correctly detect indirect uses of reflection

[lu4p]

(see commit message)

[mvdan]

Please add high-level godocs to each one of these funcs, and especially to potentialReflectParam and its fields - I tried reviewing this code, but it's hard to try to reverse engineer what the code is doing. I understand you used descriptive names, but that often isn't enough to be able to read and understand the code easily.

[mvdan]

when can this ever happen?

[lu4p]

If the object is declared in the universe scope (buitin types).

[mvdan]

note that this will miss quite a few "related" edge cases like T{foo: bar} or foo = []Bar{bar}. I think this amount of code is still bearable, but any more code complexity than what you have here and I think we should just go for go/ssa instead.

[lu4p]

You are right I will also implement composite literals

[mvdan]

Maybe I wasn't clear :) I did not expect you to implement more edge cases, rather that we should try to keep the logic relatively short and simple, because attempting to cover all edge cases with go/ast rather than go/ssa is likely the wrong route. It's a lot of fragile code that won't do as well as SSA.

You've gone ahead and done it, but I really don't want any more control flow analysis based on go/ast - to my taste, the current amount is already more than what I can comfortably maintain.

[lu4p]

@mvdan added some docs and support for composite literals

[mvdan]

Before I do another round of review - did you benchmark this? I generally assume that bug fixes come before performance, but this go/ast analysis is adding two more ast.Inspect calls and one is nested, so I'm somewhat worried that this will negatively affect build times.

[mvdan]

Another reason for (slight) worry is that you seem to be tracking most forms of assignments via either foo = bar or foo: bar, so that will likely be quite a lot more book-keeping for code being obfuscated.