You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Run R39 found no tool change (Serena LSP stable at 23 tools R4-39; custom-linter registry stable at 29, no 30th linter). With no new linter to anchor on, this run executed a 50/50 cached + new strategy targeting two fresh, never-before-audited linters that are both CI-enforced — so any false positive is a build-blocker. Two distinct, single-file precision issues were filed.
Serena LSP tools
23 (stable R4-39)
Custom linter registry
29 (stable; cmd/linters/main.go:52-80)
Strategy
No-tool-change precision audit (50 cached pattern / 50 new target)
Findings examined
6
Issues created
2 (both CI-enforced linters)
Reconcile
R38 #39493 / #39494 confirmed open + unfixed-in-code
CI-enforcement correction: the R38 cache note dropped regexpcompileinfunction from the enforced set. The actual 14 enforced flags at .github/workflows/cgo.yml:1123 are: errstringmatch panicinlibrarycode manualmutexunlock osexitinlibrary rawloginlib regexpcompileinfunction fprintlnsprintf strconvparseignorederror jsonmarshalignoredeerror uncheckedtypeassertion fmterrorfnoverbs tolowerequalfold httpnoctx timeafterleak. Both of this run's targets are in that list.
Strategy: 50/50 Split
Cached half — proven syntactic_stdlib_match pattern. The strongest recurring land-arg in this project: a linter that identifies a stdlib call by comparing the package identifier's text (ident.Name == "pkg") instead of resolving package identity via the type checker. Already merged for sortslice (#38029) and open for ctxbackground (#38789). Applied here to a fresh linter.
New half — a never-audited, CI-enforced linter chosen for a parent-shape precision probe.uncheckedtypeassertion was read end-to-end (123 LOC); its comma-ok safe-form detection was found to recognize only one AST parent shape.
Expected outcome: two small, single-file fixes with proven-acceptable shapes (the team lands single-file precision PRs in 1-2 days).
Findings & Generated Tasks
Task 1 — uncheckedtypeassertion: comma-ok safe form only recognized for AssignStmt (false positive, CI-enforced)
Location:pkg/linters/uncheckedtypeassertion/uncheckedtypeassertion.go:76-82 (parent check) and :99-101 (isSafeTwoValueAssertion).
Evidence: the safe two-value form is only skipped when parents[typeAssert] is an *ast.AssignStmt. The Go comma-ok form is equally valid in initialization, so two safe constructs have a different parent and are wrongly reported:
var v, ok = x.(T) — parent is *ast.ValueSpec.
v, ok := (x.(T)) — parent is *ast.ParenExpr (the AssignStmt is a grandparent).
Impact: the linter is CI-enforced, so the first idiomatic var v, ok = x.(T) fails the build on legal, safe code and forces a spurious //nolint. Latent today (no prod trigger).
Fix: unwrap *ast.ParenExpr parents, then accept either an AssignStmt (len(Lhs)==2 && len(Rhs)==1) or a ValueSpec (len(Names)==2 && len(Values)==1).
Effort: small, single file + testdata.
Task 2 — regexpcompileinfunction: package matched by identifier name, not type identity (FP + FN, CI-enforced)
Location:pkg/linters/regexpcompileinfunction/regexpcompileinfunction.go:72-82 (isRegexpCompileCall), enforced at .github/workflows/cgo.yml:1123.
False positive: a local/field named regexp of an unrelated type with a Compile/MustCompile method → flagged.
Impact: medium — the FP path can block CI on code that never touches regexp; the FN path silently drops a real performance finding. Both latent today.
Fix: resolve via pass.TypesInfo.ObjectOf(ident).(*types.PkgName).Imported().Path() == "regexp", mirroring the merged sortslice.go:58-67; pkg/linters/internal/astutil/astutil.go:72 already does the equivalent Imported().Path() check for "fmt".
Effort: small, single function; thread pass through and add go/types.
The syntactic_stdlib_match pattern continues to be the highest-yield land-arg: sortslice#38029 merged, ctxbackground#38789 open, and now regexpcompileinfunction filed. A new sibling pattern was recorded this run — parent-shape-too-narrow — where a linter gates safe/unsafe on a single direct-parent AST type but the safe construct also appears under other parents (ValueSpec, ParenExpr); this is the FP analogue of the recurring alias_intermediate_var_FN.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Executive Summary
Run R39 found no tool change (Serena LSP stable at 23 tools R4-39; custom-linter registry stable at 29, no 30th linter). With no new linter to anchor on, this run executed a 50/50 cached + new strategy targeting two fresh, never-before-audited linters that are both CI-enforced — so any false positive is a build-blocker. Two distinct, single-file precision issues were filed.
