesFlow(
-      string input, string output, boolean preservesValue, string model
+      string input, string output, boolean preservesValue, Provenance p, boolean isExact,
+      string model
     ) {
-      this.propagatesFlow(input, output, preservesValue) and model = ""
+      this.propagatesFlow(input, output, preservesValue) and
+      p = "manual" and
+      isExact = true and
+      model = "QL"
     }
 
     /**
@@ -31,6 +35,6 @@ module SummarizedCallable {
   }
 }
 
-final class SummarizedCallable = SummarizedCallable::Range;
+final class SummarizedCallable = Impl::Public::RelevantSummarizedCallable;
 
 final class Provenance = Impl::Public::Provenance;
diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll
@@ -30,6 +30,8 @@ module Input implements InputSig<Location, RustDataFlow> {
 
   class SummarizedCallableBase = Function;
 
+  predicate callableFromSource(SummarizedCallableBase c) { c.fromSource() }
+
   abstract private class SourceSinkBase extends AstNode {
     /** Gets the associated call. */
     abstract Call getCall();
diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll b/rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll
@@ -111,60 +111,35 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
   )
 }
 
-private predicate summaryModel(
-  Function f, string input, string output, string kind, Provenance provenance, boolean isInherited,
-  QlBuiltins::ExtensionId madId
-) {
-  exists(string path, Function f0 |
-    summaryModel(path, input, output, kind, provenance, madId) and
-    f0.getCanonicalPath() = path
-  |
-    f = f0 and
-    isInherited = false
-    or
-    f.implements(f0) and
-    isInherited = true
-  )
-}
-
-private predicate summaryModelRelevant(
-  Function f, string input, string output, string kind, Provenance provenance, boolean isInherited,
-  QlBuiltins::ExtensionId madId
-) {
-  summaryModel(f, input, output, kind, provenance, isInherited, madId) and
-  // Only apply generated or inherited models to functions in library code and
-  // when no strictly better model exists
-  if provenance.isGenerated() or isInherited = true
-  then
-    not f.fromSource() and
-    not exists(Provenance other | summaryModel(f, _, _, _, other, false, _) |
-      provenance.isGenerated() and other.isManual()
+private class SummarizedCallableFromModel extends SummarizedCallable::Range {
+  string input_;
+  string output_;
+  string kind;
+  Provenance p_;
+  boolean isExact_;
+  QlBuiltins::ExtensionId madId;
+
+  SummarizedCallableFromModel() {
+    exists(string path, Function f |
+      summaryModel(path, input_, output_, kind, p_, madId) and
+      f.getCanonicalPath() = path
+    |
+      this = f and isExact_ = true
       or
-      provenance = other and isInherited = true
+      this.implements(f) and
+      isExact_ = false
     )
-  else any()
-}
-
-private class SummarizedCallableFromModel extends SummarizedCallable::Range {
-  SummarizedCallableFromModel() { summaryModelRelevant(this, _, _, _, _, _, _) }
-
-  override predicate hasProvenance(Provenance provenance) {
-    summaryModelRelevant(this, _, _, _, provenance, _, _)
   }
 
   override predicate propagatesFlow(
-    string input, string output, boolean preservesValue, string model
+    string input, string output, boolean preservesValue, Provenance p, boolean isExact, string model
   ) {
-    exists(string kind, QlBuiltins::ExtensionId madId |
-      summaryModelRelevant(this, input, output, kind, _, _, madId) and
-      model = "MaD:" + madId.toString()
-    |
-      kind = "value" and
-      preservesValue = true
-      or
-      kind = "taint" and
-      preservesValue = false
-    )
+    input = input_ and
+    output = output_ and
+    (if kind = "value" then preservesValue = true else preservesValue = false) and
+    p = p_ and
+    isExact = isExact_ and
+    model = "MaD:" + madId.toString()
   }
 }
 
