Skip to content

Rust: Make path resolution robust against invalid code with conflicting declarations #21311

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hvitved wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Rust: Make path resolution robust against invalid code with conflicting declarations #21311

hvitved wants to merge 1 commit into from
+45 −23

Conversation

@hvitved
Copy link
Contributor

@hvitved hvitved commented Feb 11, 2026
edited
Loading

@github-actions github-actions bot added the Rust Pull requests that update Rust code label Feb 11, 2026
@hvitved hvitved added the no-change-note-required This PR does not need a change note label Feb 12, 2026
@hvitved hvitved marked this pull request as ready for review February 12, 2026 08:31
@hvitved hvitved requested a review from a team as a code owner February 12, 2026 08:31
@hvitved hvitved requested review from Copilot and paldepind February 12, 2026 08:31
Copilot AI reviewed Feb 12, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Improves Rust path resolution to remain performant and deterministic in the presence of invalid Rust code that introduces conflicting declarations (e.g., duplicate names), and adds a regression test covering that scenario.

Changes:

  • Add an invalid-Rust test case with conflicting struct A declarations and disable cargo check for that fixture.
  • Update path resolution to avoid combinatorial blow-ups in invalid code by selecting a single (last) matching child item.
  • Update expected test output to reflect the new resolution behavior for the invalid fixture.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 3 comments.

File Description
rust/ql/lib/codeql/rust/internal/PathResolution.qll Adjusts child-successor selection to be robust in invalid/conflicting-declaration scenarios.
rust/ql/test/library-tests/path-resolution/invalid/main.rs Adds an invalid Rust fixture with conflicting declarations.
rust/ql/test/library-tests/path-resolution/invalid/options.yml Disables cargo checking for the invalid fixture.
rust/ql/test/library-tests/path-resolution/path-resolution.expected Updates expected results for the new invalid-code path resolution behavior.
Comments suppressed due to low confidence (1)

rust/ql/test/library-tests/path-resolution/invalid/main.rs:6

  • Typo in comment: “precendence” should be “precedence”.
fn f(x: A) {} // $ item=A2 (the later occurence takes precendence)

rust/ql/test/library-tests/path-resolution/invalid/main.rs
struct A; // A1
struct A; // A2

fn f(x: A) {} // $ item=A2 (the later occurence takes precendence)
Copy link

Copilot AI Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Typo in comment: “occurence” should be “occurrence”.

This issue also appears on line 6 of the same file.

Suggested change
fn f(x: A) {} // $ item=A2 (the later occurence takes precendence)
fn f(x: A) {} // $ item=A2 (the later occurrence takes precendence)

Copilot uses AI. Check for mistakes.
rust/ql/test/library-tests/path-resolution/invalid/main.rs
struct A; // A1
struct A; // A2

fn f(x: A) {} // $ item=A2 (the later occurence takes precendence)
Copy link

Copilot AI Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wording in comment: “the later” is ambiguous here; “the latter” better matches the intent (A2 vs A1).

Suggested change
fn f(x: A) {} // $ item=A2 (the later occurence takes precendence)
fn f(x: A) {} // $ item=A2 (the latter occurrence takes precedence)

Copilot uses AI. Check for mistakes.
rust/ql/lib/codeql/rust/internal/PathResolution.qll
not result instanceof NamedItemNode
or
// In valid Rust code, there cannot be multiple children with the same name and namespace,
// but to safe-guard against combinatorial explosions in invalid code, we always pick the
Copy link

Copilot AI Feb 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Grammar in comment: “to safe-guard” should be “to safeguard”.

Suggested change
// but to safe-guard against combinatorial explosions in invalid code, we always pick the
// but to safeguard against combinatorial explosions in invalid code, we always pick the

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@paldepind paldepind Awaiting requested review from paldepind

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

no-change-note-required This PR does not need a change note Rust Pull requests that update Rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hvitved