-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement manual_clamp
lint
#9484
Conversation
r? @Alexendoo (rust-highfive has picked a reviewer for you, use r? to override) |
clamping_without_clamp
lint
Will this lint also close #6751 ? |
Yup! |
clamping_without_clamp
lintmanual_clamp
lint
This changes behavior if the clamped variable is NaN. Are clippy lints supposed to suggest things that change the behavior? |
It also adds a panic if It's okay for a lint to suggest something that is different yeah, but the applicability should be set to |
If this lint introduces a panic it's highly likely the code wasn't functioning as intended to begin with. I think breakage due to new panics is rare enough that MachineApplicable is still preferable. I can add a note to the diagnostic. This concern was already noted in the Known Issues section of the documentation. |
I changed my mind, MaybeIncorrect is fine. Automatically introducing panics is a bad user experience and should be avoided even if our confidence level is high. |
The case where the clamped variable (but not min and max) is NaN isn't noted in the Known Issues. |
@heinrich5991 Ah, that would be because it doesn't panic if the clamped variable is NaN. |
It changes behavior though: https://play.rust-lang.org/?version=stable&mode=debug&edition=2021&gist=85aa230985a60f5b17017b4f658a0e35. NaN turns into NaN with |
Ah, okay thank you for the demonstration. I'll note that. |
New output
|
☔ The latest upstream changes (presumably #9233) made this pull request unmergeable. Please resolve the merge conflicts. |
☔ The latest upstream changes (presumably #9516) made this pull request unmergeable. Please resolve the merge conflicts. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for waiting, had a good look at it today
The logic is great. Sorry for the large dump, most of it is style related 😄
@Alexendoo all of the responses to your review are in this commit c65d765 |
Looks great thanks! If you could give the commits a squash I think it's ready to be merged |
@Alexendoo Squished! |
Should we have a discussion issue for this lint?
I disagree: As such, I'm not really sure what to do about this lint. It is a useful lint in some cases, while in others it is complaining about deliberate behaviour. Should users really be expected to write My biggest concern however is that this lint suggests a possibly incorrect "fix". Perhaps this lint should be placed into a new (default disabled) category to indicate that it might not be correct? |
The lint notes accompanying the warning describe the changes in behavior that the fix it suggests would introduce, and in its final merged form it does not auto apply the suggestion. It's still up to the engineer to determine if clamp is right for them or not. If a project finds this lint to be undesirable for their entire code base they can always put Clippy is highly configurable which means the default lint set is merely a recommendation. I think this lint is correct often enough to be useful as a default. It doesn't need to be perfectly correct to be a reasonable default, just mostly correct. |
Sigh. The social perspective is the problem: a tool suggests a "fix", which can easily lead to people lazily following instructions. I guess at least any problem introduced is observable thanks to the panic. By the way, this lint fails to detect |
Yeah we don't generally lint based on method names alone. For this case specifically types that can't be
This is no need for this |
I can confirm that this happened to us here. Luckily our test coverage was good enough to catch the panic. Worth mentioning, perhaps, that we run clippy in CI and the CI messages don't include the "notes" about panics and NaNs. |
Do you have a link to the run where the note is missing? That sounds problematic |
Here https://github.com/linebender/druid/actions/runs/3544685050/jobs/5952188360#step:6:1 It looks like the note was displayed. |
If you click though to the logs, it is indeed displayed. But on this page, for example, it doesn't show them. And if you click on one of the links in the diagnostics, it brings you to this page, which also doesn't show the notes. This is possibly an issue with the UX on the CI rather than a problem with clippy itself, but I do think it's worth noting that not all consumers of clippy's messages will be getting the detailed info. |
I nominated this PR/lint to talk about in the next Clippy meeting on Tuesday. Having a lint that suggests different semantic behavior warn-by-default has a weird taste to it IMO. |
If the group wants to adjust this lint to avoid this then I'd suggest splitting into two lints. One lint, which is warn by default, will only trigger if it can be determined at compile time that max is always greater than or equal to min, and never NaN. The other lint, which is allow by default, will retain the current behavior of this lint. |
Does clippy not have an as-if policy for their lint suggestions? I am going over the logic and this definitely have different semantic right? |
Replacing Then again, this is the primary reason why Clippy lints are not in rustc, so no complaints there. Perhaps the lint simply isn't clear enough that the suggestion is only applicable when it is expected that |
There is no written policy like that. But when producing a suggestion we usually try to only suggest things with the same semantic behavior. There are a few cases, where we suggest different semantic behavior ( However we agreed in the last meeting that the suggestion of this lint, is a bit beyond that criterion. So we decided to move it to |
Looks like this is already being reevaluated but just wanted to register a datapoint: |
Move manual_clamp to nursery As discussed in #9484 (comment) and decided in the [Zulip meeting](https://rust-lang.zulipchat.com/#narrow/stream/257328-clippy/topic/Meeting.202022-12-13/near/315626226) changelog: Moved [`manual_clamp`] to `nursery` (Now allow-by-default) [#10101](#10101) <!-- changelog_checked -->
Another voice to add to the 'disable this by default' crowd (I see this has already been done, but I figured it's still worth a mention): the advice given by this lint was taken in a refactor for Veloren, leading to intermittent crashes for likely a few dozen users: https://gitlab.com/veloren/veloren/-/issues/1769 |
Another bug caused by following this lint: iced-rs/iced#1619 |
Thanks all for pointing this out and really sorry for the inconveniences caused by this. I'll make sure that this lint is no longer warn-by-default in 1.67. There's nothing else to do here, so +1 comments won't help here. Thanks all for giving us examples what we should look for when trying to improve this lint in the future! |
So first off @dhardy I owe you an apology. You tried to call this out before it was released and I thought it would be okay. I was wrong. I also owe an apology to the people who experienced a panic as a result of following this lint. Second off, I've thought about my proposal to split the lint some more. Earlier I suggested having two lints, one which would only fire if it can be determined at compile time that max is always greater than or equal to min, and never NaN, and the other with the current behavior of this lint. The first would be warn by default, and the second would be allow by default. Currently I think only the first lint is useful, and thus I'd like to propose adjusting this lint to use those checks and then setting it back to warn by default, once we know it will never trigger a false positive. |
…ulacrum [beta] Clippy: Move manual_clamp to nursery There was a lot of discussion about this lint in rust-lang/rust-clippy#9484 (comment) We decided to move the lint to `nursery`. But since this lint broke code of many popular projects, we don't want to wait another release cycle until this move gets into stable. So we'd like to backport this commit to `beta`. cc `@rust-lang/clippy` for approval from the Clippy side.
not sure if this is within clippy's capabilities, but it would be nice not to suggest |
Please open an issue about this. This PR is not the bug tracker for this lint, even if it seems like it has become the same. |
…meGomez restrict manual_clamp to const case, bring it out of nursery Implements the plan that I described in #9484 (comment) This does two things primarily 1. Restrict `manual_clamp` such that it will only trigger if we are able to guarantee that `clamp` won't panic at runtime. 2. Bring `manual_clamp` out of nursery status and move it into the complexity group. changelog: [`manual_clamp`]: Restrict this lint such that it only triggers if max and min are const, and max is greater than or equal to min. Then bring it out of the nursery group.
Fixes #9477
Fixes #6751
Identifies common patterns where usage of the
clamp
function would be more succinct and clear, and suggests using theclamp
function instead.changelog: [
manual_clamp
]: Implement manual_clamp lint