github
diff --git a/‎rust/ql/lib/codeql/rust/dataflow/FlowSummary.qll‎
Lines changed: 6 additions & 2 deletions b/‎rust/ql/lib/codeql/rust/dataflow/FlowSummary.qll‎
Lines changed: 6 additions & 2 deletions
diff --git a/‎rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll‎
Lines changed: 1 addition & 19 deletions b/‎rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll‎
Lines changed: 1 addition & 19 deletions
diff --git a/‎rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll‎
Lines changed: 2 additions & 0 deletions b/‎rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll‎
Lines changed: 25 additions & 21 deletions b/‎rust/ql/lib/codeql/rust/dataflow/internal/ModelsAsData.qll‎
Lines changed: 25 additions & 21 deletions
diff --git a/‎rust/ql/test/library-tests/dataflow/local/inline-flow.expected‎
Lines changed: 26 additions & 28 deletions b/‎rust/ql/test/library-tests/dataflow/local/inline-flow.expected‎
Lines changed: 26 additions & 28 deletions
@@ -17,9 +17,13 @@ module SummarizedCallable {
     Range() { any() }
 
     override predicate propagatesFlow(
-      string input, string output, boolean preservesValue, string model
+      string input, string output, boolean preservesValue, Provenance p, boolean isExact,
+      string model
     ) {
-      this.propagatesFlow(input, output, preservesValue) and model = ""
+      this.propagatesFlow(input, output, preservesValue) and
+      p = "manual" and
+      isExact = true and
+      model = ""
     }
 
     /**
 
@@ -443,25 +443,7 @@ module RustDataFlow implements InputSig<Location> {
     exists(Call c | c = call.asCall() |
       result.asCfgScope() = c.getARuntimeTarget()
       or
-      exists(SummarizedCallable sc, Function staticTarget |
-        staticTarget = getStaticTargetExt(c) and
-        sc = result.asSummarizedCallable() and
-        // Only use summarized callables with generated summaries in case
-        // the static call target is not in the source code.
-        // Note that if `applyGeneratedModel` holds it implies that there doesn't
-        // exist a manual model.
-        not (
-          staticTarget.fromSource() and
-          sc.applyGeneratedModel()
-        )
-      |
-        sc = staticTarget
-        or
-        // only apply trait models to concrete implementations when they are not
-        // defined in source code
-        staticTarget.implements(sc) and
-        not staticTarget.fromSource()
-      )
+      result.asSummarizedCallable() = getStaticTargetExt(c)
     )
   }
 
 
@@ -30,6 +30,8 @@ module Input implements InputSig<Location, RustDataFlow> {
 
   class SummarizedCallableBase = Function;
 
+  predicate allowGeneratedSummary(SummarizedCallableBase c) { not c.fromSource() }
+
   abstract private class SourceSinkBase extends AstNode {
     /** Gets the associated call. */
     abstract Call getCall();
 
@@ -112,33 +112,37 @@ predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) {
 }
 
 private class SummarizedCallableFromModel extends SummarizedCallable::Range {
-  private string path;
+  string input_;
+  string output_;
+  string kind;
+  Provenance p_;
+  boolean isExact_;
+  QlBuiltins::ExtensionId madId;
 
   SummarizedCallableFromModel() {
-    summaryModel(path, _, _, _, _, _) and
-    this.getCanonicalPath() = path
-  }
-
-  override predicate hasProvenance(Provenance provenance) {
-    summaryModel(path, _, _, _, provenance, _)
+    exists(string path, Function f |
+      summaryModel(path, input_, output_, kind, p_, madId) and
+      f.getCanonicalPath() = path
+    |
+      this = f and isExact_ = true
+      or
+      // only apply trait models to concrete implementations when they are not
+      // defined in source code
+      this.implements(f) and
+      isExact_ = false and
+      not this.fromSource()
+    )
   }
 
-  private predicate hasManualModel() { summaryModel(path, _, _, _, "manual", _) }
-
   override predicate propagatesFlow(
-    string input, string output, boolean preservesValue, string model
+    string input, string output, boolean preservesValue, Provenance p, boolean isExact, string model
   ) {
-    exists(string kind, string provenance, QlBuiltins::ExtensionId madId |
-      summaryModel(path, input, output, kind, provenance, madId) and
-      model = "MaD:" + madId.toString() and
-      (provenance = "manual" or not this.hasManualModel())
-    |
-      kind = "value" and
-      preservesValue = true
-      or
-      kind = "taint" and
-      preservesValue = false
-    )
+    input = input_ and
+    output = output_ and
+    (if kind = "value" then preservesValue = true else preservesValue = false) and
+    p = p_ and
+    isExact = isExact_ and
+    model = "MaD:" + madId.toString()
   }
 }
 
