proposal: x/tools/go/analysis/passes/appends: check for incorrect slice length initialization 

### Proposal Details

The following code exists in many projects, and developers actually want [0 1 2], but due to the initialization error of slice, the final result is [0 0 0 0 1 2]


```go
package main

import "fmt"

func main() {

	sli := make([]int, 3)

	for i := range 3 {
		sli = append(sli, i)
	}

	fmt.Println(sli) // the result is [0 0 0 0 1 2]

}
```

The online demo:  https://go.dev/play/p/q1BcVCmvidW


Over the past few months, I have conducted extensive research and analysis, and also submitted pull requests to fix issues in many well-known Go projects such as  prometheus, zap, vitess. Below are some pull requests submitted by me and others related to this problem.

Due to limitations in search skills and time, I only checked records of such issues in the past few months. The history of more such issues has not been traced back. But I think it's already enough


I would like to propose adding a new analyzer to go vet that can detect such situations, thereby avoiding these issues in the future.

Now I have already completed an initial version of the code, and if the proposal is approved, I would be happy to refine it and add the necessary test cases.


The merged pr:

https://github.com/prometheus/prometheus/pull/14702#issuecomment-2302569768

https://github.com/uber-go/zap/pull/1461

https://github.com/uber/cadence/pull/6293

https://github.com/prometheus/prometheus/pull/15026

https://github.com/vitessio/vitess/pull/16674

https://github.com/kedacore/keda/pull/6179

https://github.com/external-secrets/external-secrets/pull/3964 

https://github.com/brianvoe/gofakeit/pull/365

https://github.com/fission/fission/pull/3018

https://github.com/DataDog/datadog-agent/pull/29744

https://github.com/superseriousbusiness/gotosocial/pull/3382

https://github.com/ccfos/nightingale/pull/2169

https://github.com/gookit/color/pull/97

https://github.com/vdaas/vald/pull/2672

https://github.com/supabase/auth/pull/1788

https://github.com/pufferpanel/pufferpanel/pull/1367

https://github.com/juju/juju/pull/18176

https://github.com/go-spatial/tegola/commit/0f3131fbe428368012757aecfe38f57ec1844c6a

https://github.com/lxc/incus/pull/1285

https://github.com/yunionio/cloudpods/pull/21346

https://github.com/taubyte/tau/pull/253

https://github.com/fleetdm/fleet/pull/22608

https://github.com/antrea-io/antrea/pull/6715

https://github.com/tdewolff/canvas/pull/315

https://github.com/Consensys/gnark/pull/1288

https://github.com/superfly/flyctl/pull/3982

https://github.com/bazelbuild/rules_go/pull/4133

https://github.com/zitadel/oidc/pull/658

https://github.com/jhump/protoreflect/pull/629

https://github.com/apache/rocketmq-client-go/pull/1171

https://github.com/edgexfoundry/edgex-go/pull/4938

https://github.com/dolthub/doltgresql/pull/812

https://github.com/apache/trafficcontrol/pull/8091

https://github.com/pingcap/tidb-operator/pull/5755

https://github.com/botlabs-gg/yagpdb/pull/1734

https://github.com/Altinity/clickhouse-backup/pull/1019

https://github.com/openshift/installer/pull/9072

https://github.com/GoogleCloudPlatform/magic-modules/pull/11919

https://github.com/openmeterio/openmeter/pull/1615

https://github.com/target/goalert/pull/4090

https://github.com/kubeovn/kube-ovn/pull/4579

https://github.com/syyongx/php2go/pull/49

https://github.com/fluid-cloudnative/fluid/pull/4335

https://github.com/akuity/kargo/pull/2648

https://github.com/kubernetes/kubernetes/pull/127785

https://github.com/apache/dubbo-go/pull/2734

https://github.com/letsencrypt/boulder/pull/7725

https://github.com/cortexproject/cortex/pull/6237

https://github.com/kubeedge/kubeedge/pull/5895

https://github.com/grafana/mimir/pull/9449

https://github.com/rocboss/paopao-ce/pull/581

https://github.com/authelia/authelia/pull/7720

https://github.com/cilium/cilium/pull/35164

https://github.com/git-lfs/git-lfs/pull/5874

https://github.com/hashicorp/nomad/pull/24109/files

https://github.com/cosmos/ibc-go/pull/6444

https://github.com/minio/minio/pull/19567

https://github.com/VictoriaMetrics/VictoriaMetrics/pull/6897

https://github.com/hyperledger/fabric/pull/4956

https://github.com/grafana/pyroscope/pull/3600

https://github.com/cosmos/cosmos-sdk/pull/21494#pullrequestreview-2274005038

https://github.com/anchore/grype/pull/2133

https://github.com/ethereum-optimism/optimism/pull/11542/files

https://github.com/libp2p/go-libp2p/pull/2938/files

https://github.com/stashapp/stash/pull/5327

https://github.com/trufflesecurity/trufflehog/pull/3293

https://github.com/c9s/bbgo/pull/1724#issuecomment-2322959753

https://github.com/cosmos/cosmos-sdk/pull/22006

https://github.com/FerretDB/FerretDB/pull/4598

https://github.com/dagger/dagger/pull/8612

https://github.com/letsencrypt/boulder/pull/7731

https://github.com/Layr-Labs/eigenda/pull/767

https://github.com/wal-g/wal-g/pull/1800

https://github.com/VictoriaMetrics/VictoriaMetrics/pull/7161

https://github.com/harmony-one/harmony/pull/4767

https://github.com/stackrox/stackrox/pull/13028

https://github.com/stefanprodan/timoni/pull/430

https://github.com/Altinity/clickhouse-operator/pull/1523

https://github.com/iotexproject/iotex-core/pull/4412

ane more in review process.



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

proposal: x/tools/go/analysis/passes/appends: check for incorrect slice length initialization #69872

Proposal Details

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

proposal: x/tools/go/analysis/passes/appends: check for incorrect slice length initialization #69872

Description

Proposal Details

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions