Rust: Model Pin #19529
Rust: Model Pin #19529
Conversation
There was a problem hiding this comment.
Pull Request Overview
This PR adds tests for std::pin::Pin usage and models in the CodeQL standard library definitions to support pin-related dataflow.
- Introduces a
test_pinfunction with various pin creation and projection patterns - Extends
lang-core.model.ymlandlang-alloc.model.ymlwithPinandBox::pin/into_pinsummaries - Updates the expected flow results in
inline-flow.expectedto include the new pin tests
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| rust/ql/test/library-tests/dataflow/modeled/main.rs | Adds test_pin with sinks expecting pin-related flows |
| rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected | Updates expected dataflow edges for pin tests |
| rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml | Adds manual summaries for Pin methods |
| rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml | Adds manual summaries for Box::pin, Box::new, into_pin |
Comments suppressed due to low confidence (3)
rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml:42
- There is a duplicate entry for
<crate::pin::Pin>::into_inner. Please remove the redundant line to avoid confusion.
- ["lang:core", "<crate::pin::Pin>::into_inner", "Argument[0]", "ReturnValue", "value", "manual"]
rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml:35
- Missing model for the
pin!macro (imported viause std::pin::pin). Add an entry like-["lang:core", "crate::pin::pin", "Argument[0]", "ReturnValue", "value", "manual"]so dataflow throughpin!(...)is recognized.
# Pin
rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml:35
Pin<T>implementsDeref, but there’s no summary model to propagate dataflow through.deref(). Add a model for<crate::pin::Pin<T> as std::ops::Deref>::derefto ensure field accesses on pinned references carry over the value.
# Pin
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
These models looks good to me.
Pin is modeled as if it isn't really there. That seems to work great, but one might speculate about whether storing things in it struct field could work better with the model generator. That's something one could investigate in the future if we try and generate models for Pin.
As for why tests don't really work, I think that's a limitation of the type inference/field lookup. For instance, the field lookup in
sink(pin1.val); // $ MISSING: hasValueFlow=41works because there's an implicit dereference calling Pins implementation of the Deref trait. Currently we do not understand Deref traits, and only implement implicit dereferencing for plain &s. I confirmed that by quick eval'ing resolveStructFieldExpr in type inference which doesn't resolve any of these field expressions.
|
Fixed merge conflict.
Indeed, I suspect we hit this issue quite a lot. |
I think you're right about that. I've created an internal issue for this. |
|
... it looks like I forgot to do a DCA run on this branch, so I've started one now ... |
|
... DCA run LGTM. |
Add tests and models for std::pin::Pin, which will be required for some other work. They're not working very well though, @hvitved @paldepind can you spot what might be going wrong, particularly in the second block of test cases?