Skip to content

Rust: Restrict type propagation into receivers#21333

Open
hvitved wants to merge 2 commits intogithub:mainfrom
hvitved:rust/type-inference-restrict-receiver-type-propagation
Open

Rust: Restrict type propagation into receivers#21333
hvitved wants to merge 2 commits intogithub:mainfrom
hvitved:rust/type-inference-restrict-receiver-type-propagation

Conversation

@hvitved
Copy link
Contributor

@hvitved hvitved commented Feb 17, 2026
edited
Loading

Fixes a source of type inference combinatorial explosion (see test), which fixes a timeout on stalwartlabs/stalwart.

DCA is great: only a modest decrease in Percentage of calls with call target, but on the other hand a large decrease in Nodes With Type At Length Limit.

@github-actions github-actions bot added the Rust Pull requests that update Rust code label Feb 17, 2026
@hvitved hvitved force-pushed the rust/type-inference-restrict-receiver-type-propagation branch from 652c8db to e587541 Compare February 17, 2026 12:44
@hvitved hvitved added the no-change-note-required This PR does not need a change note label Feb 17, 2026
hvitved
hvitved commented Feb 17, 2026
View reviewed changes
rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll
strictcount(Expr e | bodyReturns(parent, e)) > 1 and
prefix.isEmpty()
or
exists(Struct s |
Copy link
Contributor Author

@hvitved hvitved Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change is not what solves the timeout, but I saw cases where type information would incorrectly flow between limits in range expressions, so I decided to treat them as LUB conversions.

@hvitved hvitved marked this pull request as ready for review February 17, 2026 19:29
@hvitved hvitved requested a review from a team as a code owner February 17, 2026 19:29
@hvitved hvitved requested review from Copilot and paldepind February 17, 2026 19:29
Copilot AI reviewed Feb 17, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR restricts type propagation into method receivers to fix a combinatorial explosion issue in Rust type inference, addressing a timeout on the stalwartlabs/stalwart repository. The change prevents type information from being propagated back into receiver positions during type inference, since the receiver type must already be known for method resolution to occur.

Changes:

  • Modified type inference logic to restrict type propagation into receivers by introducing a new predicate assocFunctionMentionsTypeParameterAtNonRetPos and updating the context typing logic to never propagate types directly into receivers when the prefix is empty
  • Refactored the type inference signature from boolean isReturn to FunctionPosition pos for more precise position tracking
  • Moved Range type parameter constraints from typeEquality to lubCoercion to better reflect their coercion semantics
  • Added a regression test demonstrating the combinatorial explosion scenario with recursive enum types and method chaining

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll Core type inference logic changes: refactored position tracking, added receiver restriction, moved Range coercion logic, and simplified several helper predicates
rust/ql/test/library-tests/type-inference/regressions.rs New regression test file demonstrating the combinatorial explosion case with recursive enum types
rust/ql/test/library-tests/type-inference/main.rs Added module declaration for the new regressions test file
rust/ql/test/library-tests/type-inference/type-inference.expected Updated expected output reflecting the restricted type propagation (one line removed at 9514, new entries added for regression test)

rust/ql/lib/codeql/rust/internal/typeinference/TypeInference.qll
exists(StructExprMatchingInput::Access a, StructExprMatchingInput::AccessPosition apos |
n = a.getNodeAt(apos) and
if apos.isStructPos() then isReturn = true else isReturn = false
if apos.isStructPos() then pos.isReturn() else pos.asPosition() = 0 // the acutal position doesn't matter, as long as it is positional
Copy link

Copilot AI Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo in the comment: "acutal" should be "actual".

Suggested change
if apos.isStructPos() then pos.isReturn() else pos.asPosition() = 0 // the acutal position doesn't matter, as long as it is positional
if apos.isStructPos() then pos.isReturn() else pos.asPosition() = 0 // the actual position doesn't matter, as long as it is positional

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@paldepind paldepind Awaiting requested review from paldepind

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

no-change-note-required This PR does not need a change note Rust Pull requests that update Rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hvitved