Merge branch 'main' into redsun82/ripunzip

redsun82 · web-flow · commit 87b9afce97fe · 2025-11-19T10:33:39.000+01:00
diff --git a/cpp/ql/lib/semmle/code/cpp/exprs/Cast.qll b/cpp/ql/lib/semmle/code/cpp/exprs/Cast.qll
@@ -750,6 +750,16 @@ class SizeofPackTypeOperator extends SizeofPackOperator {
  */
 class SizeofOperator extends Expr, @runtime_sizeof {
   override int getPrecedence() { result = 16 }
+
+  /**
+   * Gets the contained type of this `sizeof`. For example,
+   * the result is `int` in both cases below:
+   * ```
+   * sizeof(int);
+   * sizeof(42);
+   * ```
+   */
+  Type getTypeOperand() { none() } // overridden in subclasses
 }
 
 /**
@@ -766,6 +776,8 @@ class SizeofExprOperator extends SizeofOperator {
   /** Gets the contained expression. */
   Expr getExprOperand() { result = this.getChild(0) }
 
+  override Type getTypeOperand() { result = this.getExprOperand().getType() }
+
   override string toString() { result = "sizeof(<expr>)" }
 
   override predicate mayBeImpure() { this.getExprOperand().mayBeImpure() }
@@ -784,8 +796,7 @@ class SizeofTypeOperator extends SizeofOperator {
 
   override string getAPrimaryQlClass() { result = "SizeofTypeOperator" }
 
-  /** Gets the contained type. */
-  Type getTypeOperand() { sizeof_bind(underlyingElement(this), unresolveElement(result)) }
+  override Type getTypeOperand() { sizeof_bind(underlyingElement(this), unresolveElement(result)) }
 
   override string toString() { result = "sizeof(" + this.getTypeOperand().getName() + ")" }
 
@@ -842,6 +853,16 @@ class AlignofTypeOperator extends AlignofOperator {
  */
 class DatasizeofOperator extends Expr, @datasizeof {
   override int getPrecedence() { result = 16 }
+
+  /**
+   * Gets the contained type of this `__datasizeof`. For example,
+   * the result is `int` in both cases below:
+   * ```
+   * __datasizeof(int);
+   * __datasizeof(42);
+   * ```
+   */
+  Type getTypeOperand() { none() }
 }
 
 /**
@@ -855,6 +876,8 @@ class DatasizeofExprOperator extends DatasizeofOperator {
   /** Gets the contained expression. */
   Expr getExprOperand() { result = this.getChild(0) }
 
+  override Type getTypeOperand() { result = this.getExprOperand().getType() }
+
   override string toString() { result = "__datasizeof(<expr>)" }
 
   override predicate mayBeImpure() { this.getExprOperand().mayBeImpure() }
@@ -870,8 +893,7 @@ class DatasizeofTypeOperator extends DatasizeofOperator {
 
   override string getAPrimaryQlClass() { result = "DatasizeofTypeOperator" }
 
-  /** Gets the contained type. */
-  Type getTypeOperand() { sizeof_bind(underlyingElement(this), unresolveElement(result)) }
+  override Type getTypeOperand() { sizeof_bind(underlyingElement(this), unresolveElement(result)) }
 
   override string toString() { result = "__datasizeof(" + this.getTypeOperand().getName() + ")" }
 
