Add new lint: direct-recursion Lint

changelog: new lint: [`direct_recursion`]

Author: felix91gr

CHANGELOG.md

@@ -5721,6 +5721,7 @@ Released 2018-09-13
 [`derive_ord_xor_partial_ord`]: https://rust-lang.github.io/rust-clippy/master/index.html#derive_ord_xor_partial_ord
 [`derive_partial_eq_without_eq`]: https://rust-lang.github.io/rust-clippy/master/index.html#derive_partial_eq_without_eq
 [`derived_hash_with_manual_eq`]: https://rust-lang.github.io/rust-clippy/master/index.html#derived_hash_with_manual_eq
+[`direct_recursion`]: https://rust-lang.github.io/rust-clippy/master/index.html#direct_recursion
 [`disallowed_macros`]: https://rust-lang.github.io/rust-clippy/master/index.html#disallowed_macros
 [`disallowed_method`]: https://rust-lang.github.io/rust-clippy/master/index.html#disallowed_method
 [`disallowed_methods`]: https://rust-lang.github.io/rust-clippy/master/index.html#disallowed_methods

clippy_lints/src/declared_lints.rs

@@ -107,6 +107,7 @@ pub static LINTS: &[&crate::LintInfo] = &[
     crate::derive::DERIVE_PARTIAL_EQ_WITHOUT_EQ_INFO,
     crate::derive::EXPL_IMPL_CLONE_ON_COPY_INFO,
     crate::derive::UNSAFE_DERIVE_DESERIALIZE_INFO,
+    crate::direct_recursion::DIRECT_RECURSION_INFO,
     crate::disallowed_macros::DISALLOWED_MACROS_INFO,
     crate::disallowed_methods::DISALLOWED_METHODS_INFO,
     crate::disallowed_names::DISALLOWED_NAMES_INFO,

clippy_lints/src/direct_recursion.rs

@@ -0,0 +1,68 @@
+use clippy_utils::diagnostics::span_lint;
+use rustc_hir::def::{DefKind, Res};
+use rustc_hir::{Expr, ExprKind, QPath};
+use rustc_lint::{LateContext, LateLintPass};
+use rustc_session::declare_lint_pass;
+
+declare_clippy_lint! {
+    /// ### What it does
+    /// Checks for functions that call themselves from their body.
+    /// ### Why restrict this?
+    /// In Safety Critical contexts, recursive calls can lead to catastrophic crashes if they happen to overflow
+    /// the stack. Recursive calls must therefore be tightly vetted.
+    /// ### Notes
+    ///
+    /// #### Control Flow
+    /// This lint only checks for the existence of recursive calls; it doesn't discriminate based on conditional
+    /// control flow. Recursive calls that are considered safe should instead be vetted and documented accordingly.
+    ///
+    /// #### How to vet recursive calls
+    /// It is recommended that this lint be used in `deny` mode, together with #![deny(clippy::allow_attributes_without_reason)](https://rust-lang.github.io/rust-clippy/master/index.html#allow_attributes_without_reason).
+    ///
+    /// Once that is done, recursive calls can be vetted accordingly:
+    ///
+    /// ```no_run
+    /// fn i_call_myself_in_a_bounded_way(bound: u8) {
+    ///     if bound > 0 {
+    ///        #[expect(
+    ///            clippy::direct_recursion,
+    ///            reason = "Author has audited this function and determined that its recursive call is fine."
+    ///        )]
+    ///         i_call_myself_in_a_bounded_way(bound - 1);
+    ///     }
+    /// }
+    /// ```
+    ///
+    /// Note the use of an `expect` attribute and a `reason` to go along with it.
+    ///
+    /// * The `expect` attribute (instead of `allow`) ensures that the lint being allowed is enabled. This serves as a
+    /// double-check of this lint being used where the author believes it is active.
+    /// * The `reason` field is required by the `clippy::allow_attributes_without_reason` lint. This is very useful for ensuring
+    /// that vetting work is documented.
+    ///
+    /// Recursive calls that are vetted to be correct should always be annotated in such a way.
+    #[clippy::version = "1.89.0"]
+    pub DIRECT_RECURSION,
+    restriction,
+    "functions shall not call themselves directly"
+}
+declare_lint_pass!(DirectRecursion => [DIRECT_RECURSION]);
+
+impl<'tcx> LateLintPass<'tcx> for DirectRecursion {
+    fn check_expr(&mut self, cx: &LateContext<'tcx>, expr: &'tcx Expr<'_>) {
+        if let ExprKind::Call(call_expr, _) = &expr.kind
+            && let body_def_id = cx.tcx.hir_enclosing_body_owner(call_expr.hir_id)
+            && let ExprKind::Path(c_expr_path) = call_expr.kind
+            && let QPath::Resolved(_lhs, path) = c_expr_path
+            && let Res::Def(DefKind::Fn, fn_path_id) = path.res
+            && fn_path_id == body_def_id.into()
+        {
+            span_lint(
+                cx,
+                DIRECT_RECURSION,
+                expr.span,
+                "this function contains a call to itself",
+            );
+        }
+    }
+}

