wip3

Author: hvitved

rust/ql/lib/codeql/rust/controlflow/CfgNodes.qll

@@ -4,7 +4,6 @@
  */
 
 private import rust
-private import codeql.rust.elements.Call
 private import ControlFlowGraph
 private import internal.ControlFlowGraphImpl as CfgImpl
 private import internal.CfgNodes
@@ -223,13 +222,13 @@ final class MethodCallExprCfgNode extends Nodes::MethodCallExprCfgNode {
  *
  * This class abstract over the different ways in which a function can be called in Rust.
  */
-final class CallCfgNode extends ExprCfgNode {
-  private Call node;
+final class CallExprCfgNode extends ExprCfgNode {
+  private CallExpr node;
 
-  CallCfgNode() { node = this.getAstNode() }
+  CallExprCfgNode() { node = this.getAstNode() }
 
   /** Gets the underlying `Call`. */
-  Call getCall() { result = node }
+  CallExpr getCall() { result = node }
 
   /** Gets the receiver of this call if it is a method call. */
   ExprCfgNode getReceiver() {
@@ -243,18 +242,19 @@ final class CallCfgNode extends ExprCfgNode {
 }
 
 /**
- * A function call expression. For example:
+ * An expression with parenthesized arguments. For example:
  * ```rust
  * foo(42);
  * foo::<u32, u64>(42);
  * foo[0](42);
  * foo(1) = 4;
+ * Option::Some(42);
  * ```
  */
-final class CallExprCfgNode extends Nodes::CallExprCfgNode {
-  private CallExprChildMapping node;
+final class ParenArgsExprCfgNode extends Nodes::ParenArgsExprCfgNode {
+  private ParenArgsExprChildMapping node;
 
-  CallExprCfgNode() { node = this.getAstNode() }
+  ParenArgsExprCfgNode() { node = this.getAstNode() }
 
   /** Gets the `i`th argument of this call. */
   ExprCfgNode getArgument(int i) {

rust/ql/lib/codeql/rust/controlflow/internal/CfgNodes.qll

@@ -57,7 +57,7 @@ class BreakExprTargetChildMapping extends ParentAstNode, Expr {
   override predicate relevantChild(AstNode child) { child.(BreakExpr).getTarget() = this }
 }
 
-class CallExprChildMapping extends ParentAstNode, CallExpr {
+class ParenArgsExprChildMapping extends ParentAstNode, ParenArgsExpr {
   override predicate relevantChild(AstNode child) { child = this.getArgList().getAnArg() }
 }
 

rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll

@@ -292,9 +292,9 @@ module ExprTrees {
     }
   }
 
-  class CallExprTree extends StandardPostOrderTree instanceof CallExpr {
+  class CallExprTree extends StandardPostOrderTree instanceof ParenArgsExpr {
     override AstNode getChildNode(int i) {
-      i = 0 and result = super.getFunction()
+      i = 0 and result = super.getBase()
       or
       result = super.getArgList().getArg(i - 1)
     }

rust/ql/lib/codeql/rust/dataflow/internal/Content.qll

@@ -269,8 +269,6 @@ newtype TContent =
         )]
   } or
   TFunctionCallReturnContent() or
-  TFunctionCallArgumentContent(int pos) {
-    pos in [0 .. any(CallExpr c).getArgList().getNumberOfArgs() - 1]
-  } or
+  TFunctionCallArgumentContent(int pos) { pos in [0 .. any(CallExpr c).getNumberOfArgs() - 1] } or
   TCapturedVariableContent(VariableCapture::CapturedVariable v) or
   TReferenceContent()

rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll

@@ -8,7 +8,6 @@ private import codeql.util.Boolean
 private import codeql.dataflow.DataFlow
 private import codeql.dataflow.internal.DataFlowImpl
 private import rust
-private import codeql.rust.elements.Call
 private import SsaImpl as SsaImpl
 private import codeql.rust.controlflow.internal.Scope as Scope
 private import codeql.rust.internal.PathResolution
@@ -58,7 +57,7 @@ final class DataFlowCallable extends TDataFlowCallable {
 
 final class DataFlowCall extends TDataFlowCall {
   /** Gets the underlying function call, if any. */
-  FunctionCall asFunctionCall() { this = TFunctionCall(result) }
+  CallExpr asCallExpr() { this = TCallExpr(result) }
 
   predicate isSummaryCall(
     FlowSummaryImpl::Public::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNode receiver
@@ -67,13 +66,13 @@ final class DataFlowCall extends TDataFlowCall {
   }
 
