new lint: zombie_processes

Author: y21

CHANGELOG.md

@@ -5751,6 +5751,7 @@ Released 2018-09-13
 [`zero_ptr`]: https://rust-lang.github.io/rust-clippy/master/index.html#zero_ptr
 [`zero_sized_map_values`]: https://rust-lang.github.io/rust-clippy/master/index.html#zero_sized_map_values
 [`zero_width_space`]: https://rust-lang.github.io/rust-clippy/master/index.html#zero_width_space
+[`zombie_processes`]: https://rust-lang.github.io/rust-clippy/master/index.html#zombie_processes
 [`zst_offset`]: https://rust-lang.github.io/rust-clippy/master/index.html#zst_offset
 <!-- end autogenerated links to lint list -->
 <!-- begin autogenerated links to configuration documentation -->

clippy_dev/src/serve.rs

@@ -25,7 +25,7 @@ pub fn run(port: u16, lint: Option<&String>) -> ! {
         }
         if let Some(url) = url.take() {
             thread::spawn(move || {
-                Command::new("python3")
+                let mut child = Command::new("python3")
                     .arg("-m")
                     .arg("http.server")
                     .arg(port.to_string())
@@ -36,6 +36,7 @@ pub fn run(port: u16, lint: Option<&String>) -> ! {
                 thread::sleep(Duration::from_millis(500));
                 // Launch browser after first export.py has completed and http.server is up
                 let _result = opener::open(url);
+                child.wait().unwrap();
             });
         }
         thread::sleep(Duration::from_millis(1000));

clippy_lints/src/declared_lints.rs

@@ -741,4 +741,5 @@ pub(crate) static LINTS: &[&crate::LintInfo] = &[
     crate::write::WRITE_WITH_NEWLINE_INFO,
     crate::zero_div_zero::ZERO_DIVIDED_BY_ZERO_INFO,
     crate::zero_sized_map_values::ZERO_SIZED_MAP_VALUES_INFO,
+    crate::zombie_processes::ZOMBIE_PROCESSES_INFO,
 ];

clippy_lints/src/lib.rs

@@ -367,6 +367,7 @@ mod wildcard_imports;
 mod write;
 mod zero_div_zero;
 mod zero_sized_map_values;
+mod zombie_processes;
 // end lints modules, do not remove this comment, it’s used in `update_lints`
 
 use clippy_config::{get_configuration_metadata, Conf};
@@ -1105,6 +1106,7 @@ pub fn register_lints(store: &mut rustc_lint::LintStore, conf: &'static Conf) {
     });
     store.register_late_pass(move |_| Box::new(incompatible_msrv::IncompatibleMsrv::new(msrv())));
     store.register_late_pass(|_| Box::new(to_string_trait_impl::ToStringTraitImpl));
+    store.register_late_pass(|_| Box::new(zombie_processes::ZombieProcesses));
     // add lints here, do not remove this comment, it's used in `new_lint`
 }
 

