Skip to content

Rust: Fix context-based type inference explosion #21217

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
hvitved wants to merge 3 commits into
base: main
Choose a base branch
from
Draft

Rust: Fix context-based type inference explosion #21217

hvitved wants to merge 3 commits into from
+152 −116

Conversation

@hvitved
Copy link
Contributor

@hvitved hvitved commented Jan 26, 2026
edited
Loading

The following simple program would make our type inference implementation explode:

#[derive(Default)]
struct S;

fn f() -> S {
    let x = Default::default();
    From::from(x)
}

Firstly, because of a getSuccessor vs getAssocItem bug, From::from would allow for any sub trait of From, for example the Int trait, which meant that x could be inferred to have type bool. Secondly, since many from implementations are polymorphic in their argument, we should really be checking that the return type matches the type of the calling context.

This PR makes those two adjustments, and adds the regression test.

DCA looks good; we loose some call edges, but nothing too serious.

@github-actions github-actions bot added the Rust Pull requests that update Rust code label Jan 26, 2026
@hvitved hvitved force-pushed the rust/type-inference-perf branch 2 times, most recently from 71ee1c9 to 38929dd Compare January 26, 2026 18:53
@hvitved hvitved force-pushed the rust/type-inference-perf branch from 38929dd to 50ce393 Compare January 26, 2026 19:16
@hvitved hvitved changed the title Rust: Type inference performance improvements Rust: Fix context-based type inference explosion Jan 26, 2026
@hvitved hvitved added the no-change-note-required This PR does not need a change note label Jan 27, 2026
hvitved
hvitved commented Jan 27, 2026
View reviewed changes
shared/typeinference/codeql/typeinference/internal/TypeInference.qll
Comment on lines +1002 to 1003
hasTypeConstraint(tt, constraint) and
t = getTypeAt(tt, path)
Copy link
Contributor Author

@hvitved hvitved Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This conjunction has non-linear recursion, hence the magic'ed version of hasTypeConstraint.

@hvitved hvitved marked this pull request as ready for review January 27, 2026 07:31
@hvitved hvitved requested review from a team as code owners January 27, 2026 07:31
@hvitved hvitved requested review from Copilot and paldepind January 27, 2026 07:31
Copilot AI reviewed Jan 27, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a type inference explosion issue in Rust queries by correcting two bugs in the type inference implementation:

  1. Path resolution bug: Changed getASuccessor(_) to getAnAssocItem() to correctly resolve trait functions only from the trait itself, not from sub-traits
  2. Context-based return type checking: Enhanced the logic to only use return type for disambiguation when all argument positions are trivially satisfied

Changes:

  • Fixed trait function resolution to prevent matching sub-trait implementations
  • Added logic to check return type matches calling context for polymorphic functions
  • Refactored Input modules into a unified structure
  • Added regression test for the Default::default() and From::from() pattern

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file
File Description
shared/typeinference/codeql/typeinference/internal/TypeInference.qll Added helper predicate with pragma[nomagic] to optimize type constraint checking
rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll Fixed getASuccessorgetAnAssocItem bug, merged Input modules, fixed parameter ordering in context typing
rust/ql/lib/codeql/rust/internal/typeinference/FunctionOverloading.qll Split predicate and added return type disambiguation logic
rust/ql/test/library-tests/type-inference/main.rs Added regression test for from_default module
rust/ql/test/library-tests/type-inference/type-inference.expected Updated expected test output
rust/ql/test/query-tests/security/CWE-312/CONSISTENCY/PathResolutionConsistency.expected Removed spurious multiple resolution error

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@hvitved hvitved marked this pull request as draft January 27, 2026 13:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@paldepind paldepind Awaiting requested review from paldepind

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

no-change-note-required This PR does not need a change note Rust Pull requests that update Rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hvitved