--- /dev/null
+<ul class="changes-toc">
+ <li><a href="#performance">Performance improvements</a></li>
+ <li><a href="#go-analysis">The go/analysis framework</a></li>
+ <li><a href="#cli">Improvements to the CLI</a><ul>
+ <li><a href="#cli-siginfo">SIGINFO handler</a></li>
+ <li><a href="#cli-explain">Explaining checks</a></li>
+ <li><a href="#cli-debug-version">-debug.version</a></li>
+ <li><a href="#cli-unused">Enabling unused's whole program mode</a></li>
+ <li><a href="#cli-ranges">Range information in diagnostics</a></li>
+ </ul></li>
+
+ <li><a href="#module">Installing staticcheck as a module</a></li>
+ <li><a href="#deprecated">Removal of deprecated functionality</a></li>
+ <li><a href="#checks">Checks</a><ul>
+ <li><a href="#checks-new">New checks</a></li>
+ <li><a href="#checks-changed">Changed checks</a></li>
+ </ul></li>
+ <li><a href="#sustainable-open-source">Sustainable open source and a personal plea</a></li>
+ <li><a href="#2019.2.1">Staticcheck 2019.2.1 release notes</a></li>
+ <li><a href="#2019.2.2">Staticcheck 2019.2.2 release notes</a></li>
+ <li><a href="#2019.2.3">Staticcheck 2019.2.3 release notes</a></li>
+</ul>
+
+<h2 id="performance">Performance improvements</h2>
+
+<p>
+ Staticcheck 2019.2 brings major performance improvements and a
+ reduction in memory usage.
+</p>
+
+<p>
+ Staticcheck has been redesigned to only keep those packages in memory that are actively being processed.
+ This allows for much larger workspaces to be checked in one go.
+ While previously it may have been necessary to split a list of packages into many invocations of staticcheck,
+ this is now handled intelligently and efficiently by staticcheck itself.
+</p>
+
+<p>
+ In particular, memory usage is now closely tied to parallelism:
+ having more CPU cores available allows for more packages to be processed in parallel,
+ which increases the number of packages held in memory at any one time.
+ Not only does this make good use of available resources –
+ systems with more CPU cores also tend to have more memory available –
+ it also exposes a single, easy to use knob for trading execution time for memory use.
+ By setting <code>GOMAXPROCS</code> to a value lower than the number of available cores,
+ memory usage of staticcheck will be reduced, at the cost of taking longer to complete.
+</p>
+
+<p>
+ We've observed reductions in memory usage of 2x to 8x when checking large code bases.
+</p>
+
+<table class="table">
+ <thead>
+ <tr>
+ <th>Package</th>
+ <th>2019.1.1</th>
+ <th>2019.2¹</th>
+ <th>Change</th>
+ </tr>
+ </thead>
+
+ <tr>
+ <td>net/http</td>
+ <td>3.543 s / 677 MB</td>
+ <td>3.747 s / 254 MB</td>
+ <td>+5.76% / -62.48%</td>
+ </tr>
+
+ <tr>
+ <td>strconv</td>
+ <td>1.628 s / 294 MB</td>
+ <td>1.678 s / 118 MB</td>
+ <td>+3.07% / -59.86%</td>
+ </tr>
+
+ <tr>
+ <td>image/color</td>
+ <td>1.304 s / 225 MB</td>
+ <td>1.702 s / 138 MB</td>
+ <td>+30.52% / -38.67%</td>
+ </tr>
+
+ <tr>
+ <td>std</td>
+ <td>26.234 s / 3987 MB</td>
+ <td>19.444 s / 1054 MB</td>
+ <td>-25.88% / -73.56%</td>
+ </tr>
+
+ <tr>
+ <td>github.com/cockroachdb/cockroach/pkg/...</td>
+ <td>88.644 s / 15959 MB</td>
+ <td>93.798 s / 4156 MB</td>
+ <td>+5.81% / -73.96%</td>
+ </tr>
+
+ <tfoot>
+ <tr>
+ <td colspan="4">
+ ¹: The fact cache was empty for all benchmarks.
