-
-
Notifications
You must be signed in to change notification settings - Fork 379
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
staticcheck: Add per file (or generated) ignores #429
Comments
Do ed and sed fall under “dedicated command installed”? They are installed on pretty much any unix-like system. |
@ainar-g that would be somewhere between hack and dedicated command. The point is that it would be additional complexity in our setup, and adding platform restrictions for a rather small thing. |
I used to use this hack with errcheck back in the days: $ errcheck | grep -v badfile.go && exit 1 || exit 0 grep will exit with 0 if it finds any lines that do not contain This is still a hack, but it doesn't require any modification of the generated file itself. |
I feel your pain, but I'd strongly recommend fixing the generator instead, either by not emitting the comparison, or (more likely) to emit the There is the |
First, thanks for great tool. As you may know,
In this case my type is alias to stringer + unsigned type feels like big enough special case. It would be far worse if Go didn't passive-aggressively push signed On the constructive side, can we have something like following please?
That is:
|
It seems As for now the |
How on the world you expect to force every maintainer of every generator ever to obey this stupid rule? What if I'd write my own linter and force everyone to add a comment to all generated files in the world? This is quite sad to read. The shortsightedness and stupidity. How is having a config file for each linter different than forcing all library maintainers to change their habits and code? I think config file is better, it's easier to migrate if you mess up the comment format. The push should be soft and voluntary and not hard, as we see here. It's not even about the command line flag. Even if it's deprecated, so be it. You could at least migrate the ignoring capabilities to the config file. These comments about unusefulness are waste of everyone's time. Including yours. Summary:
|
@Invertisment - While I think you could/should be a bit more diplomatic, but largely I agree with your points. Remember, however, this is @dominikh project, and he can make the decisions he wants. To me, adding this functionality is a perfectly pragmatic solution. Someone may have the time for fixing it upstream, but I don't. So I can't use this tool. |
You are right, it completely depends on the author. Also I didn't consider a different usecase: |
Your rant refers to both "generator" and "library", and it's hard for me to tell if these two are being conflated, or if you're ranting about two different things. I'll assume you're talking about two different issues and will respond as such.
I expect the majority of code generators to fall into one of two categories:
It's also rather simple to pipe the output of a code generator through a post-processing step that adds the required ignore directives to the file. A simple combination of cat and echo will do.
Good news! You get to be the new maintainer.
This seems like an overly specific and peculiar scenario. It's assuming that a) you want to use an older version b) the older version doesn't already have the necessary directives c) the older version triggers a warning by staticcheck. This seems extremely unlikely. If it ever does occur, then the solutions I outlined above apply.
That is unfortunate. I think I've been rather clear about how the
Library authors are free not to use staticcheck. If they do decide to use staticcheck, they are clearly okay with its requirements. Them not using staticcheck (and in turn our linter directives) doesn't affect the users of said libraries, unless they're linting their dependencies. If you are linting your dependencies you implicitly expect them to conform to your project's standards. If they don't, it's on you to fix that. In my opinion, it should be obvious that using
You can already disable checks on a per-subtree basis by using configuration files.
While it's not easy, it's by no means impossible. There is a limited number of successful linters, and a limited number of well-designed linter directives. We have proposed our format, and it's my hope that other linters will follow suit. The only other relevant format that currently exists is As Go's tooling ecosystem evolves, and tools like gopls become more commonplace, we'll definitely have to agree on a way of ignoring problems. If we come up with a better format in the process, staticcheck will support it.
You're welcome to take part in a civilised discussion. You're not welcome to come to my project and insult me. Rants like these are a much larger waste of my time than having a proper discussion, especially if they disregard all arguments already made. If you don't like the way I run my project, then you're free not to use it. You can even tell your friends how much I suck. But I won't be insulted in my own home. Please take that into consideration should you wish to provide input in the future. It's my goal to write a tool that is both useful and matches my ideas on maintainability. Arguments can change my mind on certain things, being hostile can't. |
Do you have somewhere a description of different categories of checks? In our project, for example, we ignore the following staticcheck's failures (with
I'd say the both checks should be treated as "simplifications", taking into account the second one is triggered by the following generated code: key := in.UnsafeString()
switch key {
default:
in.SkipRecursive()
} Obviously, these both cases can (and likely should) be improved. My question is about priorities: do I have to postpone staticcheck integration into our 300+K lines of non-vendored-code project, fork all generators, fix them, wait for approvals from maintainers, schedule the update, move forward with staticcheck. Or should I integrate the tool now, making it save man-hours for code-reviews and go with other issues? |
http://staticcheck.dev/docs/checks has a list of all checks, and descriptive headers for the categories. I've copied them out for your convenience:
They can be summarized as S for simplifications, SA for correctness, ST for style (and U for unused identifiers).
