diff --git a/vendor/github.com/docker/cli/AUTHORS b/vendor/github.com/docker/cli/AUTHORS
new file mode 100644
index 00000000..ecb6251b
--- /dev/null
+++ b/vendor/github.com/docker/cli/AUTHORS
@@ -0,0 +1,723 @@
+# This file lists all individuals having contributed content to the repository.
+# For how it is generated, see `scripts/docs/generate-authors.sh`.
+
+Aanand Prasad <aanand.prasad@gmail.com>
+Aaron L. Xu <liker.xu@foxmail.com>
+Aaron Lehmann <aaron.lehmann@docker.com>
+Aaron.L.Xu <likexu@harmonycloud.cn>
+Abdur Rehman <abdur_rehman@mentor.com>
+Abhinandan Prativadi <abhi@docker.com>
+Abin Shahab <ashahab@altiscale.com>
+Ace Tang <aceapril@126.com>
+Addam Hardy <addam.hardy@gmail.com>
+Adolfo Ochagavía <aochagavia92@gmail.com>
+Adrian Plata <adrian.plata@docker.com>
+Adrien Duermael <adrien@duermael.com>
+Adrien Folie <folie.adrien@gmail.com>
+Ahmet Alp Balkan <ahmetb@microsoft.com>
+Aidan Feldman <aidan.feldman@gmail.com>
+Aidan Hobson Sayers <aidanhs@cantab.net>
+AJ Bowen <aj@gandi.net>
+Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
+Akim Demaille <akim.demaille@docker.com>
+Alan Thompson <cloojure@gmail.com>
+Albert Callarisa <shark234@gmail.com>
+Aleksa Sarai <asarai@suse.de>
+Alessandro Boch <aboch@tetrationanalytics.com>
+Alex Mavrogiannis <alex.mavrogiannis@docker.com>
+Alex Mayer <amayer5125@gmail.com>
+Alexander Boyd <alex@opengroove.org>
+Alexander Larsson <alexl@redhat.com>
+Alexander Morozov <lk4d4@docker.com>
+Alexander Ryabov <i@sepa.spb.ru>
+Alexandre González <agonzalezro@gmail.com>
+Alfred Landrum <alfred.landrum@docker.com>
+Alicia Lauerman <alicia@eta.im>
+Allen Sun <allensun.shl@alibaba-inc.com>
+Alvin Deng <alvin.q.deng@utexas.edu>
+Amen Belayneh <amenbelayneh@gmail.com>
+Amir Goldstein <amir73il@aquasec.com>
+Amit Krishnan <amit.krishnan@oracle.com>
+Amit Shukla <amit.shukla@docker.com>
+Amy Lindburg <amy.lindburg@docker.com>
+Anda Xu <anda.xu@docker.com>
+Andrea Luzzardi <aluzzardi@gmail.com>
+Andreas Köhler <andi5.py@gmx.net>
+Andrew France <andrew@avito.co.uk>
+Andrew Hsu <andrewhsu@docker.com>
+Andrew Macpherson <hopscotch23@gmail.com>
+Andrew McDonnell <bugs@andrewmcdonnell.net>
+Andrew Po <absourd.noise@gmail.com>
+Andrey Petrov <andrey.petrov@shazow.net>
+André Martins <aanm90@gmail.com>
+Andy Goldstein <agoldste@redhat.com>
+Andy Rothfusz <github@developersupport.net>
+Anil Madhavapeddy <anil@recoil.org>
+Ankush Agarwal <ankushagarwal11@gmail.com>
+Anne Henmi <anne.henmi@docker.com>
+Anton Polonskiy <anton.polonskiy@gmail.com>
+Antonio Murdaca <antonio.murdaca@gmail.com>
+Antonis Kalipetis <akalipetis@gmail.com>
+Anusha Ragunathan <anusha.ragunathan@docker.com>
+Ao Li <la9249@163.com>
+Arash Deshmeh <adeshmeh@ca.ibm.com>
+Arnaud Porterie <arnaud.porterie@docker.com>
+Ashwini Oruganti <ashwini.oruganti@gmail.com>
+Azat Khuyiyakhmetov <shadow_uz@mail.ru>
+Bardia Keyoumarsi <bkeyouma@ucsc.edu>
+Barnaby Gray <barnaby@pickle.me.uk>
+Bastiaan Bakker <bbakker@xebia.com>
+BastianHofmann <bastianhofmann@me.com>
+Ben Bonnefoy <frenchben@docker.com>
+Ben Creasy <ben@bencreasy.com>
+Ben Firshman <ben@firshman.co.uk>
+Benjamin Boudreau <boudreau.benjamin@gmail.com>
+Benoit Sigoure <tsunanet@gmail.com>
+Bhumika Bayani <bhumikabayani@gmail.com>
+Bill Wang <ozbillwang@gmail.com>
+Bin Liu <liubin0329@gmail.com>
+Bingshen Wang <bingshen.wbs@alibaba-inc.com>
+Boaz Shuster <ripcurld.github@gmail.com>
+Bogdan Anton <contact@bogdananton.ro>
+Boris Pruessmann <boris@pruessmann.org>