   DataFlowCallable getEnclosingCallable() {
-    result.asCfgScope() = this.asFunctionCall().getEnclosingCfgScope()
+    result.asCfgScope() = this.asCallExpr().getEnclosingCfgScope()
     or
     this.isSummaryCall(result.asSummarizedCallable(), _)
   }
 
   string toString() {
-    result = this.asFunctionCall().toString()
+    result = this.asCallExpr().toString()
     or
     exists(
       FlowSummaryImpl::Public::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNode receiver
@@ -83,7 +82,7 @@ final class DataFlowCall extends TDataFlowCall {
     )
   }
 
-  Location getLocation() { result = this.asFunctionCall().getLocation() }
+  Location getLocation() { result = this.asCallExpr().getLocation() }
 }
 
 /**
@@ -131,7 +130,7 @@ final class ParameterPosition extends TParameterPosition {
  */
 final class ArgumentPosition extends ParameterPosition {
   /** Gets the argument of `call` at this position, if any. */
-  Expr getArgument(Call call) {
+  Expr getArgument(CallExpr call) {
     result = call.getArgument(this.getPosition())
     or
     this.isSelf() and result = call.getReceiver()
@@ -141,7 +140,7 @@ final class ArgumentPosition extends ParameterPosition {
 /**
  * Holds if `arg` is an argument of `call` at the position `pos`.
  */
-predicate isArgumentForCall(Expr arg, FunctionCall call, ArgumentPosition pos) {
+predicate isArgumentForCall(Expr arg, CallExpr call, ArgumentPosition pos) {
   arg = pos.getArgument(call)
 }
 
@@ -291,8 +290,8 @@ predicate lambdaCreationExpr(Expr creation) {
  * Holds if `call` is a lambda call of kind `kind` where `receiver` is the
  * invoked expression.
  */
-predicate lambdaCallExpr(ClosureCall call, LambdaCallKind kind, Expr receiver) {
-  receiver = call.getFunction() and
+predicate lambdaCallExpr(ClosureCallExpr call, LambdaCallKind kind, Expr receiver) {
+  receiver = call.getClosureExpr() and
   exists(kind)
 }
 
@@ -402,7 +401,7 @@ module RustDataFlow implements InputSig<Location> {
 
   /** Gets a viable implementation of the target of the given `Call`. */
   DataFlowCallable viableCallable(DataFlowCall call) {
-    exists(FunctionCall c | c = call.asFunctionCall() |
+    exists(CallExpr c | c = call.asCallExpr() |
       result.asCfgScope() = c.getARuntimeTarget()
       or
       exists(SummarizedCallable sc, Function staticTarget |
@@ -662,7 +661,7 @@ module RustDataFlow implements InputSig<Location> {
 
   pragma[nomagic]
   additional predicate storeContentStep(Node node1, Content c, Node node2) {
-    exists(CallExpr call, int pos |
+    exists(ParenArgsExpr call, int pos |
       node1.asExpr() = call.getArgument(pragma[only_bind_into](pos)) and
       node2.asExpr() = call and
       c = TTupleFieldContent(call.getTupleField(pragma[only_bind_into](pos)))
@@ -814,7 +813,7 @@ module RustDataFlow implements InputSig<Location> {
       // pointer. Except if the path occurs directly in a call, then it's just a
       // call to the function and not a function being passed as data.
       resolvePath(e.(PathExpr).getPath()) = c.asCfgScope() and
-      not any(CallExpr call).getFunction() = e
+      not any(ParenArgsExpr call).getBase() = e
     )
   }
 
@@ -824,7 +823,7 @@ module RustDataFlow implements InputSig<Location> {
    */
   predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) {
     (
-      receiver.asExpr() = call.asFunctionCall().(ClosureCall).getFunction()
+      receiver.asExpr() = call.asCallExpr().(ClosureCallExpr).getClosureExpr()
       or
       call.isSummaryCall(_, receiver.(FlowSummaryNode).getSummaryNode())
     ) and
@@ -986,7 +985,7 @@ private module Cached {
 
   cached
   newtype TDataFlowCall =
-    TFunctionCall(FunctionCall call) {
+    TCallExpr(CallExpr call) {
       Stages::DataFlowStage::ref() and
       call.hasEnclosingCfgScope()
     } or

rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll

@@ -22,7 +22,7 @@ module Input implements InputSig<Location, RustDataFlow> {
 
     /** Holds if the associated call resolves to `path`. */
     final predicate callResolvesTo(string path) {
-      path = this.getCall().getStaticTarget().getCanonicalPath()
+      path = this.getCall().getResolvedTarget().getCanonicalPath()
     }
   }
 
@@ -31,19 +31,19 @@ module Input implements InputSig<Location, RustDataFlow> {
   abstract class SinkBase extends SourceSinkBase { }
 
   private class CallExprFunction extends SourceBase, SinkBase {
-    private CallExpr call;
+    private ParenArgsExpr call;
 
-    CallExprFunction() { this = call.getFunction() }
+    CallExprFunction() { this = call.getBase() }
 
