Skip to main content

rustc_lint/
non_fmt_panic.rs

1use rustc_ast as ast;
2use rustc_errors::{Applicability, msg};
3use rustc_hir::{self as hir, LangItem};
4use rustc_infer::infer::TyCtxtInferExt;
5use rustc_middle::{bug, ty};
6use rustc_parse_format::{ParseMode, Parser, Piece};
7use rustc_session::lint::fcw;
8use rustc_session::{declare_lint, declare_lint_pass};
9use rustc_span::{InnerSpan, Span, Symbol, hygiene, sym};
10use rustc_trait_selection::infer::InferCtxtExt;
11
12use crate::lints::{NonFmtPanicBraces, NonFmtPanicUnused};
13use crate::{LateContext, LateLintPass, LintContext};
14
15#[doc =
r" The `non_fmt_panics` lint detects `panic!(..)` invocations where the first"]
#[doc = r" argument is not a formatting string."]
#[doc = r""]
#[doc = r" ### Example"]
#[doc = r""]
#[doc = r" ```rust,no_run,edition2018"]
#[doc = r#" panic!("{}");"#]
#[doc = r" panic!(123);"]
#[doc = r" ```"]
#[doc = r""]
#[doc = r" {{produces}}"]
#[doc = r""]
#[doc = r" ### Explanation"]
#[doc = r""]
#[doc =
r" In Rust 2018 and earlier, `panic!(x)` directly uses `x` as the message."]
#[doc =
r#" That means that `panic!("{}")` panics with the message `"{}"` instead"#]
#[doc =
r" of using it as a formatting string, and `panic!(123)` will panic with"]
#[doc = r" an `i32` as message."]
#[doc = r""]
#[doc = r" Rust 2021 always interprets the first argument as format string."]
static NON_FMT_PANICS: &::rustc_lint_defs::Lint =
    &::rustc_lint_defs::Lint {
            name: "NON_FMT_PANICS",
            default_level: ::rustc_lint_defs::Warn,
            desc: "detect single-argument panic!() invocations in which the argument is not a format string",
            is_externally_loaded: false,
            report_in_external_macro: true,
            future_incompatible: Some(::rustc_lint_defs::FutureIncompatibleInfo {
                    reason: ::rustc_lint_defs::FutureIncompatibilityReason::EditionSemanticsChange(::rustc_lint_defs::EditionFcw {
                            edition: rustc_span::edition::Edition::Edition2021,
                            page_slug: "panic-macro-consistency",
                        }),
                    explain_reason: false,
                    ..::rustc_lint_defs::FutureIncompatibleInfo::default_fields_for_macro()
                }),
            ..::rustc_lint_defs::Lint::default_fields_for_macro()
        };declare_lint! {
16    /// The `non_fmt_panics` lint detects `panic!(..)` invocations where the first
17    /// argument is not a formatting string.
18    ///
19    /// ### Example
20    ///
21    /// ```rust,no_run,edition2018
22    /// panic!("{}");
23    /// panic!(123);
24    /// ```
25    ///
26    /// {{produces}}
27    ///
28    /// ### Explanation
29    ///
30    /// In Rust 2018 and earlier, `panic!(x)` directly uses `x` as the message.
31    /// That means that `panic!("{}")` panics with the message `"{}"` instead
32    /// of using it as a formatting string, and `panic!(123)` will panic with
33    /// an `i32` as message.
34    ///
35    /// Rust 2021 always interprets the first argument as format string.
