Go: Support Go 1.23 (Explicit aliases) #17058
Conversation
mbg
force-pushed
the
mbg/go/1.23
branch
5 times, most recently
from
ec0dcc1 to
51db53f
Compare
mbg
force-pushed
the
mbg/go/1.23
branch
2 times, most recently
from
dbe8434 to
eb4e1d1
Compare
go/extractor/extractor.go
Outdated
| b.WriteString(tp.Obj().Id()) | ||
| // Ensure that the definition of the alias gets extracted, | ||
| // which may be an alias in itself. | ||
| extractType(tw, tp.Rhs()) | ||
| // Construct the label for this type alias. | ||
| lbl = tw.Labeler.GlobalID(fmt.Sprintf("%s;typealias", b.String())) |
There was a problem hiding this comment.
I would just use the string directly, rather than making a string builder. Presumably this pattern has been copied from the case above, where it is needed.
There was a problem hiding this comment.
I had expected to be building up a string with more than just the name (e.g. to include the number of type parameters), but didn't end up working in that yet / not sure more than the name is actually needed.
There was a problem hiding this comment.
Perhaps a combination of the name and the type label for the rhs? But I guess there could be two alias types with the same name and the same rhs in different packages. Hmmm.
There was a problem hiding this comment.
I looked into this and ended up copying what we do for named types, since we also extract the object for alias types.
go/downgrades/60e1b7912d7c68066b13c776b07c2da5fc13342a/upgrade.properties
Show resolved
Hide resolved
I agree that it makes sense to extract them. I believe this compiler change is paving the way for aliases of generic types where some of the type parameters have been specified. We may find it hard to support that if we go too far from how the compiler represents things.
If we're lucky then we've already put
I think that we should, for the same reason as 1. (Assuming the compiler creates objects for them.) |
|
Taken a look over the code; no additional review points from me. Agree with Owen's take on Qs 1-3 above. To Q4:
I'd say use the existing table. It's redundant w.r.t. getEntity().getName() anyway, but this is consistent with other named types. |
I've added a predicate
Having looked into it, I think this is what I'd expect. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
The DCA results are fine. In one project the number of extractor errors changed, and we lost 5 FPs in unimportant queries. |
|
Do you know why we saw result changes? Were they the same project as that with extraction errors? |
|
Yes, same project. I didn't dig into it deeply. My guess is that we were able to extract a little bit more. All the FPs involved mistakenly thinking that two very similar expressions were actually the same. (None of them involved alias types.) |
|
OK, that's reassuring. QA to confirm we're in a good state, then ready to merge? |
|
Evaluation 1 had two key problems:
https://github.com/github/codeql-qa-ops/issues/190 is a new experiment to check if the combination of a tighter diff (i.e., not including the MaD changes) and fixing Note the working branch linked above also includes a couple of other small changes needed to make this work, in particular extracting struct-field tags, which were previously represented in trap labels but not in the database, making some types impossible to distinguish. Things remaining to do:
|
|
Evaluation 2 reveals one interesting finding: 30 or so of our test repositories are using https://github.com/crypto-com/cosmos-sdk-codeql. Unless that pack is recompiled and the users upgrade, that means our database downgrade script will be used in anger to execute their queries, since the newer CodeQL will build a database with type-aliases in it, then the CLI will downgrade it so we can execute their queries that expect the old dbscheme. I note the current downgrade script isn't very faithful -- rather than delete rows that refer to an alias type, we should instead replace the alias with its RHS, thus making it look as if aliases are transparent. There are also a small number of alert changes, which I'll look into now. |
|
Checklist of things to take care of before this can be merged:
|
|
Residual changes:
Started https://github.com/github/codeql-dca-main/issues/23315 to determine which projects still have alert differences. DCA results to investigate:
|
This makes it clearer when changes in test results are due to changes in the standard library.
This changed from uint in 1.22 to uint8 in 1.23.
Read through as many aliases as possible before getting the underlying type.
Restricting to alias types in the source code stops the results from changing when the standard library changes. Using `pp()` instead of `getName` lets us see the results where the underlying type doesn't have a name.
Use object like we do for named types.
| @@ -15,7 +15,7 @@ local_path_override( | |||
| # see https://registry.bazel.build/ for a list of available packages | |||
|
|
|||
| bazel_dep(name = "platforms", version = "0.0.10") | |||
| bazel_dep(name = "rules_go", version = "0.49.0") | |||
| bazel_dep(name = "rules_go", version = "0.49.0-codeql.1") | |||
There was a problem hiding this comment.
Now that https://github.com/bazelbuild/rules_go/releases/tag/v0.50.0 has been released, can we just use that?
This also means we can remove the 0.49.0-codeql.1 release from the registry (also added in this PR).
There was a problem hiding this comment.
Thanks for letting us know 👍🏻 I'll drop @redsun82's fix in the next rebase and bump this to the new version instead.
This PR makes minimal changes for us to tolerate Go 1.23. Go 1.23 makes changes to how aliases are represented by the compiler. This PR modifies the extractor to extract them as a new kind of type.
This is just a first stab at extracting the alias types and does not include parameters or arguments, yet.
Things to check:
getUnderlyingType) to account for this so that queries which look for certain types don't get fooled by aliases?interface{}types change toany. I am not entirely sure why this is.