Rust: Loops propagate CFG return completions but captures continue and break

paldepind · paldepind · commit 1a85dfd9ce91 · 2024-09-13T11:51:16.000+02:00
diff --git a/rust/ql/lib/codeql/rust/controlflow/internal/Completion.qll b/rust/ql/lib/codeql/rust/controlflow/internal/Completion.qll
@@ -119,3 +119,9 @@ predicate completionIsSimple(Completion c) { c instanceof SimpleCompletion }
 
 /** Holds if `c` is a valid completion for `n`. */
 predicate completionIsValidFor(Completion c, AstNode n) { c.isValidFor(n) }
+
+/** Holds if `c` is a completion that interacts with a loop such as `loop`, `for`, `while`. */
+predicate isLoopCompletion(Completion c) {
+  c instanceof BreakCompletion or
+  c instanceof ContinueCompletion
+}
diff --git a/rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll b/rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll
@@ -174,7 +174,7 @@ class LetStmtTree extends StandardPostOrderTree instanceof LetStmt {
 }
 
 class LoopExprTree extends PostOrderTree instanceof LoopExpr {
-  override predicate propagatesAbnormal(AstNode child) { child = super.getBody() }
+  override predicate propagatesAbnormal(AstNode child) { none() }
 
   override predicate first(AstNode node) { first(super.getBody(), node) }
 
@@ -189,6 +189,14 @@ class LoopExprTree extends PostOrderTree instanceof LoopExpr {
     c instanceof BreakCompletion and
     succ = this
   }
+
+  override predicate last(AstNode last, Completion c) {
+    super.last(last, c)
+    or
+    last(super.getBody(), last, c) and
+    not completionIsNormal(c) and
+    not isLoopCompletion(c)
+  }
 }
 
 class ReturnExprTree extends PostOrderTree instanceof ReturnExpr {

Original file line number	Diff line number	Diff line change
`@@ -174,7 +174,7 @@ class LetStmtTree extends StandardPostOrderTree instanceof LetStmt {`
`174`	`174`	`}`
`175`	`175`
`176`	`176`	`class LoopExprTree extends PostOrderTree instanceof LoopExpr {`
`177`		`- override predicate propagatesAbnormal(AstNode child) { child = super.getBody() }`
	`177`	`+ override predicate propagatesAbnormal(AstNode child) { none() }`
`178`	`178`
`179`	`179`	`override predicate first(AstNode node) { first(super.getBody(), node) }`
`180`	`180`
`@@ -189,6 +189,14 @@ class LoopExprTree extends PostOrderTree instanceof LoopExpr {`
`189`	`189`	`c instanceof BreakCompletion and`
`190`	`190`	`succ = this`
`191`	`191`	`}`
	`192`	`+`
	`193`	`+ override predicate last(AstNode last, Completion c) {`
	`194`	`+ super.last(last, c)`
	`195`	`+ or`
	`196`	`+ last(super.getBody(), last, c) and`
	`197`	`+ not completionIsNormal(c) and`
	`198`	`+ not isLoopCompletion(c)`
	`199`	`+ }`
`192`	`200`	`}`
`193`	`201`
`194`	`202`	`class ReturnExprTree extends PostOrderTree instanceof ReturnExpr {`