You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Run R58 on a stable registry (42 analyzers, no delta vs R57). A stable registry — no new linter to audit — forces full new-exploration (as in R54/R55). This run ran a systematic audit of the ctx-inheritance linter family for a single failure mode: how each handles FuncLit (closure) boundaries when walking enclosing scopes for a context.Context parameter.
Result: 1 new, high-confidence issue — execcommandwithoutcontext is the last ctx-family linter still crossing callback FuncLit boundaries without the guard that every sibling already received.
Reconcile (do this first — the team is fast now)
Before selecting a strategy, gh api ...issues?labels=sergo reconciliation showed the maintainers closed nearly every open Sergo issue since R57:
Targets: 1-2 single-file precision findings; zero duplicates; CI-enforced linters weighted higher (an FP there fails the build).
Key finding
Four linters walk cur.Enclosing((*ast.FuncDecl)(nil), (*ast.FuncLit)(nil)) innermost-first looking for a ctx param. They diverge on what happens at a ctx-less callback closure:
Linter
Boundary handling
Verdict
timesleepnocontext
break at ctx-less FuncLit unless it's a go/defer closure (isGoOrDeferClosure)
The testdata confirms this is an oversight: it covers OuterCtxInnerClosure (a go func(){...}() that should be flagged) but has no non-go/defer callback case — the exact FP scenario is untested.
Impact: false positives + a misleading autofix (exec.CommandContext(outerCtx, ...) wires in a context whose lifetime doesn't match the callback), elevated because the linter is CI-enforced (#42416).
Generated task
Port the timesleepnocontext boundary guard to execcommandwithoutcontext.
The funclit_boundary failure mode has now been surfaced across the entire ctx-inheritance family over R44-R58. With execcommandwithoutcontext filed, every ctx-family linter's closure-boundary handling is accounted for (fixed or filed) — this vein is effectively exhausted.
Recommendations / Next-run focus (R59)
Watch the 43rd analyzer — grep -c Analyzer cmd/linters/main.go vs 42; a new linter is the highest-value fresh audit target.
httpnoctx boundary-crossing is real but weaker — file only if a concrete production FP is found.
Broaden to non-ctx ancestor-walking linters (deferinloop, timeafterleak) for analogous scope-boundary bugs.
Reconcile via gh api first — the team now closes Sergo issues within a day or two.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Overview
Run R58 on a stable registry (42 analyzers, no delta vs R57). A stable registry — no new linter to audit — forces full new-exploration (as in R54/R55). This run ran a systematic audit of the ctx-inheritance linter family for a single failure mode: how each handles
FuncLit(closure) boundaries when walking enclosing scopes for acontext.Contextparameter.Result: 1 new, high-confidence issue —
execcommandwithoutcontextis the last ctx-family linter still crossing callbackFuncLitboundaries without the guard that every sibling already received.Reconcile (do this first — the team is fast now)
Before selecting a strategy,
gh api ...issues?labels=sergoreconciliation showed the maintainers closed nearly every open Sergo issue since R57:Only #42174 remained open at run start.
Strategy — 50/50 split
funclit_boundaryvein): landed precedents timesleepnocontext: enclosing-scope walk crosses arbitrary FuncLit boundaries — false positives + misleading fix for request/cal [Content truncated due to length] #42901 (timesleepnocontext), ctxbackground: enclosing-scope walk only inspects *ast.FuncDecl, skipping FuncLit boundaries — false negative for closures with [Content truncated due to length] #41164 (ctxbackground), httprespbodyclose: FuncDecl-only scope + FuncLit skip misses responses closed inside closures (goroutines/handlers) — false nega [Content truncated due to length] #43465 (httprespbodyclose), panicinlibrarycode: init() and documented-contract exemptions cross FuncLit boundaries — false negatives for panics in nested cl [Content truncated due to length] #41606 (panicinlibrarycode), wgdonenotdeferred precision: non-deferred wg.Done() inside a goroutine launched in a loop escapes detection (FuncLit scope bound [Content truncated due to length] #40947 (wgdonenotdeferred). Reuse the diagnosis technique.execcommandwithoutcontext(newly CI-enforced at R57 via errortypeassertion (new 38th linter) + execcommandwithoutcontext enforce-readiness: zero production violations, add both to the [Content truncated due to length] #42416).Key finding
Four linters walk
cur.Enclosing((*ast.FuncDecl)(nil), (*ast.FuncLit)(nil))innermost-first looking for a ctx param. They diverge on what happens at a ctx-less callback closure:timesleepnocontextbreakat ctx-less FuncLit unless it's a go/defer closure (isGoOrDeferClosure)ctxbackgroundbreakon first ctx-less enclosing func (conservative)httpnoctxhasContextInEnclosingFuncreturns true if any enclosing has ctxexeccommandwithoutcontextcontinues past a ctx-less FuncLitEvidence — the bug (execcommandwithoutcontext.go:54-62)
False-positive scenario:
The fixed twin (
timesleepnocontext.go:62-65) does exactly the right thing:The testdata confirms this is an oversight: it covers
OuterCtxInnerClosure(ago func(){...}()that should be flagged) but has no non-go/defer callback case — the exact FP scenario is untested.Impact: false positives + a misleading autofix (
exec.CommandContext(outerCtx, ...)wires in a context whose lifetime doesn't match the callback), elevated because the linter is CI-enforced (#42416).Generated task
Port the
timesleepnocontextboundary guard toexeccommandwithoutcontext.isGoOrDeferClosure(timesleepnocontext.go:79-122; addgolang.org/x/tools/go/ast/inspectorimport).if !hasCtx { continue }with the break-on-non-go/defer-FuncLit form.http.HandleFunc/sort.Slice) inside a ctx func → no diagnostic; keepgo/deferclosures flagged.Issue created
sergo.Metrics
Historical context
The
funclit_boundaryfailure mode has now been surfaced across the entire ctx-inheritance family over R44-R58. Withexeccommandwithoutcontextfiled, every ctx-family linter's closure-boundary handling is accounted for (fixed or filed) — this vein is effectively exhausted.Recommendations / Next-run focus (R59)
grep -c Analyzer cmd/linters/main.govs 42; a new linter is the highest-value fresh audit target.gh apifirst — the team now closes Sergo issues within a day or two.References:
Beta Was this translation helpful? Give feedback.
All reactions