Merge pull request rust-lang#1 from J-ZhengLi/dev_stable

add new lints: [`mem_unsafe_functions`], [`unsafe_block_in_proc_macro`] and [`implicit_abi`]

Author: surechen

CHANGELOG.md

@@ -4532,6 +4532,7 @@ Released 2018-09-13
 [`extend_with_drain`]: https://rust-lang.github.io/rust-clippy/master/index.html#extend_with_drain
 [`extra_unused_lifetimes`]: https://rust-lang.github.io/rust-clippy/master/index.html#extra_unused_lifetimes
 [`extra_unused_type_parameters`]: https://rust-lang.github.io/rust-clippy/master/index.html#extra_unused_type_parameters
+[`falliable_memory_allocation`]: https://rust-lang.github.io/rust-clippy/master/index.html#falliable_memory_allocation
 [`fallible_impl_from`]: https://rust-lang.github.io/rust-clippy/master/index.html#fallible_impl_from
 [`field_reassign_with_default`]: https://rust-lang.github.io/rust-clippy/master/index.html#field_reassign_with_default
 [`filetype_is_file`]: https://rust-lang.github.io/rust-clippy/master/index.html#filetype_is_file
@@ -4579,6 +4580,7 @@ Released 2018-09-13
 [`if_then_some_else_none`]: https://rust-lang.github.io/rust-clippy/master/index.html#if_then_some_else_none
 [`ifs_same_cond`]: https://rust-lang.github.io/rust-clippy/master/index.html#ifs_same_cond
 [`impl_trait_in_params`]: https://rust-lang.github.io/rust-clippy/master/index.html#impl_trait_in_params
+[`implicit_abi`]: https://rust-lang.github.io/rust-clippy/master/index.html#implicit_abi
 [`implicit_clone`]: https://rust-lang.github.io/rust-clippy/master/index.html#implicit_clone
 [`implicit_hasher`]: https://rust-lang.github.io/rust-clippy/master/index.html#implicit_hasher
 [`implicit_return`]: https://rust-lang.github.io/rust-clippy/master/index.html#implicit_return
@@ -4707,6 +4709,7 @@ Released 2018-09-13
 [`mem_replace_option_with_none`]: https://rust-lang.github.io/rust-clippy/master/index.html#mem_replace_option_with_none
 [`mem_replace_with_default`]: https://rust-lang.github.io/rust-clippy/master/index.html#mem_replace_with_default
 [`mem_replace_with_uninit`]: https://rust-lang.github.io/rust-clippy/master/index.html#mem_replace_with_uninit
+[`mem_unsafe_functions`]: https://rust-lang.github.io/rust-clippy/master/index.html#mem_unsafe_functions
 [`min_max`]: https://rust-lang.github.io/rust-clippy/master/index.html#min_max
 [`misaligned_transmute`]: https://rust-lang.github.io/rust-clippy/master/index.html#misaligned_transmute
 [`mismatched_target_os`]: https://rust-lang.github.io/rust-clippy/master/index.html#mismatched_target_os
@@ -4813,6 +4816,7 @@ Released 2018-09-13
 [`partial_pub_fields`]: https://rust-lang.github.io/rust-clippy/master/index.html#partial_pub_fields
 [`partialeq_ne_impl`]: https://rust-lang.github.io/rust-clippy/master/index.html#partialeq_ne_impl
 [`partialeq_to_none`]: https://rust-lang.github.io/rust-clippy/master/index.html#partialeq_to_none
+[`passing_string_to_c_functions`]: https://rust-lang.github.io/rust-clippy/master/index.html#passing_string_to_c_functions
 [`path_buf_push_overwrite`]: https://rust-lang.github.io/rust-clippy/master/index.html#path_buf_push_overwrite
 [`pattern_type_mismatch`]: https://rust-lang.github.io/rust-clippy/master/index.html#pattern_type_mismatch
 [`permissions_set_readonly_false`]: https://rust-lang.github.io/rust-clippy/master/index.html#permissions_set_readonly_false
@@ -5003,13 +5007,15 @@ Released 2018-09-13
 [`unnested_or_patterns`]: https://rust-lang.github.io/rust-clippy/master/index.html#unnested_or_patterns
 [`unreachable`]: https://rust-lang.github.io/rust-clippy/master/index.html#unreachable
 [`unreadable_literal`]: https://rust-lang.github.io/rust-clippy/master/index.html#unreadable_literal
+[`unsafe_block_in_proc_macro`]: https://rust-lang.github.io/rust-clippy/master/index.html#unsafe_block_in_proc_macro
 [`unsafe_derive_deserialize`]: https://rust-lang.github.io/rust-clippy/master/index.html#unsafe_derive_deserialize
 [`unsafe_removed_from_name`]: https://rust-lang.github.io/rust-clippy/master/index.html#unsafe_removed_from_name
 [`unsafe_vector_initialization`]: https://rust-lang.github.io/rust-clippy/master/index.html#unsafe_vector_initialization
 [`unseparated_literal_suffix`]: https://rust-lang.github.io/rust-clippy/master/index.html#unseparated_literal_suffix
 [`unsound_collection_transmute`]: https://rust-lang.github.io/rust-clippy/master/index.html#unsound_collection_transmute
 [`unstable_as_mut_slice`]: https://rust-lang.github.io/rust-clippy/master/index.html#unstable_as_mut_slice
 [`unstable_as_slice`]: https://rust-lang.github.io/rust-clippy/master/index.html#unstable_as_slice
+[`untrusted_lib_loading`]: https://rust-lang.github.io/rust-clippy/master/index.html#untrusted_lib_loading
 [`unused_async`]: https://rust-lang.github.io/rust-clippy/master/index.html#unused_async
 [`unused_collect`]: https://rust-lang.github.io/rust-clippy/master/index.html#unused_collect
 [`unused_format_specs`]: https://rust-lang.github.io/rust-clippy/master/index.html#unused_format_specs

