Add static analysis for unsafe uint casting (#10318)

* Add static analysis for unsafe uint casting

* Fix violations of uintcast

* go mod tidy

* Add exclusion to nogo for darwin build

* Add test for math.Int

* Move some things to const so they are assured not to exceed int64

* Self review

* lint

* fix tests

* fix test

* Add init check for non 64 bit OS

* Move new deps from WORKSPACE to deps.bzl

* fix bazel build for go analysis runs

* Update BUILD.bazel

Remove TODO

* add math.AddInt method

* Add new test casts

* Add case where builtin functions and declared functions are covered

* Fix new findings

* cleanup

Co-authored-by: prylabs-bulldozer[bot] <58059840+prylabs-bulldozer[bot]@users.noreply.github.com>
Co-authored-by: Nishant Das <nishdas93@gmail.com>

build/bazel/BUILD.bazel

@@ -0,0 +1,23 @@
+load("@prysm//tools/go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    testonly = True,
+    srcs = [
+        "bazel.go",
+        "data_path.go",
+    ],
+    importpath = "github.com/prysmaticlabs/prysm/build/bazel",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//testing/require:go_default_library",
+        "@io_bazel_rules_go//go/tools/bazel:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    size = "small",
+    srcs = ["bazel_test.go"],
+    deps = [":go_default_library"],
+)

build/bazel/bazel.go

@@ -0,0 +1,103 @@
+// Copyright 2015 The Cockroach Authors.
+//
+// Use of this software is governed by the Business Source License
+// included in the file licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with
+// the Business Source License, use of this software will be governed
+// by the Apache License, Version 2.0, included in the file
+// licenses/APL.txt.
+
+//go:build bazel
+// +build bazel
+
+package bazel
+
+import (
+	"fmt"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+
+	inner "github.com/bazelbuild/rules_go/go/tools/bazel"
+)
+
+// Return true iff this library was built with Bazel.
+func BuiltWithBazel() bool {
+	return true
+}
+
+// FindBinary is a convenience wrapper around the rules_go variant.
+func FindBinary(pkg, name string) (string, bool) {
+	return inner.FindBinary(pkg, name)
+}
+
+// Runfile is a convenience wrapper around the rules_go variant.
+func Runfile(path string) (string, error) {
+	return inner.Runfile(path)
+}
+
+// RunfilesPath is a convenience wrapper around the rules_go variant.
+func RunfilesPath() (string, error) {
+	return inner.RunfilesPath()
+}
+
+// TestTmpDir is a convenience wrapper around the rules_go variant.
+func TestTmpDir() string {
+	return inner.TestTmpDir()
+}
+
+// NewTmpDir is a convenience wrapper around the rules_go variant.
+// The caller is responsible for cleaning the directory up after use.
+func NewTmpDir(prefix string) (string, error) {
+	return inner.NewTmpDir(prefix)
+}
+
+// Updates the current environment to use the Go toolchain that Bazel built this
+// binary/test with (updates the `PATH`/`GOROOT`/`GOCACHE` environment
+// variables).
+// If you want to use this function, your binary/test target MUST have
+// `@go_sdk//:files` in its `data` -- this will make sure the whole toolchain
+// gets pulled into the sandbox as well. Generally, this function should only
+// be called in init().
+func SetGoEnv() {
+	gobin, err := Runfile("bin/go")
+	if err != nil {
+		panic(err)
+	}
+	if err := os.Setenv("PATH", fmt.Sprintf("%s%c%s", filepath.Dir(gobin), os.PathListSeparator, os.Getenv("PATH"))); err != nil {
+		panic(err)
+	}
+	// GOPATH has to be set to some value (not equal to GOROOT) in order for `go env` to work.
+	// See https://github.com/golang/go/issues/43938 for the details.
+	// Specify a name under the system TEMP/TMP directory in order to be platform agnostic.
+	if err := os.Setenv("GOPATH", filepath.Join(os.TempDir(), "nonexist-gopath")); err != nil {
+		panic(err)
+	}
+	if err := os.Setenv("GOROOT", filepath.Dir(filepath.Dir(gobin))); err != nil {
+		panic(err)
+	}
+	if err := os.Setenv("GOCACHE", path.Join(inner.TestTmpDir(), ".gocache")); err != nil {
+		panic(err)
+	}
+}
+
+// Name of the environment variable containing the bazel target path
+// (//pkg/cmd/foo:bar).
+const testTargetEnv = "TEST_TARGET"
+
+// RelativeTestTargetPath returns relative path to the package
+// of the current test.
+func RelativeTestTargetPath() string {
+	target := os.Getenv(testTargetEnv)
+	if target == "" {
+		return ""
+	}
+
+	// Drop target name.
+	if last := strings.LastIndex(target, ":"); last > 0 {
+		target = target[:last]
+	}
+	return strings.TrimPrefix(target, "//")
+}