36    NON_FMT_PANICS,
37    Warn,
38    "detect single-argument panic!() invocations in which the argument is not a format string",
39    @future_incompatible = FutureIncompatibleInfo {
40        reason: fcw!(EditionSemanticsChange 2021 "panic-macro-consistency"),
41        explain_reason: false,
42    };
43    report_in_external_macro
44}
45
46pub struct NonPanicFmt;
#[automatically_derived]
impl ::core::marker::Copy for NonPanicFmt { }
#[automatically_derived]
#[doc(hidden)]
unsafe impl ::core::clone::TrivialClone for NonPanicFmt { }
#[automatically_derived]
impl ::core::clone::Clone for NonPanicFmt {
    #[inline]
    fn clone(&self) -> NonPanicFmt { *self }
}
impl ::rustc_lint_defs::LintPass for NonPanicFmt {
    fn name(&self) -> &'static str { "NonPanicFmt" }
    fn get_lints(&self) -> ::rustc_lint_defs::LintVec {
        ::alloc::boxed::box_assume_init_into_vec_unsafe(::alloc::intrinsics::write_box_via_move(::alloc::boxed::Box::new_uninit(),
                [NON_FMT_PANICS]))
    }
}
impl NonPanicFmt {
    #[allow(unused)]
    pub fn lint_vec() -> ::rustc_lint_defs::LintVec {
        ::alloc::boxed::box_assume_init_into_vec_unsafe(::alloc::intrinsics::write_box_via_move(::alloc::boxed::Box::new_uninit(),
                [NON_FMT_PANICS]))
    }
}declare_lint_pass!(NonPanicFmt => [NON_FMT_PANICS]);
47
48impl<'tcx> LateLintPass<'tcx> for NonPanicFmt {
49    fn check_expr(&mut self, cx: &LateContext<'tcx>, expr: &'tcx hir::Expr<'tcx>) {
50        if let hir::ExprKind::Call(f, [arg]) = &expr.kind
51            && let &ty::FnDef(def_id, _) = cx.typeck_results().expr_ty(f).kind()
52        {
53            let f_diagnostic_name = cx.tcx.get_diagnostic_name(def_id);
54
55            if cx.tcx.is_lang_item(def_id, LangItem::BeginPanic)
56                || cx.tcx.is_lang_item(def_id, LangItem::Panic)
57                || f_diagnostic_name == Some(sym::panic_str_2015)
58            {
59                if let Some(id) = f.span.ctxt().outer_expn_data().macro_def_id {
60                    if #[allow(non_exhaustive_omitted_patterns)] match cx.tcx.get_diagnostic_name(id)
    {
    Some(sym::core_panic_2015_macro | sym::std_panic_2015_macro) => true,
    _ => false,
}matches!(
61                        cx.tcx.get_diagnostic_name(id),
62                        Some(sym::core_panic_2015_macro | sym::std_panic_2015_macro)
63                    ) {
64                        check_panic(cx, f, arg);
65                    }
66                }
67            } else if f_diagnostic_name == Some(sym::unreachable_display) {
68                if let Some(id) = f.span.ctxt().outer_expn_data().macro_def_id
69                    && cx.tcx.is_diagnostic_item(sym::unreachable_2015_macro, id)
70                {
71                    check_panic(
72                        cx,
73                        f,
74                        // This is safe because we checked above that the callee is indeed
75                        // unreachable_display
76                        match &arg.kind {
77                            // Get the borrowed arg not the borrow
78                            hir::ExprKind::AddrOf(ast::BorrowKind::Ref, _, arg) => arg,
79                            _ => ::rustc_middle::util::bug::bug_fmt(format_args!("call to unreachable_display without borrow"))bug!("call to unreachable_display without borrow"),
80                        },
81                    );
82                }
83            }
84        }
85    }
86}
87
88fn check_panic<'tcx>(cx: &LateContext<'tcx>, f: &'tcx hir::Expr<'tcx>, arg: &'tcx hir::Expr<'tcx>) {
89    if let hir::ExprKind::Lit(lit) = &arg.kind {
90        if let ast::LitKind::Str(sym, _) = lit.node {
91            // The argument is a string literal.
92            check_panic_str(cx, f, arg, sym.as_str());
93            return;
94        }
95    }
96
97    // The argument is *not* a string literal.
98
99    let (span, panic, symbol) = panic_call(cx, f);
100
101    if span.in_external_macro(cx.sess().source_map()) {
102        // Nothing that can be done about it in the current crate.
103        return;
104    }
105
106    // Find the span of the argument to `panic!()` or `unreachable!`, before expansion in the
107    // case of `panic!(some_macro!())` or `unreachable!(some_macro!())`.
108    // We don't use source_callsite(), because this `panic!(..)` might itself
109    // be expanded from another macro, in which case we want to stop at that
110    // expansion.
