Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explore utilizing type-checking information #140

Open
kalexmills opened this issue Jan 15, 2021 · 0 comments
Open

Explore utilizing type-checking information #140

kalexmills opened this issue Jan 15, 2021 · 0 comments
Assignees
@kalexmills
Labels
bug Something isn't working enhancement New feature or request false-negative the issue can create a false-negative vet-bot the issue is part of VetBot's responsibility

Comments

@kalexmills
Copy link
Contributor

kalexmills commented Jan 15, 2021
edited
Loading

Tim King pointed out the possibility for code like this to yield false negatives. The issue is one of not being able to perform a whole program analysis without downloading dependencies.

import "pkg"

func foo(slice []T) {
  x := pkg.bar()
  for _, v := range slice {
    x.method(&v)
  }
}

Suppose that bar returns some type whose declaration of method is not present in the target repository, and is not available for VetBot to analyze. Suppose also that there are unary functions named method declared in the target repository, and that the argument is marked safe.

If the declaration of method actually uses v in an unsafe way, VetBot will report a false-negative. Also, VetBot currently has no way to understand that the method being used refers to a declaration that it cannot see.

The approach to use here is to try and provide VetBot with whatever information it needs to determine that method refers to a declaration VetBot did not see. To do that means we will need to rely on some type-checking information to at least determine whether the type referred to is one that is declared in the repository rather than imported from a third-party.

That means exploring the use of the types and packages packages. That is a rather involved undertaking which may disrupt changes happening in parallel.
@kalexmills kalexmills added bug Something isn't working enhancement New feature or request vet-bot the issue is part of VetBot's responsibility false-negative the issue can create a false-negative labels Jan 15, 2021
@kalexmills kalexmills self-assigned this Jan 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kalexmills kalexmills

Labels
bug Something isn't working enhancement New feature or request false-negative the issue can create a false-negative vet-bot the issue is part of VetBot's responsibility
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kalexmills