@@ -211,7 +186,7 @@ private module Debug {
   private predicate relevantManualModel(SummarizedCallableImpl sc, string can) {
     exists(Provenance manual |
       can = sc.getCanonicalPath() and
-      summaryModelRelevant(sc, _, _, _, manual, false, _) and
+      sc.(SummarizedCallableFromModel).propagatesFlow(_, _, _, manual, true, _) and
       manual.isManual()
     )
   }
@@ -221,7 +196,7 @@ private module Debug {
   ) {
     exists(RustDataFlow::ParameterPosition pos, TypeMention tm |
       relevantManualModel(sc, can) and
-      sc.propagatesFlow(input, _, _, _) and
+      sc.propagatesFlow(input, _, _, _, _, _) and
       input.head() = SummaryComponent::argument(pos) and
       p = pos.getParameterIn(sc.getParamList()) and
       tm.resolveType() instanceof RefType and
@@ -238,7 +213,7 @@ private module Debug {
   ) {
     exists(TypeMention tm |
       relevantManualModel(sc, can) and
-      sc.propagatesFlow(_, output, _, _) and
+      sc.propagatesFlow(_, output, _, _, _, _) and
       tm.resolveType() instanceof RefType and
       output.head() = SummaryComponent::return(_) and
       not output.tail().head() =
diff --git a/rust/ql/test/library-tests/dataflow/models/models.expected b/rust/ql/test/library-tests/dataflow/models/models.expected
@@ -679,6 +679,44 @@ subpaths
 | main.rs:219:19:219:19 | s | main.rs:218:14:218:14 | ... | main.rs:218:17:218:42 | if ... {...} else {...} | main.rs:219:13:219:23 | apply(...) |
 testFailures
 invalidSpecComponent
+| file:///Users/hvitved/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/bytes-1.10.1/src/bytes.rs:953:5:955:5 | fn from | Argument[0].Field[hyper::ext::h1_reason_phrase::ReasonPhrase(0)] | Field[hyper::ext::h1_reason_phrase::ReasonPhrase(0)] |
+| file:///Users/hvitved/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/bytes-1.10.1/src/bytes.rs:959:5:961:5 | fn from | Argument[0].Field[hyper::ext::h1_reason_phrase::ReasonPhrase(0)] | Field[hyper::ext::h1_reason_phrase::ReasonPhrase(0)] |
+| file:///Users/hvitved/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/bytes-1.10.1/src/bytes.rs:965:5:996:5 | fn from | Argument[0].Field[hyper::ext::h1_reason_phrase::ReasonPhrase(0)] | Field[hyper::ext::h1_reason_phrase::ReasonPhrase(0)] |
+| file:///Users/hvitved/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/bytes-1.10.1/src/bytes.rs:1000:5:1027:5 | fn from | Argument[0].Field[hyper::ext::h1_reason_phrase::ReasonPhrase(0)] | Field[hyper::ext::h1_reason_phrase::ReasonPhrase(0)] |
+| file:///Users/hvitved/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/bytes-1.10.1/src/bytes.rs:1053:5:1055:5 | fn from | Argument[0].Field[hyper::ext::h1_reason_phrase::ReasonPhrase(0)] | Field[hyper::ext::h1_reason_phrase::ReasonPhrase(0)] |
+| file:///Users/hvitved/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/bytes-1.10.1/src/bytes_mut.rs:1274:5:1276:5 | fn from | Argument[0].Field[hyper::ext::h1_reason_phrase::ReasonPhrase(0)] | Field[hyper::ext::h1_reason_phrase::ReasonPhrase(0)] |
+| file:///Users/hvitved/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/mio-1.0.4/src/token.rs:135:5:137:5 | fn from | Argument[0].Field[actix_web::http::header::content_length::ContentLength(0)] | Field[actix_web::http::header::content_length::ContentLength(0)] |
+| file:///Users/hvitved/.cargo/registry/src/index.crates.io-1949cf8c6b5b557f/tokio-1.45.1/src/runtime/scheduler/multi_thread/idle.rs:218:5:220:5 | fn from | Argument[0].Field[actix_web::http::header::content_length::ContentLength(0)] | Field[actix_web::http::header::content_length::ContentLength(0)] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/alloc/src/boxed.rs:1613:5:1652:5 | fn into_pin | ReturnValue.Field[core::pin::Pin::__pointer] | Field[core::pin::Pin::__pointer] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/alloc/src/boxed/convert.rs:47:5:60:5 | fn from | ReturnValue.Field[core::pin::Pin::__pointer] | Field[core::pin::Pin::__pointer] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/ascii/ascii_char.rs:560:19:560:21 | fn from | Argument[0].Field[actix_http::ws::proto::CloseCode::Other(0)] | Field[actix_http::ws::proto::CloseCode::Other(0)] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/char/mod.rs:330:5:333:5 | fn next | Argument[self].Field[0].Field[core::char::EscapeDebugInner::Char(0)] | Field[core::char::EscapeDebugInner::Char(0)] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/char/mod.rs:330:5:333:5 | fn next | Argument[self].Field[core::char::EscapeDebug(0)].Field[core::char::EscapeDebugInner::Char(0)] | Field[core::char::EscapeDebugInner::Char(0)] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/convert/num.rs:87:20:87:22 | fn from | Argument[0].Field[actix_http::ws::proto::CloseCode::Other(0)] | Field[actix_http::ws::proto::CloseCode::Other(0)] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/convert/num.rs:91:20:91:24 | fn from | Argument[0].Field[actix_web::http::header::content_length::ContentLength(0)] | Field[actix_web::http::header::content_length::ContentLength(0)] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/convert/num.rs:100:12:100:20 | fn from | Argument[0].Field[actix_http::ws::proto::CloseCode::Other(0)] | Field[actix_http::ws::proto::CloseCode::Other(0)] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/convert/num.rs:104:12:104:22 | fn from | Argument[0].Field[actix_web::http::header::content_length::ContentLength(0)] | Field[actix_web::http::header::content_length::ContentLength(0)] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/convert/num.rs:140:12:140:23 | fn from | Argument[0].Field[actix_web::http::header::content_length::ContentLength(0)] | Field[actix_web::http::header::content_length::ContentLength(0)] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/iter/adapters/flatten.rs:26:5:32:5 | fn into_parts | ReturnValue.Field[2] | Field[2] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/iter/sources/repeat_n.rs:82:12:83:9 | fn clone | Argument[self].Field[core::iter::sources::repeat_n::RepeatN::count] | Field[core::iter::sources::repeat_n::RepeatN::count] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/iter/sources/repeat_n.rs:82:12:83:9 | fn clone | ReturnValue.Field[core::iter::sources::repeat_n::RepeatN::count] | Field[core::iter::sources::repeat_n::RepeatN::count] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/pin.rs:1162:5:1187:5 | fn new | ReturnValue.Field[core::pin::Pin::__pointer] | Field[core::pin::Pin::__pointer] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/pin.rs:1189:5:1214:5 | fn into_inner | Argument[0].Field[core::pin::Pin::__pointer] | Field[core::pin::Pin::__pointer] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/pin.rs:1218:5:1351:5 | fn new_unchecked | ReturnValue.Field[core::pin::Pin::__pointer] | Field[core::pin::Pin::__pointer] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/pin.rs:1449:5:1476:5 | fn set | Argument[self].Field[core::pin::Pin::__pointer].Reference | Field[core::pin::Pin::__pointer] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/pin.rs:1480:5:1504:5 | fn into_inner_unchecked | Argument[0].Field[core::pin::Pin::__pointer] | Field[core::pin::Pin::__pointer] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/pin.rs:1508:5:1535:5 | fn map_unchecked | Argument[self].Field[core::pin::Pin::__pointer].Reference | Field[core::pin::Pin::__pointer] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/pin.rs:1508:5:1535:5 | fn map_unchecked | ReturnValue.Field[core::pin::Pin::__pointer] | Field[core::pin::Pin::__pointer] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/pin.rs:1611:5:1640:5 | fn map_unchecked_mut | Argument[self].Field[core::pin::Pin::__pointer] | Field[core::pin::Pin::__pointer] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/pin.rs:1611:5:1640:5 | fn map_unchecked_mut | Argument[self].Field[core::pin::Pin::__pointer].Field[0] | Field[core::pin::Pin::__pointer] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/pin.rs:1611:5:1640:5 | fn map_unchecked_mut | ReturnValue.Field[core::pin::Pin::__pointer] | Field[core::pin::Pin::__pointer] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/pin.rs:1611:5:1640:5 | fn map_unchecked_mut | ReturnValue.Field[core::pin::Pin::__pointer].Reference | Field[core::pin::Pin::__pointer] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/pin.rs:1644:5:1654:5 | fn static_ref | ReturnValue.Field[core::pin::Pin::__pointer] | Field[core::pin::Pin::__pointer] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/pin.rs:1658:5:1668:5 | fn static_mut | ReturnValue.Field[core::pin::Pin::__pointer] | Field[core::pin::Pin::__pointer] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/pin.rs:1674:5:1676:5 | fn deref | Argument[self].Field[core::pin::Pin::__pointer].Reference | Field[core::pin::Pin::__pointer] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/ptr/alignment.rs:203:5:206:5 | fn from | Argument[0].Field[actix_web::http::header::content_length::ContentLength(0)] | Field[actix_web::http::header::content_length::ContentLength(0)] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/stdarch/crates/stdarch-gen-arm/src/typekinds.rs:385:5:393:5 | fn from | Argument[0].Field[actix_web::http::header::content_length::ContentLength(0)] | Field[actix_web::http::header::content_length::ContentLength(0)] |
+| file:///Users/hvitved/.rustup/toolchains/1.90-aarch64-apple-darwin/lib/rustlib/src/rust/library/stdarch/crates/stdarch-gen-arm/src/typekinds.rs:590:5:596:5 | fn from | Argument[0].Field[actix_web::http::header::content_length::ContentLength(0)] | Field[actix_web::http::header::content_length::ContentLength(0)] |
 #select
 | main.rs:16:10:16:20 | identity(...) | main.rs:15:13:15:21 | source(...) | main.rs:16:10:16:20 | identity(...) | $@ | main.rs:15:13:15:21 | source(...) | source(...) |
 | main.rs:16:10:16:20 | identity(...) | main.rs:15:13:15:21 | source(...) | main.rs:16:10:16:20 | identity(...) | $@ | main.rs:15:13:15:21 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/models/models.ql b/rust/ql/test/library-tests/dataflow/models/models.ql
@@ -13,7 +13,7 @@ import codeql.rust.dataflow.FlowSink
 import PathGraph
 
