-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathlarge_stack_frames.rs
More file actions
278 lines (254 loc) · 10.8 KB
/
large_stack_frames.rs
File metadata and controls
278 lines (254 loc) · 10.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
use std::{fmt, ops};
use clippy_config::Conf;
use clippy_utils::diagnostics::span_lint_and_then;
use clippy_utils::source::{HasSession, SpanRangeExt};
use clippy_utils::{fn_has_unsatisfiable_preds, is_entrypoint_fn, is_in_test};
use rustc_errors::Diag;
use rustc_hir::def_id::LocalDefId;
use rustc_hir::intravisit::FnKind;
use rustc_hir::{Body, FnDecl};
use rustc_lexer::is_ident;
use rustc_lint::{LateContext, LateLintPass};
use rustc_session::impl_lint_pass;
use rustc_span::{Span, SyntaxContext};
declare_clippy_lint! {
/// ### What it does
/// Checks for functions that use a lot of stack space.
///
/// This often happens when constructing a large type, such as an array with a lot of elements,
/// or constructing *many* smaller-but-still-large structs, or copying around a lot of large types.
///
/// This lint is a more general version of [`large_stack_arrays`](https://rust-lang.github.io/rust-clippy/master/#large_stack_arrays)
/// that is intended to look at functions as a whole instead of only individual array expressions inside of a function.
///
/// ### Why is this bad?
/// The stack region of memory is very limited in size (usually *much* smaller than the heap) and attempting to
/// use too much will result in a stack overflow and crash the program.
/// To avoid this, you should consider allocating large types on the heap instead (e.g. by boxing them).
///
/// Keep in mind that the code path to construction of large types does not even need to be reachable;
/// it purely needs to *exist* inside of the function to contribute to the stack size.
/// For example, this causes a stack overflow even though the branch is unreachable:
/// ```rust,ignore
/// fn main() {
/// if false {
/// let x = [0u8; 10000000]; // 10 MB stack array
/// black_box(&x);
/// }
/// }
/// ```
///
/// ### Known issues
/// False positives. The stack size that clippy sees is an estimated value and can be vastly different
/// from the actual stack usage after optimizations passes have run (especially true in release mode).
/// Modern compilers are very smart and are able to optimize away a lot of unnecessary stack allocations.
/// In debug mode however, it is usually more accurate.
///
/// This lint works by summing up the size of all variables that the user typed, variables that were
/// implicitly introduced by the compiler for temporaries, function arguments and the return value,
/// and comparing them against a (configurable, but high-by-default).
///
/// ### Example
/// This function creates four 500 KB arrays on the stack. Quite big but just small enough to not trigger `large_stack_arrays`.
/// However, looking at the function as a whole, it's clear that this uses a lot of stack space.
/// ```no_run
/// struct QuiteLargeType([u8; 500_000]);
/// fn foo() {
/// // ... some function that uses a lot of stack space ...
/// let _x1 = QuiteLargeType([0; 500_000]);
/// let _x2 = QuiteLargeType([0; 500_000]);
/// let _x3 = QuiteLargeType([0; 500_000]);
/// let _x4 = QuiteLargeType([0; 500_000]);
/// }
/// ```
///
/// Instead of doing this, allocate the arrays on the heap.
/// This currently requires going through a `Vec` first and then converting it to a `Box`:
/// ```no_run
/// struct NotSoLargeType(Box<[u8]>);
///
/// fn foo() {
/// let _x1 = NotSoLargeType(vec![0; 500_000].into_boxed_slice());
/// // ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Now heap allocated.
/// // The size of `NotSoLargeType` is 16 bytes.
/// // ...
/// }
/// ```
#[clippy::version = "1.72.0"]
pub LARGE_STACK_FRAMES,
nursery,
"checks for functions that allocate a lot of stack space"
}
impl_lint_pass!(LargeStackFrames => [LARGE_STACK_FRAMES]);
pub struct LargeStackFrames {
maximum_allowed_size: u64,
allow_large_stack_frames_in_tests: bool,
}
impl LargeStackFrames {
pub fn new(conf: &'static Conf) -> Self {
Self {
maximum_allowed_size: conf.stack_size_threshold,
allow_large_stack_frames_in_tests: conf.allow_large_stack_frames_in_tests,
}
}
}
#[derive(Copy, Clone)]
enum Space {
Used(u64),
Overflow,
}
impl Space {
pub fn exceeds_limit(self, limit: u64) -> bool {
match self {
Self::Used(used) => used > limit,
Self::Overflow => true,
}
}
}
impl fmt::Display for Space {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
match self {
Space::Used(1) => write!(f, "1 byte"),
Space::Used(n) => write!(f, "{n} bytes"),
Space::Overflow => write!(f, "over 2⁶⁴-1 bytes"),
}
}
}
impl ops::Add<u64> for Space {
type Output = Self;
fn add(self, rhs: u64) -> Self {
match self {
Self::Used(lhs) => match lhs.checked_add(rhs) {
Some(sum) => Self::Used(sum),
None => Self::Overflow,
},
Self::Overflow => self,
}
}
}
impl<'tcx> LateLintPass<'tcx> for LargeStackFrames {
fn check_fn(
&mut self,
cx: &LateContext<'tcx>,
fn_kind: FnKind<'tcx>,
_: &'tcx FnDecl<'tcx>,
_: &'tcx Body<'tcx>,
entire_fn_span: Span,
local_def_id: LocalDefId,
) {
let def_id = local_def_id.to_def_id();
// Building MIR for `fn`s with unsatisfiable preds results in ICE.
