2022-11-17 14:14:03 +00:00
|
|
|
use std::ops::ControlFlow;
|
|
|
|
|
2022-04-07 17:39:59 +00:00
|
|
|
use clippy_utils::diagnostics::span_lint_and_help;
|
|
|
|
use clippy_utils::source::walk_span_to_context;
|
2022-11-17 14:14:03 +00:00
|
|
|
use clippy_utils::visitors::{for_each_expr_with_closures, Descend};
|
2022-05-21 11:24:00 +00:00
|
|
|
use clippy_utils::{get_parent_node, is_lint_allowed};
|
2022-11-17 14:14:03 +00:00
|
|
|
use hir::HirId;
|
2022-04-07 17:39:59 +00:00
|
|
|
use rustc_data_structures::sync::Lrc;
|
2022-05-21 11:24:00 +00:00
|
|
|
use rustc_hir as hir;
|
|
|
|
use rustc_hir::{Block, BlockCheckMode, ItemKind, Node, UnsafeSource};
|
2022-04-07 17:39:59 +00:00
|
|
|
use rustc_lexer::{tokenize, TokenKind};
|
|
|
|
use rustc_lint::{LateContext, LateLintPass, LintContext};
|
2021-10-21 11:11:36 +00:00
|
|
|
use rustc_middle::lint::in_external_macro;
|
2022-04-07 17:39:59 +00:00
|
|
|
use rustc_session::{declare_lint_pass, declare_tool_lint};
|
2022-05-21 11:24:00 +00:00
|
|
|
use rustc_span::{BytePos, Pos, Span, SyntaxContext};
|
2021-10-21 11:11:36 +00:00
|
|
|
|
|
|
|
declare_clippy_lint! {
|
|
|
|
/// ### What it does
|
2022-05-21 11:24:00 +00:00
|
|
|
/// Checks for `unsafe` blocks and impls without a `// SAFETY: ` comment
|
2021-10-21 11:11:36 +00:00
|
|
|
/// explaining why the unsafe operations performed inside
|
|
|
|
/// the block are safe.
|
|
|
|
///
|
2022-04-07 17:39:59 +00:00
|
|
|
/// Note the comment must appear on the line(s) preceding the unsafe block
|
|
|
|
/// with nothing appearing in between. The following is ok:
|
|
|
|
/// ```ignore
|
|
|
|
/// foo(
|
|
|
|
/// // SAFETY:
|
|
|
|
/// // This is a valid safety comment
|
|
|
|
/// unsafe { *x }
|
|
|
|
/// )
|
|
|
|
/// ```
|
|
|
|
/// But neither of these are:
|
|
|
|
/// ```ignore
|
|
|
|
/// // SAFETY:
|
|
|
|
/// // This is not a valid safety comment
|
|
|
|
/// foo(
|
|
|
|
/// /* SAFETY: Neither is this */ unsafe { *x },
|
|
|
|
/// );
|
|
|
|
/// ```
|
|
|
|
///
|
2021-10-21 11:11:36 +00:00
|
|
|
/// ### Why is this bad?
|
2022-05-21 11:24:00 +00:00
|
|
|
/// Undocumented unsafe blocks and impls can make it difficult to
|
2021-10-21 11:11:36 +00:00
|
|
|
/// read and maintain code, as well as uncover unsoundness
|
|
|
|
/// and bugs.
|
|
|
|
///
|
|
|
|
/// ### Example
|
|
|
|
/// ```rust
|
|
|
|
/// use std::ptr::NonNull;
|
|
|
|
/// let a = &mut 42;
|
|
|
|
///
|
|
|
|
/// let ptr = unsafe { NonNull::new_unchecked(a) };
|
|
|
|
/// ```
|
|
|
|
/// Use instead:
|
|
|
|
/// ```rust
|
|
|
|
/// use std::ptr::NonNull;
|
|
|
|
/// let a = &mut 42;
|
|
|
|
///
|
2021-12-30 14:10:43 +00:00
|
|
|
/// // SAFETY: references are guaranteed to be non-null.
|
2021-10-21 11:11:36 +00:00
|
|
|
/// let ptr = unsafe { NonNull::new_unchecked(a) };
|
|
|
|
/// ```
|
2021-12-06 11:33:31 +00:00
|
|
|
#[clippy::version = "1.58.0"]
|
2021-10-21 11:11:36 +00:00
|
|
|
pub UNDOCUMENTED_UNSAFE_BLOCKS,
|
|
|
|
restriction,
|
|
|
|
"creating an unsafe block without explaining why it is safe"
|
|
|
|
}
|
2022-11-14 12:42:47 +00:00
|
|
|
declare_clippy_lint! {
|
|
|
|
/// ### What it does
|
|
|
|
/// Checks for `// SAFETY: ` comments on safe code.
|
|
|
|
///
|
|
|
|
/// ### Why is this bad?
|
|
|
|
/// Safe code has no safety requirements, so there is no need to
|
|
|
|
/// describe safety invariants.
