Rust: Support non-universal impl blocks

[paldepind]

Adds type inference support for non-universal impl blocks. By "non-universal" we mean impl blocks that target generic types but which are not valid for all instantiations of the generic type.

For instance

impl<T> Option<Option<T>> {
  fn flatten(self) -> Option<T> { ... }
}

where the flatten method is only valid for some Option instantiations.

Non-universal impl block affect both method resolution and trait implementations as the method/trait implementation can be valid only for some instantiations of a type. A Foo<i64> might have a different set of methods/traits than a Foo<String>. Finding the right method/trait implementation is the crux of the matter. The tests have examples of this.

I've tried to document the new additions in this PR with QLdoc, but here are some additional high-level comments on the changes:

• As mentioned above, with non-universal impl blocks it is no longer enough to know the root of a type to determine which traits it implements and which methods it supports. This affects a bunch of things.

  • The getMethod and getABaseTypeMention member predicate on Type is removed, as a Type is now not enough to determine these things.
  • The new conditionSatisfiesConstraint takes a TypeMention as its second parameter as a Type is not enough.

• In this PR I've split subtype handling (inferring type parameters through supertypes) from constraint handling (inferring type parameters from type parameter interface constraints (in C#)/trait bounds (in Rust). The former is now the sole job of the AccessBaseType sub-module and the later is done in the new AccessConstraint sub-module. There's also a predicate for each in the module signature: getABaseTypeMention and conditionSatisfiesConstraint.

  This has both pros and cons:

  • PRO: Languages (like Rust) that don't have subtyping can leave getABaseTypeMention as none() and avoid any computation related to subtyping.
  • PRO: Constraints are now more complicated and I don't think any languages have subtyping that is similarly complicated. So subtyping is supported in a simpler and potentially more efficient way.
  • CON: It leads to more code within the shared library compared to handling these two things uniformly as before.
  • CON: In languages where these things are identical, i.e., C# where the question "does T implement the interface I" is equal to asking "is T a subtype of I" doing it as one thing could be more performant.

  All in all I'm not sure which approach is best, but when I made this change performance improved quite a bit (but that was before making some other optimizations) so that's why I ended up with this. Another approach (in follow up work) could be to 1/ merge the two things back again, 2/ add a getVariance predicate for access positions than can be covariant or invariant, 3/ only do subtyping for covariant positions, 4/ make all positions invariant for Rust. That should give equal performance for Rust, cut down on the duplicated code and hopefully the optimization with countConstraintImplementations would mean that subtyping for languages like C# wouldn't regress in performance (but we'd have no way to measure that).

[geoffw0]

Results on Rust LGTM - fewer consistency check failures, DCA looks good, except there appears to be an analysis time slowdown. It might be worth checking what's causing that, whether it affects other languages, and whether it's easy to fix.

[geoffw0]

Why do we prioritize results with fromSource above everything else?

[paldepind]

That's because the extractor currently duplicates function in source: once as a function from the source code and once as a function from library code. Hence we favor those in the source as the non-source one is probably a duplicate of the same thing.

I've added a comment now to make this clear.

[geoffw0]

I'd appreciate a bit more QLDoc here. What is a "type abstraction" in this context? (assuming it's not a Rust term)

[paldepind]

A tried to explain this over in the shared module. Would it make sense to repeat the Rust specific part of that here?

[geoffw0]

Ah, that looks good, but a little difficult to find for someone who is here. I think a reference to it (as in, "see TypeAbstraction in ...") would be sufficient.

[geoffw0]

This could also do with QLDoc, in particular explaining the condition and constraint parameters.

[paldepind]

I've added QLDoc for this and TypeAbstraction as mentioned above.

[hvitved]

First batch of review comments, mostly concerning performance.

[hvitved]

This bit is hard to follow.

[paldepind]

I've tried to rework this text. Hopefully it's a bit clearer now. I wanted to highlight this example, as it's the reason why I had to add abs in the first place.

[hvitved]

Can you elaborate what under which `tm` occurs means?

[paldepind]

This just mean that the type parameters introduced in abs are in scope in tm, that is, tm is "under" the type abstraction. I've added an example and a bit more text to make this clearer.

[paldepind]

I think the PR is now ready for another look :)

DCA shows a big slowdown on rust but I can't reproduce anything locally. For me both getStaticTarget, resolveMethodCallExpr, and inferType quick eval at basically the same time as on main. I can try an investigate some more, but perhaps someone know of a good way to see what might be up?

[hvitved]

DCA shows a big slowdown on rust but I can't reproduce anything locally.

I can reproduce; will work on a fix.

[paldepind]

I can reproduce; will work on a fix.

Great that you can reproduce and thanks for looking into it. What did you do to reproduce?

[hvitved]

What did you do to reproduce?

I ran DataFlowConsistencyCounts.ql, which was reported in the stage stats report by DCA.

[hvitved]

It only now occurred to me that it was not my proposed changes that resulted in the slowdown on rust; it actually improved things significantly, as the analysis timed out before those changes 😌

[hvitved]

Very impressive work. It would be nice if we can, as you hint at in the description, simplify the code via generalization, but let's postpone that as follow-up work.

[hvitved]

This file can now be deleted.

[hvitved]

Used in the exposed IsInstantiationOf module, so should be public.

[hvitved]

I wonder if we could choose a better name; perhaps Resolvable or similar? The three instantiations are TypeMention, RelevantAccess, and ReceiverExpr, neither of which are types themselves, but which can resolve to types.

[hvitved]

Perhaps make it explicit: of the type parameters from `abs`

[hvitved]

Should the B be A?

[hvitved]

QL doc, simply say that it provides the input to IsInstantiationOf.

[hvitved]

It feels wrong that constraint is part of an access; I tried removing it locally, and that seemed to work (it requires exposing Type constraint in the predicate hasConstraintMention.

[hvitved]

I would move this QL doc in to the class being aliased.

[hvitved]

Would it make sense to collect ImplTypeAbstraction and TraitTypeAbstraction as simply GenericParamList? That way it would also better match the ^^^^ markers in the comments.

[hvitved]

I think these two can be replaced by

  pragma[nomagic]
  private Type inferReceiverType(Expr e, TypePath path) {
    exists(TypePath path0 |
      any(MethodCallExpr mce).getReceiver() = e and
      result = inferType(e, path0)
    |
      path0 = TypePath::cons(TRefTypeParameter(), path)
      or
      not path0.isCons(TRefTypeParameter(), _) and
      path = path0
    )
  }

which is better, because it does not involve non-linear recursion.

[hvitved]

And the predicate logic may just as well be moved directly into resolveTypeAt below (still with nomagic).

[hvitved]

Again, better to avoid non-linear recursion when possible:

  pragma[inline]
  private Type inferRootTypeDeref(AstNode n) {
    result = inferType(n) and
    result != TRefType()
    or
    // for reference types, lookup members in the type being referenced
    result = inferType(n, TypePath::singleton(TRefTypeParameter()))
  }