Rust: Implement CFG for WhileExprs

Author: hvitved

rust/ql/lib/codeql/rust/controlflow/internal/Completion.qll

@@ -84,6 +84,8 @@ class BooleanCompletion extends ConditionalCompletion, TBooleanCompletion {
   private predicate isValidForSpecific0(AstNode e) {
     e = any(IfExpr c).getCondition()
     or
+    e = any(WhileExpr c).getCondition()
+    or
     any(MatchArm arm).getGuard() = e
     or
     exists(BinaryExpr expr |

rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll

@@ -277,45 +277,82 @@ class LetStmtTree extends PreOrderTree instanceof LetStmt {
 
 class LiteralExprTree extends LeafTree instanceof LiteralExpr { }
 
-class LoopExprTree extends PostOrderTree instanceof LoopExpr {
+abstract class LoopingExprTree extends PostOrderTree {
   override predicate propagatesAbnormal(AstNode child) { none() }
 
-  override predicate first(AstNode node) { first(super.getLoopBody(), node) }
+  abstract BlockExpr getLoopBody();
 
-  /** Whether this `LoopExpr` captures the `c` completion. */
-  private predicate capturesLoopJumpCompletion(LoopJumpCompletion c) {
+  abstract Label getLabel();
+
+  /** Whether this loop captures the `c` completion. */
+  predicate capturesLoopJumpCompletion(LoopJumpCompletion c) {
     not c.hasLabel()
     or
-    c.getLabelName() = super.getLabel().getLifetime().getText()
+    c.getLabelName() = this.getLabel().getLifetime().getText()
   }
 
   override predicate succ(AstNode pred, AstNode succ, Completion c) {
+    // Edge for exiting the loop with a break expressions
+    last(this.getLoopBody(), pred, c) and
+    c.(LoopJumpCompletion).isBreak() and
+    this.capturesLoopJumpCompletion(c) and
+    succ = this
+    or
     // Edge back to the start for final expression and continue expressions
-    last(super.getLoopBody(), pred, c) and
+    last(this.getLoopBody(), pred, c) and
     (
       completionIsNormal(c)
       or
       c.(LoopJumpCompletion).isContinue() and this.capturesLoopJumpCompletion(c)
     ) and
     this.first(succ)
-    or
-    // Edge for exiting the loop with a break expressions
-    last(super.getLoopBody(), pred, c) and
-    c.(LoopJumpCompletion).isBreak() and
-    this.capturesLoopJumpCompletion(c) and
-    succ = this
   }
 
   override predicate last(AstNode last, Completion c) {
     super.last(last, c)
     or
     // Any abnormal completions that this loop does not capture should propagate
-    last(super.getLoopBody(), last, c) and
+    last(this.getLoopBody(), last, c) and
     not completionIsNormal(c) and
     not this.capturesLoopJumpCompletion(c)
   }
 }
 
+class LoopExprTree extends LoopingExprTree instanceof LoopExpr {
+  override BlockExpr getLoopBody() { result = LoopExpr.super.getLoopBody() }
+
+  override Label getLabel() { result = LoopExpr.super.getLabel() }
+
+  override predicate first(AstNode node) { first(this.getLoopBody(), node) }
+}
+
+class WhileExprTree extends LoopingExprTree instanceof WhileExpr {
+  override BlockExpr getLoopBody() { result = WhileExpr.super.getLoopBody() }
+
+  override Label getLabel() { result = WhileExpr.super.getLabel() }
+
+  override predicate first(AstNode node) { first(super.getCondition(), node) }
+
+  override predicate succ(AstNode pred, AstNode succ, Completion c) {
+    super.succ(pred, succ, c)
+    or
+    last(super.getCondition(), pred, c) and
+    c.(BooleanCompletion).succeeded() and
+    first(this.getLoopBody(), succ)
+    or
+    last(super.getCondition(), pred, c) and
+    c.(BooleanCompletion).failed() and
+    succ = this
+  }
+
+  override predicate last(AstNode last, Completion c) {
+    super.last(last, c)
+    or
+    last(super.getCondition(), last, c) and
+    not completionIsNormal(c)
+  }
+}
+
 class MatchArmTree extends ControlFlowTree instanceof MatchArm {
   override predicate propagatesAbnormal(AstNode child) { child = super.getExpr() }
 