+Bradley Cicenas <bradley.cicenas@gmail.com>
+Brandon Mitchell <git@bmitch.net>
+Brandon Philips <brandon.philips@coreos.com>
+Brent Salisbury <brent.salisbury@docker.com>
+Bret Fisher <bret@bretfisher.com>
+Brian (bex) Exelbierd <bexelbie@redhat.com>
+Brian Goff <cpuguy83@gmail.com>
+Bryan Bess <squarejaw@bsbess.com>
+Bryan Boreham <bjboreham@gmail.com>
+Bryan Murphy <bmurphy1976@gmail.com>
+bryfry <bryon.fryer@gmail.com>
+Cameron Spear <cameronspear@gmail.com>
+Cao Weiwei <cao.weiwei30@zte.com.cn>
+Carlo Mion <mion00@gmail.com>
+Carlos Alexandro Becker <caarlos0@gmail.com>
+Ce Gao <ce.gao@outlook.com>
+Cedric Davies <cedricda@microsoft.com>
+Cezar Sa Espinola <cezarsa@gmail.com>
+Chad Faragher <wyckster@hotmail.com>
+Chao Wang <wangchao.fnst@cn.fujitsu.com>
+Charles Chan <charleswhchan@users.noreply.github.com>
+Charles Law <claw@conduce.com>
+Charles Smith <charles.smith@docker.com>
+Charlie Drage <charlie@charliedrage.com>
+ChaYoung You <yousbe@gmail.com>
+Chen Chuanliang <chen.chuanliang@zte.com.cn>
+Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
+Chen Mingjie <chenmingjie0828@163.com>
+Chen Qiu <cheney-90@hotmail.com>
+Chris Gavin <chris@chrisgavin.me>
+Chris Gibson <chris@chrisg.io>
+Chris McKinnel <chrismckinnel@gmail.com>
+Chris Snow <chsnow123@gmail.com>
+Chris Weyl <cweyl@alumni.drew.edu>
+Christian Persson <saser@live.se>
+Christian Stefanescu <st.chris@gmail.com>
+Christophe Robin <crobin@nekoo.com>
+Christophe Vidal <kriss@krizalys.com>
+Christopher Biscardi <biscarch@sketcht.com>
+Christopher Crone <christopher.crone@docker.com>
+Christopher Jones <tophj@linux.vnet.ibm.com>
+Christy Norman <christy@linux.vnet.ibm.com>
+Chun Chen <ramichen@tencent.com>
+Clinton Kitson <clintonskitson@gmail.com>
+Coenraad Loubser <coenraad@wish.org.za>
+Colin Hebert <hebert.colin@gmail.com>
+Collin Guarino <collin.guarino@gmail.com>
+Colm Hally <colmhally@gmail.com>
+Corey Farrell <git@cfware.com>
+Corey Quon <corey.quon@docker.com>
+Craig Wilhite <crwilhit@microsoft.com>
+Cristian Staretu <cristian.staretu@gmail.com>
+Daehyeok Mun <daehyeok@gmail.com>
+Dafydd Crosby <dtcrsby@gmail.com>
+dalanlan <dalanlan925@gmail.com>
+Damien Nadé <github@livna.org>
+Dan Cotora <dan@bluevision.ro>
+Daniel Cassidy <mail@danielcassidy.me.uk>
+Daniel Dao <dqminh@cloudflare.com>
+Daniel Farrell <dfarrell@redhat.com>
+Daniel Gasienica <daniel@gasienica.ch>
+Daniel Goosen <daniel.goosen@surveysampling.com>
+Daniel Hiltgen <daniel.hiltgen@docker.com>
+Daniel J Walsh <dwalsh@redhat.com>
+Daniel Nephin <dnephin@docker.com>
+Daniel Norberg <dano@spotify.com>
+Daniel Watkins <daniel@daniel-watkins.co.uk>
+Daniel Zhang <jmzwcn@gmail.com>
+Danny Berger <dpb587@gmail.com>
+Darren Shepherd <darren.s.shepherd@gmail.com>
+Darren Stahl <darst@microsoft.com>
+Dattatraya Kumbhar <dattatraya.kumbhar@gslab.com>
+Dave Goodchild <buddhamagnet@gmail.com>
+Dave Henderson <dhenderson@gmail.com>
+Dave Tucker <dt@docker.com>
+David Beitey <david@davidjb.com>
+David Calavera <david.calavera@gmail.com>
+David Cramer <davcrame@cisco.com>
+David Dooling <dooling@gmail.com>
+David Gageot <david@gageot.net>
+David Lechner <david@lechnology.com>
+David Scott <dave@recoil.org>
+David Sheets <dsheets@docker.com>
+David Williamson <david.williamson@docker.com>
+David Xia <dxia@spotify.com>
+David Young <yangboh@cn.ibm.com>
+Deng Guangxing <dengguangxing@huawei.com>
+Denis Defreyne <denis@soundcloud.com>
+Denis Gladkikh <denis@gladkikh.email>
