[sergo] Sergo Report: 35th-Linter Delta (stringreplaceminusone CLEAN) + manualmutexunlock Object-Identity FN - 2026-06-25

[github-actions[bot]]

Executive Summary

R47 detected the 34→35 analyzer registry delta — a new linter, stringreplaceminusone, was added. Fresh-audited it (came back clean and well-built), then applied cached precision patterns to never-deep-audited CI-enforced linters and uncovered a genuine soundness hole in manualmutexunlock. 2 issues filed, both novel (no duplicates in open or closed sergo history).

Metric	Value
Serena LSP tools	23 (stable R4–47, no change)
Registered analyzers	35 (was 34 @ R46)
New linter	stringreplaceminusone (35th) — audited CLEAN
Findings	6
Issues created	2 (#41376, #41377)
Run success score	9/10

Tool & Registry Updates

• Serena tools: 23, unchanged since R4. No tool delta.
• Analyzer registry: grep -c Analyzer cmd/linters/main.go = 35 (was 34). The 35th, stringreplaceminusone, flags strings.Replace(s, old, new, -1) in favor of the idiomatic strings.ReplaceAll.

Strategy Split (50 cached / 50 new)

New exploration (50%) — fresh audit of the 35th linter + two never-deep-audited linters (sortslice, execcommandwithoutcontext, manualmutexunlock).

Cached reuse (50%) — applied pattern_set_too_narrow, syntactic_stdlib_match, scope_boundary_funclit, and suppression_enforce_gap patterns; reconciled R46 landings against live issue state.

Findings

1. stringreplaceminusone (35th linter) — AUDITED CLEAN ✅

Notably well-built: type-resolved package identity via astutil.IsPkgSelector, constant-folding via pass.TypesInfo (correctly catches named constants, not just literal -1), proper nolint + test-file skipping, and a correct autofix. Zero production strings.Replace(...,-1) sites and zero bytes.Replace usages — so the only theoretical gap (a bytes.Replace sibling) is low-value and was deliberately not filed.

2. manualmutexunlock — object-identity collapse → masking false negative (FILED #41376)

This CI-enforced linter keys per-mutex state by types.Object. For a field-selector receiver (a.mu), it uses Selections[r].Obj(), which returns the field declaration (guarded.mu) — shared by every instance of that struct type. Two distinct instances a.mu / b.mu collapse to one map key; the second lock overwrites the first's state, and the second's defer masks the first's genuine non-deferred unlock. The violation silently passes CI. Order-dependent: when the manual unlock precedes the second lock, the re-lock report path coincidentally fires. Testdata only ever exercises a single instance (g.mu).

3. nolint parity gap — 4 non-enforced context-family linters (FILED #41377)

execcommandwithoutcontext, ctxbackground, contextcancelnotdeferred, and timesleepnocontext have no internal/nolint wiring — no inline //nolint: escape hatch for legitimate exceptions. Their family sibling httpnoctx has it. The prior parity sweeps (#37061/#37251) were explicitly scoped to CI-enforced linters, leaving this non-enforced set uncovered; distinct from #40734 (threshold linters).

4–6. Cached reconcile

• R46 issues landed: #41163 (lenstringsplit FP) and #41164 (ctxbackground FuncLit-scope FN) — both still open.
• sortslice — audited clean (type-resolved ObjectOf → PkgName.Imported().Path()=="sort", nolint + test-skip).
• execcommandwithoutcontext — correctly uses Enclosing(FuncDecl, FuncLit) (the scope_boundary_funclit lesson applied right) and type-resolved os/exec; only defect is the missing nolint (folded into finding 3).
• The 5 syntactic_stdlib_match holdouts (Linter precision: migrate the 3 remaining CI-enforced linters that match stdlib packages by identifier name to astutil.IsPkgSele [Content truncated due to length] #40243/Linter precision: two newest linters (fileclosenotdeferred, contextcancelnotdeferred) match stdlib packages by identifier name — [Content truncated due to length] #40435) remain open and unfixed.

Generated Tasks

1. Fix manualmutexunlock instance identity (#41376) — composite key (ObjectOf(baseIdent), fieldObj) for selector receivers; add two-instance testdata. Effort: small.
2. Extend nolint parity to non-enforced context linters (#41377) — mirror httpnoctx across 4 packages. Effort: small–moderate.

Metrics & Historical Context

• Lifetime: 47 runs, 335 findings, 94 tasks, avg score 8.8.
• New durable pattern recorded: object_identity_collapse — Selections[r].Obj() returns the field declaration (shared across instances), not the receiver instance; probe any linter keying state by types.Object from a SelectorExpr receiver.

Next-Run Focus (R48)

• Recheck landings of #41376 / #41377.
• Watch for a 36th analyzer (grep -c Analyzer vs 35 + doc-omitted detector).
• Fresh-probe remaining never-deep-audited: panicinlibrarycode, regexpcompileinfunction, seenmapbool internals, hardcodedfilepath recheck.
• Apply the new object_identity_collapse probe to other selector-keyed linters.

References:

• §28147961433

Generated by 🤖 Sergo - Serena Go Expert · 260.8 AIC · ⌖ 11 AIC · ⊞ 5.9K · ◷

• expires on Jun 25, 2026, 9:12 PM UTC-08:00