Extend indexing_slicing lint

    Hey there clippy team! I've made some assumptions in this PR and I'm not at all certain they'll look like the right approach to you. I'm looking forward to any feedback or revision requests you have, thanks!

    Prior to this commit the `indexing_slicing` lint was limited to indexing/slicing operations on arrays. This meant that the scope of a really useful lint didn't include vectors. In order to include vectors in the `indexing_slicing` lint a few steps were taken.

    The `array_indexing.rs` source file in `clippy_lints` was renamed to `indexing_slicing.rs` to more accurately reflect the lint's new scope. The `OUT_OF_BOUNDS_INDEXING` lint persists through these changes so if we can know that a constant index or slice on an array is in bounds no lint is triggered.

    The `array_indexing` tests in the `tests/ui` directory were also extended and moved to `indexing_slicing.rs` and `indexing_slicing.stderr`.

    The `indexing_slicing` lint was moved to the `clippy_pedantic` lint group.

    A specific "Consider using" string was added to each of the `indexing_slicing` lint reports.

    At least one of the test scenarios might look peculiar and I'll leave it up to y'all to decide if it's palatable. It's the result of indexing the array `x` after `let x = [1, 2, 3, 4];`

    ```
    error: slicing may panic. Consider using `.get(..n)`or `.get_mut(..n)`instead
      --> $DIR/indexing_slicing.rs:23:6
       |
    23 |     &x[0..][..3];
       |      ^^^^^^^^^^^
    ```

    The error string reports only on the second half's range-to, because the range-from is in bounds!

    Again, thanks for taking a look.

    Closes #2536

Author: shnewto

clippy_lints/src/array_indexing.rs

@@ -1,3 +1,5 @@
+//! lint on indexing and slicing operations
+
 use crate::consts::{constant, Constant};
 use crate::utils::higher::Range;
 use crate::utils::{self, higher};
@@ -16,29 +18,44 @@ use syntax::ast::RangeLimits;
 /// **Example:**
 /// ```rust
 /// let x = [1,2,3,4];
-/// ...
+///
+/// // Bad
 /// x[9];
 /// &x[2..9];
+///
+/// // Good
+/// x[0];
+/// x[3];
 /// ```
 declare_clippy_lint! {
     pub OUT_OF_BOUNDS_INDEXING,
     correctness,
     "out of bounds constant indexing"
 }
 
-/// **What it does:** Checks for usage of indexing or slicing.
+/// **What it does:** Checks for usage of indexing or slicing. Does not report
+/// if we can tell that the indexing or slicing operations on an array are in
+/// bounds.
 ///
-/// **Why is this bad?** Usually, this can be safely allowed. However, in some
-/// domains such as kernel development, a panic can cause the whole operating
-/// system to crash.
+/// **Why is this bad?** Indexing and slicing can panic at runtime and there are
+/// safe alternatives.
 ///
 /// **Known problems:** Hopefully none.
 ///
 /// **Example:**
 /// ```rust
-/// ...
+/// let x = vec![0; 5];
+/// // Bad
 /// x[2];
-/// &x[0..2];
+/// &x[2..100];
+/// &x[2..];
+/// &x[..100];
+///
+/// // Good
+/// x.get(2)
+/// x.get(2..100)
+/// x.get(2..)
+/// x.get(..100)
 /// ```
 declare_clippy_lint! {
     pub INDEXING_SLICING,
@@ -47,68 +64,129 @@ declare_clippy_lint! {
 }
 
 #[derive(Copy, Clone)]
-pub struct ArrayIndexing;
+pub struct IndexingSlicingPass;
 
-impl LintPass for ArrayIndexing {
+impl LintPass for IndexingSlicingPass {
     fn get_lints(&self) -> LintArray {
         lint_array!(INDEXING_SLICING, OUT_OF_BOUNDS_INDEXING)
     }
 }
 