clippy_lints/src/declared_lints.rs

@@ -191,9 +191,14 @@ pub(crate) static LINTS: &[&crate::LintInfo] = &[
     crate::functions::TOO_MANY_ARGUMENTS_INFO,
     crate::functions::TOO_MANY_LINES_INFO,
     crate::future_not_send::FUTURE_NOT_SEND_INFO,
+    crate::guidelines::FALLIABLE_MEMORY_ALLOCATION_INFO,
+    crate::guidelines::MEM_UNSAFE_FUNCTIONS_INFO,
+    crate::guidelines::PASSING_STRING_TO_C_FUNCTIONS_INFO,
+    crate::guidelines::UNTRUSTED_LIB_LOADING_INFO,
     crate::if_let_mutex::IF_LET_MUTEX_INFO,
     crate::if_not_else::IF_NOT_ELSE_INFO,
     crate::if_then_some_else_none::IF_THEN_SOME_ELSE_NONE_INFO,
+    crate::implicit_abi::IMPLICIT_ABI_INFO,
     crate::implicit_hasher::IMPLICIT_HASHER_INFO,
     crate::implicit_return::IMPLICIT_RETURN_INFO,
     crate::implicit_saturating_add::IMPLICIT_SATURATING_ADD_INFO,
@@ -628,6 +633,7 @@ pub(crate) static LINTS: &[&crate::LintInfo] = &[
     crate::unnecessary_struct_initialization::UNNECESSARY_STRUCT_INITIALIZATION_INFO,
     crate::unnecessary_wraps::UNNECESSARY_WRAPS_INFO,
     crate::unnested_or_patterns::UNNESTED_OR_PATTERNS_INFO,
+    crate::unsafe_block_in_proc_macro::UNSAFE_BLOCK_IN_PROC_MACRO_INFO,
     crate::unsafe_removed_from_name::UNSAFE_REMOVED_FROM_NAME_INFO,
     crate::unused_async::UNUSED_ASYNC_INFO,
     crate::unused_io_amount::UNUSED_IO_AMOUNT_INFO,

