feat: add panic detection rules and IsUnsafe function matcher

Author: scottgerring

cargo_pup_lint_config/src/function_lint/builder.rs

@@ -138,6 +138,37 @@ impl<'a> FunctionConstraintBuilder<'a> {
         self
     }
 
+    /// Forbid unwrap/expect calls on Option and Result
+    /// This detects: Option::unwrap, Option::expect, Result::unwrap, Result::expect,
+    /// Result::unwrap_err, Result::expect_err
+    pub fn no_unwrap(mut self) -> Self {
+        self.add_rule_internal(FunctionRule::NoUnwrap(self.current_severity));
+        self
+    }
+
+    /// Forbid all panic-family macros: panic!(), unreachable!(), unimplemented!(), todo!(), assert!()
+    /// Note: MIR-level analysis cannot distinguish between these macros as they all
+    /// compile to similar underlying panic functions.
+    pub fn no_panic(mut self) -> Self {
+        self.add_rule_internal(FunctionRule::NoPanic(self.current_severity));
+        self
+    }
+
+    /// Forbid index bounds panics
+    pub fn no_index_panic(mut self) -> Self {
+        self.add_rule_internal(FunctionRule::NoIndexPanic(self.current_severity));
+        self
+    }
+
+    /// Convenience method: forbid ALL panic sources
+    /// This adds all panic-related rules: NoUnwrap, NoPanic, and NoIndexPanic
+    pub fn no_panics(mut self) -> Self {
+        self.add_rule_internal(FunctionRule::NoUnwrap(self.current_severity));
+        self.add_rule_internal(FunctionRule::NoPanic(self.current_severity));
+        self.add_rule_internal(FunctionRule::NoIndexPanic(self.current_severity));
+        self
+    }
+
     /// Create a new MaxLength rule with the current severity
     pub fn create_max_length_rule(&self, length: usize) -> FunctionRule {
         FunctionRule::MaxLength(length, self.current_severity)

cargo_pup_lint_config/src/function_lint/matcher.rs

@@ -80,6 +80,11 @@ impl FunctionMatcher {
     pub fn is_async(&self) -> FunctionMatchNode {
         FunctionMatchNode::Leaf(FunctionMatch::IsAsync)
     }
+
+    /// Matches unsafe functions
+    pub fn is_unsafe(&self) -> FunctionMatchNode {
+        FunctionMatchNode::Leaf(FunctionMatch::IsUnsafe)
+    }
 }
 
 /// Node in the matcher expression tree

cargo_pup_lint_config/src/function_lint/types.rs

@@ -37,6 +37,8 @@ pub enum FunctionMatch {
     ReturnsType(ReturnTypePattern),
     /// Match async functions
     IsAsync,
+    /// Match unsafe functions
+    IsUnsafe,
     /// Logical AND - both patterns must match
     AndMatches(Box<FunctionMatch>, Box<FunctionMatch>),
     /// Logical OR - either pattern must match
@@ -64,6 +66,15 @@ pub enum FunctionRule {
     MustNotExist(Severity),
     /// Enforces that a function must not perform heap allocations
     NoAllocation(Severity),
+    /// Enforces that a function must not call unwrap/expect on Option or Result
+    NoUnwrap(Severity),
+    /// Enforces that a function must not use any panic-family macros.
+    /// This includes: panic!(), unreachable!(), unimplemented!(), todo!(), and assert!().
+    /// Note: MIR-level analysis cannot distinguish between these macros as they all
+    /// compile to similar underlying panic functions.
+    NoPanic(Severity),
+    /// Enforces that a function must not trigger index bounds panics
+    NoIndexPanic(Severity),
 }
 
 // Helper methods for FunctionRule

cargo_pup_lint_impl/src/lints/function_lint/lint.rs

@@ -11,10 +11,11 @@ use rustc_lint::{LateContext, LateLintPass, LintStore};
 use rustc_middle::ty::TyKind;
 use rustc_session::impl_lint_pass;
 use rustc_span::BytePos;
-use std::collections::HashMap;
+use std::collections::{HashMap, HashSet};
 use std::sync::Mutex;
 
 use super::no_allocation::detect_allocation_in_mir;
+use super::no_panic::{PanicCategory, detect_panic_in_mir};
 
 // Helper: retrieve the concrete Self type of the impl the method belongs to, if any
 fn get_self_type<'tcx>(
@@ -60,7 +61,38 @@ impl FunctionLint {
         evaluate_function_match(&self.matches, ctx, module_path, function_name, fn_def_id)
     }
 