+Denis Ollier <larchunix@users.noreply.github.com>
+Dennis Docter <dennis@d23.nl>
+Derek McGowan <derek@mcgstyle.net>
+Deshi Xiao <dxiao@redhat.com>
+Dharmit Shah <shahdharmit@gmail.com>
+Dhawal Yogesh Bhanushali <dbhanushali@vmware.com>
+Dieter Reuter <dieter.reuter@me.com>
+Dima Stopel <dima@twistlock.com>
+Dimitry Andric <d.andric@activevideo.com>
+Ding Fei <dingfei@stars.org.cn>
+Diogo Monica <diogo@docker.com>
+Dmitry Gusev <dmitry.gusev@gmail.com>
+Dmitry Smirnov <onlyjob@member.fsf.org>
+Dmitry V. Krivenok <krivenok.dmitry@gmail.com>
+Don Kjer <don.kjer@gmail.com>
+Dong Chen <dongluo.chen@docker.com>
+Doug Davis <dug@us.ibm.com>
+Drew Erny <drew.erny@docker.com>
+Ed Costello <epc@epcostello.com>
+Elango Sivanandam <elango.siva@docker.com>
+Eli Uriegas <eli.uriegas@docker.com>
+Eli Uriegas <seemethere101@gmail.com>
+Elias Faxö <elias.faxo@tre.se>
+Elliot Luo <956941328@qq.com>
+Eric Curtin <ericcurtin17@gmail.com>
+Eric G. Noriega <enoriega@vizuri.com>
+Eric Rosenberg <ehaydenr@gmail.com>
+Eric Sage <eric.david.sage@gmail.com>
+Eric-Olivier Lamey <eo@lamey.me>
+Erica Windisch <erica@windisch.us>
+Erik Hollensbe <github@hollensbe.org>
+Erik St. Martin <alakriti@gmail.com>
+Essam A. Hassan <es.hassan187@gmail.com>
+Ethan Haynes <ethanhaynes@alumni.harvard.edu>
+Euan Kemp <euank@euank.com>
+Eugene Yakubovich <eugene.yakubovich@coreos.com>
+Evan Allrich <evan@unguku.com>
+Evan Hazlett <ejhazlett@gmail.com>
+Evan Krall <krall@yelp.com>
+Evelyn Xu <evelynhsu21@gmail.com>
+Everett Toews <everett.toews@rackspace.com>
+Fabio Falci <fabiofalci@gmail.com>
+Fabrizio Soppelsa <fsoppelsa@mirantis.com>
+Felix Hupfeld <felix@quobyte.com>
+Felix Rabe <felix@rabe.io>
+Filip Jareš <filipjares@gmail.com>
+Flavio Crisciani <flavio.crisciani@docker.com>
+Florian Klein <florian.klein@free.fr>
+Forest Johnson <fjohnson@peoplenetonline.com>
+Foysal Iqbal <foysal.iqbal.fb@gmail.com>
+François Scala <francois.scala@swiss-as.com>
+Fred Lifton <fred.lifton@docker.com>
+Frederic Hemberger <mail@frederic-hemberger.de>
+Frederick F. Kautz IV <fkautz@redhat.com>
+Frederik Nordahl Jul Sabroe <frederikns@gmail.com>
+Frieder Bluemle <frieder.bluemle@gmail.com>
+Gabriel Nicolas Avellaneda <avellaneda.gabriel@gmail.com>
+Gaetan de Villele <gdevillele@gmail.com>
+Gang Qiao <qiaohai8866@gmail.com>
+Gary Schaetz <gary@schaetzkc.com>
+Genki Takiuchi <genki@s21g.com>
+George MacRorie <gmacr31@gmail.com>
+George Xie <georgexsh@gmail.com>
+Gianluca Borello <g.borello@gmail.com>
+Gildas Cuisinier <gildas.cuisinier@gcuisinier.net>
+Goksu Toprak <goksu.toprak@docker.com>
+Gou Rao <gou@portworx.com>
+Grant Reaber <grant.reaber@gmail.com>
+Greg Pflaum <gpflaum@users.noreply.github.com>
+Guilhem Lettron <guilhem+github@lettron.fr>
+Guillaume J. Charmes <guillaume.charmes@docker.com>
+Guillaume Le Floch <glfloch@gmail.com>
+gwx296173 <gaojing3@huawei.com>
+Günther Jungbluth <gunther@gameslabs.net>
+Hakan Özler <hakan.ozler@kodcu.com>
+Hao Zhang <21521210@zju.edu.cn>
+Harald Albers <github@albersweb.de>
+Harold Cooper <hrldcpr@gmail.com>
+Harry Zhang <harryz@hyper.sh>
+He Simei <hesimei@zju.edu.cn>
+Helen Xie <chenjg@harmonycloud.cn>
+Henning Sprang <henning.sprang@gmail.com>
+Henry N <henrynmail-github@yahoo.de>
+Hernan Garcia <hernandanielg@gmail.com>
+Hongbin Lu <hongbin034@gmail.com>
+Hu Keping <hukeping@huawei.com>
+Huayi Zhang <irachex@gmail.com>
+huqun <huqun@zju.edu.cn>
+Huu Nguyen <huu@prismskylabs.com>
+Hyzhou Zhy <hyzhou.zhy@alibaba-inc.com>
+Ian Campbell <ian.campbell@docker.com>