 query predicate invalidSpecComponent(SummarizedCallable sc, string s, string c) {
-  (sc.propagatesFlow(s, _, _) or sc.propagatesFlow(_, s, _)) and
+  (sc.propagatesFlow(s, _, _, _, _, _) or sc.propagatesFlow(_, s, _, _, _, _)) and
   Private::External::invalidSpecComponent(s, c)
 }
 
@@ -22,13 +22,10 @@ query predicate invalidSpecComponent(SummarizedCallable sc, string s, string c)
 private class SummarizedCallableIdentity extends SummarizedCallable::Range {
   SummarizedCallableIdentity() { this.getName().getText() = "identity" }
 
-  override predicate propagatesFlow(
-    string input, string output, boolean preservesValue, string provenance
-  ) {
+  override predicate propagatesFlow(string input, string output, boolean preservesValue) {
     input = "Argument[0]" and
     output = "ReturnValue" and
-    preservesValue = true and
-    provenance = "QL"
+    preservesValue = true
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -17,9 +17,13 @@ module SummarizedCallable {`
`17`	`17`	`Range() { any() }`
`18`	`18`
`19`	`19`	`override predicate propagatesFlow(`
`20`		`- string input, string output, boolean preservesValue, string model`
	`20`	`+ string input, string output, boolean preservesValue, Provenance p, boolean isExact,`
	`21`	`+ string model`
`21`	`22`	`) {`
`22`		`- this.propagatesFlow(input, output, preservesValue) and model = ""`
	`23`	`+ this.propagatesFlow(input, output, preservesValue) and`
	`24`	`+ p = "manual" and`
	`25`	`+ isExact = true and`
	`26`	`+ model = "QL"`
`23`	`27`	`}`
`24`	`28`
`25`	`29`	`/**`
`@@ -31,6 +35,6 @@ module SummarizedCallable {`
`31`	`35`	`}`
`32`	`36`	`}`
`33`	`37`
`34`		`-final class SummarizedCallable = SummarizedCallable::Range;`
	`38`	`+final class SummarizedCallable = Impl::Public::RelevantSummarizedCallable;`
`35`	`39`
`36`	`40`	`final class Provenance = Impl::Public::Provenance;`