staticcheck: incorporate go vet checks

[dominikh]

Traditionally we've refused to add checks that are already present in go vet, to avoid duplicated efforts. At one point, we even documented that we'd remove checks should they be added to vet.

This, however, has several negative consequences:

• go vet has stricter performance goals and fewer dependencies to work with. We may provide improved versions of checks in vet
• We're moving beyond just a simple CLI utility that behaves identically to vet. We have check IDs and an ignore feature. We have detailed documentation for each check. In the future, we will have cached type information, language server integration and JSON output. All of vet's checks could benefit from this.
• It causes an unnatural split between two tools, requiring users to run both. Furthermore, people regularly forget which tool catches which bugs.

Hence, going forward, we should aim to catch all issues found by vet. We will not simply copy its code, but reimplement checks using our framework, to ensure that they can benefit from it.

List of go vet checks we may want to copy:

• self-assignment
• discarding pure function results (we already do this, just had extend our list of functions)
• using HTTP response before checking error (we already do this for all io.Closers, which tends to be good enough)
• closing over loop variables. Related: staticcheck: detect access to modified closure #51
• unreachable code (might be too noisy, not sure)
• comparison of function with nil
• check for incorrect format strings in printf-like functions
• flag format strings that do not contain any format (for gosimple)
• check for incorrectly defined tests and examples
• check for invalid struct tags. definitely do the checks for known tags like json and xml. maybe don't do generic validation, as clients aren't required to follow the convention
• flag useless/wrong bit shifts
• detect copying of locks
• detect failure to call cancellation function of context.WithCancel
• flag misplaced build tags. Related check: staticcheck: warn on duplicate (identical) build constraints #137
• flag impossible boolean expressions, a la x == 1 && x == 2. This is only the beginning, we can do much more analysis on boolean expressions later, especially once we have reliable value ranges.
• flag common misuses of the atomic package

List of go vet checks that are not suitable:

• Check that canonically named methods are canonically defined. This has the occasional false positive
• Check that composite literals use keyed elements. This will likely be too noisy.
• Detect shadowing. I'm not aware of a good heuristic.
• Flagging misuses of unsafe.Pointer. Has a number of edge cases that trigger false positives.
• assembly checks. Assembly is not our focus.

List of checks go vet refused to add or hasn't added yet:

• cmd/vet: check for http.Error followed by other statements in handler? golang/go#15205
• cmd/vet: check for duplicate cases in switches golang/go#15906
• proposal: cmd/vet: check for missing Err calls for bufio.Scanner and sql.Rows golang/go#17747
• cmd/vet: vet should recommend "os.IsNotExist(err)" over "err == os.ErrNotExist" golang/go#19267
• cmd/vet: report uses of -0 in float32/64 context golang/go#19675
• proposal: cmd/vet: add check for common error mishandling pattern golang/go#20148
• cmd/vet: flag atomic.Value usages with interface types golang/go#22550
• proposal: cmd/vet: warning on a special case of switch code block use. golang/go#23651
• cmd/vet: json.Number is easy to misuse (vet check?) golang/go#24001
• cmd/vet: check for misused of append onto new, non-empty slice golang/go#6840
• cmd/vet: Add check for channels that must be buffered golang/go#9399

[dominikh]

Closing this issue in favour of individually filed issues and the general plan of copying vet checks as they get added.