+Ian Philpot <ian.philpot@microsoft.com>
+Ignacio Capurro <icapurrofagian@gmail.com>
+Ilya Dmitrichenko <errordeveloper@gmail.com>
+Ilya Khlopotov <ilya.khlopotov@gmail.com>
+Ilya Sotkov <ilya@sotkov.com>
+Ioan Eugen Stan <eu@ieugen.ro>
+Isabel Jimenez <contact.isabeljimenez@gmail.com>
+Ivan Grcic <igrcic@gmail.com>
+Ivan Markin <sw@nogoegst.net>
+Jacob Atzen <jacob@jacobatzen.dk>
+Jacob Tomlinson <jacob@tom.linson.uk>
+Jaivish Kothari <janonymous.codevulture@gmail.com>
+Jake Lambert <jake.lambert@volusion.com>
+Jake Sanders <jsand@google.com>
+James Nesbitt <james.nesbitt@wunderkraut.com>
+James Turnbull <james@lovedthanlost.net>
+Jamie Hannaford <jamie@limetree.org>
+Jan Koprowski <jan.koprowski@gmail.com>
+Jan Pazdziora <jpazdziora@redhat.com>
+Jan-Jaap Driessen <janjaapdriessen@gmail.com>
+Jana Radhakrishnan <mrjana@docker.com>
+Jared Hocutt <jaredh@netapp.com>
+Jasmine Hegman <jasmine@jhegman.com>
+Jason Heiss <jheiss@aput.net>
+Jason Plum <jplum@devonit.com>
+Jay Kamat <github@jgkamat.33mail.com>
+Jean Rouge <rougej+github@gmail.com>
+Jean-Christophe Sirot <jean-christophe.sirot@docker.com>
+Jean-Pierre Huynh <jean-pierre.huynh@ounet.fr>
+Jeff Lindsay <progrium@gmail.com>
+Jeff Nickoloff <jeff.nickoloff@gmail.com>
+Jeff Silberman <jsilberm@gmail.com>
+Jeremy Chambers <jeremy@thehipbot.com>
+Jeremy Unruh <jeremybunruh@gmail.com>
+Jeremy Yallop <yallop@docker.com>
+Jeroen Franse <jeroenfranse@gmail.com>
+Jesse Adametz <jesseadametz@gmail.com>
+Jessica Frazelle <jessfraz@google.com>
+Jezeniel Zapanta <jpzapanta22@gmail.com>
+Jian Zhang <zhangjian.fnst@cn.fujitsu.com>
+Jie Luo <luo612@zju.edu.cn>
+Jilles Oldenbeuving <ojilles@gmail.com>
+Jim Galasyn <jim.galasyn@docker.com>
+Jimmy Leger <jimmy.leger@gmail.com>
+Jimmy Song <rootsongjc@gmail.com>
+jimmyxian <jimmyxian2004@yahoo.com.cn>
+Jintao Zhang <zhangjintao9020@gmail.com>
+Joao Fernandes <joao.fernandes@docker.com>
+Joe Doliner <jdoliner@pachyderm.io>
+Joe Gordon <joe.gordon0@gmail.com>
+Joel Handwell <joelhandwell@gmail.com>
+Joey Geiger <jgeiger@gmail.com>
+Joffrey F <joffrey@docker.com>
+Johan Euphrosine <proppy@google.com>
+Johannes 'fish' Ziemke <github@freigeist.org>
+John Feminella <jxf@jxf.me>
+John Harris <john@johnharris.io>
+John Howard (VM) <John.Howard@microsoft.com>
+John Laswell <john.n.laswell@gmail.com>
+John Maguire <jmaguire@duosecurity.com>
+John Mulhausen <john@docker.com>
+John Starks <jostarks@microsoft.com>
+John Stephens <johnstep@docker.com>
+John Tims <john.k.tims@gmail.com>
+John V. Martinez <jvmatl@gmail.com>
+John Willis <john.willis@docker.com>
+Jonathan Boulle <jonathanboulle@gmail.com>
+Jonathan Lee <jonjohn1232009@gmail.com>
+Jonathan Lomas <jonathan@floatinglomas.ca>
+Jonathan McCrohan <jmccrohan@gmail.com>
+Jonh Wendell <jonh.wendell@redhat.com>
+Jordan Jennings <jjn2009@gmail.com>
+Joseph Kern <jkern@semafour.net>
+Josh Bodah <jb3689@yahoo.com>
+Josh Chorlton <jchorlton@gmail.com>
+Josh Hawn <josh.hawn@docker.com>
+Josh Horwitz <horwitz@addthis.com>
+Josh Soref <jsoref@gmail.com>
+Julien Barbier <write0@gmail.com>
+Julien Kassar <github@kassisol.com>
+Julien Maitrehenry <julien.maitrehenry@me.com>
+Justas Brazauskas <brazauskasjustas@gmail.com>
+Justin Cormack <justin.cormack@docker.com>
+Justin Simonelis <justin.p.simonelis@gmail.com>
+Justyn Temme <justyntemme@gmail.com>
+Jyrki Puttonen <jyrkiput@gmail.com>
+Jérémie Drouet <jeremie.drouet@gmail.com>
+Jérôme Petazzoni <jerome.petazzoni@docker.com>