+ </td>
+ </tr>
+ </tfoot>
+</table>
+
+<p>
+ In addition, staticcheck now employs caching to speed up repeated checking of packages.
+ In the past, when checking a package, all of its dependencies had to be loaded from source and analyzed.
+ Now, we can make use of Go's build cache, as well as cache our own analysis facts.
+ This makes staticcheck behave a lot more like go build, where repeated builds are much faster.
+</p>
+
+<table class="table">
+ <thead>
+ <tr>
+ <th>Package</th>
+ <th>Uncached</th>
+ <th>Cached</th>
+ <th>Change</th>
+ </tr>
+ </thead>
+
+ <tr>
+ <td>net/http</td>
+ <td>3.747 s / 254 MB</td>
+ <td>1.545 s / 195 MB</td>
+ <td>-58.77% / -23.23%</td>
+ </tr>
+
+ <tr>
+ <td>strconv</td>
+ <td>1.678 s / 118 MB</td>
+ <td>0.495 s / 57 MB</td>
+ <td>-70.5% / -51.69%</td>
+ </tr>
+
+ <tr>
+ <td>image/color</td>
+ <td>1.702 s / 138 MB</td>
+ <td>0.329 s / 31 MB</td>
+ <td>-80.67% / -77.54%</td>
+ </tr>
+
+ <tr>
+ <td>std</td>
+ <td>19.444 s / 1054 MB</td>
+ <td>15.099 s / 887 MB</td>
+ <td>-22.35% / -15.84%</td>
+ </tr>
+
+ <tr>
+ <td>github.com/cockroachdb/cockroach/pkg/...</td>
+ <td>93.798 s / 4156 MB</td>
+ <td>47.205 s / 2516 MB</td>
+ <td>-49.67% / -39.46%</td>
+ </tr>
+</table>
+
+<p>
+ This combination of improvements not only compensates for the
+ increased memory usage that 2019.1 introduced, it also brings the
+ memory usage and execution times way below the levels of those seen in the
+ 2017.2 release, which had previously been our most efficient
+ release.
+</p>
+
+<p>
+ It should be noted that all of these improvements are part of the <em>staticcheck</em> command itself, not the individual checks.
+ Tools such as golangci-lint will have to replicate our efforts to benefit from these improvements.
+</p>
+
+<h2 id="go-analysis">The go/analysis framework</h2>
+
+<p>
+ Part of the redesign of staticcheck involved porting our code to the <a href="https://godoc.org/golang.org/x/tools/go/analysis">go/analysis</a> framework.
+</p>
+
+<p>
+ The go/analysis framework is a framework for writing static analysis tools such as staticcheck and go vet.
+ It provides an API that enables interoperability between different analyses and analysis drivers – drivers being the code that actually executes analyses.
+ The intention is that any driver can trivially use any analysis that is implemented using go/analysis.
+</p>
+
+<p>
+ With the exception of {{ check "U1000" }}, all of our checks are now go/analysis analyses. Furthermore, the <em>staticcheck</em> command is now a go/analysis driver.
+</p>
+
+<p>
+ With our move to this framework, we enable other drivers to reuse our checks without having to patch them.
+ This should be of particular interest to golangci-lint, which previously took to patching staticcheck, sometimes in subtly incorrect ways.
+ Another high-profile go/analysis driver is gopls, the Go language server. It will now be much easier for gopls to use staticcheck to analyze code, should it so desire.
+</p>
+
+<p>
+ Theoretically it would also allow us to use third-party analyses as part of staticcheck.
+ Due to quality control reasons, however, we will likely refrain from doing so.
+ Nonetheless it would be trivial for users to maintain internal forks of cmd/staticcheck that use third-party analyses.
+</p>
+
+<h2 id="cli">Improvements to the CLI</h2>
+
+<p>
+ We've made several minor improvements to the command-line interface of staticcheck that improve usability and debuggability.
+</p>
+
+<h3 id="cli-siginfo">SIGINFO handler</h3>
+
+<p>
+ Upon receiving the SIGINFO signal – or SIGUSR1 on platforms that lack
+ SIGINFO – staticcheck will dump statistics, such as the current phase
+ and how many packages are left to analyze.