clippy_lints/src/zombie_processes.rs

@@ -0,0 +1,114 @@
+use clippy_utils::diagnostics::span_lint_and_then;
+use clippy_utils::visitors::for_each_local_use_after_expr;
+use clippy_utils::{fn_def_id, match_any_def_paths, match_def_path, paths};
+use rustc_ast::Mutability;
+use rustc_hir::{Expr, ExprKind, Node, PatKind, Stmt, StmtKind};
+use rustc_lint::{LateContext, LateLintPass};
+use rustc_session::{declare_lint_pass, declare_tool_lint};
+use rustc_span::Span;
+use std::ops::ControlFlow;
+
+declare_clippy_lint! {
+    /// ### What it does
+    /// Looks for code that spawns a process but never calls `wait()` on the child.
+    ///
+    /// ### Why is this bad?
+    /// As explained in the [standard library documentation](https://doc.rust-lang.org/stable/std/process/struct.Child.html#warning),
+    /// calling `wait()` is necessary on Unix platforms to properly release all OS resources associated with the process.
+    /// Not doing so will effectively leak process IDs and/or other limited global resources,
+    /// which can eventually lead to resource exhaustion, so it's recommended to call `wait()` in long-running applications.
+    /// Such processes are called "zombie processes".
+    ///
+    /// ### Example
+    /// ```rust
+    /// use std::process::Command;
+    ///
+    /// let _child = Command::new("ls").spawn().expect("failed to execute child");
+    /// ```
+    /// Use instead:
+    /// ```rust
+    /// use std::process::Command;
+    ///
+    /// let mut child = Command::new("ls").spawn().expect("failed to execute child");
+    /// child.wait().expect("failed to wait on child");
+    /// ```
+    #[clippy::version = "1.74.0"]
+    pub ZOMBIE_PROCESSES,
+    suspicious,
+    "not waiting on a spawned child process"
+}
+declare_lint_pass!(ZombieProcesses => [ZOMBIE_PROCESSES]);
+
+fn emit_lint(cx: &LateContext<'_>, span: Span) {
+    span_lint_and_then(
+        cx,
+        ZOMBIE_PROCESSES,
+        span,
+        "spawned process is never `wait()`-ed on and leaves behind a zombie process",
+        |diag| {
+            diag.help("consider calling `.wait()`")
+                .note("also see https://doc.rust-lang.org/stable/std/process/struct.Child.html#warning");
+        },
+    );
+}
+
+impl<'tcx> LateLintPass<'tcx> for ZombieProcesses {
+    fn check_expr(&mut self, cx: &LateContext<'tcx>, expr: &'tcx Expr<'tcx>) {
+        if let ExprKind::Call(..) | ExprKind::MethodCall(..) = expr.kind
+            && let Some(child_adt) = cx.typeck_results().expr_ty(expr).ty_adt_def()
+            && match_def_path(cx, child_adt.did(), &paths::CHILD)
+        {
+            match cx.tcx.hir().get_parent(expr.hir_id) {
+                Node::Local(local) if let PatKind::Binding(_, local_id, ..) = local.pat.kind => {
+
+                    // If the `Child` is assigned to a variable, we want to check if the code never calls `.wait()`
+                    // on the variable, and lint if not.
+                    // This is difficult to do because expressions can be arbitrarily complex
+                    // and the variable can "escape" in various ways, e.g. you can take a `&mut` to the variable
+                    // and call `.wait()` through that, or pass it to another function...
+                    // So instead we do the inverse, checking if all uses are either:
+                    // - a field access (`child.{stderr,stdin,stdout}`)
+                    // - calling `id` or `kill`
+                    // - no use at all (e.g. `let _x = child;`)
+                    // - taking a shared reference (`&`), `wait()` can't go through that
+                    // Neither of these is sufficient to prevent zombie processes
+                    // Doing it like this means more FNs, but FNs are better than FPs.
+                    let has_no_wait = for_each_local_use_after_expr(cx, local_id, expr.hir_id, |expr| {
+                        match cx.tcx.hir().get_parent(expr.hir_id) {
+                            Node::Stmt(Stmt { kind: StmtKind::Semi(_), .. }) => ControlFlow::Continue(()),
+                            Node::Expr(expr) if let ExprKind::Field(..) = expr.kind => ControlFlow::Continue(()),
+                            Node::Expr(expr) if let ExprKind::AddrOf(_, Mutability::Not, _) = expr.kind => {
+                                ControlFlow::Continue(())
+                            }
+                            Node::Expr(expr)
+                                if let Some(fn_did) = fn_def_id(cx, expr)
+                                    && match_any_def_paths(cx, fn_did, &[
+                                        &paths::CHILD_ID,
+                                        &paths::CHILD_KILL,
+                                    ]).is_some() =>
+                            {
+                                ControlFlow::Continue(())
+                            }
+
+                            // Conservatively assume that all other kinds of nodes call `.wait()` somehow.
+                            _ => ControlFlow::Break(()),
+                        }
+                    }).is_continue();
+
+                    if has_no_wait {
+                        emit_lint(cx, expr.span);
+                    }
+                },
+                Node::Local(local) if let PatKind::Wild = local.pat.kind => {
+                    // `let _ = child;`, also dropped immediately without `wait()`ing
+                    emit_lint(cx, expr.span);
+                }
+                Node::Stmt(Stmt { kind: StmtKind::Semi(_), .. }) => {
+                    // Immediately dropped. E.g. `std::process::Command::new("echo").spawn().unwrap();`
+                    emit_lint(cx, expr.span);
+                }
+                _ => {}
+            }
+        }
+    }
+}

clippy_utils/src/paths.rs

@@ -24,6 +24,10 @@ pub const CORE_RESULT_OK_METHOD: [&str; 4] = ["core", "result", "Result", "ok"];
 pub const CSTRING_AS_C_STR: [&str; 5] = ["alloc", "ffi", "c_str", "CString", "as_c_str"];
 pub const EARLY_CONTEXT: [&str; 2] = ["rustc_lint", "EarlyContext"];
 pub const EARLY_LINT_PASS: [&str; 3] = ["rustc_lint", "passes", "EarlyLintPass"];
+pub const EXIT: [&str; 3] = ["std", "process", "exit"];
+pub const CHILD: [&str; 3] = ["std", "process", "Child"];
+pub const CHILD_ID: [&str; 4] = ["std", "process", "Child", "id"];
+pub const CHILD_KILL: [&str; 4] = ["std", "process", "Child", "kill"];
 pub const F32_EPSILON: [&str; 4] = ["core", "f32", "<impl f32>", "EPSILON"];
 pub const F64_EPSILON: [&str; 4] = ["core", "f64", "<impl f64>", "EPSILON"];
 pub const FILE_OPTIONS: [&str; 4] = ["std", "fs", "File", "options"];

tests/ui/suspicious_command_arg_space.fixed

@@ -1,3 +1,4 @@
+#![allow(clippy::zombie_processes)]
 fn main() {
     // Things it should warn about:
     std::process::Command::new("echo").args(["-n", "hello"]).spawn().unwrap();

tests/ui/suspicious_command_arg_space.rs

@@ -1,3 +1,4 @@
+#![allow(clippy::zombie_processes)]
 fn main() {
     // Things it should warn about:
     std::process::Command::new("echo").arg("-n hello").spawn().unwrap();

