Google Git
Sign in
go / tools / bceee4b059478407879662c536527cffdadac0d5
commitbceee4b059478407879662c536527cffdadac0d5[log] [tgz]
authorHana (Hyang-Ah) Kim <hyangah@gmail.com>Tue Aug 02 12:19:22 2022 -0400
committerHyang-Ah Hana Kim <hyangah@gmail.com>Thu Aug 04 18:21:12 2022 +0000
tree62629595ab70f073249961c1e99dce2a3419f99d
parent3e0a5031e3cec09527c92842fdf38af0fb48c252 [diff]
internal/lsp/command: let RunVulncheckExp call gopls vulncheck

By making gopls.run_vulncheck_exp (RunVulncheckExp implements)
call `gopls vulncheck`, we achieve

  - gopls.run_vulncheck_exp can run asynchronously and be cancellable
  - log information can be forwarded as progress messages
  - isolate any failures during vulncheck execution

In this CL, we also changed not to include test files in the analysis
(match the default of govulncheck). We will add an option in the future.

TODO:
 - prevent concurrent gopls.run_vulncheck_exp
 - convert the gopls vulncheck output to diagnostics and publish it
 - remove timestamps from the `gopls vulncheck` log messages
   for simplify progress messages
 - add test to check vulnerability in third-party dependencies

Change-Id: I21592e03794cd9e9d96ed3989973a2ab7d75c538
Reviewed-on: https://go-review.googlesource.com/c/tools/+/420717
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Robert Findley <rfindley@google.com>
Reviewed-by: Suzy Mueller <suzmue@golang.org>
Run-TryBot: Hyang-Ah Hana Kim <hyangah@gmail.com>
gopls-CI: kokoro <noreply+kokoro@google.com>
9 files changed
tree: 62629595ab70f073249961c1e99dce2a3419f99d
  1. benchmark/
  2. blog/
  3. cmd/
  4. container/
  5. copyright/
  6. cover/
  7. go/
  8. godoc/
  9. gopls/
  10. imports/
  11. internal/
  12. playground/
  13. present/
  14. refactor/
  15. txtar/
  16. .gitattributes
  17. .gitignore
  18. .prettierrc
  19. codereview.cfg
  20. CONTRIBUTING.md
  21. go.mod
  22. go.sum
  23. LICENSE
  24. PATENTS
  25. README.md
README.md

Go Tools

PkgGoDev

This repository provides the golang.org/x/tools module, comprising various tools and packages mostly for static analysis of Go programs, some of which are listed below. Use the “Go reference” link above for more information about any package.

It also contains the golang.org/x/tools/gopls module, whose root package is a language-server protocol (LSP) server for Go. An LSP server analyses the source code of a project and responds to requests from a wide range of editors such as VSCode and Vim, allowing them to support IDE-like functionality.

Selected commands:

  • cmd/goimports formats a Go program like go fmt and additionally inserts import statements for any packages required by the file after it is edited.
  • cmd/callgraph prints the call graph of a Go program.
  • cmd/digraph is a utility for manipulating directed graphs in textual notation.
  • cmd/stringer generates declarations (including a String method) for “enum” types.
  • cmd/toolstash is a utility to simplify working with multiple versions of the Go toolchain.

These commands may be fetched with a command such as go install golang.org/x/tools/cmd/goimports@latest.

Selected packages:

  • go/ssa provides a static single-assignment form (SSA) intermediate representation (IR) for Go programs, similar to a typical compiler, for use by analysis tools.

  • go/packages provides a simple interface for loading, parsing, and type checking a complete Go program from source code.

  • go/analysis provides a framework for modular static analysis of Go programs.

  • go/callgraph provides call graphs of Go programs using a variety of algorithms with different trade-offs.

  • go/ast/inspector provides an optimized means of traversing a Go parse tree for use in analysis tools.

  • go/cfg provides a simple control-flow graph (CFG) for a Go function.

  • go/expect reads Go source files used as test inputs and interprets special comments within them as queries or assertions for testing.

  • go/gcexportdata and go/gccgoexportdata read and write the binary files containing type information used by the standard and gccgo compilers.

  • go/types/objectpath provides a stable naming scheme for named entities (“objects”) in the go/types API.

Numerous other packages provide more esoteric functionality.

Contributing

This repository uses Gerrit for code changes. To learn how to submit changes, see https://golang.org/doc/contribute.html.

The main issue tracker for the tools repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/tools/(your subdir):” in the subject line, so it is easy to find.

JavaScript and CSS Formatting

This repository uses prettier to format JS and CSS files.

The version of prettier used is 1.18.2.

It is encouraged that all JS and CSS code be run through this before submitting a change. However, it is not a strict requirement enforced by CI.