use crate::utils::{ attr_by_name, attrs::is_proc_macro, is_must_use_ty, is_trait_impl_item, is_type_diagnostic_item, iter_input_pats, match_def_path, must_use_attr, path_to_local, return_ty, snippet, snippet_opt, span_lint, span_lint_and_help, span_lint_and_then, trait_ref_of_method, type_is_unsafe_function, }; use if_chain::if_chain; use rustc_ast::ast::Attribute; use rustc_data_structures::fx::FxHashSet; use rustc_errors::Applicability; use rustc_hir as hir; use rustc_hir::intravisit; use rustc_hir::{def::Res, def_id::DefId, QPath}; use rustc_lint::{LateContext, LateLintPass, LintContext}; use rustc_middle::hir::map::Map; use rustc_middle::lint::in_external_macro; use rustc_middle::ty::{self, Ty}; use rustc_session::{declare_tool_lint, impl_lint_pass}; use rustc_span::source_map::Span; use rustc_span::sym; use rustc_target::spec::abi::Abi; use rustc_typeck::hir_ty_to_ty; declare_clippy_lint! { /// **What it does:** Checks for functions with too many parameters. /// /// **Why is this bad?** Functions with lots of parameters are considered bad /// style and reduce readability (“what does the 5th parameter mean?”). Consider /// grouping some parameters into a new type. /// /// **Known problems:** None. /// /// **Example:** /// ```rust /// # struct Color; /// fn foo(x: u32, y: u32, name: &str, c: Color, w: f32, h: f32, a: f32, b: f32) { /// // .. /// } /// ``` pub TOO_MANY_ARGUMENTS, complexity, "functions with too many arguments" } declare_clippy_lint! { /// **What it does:** Checks for functions with a large amount of lines. /// /// **Why is this bad?** Functions with a lot of lines are harder to understand /// due to having to look at a larger amount of code to understand what the /// function is doing. Consider splitting the body of the function into /// multiple functions. /// /// **Known problems:** None. /// /// **Example:** /// ```rust /// fn im_too_long() { /// println!(""); /// // ... 100 more LoC /// println!(""); /// } /// ``` pub TOO_MANY_LINES, pedantic, "functions with too many lines" } declare_clippy_lint! { /// **What it does:** Checks for public functions that dereference raw pointer /// arguments but are not marked unsafe. /// /// **Why is this bad?** The function should probably be marked `unsafe`, since /// for an arbitrary raw pointer, there is no way of telling for sure if it is /// valid. /// /// **Known problems:** /// /// * It does not check functions recursively so if the pointer is passed to a /// private non-`unsafe` function which does the dereferencing, the lint won't /// trigger. /// * It only checks for arguments whose type are raw pointers, not raw pointers /// got from an argument in some other way (`fn foo(bar: &[*const u8])` or /// `some_argument.get_raw_ptr()`). /// /// **Example:** /// ```rust,ignore /// // Bad /// pub fn foo(x: *const u8) { /// println!("{}", unsafe { *x }); /// } /// /// // Good /// pub unsafe fn foo(x: *const u8) { /// println!("{}", unsafe { *x }); /// } /// ``` pub NOT_UNSAFE_PTR_ARG_DEREF, correctness, "public functions dereferencing raw pointer arguments but not marked `unsafe`" } declare_clippy_lint! { /// **What it does:** Checks for a [`#[must_use]`] attribute on /// unit-returning functions and methods. /// /// [`#[must_use]`]: https://doc.rust-lang.org/reference/attributes/diagnostics.html#the-must_use-attribute /// /// **Why is this bad?