Staticcheck 2020.2 release notes
Performance improvements
The primary focus of this release is a major improvement in performance, significantly reducing memory usage while also reducing runtimes.
Package | 2020.1.6 | 2020.2 | Delta | Stats |
---|---|---|---|---|
image/color | 2.41s ±19% | 2.00s ±14% | -17.08% | p=0.000, n=10+10 |
k8s.io/kubernetes/pkg/... | 276s ± 1% | 219s ± 1% | -20.62% | p=0.000, n=10+10 |
net/http | 6.18s ± 1% | 5.61s ± 5% | -9.21% | p=0.000, n=8+10 |
std | 49.5s ± 1% | 42.5s ± 1% | -14.04% | p=0.000, n=9+10 |
strconv | 2.49s ± 9% | 2.19s ±12% | -12.08% | p=0.001, n=10+10 |
image/color | 167MB ±26% | 146MB ±19% | -12.62% | p=0.043, n=10+10 |
k8s.io/kubernetes/pkg/... | 2.14GB ± 1% | 0.45GB ±13% | -79.09% | p=0.000, n=10+10 |
net/http | 216MB ± 6% | 166MB ±18% | -23.11% | p=0.000, n=10+10 |
std | 972MB ± 3% | 284MB ± 9% | -70.82% | p=0.000, n=8+10 |
strconv | 155MB ±21% | 139MB ±29% | ~ | p=0.063, n=10+10 |
Package | 2020.1.6 | 2020.2 | Delta | Stats |
---|---|---|---|---|
image/color | 160ms ± 0% | 107ms ± 7% | -33.13% | p=0.000, n=8+10 |
k8s.io/kubernetes/pkg/... | 12.7s ± 1% | 6.9s ± 1% | -45.26% | p=0.000, n=9+10 |
net/http | 370ms ± 0% | 230ms ± 0% | -37.84% | p=0.000, n=8+8 |
std | 2.52s ± 1% | 1.31s ± 1% | -48.13% | p=0.000, n=10+9 |
strconv | 164ms ± 4% | 110ms ± 0% | -32.93% | p=0.000, n=10+10 |
image/color | 38.6MB ± 4% | 20.8MB ± 1% | -45.96% | p=0.000, n=9+10 |
k8s.io/kubernetes/pkg/... | 863MB ± 4% | 283MB ± 2% | -67.28% | p=0.000, n=10+10 |
net/http | 70.5MB ± 5% | 25.8MB ± 2% | -63.48% | p=0.000, n=10+9 |
std | 243MB ±16% | 73MB ± 8% | -70.00% | p=0.000, n=10+10 |
strconv | 37.2MB ± 2% | 21.3MB ± 1% | -42.76% | p=0.000, n=9+10 |
Package | 2020.1.6 | 2020.2 | Delta | Stats |
---|---|---|---|---|
image/color | 1.19s ±21% | 1.06s ±12% | ~ | p=0.115, n=10+8 |
k8s.io/kubernetes/pkg/... | 27.0s ± 2% | 22.4s ± 2% | -16.96% | p=0.000, n=10+10 |
net/http | 2.24s ±11% | 2.23s ±10% | ~ | p=0.870, n=10+10 |
std | 7.14s ± 5% | 5.10s ± 9% | -28.56% | p=0.000, n=10+9 |
strconv | 1.24s ±26% | 1.18s ±21% | ~ | p=0.753, n=10+10 |
image/color | 143MB ± 7% | 141MB ± 6% | ~ | p=0.515, n=8+10 |
k8s.io/kubernetes/pkg/... | 5.77GB ± 6% | 2.76GB ± 4% | -52.25% | p=0.000, n=10+10 |
net/http | 284MB ±10% | 226MB ±14% | -20.38% | p=0.000, n=10+10 |
std | 1.74GB ±10% | 1.15GB ±14% | -34.11% | p=0.000, n=10+10 |
strconv | 148MB ±18% | 144MB ±16% | ~ | p=0.579, n=10+10 |
Package | 2020.1.6 | 2020.2 | Delta | Stats |
---|---|---|---|---|
image/color | 96.0ms ± 6% | 80.0ms ± 0% | -16.67% | p=0.000, n=10+9 |
k8s.io/kubernetes/pkg/... | 4.64s ± 1% | 3.88s ± 0% | -16.22% | p=0.000, n=9+8 |
net/http | 216ms ± 3% | 167ms ± 4% | -22.69% | p=0.000, n=10+10 |
std | 1.09s ± 2% | 0.96s ± 2% | -12.20% | p=0.000, n=10+10 |
strconv | 100ms ± 0% | 87ms ± 8% | -13.00% | p=0.000, n=9+10 |
image/color | 46.4MB ± 3% | 24.1MB ± 5% | -48.08% | p=0.000, n=8+10 |
k8s.io/kubernetes/pkg/... | 1.38GB ± 9% | 0.27GB ± 1% | -80.29% | p=0.000, n=10+10 |
net/http | 80.7MB ±12% | 31.4MB ± 2% | -61.16% | p=0.000, n=10+8 |
std | 363MB ±12% | 75MB ± 7% | -79.30% | p=0.000, n=10+10 |
strconv | 48.5MB ± 6% | 24.4MB ± 3% | -49.72% | p=0.000, n=10+10 |