111    let mut arg_span = arg.span;
112    let mut arg_macro = None;
113    while !span.contains(arg_span) {
114        let ctxt = arg_span.ctxt();
115        if ctxt.is_root() {
116            break;
117        }
118        let expn = ctxt.outer_expn_data();
119        arg_macro = expn.macro_def_id;
120        arg_span = expn.call_site;
121    }
122
123    cx.span_lint(NON_FMT_PANICS, arg_span, |lint| {
124        lint.primary_message(rustc_errors::DiagMessage::Inline(std::borrow::Cow::Borrowed("panic message is not a string literal"))msg!("panic message is not a string literal"));
125        lint.arg("name", symbol);
126        lint.note(rustc_errors::DiagMessage::Inline(std::borrow::Cow::Borrowed("this usage of `{$name}!()` is deprecated; it will be a hard error in Rust 2021"))msg!("this usage of `{$name}!()` is deprecated; it will be a hard error in Rust 2021"));
127        lint.note(rustc_errors::DiagMessage::Inline(std::borrow::Cow::Borrowed("for more information, see <https://doc.rust-lang.org/edition-guide/rust-2021/panic-macro-consistency.html>"))msg!("for more information, see <https://doc.rust-lang.org/edition-guide/rust-2021/panic-macro-consistency.html>"));
128        if !is_arg_inside_call(arg_span, span) {
129            // No clue where this argument is coming from.
130            return;
131        }
132        if arg_macro.is_some_and(|id| cx.tcx.is_diagnostic_item(sym::format_macro, id)) {
133            // A case of `panic!(format!(..))`.
134            lint.note(rustc_errors::DiagMessage::Inline(std::borrow::Cow::Borrowed("the `{$name}!()` macro supports formatting, so there's no need for the `format!()` macro here"))msg!("the `{$name}!()` macro supports formatting, so there's no need for the `format!()` macro here"));
135            if let Some((open, close, _)) = find_delimiters(cx, arg_span) {
136                lint.multipart_suggestion(
137                    rustc_errors::DiagMessage::Inline(std::borrow::Cow::Borrowed("remove the `format!(..)` macro call"))msg!("remove the `format!(..)` macro call"),
138                    ::alloc::boxed::box_assume_init_into_vec_unsafe(::alloc::intrinsics::write_box_via_move(::alloc::boxed::Box::new_uninit(),
        [(arg_span.until(open.shrink_to_hi()), "".into()),
                (close.until(arg_span.shrink_to_hi()), "".into())]))vec![
139                        (arg_span.until(open.shrink_to_hi()), "".into()),
140                        (close.until(arg_span.shrink_to_hi()), "".into()),
141                    ],
142                    Applicability::MachineApplicable,
143                );
144            }
145        } else {
146            let ty = cx.typeck_results().expr_ty(arg);
147            // If this is a &str or String, we can confidently give the `"{}", ` suggestion.
148            let is_str = #[allow(non_exhaustive_omitted_patterns)] match ty.kind() {
    ty::Ref(_, r, _) if r.is_str() => true,
    _ => false,
}matches!(
149                ty.kind(),
150                ty::Ref(_, r, _) if r.is_str(),
151            ) || #[allow(non_exhaustive_omitted_patterns)] match ty.ty_adt_def() {
    Some(ty_def) if cx.tcx.is_lang_item(ty_def.did(), LangItem::String) =>
        true,
    _ => false,
}matches!(
152                ty.ty_adt_def(),
153                Some(ty_def) if cx.tcx.is_lang_item(ty_def.did(), LangItem::String),
154            );
155
156            let (infcx, param_env) = cx.tcx.infer_ctxt().build_with_typing_env(cx.typing_env());
157            let suggest_display = is_str
158                || cx
159                    .tcx
160                    .get_diagnostic_item(sym::Display)
161                    .is_some_and(|t| infcx.type_implements_trait(t, [ty], param_env).may_apply());
162            let suggest_debug = !suggest_display
163                && cx
164                    .tcx
165                    .get_diagnostic_item(sym::Debug)
166                    .is_some_and(|t| infcx.type_implements_trait(t, [ty], param_env).may_apply());
167
168            let suggest_panic_any = !is_str && panic == Some(sym::std_panic_macro);
169
170            let fmt_applicability = if suggest_panic_any {
171                // If we can use panic_any, use that as the MachineApplicable suggestion.