|
|
|
|
///
|
|
|
|
/// ### Example
|
|
|
|
/// ```rust
|
|
|
|
/// use std::ptr::NonNull;
|
|
|
|
/// let a = &mut 42;
|
|
|
|
///
|
|
|
|
/// // SAFETY: references are guaranteed to be non-null.
|
|
|
|
/// let ptr = NonNull::new(a).unwrap();
|
|
|
|
/// ```
|
|
|
|
/// Use instead:
|
|
|
|
/// ```rust
|
|
|
|
/// use std::ptr::NonNull;
|
|
|
|
/// let a = &mut 42;
|
|
|
|
///
|
|
|
|
/// let ptr = NonNull::new(a).unwrap();
|
|
|
|
/// ```
|
2022-11-17 10:00:51 +00:00
|
|
|
#[clippy::version = "1.67.0"]
|
2022-11-14 12:42:47 +00:00
|
|
|
pub UNNECESSARY_SAFETY_COMMENT,
|
|
|
|
restriction,
|
2022-11-24 08:47:50 +00:00
|
|
|
"annotating safe code with a safety comment"
|
2022-11-14 12:42:47 +00:00
|
|
|
}
|
2021-10-21 11:11:36 +00:00
|
|
|
|
2022-11-14 12:42:47 +00:00
|
|
|
declare_lint_pass!(UndocumentedUnsafeBlocks => [UNDOCUMENTED_UNSAFE_BLOCKS, UNNECESSARY_SAFETY_COMMENT]);
|
2021-10-21 11:11:36 +00:00
|
|
|
|
2022-11-17 14:14:03 +00:00
|
|
|
impl<'tcx> LateLintPass<'tcx> for UndocumentedUnsafeBlocks {
|
|
|
|
fn check_block(&mut self, cx: &LateContext<'tcx>, block: &'tcx Block<'tcx>) {
|
2022-04-07 17:39:59 +00:00
|
|
|
if block.rules == BlockCheckMode::UnsafeBlock(UnsafeSource::UserProvided)
|
|
|
|
&& !in_external_macro(cx.tcx.sess, block.span)
|
|
|
|
&& !is_lint_allowed(cx, UNDOCUMENTED_UNSAFE_BLOCKS, block.hir_id)
|
2022-05-21 11:24:00 +00:00
|
|
|
&& !is_unsafe_from_proc_macro(cx, block.span)
|
2022-10-14 14:07:22 +00:00
|
|
|
&& !block_has_safety_comment(cx, block.span)
|
|
|
|
&& !block_parents_have_safety_comment(cx, block.hir_id)
|
2022-04-07 17:39:59 +00:00
|
|
|
{
|
|
|
|
let source_map = cx.tcx.sess.source_map();
|
|
|
|
let span = if source_map.is_multiline(block.span) {
|
|
|
|
source_map.span_until_char(block.span, '\n')
|
|
|
|
} else {
|
|
|
|
block.span
|
|
|
|
};
|
2021-10-21 11:11:36 +00:00
|
|
|
|
2022-04-07 17:39:59 +00:00
|
|
|
span_lint_and_help(
|
|
|
|
cx,
|
|
|
|
UNDOCUMENTED_UNSAFE_BLOCKS,
|
|
|
|
span,
|
|
|
|
"unsafe block missing a safety comment",
|
|
|
|
None,
|
|
|
|
"consider adding a safety comment on the preceding line",
|
|
|
|
);
|
2021-10-21 11:11:36 +00:00
|
|
|
}
|
2022-11-17 14:14:03 +00:00
|
|
|
|
|
|
|
if let Some(tail) = block.expr
|
|
|
|
&& !is_lint_allowed(cx, UNNECESSARY_SAFETY_COMMENT, tail.hir_id)
|
|
|
|
&& !in_external_macro(cx.tcx.sess, tail.span)
|
|
|
|
&& let HasSafetyComment::Yes(pos) = stmt_has_safety_comment(cx, tail.span, tail.hir_id)
|
|
|
|
&& let Some(help_span) = expr_has_unnecessary_safety_comment(cx, tail, pos)
|
|
|
|
{
|
|
|
|
span_lint_and_help(
|
|
|
|
cx,
|
|
|
|
UNNECESSARY_SAFETY_COMMENT,
|
|
|
|
tail.span,
|
|
|
|
"expression has unnecessary safety comment",
|
|
|
|
Some(help_span),
|
|
|
|
"consider removing the safety comment",
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
fn check_stmt(&mut self, cx: &LateContext<'tcx>, stmt: &hir::Stmt<'tcx>) {
|
2022-11-24 08:47:50 +00:00
|
|
|
let (
|
2022-11-17 14:14:03 +00:00
|
|
|
hir::StmtKind::Local(&hir::Local { init: Some(expr), .. })
|
|
|
|
| hir::StmtKind::Expr(expr)
|
2022-11-24 08:47:50 +00:00
|
|
|
| hir::StmtKind::Semi(expr)
|
|
|
|
) = stmt.kind else { return };
|
2022-11-17 14:14:03 +00:00
|
|
|
if !is_lint_allowed(cx, UNNECESSARY_SAFETY_COMMENT, stmt.hir_id)
|
|
|
|
&& !in_external_macro(cx.tcx.sess, stmt.span)
|
|
|
|
&& let HasSafetyComment::Yes(pos) = stmt_has_safety_comment(cx, stmt.span, stmt.hir_id)
|
|
|
|
&& let Some(help_span) = expr_has_unnecessary_safety_comment(cx, expr, pos)
|
|
|
|
{
|
|
|
|
span_lint_and_help(
|
|
|
|
cx,
|
|
|
|
UNNECESSARY_SAFETY_COMMENT,
|
|
|
|
stmt.span,
|
|
|
|
"statement has unnecessary safety comment",
|
|
|
|