-impl<'a, 'tcx> LateLintPass<'a, 'tcx> for ArrayIndexing {
-    fn check_expr(&mut self, cx: &LateContext<'a, 'tcx>, e: &'tcx hir::Expr) {
-        if let hir::ExprIndex(ref array, ref index) = e.node {
-            // Array with known size can be checked statically
-            let ty = cx.tables.expr_ty(array);
-            if let ty::TyArray(_, size) = ty.sty {
-                let size = size.assert_usize(cx.tcx).unwrap().into();
-
-                // Index is a constant uint
-                if let Some((Constant::Int(const_index), _)) = constant(cx, cx.tables, index) {
-                    if size <= const_index {
-                        utils::span_lint(cx, OUT_OF_BOUNDS_INDEXING, e.span, "const index is out of bounds");
+impl<'a, 'tcx> LateLintPass<'a, 'tcx> for IndexingSlicingPass {
+    fn check_expr(&mut self, cx: &LateContext<'a, 'tcx>, expr: &'tcx Expr) {
+        if let ExprIndex(ref a, ref b) = &expr.node {
+            match &b.node {
+                // Both ExprStruct and ExprPath require this approach's checks
+                // on the `range` returned by `higher::range(cx, b)`.
+                // ExprStruct handles &x[n..m], &x[n..] and &x[..n].
+                // ExprPath handles &x[..] and x[var]
+                ExprStruct(_, _, _) | ExprPath(_) => {
+                    if let Some(range) = higher::range(cx, b) {
+                        let ty = cx.tables.expr_ty(a);
+                        if let ty::TyArray(_, s) = ty.sty {
+                            let size: u128 = s.assert_usize(cx.tcx).unwrap().into();
+                            // Index is a constant range.
+                            if let Some((start, end)) = to_const_range(cx, range, size) {
+                                if start > size || end > size {
+                                    utils::span_lint(
+                                        cx,
+                                        OUT_OF_BOUNDS_INDEXING,
+                                        expr.span,
+                                        "range is out of bounds",
+                                    );
+                                } else {
+                                    // Range is in bounds, ok.
+                                    return;
+                                }
+                            }
+                        }
+                        match (range.start, range.end) {
+                            (None, Some(_)) => {
+                                cx.span_lint(
+                                    INDEXING_SLICING,
+                                    expr.span,
+                                    "slicing may panic. Consider using \
+                                     `.get(..n)`or `.get_mut(..n)` instead",
+                                );
+                            }
+                            (Some(_), None) => {
+                                cx.span_lint(
+                                    INDEXING_SLICING,
+                                    expr.span,
+                                    "slicing may panic. Consider using \
+                                     `.get(n..)` or .get_mut(n..)` instead",
+                                );
+                            }
+                            (Some(_), Some(_)) => {
+                                cx.span_lint(
+                                    INDEXING_SLICING,
+                                    expr.span,
+                                    "slicing may panic. Consider using \
+                                     `.get(n..m)` or `.get_mut(n..m)` instead",
+                                );
+                            }
+                            (None, None) => (),
+                        }
+                    } else {
+                        cx.span_lint(
+                            INDEXING_SLICING,
+                            expr.span,
+                            "indexing may panic. Consider using `.get(n)` or \
+                             `.get_mut(n)` instead",
+                        );
                     }
-
-                    return;
                 }
-
-                // Index is a constant range
-                if let Some(range) = higher::range(cx, index) {
-                    if let Some((start, end)) = to_const_range(cx, range, size) {
-                        if start > size || end > size {
-                            utils::span_lint(cx, OUT_OF_BOUNDS_INDEXING, e.span, "range is out of bounds");
+                ExprLit(_) => {
+                    // [n]
+                    let ty = cx.tables.expr_ty(a);
+                    if let ty::TyArray(_, s) = ty.sty {
+                        let size: u128 = s.assert_usize(cx.tcx).unwrap().into();
+                        // Index is a constant uint.
+                        if let Some((Constant::Int(const_index), _)) = constant(cx, cx.tables, b) {
+                            if size <= const_index {
+                                utils::span_lint(
+                                    cx,
+                                    OUT_OF_BOUNDS_INDEXING,
+                                    expr.span,
+                                    "const index is out of bounds",
+                                );
+                            }
+                            // Else index is in bounds, ok.
                         }
-                        return;
+                    } else {
+                        cx.span_lint(
+                            INDEXING_SLICING,
+                            expr.span,
+                            "indexing may panic. Consider using `.get(n)` or \
+                             `.get_mut(n)` instead",
+                        );
                     }
                 }
-            }
-
-            if let Some(range) = higher::range(cx, index) {
-                // Full ranges are always valid
-                if range.start.is_none() && range.end.is_none() {
-                    return;
-                }
-
-                // Impossible to know if indexing or slicing is correct
-                utils::span_lint(cx, INDEXING_SLICING, e.span, "slicing may panic");
-            } else {
-                utils::span_lint(cx, INDEXING_SLICING, e.span, "indexing may panic");
+                _ => (),
             }
         }
     }
 }
 