+</p>
+
+<pre><code>
+Packages: 37/619 initial, 38/1011 total; Workers: 8/8; Problems: 73
+</code></pre>
+
+<h3 id="cli-explain">Explaining checks</h3>
+
+<p>
+ Using the new <code>-explain</code> flag, a check's documentation can be displayed right in the terminal,
+ eliminating the need to browse to <a href="https://staticcheck.io/docs/checks">https://staticcheck.io/docs/checks</a>.
+</p>
+
+<pre><code>
+$ staticcheck -explain S1007
+Simplify regular expression by using raw string literal
+
+Raw string literals use ` instead of " and do not support
+any escape sequences. This means that the backslash (\) can be used
+freely, without the need of escaping.
+
+Since regular expressions have their own escape sequences, raw strings
+can improve their readability.
+
+Before:
+
+ regexp.Compile("\\A(\\w+) profile: total \\d+\\n\\z")
+
+After:
+
+ regexp.Compile(`\A(\w+) profile: total \d+\n\z`)
+
+Available since
+ 2017.1
+</code></pre>
+
+<h3 id="cli-debug-version">-debug.version</h3>
+
+<p>
+ The <code>-debug.version</code> flag causes staticcheck to print
+ detailed version information, such as the Go version used to compile
+ it, as well as the versions of all dependencies if built using Go
+ modules. This feature is intended for debugging issues, and we will
+ ask for its output from users who file issues.
+</p>
+
+<pre><code>
+$ staticcheck -debug.version
+staticcheck (devel, v0.0.0-20190602125119-5a4a2f4a438d)
+
+Compiled with Go version: go1.12.5
+Main module:
+ honnef.co/go/tools@v0.0.0-20190602125119-5a4a2f4a438d (sum: h1:U5vSGN1Bjr0Yd/4pRcp8iRUCs3S5TIPzoAeTEFV2aiU=)
+Dependencies:
+ github.com/BurntSushi/toml@v0.3.1 (sum: h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=)
+ golang.org/x/tools@v0.0.0-20190530171427-2b03ca6e44eb (sum: h1:mnQlcVx8Qq8L70HV0DxUGuiuAtiEHTwF1gYJE/EL9nU=)
+</code></pre>
+
+<h3 id="cli-unused">Enabling unused's whole program mode</h3>
+
+<p>
+ When we merged <em>unused</em> into <em>staticcheck</em>, we lost the ability to specify the <code>-exported</code> flag to report unused exported identifiers.
+ Staticcheck 2019.2 restores this ability with the new <code>-unused.whole-program</code> flag.
+</p>
+
+<h3 id="cli-ranges">Range information in diagnostics</h3>
+
+<p>
+ Many of our checks now emit <code>[start, end]</code> ranges for findings instead of just positions.
+ These ranges can be accessed via the <code>json</code> output formatter, as well as by using <code>go/analysis.Diagnostic</code> directly, such as in gopls.
+</p>
+
+<p>
+ Note that not all checks are able to emit range information.
+</p>
+
+<h2 id="module">Installing staticcheck as a module</h2>
+
+<p>
+ As part of the 2019.2 release, we've turned staticcheck into a Go module.
+ From now on, if using Go modules, you can install specific versions of staticcheck with <code>go get honnef.co/go/tools/cmd/staticcheck@<version></code>,
+ though do note that older releases do not have a <code>go.mod</code> file.
+ You can still download them as modules, but Go will record indirect dependencies in the main module's <code>go.mod</code> file, and no minimum versions are specified.
+</p>
+
+<p>
+ Staticcheck will not use Semantic Versioning for its releases.
+ It is our belief that Semver is a poor fit for applications and is more suited towards libraries.
+ For example, almost every release of staticcheck has backwards incompatible changes to some APIs that aren't meant for public consumption,
+ but which we expose nevertheless so that tinkerers can use them.
+</p>
+
+<p>
+ However, we use so-called <em>pre-release versions</em> of the form <code>v0.0.0-2019.2</code>.
+ These allow us to embed our versioning scheme in that of Semver, with correct sorting and updating of versions.
