Achievement in Merpay Expert Team Masahiro Matsui (@Matts966) 

Table Of Contents - Motivation - What is static analysis? - analysisutil - refsafe - genelizer - misc 

Motivation Find problems in programs in the earlier phaze 

Static Analysis is analysis of computer software that is performed without actually executing programs. @tenntenn さんの『ソースコードを堪能せよ 』より引用 

analysisutil Does all the path pass through X from start to goal? start goal X 

examples in reflect 

refsafe A linter to use reflect package more securely by - Check the order of function calls - and their return value 

genelizer - Motivation - abstract the static analysis procedures - write linter rules declaratively - A tool to generate linters that check the order of functions & method call - HCL2 syntax 

genelizer Analyzer Analyzer Analyzer Analyzer Executable binary rule rule rule BuildSSA 

For what we can use genelizer? - Check complex order of function calls - e.g. in payment services - Linter for errors package (Go 1.13) - Check if resources are used correctly - e.g. files, memory, http.Response.Body… - and other types which implement Closer interface 

packr's problem - This code works - This code doesn’t 

misc - Add a validation to consul - Send a patch to go vet (passes/printf) These are not completed or merged. Breaking changes or causing trade-off can lead to ignored PR. So I wrote only an issue in the case of packr and will discuss desirable solution. 

Thanks Any question?