rustc_lint/
non_fmt_panic.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
use rustc_ast as ast;
use rustc_errors::Applicability;
use rustc_hir::{self as hir, LangItem};
use rustc_infer::infer::TyCtxtInferExt;
use rustc_middle::lint::in_external_macro;
use rustc_middle::{bug, ty};
use rustc_parse_format::{ParseMode, Parser, Piece};
use rustc_session::lint::FutureIncompatibilityReason;
use rustc_session::{declare_lint, declare_lint_pass};
use rustc_span::edition::Edition;
use rustc_span::{InnerSpan, Span, Symbol, hygiene, kw, sym};
use rustc_trait_selection::infer::InferCtxtExt;

use crate::lints::{NonFmtPanicBraces, NonFmtPanicUnused};
use crate::{LateContext, LateLintPass, LintContext, fluent_generated as fluent};

declare_lint! {
    /// The `non_fmt_panics` lint detects `panic!(..)` invocations where the first
    /// argument is not a formatting string.
    ///
    /// ### Example
    ///
    /// ```rust,no_run,edition2018
    /// panic!("{}");
    /// panic!(123);
    /// ```
    ///
    /// {{produces}}
    ///
    /// ### Explanation
    ///
    /// In Rust 2018 and earlier, `panic!(x)` directly uses `x` as the message.
    /// That means that `panic!("{}")` panics with the message `"{}"` instead
    /// of using it as a formatting string, and `panic!(123)` will panic with
    /// an `i32` as message.
    ///
    /// Rust 2021 always interprets the first argument as format string.
    NON_FMT_PANICS,
    Warn,
    "detect single-argument panic!() invocations in which the argument is not a format string",
    @future_incompatible = FutureIncompatibleInfo {
        reason: FutureIncompatibilityReason::EditionSemanticsChange(Edition::Edition2021),
        explain_reason: false,
    };
    report_in_external_macro
}

declare_lint_pass!(NonPanicFmt => [NON_FMT_PANICS]);

impl<'tcx> LateLintPass<'tcx> for NonPanicFmt {
    fn check_expr(&mut self, cx: &LateContext<'tcx>, expr: &'tcx hir::Expr<'tcx>) {
        if let hir::ExprKind::Call(f, [arg]) = &expr.kind {
            if let &ty::FnDef(def_id, _) = cx.typeck_results().expr_ty(f).kind() {
                let f_diagnostic_name = cx.tcx.get_diagnostic_name(def_id);

                if cx.tcx.is_lang_item(def_id, LangItem::BeginPanic)
                    || cx.tcx.is_lang_item(def_id, LangItem::Panic)
                    || f_diagnostic_name == Some(sym::panic_str_2015)
                {
                    if let Some(id) = f.span.ctxt().outer_expn_data().macro_def_id {
                        if matches!(
                            cx.tcx.get_diagnostic_name(id),
                            Some(sym::core_panic_2015_macro | sym::std_panic_2015_macro)
                        ) {
                            check_panic(cx, f, arg);
                        }
                    }
                } else if f_diagnostic_name == Some(sym::unreachable_display) {
                    if let Some(id) = f.span.ctxt().outer_expn_data().macro_def_id {
                        if cx.tcx.is_diagnostic_item(sym::unreachable_2015_macro, id) {
                            check_panic(
                                cx,
                                f,
                                // This is safe because we checked above that the callee is indeed
                                // unreachable_display
                                match &arg.kind {
                                    // Get the borrowed arg not the borrow
                                    hir::ExprKind::AddrOf(ast::BorrowKind::Ref, _, arg) => arg,
                                    _ => bug!("call to unreachable_display without borrow"),
                                },
                            );
                        }
                    }
                }
            }
        }
    }
}

fn check_panic<'tcx>(cx: &LateContext<'tcx>, f: &'tcx hir::Expr<'tcx>, arg: &'tcx hir::Expr<'tcx>) {
    if let hir::ExprKind::Lit(lit) = &arg.kind {
        if let ast::LitKind::Str(sym, _) = lit.node {
            // The argument is a string literal.
            check_panic_str(cx, f, arg, sym.as_str());
            return;
        }
    }

    // The argument is *not* a string literal.

    let (span, panic, symbol) = panic_call(cx, f);

    if in_external_macro(cx.sess(), span) {
        // Nothing that can be done about it in the current crate.
        return;
    }

    // Find the span of the argument to `panic!()` or `unreachable!`, before expansion in the
    // case of `panic!(some_macro!())` or `unreachable!(some_macro!())`.
    // We don't use source_callsite(), because this `panic!(..)` might itself
    // be expanded from another macro, in which case we want to stop at that
    // expansion.
    let mut arg_span = arg.span;
    let mut arg_macro = None;
    while !span.contains(arg_span) {
        let ctxt = arg_span.ctxt();
        if ctxt.is_root() {
            break;
        }
        let expn = ctxt.outer_expn_data();
        arg_macro = expn.macro_def_id;
        arg_span = expn.call_site;
    }

    #[allow(rustc::diagnostic_outside_of_impl)]
    cx.span_lint(NON_FMT_PANICS, arg_span, |lint| {
        lint.primary_message(fluent::lint_non_fmt_panic);
        lint.arg("name", symbol);
        lint.note(fluent::lint_note);
        lint.note(fluent::lint_more_info_note);
        if !is_arg_inside_call(arg_span, span) {
            // No clue where this argument is coming from.
            return;
        }
        if arg_macro.is_some_and(|id| cx.tcx.is_diagnostic_item(sym::format_macro, id)) {
            // A case of `panic!(format!(..))`.
            lint.note(fluent::lint_supports_fmt_note);
            if let Some((open, close, _)) = find_delimiters(cx, arg_span) {
                lint.multipart_suggestion(
                    fluent::lint_supports_fmt_suggestion,
                    vec![
                        (arg_span.until(open.shrink_to_hi()), "".into()),
                        (close.until(arg_span.shrink_to_hi()), "".into()),
                    ],
                    Applicability::MachineApplicable,
                );
            }
        } else {
            let ty = cx.typeck_results().expr_ty(arg);
            // If this is a &str or String, we can confidently give the `"{}", ` suggestion.
            let is_str = matches!(
                ty.kind(),
                ty::Ref(_, r, _) if r.is_str(),
            ) || matches!(
                ty.ty_adt_def(),
                Some(ty_def) if cx.tcx.is_lang_item(ty_def.did(), LangItem::String),
            );

            let (infcx, param_env) = cx.tcx.infer_ctxt().build_with_typing_env(cx.typing_env());
            let suggest_display = is_str
                || cx
                    .tcx
                    .get_diagnostic_item(sym::Display)
                    .is_some_and(|t| infcx.type_implements_trait(t, [ty], param_env).may_apply());
            let suggest_debug = !suggest_display
                && cx
                    .tcx
                    .get_diagnostic_item(sym::Debug)
                    .is_some_and(|t| infcx.type_implements_trait(t, [ty], param_env).may_apply());

            let suggest_panic_any = !is_str && panic == sym::std_panic_macro;

            let fmt_applicability = if suggest_panic_any {
                // If we can use panic_any, use that as the MachineApplicable suggestion.
                Applicability::MaybeIncorrect
            } else {
                // If we don't suggest panic_any, using a format string is our best bet.
                Applicability::MachineApplicable
            };

            if suggest_display {
                lint.span_suggestion_verbose(
                    arg_span.shrink_to_lo(),
                    fluent::lint_display_suggestion,
                    "\"{}\", ",
                    fmt_applicability,
                );
            } else if suggest_debug {
                lint.arg("ty", ty);
                lint.span_suggestion_verbose(
                    arg_span.shrink_to_lo(),
                    fluent::lint_debug_suggestion,
                    "\"{:?}\", ",
                    fmt_applicability,
                );
            }

            if suggest_panic_any {
                if let Some((open, close, del)) = find_delimiters(cx, span) {
                    lint.arg("already_suggested", suggest_display || suggest_debug);
                    lint.multipart_suggestion(
                        fluent::lint_panic_suggestion,
                        if del == '(' {
                            vec![(span.until(open), "std::panic::panic_any".into())]
                        } else {
                            vec![
                                (span.until(open.shrink_to_hi()), "std::panic::panic_any(".into()),
                                (close, ")".into()),
                            ]
                        },
                        Applicability::MachineApplicable,
                    );
                }
            }
        }
    });
}

fn check_panic_str<'tcx>(
    cx: &LateContext<'tcx>,
    f: &'tcx hir::Expr<'tcx>,
    arg: &'tcx hir::Expr<'tcx>,
    fmt: &str,
) {
    if !fmt.contains(&['{', '}']) {
        // No brace, no problem.
        return;
    }