+ Furthermore, these versions ensure that <code>go get ...</code>,
+ if not specifying an explicit version (that is, if using the query <code>latest</code>),
+ will install the latest released version of staticcheck and not the master branch.
+</p>
+
+<p>
+ While you can use these pre-release version numbers directly, you can also use the canonical versions of the form <code>2019.2</code> instead.
+ The Go tool will automatically translate these versions to the appropriate pre-releases.
+</p>
+
+<p>
+ To install the master branch, use <code>go get honnef.co/go/tools/cmd/staticcheck@master</code>
+</p>
+
+<h2 id="deprecated">Removal of deprecated functionality</h2>
+
+<p>
+ Staticcheck 2019.1 deprecated the <em>unused</em>, <em>gosimple</em>, and <em>megacheck</em>
+ utilities, as they have been merged into <em>staticcheck</em>. Furthermore, it deprecated the <code>-ignore</code> flag,
+ which has been replaced by <a href="/docs/#ignoring-problems">linter directives</a>.
+</p>
+
+<p>
+ This release no longer includes these deprecated utilities, nor does
+ it provide the deprecated flag.
+</p>
+
+<h2 id="checks">Checks</h2>
+
+<h3 id="checks-new">New checks</h3>
+
+<p>
+ Numerous new checks have been added in this release:
+</p>
+
+<ul>
+ <li>{{ check "S1033" }} flags unnecessary guards around calls to <code>delete</code>.</li>
+ <li>{{ check "S1034" }} simplifies type switches involving redundant type assertions.</li>
+ <li>{{ check "SA1026" }} flags attempts at marshaling invalid types.</li>
+ <li>{{ check "SA1027" }} flags incorrectly aligned atomic accesses.</li>
+ <li>{{ check "SA4020" }} flags unreachable case clauses in type switches.</li>
+ <li>{{ check "SA4021" }} flags calls to append with a single argument, as <code>x = append(y)</code> is equivalent to <code>x = y</code>.</li>
+ <li>{{ check "SA5008" }} flags certain kinds of invalid struct tags.</li>
+ <li>{{ check "SA5009" }} verifies the correctness of Printf calls.</li>
+ <li>{{ check "SA6005" }} flags inefficient string comparisons involving <code>strings.ToLower</code>
+ or <code>strings.ToUpper</code> when they can be replaced with <code>strings.EqualFold</code>.
+ </li>
+ <li>{{ check "SA9005" }} flags attempts at marshaling structs with no public fields nor custom marshaling.</li>
+ <li>{{ check "ST1017" }} flags so-called <a href="https://en.wikipedia.org/wiki/Yoda_conditions">yoda conditions</a>,
+ which take the form of <code>if 42 == x</code>.
+ </li>
+ <li>{{ check "ST1018" }} flags string literals containing zero-width characters.</li>
+</ul>
+
+
+<h3 id="checks-changed">Changed checks</h3>
+
+<p>
+ Several checks have been improved:
+</p>
+
+<ul>
+ <li>{{ check "SA1019" }} now flags imports of deprecated packages.</li>
+ <li>{{ check "SA4000" }} no longer flags comparisons between custom float types. Additionally, it avoids a false positive caused by cgo.</li>
+ <li>{{ check "SA4006" }} no longer flags unused values in code generated by goyacc. This avoids noise caused by the nature of the generated state machine.</li>
+ <li>{{ check "ST1005" }} no longer flags error messages that start with capitalized type names.</li>
+ <li>{{ check "ST1006" }} no longer flags receiver names in generated code.</li>
+ <li>{{ check "SA5002" }} no longer suggests replacing <code>for false {</code> with <code>for {</code>.</li>
+ <li>Added "SIP" and "RTP" as default initialisms to {{ check "ST1003" }}.</li>
+ <li>{{ check "SA1006" }}, {{ check "SA4003" }}, {{ check "S1017" }}, and {{ check "S1020" }} match more code patterns.</li>
+ <li>{{ check "S1021" }} is less eager to merge declarations and assignments when multiple assignments are involved.</li>
+ <li>{{ check "U1000" }} has been rewritten, eliminating a variety of false positives.
