Add static analysis for unsafe uint casting

BUILD.bazel

@@ -125,6 +125,7 @@ nogo(
         "//tools/analyzers/ineffassign:go_default_library",
         "//tools/analyzers/properpermissions:go_default_library",
         "//tools/analyzers/recursivelock:go_default_library",
+        "//tools/analyzers/uintcast:go_default_library",
     ] + select({
         # nogo checks that fail with coverage enabled.
         ":coverage_enabled": [],

WORKSPACE

@@ -394,7 +394,56 @@ load("@com_github_atlassian_bazel_tools//gometalinter:deps.bzl", "gometalinter_d
 
 gometalinter_dependencies()
 
-load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies")
+load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies", "go_repository")
+
+go_repository(
+    name = "com_github_gostaticanalysis_comment",
+    importpath = "github.com/gostaticanalysis/comment",
+    sum = "h1:hlnx5+S2fY9Zo9ePo4AhgYsYHbM2+eAv8m/s1JiCd6Q=",
+    version = "v1.4.2",
+)
+
+go_repository(
+    name = "com_github_gostaticanalysis_testutil",
+    importpath = "github.com/gostaticanalysis/testutil",
+    sum = "h1:d2/eIbH9XjD1fFwD5SHv8x168fjbQ9PB8hvs8DSEC08=",
+    version = "v0.3.1-0.20210208050101-bfb5c8eec0e4",
+)
+
+go_repository(
+    name = "com_github_otiai10_copy",
+    importpath = "github.com/otiai10/copy",
+    sum = "h1:HvG945u96iNadPoG2/Ja2+AUJeW5YuFQMixq9yirC+k=",
+    version = "v1.2.0",
+)
+
+go_repository(
+    name = "com_github_otiai10_curr",
+    importpath = "github.com/otiai10/curr",
+    sum = "h1:TJIWdbX0B+kpNagQrjgq8bCMrbhiuX73M2XwgtDMoOI=",
+    version = "v1.0.0",
+)
+
+go_repository(
+    name = "com_github_otiai10_mint",
+    importpath = "github.com/otiai10/mint",
+    sum = "h1:BCmzIS3n71sGfHB5NMNDB3lHYPz8fWSkCAErHed//qc=",
+    version = "v1.3.1",
+)
+
+go_repository(
+    name = "com_github_tenntenn_modver",
+    importpath = "github.com/tenntenn/modver",
+    sum = "h1:2klLppGhDgzJrScMpkj9Ujy3rXPUspSjAcev9tSEBgA=",
+    version = "v1.0.1",
+)
+
+go_repository(
+    name = "com_github_tenntenn_text_transform",
+    importpath = "github.com/tenntenn/text/transform",
+    sum = "h1:f+jULpRQGxTSkNYKJ51yaw6ChIqO+Je8UqsTKN/cDag=",
+    version = "v0.0.0-20200319021203-7eef512accb3",
+)
 
 gazelle_dependencies()
 

beacon-chain/cache/active_balance.go

@@ -1,3 +1,4 @@
+//go:build !fuzz
 // +build !fuzz
 
 package cache
@@ -19,7 +20,7 @@ import (
 
 var (
 	// maxBalanceCacheSize defines the max number of active balances can cache.
-	maxBalanceCacheSize = uint64(4)
+	maxBalanceCacheSize = int(4)
 
 	// BalanceCacheMiss tracks the number of balance requests that aren't present in the cache.
 	balanceCacheMiss = promauto.NewCounter(prometheus.CounterOpts{
@@ -42,7 +43,7 @@ type BalanceCache struct {
 // NewEffectiveBalanceCache creates a new effective balance cache for storing/accessing total balance by epoch.
 func NewEffectiveBalanceCache() *BalanceCache {
 	return &BalanceCache{
-		cache: lruwrpr.New(int(maxBalanceCacheSize)),
+		cache: lruwrpr.New(maxBalanceCacheSize),
 	}
 }
 

beacon-chain/cache/committee.go

@@ -1,3 +1,4 @@
+//go:build !fuzz
 // +build !fuzz
 
 package cache
@@ -22,7 +23,7 @@ import (
 var (
 	// maxCommitteesCacheSize defines the max number of shuffled committees on per randao basis can cache.
 	// Due to reorgs and long finality, it's good to keep the old cache around for quickly switch over.
-	maxCommitteesCacheSize = uint64(32)
+	maxCommitteesCacheSize = int(32)
 
