2 attr_by_name, attrs::is_proc_macro, is_trait_impl_item, iter_input_pats, match_def_path, must_use_attr,
3 path_to_local, return_ty, snippet, snippet_opt, span_lint, span_lint_and_help, span_lint_and_then,
6 use clippy_utils::ty::{is_must_use_ty, is_type_diagnostic_item, type_is_unsafe_function};
7 use if_chain::if_chain;
8 use rustc_ast::ast::Attribute;
9 use rustc_data_structures::fx::FxHashSet;
10 use rustc_errors::Applicability;
12 use rustc_hir::intravisit;
13 use rustc_hir::{def::Res, def_id::DefId, QPath};
14 use rustc_lint::{LateContext, LateLintPass, LintContext};
15 use rustc_middle::hir::map::Map;
16 use rustc_middle::lint::in_external_macro;
17 use rustc_middle::ty::{self, Ty};
18 use rustc_session::{declare_tool_lint, impl_lint_pass};
19 use rustc_span::source_map::Span;
21 use rustc_target::spec::abi::Abi;
22 use rustc_typeck::hir_ty_to_ty;
24 declare_clippy_lint! {
25 /// **What it does:** Checks for functions with too many parameters.
27 /// **Why is this bad?** Functions with lots of parameters are considered bad
28 /// style and reduce readability (“what does the 5th parameter mean?”). Consider
29 /// grouping some parameters into a new type.
31 /// **Known problems:** None.
36 /// fn foo(x: u32, y: u32, name: &str, c: Color, w: f32, h: f32, a: f32, b: f32) {
40 pub TOO_MANY_ARGUMENTS,
42 "functions with too many arguments"
45 declare_clippy_lint! {
46 /// **What it does:** Checks for functions with a large amount of lines.
48 /// **Why is this bad?** Functions with a lot of lines are harder to understand
49 /// due to having to look at a larger amount of code to understand what the
50 /// function is doing. Consider splitting the body of the function into
51 /// multiple functions.
53 /// **Known problems:** None.
57 /// fn im_too_long() {
59 /// // ... 100 more LoC
65 "functions with too many lines"
68 declare_clippy_lint! {
69 /// **What it does:** Checks for public functions that dereference raw pointer
70 /// arguments but are not marked unsafe.
72 /// **Why is this bad?** The function should probably be marked `unsafe`, since
73 /// for an arbitrary raw pointer, there is no way of telling for sure if it is
76 /// **Known problems:**
78 /// * It does not check functions recursively so if the pointer is passed to a
79 /// private non-`unsafe` function which does the dereferencing, the lint won't
81 /// * It only checks for arguments whose type are raw pointers, not raw pointers
82 /// got from an argument in some other way (`fn foo(bar: &[*const u8])` or
83 /// `some_argument.get_raw_ptr()`).
88 /// pub fn foo(x: *const u8) {
89 /// println!("{}", unsafe { *x });
93 /// pub unsafe fn foo(x: *const u8) {
94 /// println!("{}", unsafe { *x });
97 pub NOT_UNSAFE_PTR_ARG_DEREF,
99 "public functions dereferencing raw pointer arguments but not marked `unsafe`"
102 declare_clippy_lint! {
103 /// **What it does:** Checks for a [`#[must_use]`] attribute on
104 /// unit-returning functions and methods.
106 /// [`#[must_use]`]: https://doc.rust-lang.org/reference/attributes/diagnostics.html#the-must_use-attribute
108 /// **Why is this bad?** Unit values are useless. The attribute is likely
109 /// a remnant of a refactoring that removed the return type.
111 /// **Known problems:** None.
120 "`#[must_use]` attribute on a unit-returning function / method"
123 declare_clippy_lint! {
124 /// **What it does:** Checks for a [`#[must_use]`] attribute without
125 /// further information on functions and methods that return a type already
126 /// marked as `#[must_use]`.
128 /// [`#[must_use]`]: https://doc.rust-lang.org/reference/attributes/diagnostics.html#the-must_use-attribute
130 /// **Why is this bad?** The attribute isn't needed. Not using the result
131 /// will already be reported. Alternatively, one can add some text to the
132 /// attribute to improve the lint message.
134 /// **Known problems:** None.
139 /// fn double_must_use() -> Result<(), ()> {
140 /// unimplemented!();
145 "`#[must_use]` attribute on a `#[must_use]`-returning function / method"
148 declare_clippy_lint! {
149 /// **What it does:** Checks for public functions that have no
150 /// [`#[must_use]`] attribute, but return something not already marked
151 /// must-use, have no mutable arg and mutate no statics.
