seq-audit

command
v0.0.0-...-187ff8a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 1, 2026 License: MIT Imports: 9 Imported by: 0

Documentation

Overview

seq-audit is a type-aware AST analyzer for finding unsafe sequence arithmetic.

Unlike simple pattern matching, this tool uses Go's type checker to:

  • Know actual types of variables (uint32, int32, etc.)
  • Detect int32(uint32 - uint32) patterns that fail at 31-bit wraparound
  • Track type conversions through expressions

The key bug pattern we're looking for: 

func SeqDiff(a, b uint32) int32 {
    return int32(a - b)  // BROKEN! Fails at wraparound
}

When a=10 and b=0x7FFFFF00:

  • a - b = 10 - 2147483392 = wraps to 0x80000110 (large uint32)
  • int32(0x80000110) = -2147483376 (negative!)
  • Should be ~265 (positive, because 10 is "after" MAX in circular space)

Usage: 

seq-audit [options] <packages...>

Examples: 

seq-audit ./congestion/live ./circular
seq-audit -verbose ./...

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.