172                Applicability::MaybeIncorrect
173            } else {
174                // If we don't suggest panic_any, using a format string is our best bet.
175                Applicability::MachineApplicable
176            };
177
178            if suggest_display {
179                lint.span_suggestion_verbose(
180                    arg_span.shrink_to_lo(),
181                    rustc_errors::DiagMessage::Inline(std::borrow::Cow::Borrowed("add a \"{\"{\"}{\"}\"}\" format string to `Display` the message"))msg!(r#"add a "{"{"}{"}"}" format string to `Display` the message"#),
182                    "\"{}\", ",
183                    fmt_applicability,
184                );
185            } else if suggest_debug {
186                lint.arg("ty", ty);
187                lint.span_suggestion_verbose(
188                    arg_span.shrink_to_lo(),
189                    rustc_errors::DiagMessage::Inline(std::borrow::Cow::Borrowed("add a \"{\"{\"}:?{\"}\"}\" format string to use the `Debug` implementation of `{$ty}`"))msg!(r#"add a "{"{"}:?{"}"}" format string to use the `Debug` implementation of `{$ty}`"#),
190                    "\"{:?}\", ",
191                    fmt_applicability,
192                );
193            }
194
195            if suggest_panic_any {
196                if let Some((open, close, del)) = find_delimiters(cx, span) {
197                    lint.arg("already_suggested", suggest_display || suggest_debug);
198                    lint.multipart_suggestion(
199                        rustc_errors::DiagMessage::Inline(std::borrow::Cow::Borrowed("{$already_suggested ->\n                                [true] or use\n                                *[false] use\n                            } std::panic::panic_any instead"))msg!(
200                            "{$already_suggested ->
201                                [true] or use
202                                *[false] use
203                            } std::panic::panic_any instead"
204                        ),
205                        if del == '(' {
206                            ::alloc::boxed::box_assume_init_into_vec_unsafe(::alloc::intrinsics::write_box_via_move(::alloc::boxed::Box::new_uninit(),
        [(span.until(open), "std::panic::panic_any".into())]))vec![(span.until(open), "std::panic::panic_any".into())]
207                        } else {
208                            ::alloc::boxed::box_assume_init_into_vec_unsafe(::alloc::intrinsics::write_box_via_move(::alloc::boxed::Box::new_uninit(),
        [(span.until(open.shrink_to_hi()), "std::panic::panic_any(".into()),
                (close, ")".into())]))vec![
209                                (span.until(open.shrink_to_hi()), "std::panic::panic_any(".into()),
210                                (close, ")".into()),
211                            ]
212                        },
213                        Applicability::MachineApplicable,
214                    );
215                }
216            }
217        }
218    });
219}
220
221fn check_panic_str<'tcx>(
222    cx: &LateContext<'tcx>,
223    f: &'tcx hir::Expr<'tcx>,
224    arg: &'tcx hir::Expr<'tcx>,
225    fmt: &str,
226) {
227    if !fmt.contains(&['{', '}']) {
228        // No brace, no problem.
229        return;
230    }
231
232    let (span, _, _) = panic_call(cx, f);
233
234    let sm = cx.sess().source_map();
235    if span.in_external_macro(sm) && arg.span.in_external_macro(sm) {
236        // Nothing that can be done about it in the current crate.
237        return;
238    }
239
240    let fmt_span = arg.span.source_callsite();
241
242    let (snippet, style) = match sm.span_to_snippet(fmt_span) {
243        Ok(snippet) => {
244            // Count the number of `#`s between the `r` and `"`.