build/bazel/bazel_test.go

@@ -0,0 +1,13 @@
+package bazel_test
+
+import (
+	"testing"
+
+	"github.com/prysmaticlabs/prysm/build/bazel"
+)
+
+func TestBuildWithBazel(t *testing.T) {
+	if !bazel.BuiltWithBazel() {
+		t.Error("not built with Bazel")
+	}
+}

build/bazel/data_path.go

@@ -0,0 +1,41 @@
+// Copyright 2020 The Cockroach Authors.
+//
+// Use of this software is governed by the Business Source License
+// included in the file licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with
+// the Business Source License, use of this software will be governed
+// by the Apache License, Version 2.0, included in the file
+// licenses/APL.txt.
+
+package bazel
+
+import (
+	"path"
+	"path/filepath"
+	"testing"
+
+	"github.com/prysmaticlabs/prysm/testing/require"
+)
+
+// TestDataPath returns a path to an asset in the testdata directory. It knows
+// to access accesses the right path when executing under bazel.
+//
+// For example, if there is a file testdata/a.txt, you can get a path to that
+// file using TestDataPath(t, "a.txt").
+func TestDataPath(t testing.TB, relative ...string) string {
+	relative = append([]string{"testdata"}, relative...)
+	// dev notifies the library that the test is running in a subdirectory of the
+	// workspace with the environment variable below.
+	if BuiltWithBazel() {
+		runfiles, err := RunfilesPath()
+		require.NoError(t, err)
+		return path.Join(runfiles, RelativeTestTargetPath(), path.Join(relative...))
+	}
+
+	// Otherwise we're in the package directory and can just return a relative path.
+	ret := path.Join(relative...)
+	ret, err := filepath.Abs(ret)
+	require.NoError(t, err)
+	return ret
+}

build/bazel/non_bazel.go

@@ -0,0 +1,57 @@
+// Copyright 2015 The Cockroach Authors.
+//
+// Use of this software is governed by the Business Source License
+// included in the file licenses/BSL.txt.
+//
+// As of the Change Date specified in that file, in accordance with
+// the Business Source License, use of this software will be governed
+// by the Apache License, Version 2.0, included in the file
+// licenses/APL.txt.
+
+//go:build !bazel
+// +build !bazel
+
+package bazel
+
+// This file contains stub implementations for non-bazel builds.
+// See bazel.go for full documentation on the contracts of these functions.
+
+// BuiltWithBazel returns true iff this library was built with Bazel.
+func BuiltWithBazel() bool {
+	return false
+}
+
+// FindBinary is not implemented.
+func FindBinary(pkg, name string) (string, bool) {
+	panic("not build with Bazel")
+}
+
+// Runfile is not implemented.
+func Runfile(string) (string, error) {
+	panic("not built with Bazel")
+}
+
+// RunfilesPath is not implemented.
+func RunfilesPath() (string, error) {
+	panic("not built with Bazel")
+}
+
+// TestTmpDir is not implemented.
+func TestTmpDir() string {
+	panic("not built with Bazel")
+}
+
+// NewTmpDir is not implemented.
+func NewTmpDir(prefix string) (string, error) {
+	panic("not built with Bazel")
+}
+
+// RelativeTestTargetPath is not implemented.
+func RelativeTestTargetPath() string {
+	panic("not built with Bazel")
+}
+
+// SetGoEnv is not implemented.
+func SetGoEnv() {
+	panic("not built with Bazel")
+}