cmd/linters/main.go:52-80)Tool / Registry Update
activate_project --projectwarm.multichecker.Main,cmd/linters/main.go:52-80). No 30th linter appeared.regexpcompileinfunctionfrom the enforced set. The actual 14 enforced flags at.github/workflows/cgo.yml:1123are:errstringmatch panicinlibrarycode manualmutexunlock osexitinlibrary rawloginlib regexpcompileinfunction fprintlnsprintf strconvparseignorederror jsonmarshalignoredeerror uncheckedtypeassertion fmterrorfnoverbs tolowerequalfold httpnoctx timeafterleak. Both of this run's targets are in that list.Strategy: 50/50 Split
Cached half — proven
syntactic_stdlib_matchpattern. The strongest recurring land-arg in this project: a linter that identifies a stdlib call by comparing the package identifier's text (ident.Name == "pkg") instead of resolving package identity via the type checker. Already merged forsortslice(#38029) and open forctxbackground(#38789). Applied here to a fresh linter.New half — a never-audited, CI-enforced linter chosen for a parent-shape precision probe.
uncheckedtypeassertionwas read end-to-end (123 LOC); its comma-ok safe-form detection was found to recognize only one AST parent shape.Expected outcome: two small, single-file fixes with proven-acceptable shapes (the team lands single-file precision PRs in 1-2 days).
Findings & Generated Tasks
Task 1 — uncheckedtypeassertion: comma-ok safe form only recognized for AssignStmt (false positive, CI-enforced)
pkg/linters/uncheckedtypeassertion/uncheckedtypeassertion.go:76-82(parent check) and:99-101(isSafeTwoValueAssertion).parents[typeAssert]is an*ast.AssignStmt. The Go comma-ok form is equally valid in initialization, so two safe constructs have a different parent and are wrongly reported:var v, ok = x.(T)— parent is*ast.ValueSpec.v, ok := (x.(T))— parent is*ast.ParenExpr(theAssignStmtis a grandparent).var v, ok = x.(T)fails the build on legal, safe code and forces a spurious//nolint. Latent today (no prod trigger).*ast.ParenExprparents, then accept either anAssignStmt(len(Lhs)==2 && len(Rhs)==1) or aValueSpec(len(Names)==2 && len(Values)==1).Task 2 — regexpcompileinfunction: package matched by identifier name, not type identity (FP + FN, CI-enforced)
pkg/linters/regexpcompileinfunction/regexpcompileinfunction.go:72-82(isRegexpCompileCall), enforced at.github/workflows/cgo.yml:1123.isRegexpCompileCallreturnsident.Name == "regexp" && ...with nopass.TypesInfo. This is the same defect already merged forsortslice(sortslice precision: match sort.Slice/SliceStable via package identity (pass.TypesInfo), not the syntactic identifier name "sort [Content truncated due to length] #38029).import re "regexp"; re.MustCompile("...")→ident.Name == "re"→ missed.regexpof an unrelated type with aCompile/MustCompilemethod → flagged.regexp; the FN path silently drops a real performance finding. Both latent today.pass.TypesInfo.ObjectOf(ident).(*types.PkgName).Imported().Path() == "regexp", mirroring the mergedsortslice.go:58-67;pkg/linters/internal/astutil/astutil.go:72already does the equivalentImported().Path()check for"fmt".passthrough and addgo/types.Reconciliation (issues since last run)
scene_idgraph-integrity FN) and ssljson precision: duplicate scene/step IDs are silently deduped by map[string]bool — the spec's "unique IDs" Pass-4 rule is uni [Content truncated due to length] #39494 (ssljson unique-IDs gap) — both open and still unfixed in code:ssljson.go:61still parsesSSLStep.SceneIDwith no validation rule consuming it. No re-file.Metrics
Historical Context
The
syntactic_stdlib_matchpattern continues to be the highest-yield land-arg:sortslice#38029 merged,ctxbackground#38789 open, and nowregexpcompileinfunctionfiled. A new sibling pattern was recorded this run — parent-shape-too-narrow — where a linter gates safe/unsafe on a single direct-parent AST type but the safe construct also appears under other parents (ValueSpec,ParenExpr); this is the FP analogue of the recurringalias_intermediate_var_FN.Recommendations & Next-Run Focus (R40)
syntactic_stdlib_match(fprintlnsprintf,strconvparseignorederror,jsonmarshalignoredeerror,fmterrorfnoverbs,errstringmatch) — anyident.Name == <literal pkg>withoutTypesInfo.strconvparseignorederror, 88 LOC) for precision; avoid complex control-flow linters (execcommand-class lingers).cmd/linters/main.gofor a 30th linter.References:
Beta Was this translation helpful? Give feedback.
All reactions