tests/ui/suspicious_command_arg_space.stderr

@@ -1,5 +1,5 @@
 error: single argument that looks like it should be multiple arguments
-  --> $DIR/suspicious_command_arg_space.rs:3:44
+  --> $DIR/suspicious_command_arg_space.rs:4:44
    |
 LL |     std::process::Command::new("echo").arg("-n hello").spawn().unwrap();
    |                                            ^^^^^^^^^^
@@ -12,7 +12,7 @@ LL |     std::process::Command::new("echo").args(["-n", "hello"]).spawn().unwrap
    |                                        ~~~~ ~~~~~~~~~~~~~~~
 
 error: single argument that looks like it should be multiple arguments
-  --> $DIR/suspicious_command_arg_space.rs:6:43
+  --> $DIR/suspicious_command_arg_space.rs:7:43
    |
 LL |     std::process::Command::new("cat").arg("--number file").spawn().unwrap();
    |                                           ^^^^^^^^^^^^^^^

tests/ui/zombie_processes.rs

@@ -0,0 +1,55 @@
+#![warn(clippy::zombie_processes)]
+
+use std::process::{Child, Command};
+
+fn main() {
+    let _ = Command::new("").spawn().unwrap();
+    //~^ ERROR: spawned process is never `wait()`-ed on
+    Command::new("").spawn().unwrap();
+    //~^ ERROR: spawned process is never `wait()`-ed on
+    spawn_proc();
+    //~^ ERROR: spawned process is never `wait()`-ed on
+    spawn_proc().wait().unwrap(); // OK
+
+    {
+        let mut x = Command::new("").spawn().unwrap();
+        //~^ ERROR: spawned process is never `wait()`-ed on
+        x.kill();
+        x.id();
+    }
+    {
+        let mut x = Command::new("").spawn().unwrap();
+        x.wait().unwrap(); // OK
+    }
+    {
+        let x = Command::new("").spawn().unwrap();
+        x.wait_with_output().unwrap(); // OK
+    }
+    {
+        let mut x = Command::new("").spawn().unwrap();
+        x.try_wait().unwrap(); // OK
+    }
+    {
+        let mut x = Command::new("").spawn().unwrap();
+        let mut r = &mut x;
+        r.wait().unwrap(); // OK, not calling `.wait()` directly on `x` but through `r` -> `x`
+    }
+    {
+        let mut x = Command::new("").spawn().unwrap();
+        process_child(x); // OK, other function might call `.wait()` so assume it does
+    }
+    {
+        let mut x = Command::new("").spawn().unwrap();
+        //~^ ERROR: spawned process is never `wait()`-ed on
+        let v = &x;
+        // (allow shared refs is fine because one cannot call `.wait()` through that)
+    }
+}
+
+fn spawn_proc() -> Child {
+    todo!()
+}
+
+fn process_child(c: Child) {
+    todo!()
+}

tests/ui/zombie_processes.stderr

@@ -0,0 +1,49 @@
+error: spawned process is never `wait()`-ed on and leaves behind a zombie process
+  --> $DIR/zombie_processes.rs:6:13
+   |
+LL |     let _ = Command::new("").spawn().unwrap();
+   |             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+   |
+   = help: consider calling `.wait()`
+   = note: also see https://doc.rust-lang.org/stable/std/process/struct.Child.html#warning
+   = note: `-D clippy::zombie-processes` implied by `-D warnings`
+   = help: to override `-D warnings` add `#[allow(clippy::zombie_processes)]`
+
+error: spawned process is never `wait()`-ed on and leaves behind a zombie process
+  --> $DIR/zombie_processes.rs:8:5
+   |
+LL |     Command::new("").spawn().unwrap();
+   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+   |
+   = help: consider calling `.wait()`
+   = note: also see https://doc.rust-lang.org/stable/std/process/struct.Child.html#warning
+
+error: spawned process is never `wait()`-ed on and leaves behind a zombie process
+  --> $DIR/zombie_processes.rs:10:5
+   |
+LL |     spawn_proc();
+   |     ^^^^^^^^^^^^
+   |
+   = help: consider calling `.wait()`
+   = note: also see https://doc.rust-lang.org/stable/std/process/struct.Child.html#warning
+
+error: spawned process is never `wait()`-ed on and leaves behind a zombie process
+  --> $DIR/zombie_processes.rs:15:21
+   |
+LL |         let mut x = Command::new("").spawn().unwrap();
+   |                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+   |
+   = help: consider calling `.wait()`
+   = note: also see https://doc.rust-lang.org/stable/std/process/struct.Child.html#warning
+
+error: spawned process is never `wait()`-ed on and leaves behind a zombie process
+  --> $DIR/zombie_processes.rs:42:21
+   |
+LL |         let mut x = Command::new("").spawn().unwrap();
+   |                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+   |
+   = help: consider calling `.wait()`
+   = note: also see https://doc.rust-lang.org/stable/std/process/struct.Child.html#warning
+
+error: aborting due to 5 previous errors
+