153 /// [`#[must_use]`]: https://doc.rust-lang.org/reference/attributes/diagnostics.html#the-must_use-attribute
155 /// **Why is this bad?** Not bad at all, this lint just shows places where
156 /// you could add the attribute.
158 /// **Known problems:** The lint only checks the arguments for mutable
159 /// types without looking if they are actually changed. On the other hand,
160 /// it also ignores a broad range of potentially interesting side effects,
161 /// because we cannot decide whether the programmer intends the function to
162 /// be called for the side effect or the result. Expect many false
163 /// positives. At least we don't lint if the result type is unit or already
168 /// // this could be annotated with `#[must_use]`.
169 /// fn id<T>(t: T) -> T { t }
171 pub MUST_USE_CANDIDATE,
173 "function or method that could take a `#[must_use]` attribute"
176 declare_clippy_lint! {
177 /// **What it does:** Checks for public functions that return a `Result`
178 /// with an `Err` type of `()`. It suggests using a custom type that
179 /// implements [`std::error::Error`].
181 /// **Why is this bad?** Unit does not implement `Error` and carries no
182 /// further information about what went wrong.
184 /// **Known problems:** Of course, this lint assumes that `Result` is used
185 /// for a fallible operation (which is after all the intended use). However
186 /// code may opt to (mis)use it as a basic two-variant-enum. In that case,
187 /// the suggestion is misguided, and the code should use a custom enum
192 /// pub fn read_u8() -> Result<u8, ()> { Err(()) }
195 /// ```rust,should_panic
199 /// pub struct EndOfStream;
201 /// impl fmt::Display for EndOfStream {
202 /// fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
203 /// write!(f, "End of Stream")
207 /// impl std::error::Error for EndOfStream { }
209 /// pub fn read_u8() -> Result<u8, EndOfStream> { Err(EndOfStream) }
211 ///# read_u8().unwrap();
215 /// Note that there are crates that simplify creating the error type, e.g.
216 /// [`thiserror`](https://docs.rs/thiserror).
219 "public function returning `Result` with an `Err` type of `()`"
222 #[derive(Copy, Clone)]
223 pub struct Functions {
229 pub fn new(threshold: u64, max_lines: u64) -> Self {
230 Self { threshold, max_lines }
234 impl_lint_pass!(Functions => [
237 NOT_UNSAFE_PTR_ARG_DEREF,
244 impl<'tcx> LateLintPass<'tcx> for Functions {
247 cx: &LateContext<'tcx>,
248 kind: intravisit::FnKind<'tcx>,
249 decl: &'tcx hir::FnDecl<'_>,
250 body: &'tcx hir::Body<'_>,
254 let unsafety = match kind {
255 intravisit::FnKind::ItemFn(_, _, hir::FnHeader { unsafety, .. }, _) => unsafety,
256 intravisit::FnKind::Method(_, sig, _) => sig.header.unsafety,
257 intravisit::FnKind::Closure => return,
260 // don't warn for implementations, it's not their fault
261 if !is_trait_impl_item(cx, hir_id) {
262 // don't lint extern functions decls, it's not their fault either
264 intravisit::FnKind::Method(
267 header: hir::FnHeader { abi: Abi::Rust, .. },
272 | intravisit::FnKind::ItemFn(_, _, hir::FnHeader { abi: Abi::Rust, .. }, _) => {
273 self.check_arg_number(cx, decl, span.with_hi(decl.output.span().hi()))
279 Self::check_raw_ptr(cx, unsafety, decl, body, hir_id);
280 self.check_line_number(cx, span, body);
283 fn check_item(&mut self, cx: &LateContext<'tcx>, item: &'tcx hir::Item<'_>) {
284 let attrs = cx.tcx.hir().attrs(item.hir_id());