+Jörg Thalheim <joerg@higgsboson.tk>
+Kai Blin <kai@samba.org>
+Kai Qiang Wu (Kennan) <wkq5325@gmail.com>
+Kara Alexandra <kalexandra@us.ibm.com>
+Kareem Khazem <karkhaz@karkhaz.com>
+Karthik Nayak <Karthik.188@gmail.com>
+Kat Samperi <kat.samperi@gmail.com>
+Kathryn Spiers <kathryn@spiers.me>
+Katie McLaughlin <katie@glasnt.com>
+Ke Xu <leonhartx.k@gmail.com>
+Kei Ohmura <ohmura.kei@gmail.com>
+Keith Hudgins <greenman@greenman.org>
+Ken Cochrane <kencochrane@gmail.com>
+Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com>
+Kenfe-Mickaël Laventure <mickael.laventure@gmail.com>
+Kevin Burke <kev@inburke.com>
+Kevin Feyrer <kevin.feyrer@btinternet.com>
+Kevin Kern <kaiwentan@harmonycloud.cn>
+Kevin Kirsche <Kev.Kirsche+GitHub@gmail.com>
+Kevin Meredith <kevin.m.meredith@gmail.com>
+Kevin Richardson <kevin@kevinrichardson.co>
+khaled souf <khaled.souf@gmail.com>
+Kim Eik <kim@heldig.org>
+Kir Kolyshkin <kolyshkin@gmail.com>
+Kotaro Yoshimatsu <kotaro.yoshimatsu@gmail.com>
+Krasi Georgiev <krasi@vip-consult.solutions>
+Kris-Mikael Krister <krismikael@protonmail.com>
+Kun Zhang <zkazure@gmail.com>
+Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
+Lachlan Cooper <lachlancooper@gmail.com>
+Lai Jiangshan <jiangshanlai@gmail.com>
+Lars Kellogg-Stedman <lars@redhat.com>
+Laura Frank <ljfrank@gmail.com>
+Laurent Erignoux <lerignoux@gmail.com>
+Lee Gaines <eightlimbed@gmail.com>
+Lei Jitang <leijitang@huawei.com>
+Lennie <github@consolejunkie.net>
+Leo Gallucci <elgalu3@gmail.com>
+Lewis Daly <lewisdaly@me.com>
+Li Yi <denverdino@gmail.com>
+Li Yi <weiyuan.yl@alibaba-inc.com>
+Liang-Chi Hsieh <viirya@gmail.com>
+Lifubang <lifubang@acmcoder.com>
+Lihua Tang <lhtang@alauda.io>
+Lily Guo <lily.guo@docker.com>
+Lin Lu <doraalin@163.com>
+Linus Heckemann <lheckemann@twig-world.com>
+Liping Xue <lipingxue@gmail.com>
+Liron Levin <liron@twistlock.com>
+liwenqi <vikilwq@zju.edu.cn>
+lixiaobing10051267 <li.xiaobing1@zte.com.cn>
+Lloyd Dewolf <foolswisdom@gmail.com>
+Lorenzo Fontana <lo@linux.com>
+Louis Opter <kalessin@kalessin.fr>
+Luca Favatella <luca.favatella@erlang-solutions.com>
+Luca Marturana <lucamarturana@gmail.com>
+Lucas Chan <lucas-github@lucaschan.com>
+Luka Hartwig <mail@lukahartwig.de>
+Lukasz Zajaczkowski <Lukasz.Zajaczkowski@ts.fujitsu.com>
+Lydell Manganti <LydellManganti@users.noreply.github.com>
+Lénaïc Huard <lhuard@amadeus.com>
+Ma Shimiao <mashimiao.fnst@cn.fujitsu.com>
+Mabin <bin.ma@huawei.com>
+Madhav Puri <madhav.puri@gmail.com>
+Madhu Venugopal <madhu@socketplane.io>
+Malte Janduda <mail@janduda.net>
+Manjunath A Kumatagi <mkumatag@in.ibm.com>
+Mansi Nahar <mmn4185@rit.edu>
+mapk0y <mapk0y@gmail.com>
+Marc Bihlmaier <marc.bihlmaier@reddoxx.com>
+Marco Mariani <marco.mariani@alterway.fr>
+Marco Vedovati <mvedovati@suse.com>
+Marcus Martins <marcus@docker.com>
+Marianna Tessel <mtesselh@gmail.com>
+Marius Sturm <marius@graylog.com>
+Mark Oates <fl0yd@me.com>
+Marsh Macy <marsma@microsoft.com>
+Martin Mosegaard Amdisen <martin.amdisen@praqma.com>
+Mary Anthony <mary.anthony@docker.com>
+Mason Fish <mason.fish@docker.com>
+Mason Malone <mason.malone@gmail.com>
+Mateusz Major <apkd@users.noreply.github.com>
+Mathieu Champlon <mathieu.champlon@docker.com>
+Matt Gucci <matt9ucci@gmail.com>
+Matt Robenolt <matt@ydekproductions.com>
+Matteo Orefice <matteo.orefice@bites4bits.software>
+Matthew Heon <mheon@redhat.com>
+Matthieu Hauglustaine <matt.hauglustaine@gmail.com>
+Mauro Porras P <mauroporrasp@gmail.com>