+</ul>
+
+<h2 id="sustainable-open-source">Sustainable open source and a personal plea</h2>
+
+<p>
+ Staticcheck is an open source project developed primarily by me, Dominik Honnef, in my free time.
+ While this model of software development has gotten increasingly common, it is not very sustainable.
+ Time has to be split between open source work and paid work to sustain one's life.
+ This is made especially unfortunate by the fact that hundreds of companies rely on open source each day,
+ but few consider giving back to it, even though it would directly benefit their businesses,
+ ensuring that the software they rely on keeps being developed.
+</p>
+
+<p>
+ I have long been soliciting donations for staticcheck <a href="https://www.patreon.com/dominikh">on Patreon</a> to make its development more sustainable.
+ A fair number of individuals have generously pledged their support and I am very grateful to them.
+ Unfortunately, only few companies support staticcheck's development, and I'd like for that to change.
+</p>
+
+<p>
+ To people who are familiar with Patreon, it might've always seemed like an odd choice for a software project.
+ Patreon focuses on art and creative work, and on individuals supporting said work, not companies.
+ I am therefore excited to announce my participation in <a href="https://github.com/sponsors">GitHub Sponsors</a>,
+ a new way of supporting developers, directly on GitHub.
+</p>
+
+<p>
+ GitHub Sponsors allows you to easily support developers by sponsoring them on a monthly basis, <a href="https://github.com/users/dominikh/sponsorship">via a few simple clicks.</a>
+ It is fully integrated with the platform and can use your existing billing information, making it an effortless process.
+ <strong>To encourage more company sponsorships I offer to display your company's logo prominently on
+ <a href="https://staticcheck.io/">staticcheck's website</a></strong>
+ for
+ <a href="https://github.com/users/dominikh/sponsorship?utf8=%E2%9C%93&tier_id=MDIyOk1hcmtldHBsYWNlTGlzdGluZ1BsYW4yNTAy&editing=false">$250 USD a month</a>,
+ to show my appreciation for your contribution and to show to the world how much you care about code quality.
+</p>
+
+<p>
+ Please don't hesitate <a href="mailto:dominik@honnef.co">contacting me directly</a> if neither GitHub Sponsors nor Patreon seem suitable to you but you'd like to support me nevertheless.
+ I am sure we can work something out.
+</p>
+
+<h2 id="2019.2.1">Staticcheck 2019.2.1 release notes</h2>
+
+<p>
+ The 2019.2 release has an unfortunate bug that prevents staticcheck from running on 32-bit architectures, causing it to crash unconditionally.
+ This release fixes that crash.
+</p>
+
+<h2 id="2019.2.2">Staticcheck 2019.2.2 release notes</h2>
+
+<p>
+ Staticcheck 2019.2.2 contains the following user-visible fixes:
+</p>
+
+<ul>
+ <li>{{ check "S1008" }} now skips if/else statements where both branches return the same value.</li>
+ <li>{{ check "SA4006" }} now considers a value read when a switch statement reads it, even if the switch statement has no branches.</li>
+ <li>2019.2 introduced a bug that made it impossible to enable non-default checks via configuration files. This is now possible again.</li>
+ <li>2019.2 introduced a bug that made the <code>-tags</code> command line argument ineffective, making it impossible to pass in build tags. This is now possible again.</li>
+ <li>From this release onward, we will use pseudo versions of the form
+ <code>v0.0.<strong>1</strong>-<year>.<minor></code> instead of <code>v0.0.<strong>0</strong>-<year>.<minor></code>.
+ This fixes an issue where <code>go get</code> would prefer an older commit over a newer released version due to the way versions sort.
+ </minor>
+</ul>
+
+<h2 id="2019.2.3">Staticcheck 2019.2.3 release notes</h2>
+
+<p>
+ Staticcheck 2019.2.3 is a re-release of 2019.2.2.
+ Its pre-built binaries, which can be found on GitHub,
+ have been built with Go 1.13, to enable checking of code that uses language features introduced in Go 1.13.
+</p>
projects / dotfiles / .git / blobdiff