rust/ql/test/library-tests/controlflow/CONSISTENCY/CfgConsistency.expected

@@ -1,5 +1,4 @@
 deadEnd
-| test.rs:55:13:55:17 | b |
 | test.rs:230:28:230:33 | ... < ... |
 | test.rs:245:30:245:48 | BlockExpr |
 scopeNoFirst

rust/ql/test/library-tests/controlflow/Cfg.expected

@@ -98,8 +98,30 @@
 | test.rs:49:17:49:31 | ContinueExpr | test.rs:44:17:48:17 | ExprStmt | continue('inner) |
 | test.rs:49:17:49:32 | ExprStmt | test.rs:49:17:49:31 | ContinueExpr |  |
 | test.rs:54:5:63:5 | enter test_while | test.rs:55:9:55:25 | LetStmt |  |
+| test.rs:54:5:63:5 | exit test_while (normal) | test.rs:54:5:63:5 | exit test_while |  |
+| test.rs:54:27:63:5 | BlockExpr | test.rs:54:5:63:5 | exit test_while (normal) |  |
 | test.rs:55:9:55:25 | LetStmt | test.rs:55:21:55:24 | true |  |
+| test.rs:55:13:55:17 | b | test.rs:56:15:56:15 | b | match, no-match |
 | test.rs:55:21:55:24 | true | test.rs:55:13:55:17 | b |  |
+| test.rs:56:9:62:9 | WhileExpr | test.rs:54:27:63:5 | BlockExpr |  |
+| test.rs:56:15:56:15 | b | test.rs:56:9:62:9 | WhileExpr | false |
+| test.rs:56:15:56:15 | b | test.rs:57:13:57:14 | ExprStmt | true |
+| test.rs:56:17:62:9 | BlockExpr | test.rs:56:15:56:15 | b |  |
+| test.rs:57:13:57:13 | 1 | test.rs:58:13:60:13 | ExprStmt |  |
+| test.rs:57:13:57:14 | ExprStmt | test.rs:57:13:57:13 | 1 |  |
+| test.rs:58:13:60:13 | ExprStmt | test.rs:58:17:58:17 | i |  |
+| test.rs:58:13:60:13 | IfExpr | test.rs:61:13:61:22 | ExprStmt |  |
+| test.rs:58:16:58:22 | ParenExpr | test.rs:58:13:60:13 | IfExpr | false |
+| test.rs:58:16:58:22 | ParenExpr | test.rs:59:17:59:22 | ExprStmt | true |
+| test.rs:58:17:58:17 | i | test.rs:58:21:58:21 | 0 |  |
+| test.rs:58:17:58:21 | ... > ... | test.rs:58:16:58:22 | ParenExpr |  |
+| test.rs:58:21:58:21 | 0 | test.rs:58:17:58:21 | ... > ... |  |
+| test.rs:59:17:59:21 | BreakExpr | test.rs:56:9:62:9 | WhileExpr | break |
+| test.rs:59:17:59:22 | ExprStmt | test.rs:59:17:59:21 | BreakExpr |  |
+| test.rs:61:13:61:13 | PathExpr | test.rs:61:17:61:21 | false |  |
+| test.rs:61:13:61:21 | ... = ... | test.rs:56:17:62:9 | BlockExpr |  |
+| test.rs:61:13:61:22 | ExprStmt | test.rs:61:13:61:13 | PathExpr |  |
+| test.rs:61:17:61:21 | false | test.rs:61:13:61:21 | ... = ... |  |
 | test.rs:75:1:78:1 | enter test_nested_function | test.rs:76:5:76:28 | LetStmt |  |
 | test.rs:75:1:78:1 | exit test_nested_function (normal) | test.rs:75:1:78:1 | exit test_nested_function |  |
 | test.rs:75:40:78:1 | BlockExpr | test.rs:75:1:78:1 | exit test_nested_function (normal) |  |