285 let attr = must_use_attr(attrs);
286 if let hir::ItemKind::Fn(ref sig, ref _generics, ref body_id) = item.kind {
287 let is_public = cx.access_levels.is_exported(item.hir_id());
288 let fn_header_span = item.span.with_hi(sig.decl.output.span().hi());
290 check_result_unit_err(cx, &sig.decl, item.span, fn_header_span);
292 if let Some(attr) = attr {
293 check_needless_must_use(cx, &sig.decl, item.hir_id(), item.span, fn_header_span, attr);
296 if is_public && !is_proc_macro(cx.sess(), attrs) && attr_by_name(attrs, "no_mangle").is_none() {
297 check_must_use_candidate(
300 cx.tcx.hir().body(*body_id),
303 item.span.with_hi(sig.decl.output.span().hi()),
304 "this function could have a `#[must_use]` attribute",
310 fn check_impl_item(&mut self, cx: &LateContext<'tcx>, item: &'tcx hir::ImplItem<'_>) {
311 if let hir::ImplItemKind::Fn(ref sig, ref body_id) = item.kind {
312 let is_public = cx.access_levels.is_exported(item.hir_id());
313 let fn_header_span = item.span.with_hi(sig.decl.output.span().hi());
314 if is_public && trait_ref_of_method(cx, item.hir_id()).is_none() {
315 check_result_unit_err(cx, &sig.decl, item.span, fn_header_span);
317 let attrs = cx.tcx.hir().attrs(item.hir_id());
318 let attr = must_use_attr(attrs);
319 if let Some(attr) = attr {
320 check_needless_must_use(cx, &sig.decl, item.hir_id(), item.span, fn_header_span, attr);
321 } else if is_public && !is_proc_macro(cx.sess(), attrs) && trait_ref_of_method(cx, item.hir_id()).is_none()
323 check_must_use_candidate(
326 cx.tcx.hir().body(*body_id),
329 item.span.with_hi(sig.decl.output.span().hi()),
330 "this method could have a `#[must_use]` attribute",
336 fn check_trait_item(&mut self, cx: &LateContext<'tcx>, item: &'tcx hir::TraitItem<'_>) {
337 if let hir::TraitItemKind::Fn(ref sig, ref eid) = item.kind {
338 // don't lint extern functions decls, it's not their fault
339 if sig.header.abi == Abi::Rust {
340 self.check_arg_number(cx, &sig.decl, item.span.with_hi(sig.decl.output.span().hi()));
342 let is_public = cx.access_levels.is_exported(item.hir_id());
343 let fn_header_span = item.span.with_hi(sig.decl.output.span().hi());
345 check_result_unit_err(cx, &sig.decl, item.span, fn_header_span);
348 let attrs = cx.tcx.hir().attrs(item.hir_id());
349 let attr = must_use_attr(attrs);
350 if let Some(attr) = attr {
351 check_needless_must_use(cx, &sig.decl, item.hir_id(), item.span, fn_header_span, attr);
353 if let hir::TraitFn::Provided(eid) = *eid {
354 let body = cx.tcx.hir().body(eid);
355 Self::check_raw_ptr(cx, sig.header.unsafety, &sig.decl, body, item.hir_id());
357 if attr.is_none() && is_public && !is_proc_macro(cx.sess(), attrs) {
358 check_must_use_candidate(
364 item.span.with_hi(sig.decl.output.span().hi()),
365 "this method could have a `#[must_use]` attribute",
373 impl<'tcx> Functions {
374 fn check_arg_number(self, cx: &LateContext<'_>, decl: &hir::FnDecl<'_>, fn_span: Span) {
375 let args = decl.inputs.len() as u64;
376 if args > self.threshold {
381 &format!("this function has too many arguments ({}/{})", args, self.threshold),
386 fn check_line_number(self, cx: &LateContext<'_>, span: Span, body: &'tcx hir::Body<'_>) {
387 if in_external_macro(cx.sess(), span) {
391 let code_snippet = snippet(cx, body.value.span, "..");
392 let mut line_count: u64 = 0;
393 let mut in_comment = false;
394 let mut code_in_line;
396 // Skip the surrounding function decl.