clippy_lints/src/lib.rs

@@ -114,6 +114,7 @@ mod default_union_representation;
 mod dereference;
 mod derivable_impls;
 mod derive;
+mod direct_recursion;
 mod disallowed_macros;
 mod disallowed_methods;
 mod disallowed_names;
@@ -951,5 +952,6 @@ pub fn register_lints(store: &mut rustc_lint::LintStore, conf: &'static Conf) {
     store.register_late_pass(|_| Box::new(cloned_ref_to_slice_refs::ClonedRefToSliceRefs::new(conf)));
     store.register_late_pass(|_| Box::new(infallible_try_from::InfallibleTryFrom));
     store.register_late_pass(|_| Box::new(coerce_container_to_any::CoerceContainerToAny));
+    store.register_late_pass(|_| Box::new(direct_recursion::DirectRecursion));
     // add lints here, do not remove this comment, it's used in `new_lint`
 }

tests/ui/direct_recursion.rs

@@ -0,0 +1,56 @@
+#![deny(clippy::direct_recursion)]
+#![deny(clippy::allow_attributes_without_reason)]
+
+// Basic Cases //
+
+#[allow(unconditional_recursion, reason = "We're not testing for that lint")]
+fn i_call_myself_always() {
+    i_call_myself_always();
+    //~^ direct_recursion
+}
+
+fn i_call_myself_conditionally(do_i: bool) {
+    if do_i {
+        i_call_myself_conditionally(false);
+        //~^ direct_recursion
+    }
+}
+
+// Basic Counterexamples //
+
+fn i_get_called_by_others() {}
+
+fn i_call_something_else() {
+    i_get_called_by_others();
+}
+
+// Elaborate Cases //
+
+// Here we check that we're allowed to bless specific recursive calls.
+// A fine-grained control of where to allow recursion is desirable.
+// This is a test of such a feature.
+fn i_call_myself_in_a_bounded_way(bound: u8) {
+    if bound > 0 {
+        #[expect(
+            clippy::direct_recursion,
+            reason = "Author has audited this function and determined that its recursive call is fine."
+        )]
+        i_call_myself_in_a_bounded_way(bound - 1);
+    }
+}
+
+// Here we check that blessing a specific recursive call doesn't
+// let other recursive calls go through.
+fn i_have_one_blessing_but_two_calls(bound: u8) {
+    if bound > 25 {
+        #[expect(
+            clippy::direct_recursion,
+            reason = "Author has audited this function and determined that its recursive call is fine."
+        )]
+        i_have_one_blessing_but_two_calls(bound - 1);
+    } else if bound > 0 {
+        // "WIP: we still need to audit this part of the function"
+        i_have_one_blessing_but_two_calls(bound - 2)
+        //~^ direct_recursion
+    }
+}

tests/ui/direct_recursion.stderr

@@ -0,0 +1,26 @@
+error: this function contains a call to itself
+  --> tests/ui/direct_recursion.rs:8:5
+   |
+LL |     i_call_myself_always();
+   |     ^^^^^^^^^^^^^^^^^^^^^^
+   |
+note: the lint level is defined here
+  --> tests/ui/direct_recursion.rs:1:9
+   |
+LL | #![deny(clippy::direct_recursion)]
+   |         ^^^^^^^^^^^^^^^^^^^^^^^^
+
+error: this function contains a call to itself
+  --> tests/ui/direct_recursion.rs:14:9
+   |
+LL |         i_call_myself_conditionally(false);
+   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+error: this function contains a call to itself
+  --> tests/ui/direct_recursion.rs:53:9
+   |
+LL |         i_have_one_blessing_but_two_calls(bound - 2)
+   |         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+error: aborting due to 3 previous errors
+