-    // Evaluates the complex matcher structure to determine if a function matches
+    /// Helper method to check a single panic category and emit a lint if found
+    fn check_panic_category(
+        &self,
+        ctx: &LateContext<'_>,
+        fn_def_id: rustc_hir::def_id::DefId,
+        severity: cargo_pup_lint_config::Severity,
+        category: PanicCategory,
+        rule_name: &str,
+    ) {
+        if ctx.tcx.is_mir_available(fn_def_id) {
+            let mir = ctx.tcx.optimized_mir(fn_def_id);
+            let mut categories = HashSet::new();
+            categories.insert(category);
+
+            // Use a fresh cache for each check to avoid cross-category pollution
+            let mut local_cache = HashMap::new();
+
+            if let Some(violation) =
+                detect_panic_in_mir(ctx.tcx, mir, &mut local_cache, &categories)
+            {
+                span_lint_and_help(
+                    ctx,
+                    FUNCTION_LINT::get_by_severity(severity),
+                    self.name().as_str(),
+                    violation.span,
+                    format!("Function may panic: {}", violation.reason),
+                    None,
+                    format!("Remove panic paths to satisfy the {} rule", rule_name),
+                );
+            }
+        }
+    }
 }
 
 fn evaluate_function_match(
@@ -204,6 +236,40 @@ fn evaluate_function_match(
             }
             false
         }
+        FunctionMatch::IsUnsafe => {
+            // Check if the function is unsafe by examining the HIR
+            if let Some(local_def_id) = fn_def_id.as_local() {
+                let node = ctx.tcx.hir_node_by_def_id(local_def_id);
+                match node {
+                    rustc_hir::Node::Item(item) => {
+                        if let rustc_hir::ItemKind::Fn { sig, .. } = &item.kind {
+                            return matches!(
+                                sig.header.safety,
+                                rustc_hir::HeaderSafety::Normal(rustc_hir::Safety::Unsafe)
+                            );
+                        }
+                    }
+                    rustc_hir::Node::TraitItem(trait_item) => {
+                        if let rustc_hir::TraitItemKind::Fn(sig, _) = &trait_item.kind {
+                            return matches!(
+                                sig.header.safety,
+                                rustc_hir::HeaderSafety::Normal(rustc_hir::Safety::Unsafe)
+                            );
+                        }
+                    }
+                    rustc_hir::Node::ImplItem(impl_item) => {
+                        if let rustc_hir::ImplItemKind::Fn(sig, _) = &impl_item.kind {
+                            return matches!(
+                                sig.header.safety,
+                                rustc_hir::HeaderSafety::Normal(rustc_hir::Safety::Unsafe)
+                            );
+                        }
+                    }
+                    _ => {}
+                }
+            }
+            false
+        }
         FunctionMatch::AndMatches(left, right) => {
             evaluate_function_match(left, ctx, module_path, function_name, fn_def_id)
                 && evaluate_function_match(right, ctx, module_path, function_name, fn_def_id)
@@ -381,6 +447,33 @@ impl<'tcx> LateLintPass<'tcx> for FunctionLint {
                             }
                         }
                     }
+                    FunctionRule::NoUnwrap(severity) => {
+                        self.check_panic_category(
+                            ctx,
+                            fn_def_id,
+                            *severity,
+                            PanicCategory::Unwrap,
+                            "NoUnwrap",
+                        );
+                    }
+                    FunctionRule::NoPanic(severity) => {
+                        self.check_panic_category(
+                            ctx,
+                            fn_def_id,
+                            *severity,
+                            PanicCategory::ExplicitPanic,
+                            "NoPanic",
+                        );
+                    }
+                    FunctionRule::NoIndexPanic(severity) => {
+                        self.check_panic_category(
+                            ctx,
+                            fn_def_id,
+                            *severity,
+                            PanicCategory::IndexBounds,
+                            "NoIndexPanic",
+                        );
+                    }
                 }
             }
         }
@@ -506,6 +599,33 @@ impl<'tcx> LateLintPass<'tcx> for FunctionLint {
                             }
                         }
                     }
+                    FunctionRule::NoUnwrap(severity) => {
+                        self.check_panic_category(
+                            ctx,
+                            fn_def_id,
+                            *severity,
+                            PanicCategory::Unwrap,
+                            "NoUnwrap",
+                        );
+                    }
+                    FunctionRule::NoPanic(severity) => {
+                        self.check_panic_category(
+                            ctx,
+                            fn_def_id,
+                            *severity,
+                            PanicCategory::ExplicitPanic,
+                            "NoPanic",
+                        );
+                    }
+                    FunctionRule::NoIndexPanic(severity) => {
+                        self.check_panic_category(
+                            ctx,
+                            fn_def_id,
+                            *severity,
+                            PanicCategory::IndexBounds,
+                            "NoIndexPanic",
+                        );
+                    }
                 }
             }
         }

cargo_pup_lint_impl/src/lints/function_lint/mod.rs

@@ -2,5 +2,6 @@
 
 mod lint;
 mod no_allocation;
+mod no_panic;
 
 pub use lint::FunctionLint;