397 let start_brace_idx = code_snippet.find('{').map_or(0, |i| i + 1);
398 let end_brace_idx = code_snippet.rfind('}').unwrap_or_else(|| code_snippet.len());
399 let function_lines = code_snippet[start_brace_idx..end_brace_idx].lines();
401 for mut line in function_lines {
402 code_in_line = false;
404 line = line.trim_start();
409 if let Some(i) = line.find("*/") {
410 line = &line[i + 2..];
415 let multi_idx = line.find("/*").unwrap_or_else(|| line.len());
416 let single_idx = line.find("//").unwrap_or_else(|| line.len());
417 code_in_line |= multi_idx > 0 && single_idx > 0;
418 // Implies multi_idx is below line.len()
419 if multi_idx < single_idx {
420 line = &line[multi_idx + 2..];
432 if line_count > self.max_lines {
437 &format!("this function has too many lines ({}/{})", line_count, self.max_lines),
443 cx: &LateContext<'tcx>,
444 unsafety: hir::Unsafety,
445 decl: &'tcx hir::FnDecl<'_>,
446 body: &'tcx hir::Body<'_>,
449 let expr = &body.value;
450 if unsafety == hir::Unsafety::Normal && cx.access_levels.is_exported(hir_id) {
451 let raw_ptrs = iter_input_pats(decl, body)
452 .zip(decl.inputs.iter())
453 .filter_map(|(arg, ty)| raw_ptr_arg(arg, ty))
454 .collect::<FxHashSet<_>>();
456 if !raw_ptrs.is_empty() {
457 let typeck_results = cx.tcx.typeck_body(body.id());
458 let mut v = DerefVisitor {
464 intravisit::walk_expr(&mut v, expr);
470 fn check_result_unit_err(cx: &LateContext<'_>, decl: &hir::FnDecl<'_>, item_span: Span, fn_header_span: Span) {
472 if !in_external_macro(cx.sess(), item_span);
473 if let hir::FnRetTy::Return(ref ty) = decl.output;
474 let ty = hir_ty_to_ty(cx.tcx, ty);
475 if is_type_diagnostic_item(cx, ty, sym::result_type);
476 if let ty::Adt(_, substs) = ty.kind();
477 let err_ty = substs.type_at(1);
484 "this returns a `Result<_, ()>",
486 "use a custom Error type instead",
492 fn check_needless_must_use(
493 cx: &LateContext<'_>,
494 decl: &hir::FnDecl<'_>,
497 fn_header_span: Span,
500 if in_external_macro(cx.sess(), item_span) {
503 if returns_unit(decl) {
508 "this unit-returning function has a `#[must_use]` attribute",
510 diag.span_suggestion(
512 "remove the attribute",
514 Applicability::MachineApplicable,
518 } else if !attr.is_value_str() && is_must_use_ty(cx, return_ty(cx, item_id)) {
523 "this function has an empty `#[must_use]` attribute, but returns a type already marked as `#[must_use]`",
525 "either add some descriptive text or remove the attribute",
530 fn check_must_use_candidate<'tcx>(
531 cx: &LateContext<'tcx>,
532 decl: &'tcx hir::FnDecl<'_>,
533 body: &'tcx hir::Body<'_>,
539 if has_mutable_arg(cx, body)
540 || mutates_static(cx, body)
541 || in_external_macro(cx.sess(), item_span)
542 || returns_unit(decl)
543 || !cx.access_levels.is_exported(item_id)
544 || is_must_use_ty(cx, return_ty(cx, item_id))
548 span_lint_and_then(cx, MUST_USE_CANDIDATE, fn_span, msg, |diag| {
549 if let Some(snippet) = snippet_opt(cx, fn_span) {
550 diag.span_suggestion(
553 format!("#[must_use] {}", snippet),
554 Applicability::MachineApplicable,
560 fn returns_unit(decl: &hir::FnDecl<'_>) -> bool {
562 hir::FnRetTy::DefaultReturn(_) => true,
563 hir::FnRetTy::Return(ref ty) => match ty.kind {
564 hir::TyKind::Tup(ref tys) => tys.is_empty(),
565 hir::TyKind::Never => true,
571 fn has_mutable_arg(cx: &LateContext<'_>, body: &hir::Body<'_>) -> bool {
572 let mut tys = FxHashSet::default();
573 body.params.iter().any(|param| is_mutable_pat(cx, ¶m.pat, &mut tys))
576 fn is_mutable_pat(cx: &LateContext<'_>, pat: &hir::Pat<'_>, tys: &mut FxHashSet<DefId>) -> bool {
577 if let hir::PatKind::Wild = pat.kind {
578 return false; // ignore `_` patterns
580 if cx.tcx.has_typeck_results(pat.hir_id.owner.to_def_id()) {
581 is_mutable_ty(cx, &cx.tcx.typeck(pat.hir_id.owner).pat_ty(pat), pat.span, tys)
