Staticcheck 2020.2 release notes

Performance improvements

The primary focus of this release is a major improvement in performance, significantly reducing memory usage while also reducing runtimes.

Uncached, GOMAXPROCS=1
Package2020.1.62020.2DeltaStats
image/color2.41s ±19%2.00s ±14%-17.08%p=0.000, n=10+10
k8s.io/kubernetes/pkg/...276s ± 1%219s ± 1%-20.62%p=0.000, n=10+10
net/http6.18s ± 1%5.61s ± 5%-9.21%p=0.000, n=8+10
std49.5s ± 1%42.5s ± 1%-14.04%p=0.000, n=9+10
strconv2.49s ± 9%2.19s ±12%-12.08%p=0.001, n=10+10
image/color167MB ±26%146MB ±19%-12.62%p=0.043, n=10+10
k8s.io/kubernetes/pkg/...2.14GB ± 1%0.45GB ±13%-79.09%p=0.000, n=10+10
net/http216MB ± 6%166MB ±18%-23.11%p=0.000, n=10+10
std972MB ± 3%284MB ± 9%-70.82%p=0.000, n=8+10
strconv155MB ±21%139MB ±29%~p=0.063, n=10+10
Cached, GOMAXPROCS=1
Package2020.1.62020.2DeltaStats
image/color160ms ± 0%107ms ± 7%-33.13%p=0.000, n=8+10
k8s.io/kubernetes/pkg/...12.7s ± 1%6.9s ± 1%-45.26%p=0.000, n=9+10
net/http370ms ± 0%230ms ± 0%-37.84%p=0.000, n=8+8
std2.52s ± 1%1.31s ± 1%-48.13%p=0.000, n=10+9
strconv164ms ± 4%110ms ± 0%-32.93%p=0.000, n=10+10
image/color38.6MB ± 4%20.8MB ± 1%-45.96%p=0.000, n=9+10
k8s.io/kubernetes/pkg/...863MB ± 4%283MB ± 2%-67.28%p=0.000, n=10+10
net/http70.5MB ± 5%25.8MB ± 2%-63.48%p=0.000, n=10+9
std243MB ±16%73MB ± 8%-70.00%p=0.000, n=10+10
strconv37.2MB ± 2%21.3MB ± 1%-42.76%p=0.000, n=9+10
Uncached, GOMAXPROCS=32
Package2020.1.62020.2DeltaStats
image/color1.19s ±21%1.06s ±12%~p=0.115, n=10+8
k8s.io/kubernetes/pkg/...27.0s ± 2%22.4s ± 2%-16.96%p=0.000, n=10+10
net/http2.24s ±11%2.23s ±10%~p=0.870, n=10+10
std7.14s ± 5%5.10s ± 9%-28.56%p=0.000, n=10+9
strconv1.24s ±26%1.18s ±21%~p=0.753, n=10+10
image/color143MB ± 7%141MB ± 6%~p=0.515, n=8+10
k8s.io/kubernetes/pkg/...5.77GB ± 6%2.76GB ± 4%-52.25%p=0.000, n=10+10
net/http284MB ±10%226MB ±14%-20.38%p=0.000, n=10+10
std1.74GB ±10%1.15GB ±14%-34.11%p=0.000, n=10+10
strconv148MB ±18%144MB ±16%~p=0.579, n=10+10
Cached, GOMAXPROCS=32
Package2020.1.62020.2DeltaStats
image/color96.0ms ± 6%80.0ms ± 0%-16.67%p=0.000, n=10+9
k8s.io/kubernetes/pkg/...4.64s ± 1%3.88s ± 0%-16.22%p=0.000, n=9+8
net/http216ms ± 3%167ms ± 4%-22.69%p=0.000, n=10+10
std1.09s ± 2%0.96s ± 2%-12.20%p=0.000, n=10+10
strconv100ms ± 0%87ms ± 8%-13.00%p=0.000, n=9+10
image/color46.4MB ± 3%24.1MB ± 5%-48.08%p=0.000, n=8+10
k8s.io/kubernetes/pkg/...1.38GB ± 9%0.27GB ± 1%-80.29%p=0.000, n=10+10
net/http80.7MB ±12%31.4MB ± 2%-61.16%p=0.000, n=10+8
std363MB ±12%75MB ± 7%-79.30%p=0.000, n=10+10
strconv48.5MB ± 6%24.4MB ± 3%-49.72%p=0.000, n=10+10

See commit 5cfc85b70e7b778eb76fd7338e538d7c9af21e4e for details on how these improvements have been achieved.

Furthermore, Staticcheck 2020.2 will skip very large packages (currently packages that are 50 MiB or larger), under the assumption that these packages contain bundled assets and aren’t worth analyzing. This might further reduce Staticcheck’s memory usage in your projects.

Changes to the detection of unused code

Removal of whole-program mode and changes to the handling of exported identifiers

The aforementioned performance improvements necessitate some changes to the U1000 check (also known as unused).

The most visible change is the removal of the whole program mode. This mode, which analyzed an entire program and reported unused code even if it is exported, did not work well with the kind of caching that we use in Staticcheck. Even in previous versions, it didn’t always work correctly and may have caused flaky results, depending on the state of the cache and the order of staticcheck invocations.

The whole-program mode may be revived in the future as a standalone tool, with the understanding that this mode of operation is inherently more expensive than staticcheck. In the meantime, if you depend on this functionality and can tolerate its bugs, you should continue using Staticcheck 2020.1.