** Unit values are useless. The attribute is likely /// a remnant of a refactoring that removed the return type. /// /// **Known problems:** None. /// /// **Examples:** /// ```rust /// #[must_use] /// fn useless() { } /// ``` pub MUST_USE_UNIT, style, "`#[must_use]` attribute on a unit-returning function / method" } declare_clippy_lint! { /// **What it does:** Checks for a [`#[must_use]`] attribute without /// further information on functions and methods that return a type already /// marked as `#[must_use]`. /// /// [`#[must_use]`]: https://doc.rust-lang.org/reference/attributes/diagnostics.html#the-must_use-attribute /// /// **Why is this bad?** The attribute isn't needed. Not using the result /// will already be reported. Alternatively, one can add some text to the /// attribute to improve the lint message. /// /// **Known problems:** None. /// /// **Examples:** /// ```rust /// #[must_use] /// fn double_must_use() -> Result<(), ()> { /// unimplemented!(); /// } /// ``` pub DOUBLE_MUST_USE, style, "`#[must_use]` attribute on a `#[must_use]`-returning function / method" } declare_clippy_lint! { /// **What it does:** Checks for public functions that have no /// [`#[must_use]`] attribute, but return something not already marked /// must-use, have no mutable arg and mutate no statics. /// /// [`#[must_use]`]: https://doc.rust-lang.org/reference/attributes/diagnostics.html#the-must_use-attribute /// /// **Why is this bad?** Not bad at all, this lint just shows places where /// you could add the attribute. /// /// **Known problems:** The lint only checks the arguments for mutable /// types without looking if they are actually changed. On the other hand, /// it also ignores a broad range of potentially interesting side effects, /// because we cannot decide whether the programmer intends the function to /// be called for the side effect or the result. Expect many false /// positives. At least we don't lint if the result type is unit or already /// `#[must_use]`. /// /// **Examples:** /// ```rust /// // this could be annotated with `#[must_use]`. /// fn id(t: T) -> T { t } /// ``` pub MUST_USE_CANDIDATE, pedantic, "function or method that could take a `#[must_use]` attribute" } declare_clippy_lint! { /// **What it does:** Checks for public functions that return a `Result` /// with an `Err` type of `()`. It suggests using a custom type that /// implements [`std::error::Error`]. /// /// **Why is this bad?** Unit does not implement `Error` and carries no /// further information about what went wrong. /// /// **Known problems:** Of course, this lint assumes that `Result` is used /// for a fallible operation (which is after all the intended use). However /// code may opt to (mis)use it as a basic two-variant-enum. In that case, /// the suggestion is misguided, and the code should use a custom enum /// instead. /// /// **Examples:** /// ```rust /// pub fn read_u8() -> Result { Err(()) } /// ``` /// should become /// ```rust,should_panic /// use std::fmt; /// /// #[derive(Debug)] /// pub struct EndOfStream; /// /// impl fmt::Display for EndOfStream { /// fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { /// write!