diff --git a/cpp/ql/test/library-tests/types/sizeof/sizeof.expected b/cpp/ql/test/library-tests/types/sizeof/sizeof.expected
@@ -1,10 +1,16 @@
-| sizeof.cpp:19:15:19:25 | sizeof(int) | 4 | SizeofTypeOperator.getTypeOperand() | file://:0:0:0:0 | int |
-| sizeof.cpp:20:15:20:26 | sizeof(char) | 1 | SizeofTypeOperator.getTypeOperand() | file://:0:0:0:0 | char |
-| sizeof.cpp:21:15:21:27 | sizeof(int *) | 8 | SizeofTypeOperator.getTypeOperand() | file://:0:0:0:0 | int * |
-| sizeof.cpp:22:15:22:29 | sizeof(MyClass) | 16 | SizeofTypeOperator.getTypeOperand() | sizeof.cpp:4:7:4:13 | MyClass |
+| sizeof.cpp:19:15:19:25 | sizeof(int) | 4 | SizeofOperator.getTypeOperand() | file://:0:0:0:0 | int |
+| sizeof.cpp:20:15:20:26 | sizeof(char) | 1 | SizeofOperator.getTypeOperand() | file://:0:0:0:0 | char |
+| sizeof.cpp:21:15:21:27 | sizeof(int *) | 8 | SizeofOperator.getTypeOperand() | file://:0:0:0:0 | int * |
+| sizeof.cpp:22:15:22:29 | sizeof(MyClass) | 16 | SizeofOperator.getTypeOperand() | sizeof.cpp:4:7:4:13 | MyClass |
 | sizeof.cpp:23:15:23:23 | sizeof(<expr>) | 4 | SizeofExprOperator.getExprOperand() | sizeof.cpp:23:22:23:22 | i |
+| sizeof.cpp:23:15:23:23 | sizeof(<expr>) | 4 | SizeofOperator.getTypeOperand() | file://:0:0:0:0 | int |
 | sizeof.cpp:24:15:24:23 | sizeof(<expr>) | 1 | SizeofExprOperator.getExprOperand() | sizeof.cpp:24:22:24:22 | c |
+| sizeof.cpp:24:15:24:23 | sizeof(<expr>) | 1 | SizeofOperator.getTypeOperand() | file://:0:0:0:0 | char |
 | sizeof.cpp:25:15:25:25 | sizeof(<expr>) | 8 | SizeofExprOperator.getExprOperand() | sizeof.cpp:25:22:25:24 | ptr |
+| sizeof.cpp:25:15:25:25 | sizeof(<expr>) | 8 | SizeofOperator.getTypeOperand() | file://:0:0:0:0 | int * |
 | sizeof.cpp:26:15:26:24 | sizeof(<expr>) | 16 | SizeofExprOperator.getExprOperand() | sizeof.cpp:26:22:26:23 | mc |
+| sizeof.cpp:26:15:26:24 | sizeof(<expr>) | 16 | SizeofOperator.getTypeOperand() | sizeof.cpp:4:7:4:13 | MyClass |
 | sizeof.cpp:27:15:27:25 | sizeof(<expr>) | 40 | SizeofExprOperator.getExprOperand() | sizeof.cpp:27:22:27:24 | arr |
+| sizeof.cpp:27:15:27:25 | sizeof(<expr>) | 40 | SizeofOperator.getTypeOperand() | file://:0:0:0:0 | int[10] |
 | sizeof.cpp:28:16:28:29 | sizeof(<expr>) | 4 | SizeofExprOperator.getExprOperand() | sizeof.cpp:28:23:28:28 | access to array |
+| sizeof.cpp:28:16:28:29 | sizeof(<expr>) | 4 | SizeofOperator.getTypeOperand() | file://:0:0:0:0 | int |
diff --git a/cpp/ql/test/library-tests/types/sizeof/sizeof.ql b/cpp/ql/test/library-tests/types/sizeof/sizeof.ql
@@ -2,8 +2,8 @@ import cpp
 
 from SizeofOperator sto, string elemDesc, Element e
 where
-  elemDesc = "SizeofTypeOperator.getTypeOperand()" and
-  e = sto.(SizeofTypeOperator).getTypeOperand()
+  elemDesc = "SizeofOperator.getTypeOperand()" and
+  e = sto.getTypeOperand()
   or
   elemDesc = "SizeofExprOperator.getExprOperand()" and
   e = sto.(SizeofExprOperator).getExprOperand()
diff --git a/rust/ql/lib/codeql/rust/internal/TypeInference.qll b/rust/ql/lib/codeql/rust/internal/TypeInference.qll
@@ -9,6 +9,7 @@ private import TypeMention
 private import typeinference.FunctionType
 private import typeinference.FunctionOverloading as FunctionOverloading
 private import typeinference.BlanketImplementation as BlanketImplementation
+private import codeql.rust.internal.CachedStages
 private import codeql.typeinference.internal.TypeInference
 private import codeql.rust.frameworks.stdlib.Stdlib
 private import codeql.rust.frameworks.stdlib.Builtins as Builtins
@@ -419,9 +420,10 @@ module CertainTypeInference {
    * Holds if `n` has complete and certain type information and if `n` has the
    * resulting type at `path`.
    */
-  pragma[nomagic]
+  cached
   Type inferCertainType(AstNode n, TypePath path) {
-    result = inferAnnotatedType(n, path)
+    result = inferAnnotatedType(n, path) and
+    Stages::TypeInferenceStage::ref()
     or
     result = inferCertainCallExprType(n, path)
     or
@@ -3407,8 +3409,6 @@ private Type inferCastExprType(CastExpr ce, TypePath path) {
 
 cached
 private module Cached {
-  private import codeql.rust.internal.CachedStages
-
   /** Holds if `receiver` is the receiver of a method call with an implicit dereference. */
   cached
   predicate receiverHasImplicitDeref(AstNode receiver) {