-    override CallExpr getCall() { result = call }
+    override ParenArgsExpr getCall() { result = call }
   }
 
   private class MethodCallExprNameRef extends SourceBase, SinkBase {
     private MethodCallExpr call;
 
     MethodCallExprNameRef() { this = call.getIdentifier() }
 
-    override MethodCallExpr getCall() { result = call }
+    override CallLikeExpr getCall() { result = call }
   }
 
   RustDataFlow::ArgumentPosition callbackSelfParameterPosition() { result.isClosureSelf() }
@@ -129,7 +129,7 @@ private import Make<Location, RustDataFlow, Input> as Impl
 
 private module StepsInput implements Impl::Private::StepsInputSig {
   DataFlowCall getACall(Public::SummarizedCallable sc) {
-    result.asFunctionCall().getStaticTarget() = sc
+    result.asCallExpr().getStaticTarget() = sc
   }
 
   /** Gets the argument of `source` described by `sc`, if any. */
@@ -172,7 +172,7 @@ private module StepsInput implements Impl::Private::StepsInputSig {
   }
 
   RustDataFlow::Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) {
-    exists(Call call, Expr arg, ArgumentPosition pos |
+    exists(CallLikeExpr call, Expr arg, ArgumentPosition pos |
       result.asExpr() = arg and
       sc = Impl::Private::SummaryComponent::argument(pos) and
       call = sink.getCall() and

rust/ql/lib/codeql/rust/dataflow/internal/Node.qll

@@ -224,7 +224,7 @@ abstract class ArgumentNode extends Node {
 }
 
 final class ExprArgumentNode extends ArgumentNode, ExprNode {
-  private FunctionCall call_;
+  private CallExpr call_;
   private RustDataFlow::ArgumentPosition pos_;
 
   ExprArgumentNode() {
@@ -234,7 +234,7 @@ final class ExprArgumentNode extends ArgumentNode, ExprNode {
   }
 
   override predicate isArgumentOf(DataFlowCall call, RustDataFlow::ArgumentPosition pos) {
-    call.asFunctionCall() = call_ and pos = pos_
+    call.asCallExpr() = call_ and pos = pos_
   }
 }
 
@@ -269,7 +269,7 @@ final class DerefBorrowArgNode extends DerefBorrowNode, ArgumentNode {
   private DataFlowCall call_;
   private RustDataFlow::ArgumentPosition pos_;
 
-  DerefBorrowArgNode() { isArgumentForCall(n, call_.asFunctionCall(), pos_) }
+  DerefBorrowArgNode() { isArgumentForCall(n, call_.asCallExpr(), pos_) }
 
   override predicate isArgumentOf(DataFlowCall call, RustDataFlow::ArgumentPosition pos) {
     call = call_ and pos = pos_
@@ -299,7 +299,7 @@ final class ClosureArgumentNode extends ArgumentNode, ExprNode {
   ClosureArgumentNode() { lambdaCallExpr(call_, _, this.asExpr()) }
 
   override predicate isArgumentOf(DataFlowCall call, RustDataFlow::ArgumentPosition pos) {
-    call.asFunctionCall() = call_ and pos.isClosureSelf()
+    call.asCallExpr() = call_ and pos.isClosureSelf()
   }
 }
 
@@ -347,11 +347,11 @@ abstract class OutNode extends Node {
 }
 
 final private class ExprOutNode extends ExprNode, OutNode {
-  ExprOutNode() { this.asExpr() instanceof FunctionCall }
+  ExprOutNode() { this.asExpr() instanceof CallExpr }
 
   /** Gets the underlying call CFG node that includes this out node. */
   override DataFlowCall getCall(ReturnKind kind) {
-    result.asFunctionCall() = n and
+    result.asCallExpr() = n and
     kind = TNormalReturnKind()
   }
 }

rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll

@@ -154,7 +154,7 @@ private predicate variableWriteInOuterScope(BasicBlock bb, int i, Variable v, Cf
 }
 
 /** Holds if evaluating `e` jumps to the evaluation of a different CFG scope. */
-private predicate isControlFlowJump(Expr e) { e instanceof FunctionCall or e instanceof AwaitExpr }
+private predicate isControlFlowJump(Expr e) { e instanceof CallExpr or e instanceof AwaitExpr }
 
 /**
  * Holds if the call `call` at index `i` in basic block `bb` may reach
@@ -325,7 +325,7 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu
 
   predicate ssaDefHasSource(WriteDefinition def) { none() } // handled in `DataFlowImpl.qll` instead
 
-  private predicate isArg(FunctionCall call, Expr e) {
+  private predicate isArg(CallExpr call, Expr e) {
     call.getAnArgument() = e
     or
     call.getReceiver() = e