See commit 5cfc85b70e7b778eb76fd7338e538d7c9af21e4e for details on how these improvements have been achieved.
Furthermore, Staticcheck 2020.2 will skip very large packages (currently packages that are 50 MiB or larger), under the assumption that these packages contain bundled assets and aren’t worth analyzing. This might further reduce Staticcheck’s memory usage in your projects.
Changes to the detection of unused code
Removal of whole-program mode and changes to the handling of exported identifiers
The aforementioned performance improvements necessitate some changes to the U1000 check (also known as unused).
The most visible change is the removal of the whole program mode.
This mode, which analyzed an entire program and reported unused code even if it is exported,
did not work well with the kind of caching that we use in Staticcheck.
Even in previous versions, it didn’t always work correctly and may have caused flaky results,
depending on the state of the cache and the order of staticcheck
invocations.
The whole-program mode may be revived in the future as a standalone tool,
with the understanding that this mode of operation is inherently more expensive than staticcheck
.
In the meantime, if you depend on this functionality and can tolerate its bugs, you should continue using Staticcheck 2020.1.
As part of improving the correctness of U1000, changes were made to the normal mode as well.
In particular, all exported package-level identifiers will be considered used from now on,
even if these identifiers are declared in package main
or tests, even if they are otherwise unused.
Exported identifiers in package main
can be used in ways invisible to us, for example via the plugin
build mode.
For tests, we would run into the same kind of issues as we did with the whole program mode.
Improvements
The //lint:ignore
directive now works more intelligently with the U1000 check.
In previous versions, the directive would only suppress the output of a diagnostic. For example, for the following example
package pkg
//lint:ignore U1000 This is fine.
func fn1() { fn2() }
func fn2() {}
Staticcheck would emit the following output:
foo.go:6:6: func fn2 is unused (U1000)
as it would only suppress the diagnostic for fn1
.
Beginning with this release, the directive instead actively marks the identifier as used,
which means that any transitively used code will also be considered used, and no diagnostic will be reported for fn2
.
Similarly, the //lint:file-ignore
directive will consider everything in a file used, which may transitively mark code in other files used, too.
UI improvements
We’ve made some minor improvements to the output and behavior of the staticcheck
command:
- the command now prints instructions on how to look up documentation for checks
- output of the
-explain
flag includes a link to the online documentation - a warning is emitted when a package pattern matches no packages
- unmatched ignore directives cause
staticcheck
to exit with a non-zero status code
Changes to versioning scheme
Staticcheck releases have two version numbers: one meant for human consumption and one meant for consumption by machines, via Go modules.