clippy_lints/src/guidelines/falliable_memory_allocation.rs

@@ -0,0 +1 @@
+

clippy_lints/src/guidelines/mem_unsafe_functions.rs

@@ -0,0 +1,45 @@
+use clippy_utils::diagnostics::span_lint_and_help;
+use if_chain::if_chain;
+use rustc_hir::def::Res;
+use rustc_hir::def_id::DefIdSet;
+use rustc_hir::{Expr, ExprKind, Item, ItemKind, QPath};
+use rustc_lint::LateContext;
+
+use super::MEM_UNSAFE_FUNCTIONS;
+
+/// Check extern function definitions.
+///
+/// The main purpose of this function is to load `def_ids` of declared external functions.
+pub(super) fn check_foreign_item(item: &Item<'_>, blacklist: &[String], blacklist_ids: &mut DefIdSet) {
+    if let ItemKind::ForeignMod { items, .. } = item.kind {
+        for f_item in items {
+            if blacklist.contains(&f_item.ident.as_str().to_string()) {
+                let f_did = f_item.id.hir_id().owner.def_id.to_def_id();
+                blacklist_ids.insert(f_did);
+            }
+        }
+    }
+}
+
+/// Check function call expression
+///
+/// Will lint if the name of called function was blacklisted by the configuration.
+pub(super) fn check(cx: &LateContext<'_>, expr: &Expr<'_>, blacklist_ids: &DefIdSet) {
+    if_chain! {
+        if let ExprKind::Call(fn_expr, _) = &expr.kind;
+        if let ExprKind::Path(qpath) = &fn_expr.kind;
+        if let QPath::Resolved(_, path) = qpath;
+        if let Res::Def(_, did) = path.res;
+        if blacklist_ids.contains(&did);
+        then {
+            span_lint_and_help(
+                cx,
+                MEM_UNSAFE_FUNCTIONS,
+                fn_expr.span,
+                "use of potentially dangerous memory manipulation function",
+                None,
+                "consider using its safe version",
+            );
+        }
+    }
+}