Some(help_span),
|
|
|
|
"consider removing the safety comment",
|
|
|
|
);
|
|
|
|
}
|
2021-10-21 11:11:36 +00:00
|
|
|
}
|
2022-05-21 11:24:00 +00:00
|
|
|
|
|
|
|
fn check_item(&mut self, cx: &LateContext<'_>, item: &hir::Item<'_>) {
|
2022-11-14 12:42:47 +00:00
|
|
|
if in_external_macro(cx.tcx.sess, item.span) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
let mk_spans = |pos: BytePos| {
|
2022-05-21 11:24:00 +00:00
|
|
|
let source_map = cx.tcx.sess.source_map();
|
2022-11-14 12:42:47 +00:00
|
|
|
let span = Span::new(pos, pos, SyntaxContext::root(), None);
|
|
|
|
let help_span = source_map.span_extend_to_next_char(span, '\n', true);
|
2022-05-21 11:24:00 +00:00
|
|
|
let span = if source_map.is_multiline(item.span) {
|
|
|
|
source_map.span_until_char(item.span, '\n')
|
|
|
|
} else {
|
|
|
|
item.span
|
|
|
|
};
|
2022-11-14 12:42:47 +00:00
|
|
|
(span, help_span)
|
|
|
|
};
|
2022-05-21 11:24:00 +00:00
|
|
|
|
2022-11-14 12:42:47 +00:00
|
|
|
let item_has_safety_comment = item_has_safety_comment(cx, item);
|
|
|
|
match (&item.kind, item_has_safety_comment) {
|
2022-11-17 10:00:51 +00:00
|
|
|
// lint unsafe impl without safety comment
|
2022-11-14 12:42:47 +00:00
|
|
|
(hir::ItemKind::Impl(impl_), HasSafetyComment::No) if impl_.unsafety == hir::Unsafety::Unsafe => {
|
|
|
|
if !is_lint_allowed(cx, UNDOCUMENTED_UNSAFE_BLOCKS, item.hir_id())
|
|
|
|
&& !is_unsafe_from_proc_macro(cx, item.span)
|
|
|
|
{
|
|
|
|
let source_map = cx.tcx.sess.source_map();
|
|
|
|
let span = if source_map.is_multiline(item.span) {
|
|
|
|
source_map.span_until_char(item.span, '\n')
|
|
|
|
} else {
|
|
|
|
item.span
|
|
|
|
};
|
|
|
|
|
|
|
|
span_lint_and_help(
|
|
|
|
cx,
|
|
|
|
UNDOCUMENTED_UNSAFE_BLOCKS,
|
|
|
|
span,
|
|
|
|
"unsafe impl missing a safety comment",
|
|
|
|
None,
|
|
|
|
"consider adding a safety comment on the preceding line",
|
|
|
|
);
|
|
|
|
}
|
|
|
|
},
|
2022-11-17 10:00:51 +00:00
|
|
|
// lint safe impl with unnecessary safety comment
|
2022-11-14 12:42:47 +00:00
|
|
|
(hir::ItemKind::Impl(impl_), HasSafetyComment::Yes(pos)) if impl_.unsafety == hir::Unsafety::Normal => {
|
|
|
|
if !is_lint_allowed(cx, UNNECESSARY_SAFETY_COMMENT, item.hir_id()) {
|
|
|
|
let (span, help_span) = mk_spans(pos);
|
|
|
|
|
|
|
|
span_lint_and_help(
|
|
|
|
cx,
|
|
|
|
UNNECESSARY_SAFETY_COMMENT,
|
|
|
|
span,
|
|
|
|
"impl has unnecessary safety comment",
|
|
|
|
Some(help_span),
|
|
|
|
"consider removing the safety comment",
|
|
|
|
);
|
|
|
|
}
|
|
|
|
},
|
|
|
|
(hir::ItemKind::Impl(_), _) => {},
|
2022-11-17 10:00:51 +00:00
|
|
|
// const and static items only need a safety comment if their body is an unsafe block, lint otherwise
|
2022-11-14 12:42:47 +00:00
|
|
|
(&hir::ItemKind::Const(.., body) | &hir::ItemKind::Static(.., body), HasSafetyComment::Yes(pos)) => {
|
|
|
|
if !is_lint_allowed(cx, UNNECESSARY_SAFETY_COMMENT, body.hir_id) {
|
|
|
|
let body = cx.tcx.hir().body(body);
|
|
|
|
if !matches!(
|
|
|
|
body.value.kind, hir::ExprKind::Block(block, _)
|
|
|
|
if block.rules == BlockCheckMode::UnsafeBlock(UnsafeSource::UserProvided)
|
|
|
|
) {
|
|
|
|
let (span, help_span) = mk_spans(pos);
|
|
|
|
|
|
|
|
span_lint_and_help(
|
|
|
|
cx,
|
|
|
|
UNNECESSARY_SAFETY_COMMENT,
|
|
|
|
span,
|
|
|
|
&format!("{} has unnecessary safety comment", item.kind.descr()),
|
|
|
|
Some(help_span),
|
|
|
|
"consider removing the safety comment",
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
2022-11-17 10:00:51 +00:00
|
|
|
// Aside from unsafe impls and consts/statics with an unsafe block, items in general
|
|
|
|
// do not have safety invariants that need to be documented, so lint those.