 	// CommitteeCacheMiss tracks the number of committee requests that aren't present in the cache.
 	CommitteeCacheMiss = promauto.NewCounter(prometheus.CounterOpts{
@@ -55,7 +56,7 @@ func committeeKeyFn(obj interface{}) (string, error) {
 // NewCommitteesCache creates a new committee cache for storing/accessing shuffled indices of a committee.
 func NewCommitteesCache() *CommitteeCache {
 	return &CommitteeCache{
-		CommitteeCache: lruwrpr.New(int(maxCommitteesCacheSize)),
+		CommitteeCache: lruwrpr.New(maxCommitteesCacheSize),
 		inProgress:     make(map[string]bool),
 	}
 }

beacon-chain/forkchoice/protoarray/BUILD.bazel

@@ -22,6 +22,7 @@ go_library(
         "//config/fieldparams:go_default_library",
         "//config/params:go_default_library",
         "//encoding/bytesutil:go_default_library",
+        "//math:go_default_library",
         "//time/slots:go_default_library",
         "@com_github_pkg_errors//:go_default_library",
         "@com_github_prometheus_client_golang//prometheus:go_default_library",

beacon-chain/forkchoice/protoarray/helpers.go

@@ -4,6 +4,7 @@ import (
 	"context"
 
 	"github.com/prysmaticlabs/prysm/config/params"
+	pmath "github.com/prysmaticlabs/prysm/math"
 	"go.opencensus.io/trace"
 )
 
@@ -46,19 +47,27 @@ func computeDeltas(
 			if ok {
 				// Protection against out of bound, the `nextDeltaIndex` which defines
 				// the block location in the dag can not exceed the total `delta` length.
-				if int(nextDeltaIndex) >= len(deltas) {
+				if nextDeltaIndex >= uint64(len(deltas)) {
 					return nil, nil, errInvalidNodeDelta
 				}
-				deltas[nextDeltaIndex] += int(newBalance)
+				delta, err := pmath.Int(newBalance)
+				if err != nil {
+					return nil, nil, err
+				}
+				deltas[nextDeltaIndex] += delta
 			}
 
 			currentDeltaIndex, ok := blockIndices[vote.currentRoot]
 			if ok {
 				// Protection against out of bound (same as above)
-				if int(currentDeltaIndex) >= len(deltas) {
+				if currentDeltaIndex >= uint64(len(deltas)) {
 					return nil, nil, errInvalidNodeDelta
 				}
-				deltas[currentDeltaIndex] -= int(oldBalance)
+				delta, err := pmath.Int(oldBalance)
+				if err != nil {
+					return nil, nil, err
+				}
+				deltas[currentDeltaIndex] -= delta
 			}
 		}
 

beacon-chain/forkchoice/protoarray/store.go

@@ -9,6 +9,7 @@ import (
 	types "github.com/prysmaticlabs/eth2-types"
 	fieldparams "github.com/prysmaticlabs/prysm/config/fieldparams"
 	"github.com/prysmaticlabs/prysm/config/params"
+	pmath "github.com/prysmaticlabs/prysm/math"
 	"go.opencensus.io/trace"
 )
 
