x/tools/go/analysis: checkers do not (but should) reject Go 1.22 programs

[rsc]

Checkers built on x/tools/go/analysis do not reject Go 1.22 programs but should. Will fix.

[gopherbot]

Change https://go.dev/cl/507975 mentions this issue: go/types: record Config.GoVersion for reporting in Package.GoVersion method

[gopherbot]

Change https://go.dev/cl/507880 mentions this issue: go/analysis: pass package's Go version to type checker

[gopherbot]

Change https://go.dev/cl/507879 mentions this issue: go/packages: pass go list-reported Go language version to type checker

[dominikh]

This concern affects the combination of go/packages, go/analysis, and go/types: The various GoVersion fields are only populated when a minimum Go version was deduced from go.work or go.mod. But this leaves us with no GoVersion for the standard library, which go list -json doesn't treat as a module, or when using GOPATH mode.

A consequence of that is that tools can't rely exclusively on the GoVersion field to know if they're too old to correctly interpret the code; they also need to figure out the actual Go version and use that when GoVersion isn't set.

Is there something we can do about that?

[rsc]

For Go 1.21, I don't think we have a great answer. Luckily it shouldn't be a huge problem either: Nothing should really care about the Go version for the Go 1.21 release. These changes are aimed at setting us up for Go 1.22, specifically the loopvar change. For non-standard-library packages, only code in modules will see the new semantics, so the check can be written so that "no version" = "old loop variable semantics". And any module that says "go 1.22" should be properly rejected by an old tool. That "no version" = "old loopvar semantics" does not handle the standard library though.

I wonder if for Go 1.22 we should try having go list -json report the "std" and "cmd" modules in the Package.Module field. That's too big a change to land this late in the Go 1.21 cycle, but as long as it was in Go 1.22, that would be enough to handle the standard library in any checker that cared because of loopvar.

[dominikh]

Having the "std" and "cmd" modules would be great.

Do note that for checkers, language changes may not be the only reason to care about the Go version. Staticcheck has long been using the Go version to guard checks that make recommendations concerning use of the standard library, such as suggesting time.Until, which was added in Go 1.8.

None of this is really important for 1.21 specifically, though, and waiting until 1.22 is fine.

As an aside, all of the GoVersion-related changes, including per-file versions, really benefit Staticcheck. We went from having a -go flag that the user could provide — if they knew about it — to pretending that the go go.mod directive prescribed the minimum version, to having actual, fine-grained minimum versions.

[rsc]

Glad to hear it. Thanks for the feedback @dominikh!

[rsc]

I haven't brought the code into the main repo yet.

[gopherbot]

Change https://go.dev/cl/509099 mentions this issue: all: update vendored dependencies

[rsc]

Submitted the revendor.