Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/tools/go/analysis: change RelatedInformation to work without fileset #54233

Open
hyangah opened this issue Aug 3, 2022 · 3 comments
Open

x/tools/go/analysis: change RelatedInformation to work without fileset #54233

hyangah opened this issue Aug 3, 2022 · 3 comments
Labels
Analysis Issues related to static analysis (vet, x/tools/go/analysis) NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Tools This label describes issues relating to any tools in the x/tools repository.
Milestone
Unreleased

Comments

@hyangah
Copy link
Contributor

hyangah commented Aug 3, 2022

RelatedInformation is used to add information related to a diagnostic. Currently it is defined as:

type RelatedInformation struct {
	Pos     token.Pos
	End     token.Pos
	Message string
}

I believe this corresponds to LSP's DiagnosticRelatedInformation and the Pos/End would be translated to LSP Location.

The use of token.Pos in RelatedInformation implies we need to depend on a certain token.FileSet. If the positions of the related information belong to the same package, that's fine. Otherwise, it is awkward to use. For example, I hoped I could annotate reports on functions that transitively call known vulnerable symbols. But the vulnerable symbols may be in different package and we learned about it from Facts generated by the analyzer run on the package.

Will Position be too inefficient?

cc @adonovan @timothy-king
@gopherbot gopherbot added the Tools This label describes issues relating to any tools in the x/tools repository. label Aug 3, 2022
@gopherbot gopherbot added this to the Unreleased milestone Aug 3, 2022
@timothy-king
Copy link
Contributor

So a token.Pos does not make sense in a Fact (as it is relative to a FileSet like you mentioned). Facts need to be deserializable in another process. A token.Position makes a lot more sense in a Fact.

Will Position be too inefficient?

It depends. How many Positions are there? Vulnerable symbols could be encoding a lot of paths so without looking at the implementation it is hard to tell. If it is just diagnostics, there should not be hundreds so this should not be a problem.

The use of token.Pos in RelatedInformation implies we need to depend on a certain token.FileSet. If the positions of the related information belong to the same package, that's fine. Otherwise, it is awkward to use.

This does sound awkward outside of vet. I am not really sure what is helpful here yet. I think I might need to understand some more about how gopls is doing things before I have a strong opinion.

@dmitshur dmitshur added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Aug 3, 2022
@hyangah
Copy link
Contributor Author

hyangah commented Aug 4, 2022

How many Positions are there?

RelatedInformation is only used for Diagnostics.

Propagating position info using Facts needs different ways if want to be efficient (e.g. for example, one way I am thinking is to encode file paths in package facts, use indexes for object facts, and reconstruct Position with them), but I am sure they shouldn't use RelatedInformation.

I think I might need to understand some more about how gopls is doing things before I have a strong opinion.

@findleyr @pjweinb Can you help us understand how gopls is using this related information from diagnostics?

@timothy-king
Copy link
Contributor

This does sound awkward outside of vet.

To expand a bit, the reason this sounds awkward outside of vet is that {single,multi,unit}checker control their *FileSet. Which simplifies how each would use a Pos.

@adonovan adonovan added the Analysis Issues related to static analysis (vet, x/tools/go/analysis) label Apr 23, 2023
@adonovan adonovan mentioned this issue Apr 4, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Analysis Issues related to static analysis (vet, x/tools/go/analysis) NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. Tools This label describes issues relating to any tools in the x/tools repository.
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
5 participants
@timothy-king @dmitshur @hyangah @adonovan @gopherbot