clippy_lints/src/guidelines/mod.rs

@@ -0,0 +1,159 @@
+mod falliable_memory_allocation;
+mod mem_unsafe_functions;
+mod passing_string_to_c_functions;
+mod untrusted_lib_loading;
+
+use clippy_utils::def_path_def_ids;
+use rustc_hir as hir;
+use rustc_hir::def_id::{DefId, DefIdSet};
+use rustc_hir::intravisit;
+use rustc_lint::{LateContext, LateLintPass};
+use rustc_session::{declare_tool_lint, impl_lint_pass};
+use rustc_span::def_id::LocalDefId;
+use rustc_span::Span;
+
+declare_clippy_lint! {
+    /// ### What it does
+    /// Checks for direct usage of external functions that modify memory
+    /// without concerning about memory safety, such as `memcpy`, `strcpy`, `strcat` etc.
+    ///
+    /// ### Why is this bad?
+    /// These function can be dangerous when used incorrectly,
+    /// which could potentially introduce vulnerablities such as buffer overflow to the software.
+    ///
+    /// ### Example
+    /// ```rust
+    /// extern "C" {
+    ///     fn memcpy(dest: *mut c_void, src: *const c_void, n: size_t) -> *mut c_void;
+    /// }
+    /// let ptr = unsafe { memcpy(dest, src, size); }
+    /// // Or use via libc
+    /// let ptr = unsafe { libc::memcpy(dest, src, size); }
+    #[clippy::version = "1.70.0"]
+    pub MEM_UNSAFE_FUNCTIONS,
+    nursery,
+    "use of potentially dangerous external functions"
+}
+
+declare_clippy_lint! {
+    /// ### What it does
+    ///
+    /// ### Why is this bad?
+    ///
+    /// ### Example
+    /// ```rust
+    /// // example code where clippy issues a warning
+    /// ```
+    /// Use instead:
+    /// ```rust
+    /// // example code which does not raise clippy warning
+    /// ```
+    #[clippy::version = "1.70.0"]
+    pub UNTRUSTED_LIB_LOADING,
+    nursery,
+    "attempt to load dynamic library from untrusted source"
+}
+
+declare_clippy_lint! {
+    /// ### What it does
+    ///
+    /// ### Why is this bad?
+    ///
+    /// ### Example
+    /// ```rust
+    /// // example code where clippy issues a warning
+    /// ```
+    /// Use instead:
+    /// ```rust
+    /// // example code which does not raise clippy warning
+    /// ```
+    #[clippy::version = "1.70.0"]
+    pub PASSING_STRING_TO_C_FUNCTIONS,
+    nursery,
+    "passing string or str to extern C function"
+}
+
+declare_clippy_lint! {
+    /// ### What it does
+    ///
+    /// ### Why is this bad?
+    ///
+    /// ### Example
+    /// ```rust
+    /// // example code where clippy issues a warning
+    /// ```
+    /// Use instead:
+    /// ```rust
+    /// // example code which does not raise clippy warning
+    /// ```
+    #[clippy::version = "1.70.0"]
+    pub FALLIABLE_MEMORY_ALLOCATION,
+    nursery,
+    "memory allocation without checking arguments and result"
+}
+
+#[derive(Clone, Default)]
+pub struct GuidelineLints {
+    mem_uns_fns: Vec<String>,
+    mem_uns_fns_ty_ids: DefIdSet,
+}
+
+impl GuidelineLints {
+    pub fn new(mem_uns_fns: Vec<String>) -> Self {
+        Self {
+            mem_uns_fns,
+            mem_uns_fns_ty_ids: DefIdSet::new(),
+        }
+    }
+}
+
+impl_lint_pass!(GuidelineLints => [
+    MEM_UNSAFE_FUNCTIONS,
+    UNTRUSTED_LIB_LOADING,
+    PASSING_STRING_TO_C_FUNCTIONS,
+    FALLIABLE_MEMORY_ALLOCATION,
+]);
+
+impl<'tcx> LateLintPass<'tcx> for GuidelineLints {
+    fn check_fn(
+        &mut self,
+        _cx: &LateContext<'tcx>,
+        _kind: intravisit::FnKind<'tcx>,
+        _decl: &'tcx hir::FnDecl<'_>,
+        _body: &'tcx hir::Body<'_>,
+        _span: Span,
+        _def_id: LocalDefId,
+    ) {
+    }
+
+    fn check_crate(&mut self, cx: &LateContext<'tcx>) {
+        // Resolve function names to def_ids from configuration
+        for uns_fns in &self.mem_uns_fns {
+            // Path like function names such as `libc::foo` or `aa::bb::cc::bar`,
+            // this only works with dependencies.
+            if uns_fns.contains("::") {
+                let path: Vec<&str> = uns_fns.split("::").collect();
+                for did in def_path_def_ids(cx, path.as_slice()) {
+                    self.mem_uns_fns_ty_ids.insert(did);
+                }
+            }
+            // Plain function names, then we should take its libc variant into account
+            else if let Some(did) = libc_fn_def_id(cx, uns_fns) {
+                self.mem_uns_fns_ty_ids.insert(did);
+            }
+        }
+    }
+
+    fn check_item(&mut self, _cx: &LateContext<'tcx>, item: &'tcx hir::Item<'_>) {
+        mem_unsafe_functions::check_foreign_item(item, &self.mem_uns_fns, &mut self.mem_uns_fns_ty_ids);
+    }
+
+    fn check_expr(&mut self, cx: &LateContext<'tcx>, expr: &'tcx hir::Expr<'_>) {
+        mem_unsafe_functions::check(cx, expr, &self.mem_uns_fns_ty_ids);
+    }
+}
+
+fn libc_fn_def_id(cx: &LateContext<'_>, fn_name: &str) -> Option<DefId> {
+    let path = &["libc", fn_name];
+    def_path_def_ids(cx, path).next()
+}