As part of improving the correctness of U1000, changes were made to the normal mode as well. In particular, all exported package-level identifiers will be considered used from now on, even if these identifiers are declared in package main or tests, even if they are otherwise unused. Exported identifiers in package main can be used in ways invisible to us, for example via the plugin build mode. For tests, we would run into the same kind of issues as we did with the whole program mode.

Improvements

The //lint:ignore directive now works more intelligently with the U1000 check. In previous versions, the directive would only suppress the output of a diagnostic. For example, for the following example

package pkg

//lint:ignore U1000 This is fine.
func fn1() { fn2() }

func fn2() {}

Staticcheck would emit the following output:

foo.go:6:6: func fn2 is unused (U1000)

as it would only suppress the diagnostic for fn1.

Beginning with this release, the directive instead actively marks the identifier as used, which means that any transitively used code will also be considered used, and no diagnostic will be reported for fn2. Similarly, the //lint:file-ignore directive will consider everything in a file used, which may transitively mark code in other files used, too.

UI improvements

We’ve made some minor improvements to the output and behavior of the staticcheck command:

  • the command now prints instructions on how to look up documentation for checks
  • output of the -explain flag includes a link to the online documentation
  • a warning is emitted when a package pattern matches no packages
  • unmatched ignore directives cause staticcheck to exit with a non-zero status code

Changes to versioning scheme

Staticcheck releases have two version numbers: one meant for human consumption and one meant for consumption by machines, via Go modules. For example, the previous release was both 2020.1.6 (for humans) and v0.0.1-2020.1.6 (for machines).

In previous releases, we’ve tried to include the human version in the machine version, by using the v0.0.1-<human version> scheme. However, this scheme had various drawbacks. For this and future releases we’ve switched to a more standard scheme for machine versions: v0.<minor>.<patch>. Minor will increase by one for every feature release of Staticcheck, and patch will increase by one for every bugfix release of Staticcheck, resetting to zero on feature releases.

For example, this release is both 2020.2 and v0.1.0. A hypothetical 2020.2.1 would be v0.1.1, and 2021.1 will be v0.2.0. This new versioning scheme fixes various issues when trying to use Staticcheck as a Go module. It will also allow us to make true pre-releases in the future.

Documentation on the website, as well as the output of staticcheck -version, will include both version numbers, to make it easier to associate the two.

For detailed information on how we arrived at this decision, see the discussion on issue 777.

Checks

New checks

The following new checks have been added:

  • SA4023 flags impossible comparisons of interface values with untyped nils
  • SA5012 flags function calls with slice arguments that aren’t the right length
  • SA9006 flags dubious bit shifts of fixed size integers

Changed checks

Several checks have been improved:

  • S1030 no longer recommends replacing m[string(buf.Bytes())] with m[buf.String()], as the former gets optimized by the compiler
  • S1008 no longer incorrectly suggests that the negation of >= is <=
  • S1029 and {{ check “SA6003” }} now also check custom types with underlying type string
  • SA1019 now recognizes deprecation notices that aren’t in the last paragraph of a comment
  • SA1019 now emits more precise diagnostics for deprecated code in the standard library
  • SA4006 no longer flags assignments where the value is a typed nil
  • SA5011 is now able to detect more functions that never return, thus reducing the number of false positives
  • SA9004 no longer assumes that constants belong to the same group when they have different types
  • Automatic fixes for SA9004 inside gopls no longer incorrectly duplicate comments
  • ST1003 no longer complains about ALL_CAPS in variable names that don’t contain any letters
  • Incorrect position information in various checks have been fixed
  • Crashes in various checks have been fixed

Staticcheck 2020.2.1 release notes

This release eliminates some false negatives as well as false positives, makes the staticcheck command less noisy and fixes a potential security issue.

  • SA4020 no longer claims that case nil is an unreachable case in a type switch.
  • S1025 no longer marks uses of Printf as unnecessary when the printed types implement the fmt.Formatter interface.
  • Various checks may now detect bugs in conditional code that were previously missed. This was a regression introduced in Staticcheck 2020.1.
  • The staticcheck command no longer reminds the user of the -explain flag every time problems are found. This was deemed too noisy.
  • We’ve updated our dependency on golang.org/x/tools to guard against arbitrary code execution on Windows. Note that to be fully safe, you will also have to update your installation of Go. See the Command PATH security in Go article by the Go authors for more information on this potential vulnerability.

Staticcheck 2020.2.2 release notes

This release fixes a rare crash in Staticcheck, reduces the number of false positives, and adds support for Go 1.16’s io/fs.FileMode type.

  • SA9002 now supports the new io/fs.FileMode type in addition to os.FileMode.
  • Various checks no longer crash when analyzing nested function calls involving multiple return values.
  • SA1006 no longer flags Printf calls of the form Printf(fn()) when fn has multiple return values.
  • Staticcheck now understands the effects of github.com/golang/glog on a function’s control flow.

Staticcheck 2020.2.3 release notes

This release fixes a false positive in U1000. See issue 942 for an example.

Staticcheck 2020.2.4 release notes

This release fixes the following issues:

  • A false positive in S1017 when the len function has been shadowed
  • A bug in Staticcheck’s intermediate representation that would lead to nonsensical reports claiming that a value isn’t being used when it is definitely being used (see issues 949 and 981 for more information)
  • A rare crash (see issue 972 for more information)