uber-go/nilaway uber-go/nilaway

  • Stars
    star
    400
  • Rank 104,058 (Top 3 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created 10 months ago
  • Updated 6 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
uber-go/nilaway
github

uber-go

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Static Analysis tool to detect potential Nil panics in Go code

NilAway

GoDoc Build Status Coverage Status

Warning

NilAway is currently under active development: false positives and breaking changes can happen. We highly appreciate any feedback and contributions!

NilAway is a static analysis tool that seeks to help developers avoid nil panics in production by catching them at compile time rather than runtime. NilAway is similar to the standard nilness analyzer, however, it employs much more sophisticated and powerful static analysis techniques to track nil flows within a package as well across packages, and report errors providing users with the nilness flows for easier debugging.

NilAway enjoys three key properties that make it stand out:

  • It is fully-automated: NilAway is equipped with an inference engine, making it require no any additional information from the developers (e.g., annotations) besides standard Go code.

  • It is fast: we have designed NilAway to be fast and scalable, making it suitable for large codebases. In our measurements, we have observed less than 5% build-time overhead when NilAway is enabled. We are also constantly applying optimizations to further reduce its footprint.

  • It is practical: it does not prevent all possible nil panics in your code, but it catches most of the potential nil panics we have observed in production, allowing NilAway to maintain a good balance between usefulness and build-time overhead.

Installation

NilAway is implemented using the standard go/analysis framework, making it easy to integrate with existing analyzer drivers (e.g., golangci-lint, nogo, or running as a standalone checker). Here, we list the instructions for running NilAway as a standalone checker. More integration supports will be added soon.

Standalone Checker

Install the binary from source by running:

go install go.uber.org/nilaway/cmd/nilaway@latest

Then, run the linter by:

nilaway ./...

Code Examples

Let's look at a few examples to see how NilAway can help prevent nil panics.

// Example 1:
var p *P
if someCondition {
      p = &P{}
}
print(p.f) // nilness reports NO error here, but NilAway does.

In this example, the local variable p is only initialized when someCondition is true. At the field access p.f, a panic may occur if someCondition is false. NilAway is able to catch this potential nil flow and reports the following error showing this nilness flow:

go.uber.org/example.go:12:9: error: Potential nil panic detected. Observed nil flow from source to dereference point:
    -> go.uber.org/example.go:12:9: unassigned variable `p` accessed field `f`

If we guard this dereference with a nilness check (if p != nil), the error goes away.

NilAway is also able to catch nil flows across functions. For example, consider the following code snippet:

// Example 2:
func foo() *int {
      return nil
}
func bar() {
     print(*foo()) // nilness reports NO error here, but NilAway does.
}

In this example, the function foo returns a nil pointer, which is directly dereferenced in bar, resulting in a panic whenever bar is called. NilAway is able to catch this potential nil flow and reports the following error, describing the nilness flow across function boundaries:

go.uber.org/example.go:23:13: error: Potential nil panic detected. Observed nil flow from source to dereference point:
    -> go.uber.org/example.go:20:14: literal `nil` returned from `foo()` in position 0
    -> go.uber.org/example.go:23:13: result 0 of `foo()` dereferenced

Note that in the above example, foo does not necessarily have to reside in the same package as bar. NilAway is able to track nil flows across packages as well. Moreover, NilAway handles Go-specific language constructs such as receivers, interfaces, type assertions, type switches, and more. For more detailed discussion, please check our paper.

Configurations

We expose a set of flags via the standard flag passing mechanism in go/analysis. Please check wiki/Configuration to see the available flags and how to pass them using different linter drivers.

Support

We follow the same version support policy as the Go project: we support and test the last two major versions of Go.

Please feel free to open a GitHub issue if you have any questions, bug reports, and feature requests.

Contributions

We'd love for you to contribute to NilAway! Please note that once you create a pull request, you will be asked to sign our Uber Contributor License Agreement.

License

This project is copyright 2023 Uber Technologies, Inc., and licensed under Apache 2.0.

More Repositories

1

zap

Blazing fast, structured, leveled logging in Go.
Go
20,876
star
2

guide

The Uber Go Style Guide.
Makefile
15,131
star
3

fx

A dependency injection based application framework for Go.
Go
5,186
star
4

goleak

Goroutine leak detector
Go
4,263
star
5

ratelimit

A Go blocking leaky-bucket rate limit implementation
Go
3,934
star
6

dig

A reflection based dependency injection toolkit for Go.
Go
3,596
star
7

automaxprocs

Automatically set GOMAXPROCS to match Linux container CPU quota.
Go
3,459
star
8

mock

GoMock is a mocking framework for the Go programming language.
Go
1,582
star
9

atomic

Wrapper types for sync/atomic which enforce atomic access
Go
1,250
star
10

multierr

Combine one or more Go errors together
Go
907
star
11

tally

A Go metrics interface with fast buffered metrics and third party reporters
Go
810
star
12

gopatch

Refactoring and code transformation tool for Go.
Go
681
star
13

config

Configuration for Go applications
Go
382
star
14

cadence-client

Framework for authoring workflows and activities running on top of the Cadence orchestration engine.
Go
322
star
15

sally

A tiny HTTP server for supporting custom Golang import paths
Go
228
star
16

kafka-client

Go client library for Apache Kafka
Go
221
star
17

dosa

DOSA is a data object abstraction layer
Go
197
star
18

cff

Concurrency toolkit for Go
Go
124
star
19

tools

A collection of golang tools used at Uber
Go
58
star
20

go-helix

A Go implementation of Apache Helix (currently the participant part only).
Go
56
star
21

icu4go

A Go binding for the icu4c library
Go
49
star
22

mapdecode

Implement YAML/JSON decoding in one place.
Go
48
star
23

hackeroni

A Go API client for HackerOne (api.hackerone.com)
Go
41
star
24

gwr

Get / Watch / Report -ing of operational data. This project is deprecated and not maintained.
Go
38
star
25

flagoverride

An automatic way of creating command line options to override fields from a struct.
Go
20
star