|
2022-11-14 12:42:47 +00:00
|
|
|
(_, HasSafetyComment::Yes(pos)) => {
|
|
|
|
if !is_lint_allowed(cx, UNNECESSARY_SAFETY_COMMENT, item.hir_id()) {
|
|
|
|
let (span, help_span) = mk_spans(pos);
|
|
|
|
|
|
|
|
span_lint_and_help(
|
|
|
|
cx,
|
|
|
|
UNNECESSARY_SAFETY_COMMENT,
|
|
|
|
span,
|
|
|
|
&format!("{} has unnecessary safety comment", item.kind.descr()),
|
|
|
|
Some(help_span),
|
|
|
|
"consider removing the safety comment",
|
|
|
|
);
|
|
|
|
}
|
|
|
|
},
|
|
|
|
_ => (),
|
2022-05-21 11:24:00 +00:00
|
|
|
}
|
|
|
|
}
|
2022-04-07 17:39:59 +00:00
|
|
|
}
|
2021-10-21 11:11:36 +00:00
|
|
|
|
2022-11-17 14:14:03 +00:00
|
|
|
fn expr_has_unnecessary_safety_comment<'tcx>(
|
|
|
|
cx: &LateContext<'tcx>,
|
|
|
|
expr: &'tcx hir::Expr<'tcx>,
|
|
|
|
comment_pos: BytePos,
|
|
|
|
) -> Option<Span> {
|
|
|
|
// this should roughly be the reverse of `block_parents_have_safety_comment`
|
|
|
|
if for_each_expr_with_closures(cx, expr, |expr| match expr.kind {
|
|
|
|
hir::ExprKind::Block(
|
|
|
|
Block {
|
|
|
|
rules: BlockCheckMode::UnsafeBlock(UnsafeSource::UserProvided),
|
|
|
|
..
|
|
|
|
},
|
|
|
|
_,
|
|
|
|
) => ControlFlow::Break(()),
|
|
|
|
// statements will be handled by check_stmt itself again
|
|
|
|
hir::ExprKind::Block(..) => ControlFlow::Continue(Descend::No),
|
|
|
|
_ => ControlFlow::Continue(Descend::Yes),
|
|
|
|
})
|
|
|
|
.is_some()
|
|
|
|
{
|
|
|
|
return None;
|
|
|
|
}
|
|
|
|
|
|
|
|
let source_map = cx.tcx.sess.source_map();
|
|
|
|
let span = Span::new(comment_pos, comment_pos, SyntaxContext::root(), None);
|
|
|
|
let help_span = source_map.span_extend_to_next_char(span, '\n', true);
|
|
|
|
|
|
|
|
Some(help_span)
|
|
|
|
}
|
|
|
|
|
2022-05-21 11:24:00 +00:00
|
|
|
fn is_unsafe_from_proc_macro(cx: &LateContext<'_>, span: Span) -> bool {
|
2022-04-07 17:39:59 +00:00
|
|
|
let source_map = cx.sess().source_map();
|
2022-05-21 11:24:00 +00:00
|
|
|
let file_pos = source_map.lookup_byte_offset(span.lo());
|
2022-04-07 17:39:59 +00:00
|
|
|
file_pos
|
|
|
|
.sf
|
|
|
|
.src
|
|
|
|
.as_deref()
|
|
|
|
.and_then(|src| src.get(file_pos.pos.to_usize()..))
|
|
|
|
.map_or(true, |src| !src.starts_with("unsafe"))
|
2021-10-21 11:11:36 +00:00
|
|
|
}
|
|
|
|
|
2022-10-14 14:07:22 +00:00
|
|
|
// Checks if any parent {expression, statement, block, local, const, static}
|
|
|
|
// has a safety comment
|
|
|
|
fn block_parents_have_safety_comment(cx: &LateContext<'_>, id: hir::HirId) -> bool {
|
|
|
|
if let Some(node) = get_parent_node(cx.tcx, id) {
|
|
|
|
return match node {
|
|
|
|
Node::Expr(expr) => !is_branchy(expr) && span_in_body_has_safety_comment(cx, expr.span),
|
|
|
|
Node::Stmt(hir::Stmt {
|
|
|
|
kind:
|
|
|
|
hir::StmtKind::Local(hir::Local { span, .. })
|
|
|
|
| hir::StmtKind::Expr(hir::Expr { span, .. })
|
|
|
|
| hir::StmtKind::Semi(hir::Expr { span, .. }),
|
|
|
|
..