@@ -472,7 +473,11 @@ func (s *Store) applyWeightChanges(
 				s.proposerBoostLock.Unlock()
 				return err
 			}
-			nodeDelta = nodeDelta + int(proposerScore)
+			iProposerScore, err := pmath.Int(proposerScore)
+			if err != nil {
+				return err
+			}
+			nodeDelta = nodeDelta + iProposerScore
 		}
 		s.proposerBoostLock.Unlock()
 

beacon-chain/p2p/broadcaster.go

@@ -104,8 +104,8 @@ func (s *Service) broadcastAttestation(ctx context.Context, subnet uint64, att *
 
 	span.AddAttributes(
 		trace.BoolAttribute("hasPeer", hasPeer),
-		trace.Int64Attribute("slot", int64(att.Data.Slot)),
-		trace.Int64Attribute("subnet", int64(subnet)),
+		trace.Int64Attribute("slot", int64(att.Data.Slot)), // lint:ignore uintcast -- It's safe to do this for tracing.
+		trace.Int64Attribute("subnet", int64(subnet)),      // lint:ignore uintcast -- It's safe to do this for tracing.
 	)
 
 	if !hasPeer {
@@ -160,8 +160,8 @@ func (s *Service) broadcastSyncCommittee(ctx context.Context, subnet uint64, sMs
 
 	span.AddAttributes(
 		trace.BoolAttribute("hasPeer", hasPeer),
-		trace.Int64Attribute("slot", int64(sMsg.Slot)),
-		trace.Int64Attribute("subnet", int64(subnet)),
+		trace.Int64Attribute("slot", int64(sMsg.Slot)), // lint:ignore uintcast -- It's safe to do this for tracing.
+		trace.Int64Attribute("subnet", int64(subnet)),  // lint:ignore uintcast -- It's safe to do this for tracing.
 	)
 
 	if !hasPeer {
@@ -213,7 +213,9 @@ func (s *Service) broadcastObject(ctx context.Context, obj ssz.Marshaler, topic
 	if span.IsRecordingEvents() {
 		id := hash.FastSum64(buf.Bytes())
 		messageLen := int64(buf.Len())
-		span.AddMessageSendEvent(int64(id), messageLen /*uncompressed*/, messageLen /*compressed*/)
+		// lint:ignore uintcast -- It's safe to do this for tracing.
+		iid := int64(id)
+		span.AddMessageSendEvent(iid, messageLen /*uncompressed*/, messageLen /*compressed*/)
 	}
 	if err := s.PublishToTopic(ctx, topic+s.Encoding().ProtocolSuffix(), buf.Bytes()); err != nil {
 		err := errors.Wrap(err, "could not publish message")

beacon-chain/p2p/encoder/BUILD.bazel

@@ -14,6 +14,7 @@ go_library(
     ],
     deps = [
         "//config/params:go_default_library",
+        "//math:go_default_library",
         "@com_github_ferranbt_fastssz//:go_default_library",
         "@com_github_gogo_protobuf//proto:go_default_library",
         "@com_github_golang_snappy//:go_default_library",

beacon-chain/p2p/encoder/ssz.go

@@ -3,14 +3,14 @@ package encoder
 import (
 	"fmt"
 	"io"
-	"math"
 	"sync"
 
 	fastssz "github.com/ferranbt/fastssz"
 	"github.com/gogo/protobuf/proto"
 	"github.com/golang/snappy"
 	"github.com/pkg/errors"
 	"github.com/prysmaticlabs/prysm/config/params"
+	"github.com/prysmaticlabs/prysm/math"
 )
 
 var _ NetworkEncoding = (*SszNetworkEncoder)(nil)
@@ -145,11 +145,11 @@ func (_ SszNetworkEncoder) ProtocolSuffix() string {
 // MaxLength specifies the maximum possible length of an encoded
 // chunk of data.
 func (_ SszNetworkEncoder) MaxLength(length uint64) (int, error) {
-	// Defensive check to prevent potential issues when casting to int64.
-	if length > math.MaxInt64 {
-		return 0, errors.Errorf("invalid length provided: %d", length)
+	il, err := math.Int(length)
+	if err != nil {
+		return 0, err
 	}
-	maxLen := snappy.MaxEncodedLen(int(length))
+	maxLen := snappy.MaxEncodedLen(il)
 	if maxLen < 0 {
 		return 0, errors.Errorf("max encoded length is negative: %d", maxLen)
 	}

beacon-chain/p2p/message_id.go

@@ -83,7 +83,7 @@ func postAltairMsgID(pmsg *pubsub_pb.Message, fEpoch types.Epoch) string {
 
