cmd/vet: warn when errors.As target has type *error

[andig]

What version of Go are you using (go version)?

$ go version
go version go1.16.6 darwin/arm64

Does this issue reproduce with the latest release?

yes

What did you do?

Wrote this code https://play.golang.org/p/16cU0kc8Lku and wondered why the errors matched.

var Err = errors.New("sentinel")
err := errors.New("foo")
if errors.As(err, &Err) {
  fmt.Println("why?")
}

Discussion in https://groups.google.com/g/golang-nuts/c/MaYJy_IRbYA/m/uCHV6P87EQAJ?utm_medium=email&utm_source=footer

What did you expect to see?

Of course the code above is wrong, yet I didn't spot it. It would be nice if this kind of programming error could be detected:

• add a govet check that flags using plain errors with errors.As or
• @Merovius suggested errors.errorString should implement As() and return false, unless the pointers match.

I'm unsure if the latter is possible. It would strictly break BC (and the function's description). On the other hand ist should only change behaviour in cases that seem invalid from the start?

[Merovius]

I'm unsure if the latter is possible. It would strictly break BC (and the function's description).

I don't think it break the functions description. It is the purview of any error type to implement As() the way it sees fit.

It does change the behavior of errors.New, but I don't think there is any API contract about the returned error implementing or not implementing other methods than Error. So, I would argue it changes behavior, but it doesn't break compatibility - if a user relies on the current behavior, they rely on undocumented implementation details.

Lastly, even if it was breaking compatibility, there is a clear exception in the Go 1 compatibility contract for fixing bugs. It is the clear intent of errors.New to return unique sentinel errors. The current behavior of errors.As when used with such an error is clearly a bug.

We can still have a vet check to warn about it, but I think the bug should be fixed either way.

[andig]

I don't think it break the functions description.

I was referring to:

An error matches target if the error's concrete value is assignable to the value pointed to by target, or ...

The value here is assignable as types match. Having sentinel errors assignable in turn is more because we can't have const errors in Go...

[Merovius]

But the complete paragraph is

An error matches target if the error's concrete value is assignable to the value pointed to by target, or if the error has a method As(interface{}) bool such that As(target) returns true. In the latter case, the As method is responsible for setting target.

The existence of the As optional interface is specifically for cases like this, so that error types can overwrite the pure "assignability" behavior.

[Merovius]

Well, this is surprising behavior to me. I would've expected As to be tried first, but it seems it's only used as a fallback.
With errors.As as it is right now, implementing As actually doesn't do anything in this case. I wonder why it is written that way.

[andig]

That does indeed seem to contradict the wording of errors.As.

[bcmills]

Perhaps cmd/vet should be changed to warn when the second argument to errors.As is statically known to have type *error?

That is pretty much guaranteed to indicate a bug, because it is trivially true that the first argument (of type error) “is assignable to the value pointed to by” a second argument of type *error.

[bcmills]

CC @timothy-king

[neild]

That does indeed seem to contradict the wording of errors.As.

The relevant wording is: "An error matches target if the error's concrete value is assignable to the value pointed to by target"

In this case, the target has type *error so the concrete value is trivially assignable to *target. A vet check for this case seems like a good idea, since there is never a reason to pass an *error as the second parameter of errors.As.

[Merovius]

@neild I'm not really trying to nitpick wording, but I think it is unexpected that an error might have an As method which is not called if the error is assignable. I would imagine it to work like json.Unmarshaler, where the default behavior is simply overwritten by the optional interface.

[Merovius]

(If I were to nitpick wording, I'd argue that "X is the case if A or B. In the latter case, the method As is responsible…" seems to imply to me, that As should be called if B is true to determine the outcome of the conversion, regardless of whether or not A is also true)

[Merovius]

@bcmills Yes, @andig also suggested that check, though I didn't understand what he was saying at first. I do think it's a good idea. I still find the current behavior of As surprising.

[bcmills]

I think the current behavior is appropriate, if for no other reason than that pre-errors users of various APIs would use type-assertions to check whether an error is of a given type. Only falling back to the custom As method if the value is not assignable keeps As more consistent with those users, and makes it more of a drop-in replacement for a type assertion.