    let (span, _, _) = panic_call(cx, f);

    if in_external_macro(cx.sess(), span) && in_external_macro(cx.sess(), arg.span) {
        // Nothing that can be done about it in the current crate.
        return;
    }

    let fmt_span = arg.span.source_callsite();

    let (snippet, style) = match cx.sess().psess.source_map().span_to_snippet(fmt_span) {
        Ok(snippet) => {
            // Count the number of `#`s between the `r` and `"`.
            let style = snippet.strip_prefix('r').and_then(|s| s.find('"'));
            (Some(snippet), style)
        }
        Err(_) => (None, None),
    };

    let mut fmt_parser = Parser::new(fmt, style, snippet.clone(), false, ParseMode::Format);
    let n_arguments = (&mut fmt_parser).filter(|a| matches!(a, Piece::NextArgument(_))).count();

    if n_arguments > 0 && fmt_parser.errors.is_empty() {
        let arg_spans: Vec<_> = match &fmt_parser.arg_places[..] {
            [] => vec![fmt_span],
            v => v
                .iter()
                .map(|span| fmt_span.from_inner(InnerSpan::new(span.start, span.end)))
                .collect(),
        };
        cx.emit_span_lint(NON_FMT_PANICS, arg_spans, NonFmtPanicUnused {
            count: n_arguments,
            suggestion: is_arg_inside_call(arg.span, span).then_some(arg.span),
        });
    } else {
        let brace_spans: Option<Vec<_>> =
            snippet.filter(|s| s.starts_with('"') || s.starts_with("r#")).map(|s| {
                s.char_indices()
                    .filter(|&(_, c)| c == '{' || c == '}')
                    .map(|(i, _)| fmt_span.from_inner(InnerSpan { start: i, end: i + 1 }))
                    .collect()
            });
        let count = brace_spans.as_ref().map(|v| v.len()).unwrap_or(/* any number >1 */ 2);
        cx.emit_span_lint(
            NON_FMT_PANICS,
            brace_spans.unwrap_or_else(|| vec![span]),
            NonFmtPanicBraces {
                count,
                suggestion: is_arg_inside_call(arg.span, span).then_some(arg.span.shrink_to_lo()),
            },
        );
    }
}

/// Given the span of `some_macro!(args);`, gives the span of `(` and `)`,
/// and the type of (opening) delimiter used.
fn find_delimiters(cx: &LateContext<'_>, span: Span) -> Option<(Span, Span, char)> {
    let snippet = cx.sess().psess.source_map().span_to_snippet(span).ok()?;
    let (open, open_ch) = snippet.char_indices().find(|&(_, c)| "([{".contains(c))?;
    let close = snippet.rfind(|c| ")]}".contains(c))?;
    Some((
        span.from_inner(InnerSpan { start: open, end: open + 1 }),
        span.from_inner(InnerSpan { start: close, end: close + 1 }),
        open_ch,
    ))
}

fn panic_call<'tcx>(cx: &LateContext<'tcx>, f: &'tcx hir::Expr<'tcx>) -> (Span, Symbol, Symbol) {
    let mut expn = f.span.ctxt().outer_expn_data();

    let mut panic_macro = kw::Empty;

    // Unwrap more levels of macro expansion, as panic_2015!()
    // was likely expanded from panic!() and possibly from
    // [debug_]assert!().
    loop {
        let parent = expn.call_site.ctxt().outer_expn_data();
        let Some(id) = parent.macro_def_id else { break };
        let Some(name) = cx.tcx.get_diagnostic_name(id) else { break };
        if !matches!(
            name,
            sym::core_panic_macro
                | sym::std_panic_macro
                | sym::assert_macro
                | sym::debug_assert_macro
                | sym::unreachable_macro
        ) {
            break;
        }
        expn = parent;
        panic_macro = name;
    }

    let macro_symbol =
        if let hygiene::ExpnKind::Macro(_, symbol) = expn.kind { symbol } else { sym::panic };
    (expn.call_site, panic_macro, macro_symbol)
}

fn is_arg_inside_call(arg: Span, call: Span) -> bool {
    // We only add suggestions if the argument we're looking at appears inside the
    // panic call in the source file, to avoid invalid suggestions when macros are involved.
    // We specifically check for the spans to not be identical, as that happens sometimes when
    // proc_macros lie about spans and apply the same span to all the tokens they produce.
    call.contains(arg) && !call.source_equal(arg)
}