(f, "End of Stream") /// } /// } /// /// impl std::error::Error for EndOfStream { } /// /// pub fn read_u8() -> Result { Err(EndOfStream) } ///# fn main() { ///# read_u8().unwrap(); ///# } /// ``` /// /// Note that there are crates that simplify creating the error type, e.g. /// [`thiserror`](https://docs.rs/thiserror). pub RESULT_UNIT_ERR, style, "public function returning `Result` with an `Err` type of `()`" } #[derive(Copy, Clone)] pub struct Functions { threshold: u64, max_lines: u64, } impl Functions { pub fn new(threshold: u64, max_lines: u64) -> Self { Self { threshold, max_lines } } } impl_lint_pass!(Functions => [ TOO_MANY_ARGUMENTS, TOO_MANY_LINES, NOT_UNSAFE_PTR_ARG_DEREF, MUST_USE_UNIT, DOUBLE_MUST_USE, MUST_USE_CANDIDATE, RESULT_UNIT_ERR, ]); impl<'tcx> LateLintPass<'tcx> for Functions { fn check_fn( &mut self, cx: &LateContext<'tcx>, kind: intravisit::FnKind<'tcx>, decl: &'tcx hir::FnDecl<'_>, body: &'tcx hir::Body<'_>, span: Span, hir_id: hir::HirId, ) { let unsafety = match kind { intravisit::FnKind::ItemFn(_, _, hir::FnHeader { unsafety, .. }, _, _) => unsafety, intravisit::FnKind::Method(_, sig, _, _) => sig.header.unsafety, intravisit::FnKind::Closure(_) => return, }; // don't warn for implementations, it's not their fault if !is_trait_impl_item(cx, hir_id) { // don't lint extern functions decls, it's not their fault either match kind { intravisit::FnKind::Method( _, &hir::FnSig { header: hir::FnHeader { abi: Abi::Rust, .. }, .. }, _, _, ) | intravisit::FnKind::ItemFn(_, _, hir::FnHeader { abi: Abi::Rust, .. }, _, _) => { self.check_arg_number(cx, decl, span.with_hi(decl.output.span().hi())) }, _ => {}, } } Self::check_raw_ptr(cx, unsafety, decl, body, hir_id); self.check_line_number(cx, span, body); } fn check_item(&mut self, cx: &LateContext<'tcx>, item: &'tcx hir::Item<'_>) { let attr = must_use_attr(&item.attrs); if let hir::ItemKind::Fn(ref sig, ref _generics, ref body_id) = item.kind { let is_public = cx.access_levels.is_exported(item.hir_id()); let fn_header_span = item.span.with_hi(sig.decl.output.span().hi()); if is_public { check_result_unit_err(cx, &sig.decl, item.span, fn_header_span); } if let Some(attr) = attr { check_needless_must_use(cx, &sig.decl, item.hir_id(), item.span, fn_header_span, attr); return; } if is_public && !is_proc_macro(cx.sess(), &item.attrs) && attr_by_name(&item.attrs, "no_mangle").is_none() { check_must_use_candidate( cx, &sig.decl, cx.tcx.hir().body(*body_id), item.span, item.hir_id(), item.span.with_hi(sig.decl.output.span().hi()), "this function could have a `#[must_use]` attribute", ); } } } fn check_impl_item(&mut self, cx: &LateContext<'tcx>, item: &'tcx hir::ImplItem<'_>) { if let hir::ImplItemKind::Fn(ref sig, ref body_id) = item.kind { let is_public = cx.access_levels.is_exported(item.hir_id()); let fn_header_span = item.span.with_hi(sig.decl.output.span().hi()); if is_public && trait_ref_of_method(cx, item.hir_id()).is_none() { check_result_unit_err(cx, &sig.decl, item.span, fn_header_span); } let attr = must_use_attr(&item.attrs); if let Some(attr) = attr { check_needless_must_use(cx, &sig.decl, item.hir_id(), item.span, fn_header_span, attr); } else if is_public && !is_proc_macro(cx.sess(), &item.attrs) && trait_ref_of_method(cx, item.hir_id()).is_none() { check_must_use_candidate( cx, &sig.decl, cx.tcx.hir().body(*body_id), item.span, item.hir_id(), item.span.with_hi(sig.decl.output.span().hi()), "this method could have a `#[must_use]` attribute", ); } } } fn check_trait_item(&mut self, cx: &LateContext<'tcx>, item: &'tcx hir::TraitItem<'_>) { if let hir::TraitItemKind::Fn(ref sig, ref eid) = item.kind { // don't lint extern functions decls, it's not their fault if sig.header.abi == Abi::Rust { self.check_arg_number(cx, &sig.decl, item.span.with_hi(sig.decl.output.span().hi())); } let is_public = cx.access_levels.is_exported(item.hir_id()); let fn_header_span = item.span.with_hi(sig.decl.output.span().hi()); if is_public { check_result_unit_err(cx, &sig.decl, item.span, fn_header_span); } let attr = must_use_attr(&item.attrs); if let Some(attr) = attr { check_needless_must_use(cx, &sig.decl, item.hir_id(), item.span, fn_header_span, attr); } if let hir::TraitFn::Provided(eid) = *eid { let body = cx.tcx.hir().body(eid); Self::check_raw_ptr(cx, sig.header.unsafety, &sig.decl, body, item.hir_id()); if attr.is_none() && is_public && !is_proc_macro(cx.sess(), &item.attrs) { check_must_use_candidate( cx, &sig.decl, body, item.span, item.hir_id(), item.span.with_hi(sig.decl.output.span().hi()), "this method could have a `#[must_use]` attribute", ); } } } } } impl<'tcx> Functions { fn check_arg_number(self, cx: &LateContext<'_>, decl: &hir::FnDecl<'_>, fn_span: Span) { let args = decl.inputs.len() as u64; if args > self.threshold { span_lint( cx, TOO_MANY_ARGUMENTS, fn_span, &format!("this function has too many arguments ({}/{})", args, self.threshold), ); } } fn check_line_number(self, cx: &LateContext<'_>, span: Span, body: &'tcx hir::Body<'_>) { if in_external_macro(cx.sess(), span) { return; } let code_snippet = snippet(cx, body.value.span, ".."); let mut line_count: u64 = 0; let mut in_comment = false; let mut code_in_line; // Skip the surrounding function decl. let start_brace_idx = code_snippet.find('{').map_or(0, |i| i + 1); let end_brace_idx = code_snippet.rfind('}').unwrap_or_else(|| code_snippet.len()); let function_lines = code_snippet[start_brace_idx..end_brace_idx].lines(); for mut line in function_lines { code_in_line = false; loop { line = line.trim_start(); if line.is_empty() { break; } if in_comment { if let Some(i) = line.find("*/") { line = &line[i + 2..]; in_comment = false; continue; } } else { let multi_idx = line.find("/*").unwrap_or_else(|| line.len()); let single_idx = line.find("//").unwrap_or_else(|| line.len()); code_in_line |= multi_idx > 0 && single_idx > 0; // Implies multi_idx is below line.len() if multi_idx < single_idx { line = &line[multi_idx + 2..]; in_comment = true; continue; } } break; } if code_in_line { line_count += 1; } } if line_count > self.max_lines { span_lint( cx, TOO_MANY_LINES, span, &format!("this function has too many lines ({}/{})", line_count, self.max_lines), ) } } fn check_raw_ptr( cx: &LateContext<'tcx>, unsafety: hir::Unsafety, decl: &'tcx hir::FnDecl<'_>, body: &'tcx hir::Body<'_>, hir_id: hir::HirId, ) { let expr = &body.value; if unsafety == hir::Unsafety::Normal && cx.access_levels.is_exported(hir_id) { let raw_ptrs = iter_input_pats(decl, body) .zip(decl.inputs.iter()) .filter_map(|(arg, ty)| raw_ptr_arg(arg, ty)) .collect::>(); if !raw_ptrs.is_empty() { let typeck_results = cx.tcx.typeck_body(body.id()); let mut v = DerefVisitor { cx, ptrs: raw_ptrs, typeck_results, }; intravisit::walk_expr(&mut v, expr); } } } } fn