cmd/vet: go vet -vettool=$(which shadow) errors in go1.13 only (flag provided but not defined: -unsafeptr) #34053
Comments
|
The process I'm following for installing If you run So I believe I am using the tool appropriately. |
Add testing and support for Go 1.13 and discontinue support for Go 1.11. To maintain consistency with supported and released versions of Go. Go provides security updates for the last two versions of Go, this means the current release (1.13) and the previous release (1.12). Go 1.13 was released today meaning security updates will no longer be released for Go 1.11. Go 1.13 also comes with several new features relating to Modules including more efficient and reliable downloading of dependencies. As we switch to using Modules it will be a better experience for all and we'll be making the most of the change to promote and use Go 1.13. Close #1696 Summary of changes: - Update 1.13 builds to use latest release of 1.13. - Remove 1.11 from builds. - Update all documentation references of supported versions of Go. - Update `govet.sh` to use `-vettool` option that was added in Go 1.12. This was an outstanding TODO item in the file already, but we needed to do it to make the file work with Go 1.12+. Closes #1038. - Add notes to changelogs. Known limitations & issues: There is a bug in the Go 1.13's `go vet` tool that prevents it from being used with shadow. For this reason only the standard vet checks run on Go 1.13 builds, and the additional shadow check runs on Go 1.12 only. I stumbled onto this issue and opened an issue here for it: golang/go#34053.
|
The go/src/cmd/go/internal/work/exec.go Lines 1017 to 1043 in 407010e Probably the |
bcmills
added
the
NeedsInvestigation
|
Could we instead not pass this flag down to custom tools? It seems unnecessary to require all vettool programs to support this flag. |
|
Is there any workaround? etcd etcd-io/etcd#11110 is experiencing the same issue... |
|
Expanding on @leighmcculloch's proposal Would it be reasonable to redefine VetExplicit to mean whether flags are passed to vet or a custom vet tool is used? I think users of vet with a custom tool would be okay filtering out the unsafeptr errors in goroot if their tool included it. One workaround (which might not be workable in your case) is to add a unsafeptr flag to your custom tool |
|
If it helps anyone, I used the following workaround (building on @matloob's suggestion): Save this in a file called, say, package main
import (
"flag"
"golang.org/x/tools/go/analysis/passes/shadow"
"golang.org/x/tools/go/analysis/unitchecker"
)
func main() {
unitchecker.Main(
shadow.Analyzer,
// ... other custom analyzers
)
}
func init() {
// go vet always adds this flag for certain packages in the standard library,
// which causes "flag provided but not defined" errors when running with
// custom vet tools.
// So we just declare it here and swallow the flag.
// See https://github.com/golang/go/issues/34053 for details.
// TODO: Remove this once above issue is resolved.
flag.String("unsafeptr", "", "")
} |
|
Previously, this check was also broken in the Go 1.12 release. #29260 |
|
It also seems like we can work around this for the moment by running |
Run the go vet tool `shadow` for all Go versions, specifically making it possible to run it with Go 1.13. We should have consistent checks and tests across the versions of Go we have running. When I initially added the Go 1.13 block and I excluded the shadow check it was because of golang/go#34053 and I didn't see a simple way to keep running it for Go 1.13. Simply running the tool directly is an easy way to still use the tool since we don't have to run it with `go vet`. The reason we'd want to run it with `go vet` is that's the direction analysis tools are going, and the intention is that if you run multiple tools with go vet it will do certain parsing and loading of code only once. In our case this doesn't really matter right now.
|
By the time I found this issue, I already spent too much time trying to figure out what was wrong in my codebase. Now I am bothered enough to fix this. There seems to be a separate Adding this to the if condition should do it. Will send a CL. |
|
Change https://golang.org/cl/200957 mentions this issue: |
|
Will this fix get back ported into 1.13? |
|
It's definitely a backport candidate. But will leave it to @bcmills for a decision. |
|
@gopherbot, please backport to 1.13: this was an early regression and the fix is trivial. |
|
Backport issue(s) opened: #34922 (for 1.13). Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://golang.org/wiki/MinorReleases. |
|
Change https://golang.org/cl/201237 mentions this issue: |
… custom vet tool For GOROOT packages, we were adding -unsafeptr=false to prevent unsafe.Pointer checks. But the flag also got passed to invocations of go vet with a custom vet tool. To prevent this from happening, we add this flag only when no tools are passed. Updates #34053 Fixes #34922 Change-Id: I8bcd637fd8ec423d597fcdab2a0ceedd20786019 Reviewed-on: https://go-review.googlesource.com/c/go/+/200957 Run-TryBot: Agniva De Sarker <agniva.quicksilver@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Jay Conrod <jayconrod@google.com> (cherry picked from commit 902d5aa) Reviewed-on: https://go-review.googlesource.com/c/go/+/201237 Run-TryBot: Bryan C. Mills <bcmills@google.com> Reviewed-by: Agniva De Sarker <agniva.quicksilver@gmail.com>
Remove the work around that was added in 828c132 that built our own custom `shadow` binary that was able to handle the presence of the `unsafeptr` flag. It's good to remove hacks and work arounds when they are no longer needed. Go 1.13.3 was released today that fixes the bug (golang/go#34053) that was introduced in Go 1.13 where the `unsafeptr` flag was passed down to `go vet` `vettool` programs. The `shadow` tool wasn't capable of handling that flag and cause it to error. In Go 1.13.3 behavior has been returned to match Go 1.12 and the flag is no longer passed down. - Developers who run the script in versions of Go 1.13 that isn't the latest release will still encounter an error. It's not common for developers to run this script locally so this is unlikely to be of huge inconvenience. We should also encourage developers to be using the latest patch releases of Go as they often contain critical security fixes and bug fixes so I think accommodating them is a lower priority.
Requires Go 1.13.3 to avoid build error (actually, fails on `go vet` using `shadow`) due to golang/go#34053
Requires Go 1.13.3 to avoid build error (actually, fails on `go vet` using `shadow`) due to golang/go#34053
What version of Go are you using (
go version)?Does this issue reproduce with the latest release?
Yes
Does this issue reproduce with the previous release?
No
What operating system and processor architecture are you using (
go env)?go envOutputWhat did you do?
What did you expect to see?
I expected to see the output indicating the shadow variable:
What did you see instead?
The output was huge,
1541lines of output. It was repeatedly dumping out an errorflag provided but not defined: -unsafeptronce for some number of standard library packages along with the usage documentation for the shadow command. At the very end was the output I expected.To condense the output down a bit we can see the packages it is displaying the error about:
Does this issue reproduce with the previous release? (details)
No. This doesn't happen with Go 1.12.9. If I run the above commands with that version of Go, it behaves as expected and outputs the shadow errors. Example:
The text was updated successfully, but these errors were encountered: