Add new lint [manual_checked_sub]

[benacq]

Suggest using checked_sub() instead of manual implementation for basic cases.

Partially fixes #12894

changelog: new lint: [manual_checked_sub]

[rustbot]

Thanks for the pull request, and welcome! The Rust team is excited to review your changes, and you should hear from @dswij (or someone else) some time within the next two weeks.

Please see the contribution instructions for more information. Namely, in order to ensure the minimum review times lag, PR authors and assigned reviewers should ensure that the review label (S-waiting-on-review and S-waiting-on-author) stays updated, invoking these commands when appropriate:

• @rustbot author: the review is finished, PR author should check the comments and take action accordingly
• @rustbot review: the author is ready for a review, this PR will be queued again in the reviewer's queue

[samueltardieu]

a.checked_sub(b) will return an Option. The test cases seem to "work" because the results are always ignored.

The following code will fail if the proposed fix is applied:

    if a >= b {
        let _ = (a-b)+1;
    }

[benacq]

a.checked_sub(b) will return an Option. The test cases seem to "work" because the results are always ignored.

The following code will fail if the proposed fix is applied:

    if a >= b {
        let _ = (a-b)+1;
    }

Thanks for the feedback, i think get what you mean.
that will evaluate to

    a.checked_sub(b) + 1

which will try to do: Option<T> + 1, that will fail.
i will rectify and update the PR

[pitaj]

Couple nits

[samueltardieu]

I don't know what to think about the result name. It seems generic, and moreover it may exist. For example, the suggestion for this code will fail to compile:

let mut result = 0;
if a >= b {
    result = a - b;
}

because it will suggest

if let Some(result) = a.checked_sub(b) {
    result = result;
}

[samueltardieu]

You should have a look at the output of lintcheck. Most of the suggestions are wrong because of .checked_sub(0), but once this is fixed, we should examine whether they are beneficial or not.

[benacq]

Thanks for the comprehensive feedback, I will resolve them all and submit an update.

You should have a look at the output of lintcheck. Most of the suggestions are wrong because of .checked_sub(0), but once this is fixed, we should examine whether they are beneficial or not.

[dswij]

r? @samueltardieu

Hope you don't mind since you reviewed this and are now a part of the clippy team :).

[samueltardieu]

@rustbot author

[Jarcho]

There is #11789. It's still held up on other changes right now, but you should at least use the same lint name.

[benacq]

There is #11789. It's still held up on other changes right now, but you should at least use the same lint name.

Thanks for pointing this out, first time seeing this PR.
If we generically catch all checked_* patterns under manual_checked_op lint, what happens when one wants to opt-out of a specific lint? Or doesn't that matter in this case?

Also I am not quite sure about changing the lint name, as that would significantly expand the scope of this PR that has undergone some initial reviews and iterations.
I was considering picking up another checked_* lint after this gets approved.

@samueltardieu thoughts?

[samueltardieu]

After you've handled the review comments, could you please rebase/squash your code into two commits?

• one commit with the new lint
• one commit with the fixes due to this lint in Clippy source code itself

Once the review is satisfactory, I will open a FCP thread on Zulip where we will also discuss the lint name/granularity as mentioned in #14236 (comment).

[samueltardieu]

This file should be removed

[samueltardieu]

This file should be removed

[samueltardieu]

MSRV checking is more expensive than checking for the presence of an if expression or the fact that there is an unsigned subtraction, so it should rather be moved at the end of the subsequent if let check.

[samueltardieu]

Those checks can probably be merged into the earlier if let test.

[samueltardieu]

Suggested change

	fn emit_lint(&mut self) {
	fn emit_lint(&self) {

[samueltardieu]

You can use the shorter

Suggested change

	fn is_unsigned_int<'tcx>(cx: &LateContext<'tcx>, expr: &Expr<'tcx>) -> bool {
	let expr_type = cx.typeck_results().expr_ty(expr).peel_refs();
	if matches!(expr_type.kind(), ty::Uint(_)) {
	return true;
	}
	false
	}
	fn is_unsigned_int(cx: &LateContext<'_>, expr: &Expr<'_>) -> bool {
	matches!(cx.typeck_results().expr_ty(expr).peel_refs().kind(), ty::Uint(_))
	}

Also, please add tests with references since you seem to need to peel them.

[samueltardieu]

I'm not sure modifying this test file is needed, as implicit_saturating_sub requires the modified variable to be mutable, which you filter out.

[samueltardieu]

Why is this needed? You should not detect situations like

if a <= b { b - a } else { a - b }

in your lint, or at least you should make sure that it only triggers if manual_abs_diff doesn't.

[samueltardieu]

Gratuitous line removal

[samueltardieu]

This commented out line should be removed

[Jarcho]

Thanks for pointing this out, first time seeing this PR. If we generically catch all checked_* patterns under manual_checked_op lint, what happens when one wants to opt-out of a specific lint? Or doesn't that matter in this case?

Also I am not quite sure about changing the lint name, as that would significantly expand the scope of this PR that has undergone some initial reviews and iterations. I was considering picking up another checked_* lint after this gets approved.

Having multiple lints is a downside on it's own and this case doesn't really gain anything by splitting them up. There are a large number of checked operations for integer types, all of which are clearer to use the checked_* method rather than implement them inline.

For changing the name you don't have to implement all of them in this PR, just leave a note in the docs for which operations are currently handled.

[rustbot]

☔ The latest upstream changes (possibly 7bac114) made this pull request unmergeable. Please resolve the merge conflicts.