|
|
|
|
})
|
|
|
|
| Node::Local(hir::Local { span, .. })
|
|
|
|
| Node::Item(hir::Item {
|
|
|
|
kind: hir::ItemKind::Const(..) | ItemKind::Static(..),
|
|
|
|
span,
|
|
|
|
..
|
|
|
|
}) => span_in_body_has_safety_comment(cx, *span),
|
|
|
|
_ => false,
|
|
|
|
};
|
|
|
|
}
|
|
|
|
false
|
|
|
|
}
|
|
|
|
|
|
|
|
/// Checks if an expression is "branchy", e.g. loop, match/if/etc.
|
|
|
|
fn is_branchy(expr: &hir::Expr<'_>) -> bool {
|
|
|
|
matches!(
|
|
|
|
expr.kind,
|
|
|
|
hir::ExprKind::If(..) | hir::ExprKind::Loop(..) | hir::ExprKind::Match(..)
|
|
|
|
)
|
|
|
|
}
|
|
|
|
|
2022-04-07 17:39:59 +00:00
|
|
|
/// Checks if the lines immediately preceding the block contain a safety comment.
|
2022-10-14 14:07:22 +00:00
|
|
|
fn block_has_safety_comment(cx: &LateContext<'_>, span: Span) -> bool {
|
2022-04-07 17:39:59 +00:00
|
|
|
// This intentionally ignores text before the start of a function so something like:
|
|
|
|
// ```
|
|
|
|
// // SAFETY: reason
|
|
|
|
// fn foo() { unsafe { .. } }
|
|
|
|
// ```
|
|
|
|
// won't work. This is to avoid dealing with where such a comment should be place relative to
|
|
|
|
// attributes and doc comments.
|
|
|
|
|
2022-11-14 12:42:47 +00:00
|
|
|
matches!(
|
|
|
|
span_from_macro_expansion_has_safety_comment(cx, span),
|
|
|
|
HasSafetyComment::Yes(_)
|
|
|
|
) || span_in_body_has_safety_comment(cx, span)
|
|
|
|
}
|
|
|
|
|
|
|
|
enum HasSafetyComment {
|
|
|
|
Yes(BytePos),
|
|
|
|
No,
|
|
|
|
Maybe,
|
2022-05-21 11:24:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Checks if the lines immediately preceding the item contain a safety comment.
|
|
|
|
#[allow(clippy::collapsible_match)]
|
2022-11-14 12:42:47 +00:00
|
|
|
fn item_has_safety_comment(cx: &LateContext<'_>, item: &hir::Item<'_>) -> HasSafetyComment {
|
|
|
|
match span_from_macro_expansion_has_safety_comment(cx, item.span) {
|
|
|
|
HasSafetyComment::Maybe => (),
|
|
|
|
has_safety_comment => return has_safety_comment,
|
2022-05-21 11:24:00 +00:00
|
|
|
}
|
|
|
|
|
2022-11-17 14:17:28 +00:00
|
|
|
if item.span.ctxt() != SyntaxContext::root() {
|
|
|
|
return HasSafetyComment::No;
|
|
|
|
}
|
|
|
|
if let Some(parent_node) = get_parent_node(cx.tcx, item.hir_id()) {
|
|
|
|
let comment_start = match parent_node {
|
|
|
|
Node::Crate(parent_mod) => {
|
|
|
|
comment_start_before_item_in_mod(cx, parent_mod, parent_mod.spans.inner_span, item)
|
|
|
|
},
|
|
|
|
Node::Item(parent_item) => {
|
|
|
|
if let ItemKind::Mod(parent_mod) = &parent_item.kind {
|
|
|
|
comment_start_before_item_in_mod(cx, parent_mod, parent_item.span, item)
|
|
|
|
} else {
|
2022-05-21 11:24:00 +00:00
|
|
|
// Doesn't support impls in this position. Pretend a comment was found.
|
2022-11-14 12:42:47 +00:00
|
|
|
return HasSafetyComment::Maybe;
|
2022-11-17 14:17:28 +00:00
|
|
|
}
|
|
|
|
},
|
|
|
|
Node::Stmt(stmt) => {
|
|
|
|
if let Some(Node::Block(block)) = get_parent_node(cx.tcx, stmt.hir_id) {
|
|
|
|
walk_span_to_context(block.span, SyntaxContext::root()).map(Span::lo)
|
|
|
|
} else {
|
|
|
|
// Problem getting the parent node. Pretend a comment was found.
|
|
|
|
return HasSafetyComment::Maybe;
|
|
|
|
}
|
|
|
|
},
|
|
|
|
_ => {
|
|
|
|
// Doesn't support impls in this position. Pretend a comment was found.