 /// Returns an option containing a tuple with the start and end (exclusive) of
 /// the range.
-fn to_const_range<'a, 'tcx>(cx: &LateContext<'a, 'tcx>, range: Range, array_size: u128) -> Option<(u128, u128)> {
-    let s = range.start.map(|expr| constant(cx, cx.tables, expr).map(|(c, _)| c));
+fn to_const_range<'a, 'tcx>(
+    cx: &LateContext<'a, 'tcx>,
+    range: Range,
+    array_size: u128,
+) -> Option<(u128, u128)> {
+    let s = range
+        .start
+        .map(|expr| constant(cx, cx.tables, expr).map(|(c, _)| c));
     let start = match s {
         Some(Some(Constant::Int(x))) => x,
         Some(_) => return None,
         None => 0,
     };
 
-    let e = range.end.map(|expr| constant(cx, cx.tables, expr).map(|(c, _)| c));
+    let e = range
+        .end
+        .map(|expr| constant(cx, cx.tables, expr).map(|(c, _)| c));
     let end = match e {
         Some(Some(Constant::Int(x))) => if range.limits == RangeLimits::Closed {
             x + 1

clippy_lints/src/lib.rs

@@ -355,8 +355,8 @@ pub fn register_plugins(reg: &mut rustc_plugin::Registry) {
     );
     reg.register_late_lint_pass(box escape::Pass{too_large_for_stack: conf.too_large_for_stack});
     reg.register_early_lint_pass(box misc_early::MiscEarly);
-    reg.register_late_lint_pass(box array_indexing::ArrayIndexing);
-    reg.register_late_lint_pass(box panic_unimplemented::Pass);
+    reg.register_late_lint_pass(box array_indexing::IndexingSlicingPass);
+    reg.register_late_lint_pass(box panic::Pass);
     reg.register_late_lint_pass(box strings::StringLitAsBytes);
     reg.register_late_lint_pass(box derive::Derive);
     reg.register_late_lint_pass(box types::CharLitAsU8);

tests/ui/array_indexing.rs

@@ -1,18 +1,26 @@
 #![feature(plugin)]
-
-
 #![warn(indexing_slicing)]
 #![warn(out_of_bounds_indexing)]
 #![allow(no_effect, unnecessary_operation)]
 
 fn main() {
-    let x = [1,2,3,4];
+    let x = [1, 2, 3, 4];
+    let index: usize = 1;
+    let index_from: usize = 2;
+    let index_to: usize = 3;
+    x[index];
+    &x[index_from..index_to];
+    &x[index_from..][..index_to];
+    &x[index..];
+    &x[..index];
     x[0];
     x[3];
     x[4];
     x[1 << 3];
     &x[1..5];
+    &x[1..][..5];
     &x[0..3];
+    &x[0..][..3];
     &x[0..=4];
     &x[..=4];
     &x[..];
@@ -42,4 +50,11 @@ fn main() {
     &empty[..0];
     &empty[1..];
     &empty[..4];
+
+    let v = vec![0; 5];
+    v[0];
+    v[10];
+    &v[10..100];
+    &v[10..];
+    &v[..100];
 }