245            let style = snippet.strip_prefix('r').and_then(|s| s.find('"'));
246            (Some(snippet), style)
247        }
248        Err(_) => (None, None),
249    };
250
251    let mut fmt_parser = Parser::new(fmt, style, snippet.clone(), false, ParseMode::Format);
252    let n_arguments = (&mut fmt_parser).filter(|a| #[allow(non_exhaustive_omitted_patterns)] match a {
    Piece::NextArgument(_) => true,
    _ => false,
}matches!(a, Piece::NextArgument(_))).count();
253
254    if n_arguments > 0 && fmt_parser.errors.is_empty() {
255        let arg_spans: Vec<_> = match &fmt_parser.arg_places[..] {
256            [] => ::alloc::boxed::box_assume_init_into_vec_unsafe(::alloc::intrinsics::write_box_via_move(::alloc::boxed::Box::new_uninit(),
        [fmt_span]))vec![fmt_span],
257            v => v
258                .iter()
259                .map(|span| fmt_span.from_inner(InnerSpan::new(span.start, span.end)))
260                .collect(),
261        };
262        cx.emit_span_lint(
263            NON_FMT_PANICS,
264            arg_spans,
265            NonFmtPanicUnused {
266                count: n_arguments,
267                suggestion: is_arg_inside_call(arg.span, span).then_some(arg.span),
268            },
269        );
270    } else {
271        let brace_spans: Option<Vec<_>> =
272            snippet.filter(|s| s.starts_with('"') || s.starts_with("r#")).map(|s| {
273                s.char_indices()
274                    .filter(|&(_, c)| c == '{' || c == '}')
275                    .map(|(i, _)| fmt_span.from_inner(InnerSpan { start: i, end: i + 1 }))
276                    .collect()
277            });
278        let count = brace_spans.as_ref().map(|v| v.len()).unwrap_or(/* any number >1 */ 2);
279        cx.emit_span_lint(
280            NON_FMT_PANICS,
281            brace_spans.unwrap_or_else(|| ::alloc::boxed::box_assume_init_into_vec_unsafe(::alloc::intrinsics::write_box_via_move(::alloc::boxed::Box::new_uninit(),
        [span]))vec![span]),
282            NonFmtPanicBraces {
283                count,
284                suggestion: is_arg_inside_call(arg.span, span).then_some(arg.span.shrink_to_lo()),
285            },
286        );
287    }
288}
289
290/// Given the span of `some_macro!(args);`, gives the span of `(` and `)`,
291/// and the type of (opening) delimiter used.
292fn find_delimiters(cx: &LateContext<'_>, span: Span) -> Option<(Span, Span, char)> {
293    let snippet = cx.sess().source_map().span_to_snippet(span).ok()?;
294    let (open, open_ch) = snippet.char_indices().find(|&(_, c)| "([{".contains(c))?;
295    let close = snippet.rfind(|c| ")]}".contains(c))?;
296    Some((
297        span.from_inner(InnerSpan { start: open, end: open + 1 }),
298        span.from_inner(InnerSpan { start: close, end: close + 1 }),
299        open_ch,
300    ))
301}
302
303fn panic_call<'tcx>(
304    cx: &LateContext<'tcx>,
305    f: &'tcx hir::Expr<'tcx>,
306) -> (Span, Option<Symbol>, Symbol) {
307    let mut expn = f.span.ctxt().outer_expn_data();
308
309    let mut panic_macro = None;
310
311    // Unwrap more levels of macro expansion, as panic_2015!()
312    // was likely expanded from panic!() and possibly from
313    // [debug_]assert!().
314    loop {
315        let parent = expn.call_site.ctxt().outer_expn_data();
316        let Some(id) = parent.macro_def_id else { break };
317        let Some(name) = cx.tcx.get_diagnostic_name(id) else { break };
318        if !#[allow(non_exhaustive_omitted_patterns)] match name {
    sym::core_panic_macro | sym::std_panic_macro | sym::assert_macro |
        sym::debug_assert_macro | sym::unreachable_macro => true,
    _ => false,
}matches!(
319            name,
320            sym::core_panic_macro
321                | sym::std_panic_macro
322                | sym::assert_macro
323                | sym::debug_assert_macro
324                | sym::unreachable_macro
325        ) {
326            break;
327        }
328        expn = parent;
329        panic_macro = Some(name);
330    }
331
332    let macro_symbol =
333        if let hygiene::ExpnKind::Macro(_, symbol) = expn.kind { symbol } else { sym::panic };
334    (expn.call_site, panic_macro, macro_symbol)
335}
336
337fn is_arg_inside_call(arg: Span, call: Span) -> bool {
338    // We only add suggestions if the argument we're looking at appears inside the
339    // panic call in the source file, to avoid invalid suggestions when macros are involved.
340    // We specifically check for the spans to not be identical, as that happens sometimes when
341    // proc_macros lie about spans and apply the same span to all the tokens they produce.
342    call.contains(arg) && !call.source_equal(arg)
343}