|
|
|
|
return HasSafetyComment::Maybe;
|
|
|
|
},
|
|
|
|
};
|
2022-05-21 11:24:00 +00:00
|
|
|
|
2022-11-17 14:17:28 +00:00
|
|
|
let source_map = cx.sess().source_map();
|
|
|
|
if let Some(comment_start) = comment_start
|
|
|
|
&& let Ok(unsafe_line) = source_map.lookup_line(item.span.lo())
|
|
|
|
&& let Ok(comment_start_line) = source_map.lookup_line(comment_start)
|
|
|
|
&& Lrc::ptr_eq(&unsafe_line.sf, &comment_start_line.sf)
|
|
|
|
&& let Some(src) = unsafe_line.sf.src.as_deref()
|
|
|
|
{
|
|
|
|
return unsafe_line.sf.lines(|lines| {
|
|
|
|
if comment_start_line.line >= unsafe_line.line {
|
|
|
|
HasSafetyComment::No
|
|
|
|
} else {
|
|
|
|
match text_has_safety_comment(
|
|
|
|
src,
|
|
|
|
&lines[comment_start_line.line + 1..=unsafe_line.line],
|
|
|
|
unsafe_line.sf.start_pos.to_usize(),
|
|
|
|
) {
|
|
|
|
Some(b) => HasSafetyComment::Yes(b),
|
|
|
|
None => HasSafetyComment::No,
|
2022-11-17 14:14:03 +00:00
|
|
|
}
|
2022-11-17 14:17:28 +00:00
|
|
|
}
|
|
|
|
});
|
2022-11-17 14:14:03 +00:00
|
|
|
}
|
|
|
|
}
|
2022-11-17 14:17:28 +00:00
|
|
|
HasSafetyComment::Maybe
|
2022-11-17 14:14:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/// Checks if the lines immediately preceding the item contain a safety comment.
|
|
|
|
#[allow(clippy::collapsible_match)]
|
|
|
|
fn stmt_has_safety_comment(cx: &LateContext<'_>, span: Span, hir_id: HirId) -> HasSafetyComment {
|
|
|
|
match span_from_macro_expansion_has_safety_comment(cx, span) {
|
|
|
|
HasSafetyComment::Maybe => (),
|
|
|
|
has_safety_comment => return has_safety_comment,
|
|
|
|
}
|
|
|
|
|
2022-11-17 14:17:28 +00:00
|
|
|
if span.ctxt() != SyntaxContext::root() {
|
|
|
|
return HasSafetyComment::No;
|
|
|
|
}
|
2022-11-17 14:14:03 +00:00
|
|
|
|
2022-11-17 14:17:28 +00:00
|
|
|
if let Some(parent_node) = get_parent_node(cx.tcx, hir_id) {
|
|
|
|
let comment_start = match parent_node {
|
|
|
|
Node::Block(block) => walk_span_to_context(block.span, SyntaxContext::root()).map(Span::lo),
|
|
|
|
_ => return HasSafetyComment::Maybe,
|
|
|
|
};
|
|
|
|
|
|
|
|
let source_map = cx.sess().source_map();
|
|
|
|
if let Some(comment_start) = comment_start
|
|
|
|
&& let Ok(unsafe_line) = source_map.lookup_line(span.lo())
|
|
|
|
&& let Ok(comment_start_line) = source_map.lookup_line(comment_start)
|
|
|
|
&& Lrc::ptr_eq(&unsafe_line.sf, &comment_start_line.sf)
|
|
|
|
&& let Some(src) = unsafe_line.sf.src.as_deref()
|
|
|
|
{
|
|
|
|
return unsafe_line.sf.lines(|lines| {
|
|
|
|
if comment_start_line.line >= unsafe_line.line {
|
|
|
|
HasSafetyComment::No
|
|
|
|
} else {
|
|
|
|
match text_has_safety_comment(
|
|
|
|
src,
|
|
|
|
&lines[comment_start_line.line + 1..=unsafe_line.line],
|
|
|
|
unsafe_line.sf.start_pos.to_usize(),
|
|
|
|
) {
|
|
|
|
Some(b) => HasSafetyComment::Yes(b),
|
|
|
|
None => HasSafetyComment::No,
|
2022-11-14 12:42:47 +00:00
|
|
|
}
|
2022-11-17 14:17:28 +00:00
|
|
|
}
|
|
|
|
});
|
2022-05-21 11:24:00 +00:00
|
|
|
}
|
|
|
|
}
|
2022-11-17 14:17:28 +00:00
|
|
|
HasSafetyComment::Maybe
|
2022-05-21 11:24:00 +00:00
|
|
|
}
|
|
|
|
|
2022-11-14 12:42:47 +00:00
|
|
|
fn comment_start_before_item_in_mod(
|
2022-05-21 11:24:00 +00:00
|
|
|
cx: &LateContext<'_>,
|
|
|
|
parent_mod: &hir::Mod<'_>,
|
|
|
|
parent_mod_span: Span,
|
2022-11-14 12:42:47 +00:00
|
|
|
item: &hir::Item<'_>,
|
2022-05-21 11:24:00 +00:00
|
|
|
) -> Option<BytePos> {
|
|
|
|
parent_mod.item_ids.iter().enumerate().find_map(|(idx, item_id)| {
|
2022-11-14 12:42:47 +00:00
|
|
|
if *item_id == item.item_id() {
|
2022-05-21 11:24:00 +00:00
|
|
|
if idx == 0 {
|
|
|
|
// mod A { /* comment */ unsafe impl T {} ... }
|
|
|
|
// ^------------------------------------------^ returns the start of this span
|
|
|
|
// ^---------------------^ finally checks comments in this range
|
|
|
|