The fact that we flag the
I couldn't deduce whether this is a rhetorical question. |
We ran into this issue at work when we started enforcing staticcheck on more of our codebase. One of the generators was unmaintained, and generated capitalized errors. We fixed it by switching to a fork of the generator that had been updated to fix those errors. I generally agree with the current approach. If the generated code we use has any potential bugs, I want to know about it. It also occurs to me that it should be possible to add
This example uses |
Ran into this issue again. With ST1016 (methods on the same type should have the same receiver name) on generated code. Unless something has been added, again, I am without many options other than globally disable this check. I don't control the generator, and honestly I wouldn't expect the author to fix this. I don't want to hack in Needless to say this is frustrating. |
Since we already have a config file, why can't we be given the option to add it like @temoto proposes above? |
Beginning with Staticcheck 2020.1, ST1016 no longer considers receivers in generated code. That seems preferable to everyone having to add their own ignores. As for temato's option: it suffers from most of the same problems that the |
Cool. I will try the update 👍 |
Well, re my issue, now I'm left with more generated files problems: Click to expand!
Again, unable to skip it. As for your reasons, you say yourself that:
So I can...
The configuration exists in a repo. The code referred to is in the same repo. The code does not live in isolation. I hope you will reconsider this. |
Hi, I'm probably going to drop staticcheck from our repo because of this. We have some extremely large generated files that we can't stop staticcheck from trying to parse, It manages to eat up north of 64GB of ram on my machine doing so. The inability to tell staticcheck to not look at a package simply means that staticcheck does not scale to large projects with large demands. No one expects staticcheck to do with with 100mb+ go files, but we all expect to be able to control the behaviour of our tooling in simple and easy ways staticcheck fails in this reguard. Comment ignores are worthless because they come after a parse that has taken several minutes to happen. |
@gordallott That is a very valid issue, but it is different from the one discussed here. Even if #429 were addressed, staticcheck would still need to parse, type-check and analyze the package, to deduce facts about it, to use these facts when analyzing those packages that depend on the large asset package. Ignores, however, are processed after the fact. They are merely used to reduce the list of problems found after we're done analyzing everything. Instead, we need a mechanism that skips packages entirely, and treats them as black boxes, only relying on the type information exposed by the compiler's export data. This will introduce some inaccuracy when analyzing dependents, and we must carefully evaluate whether this will lead to any false positives. The likelihood of that is low, however. Asset packages are unlikely to contain functions that act on control flow or otherwise modify the behavior of a program, other than providing binary data. Note, however, that we cannot do any better than this. We cannot ignore a package completely (that is, not even load its type information from export data), unless we also ignore all packages that depend on the package, recursively. Doing so seems undesirable to me. I don't think, however, that handling this should require user intervention, i.e. an explicit list of packages to skip. We're well able to detect the size of files and skip packages that are absurdly large. We can also detect patterns common to asset generation without having to parse the file. I would rather focus my time on handling these cases automatically, than introduce a new knob that people need to discover first. I will file a separate issue for this soon, for further discussion. |
@klauspost Configuration files apply to trees of packages; a single repository can contain more than one configuration file. Consider this structure:
You can add a configuration file to the asset package and disable the undesired checks. For more information on configuration files, their tree structure, and how to inherit settings from higher up the tree, see https://staticcheck.dev/docs/#configuration |
@dominikh You are assuming that projects use a certain structure. There are a lot of existing projects where a huge chunk of code is in a single package. The receiver issue was in the package above. While we can agree that isn't usually a good structure for projects I have seen it many times both in public and non-public codebases. So you are proposing 2) Export generated code and move to a separate package? IMO having to move and export generated code to separate packages just because you cannot tweak which files are picked up or which checks are applied on a file by staticcheck seems like a suboptimal solution. |
We ran into this issue following an update of our codebase to the new Go protobuf API. Problem is much of the tooling/ecosystem will take (considerable) time to catch up. So if a project references the old Go protobuf API (which is still backwards compat, and this is important!) staticcheck gives warnings. An example is Twirp. For every generated
Adding a bunch of Hope you'll reconsider. |
Just want to add a voice of support for @dominikh in this discussion. All IMO — it's important that linters are not configurable, and that flagging exceptions incurs some costs. The tool loses its efficacy when it's easy to opt out of its findings. If your org or project has systemic opt-out needs that are too large for per-incident |
I read through this issue, and I don't really understand:
If you're generating the code, then you're already running some program, I think? It seems to me that it should always be fairly easy to add this; even if it's just something like:
and with_ignores.go is something like:
Or: read existing generated.go, add the All you need for this is the Personally I wouldn't consider this to be very hacky either. |
I would like to add ignores similar to "File-based linter directives", but in the configuration or in another file.
Background: I am dealing with generated files that violate a check (SA4003) in rare cases. When using the tool with
go generate
I don't have a reasonable (not hacky, or requiring a dedicated command installed) way to add a//lint:file-ignore SA4003
to the file.For now, I have to disable the code check for my entire code base. I may be missing an obvious way to do this, but if not, it would help a lot to have that option.
The text was updated successfully, but these errors were encountered: