Ban saturating arithmetic in tests

keithtensor · keithtensor · commit 95c395bd087c · 2025-02-27T22:11:46.000+08:00
diff --git a/build.rs b/build.rs
@@ -31,6 +31,7 @@ fn main() {
 
     // Parse each rust file with syn and run the linting suite on it in parallel
     rust_files.par_iter().for_each_with(tx.clone(), |tx, file| {
+        let is_test = file.display().to_string().contains("test");
         let Ok(content) = fs::read_to_string(file) else {
             return;
         };
@@ -63,6 +64,10 @@ fn main() {
         track_lint(ForbidKeysRemoveCall::lint(&parsed_file));
         track_lint(RequireFreezeStruct::lint(&parsed_file));
         track_lint(RequireExplicitPalletIndex::lint(&parsed_file));
+
+        if is_test {
+            track_lint(ForbidSaturatingMath::lint(&parsed_file));
+        }
     });
 
     // Collect and print all errors after the parallel processing is done
diff --git a/support/linting/src/forbid_saturating_math.rs b/support/linting/src/forbid_saturating_math.rs
@@ -0,0 +1,114 @@
+use super::*;
+use syn::{Expr, ExprCall, ExprMethodCall, ExprPath, File, Path, spanned::Spanned, visit::Visit};
+
+pub struct ForbidSaturatingMath;
+
+impl Lint for ForbidSaturatingMath {
+    fn lint(source: &File) -> Result {
+        let mut visitor = SaturatingMathBanVisitor::default();
+        visitor.visit_file(source);
+
+        if visitor.errors.is_empty() {
+            Ok(())
+        } else {
+            Err(visitor.errors)
+        }
+    }
+}
+
+#[derive(Default)]
+struct SaturatingMathBanVisitor {
+    errors: Vec<syn::Error>,
+}
+
+impl<'ast> Visit<'ast> for SaturatingMathBanVisitor {
+    fn visit_expr_method_call(&mut self, node: &'ast ExprMethodCall) {
+        let ExprMethodCall { method, .. } = node;
+
+        if method.to_string().starts_with("saturating_") {
+            let msg = "Safe math is banned to encourage tests to panic";
+            self.errors.push(syn::Error::new(method.span(), msg));
+        }
+    }
+
+    fn visit_expr_call(&mut self, node: &'ast ExprCall) {
+        let ExprCall { func, .. } = node;
+
+        if is_saturating_math_call(func) {
+            let msg = "Safe math is banned to encourage tests to panic";
+            self.errors.push(syn::Error::new(node.func.span(), msg));
+        }
+    }
+}
+
+fn is_saturating_math_call(func: &Expr) -> bool {
+    let Expr::Path(ExprPath {
+        path: Path { segments: path, .. },
+        ..
+    }) = func
+    else {
+        return false;
+    };
+
+    path.last().map_or(false, |seg| {
+        seg.ident.to_string().starts_with("saturating_")
+    })
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use quote::quote;
+
+    fn lint(input: proc_macro2::TokenStream) -> Result {
+        let mut visitor = SaturatingMathBanVisitor::default();
+        let expr: syn::Expr = syn::parse2(input).expect("should be a valid expression");
+
+        match &expr {
+            syn::Expr::MethodCall(call) => visitor.visit_expr_method_call(call),
+            syn::Expr::Call(call) => visitor.visit_expr_call(call),
+            _ => panic!("should be a valid method call or function call"),
+        }
+
+        if visitor.errors.is_empty() {
+            Ok(())
+        } else {
+            Err(visitor.errors)
+        }
+    }
+
+    #[test]
+    fn test_saturating_forbidden() {
+        let input = quote! { stake.saturating_add(alpha) };
+        assert!(lint(input).is_err());
+        let input = quote! { alpha_price.saturating_mul(float_alpha_block_emission) };
+        assert!(lint(input).is_err());
+        let input = quote! { alpha_out_i.saturating_sub(root_alpha) };
+        assert!(lint(input).is_err());
+    }
+
+    #[test]
+    fn test_saturating_ufcs_forbidden() {
+        let input = quote! { SaturatingAdd::saturating_add(stake, alpha) };
+        assert!(lint(input).is_err());
+        let input = quote! { core::num::SaturatingAdd::saturating_add(stake, alpha) };
+        assert!(lint(input).is_err());
+        let input =
+            quote! { SaturatingMul::saturating_mul(alpha_price, float_alpha_block_emission) };
+        assert!(lint(input).is_err());
+        let input = quote! { core::num::SaturatingMul::saturating_mul(alpha_price, float_alpha_block_emission) };
+        assert!(lint(input).is_err());
+        let input = quote! { SaturatingSub::saturating_sub(alpha_out_i, root_alpha) };
+        assert!(lint(input).is_err());
+        let input = quote! { core::num::SaturatingSub::saturating_sub(alpha_out_i, root_alpha) };
+        assert!(lint(input).is_err());
+    }
+
+    #[test]
+    fn test_saturating_to_from_num_forbidden() {
+        let input = quote! { I96F32::saturating_from_num(u64::MAX) };
+        assert!(lint(input).is_err());
+        let input = quote! { remaining_emission.saturating_to_num::<u64>() };
+        assert!(lint(input).is_err());
+    }
+}
diff --git a/support/linting/src/lib.rs b/support/linting/src/lib.rs
@@ -3,10 +3,12 @@ pub use lint::*;
 
 mod forbid_as_primitive;
 mod forbid_keys_remove;
+mod forbid_saturating_math;
 mod pallet_index;
 mod require_freeze_struct;
 
 pub use forbid_as_primitive::ForbidAsPrimitiveConversion;
 pub use forbid_keys_remove::ForbidKeysRemoveCall;
+pub use forbid_saturating_math::ForbidSaturatingMath;
 pub use pallet_index::RequireExplicitPalletIndex;
 pub use require_freeze_struct::RequireFreezeStruct;