587 static KNOWN_WRAPPER_TYS: &[&[&str]] = &[&["alloc", "rc", "Rc"], &["std", "sync", "Arc"]];
589 fn is_mutable_ty<'tcx>(cx: &LateContext<'tcx>, ty: Ty<'tcx>, span: Span, tys: &mut FxHashSet<DefId>) -> bool {
591 // primitive types are never mutable
592 ty::Bool | ty::Char | ty::Int(_) | ty::Uint(_) | ty::Float(_) | ty::Str => false,
593 ty::Adt(ref adt, ref substs) => {
594 tys.insert(adt.did) && !ty.is_freeze(cx.tcx.at(span), cx.param_env)
595 || KNOWN_WRAPPER_TYS.iter().any(|path| match_def_path(cx, adt.did, path))
596 && substs.types().any(|ty| is_mutable_ty(cx, ty, span, tys))
598 ty::Tuple(ref substs) => substs.types().any(|ty| is_mutable_ty(cx, ty, span, tys)),
599 ty::Array(ty, _) | ty::Slice(ty) => is_mutable_ty(cx, ty, span, tys),
600 ty::RawPtr(ty::TypeAndMut { ty, mutbl }) | ty::Ref(_, ty, mutbl) => {
601 mutbl == hir::Mutability::Mut || is_mutable_ty(cx, ty, span, tys)
603 // calling something constitutes a side effect, so return true on all callables
604 // also never calls need not be used, so return true for them, too
609 fn raw_ptr_arg(arg: &hir::Param<'_>, ty: &hir::Ty<'_>) -> Option<hir::HirId> {
610 if let (&hir::PatKind::Binding(_, id, _, _), &hir::TyKind::Ptr(_)) = (&arg.pat.kind, &ty.kind) {
617 struct DerefVisitor<'a, 'tcx> {
618 cx: &'a LateContext<'tcx>,
619 ptrs: FxHashSet<hir::HirId>,
620 typeck_results: &'a ty::TypeckResults<'tcx>,
623 impl<'a, 'tcx> intravisit::Visitor<'tcx> for DerefVisitor<'a, 'tcx> {
624 type Map = Map<'tcx>;
626 fn visit_expr(&mut self, expr: &'tcx hir::Expr<'_>) {
628 hir::ExprKind::Call(ref f, args) => {
629 let ty = self.typeck_results.expr_ty(f);
631 if type_is_unsafe_function(self.cx, ty) {
637 hir::ExprKind::MethodCall(_, _, args, _) => {
638 let def_id = self.typeck_results.type_dependent_def_id(expr.hir_id).unwrap();
639 let base_type = self.cx.tcx.type_of(def_id);
641 if type_is_unsafe_function(self.cx, base_type) {
647 hir::ExprKind::Unary(hir::UnOp::Deref, ref ptr) => self.check_arg(ptr),
651 intravisit::walk_expr(self, expr);
654 fn nested_visit_map(&mut self) -> intravisit::NestedVisitorMap<Self::Map> {
655 intravisit::NestedVisitorMap::None
659 impl<'a, 'tcx> DerefVisitor<'a, 'tcx> {
660 fn check_arg(&self, ptr: &hir::Expr<'_>) {
661 if let Some(id) = path_to_local(ptr) {
662 if self.ptrs.contains(&id) {
665 NOT_UNSAFE_PTR_ARG_DEREF,
667 "this public function dereferences a raw pointer but is not marked `unsafe`",
674 struct StaticMutVisitor<'a, 'tcx> {
675 cx: &'a LateContext<'tcx>,
676 mutates_static: bool,
679 impl<'a, 'tcx> intravisit::Visitor<'tcx> for StaticMutVisitor<'a, 'tcx> {
680 type Map = Map<'tcx>;
682 fn visit_expr(&mut self, expr: &'tcx hir::Expr<'_>) {
683 use hir::ExprKind::{AddrOf, Assign, AssignOp, Call, MethodCall};
685 if self.mutates_static {
689 Call(_, args) | MethodCall(_, _, args, _) => {
690 let mut tys = FxHashSet::default();
692 if self.cx.tcx.has_typeck_results(arg.hir_id.owner.to_def_id())
695 self.cx.tcx.typeck(arg.hir_id.owner).expr_ty(arg),
699 && is_mutated_static(arg)
701 self.mutates_static = true;
707 Assign(ref target, ..) | AssignOp(_, ref target, _) | AddrOf(_, hir::Mutability::Mut, ref target) => {
708 self.mutates_static |= is_mutated_static(target)
714 fn nested_visit_map(&mut self) -> intravisit::NestedVisitorMap<Self::Map> {
715 intravisit::NestedVisitorMap::None
719 fn is_mutated_static(e: &hir::Expr<'_>) -> bool {
720 use hir::ExprKind::{Field, Index, Path};
723 Path(QPath::Resolved(_, path)) => !matches!(path.res, Res::Local(_)),
725 Field(ref inner, _) | Index(ref inner, _) => is_mutated_static(inner),
730 fn mutates_static<'tcx>(cx: &LateContext<'tcx>, body: &'tcx hir::Body<'_>) -> bool {
731 let mut v = StaticMutVisitor {
733 mutates_static: false,
735 intravisit::walk_expr(&mut v, &body.value);