+Max Shytikov <mshytikov@gmail.com>
+Maxime Petazzoni <max@signalfuse.com>
+Mei ChunTao <mei.chuntao@zte.com.cn>
+Micah Zoltu <micah@newrelic.com>
+Michael A. Smith <michael@smith-li.com>
+Michael Bridgen <mikeb@squaremobius.net>
+Michael Crosby <michael@docker.com>
+Michael Friis <friism@gmail.com>
+Michael Irwin <mikesir87@gmail.com>
+Michael Käufl <docker@c.michael-kaeufl.de>
+Michael Prokop <github@michael-prokop.at>
+Michael Scharf <github@scharf.gr>
+Michael Spetsiotis <michael_spets@hotmail.com>
+Michael Steinert <mike.steinert@gmail.com>
+Michael West <mwest@mdsol.com>
+Michal Minář <miminar@redhat.com>
+Michał Czeraszkiewicz <czerasz@gmail.com>
+Miguel Angel Alvarez Cabrerizo <doncicuto@gmail.com>
+Mihai Borobocea <MihaiBorob@gmail.com>
+Mihuleacc Sergiu <mihuleac.sergiu@gmail.com>
+Mike Brown <brownwm@us.ibm.com>
+Mike Casas <mkcsas0@gmail.com>
+Mike Danese <mikedanese@google.com>
+Mike Dillon <mike@embody.org>
+Mike Goelzer <mike.goelzer@docker.com>
+Mike MacCana <mike.maccana@gmail.com>
+mikelinjie <294893458@qq.com>
+Mikhail Vasin <vasin@cloud-tv.ru>
+Milind Chawre <milindchawre@gmail.com>
+Mindaugas Rukas <momomg@gmail.com>
+Misty Stanley-Jones <misty@docker.com>
+Mohammad Banikazemi <mb@us.ibm.com>
+Mohammed Aaqib Ansari <maaquib@gmail.com>
+Mohini Anne Dsouza <mohini3917@gmail.com>
+Moorthy RS <rsmoorthy@gmail.com>
+Morgan Bauer <mbauer@us.ibm.com>
+Moysés Borges <moysesb@gmail.com>
+Mrunal Patel <mrunalp@gmail.com>
+muicoder <muicoder@gmail.com>
+Muthukumar R <muthur@gmail.com>
+Máximo Cuadros <mcuadros@gmail.com>
+Mårten Cassel <marten.cassel@gmail.com>
+Nace Oroz <orkica@gmail.com>
+Nahum Shalman <nshalman@omniti.com>
+Nalin Dahyabhai <nalin@redhat.com>
+Nao YONASHIRO <owan.orisano@gmail.com>
+Nassim 'Nass' Eddequiouaq <eddequiouaq.nassim@gmail.com>
+Natalie Parker <nparker@omnifone.com>
+Nate Brennand <nate.brennand@clever.com>
+Nathan Hsieh <hsieh.nathan@gmail.com>
+Nathan LeClaire <nathan.leclaire@docker.com>
+Nathan McCauley <nathan.mccauley@docker.com>
+Neil Peterson <neilpeterson@outlook.com>
+Nick Adcock <nick.adcock@docker.com>
+Nico Stapelbroek <nstapelbroek@gmail.com>
+Nicola Kabar <nicolaka@gmail.com>
+Nicolas Borboën <ponsfrilus@gmail.com>
+Nicolas De Loof <nicolas.deloof@gmail.com>
+Nikhil Chawla <chawlanikhil24@gmail.com>
+Nikolas Garofil <nikolas.garofil@uantwerpen.be>
+Nikolay Milovanov <nmil@itransformers.net>
+Nir Soffer <nsoffer@redhat.com>
+Nishant Totla <nishanttotla@gmail.com>
+NIWA Hideyuki <niwa.niwa@nifty.ne.jp>
+Noah Treuhaft <noah.treuhaft@docker.com>
+O.S. Tezer <ostezer@gmail.com>
+ohmystack <jun.jiang02@ele.me>
+Olle Jonsson <olle.jonsson@gmail.com>
+Olli Janatuinen <olli.janatuinen@gmail.com>
+Otto Kekäläinen <otto@seravo.fi>
+Ovidio Mallo <ovidio.mallo@gmail.com>
+Pascal Borreli <pascal@borreli.com>
+Patrick Böänziger <patrick.baenziger@bsi-software.com>
+Patrick Hemmer <patrick.hemmer@gmail.com>
+Patrick Lang <plang@microsoft.com>
+Paul <paul9869@gmail.com>
+Paul Kehrer <paul.l.kehrer@gmail.com>
+Paul Lietar <paul@lietar.net>
+Paul Weaver <pauweave@cisco.com>
+Pavel Pospisil <pospispa@gmail.com>
+Paweł Szczekutowicz <pszczekutowicz@gmail.com>
+Peeyush Gupta <gpeeyush@linux.vnet.ibm.com>
+Per Lundberg <per.lundberg@ecraft.com>
+Peter Edge <peter.edge@gmail.com>
+Peter Hsu <shhsu@microsoft.com>
+Peter Jaffe <pjaffe@nevo.com>
+Peter Kehl <peter.kehl@gmail.com>
+Peter Nagy <xificurC@gmail.com>
+Peter Salvatore <peter@psftw.com>
+Peter Waller <p@pwaller.net>
