Skip to content

Latest commit

 

History

History
50 lines (29 loc) · 4.09 KB

README.md

File metadata and controls

50 lines (29 loc) · 4.09 KB

bots

Go Report Card

bots contains two bots, vetbot and trackbot.

vetbot automates the analysis of large quantities of Golang code stored in GitHub repositories. It is a special-purpose bot built to gather a large suite of examples of the well-known range loop capture error found "in the wild". trackbot tracks community contributions to issues raised by vetbot.

Range-loop capture is the reason this code prints 4, 4, 4, 4, instead of what you might expect.

xs := []int{1, 2, 3, 4}
for _, x := range xs {
    go func() {
        fmt.Printf("%d, " x)
    }()
}

But why build bots?

Range Loop Capture Considered Dangerous

Members of the Go language team have indicated a willingness to modify the behavior of range loop variable capture to make the behavior of Go more intuitive. This change could theoretically be made despite the strong backwards compatibility guarantee of Go version 1, only if we can ensure that the change will not result in incorrect behavior in current programs.

To make that determination, a large number of "real world" go programs would need to be vetted. If we find that, in every case, the current compiler behavior results in an undesirable outcome (aka bugs), we can consider making a change to the language.

The goal of the github-vet project is to motivate such a change by gathering static analysis results from Go code hosted in publicly available GitHub repositories, and crowd-sourcing their human analysis.

How Does It Work?

vet-bot samples from a list of GitHub repositories hosting Go code, parses every .go file found, and runs it through several static analysis procedures tailored to the rangeloop capture problem. It detects instances of range-loop variables which it cannot prove to be handled safely. False-positives are permitted.

How Can I Help?

Head over to the findings repository to dive in and help! We are also looking for Golang experts to provide high-quality review of our findings. If you're an expert, please apply for consideration and we'll happily assign you some code to read!

No Really, How Does It Work?

There are two bots, VetBot and TrackBot. VetBot is responsible for finding issues in Go repositories on GitHub. TrackBot is responsible for managing the community crowd-sourcing effort.

VetBot starts from a list of GitHub repositories to read from. It reads the default branch in each repository as a tarball, parsing any .go files it finds. Once it's built the parse tree of the entire repository, it runs two static analyzers tailored to the rangeloop capture problem. If either of these analyzers report an issue for a section of code, VetBot opens an issue on a specific repository which contains the segment of code that triggered the analyzer, and a link back to the repository where the code was found.

TrackBot runs periodically. Each time it wakes up, it reads through every issue in the target repository. When it finds any issue that is not tagged properly, it updates the tags. It checks through the reactions left on every issue and uses them to update the community and expert opinions around the issue. When an expert leaves an opinion on an issue, the issue is closed. TrackBot also takes into account how often each account that has left a reaction has agreed with the expert opinion, and uses this to determine when enough reliable feedback has been given to make an assessment.

Both VetBot and TrackBot respect the rate-limits on GitHub's API.

For more details, check out the READMEs for TrackBot and VetBot.