 
@@ -5,18 +5,17 @@ models
 | 4 | Summary: <_ as core::ops::index::Index>::index; Argument[self].Reference.Element; ReturnValue.Reference; value |
 | 5 | Summary: <alloc::boxed::Box as core::ops::deref::Deref>::deref; Argument[self].Reference.Field[alloc::boxed::Box(0)]; ReturnValue.Reference; value |
 | 6 | Summary: <alloc::boxed::Box>::new; Argument[0]; ReturnValue.Field[alloc::boxed::Box(0)]; value |
-| 7 | Summary: <core::i64 as core::convert::From>::from; Argument[0]; ReturnValue; taint |
-| 8 | Summary: <core::option::Option>::unwrap; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
-| 9 | Summary: <core::option::Option>::unwrap_or; Argument[0]; ReturnValue; value |
-| 10 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
-| 11 | Summary: <core::option::Option>::unwrap_or_else; Argument[0].ReturnValue; ReturnValue; value |
-| 12 | Summary: <core::option::Option>::unwrap_or_else; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
-| 13 | Summary: <core::result::Result>::err; Argument[self].Field[core::result::Result::Err(0)]; ReturnValue.Field[core::option::Option::Some(0)]; value |
-| 14 | Summary: <core::result::Result>::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 15 | Summary: <core::result::Result>::expect_err; Argument[self].Field[core::result::Result::Err(0)]; ReturnValue; value |
-| 16 | Summary: <core::result::Result>::ok; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue.Field[core::option::Option::Some(0)]; value |
-| 17 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
-| 18 | Summary: <core::str>::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
+| 7 | Summary: <core::option::Option>::unwrap; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
+| 8 | Summary: <core::option::Option>::unwrap_or; Argument[0]; ReturnValue; value |
+| 9 | Summary: <core::option::Option>::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
+| 10 | Summary: <core::option::Option>::unwrap_or_else; Argument[0].ReturnValue; ReturnValue; value |
+| 11 | Summary: <core::option::Option>::unwrap_or_else; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value |
+| 12 | Summary: <core::result::Result>::err; Argument[self].Field[core::result::Result::Err(0)]; ReturnValue.Field[core::option::Option::Some(0)]; value |
+| 13 | Summary: <core::result::Result>::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
+| 14 | Summary: <core::result::Result>::expect_err; Argument[self].Field[core::result::Result::Err(0)]; ReturnValue; value |
+| 15 | Summary: <core::result::Result>::ok; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue.Field[core::option::Option::Some(0)]; value |
+| 16 | Summary: <core::result::Result>::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value |
+| 17 | Summary: <core::str>::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint |
 edges
 | main.rs:23:9:23:9 | s | main.rs:24:10:24:10 | s | provenance |  |
 | main.rs:23:9:23:9 | s | main.rs:26:12:26:12 | x | provenance |  |
@@ -128,17 +127,17 @@ edges
 | main.rs:278:9:278:10 | s1 [Some] | main.rs:279:10:279:11 | s1 [Some] | provenance |  |
 | main.rs:278:14:278:29 | Some(...) [Some] | main.rs:278:9:278:10 | s1 [Some] | provenance |  |
 | main.rs:278:19:278:28 | source(...) | main.rs:278:14:278:29 | Some(...) [Some] | provenance |  |
-| main.rs:279:10:279:11 | s1 [Some] | main.rs:279:10:279:20 | s1.unwrap() | provenance | MaD:8 |
+| main.rs:279:10:279:11 | s1 [Some] | main.rs:279:10:279:20 | s1.unwrap() | provenance | MaD:7 |