clippy_lints/src/guidelines/passing_string_to_c_functions.rs

@@ -0,0 +1 @@
+

clippy_lints/src/guidelines/untrusted_lib_loading.rs

@@ -0,0 +1 @@
+

clippy_lints/src/implicit_abi.rs

@@ -0,0 +1,51 @@
+use clippy_utils::diagnostics::span_lint_and_sugg;
+use rustc_ast::ast::{Item, ItemKind};
+use rustc_errors::Applicability;
+use rustc_lint::{EarlyContext, EarlyLintPass, LintContext};
+use rustc_session::{declare_lint_pass, declare_tool_lint};
+
+declare_clippy_lint! {
+    /// ### What it does
+    /// Checks the external block without explicitly lable its ABI.
+    ///
+    /// ### Why is this bad?
+    /// Implicit ABI has negative impact on code readability.
+    ///
+    /// ### Example
+    /// ```rust
+    /// extern {
+    ///     fn c_function();
+    /// }
+    /// ```
+    /// Use instead:
+    /// ```rust
+    /// extern "C" {
+    ///     fn c_function();
+    /// }
+    /// ```
+    #[clippy::version = "1.70.0"]
+    pub IMPLICIT_ABI,
+    restriction,
+    "external block with implicit ABI"
+}
+
+declare_lint_pass!(ImplicitAbi => [IMPLICIT_ABI]);
+
+impl EarlyLintPass for ImplicitAbi {
+    fn check_item(&mut self, cx: &EarlyContext<'_>, item: &Item) {
+        if let ItemKind::ForeignMod(fm) = &item.kind {
+            if fm.abi.is_none() {
+                let extern_span = cx.sess().source_map().span_until_whitespace(item.span);
+                span_lint_and_sugg(
+                    cx,
+                    IMPLICIT_ABI,
+                    extern_span,
+                    "missing ABI label on extern block",
+                    "explicitly states ABI instead",
+                    "extern \"C\"".to_string(),
+                    Applicability::MachineApplicable,
+                );
+            }
+        }
+    }
+}

clippy_lints/src/lib.rs

@@ -138,9 +138,11 @@ mod from_raw_with_void_ptr;
 mod from_str_radix_10;
 mod functions;
 mod future_not_send;
+mod guidelines;
 mod if_let_mutex;
 mod if_not_else;
 mod if_then_some_else_none;
+mod implicit_abi;
 mod implicit_hasher;
 mod implicit_return;
 mod implicit_saturating_add;
@@ -309,6 +311,7 @@ mod unnecessary_self_imports;
 mod unnecessary_struct_initialization;
 mod unnecessary_wraps;
 mod unnested_or_patterns;
+mod unsafe_block_in_proc_macro;
 mod unsafe_removed_from_name;
 mod unused_async;
 mod unused_io_amount;
@@ -959,6 +962,10 @@ pub fn register_plugins(store: &mut rustc_lint::LintStore, sess: &Session, conf:
     store.register_late_pass(|_| Box::new(tests_outside_test_module::TestsOutsideTestModule));
     store.register_late_pass(|_| Box::new(manual_slice_size_calculation::ManualSliceSizeCalculation));
     store.register_early_pass(|| Box::new(suspicious_doc_comments::SuspiciousDocComments));
+    let mem_unsafe_functions = conf.mem_unsafe_functions.clone();
+    store.register_late_pass(move |_| Box::new(guidelines::GuidelineLints::new(mem_unsafe_functions.clone())));
+    store.register_late_pass(|_| Box::new(unsafe_block_in_proc_macro::UnsafeBlockInProcMacro::new()));
+    store.register_early_pass(|| Box::new(implicit_abi::ImplicitAbi));
     // add lints here, do not remove this comment, it's used in `new_lint`
 }