if let Some(sp) = walk_span_to_context(parent_mod_span, SyntaxContext::root()) {
|
|
|
|
return Some(sp.lo());
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
// some_item /* comment */ unsafe impl T {}
|
|
|
|
// ^-------^ returns the end of this span
|
|
|
|
// ^---------------^ finally checks comments in this range
|
|
|
|
let prev_item = cx.tcx.hir().item(parent_mod.item_ids[idx - 1]);
|
|
|
|
if let Some(sp) = walk_span_to_context(prev_item.span, SyntaxContext::root()) {
|
|
|
|
return Some(sp.hi());
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
None
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2022-11-14 12:42:47 +00:00
|
|
|
fn span_from_macro_expansion_has_safety_comment(cx: &LateContext<'_>, span: Span) -> HasSafetyComment {
|
2022-04-07 17:39:59 +00:00
|
|
|
let source_map = cx.sess().source_map();
|
2022-05-21 11:24:00 +00:00
|
|
|
let ctxt = span.ctxt();
|
|
|
|
if ctxt == SyntaxContext::root() {
|
2022-11-14 12:42:47 +00:00
|
|
|
HasSafetyComment::Maybe
|
2022-05-21 11:24:00 +00:00
|
|
|
} else {
|
|
|
|
// From a macro expansion. Get the text from the start of the macro declaration to start of the
|
|
|
|
// unsafe block.
|
2022-04-07 17:39:59 +00:00
|
|
|
// macro_rules! foo { () => { stuff }; (x) => { unsafe { stuff } }; }
|
|
|
|
// ^--------------------------------------------^
|
2022-05-21 11:24:00 +00:00
|
|
|
if let Ok(unsafe_line) = source_map.lookup_line(span.lo())
|
2022-04-07 17:39:59 +00:00
|
|
|
&& let Ok(macro_line) = source_map.lookup_line(ctxt.outer_expn_data().def_site.lo())
|
|
|
|
&& Lrc::ptr_eq(&unsafe_line.sf, ¯o_line.sf)
|
|
|
|
&& let Some(src) = unsafe_line.sf.src.as_deref()
|
|
|
|
{
|
2022-05-30 05:59:45 +00:00
|
|
|
unsafe_line.sf.lines(|lines| {
|
2022-11-14 12:42:47 +00:00
|
|
|
if macro_line.line < unsafe_line.line {
|
|
|
|
match text_has_safety_comment(
|
|
|
|
src,
|
|
|
|
&lines[macro_line.line + 1..=unsafe_line.line],
|
|
|
|
unsafe_line.sf.start_pos.to_usize(),
|
|
|
|
) {
|
|
|
|
Some(b) => HasSafetyComment::Yes(b),
|
|
|
|
None => HasSafetyComment::No,
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
HasSafetyComment::No
|
|
|
|
}
|
2022-05-30 05:59:45 +00:00
|
|
|
})
|
2022-04-07 17:39:59 +00:00
|
|
|
} else {
|
|
|
|
// Problem getting source text. Pretend a comment was found.
|
2022-11-14 12:42:47 +00:00
|
|
|
HasSafetyComment::Maybe
|
2021-10-21 11:11:36 +00:00
|
|
|
}
|
2022-05-21 11:24:00 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-07-18 07:39:37 +00:00
|
|
|
fn get_body_search_span(cx: &LateContext<'_>) -> Option<Span> {
|
|
|
|
let body = cx.enclosing_body?;
|
|
|
|
let map = cx.tcx.hir();
|
|
|
|
let mut span = map.body(body).value.span;
|
|
|
|
for (_, node) in map.parent_iter(body.hir_id) {
|
|
|
|
match node {
|
|
|
|
Node::Expr(e) => span = e.span,
|
|
|
|
Node::Block(_) | Node::Arm(_) | Node::Stmt(_) | Node::Local(_) => (),
|
|
|
|
_ => break,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
Some(span)
|
|
|
|
}
|
|
|
|
|
2022-05-21 11:24:00 +00:00
|
|
|
fn span_in_body_has_safety_comment(cx: &LateContext<'_>, span: Span) -> bool {
|
|
|
|
let source_map = cx.sess().source_map();
|
|
|
|
let ctxt = span.ctxt();
|
|
|
|
if ctxt == SyntaxContext::root()
|
2022-07-18 07:39:37 +00:00
|
|
|
&& let Some(search_span) = get_body_search_span(cx)
|
2022-04-07 17:39:59 +00:00
|
|
|
{
|
2022-05-21 11:24:00 +00:00
|
|
|
if let Ok(unsafe_line) = source_map.lookup_line(span.lo())
|
2022-07-18 07:39:37 +00:00
|
|
|
&& let Some(body_span) = walk_span_to_context(search_span, SyntaxContext::root())
|
2022-05-21 11:24:00 +00:00
|
|
|
&& let Ok(body_line) = source_map.lookup_line(body_span.lo())
|
|
|
|
&& Lrc::ptr_eq(&unsafe_line.sf, &body_line.sf)
|
|
|
|
&& let Some(src) = unsafe_line.sf.src.as_deref()
|
|
|
|
{
|
|
|
|
// Get the text from the start of function body to the unsafe block.