check_result_unit_err(cx: &LateContext<'_>, decl: &hir::FnDecl<'_>, item_span: Span, fn_header_span: Span) { if_chain! { if !in_external_macro(cx.sess(), item_span); if let hir::FnRetTy::Return(ref ty) = decl.output; let ty = hir_ty_to_ty(cx.tcx, ty); if is_type_diagnostic_item(cx, ty, sym::result_type); if let ty::Adt(_, substs) = ty.kind(); let err_ty = substs.type_at(1); if err_ty.is_unit(); then { span_lint_and_help( cx, RESULT_UNIT_ERR, fn_header_span, "this returns a `Result<_, ()>", None, "use a custom Error type instead", ); } } } fn check_needless_must_use( cx: &LateContext<'_>, decl: &hir::FnDecl<'_>, item_id: hir::HirId, item_span: Span, fn_header_span: Span, attr: &Attribute, ) { if in_external_macro(cx.sess(), item_span) { return; } if returns_unit(decl) { span_lint_and_then( cx, MUST_USE_UNIT, fn_header_span, "this unit-returning function has a `#[must_use]` attribute", |diag| { diag.span_suggestion( attr.span, "remove the attribute", "".into(), Applicability::MachineApplicable, ); }, ); } else if !attr.is_value_str() && is_must_use_ty(cx, return_ty(cx, item_id)) { span_lint_and_help( cx, DOUBLE_MUST_USE, fn_header_span, "this function has an empty `#[must_use]` attribute, but returns a type already marked as `#[must_use]`", None, "either add some descriptive text or remove the attribute", ); } } fn check_must_use_candidate<'tcx>( cx: &LateContext<'tcx>, decl: &'tcx hir::FnDecl<'_>, body: &'tcx hir::Body<'_>, item_span: Span, item_id: hir::HirId, fn_span: Span, msg: &str, ) { if has_mutable_arg(cx, body) || mutates_static(cx, body) || in_external_macro(cx.sess(), item_span) || returns_unit(decl) || !cx.access_levels.is_exported(item_id) || is_must_use_ty(cx, return_ty(cx, item_id)) { return; } span_lint_and_then(cx, MUST_USE_CANDIDATE, fn_span, msg, |diag| { if let Some(snippet) = snippet_opt(cx, fn_span) { diag.span_suggestion( fn_span, "add the attribute", format!("#[must_use] {}", snippet), Applicability::MachineApplicable, ); } }); } fn returns_unit(decl: &hir::FnDecl<'_>) -> bool { match decl.output { hir::FnRetTy::DefaultReturn(_) => true, hir::FnRetTy::Return(ref ty) => match ty.kind { hir::TyKind::Tup(ref tys) => tys.is_empty(), hir::TyKind::Never => true, _ => false, }, } } fn has_mutable_arg(cx: &LateContext<'_>, body: &hir::Body<'_>) -> bool { let mut tys = FxHashSet::default(); body.params.iter().any(|param| is_mutable_pat(cx, ¶m.pat, &mut tys)) } fn is_mutable_pat(cx: &LateContext<'_>, pat: &hir::Pat<'_>, tys: &mut FxHashSet) -> bool { if let hir::PatKind::Wild = pat.kind { return false; // ignore `_` patterns } if cx.tcx.has_typeck_results(pat.hir_id.owner.to_def_id()) { is_mutable_ty(cx, &cx.tcx.typeck(pat.hir_id.owner).pat_ty(pat), pat.span, tys) } else { false } } static KNOWN_WRAPPER_TYS: &[&[&str]] = &[&["alloc", "rc", "Rc"], &["std", "sync", "Arc"]]; fn is_mutable_ty<'tcx>(cx: &LateContext<'tcx>, ty: Ty<'tcx>, span: Span, tys: &mut FxHashSet) -> bool { match *ty.kind() { // primitive types are never mutable ty::Bool | ty::Char | ty::Int(_) | ty::Uint(_) | ty::Float(_) | ty::Str => false, ty::Adt(ref adt, ref substs) => { tys.insert(adt.did) && !ty.is_freeze(cx.tcx.at(span), cx.param_env) || KNOWN_WRAPPER_TYS.iter().any(|path| match_def_path(cx, adt.did, path)) && substs.types().any(|ty| is_mutable_ty(cx, ty, span, tys)) }, ty::Tuple(ref