if fn_has_unsatisfiable_preds(cx, def_id) {
return;
}
let mir = cx.tcx.optimized_mir(def_id);
let typing_env = mir.typing_env(cx.tcx);
let sizes_of_locals = mir
.local_decls
.iter()
.filter_map(|local| {
let layout = cx.tcx.layout_of(typing_env.as_query_input(local.ty)).ok()?;
Some((local, layout.size.bytes()))
})
.collect::<Vec<_>>();
let frame_size = sizes_of_locals
.iter()
.fold(Space::Used(0), |sum, (_, size)| sum + *size);
let limit = self.maximum_allowed_size;
if frame_size.exceeds_limit(limit) {
// Point at just the function name if possible, because lints that span
// the entire body and don't have to are less legible.
let (fn_span, fn_name) = match fn_kind {
FnKind::ItemFn(ident, _, _) => (ident.span, format!("function `{}`", ident.name)),
FnKind::Method(ident, _) => (ident.span, format!("method `{}`", ident.name)),
FnKind::Closure => (entire_fn_span, "closure".to_string()),
};
// Don't lint inside tests if configured to not do so.
if self.allow_large_stack_frames_in_tests && is_in_test(cx.tcx, cx.tcx.local_def_id_to_hir_id(local_def_id))
{
return;
}
let explain_lint = |diag: &mut Diag<'_, ()>, ctxt: SyntaxContext| {
// Point out the largest individual contribution to this size, because
// it is the most likely to be unintentionally large.
if let Some((local, size)) = sizes_of_locals.iter().max_by_key(|&(_, size)| size)
&& let local_span = local.source_info.span
&& local_span.ctxt() == ctxt
{
let size = Space::Used(*size); // pluralizes for us
let ty = local.ty;
// TODO: Is there a cleaner, robust way to ask this question?
// The obvious `LocalDecl::is_user_variable()` panics on "unwrapping cross-crate data",
// and that doesn't get us the true name in scope rather than the span text either.
if let Some(name) = local_span.get_source_text(cx)
&& is_ident(&name)
{
// If the local is an ordinary named variable,
// print its name rather than relying solely on the span.
diag.span_label(
local_span,
format!("`{name}` is the largest part, at {size} for type `{ty}`"),
);
} else {
diag.span_label(
local_span,
format!("this is the largest part, at {size} for type `{ty}`"),
);
}
}
// Explain why we are linting this and not other functions.
diag.note(format!(
"{frame_size} is larger than Clippy's configured `stack-size-threshold` of {limit}"
));
// Explain why the user should care, briefly.
diag.note_once(
"allocating large amounts of stack space can overflow the stack \
and cause the program to abort",
);
};
if fn_span.from_expansion() {
// Don't lint on the main function generated by `--test` target
if cx.sess().is_test_crate() && is_entrypoint_fn(cx, local_def_id.to_def_id()) {
return;
}
let is_from_external_macro = fn_span.in_external_macro(cx.sess().source_map());
span_lint_and_then(
cx,
LARGE_STACK_FRAMES,
fn_span.source_callsite(),
format!(
"{} generated by this macro may allocate a lot of stack space",
if is_from_external_macro {
cx.tcx.def_descr(local_def_id.into())
} else {
fn_name.as_str()
}
),
|diag| {
if is_from_external_macro {
return;
}
diag.span_label(
fn_span,
format!(
"this {} has a stack frame size of {frame_size}",
cx.tcx.def_descr(local_def_id.into())
),
);
explain_lint(diag, fn_span.ctxt());
},
);
return;
}
span_lint_and_then(
cx,
LARGE_STACK_FRAMES,
fn_span,
format!("this function may allocate {frame_size} on the stack"),
|diag| {
explain_lint(diag, SyntaxContext::root());
},
);
}
}
}