For example, the previous release was both 2020.1.6
(for humans) and v0.0.1-2020.1.6
(for machines).
In previous releases, we’ve tried to include the human version in the machine version, by using the v0.0.1-<human version>
scheme.
However, this scheme had various drawbacks.
For this and future releases we’ve switched to a more standard scheme for machine versions: v0.<minor>.<patch>
.
Minor will increase by one for every feature release of Staticcheck,
and patch will increase by one for every bugfix release of Staticcheck,
resetting to zero on feature releases.
For example, this release is both 2020.2
and v0.1.0
.
A hypothetical 2020.2.1
would be v0.1.1
, and 2021.1
will be v0.2.0
.
This new versioning scheme fixes various issues when trying to use Staticcheck as a Go module.
It will also allow us to make true pre-releases in the future.
Documentation on the website, as well as the output of staticcheck -version
, will include both version numbers, to make it easier to associate the two.
For detailed information on how we arrived at this decision, see the discussion on issue 777.
Checks
New checks
The following new checks have been added:
- SA4023 flags impossible comparisons of interface values with untyped nils
- SA5012 flags function calls with slice arguments that aren’t the right length
- SA9006 flags dubious bit shifts of fixed size integers
Changed checks
Several checks have been improved:
- S1030 no longer recommends replacing
m[string(buf.Bytes())]
withm[buf.String()]
, as the former gets optimized by the compiler - S1008 no longer incorrectly suggests that the negation of
>=
is<=
- S1029 and {{ check “SA6003” }} now also check custom types with underlying type
string
- SA1019 now recognizes deprecation notices that aren’t in the last paragraph of a comment
- SA1019 now emits more precise diagnostics for deprecated code in the standard library
- SA4006 no longer flags assignments where the value is a typed nil
- SA5011 is now able to detect more functions that never return, thus reducing the number of false positives
- SA9004 no longer assumes that constants belong to the same group when they have different types
- Automatic fixes for SA9004 inside gopls no longer incorrectly duplicate comments
- ST1003 no longer complains about ALL_CAPS in variable names that don’t contain any letters
- Incorrect position information in various checks have been fixed
- Crashes in various checks have been fixed
Staticcheck 2020.2.1 release notes
This release eliminates some false negatives as well as false positives, makes the staticcheck
command less noisy and fixes a potential security issue.
- SA4020 no longer claims that
case nil
is an unreachable case in a type switch. - S1025 no longer marks uses of
Printf
as unnecessary when the printed types implement thefmt.Formatter
interface. - Various checks may now detect bugs in conditional code that were previously missed. This was a regression introduced in Staticcheck 2020.1.
- The
staticcheck
command no longer reminds the user of the-explain
flag every time problems are found. This was deemed too noisy. - We’ve updated our dependency on
golang.org/x/tools
to guard against arbitrary code execution on Windows. Note that to be fully safe, you will also have to update your installation of Go. See the Command PATH security in Go article by the Go authors for more information on this potential vulnerability.
Staticcheck 2020.2.2 release notes
This release fixes a rare crash in Staticcheck, reduces the number of false positives, and adds support for Go 1.16’s io/fs.FileMode
type.
- SA9002 now supports the new
io/fs.FileMode
type in addition toos.FileMode
. - Various checks no longer crash when analyzing nested function calls involving multiple return values.
- SA1006 no longer flags
Printf
calls of the formPrintf(fn())
whenfn
has multiple return values. - Staticcheck now understands the effects of
github.com/golang/glog
on a function’s control flow.
Staticcheck 2020.2.3 release notes
This release fixes a false positive in U1000. See issue 942 for an example.
Staticcheck 2020.2.4 release notes
This release fixes the following issues:
- A false positive in S1017 when the
len
function has been shadowed - A bug in Staticcheck’s intermediate representation that would lead to nonsensical reports claiming that a value isn’t being used when it is definitely being used (see issues 949 and 981 for more information)
- A rare crash (see issue 972 for more information)