substs) => substs.types().any(|ty| is_mutable_ty(cx, ty, span, tys)), ty::Array(ty, _) | ty::Slice(ty) => is_mutable_ty(cx, ty, span, tys), ty::RawPtr(ty::TypeAndMut { ty, mutbl }) | ty::Ref(_, ty, mutbl) => { mutbl == hir::Mutability::Mut || is_mutable_ty(cx, ty, span, tys) }, // calling something constitutes a side effect, so return true on all callables // also never calls need not be used, so return true for them, too _ => true, } } fn raw_ptr_arg(arg: &hir::Param<'_>, ty: &hir::Ty<'_>) -> Option { if let (&hir::PatKind::Binding(_, id, _, _), &hir::TyKind::Ptr(_)) = (&arg.pat.kind, &ty.kind) { Some(id) } else { None } } struct DerefVisitor<'a, 'tcx> { cx: &'a LateContext<'tcx>, ptrs: FxHashSet, typeck_results: &'a ty::TypeckResults<'tcx>, } impl<'a, 'tcx> intravisit::Visitor<'tcx> for DerefVisitor<'a, 'tcx> { type Map = Map<'tcx>; fn visit_expr(&mut self, expr: &'tcx hir::Expr<'_>) { match expr.kind { hir::ExprKind::Call(ref f, args) => { let ty = self.typeck_results.expr_ty(f); if type_is_unsafe_function(self.cx, ty) { for arg in args { self.check_arg(arg); } } }, hir::ExprKind::MethodCall(_, _, args, _) => { let def_id = self.typeck_results.type_dependent_def_id(expr.hir_id).unwrap(); let base_type = self.cx.tcx.type_of(def_id); if type_is_unsafe_function(self.cx, base_type) { for arg in args { self.check_arg(arg); } } }, hir::ExprKind::Unary(hir::UnOp::Deref, ref ptr) => self.check_arg(ptr), _ => (), } intravisit::walk_expr(self, expr); } fn nested_visit_map(&mut self) -> intravisit::NestedVisitorMap { intravisit::NestedVisitorMap::None } } impl<'a, 'tcx> DerefVisitor<'a, 'tcx> { fn check_arg(&self, ptr: &hir::Expr<'_>) { if let Some(id) = path_to_local(ptr) { if self.ptrs.contains(&id) { span_lint( self.cx, NOT_UNSAFE_PTR_ARG_DEREF, ptr.span, "this public function dereferences a raw pointer but is not marked `unsafe`", ); } } } } struct StaticMutVisitor<'a, 'tcx> { cx: &'a LateContext<'tcx>, mutates_static: bool, } impl<'a, 'tcx> intravisit::Visitor<'tcx> for StaticMutVisitor<'a, 'tcx> { type Map = Map<'tcx>; fn visit_expr(&mut self, expr: &'tcx hir::Expr<'_>) { use hir::ExprKind::{AddrOf, Assign, AssignOp, Call, MethodCall}; if self.mutates_static { return; } match expr.kind { Call(_, args) | MethodCall(_, _, args, _) => { let mut tys = FxHashSet::default(); for arg in args { if self.cx.tcx.has_typeck_results(arg.hir_id.owner.to_def_id()) && is_mutable_ty( self.cx, self.cx.tcx.typeck(arg.hir_id.owner).expr_ty(arg), arg.span, &mut tys, ) && is_mutated_static(arg) { self.mutates_static = true; return; } tys.clear(); } }, Assign(ref target, ..) | AssignOp(_, ref target, _) | AddrOf(_, hir::Mutability::Mut, ref target) => { self.mutates_static |= is_mutated_static(target) }, _ => {}, } } fn nested_visit_map(&mut self) -> intravisit::NestedVisitorMap { intravisit::NestedVisitorMap::None } } fn is_mutated_static(e: &hir::Expr<'_>) -> bool { use hir::ExprKind::{Field, Index, Path}; match e.kind { Path(QPath::Resolved(_, path)) => !matches!(path.res, Res::Local(_)), Path(_) => true, Field(ref inner, _) | Index(ref inner, _) => is_mutated_static(inner), _ => false, } } fn mutates_static<'tcx>(cx: &LateContext<'tcx>, body: &'tcx hir::Body<'_>) -> bool { let mut v = StaticMutVisitor { cx, mutates_static: false, }; intravisit::walk_expr(&mut v, &body.value); v.mutates_static }