 	decodedData, err := encoder.DecodeSnappy(pmsg.Data, gossipPubSubSize)
 	if err != nil {
-		totalLength := len(params.BeaconNetworkConfig().MessageDomainInvalidSnappy) + len(topicLenBytes) + int(topicLen) + len(pmsg.Data)
+		totalLength := len(params.BeaconNetworkConfig().MessageDomainInvalidSnappy) + len(topicLenBytes) + int(topicLen) + len(pmsg.Data) // lint:ignore uintcast -- Message length cannot exceed int64
 		combinedData := make([]byte, 0, totalLength)
 		combinedData = append(combinedData, params.BeaconNetworkConfig().MessageDomainInvalidSnappy[:]...)
 		combinedData = append(combinedData, topicLenBytes...)
@@ -92,7 +92,7 @@ func postAltairMsgID(pmsg *pubsub_pb.Message, fEpoch types.Epoch) string {
 		h := hash.Hash(combinedData)
 		return string(h[:20])
 	}
-	totalLength := len(params.BeaconNetworkConfig().MessageDomainValidSnappy) + len(topicLenBytes) + int(topicLen) + len(decodedData)
+	totalLength := len(params.BeaconNetworkConfig().MessageDomainValidSnappy) + len(topicLenBytes) + int(topicLen) + len(decodedData) // lint:ignore uintcast -- Message length cannot exceed int64
 	combinedData := make([]byte, 0, totalLength)
 	combinedData = append(combinedData, params.BeaconNetworkConfig().MessageDomainValidSnappy[:]...)
 	combinedData = append(combinedData, topicLenBytes...)

beacon-chain/p2p/peers/BUILD.bazel

@@ -11,6 +11,7 @@ go_library(
         "//config/features:go_default_library",
         "//config/params:go_default_library",
         "//crypto/rand:go_default_library",
+        "//math:go_default_library",
         "//proto/prysm/v1alpha1:go_default_library",
         "//proto/prysm/v1alpha1/metadata:go_default_library",
         "//time:go_default_library",

beacon-chain/p2p/peers/status.go

@@ -40,6 +40,7 @@ import (
 	"github.com/prysmaticlabs/prysm/config/features"
 	"github.com/prysmaticlabs/prysm/config/params"
 	"github.com/prysmaticlabs/prysm/crypto/rand"
+	pmath "github.com/prysmaticlabs/prysm/math"
 	pb "github.com/prysmaticlabs/prysm/proto/prysm/v1alpha1"
 	"github.com/prysmaticlabs/prysm/proto/prysm/v1alpha1/metadata"
 	prysmTime "github.com/prysmaticlabs/prysm/time"
@@ -749,12 +750,12 @@ func (p *Status) PeersToPrune() []peer.ID {
 		return p.deprecatedPeersToPrune()
 	}
 	connLimit := p.ConnectedPeerLimit()
-	inBoundLimit := p.InboundLimit()
+	inBoundLimit := uint64(p.InboundLimit())
 	activePeers := p.Active()
-	numInboundPeers := len(p.InboundConnected())
+	numInboundPeers := uint64(len(p.InboundConnected()))
 	// Exit early if we are still below our max
 	// limit.
-	if len(activePeers) <= int(connLimit) {
+	if uint64(len(activePeers)) <= connLimit {
 		return []peer.ID{}
 	}
 	p.store.Lock()
@@ -784,10 +785,14 @@ func (p *Status) PeersToPrune() []peer.ID {
 
 	// Determine amount of peers to prune using our
 	// max connection limit.
-	amountToPrune := len(activePeers) - int(connLimit)
+	amountToPrune, err := pmath.Sub64(uint64(len(activePeers)), connLimit)
+	if err != nil {
+		// This should never happen.
+		return []peer.ID{}
+	}
 