 | main.rs:283:9:283:10 | s1 [Some] | main.rs:284:10:284:11 | s1 [Some] | provenance |  |
 | main.rs:283:14:283:29 | Some(...) [Some] | main.rs:283:9:283:10 | s1 [Some] | provenance |  |
 | main.rs:283:19:283:28 | source(...) | main.rs:283:14:283:29 | Some(...) [Some] | provenance |  |
-| main.rs:284:10:284:11 | s1 [Some] | main.rs:284:10:284:24 | s1.unwrap_or(...) | provenance | MaD:10 |
-| main.rs:287:23:287:32 | source(...) | main.rs:287:10:287:33 | s2.unwrap_or(...) | provenance | MaD:9 |
+| main.rs:284:10:284:11 | s1 [Some] | main.rs:284:10:284:24 | s1.unwrap_or(...) | provenance | MaD:9 |
+| main.rs:287:23:287:32 | source(...) | main.rs:287:10:287:33 | s2.unwrap_or(...) | provenance | MaD:8 |
 | main.rs:291:9:291:10 | s1 [Some] | main.rs:292:10:292:11 | s1 [Some] | provenance |  |
 | main.rs:291:14:291:29 | Some(...) [Some] | main.rs:291:9:291:10 | s1 [Some] | provenance |  |
 | main.rs:291:19:291:28 | source(...) | main.rs:291:14:291:29 | Some(...) [Some] | provenance |  |
-| main.rs:292:10:292:11 | s1 [Some] | main.rs:292:10:292:32 | s1.unwrap_or_else(...) | provenance | MaD:12 |
-| main.rs:295:31:295:40 | source(...) | main.rs:295:10:295:41 | s2.unwrap_or_else(...) | provenance | MaD:11 |
+| main.rs:292:10:292:11 | s1 [Some] | main.rs:292:10:292:32 | s1.unwrap_or_else(...) | provenance | MaD:11 |
+| main.rs:295:31:295:40 | source(...) | main.rs:295:10:295:41 | s2.unwrap_or_else(...) | provenance | MaD:10 |
 | main.rs:299:9:299:10 | s1 [Some] | main.rs:301:14:301:15 | s1 [Some] | provenance |  |
 | main.rs:299:14:299:29 | Some(...) [Some] | main.rs:299:9:299:10 | s1 [Some] | provenance |  |
 | main.rs:299:19:299:28 | source(...) | main.rs:299:14:299:29 | Some(...) [Some] | provenance |  |
@@ -149,16 +148,16 @@ edges
 | main.rs:308:32:308:45 | Ok(...) [Ok] | main.rs:308:9:308:10 | r1 [Ok] | provenance |  |
 | main.rs:308:35:308:44 | source(...) | main.rs:308:32:308:45 | Ok(...) [Ok] | provenance |  |
 | main.rs:309:9:309:11 | o1a [Some] | main.rs:311:10:311:12 | o1a [Some] | provenance |  |
-| main.rs:309:28:309:29 | r1 [Ok] | main.rs:309:28:309:34 | r1.ok() [Some] | provenance | MaD:16 |
+| main.rs:309:28:309:29 | r1 [Ok] | main.rs:309:28:309:34 | r1.ok() [Some] | provenance | MaD:15 |
 | main.rs:309:28:309:34 | r1.ok() [Some] | main.rs:309:9:309:11 | o1a [Some] | provenance |  |
-| main.rs:311:10:311:12 | o1a [Some] | main.rs:311:10:311:21 | o1a.unwrap() | provenance | MaD:8 |
+| main.rs:311:10:311:12 | o1a [Some] | main.rs:311:10:311:21 | o1a.unwrap() | provenance | MaD:7 |
 | main.rs:314:9:314:10 | r2 [Err] | main.rs:316:28:316:29 | r2 [Err] | provenance |  |
 | main.rs:314:32:314:46 | Err(...) [Err] | main.rs:314:9:314:10 | r2 [Err] | provenance |  |
 | main.rs:314:36:314:45 | source(...) | main.rs:314:32:314:46 | Err(...) [Err] | provenance |  |
 | main.rs:316:9:316:11 | o2b [Some] | main.rs:318:10:318:12 | o2b [Some] | provenance |  |
-| main.rs:316:28:316:29 | r2 [Err] | main.rs:316:28:316:35 | r2.err() [Some] | provenance | MaD:13 |
+| main.rs:316:28:316:29 | r2 [Err] | main.rs:316:28:316:35 | r2.err() [Some] | provenance | MaD:12 |
 | main.rs:316:28:316:35 | r2.err() [Some] | main.rs:316:9:316:11 | o2b [Some] | provenance |  |
-| main.rs:318:10:318:12 | o2b [Some] | main.rs:318:10:318:21 | o2b.unwrap() | provenance | MaD:8 |
+| main.rs:318:10:318:12 | o2b [Some] | main.rs:318:10:318:21 | o2b.unwrap() | provenance | MaD:7 |
 | main.rs:322:9:322:10 | s1 [Ok] | main.rs:325:14:325:15 | s1 [Ok] | provenance |  |