|
|
|
|
// fn foo() { some_stuff; unsafe { stuff }; other_stuff; }
|
|
|
|
// ^-------------^
|
2022-05-30 05:59:45 +00:00
|
|
|
unsafe_line.sf.lines(|lines| {
|
|
|
|
body_line.line < unsafe_line.line && text_has_safety_comment(
|
|
|
|
src,
|
|
|
|
&lines[body_line.line + 1..=unsafe_line.line],
|
|
|
|
unsafe_line.sf.start_pos.to_usize(),
|
2022-11-14 12:42:47 +00:00
|
|
|
).is_some()
|
2022-05-30 05:59:45 +00:00
|
|
|
})
|
2022-05-21 11:24:00 +00:00
|
|
|
} else {
|
|
|
|
// Problem getting source text. Pretend a comment was found.
|
|
|
|
true
|
|
|
|
}
|
2022-04-07 17:39:59 +00:00
|
|
|
} else {
|
2022-05-21 11:24:00 +00:00
|
|
|
false
|
2021-10-21 11:11:36 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-04-07 17:39:59 +00:00
|
|
|
/// Checks if the given text has a safety comment for the immediately proceeding line.
|
2022-11-14 12:42:47 +00:00
|
|
|
fn text_has_safety_comment(src: &str, line_starts: &[BytePos], offset: usize) -> Option<BytePos> {
|
2022-04-07 17:39:59 +00:00
|
|
|
let mut lines = line_starts
|
|
|
|
.array_windows::<2>()
|
|
|
|
.rev()
|
|
|
|
.map_while(|[start, end]| {
|
2022-05-05 14:12:52 +00:00
|
|
|
let start = start.to_usize() - offset;
|
|
|
|
let end = end.to_usize() - offset;
|
2022-11-14 12:42:47 +00:00
|
|
|
let text = src.get(start..end)?;
|
|
|
|
let trimmed = text.trim_start();
|
|
|
|
Some((start + (text.len() - trimmed.len()), trimmed))
|
2022-04-07 17:39:59 +00:00
|
|
|
})
|
|
|
|
.filter(|(_, text)| !text.is_empty());
|
|
|
|
|
|
|
|
let Some((line_start, line)) = lines.next() else {
|
2022-11-14 12:42:47 +00:00
|
|
|
return None;
|
2022-04-07 17:39:59 +00:00
|
|
|
};
|
|
|
|
// Check for a sequence of line comments.
|
|
|
|
if line.starts_with("//") {
|
2022-11-14 12:42:47 +00:00
|
|
|
let (mut line, mut line_start) = (line, line_start);
|
2022-04-07 17:39:59 +00:00
|
|
|
loop {
|
|
|
|
if line.to_ascii_uppercase().contains("SAFETY:") {
|
2022-11-14 12:42:47 +00:00
|
|
|
return Some(BytePos(
|
|
|
|
u32::try_from(line_start).unwrap() + u32::try_from(offset).unwrap(),
|
|
|
|
));
|
2022-04-07 17:39:59 +00:00
|
|
|
}
|
|
|
|
match lines.next() {
|
2022-11-14 12:42:47 +00:00
|
|
|
Some((s, x)) if x.starts_with("//") => (line, line_start) = (x, s),
|
|
|
|
_ => return None,
|
2021-10-21 11:11:36 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2022-04-07 17:39:59 +00:00
|
|
|
// No line comments; look for the start of a block comment.
|
|
|
|
// This will only find them if they are at the start of a line.
|
|
|
|
let (mut line_start, mut line) = (line_start, line);
|
|
|
|
loop {
|
|
|
|
if line.starts_with("/*") {
|
2022-11-14 12:42:47 +00:00
|
|
|
let src = &src[line_start..line_starts.last().unwrap().to_usize() - offset];
|
2022-04-07 17:39:59 +00:00
|
|
|
let mut tokens = tokenize(src);
|
2022-11-14 12:42:47 +00:00
|
|
|
return (src[..tokens.next().unwrap().len as usize]
|
2022-04-07 17:39:59 +00:00
|
|
|
.to_ascii_uppercase()
|
|
|
|
.contains("SAFETY:")
|
2022-11-14 12:42:47 +00:00
|
|
|
&& tokens.all(|t| t.kind == TokenKind::Whitespace))
|
|
|
|
.then_some(BytePos(
|
|
|
|
u32::try_from(line_start).unwrap() + u32::try_from(offset).unwrap(),
|
|
|
|
));
|
2021-10-21 11:11:36 +00:00
|
|
|
}
|
2022-04-07 17:39:59 +00:00
|
|
|
match lines.next() {
|
|
|
|
Some(x) => (line_start, line) = x,
|
2022-11-14 12:42:47 +00:00
|
|
|
None => return None,
|
2021-10-21 11:11:36 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|