New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cmd/vet: add a new analyzer for check missing values after append #60448
Comments
Change https://go.dev/cl/498475 mentions this issue: |
Change https://go.dev/cl/498416 mentions this issue: |
Related #30040. |
ISTM, instead of a vet check, just make it illegal if go.mod version is greater than Go 1.22 or whatever. |
A large amount of code in the previous version also needs a way to easily circumvent this problem |
We used the proposed change and ran it on open source Go projects. On the benchmark suite of ~276k Go projects (all projects minus those that have certain build issues), the proposed checker reports 727 issues in 650 projects. This suggests the proposed checker does not satisfy the vet frequency criteria. We'll also soon share results on the true positive/false positive ratio on a random sample. |
It is worth keeping in mind that there is no hard threshold for # of instances that must be found in the wild. This is a judgement call and a balancing act. The vet "frequency" requirement:
https://github.com/golang/go/blob/master/src/cmd/vet/README#L18-L23 I do agree with @zpavlinovic that the current data suggests this issue is somewhat infrequent and suggests against inclusion. 727 reports may be more than a "handful of problems" though. I think it will be helpful to understand of whether the check is meeting vet's correctness criteria. Are the existing reports potentially underlying bugs or instances of bad 'style' (e.g. |
I looked at a bunch of examples. My thoughts: An append of one argument is always a no-op, harmless on its own. Sometimes, although it is harmless on its own, one-arg append masks a bug. In the cases I've seen, this always happens when assigning back to the same slice. For example:
This loops forever if it loops at all, because the length of If we remove the append, the Go compiler catches this: "self-assignment of e.Sigs to e.Sigs". So I think this compiler check should be changed to consider one-arg appends, if that's not too expensive. If the compiler can't be changed, then a vet check for |
Interesting. I just want to note that while But it may be that none of these are common enough to worry about. |
I strongly agree, but in the end I have a slightly different opinion. Open source projects, especially with a lot of stars, are often have higher quality than projects running within the company. I have seen many Go beginners have this problem intentionally or unintentionally. Even a very senior person may have this problem due to negligence. If adding compile-time detection is too costly, it might be a good idea to add an analyzer to vet. Just my personal opinion, happy to accept the final decision of the community. |
Here are some results on the precision of the checker. We looked at 20 findings. Four of them seem to be a correctness issue. Please let me know if you see something wrong in the table below. We took the total 727 findings and sorted them based on how often their modules are used, preferring more popular modules. We then made sure a single random finding was picked for a package. Finally, we took the top 20 findings in the resulting list and analyzed them.
|
Do note that https://staticcheck.io/docs/checks/#SA4021 exists, so even if it's not in vet, it already gets flagged for a large portion of Go devs, and buggy code likely doesn't get committed in the first place. |
This proposal has been added to the active column of the proposals project |
It seems like this is worth doing - the linked examples seem to be real bugs, at least some of them, and none of them look like "innocent" code. At best they are confusing code. Have all concerns about this proposal been addressed? |
Another question: What prompt should be given when this situation is detected? The current possible prompt message is "called without values to append", maybe there is a better prompt. Welcome to discuss! |
"append with no values" seems fine |
Based on the discussion above, this proposal seems like a likely accept. |
No change in consensus, so accepted. 🎉 |
Celebrate! I will complete the implementation of the code as soon as possible. |
Currently, if there is no second parameter added during append, there will be no prompt when executing go vet. Add an analyzer to detect this situation Update golang/go#60448 Change-Id: If213fc25fb6521a0f9777ae047fbfbac97e5365f Reviewed-on: https://go-review.googlesource.com/c/tools/+/498475 TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Tim King <taking@google.com> gopls-CI: kokoro <noreply+kokoro@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> Run-TryBot: shuang cui <imcusg@gmail.com>
If there is no second parameter added during append, there will be no prompt when executing go vet. Add an analyzer to detect this situation Update #60448 Change-Id: If9848835424f310c54e3e9377aaaad4a1516871a Reviewed-on: https://go-review.googlesource.com/c/go/+/498416 Run-TryBot: shuang cui <imcusg@gmail.com> Run-TryBot: Tim King <taking@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Michael Matloob <matloob@golang.org> Reviewed-by: Tim King <taking@google.com> Reviewed-by: Alan Donovan <adonovan@google.com>
The code has been merged. Thanks all. |
When I execute
go vet
for static detection, no information is output.I was expecting to be able to tell that I didn't append variables for sli2.
such as :
called without values to append
The text was updated successfully, but these errors were encountered: