Rust: Also take the std prelude into account when resolving paths
#19611
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hvitved
force-pushed
the
rust/path-resolution-std-prelude
branch
from
93d20d1 to
3fa308e
Compare
paldepind
approved these changes
Jun 2, 2025
There was a problem hiding this comment.
Pull Request Overview
This PR extends path resolution to consider items reexported by the std prelude in addition to the existing core prelude, and updates test expectations accordingly.
- Update
preludeEdgeinPathResolution.qllto match on both"core"and"std"crates. - Adjust expected results in two consistency tests to reflect multiple resolutions from both preludes.
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| rust/ql/lib/codeql/rust/internal/PathResolution.qll | Expanded preludeEdge predicate to include std prelude. |
| rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/PathResolutionConsistency.expected | Added entries for both core and std crate resolutions. |
| rust/ql/test/query-tests/security/CWE-770/CONSISTENCY/PathResolutionConsistency.expected | Added duplicate entries but missing core crate version. |
Comments suppressed due to low confidence (1)
rust/ql/test/query-tests/security/CWE-770/CONSISTENCY/PathResolutionConsistency.expected:2
- The expected output only includes the
stdcrate ([email protected]) for this resolution. To mirror the CWE-825 test, add a separate entry for thecorecrate (e.g., [email protected]) so both preludes are covered.
| main.rs:218:14:218:17 | libc | file://:0:0:0:0 | Crate([email protected]) |
|
DCA looks mildly positive, apart from regressions in path resolution inconsistencies (which we see in consistency tests as well). |
I have started a new DCA run which uses DB caching, to rule out wobbliness caused by the extractor. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In addition to the
coreprelude, also lookup names in thestdprelude.DCA looks OK; some more path resolution inconsistencies, which is not unexpected, and we see both performance improvements and regressions, which I suspect is mostly wobble.