 | main.rs:322:32:322:45 | Ok(...) [Ok] | main.rs:322:9:322:10 | s1 [Ok] | provenance |  |
 | main.rs:322:35:322:44 | source(...) | main.rs:322:32:322:45 | Ok(...) [Ok] | provenance |  |
@@ -168,11 +167,11 @@ edges
 | main.rs:335:9:335:10 | s1 [Ok] | main.rs:336:10:336:11 | s1 [Ok] | provenance |  |
 | main.rs:335:32:335:45 | Ok(...) [Ok] | main.rs:335:9:335:10 | s1 [Ok] | provenance |  |
 | main.rs:335:35:335:44 | source(...) | main.rs:335:32:335:45 | Ok(...) [Ok] | provenance |  |
-| main.rs:336:10:336:11 | s1 [Ok] | main.rs:336:10:336:22 | s1.expect(...) | provenance | MaD:14 |
+| main.rs:336:10:336:11 | s1 [Ok] | main.rs:336:10:336:22 | s1.expect(...) | provenance | MaD:13 |
 | main.rs:339:9:339:10 | s2 [Err] | main.rs:341:10:341:11 | s2 [Err] | provenance |  |
 | main.rs:339:32:339:46 | Err(...) [Err] | main.rs:339:9:339:10 | s2 [Err] | provenance |  |
 | main.rs:339:36:339:45 | source(...) | main.rs:339:32:339:46 | Err(...) [Err] | provenance |  |
-| main.rs:341:10:341:11 | s2 [Err] | main.rs:341:10:341:26 | s2.expect_err(...) | provenance | MaD:15 |
+| main.rs:341:10:341:11 | s2 [Err] | main.rs:341:10:341:26 | s2.expect_err(...) | provenance | MaD:14 |
 | main.rs:350:9:350:10 | s1 [A] | main.rs:352:11:352:12 | s1 [A] | provenance |  |
 | main.rs:350:14:350:39 | ...::A(...) [A] | main.rs:350:9:350:10 | s1 [A] | provenance |  |
 | main.rs:350:29:350:38 | source(...) | main.rs:350:14:350:39 | ...::A(...) [A] | provenance |  |
@@ -262,12 +261,12 @@ edges
 | main.rs:506:13:506:13 | a | main.rs:506:13:506:25 | a.to_string() | provenance | MaD:2 |
 | main.rs:506:13:506:25 | a.to_string() | main.rs:506:9:506:9 | b | provenance |  |
 | main.rs:507:9:507:9 | c | main.rs:512:10:512:10 | c | provenance |  |
-| main.rs:507:13:507:13 | b | main.rs:507:13:507:28 | b.parse() [Ok] | provenance | MaD:18 |
-| main.rs:507:13:507:28 | b.parse() [Ok] | main.rs:507:13:507:37 | ... .unwrap() | provenance | MaD:17 |
+| main.rs:507:13:507:13 | b | main.rs:507:13:507:28 | b.parse() [Ok] | provenance | MaD:17 |
+| main.rs:507:13:507:28 | b.parse() [Ok] | main.rs:507:13:507:37 | ... .unwrap() | provenance | MaD:16 |
 | main.rs:507:13:507:37 | ... .unwrap() | main.rs:507:9:507:9 | c | provenance |  |
 | main.rs:508:9:508:9 | d | main.rs:513:10:513:10 | d | provenance |  |
-| main.rs:508:18:508:18 | b | main.rs:508:18:508:26 | b.parse() [Ok] | provenance | MaD:18 |
-| main.rs:508:18:508:26 | b.parse() [Ok] | main.rs:508:18:508:35 | ... .unwrap() | provenance | MaD:17 |
+| main.rs:508:18:508:18 | b | main.rs:508:18:508:26 | b.parse() [Ok] | provenance | MaD:17 |
+| main.rs:508:18:508:26 | b.parse() [Ok] | main.rs:508:18:508:35 | ... .unwrap() | provenance | MaD:16 |
 | main.rs:508:18:508:35 | ... .unwrap() | main.rs:508:9:508:9 | d | provenance |  |
 | main.rs:517:9:517:10 | vs [element] | main.rs:519:10:519:11 | vs [element] | provenance |  |
 | main.rs:517:9:517:10 | vs [element] | main.rs:523:14:523:15 | vs [element] | provenance |  |
@@ -298,7 +297,6 @@ edges
 | main.rs:572:9:572:9 | b | main.rs:576:20:576:20 | b | provenance |  |
 | main.rs:572:18:572:27 | source(...) | main.rs:572:9:572:9 | b | provenance |  |
 | main.rs:576:20:576:20 | b | main.rs:576:10:576:21 | ...::from(...) | provenance | MaD:3 |
-| main.rs:576:20:576:20 | b | main.rs:576:10:576:21 | ...::from(...) | provenance | MaD:7 |
 nodes
 | main.rs:19:10:19:18 | source(...) | semmle.label | source(...) |
 | main.rs:23:9:23:9 | s | semmle.label | s |