 	// Also check for inbound peers above our limit.
-	excessInbound := 0
+	excessInbound := uint64(0)
 	if numInboundPeers > inBoundLimit {
 		excessInbound = numInboundPeers - inBoundLimit
 	}
@@ -796,7 +801,7 @@ func (p *Status) PeersToPrune() []peer.ID {
 	if excessInbound > amountToPrune {
 		amountToPrune = excessInbound
 	}
-	if amountToPrune < len(peersToPrune) {
+	if amountToPrune < uint64(len(peersToPrune)) {
 		peersToPrune = peersToPrune[:amountToPrune]
 	}
 	ids := make([]peer.ID, 0, len(peersToPrune))
@@ -815,7 +820,7 @@ func (p *Status) deprecatedPeersToPrune() []peer.ID {
 	numInboundPeers := len(p.InboundConnected())
 	// Exit early if we are still below our max
 	// limit.
-	if len(activePeers) <= int(connLimit) {
+	if uint64(len(activePeers)) <= connLimit {
 		return []peer.ID{}
 	}
 	p.store.Lock()
@@ -845,18 +850,22 @@ func (p *Status) deprecatedPeersToPrune() []peer.ID {
 
 	// Determine amount of peers to prune using our
 	// max connection limit.
-	amountToPrune := len(activePeers) - int(connLimit)
+	amountToPrune, err := pmath.Sub64(uint64(len(activePeers)), connLimit)
+	if err != nil {
+		// This should never happen
+		return []peer.ID{}
+	}
 	// Also check for inbound peers above our limit.
-	excessInbound := 0
+	excessInbound := uint64(0)
 	if numInboundPeers > inBoundLimit {
-		excessInbound = numInboundPeers - inBoundLimit
+		excessInbound = uint64(numInboundPeers - inBoundLimit)
 	}
 	// Prune the largest amount between excess peers and
 	// excess inbound peers.
 	if excessInbound > amountToPrune {
 		amountToPrune = excessInbound
 	}
-	if amountToPrune < len(peersToPrune) {
+	if amountToPrune < uint64(len(peersToPrune)) {
 		peersToPrune = peersToPrune[:amountToPrune]
 	}
 	ids := make([]peer.ID, 0, len(peersToPrune))

beacon-chain/p2p/subnets.go

@@ -40,7 +40,7 @@ func (s *Service) FindPeersWithSubnet(ctx context.Context, topic string,
 	ctx, span := trace.StartSpan(ctx, "p2p.FindPeersWithSubnet")
 	defer span.End()
 
-	span.AddAttributes(trace.Int64Attribute("index", int64(index)))
+	span.AddAttributes(trace.Int64Attribute("index", int64(index))) // lint:ignore uintcast -- It's safe to do this for tracing.
 
 	if s.dv5Listener == nil {
 		// return if discovery isn't set
@@ -138,7 +138,7 @@ func (s *Service) hasPeerWithSubnet(topic string) bool {
 	// In the event peer threshold is lower, we will choose the lower
 	// threshold.
 	minPeers := mathutil.Min(1, uint64(flags.Get().MinimumPeersPerSubnet))
-	return len(s.pubsub.ListPeers(topic+s.Encoding().ProtocolSuffix())) >= int(minPeers)
+	return len(s.pubsub.ListPeers(topic+s.Encoding().ProtocolSuffix())) >= int(minPeers) // lint:ignore uintcast -- Min peers can be safely cast to int.
 }
 
 // Updates the service's discv5 listener record's attestation subnet
@@ -195,6 +195,7 @@ func attSubnets(record *enr.Record) ([]uint64, error) {
 	if err != nil {
 		return nil, err
 	}
+	// lint:ignore uintcast -- subnet count can be safely cast to int.
 	if len(bitV) != byteCount(int(attestationSubnetCount)) {
 		return []uint64{}, errors.Errorf("invalid bitvector provided, it has a size of %d", len(bitV))
 	}
@@ -214,6 +215,7 @@ func syncSubnets(record *enr.Record) ([]uint64, error) {
 	if err != nil {
 		return nil, err
 	}
+	// lint:ignore uintcast -- subnet count can be safely cast to int.
 	if len(bitV) != byteCount(int(syncCommsSubnetCount)) {
 		return []uint64{}, errors.Errorf("invalid bitvector provided, it has a size of %d", len(bitV))
 	}