+Phil Estes <estesp@linux.vnet.ibm.com>
+Philip Alexander Etling <paetling@gmail.com>
+Philipp Gillé <philipp.gille@gmail.com>
+Philipp Schmied <pschmied@schutzwerk.com>
+pidster <pid@pidster.com>
+pixelistik <pixelistik@users.noreply.github.com>
+Pratik Karki <prertik@outlook.com>
+Prayag Verma <prayag.verma@gmail.com>
+Preston Cowley <preston.cowley@sony.com>
+Pure White <daniel48@126.com>
+Qiang Huang <h.huangqiang@huawei.com>
+Qinglan Peng <qinglanpeng@zju.edu.cn>
+qudongfang <qudongfang@gmail.com>
+Raghavendra K T <raghavendra.kt@linux.vnet.ibm.com>
+Ravi Shekhar Jethani <rsjethani@gmail.com>
+Ray Tsang <rayt@google.com>
+Reficul <xuzhenglun@gmail.com>
+Remy Suen <remy.suen@gmail.com>
+Renaud Gaubert <rgaubert@nvidia.com>
+Ricardo N Feliciano <FelicianoTech@gmail.com>
+Rich Moyse <rich@moyse.us>
+Richard Mathie <richard.mathie@amey.co.uk>
+Richard Scothern <richard.scothern@gmail.com>
+Rick Wieman <git@rickw.nl>
+Ritesh H Shukla <sritesh@vmware.com>
+Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
+Robert Wallis <smilingrob@gmail.com>
+Robin Naundorf <r.naundorf@fh-muenster.de>
+Robin Speekenbrink <robin@kingsquare.nl>
+Rodolfo Ortiz <rodolfo.ortiz@definityfirst.com>
+Rogelio Canedo <rcanedo@mappy.priv>
+Rohan Verma <hello@rohanverma.net>
+Roland Kammerer <roland.kammerer@linbit.com>
+Roman Dudin <katrmr@gmail.com>
+Rory Hunter <roryhunter2@gmail.com>
+Ross Boucher <rboucher@gmail.com>
+Rubens Figueiredo <r.figueiredo.52@gmail.com>
+Rui Cao <ruicao@alauda.io>
+Ryan Belgrave <rmb1993@gmail.com>
+Ryan Detzel <ryan.detzel@gmail.com>
+Ryan Stelly <ryan.stelly@live.com>
+Ryan Wilson-Perkin <ryanwilsonperkin@gmail.com>
+Ryan Zhang <ryan.zhang@docker.com>
+Sainath Grandhi <sainath.grandhi@intel.com>
+Sakeven Jiang <jc5930@sina.cn>
+Sally O'Malley <somalley@redhat.com>
+Sam Neirinck <sam@samneirinck.com>
+Sambuddha Basu <sambuddhabasu1@gmail.com>
+Sami Tabet <salph.tabet@gmail.com>
+Samuel Karp <skarp@amazon.com>
+Santhosh Manohar <santhosh@docker.com>
+Scott Brenner <scott@scottbrenner.me>
+Scott Collier <emailscottcollier@gmail.com>
+Sean Christopherson <sean.j.christopherson@intel.com>
+Sean Rodman <srodman7689@gmail.com>
+Sebastiaan van Stijn <github@gone.nl>
+Sergey Tryuber <Sergeant007@users.noreply.github.com>
+Serhat Gülçiçek <serhat25@gmail.com>
+Sevki Hasirci <s@sevki.org>
+Shaun Kaasten <shaunk@gmail.com>
+Sheng Yang <sheng@yasker.org>
+Shijiang Wei <mountkin@gmail.com>
+Shishir Mahajan <shishir.mahajan@redhat.com>
+Shoubhik Bose <sbose78@gmail.com>
+Shukui Yang <yangshukui@huawei.com>
+Sian Lerk Lau <kiawin@gmail.com>
+Sidhartha Mani <sidharthamn@gmail.com>
+sidharthamani <sid@rancher.com>
+Silvin Lubecki <silvin.lubecki@docker.com>
+Simei He <hesimei@zju.edu.cn>
+Simon Ferquel <simon.ferquel@docker.com>
+Sindhu S <sindhus@live.in>
+Slava Semushin <semushin@redhat.com>
+Solomon Hykes <solomon@docker.com>
+Song Gao <song@gao.io>
+Spencer Brown <spencer@spencerbrown.org>
+squeegels <1674195+squeegels@users.noreply.github.com>
+Srini Brahmaroutu <srbrahma@us.ibm.com>
+Stefan S. <tronicum@user.github.com>
+Stefan Scherer <stefan.scherer@docker.com>
+Stefan Weil <sw@weilnetz.de>
+Stephane Jeandeaux <stephane.jeandeaux@gmail.com>
+Stephen Day <stevvooe@gmail.com>
+Stephen Rust <srust@blockbridge.com>
+Steve Durrheimer <s.durrheimer@gmail.com>
+Steve Richards <steve.richards@docker.com>
+Steven Burgess <steven.a.burgess@hotmail.com>
+Subhajit Ghosh <isubuz.g@gmail.com>
+Sun Jianbo <wonderflow.sun@gmail.com>
+Sune Keller <absukl@almbrand.dk>
+Sungwon Han <sungwon.han@navercorp.com>
+Sunny Gogoi <indiasuny000@gmail.com>
+Sven Dowideit <SvenDowideit@home.org.au>
+Sylvain Baubeau <sbaubeau@redhat.com>
+Sébastien HOUZÉ <cto@verylastroom.com>
+T K Sourabh <sourabhtk37@gmail.com>
+TAGOMORI Satoshi <tagomoris@gmail.com>
+taiji-tech <csuhqg@foxmail.com>
+Taylor Jones <monitorjbl@gmail.com>
+Tejaswini Duggaraju <naduggar@microsoft.com>
+Thatcher Peskens <thatcher@docker.com>
+Thomas Gazagnaire <thomas@gazagnaire.org>
+Thomas Krzero <thomas.kovatchitch@gmail.com>
+Thomas Leonard <thomas.leonard@docker.com>
+Thomas Léveil <thomasleveil@gmail.com>
+Thomas Riccardi <thomas@deepomatic.com>
+Thomas Swift <tgs242@gmail.com>
+Tianon Gravi <admwiggin@gmail.com>
+Tianyi Wang <capkurmagati@gmail.com>
+Tibor Vass <teabee89@gmail.com>
+Tim Dettrick <t.dettrick@uq.edu.au>
+Tim Hockin <thockin@google.com>
+Tim Smith <timbot@google.com>
+Tim Waugh <twaugh@redhat.com>
+Tim Wraight <tim.wraight@tangentlabs.co.uk>
+timfeirg <kkcocogogo@gmail.com>
+Timothy Hobbs <timothyhobbs@seznam.cz>
+Tobias Bradtke <webwurst@gmail.com>
+Tobias Gesellchen <tobias@gesellix.de>
+Todd Whiteman <todd.whiteman@joyent.com>
+Tom Denham <tom@tomdee.co.uk>
+Tom Fotherby <tom+github@peopleperhour.com>
+Tom Klingenberg <tklingenberg@lastflood.net>
+Tom Milligan <code@tommilligan.net>
+Tom X. Tobin <tomxtobin@tomxtobin.com>
+Tomas Tomecek <ttomecek@redhat.com>
+Tomasz Kopczynski <tomek@kopczynski.net.pl>
+Tomáš Hrčka <thrcka@redhat.com>
+Tony Abboud <tdabboud@hotmail.com>
+Tõnis Tiigi <tonistiigi@gmail.com>
+Trapier Marshall <trapier.marshall@docker.com>
+Travis Cline <travis.cline@gmail.com>
+Tristan Carel <tristan@cogniteev.com>
+Tycho Andersen <tycho@docker.com>
+Tycho Andersen <tycho@tycho.ws>
+uhayate <uhayate.gong@daocloud.io>
+Ulysses Souza <ulysses.souza@docker.com>
+Umesh Yadav <umesh4257@gmail.com>
+Valentin Lorentz <progval+git@progval.net>
+Veres Lajos <vlajos@gmail.com>
+Victor Vieux <victor.vieux@docker.com>
+Victoria Bialas <victoria.bialas@docker.com>
+Viktor Stanchev <me@viktorstanchev.com>
+Vimal Raghubir <vraghubir0418@gmail.com>
+Vincent Batts <vbatts@redhat.com>
+Vincent Bernat <Vincent.Bernat@exoscale.ch>
+Vincent Demeester <vincent.demeester@docker.com>
+Vincent Woo <me@vincentwoo.com>
+Vishnu Kannan <vishnuk@google.com>
+Vivek Goyal <vgoyal@redhat.com>
+Wang Jie <wangjie5@chinaskycloud.com>
+Wang Lei <wanglei@tenxcloud.com>
+Wang Long <long.wanglong@huawei.com>
+Wang Ping <present.wp@icloud.com>
+Wang Xing <hzwangxing@corp.netease.com>
+Wang Yuexiao <wang.yuexiao@zte.com.cn>
+Wataru Ishida <ishida.wataru@lab.ntt.co.jp>
+Wayne Song <wsong@docker.com>
+Wen Cheng Ma <wenchma@cn.ibm.com>
+Wenzhi Liang <wenzhi.liang@gmail.com>
+Wes Morgan <cap10morgan@gmail.com>
+Wewang Xiaorenfine <wang.xiaoren@zte.com.cn>
+William Henry <whenry@redhat.com>
+Xianglin Gao <xlgao@zju.edu.cn>
+Xiaodong Zhang <a4012017@sina.com>
+Xiaoxi He <xxhe@alauda.io>
+Xinbo Weng <xihuanbo_0521@zju.edu.cn>
+Xuecong Liao <satorulogic@gmail.com>
+Yan Feng <yanfeng2@huawei.com>
+Yanqiang Miao <miao.yanqiang@zte.com.cn>
+Yassine Tijani <yasstij11@gmail.com>
+Yi EungJun <eungjun.yi@navercorp.com>
+Ying Li <ying.li@docker.com>
+Yong Tang <yong.tang.github@outlook.com>
+Yosef Fertel <yfertel@gmail.com>
+Yu Peng <yu.peng36@zte.com.cn>
+Yuan Sun <sunyuan3@huawei.com>
+Yue Zhang <zy675793960@yeah.net>
+Yunxiang Huang <hyxqshk@vip.qq.com>
+Zachary Romero <zacromero3@gmail.com>
+Zander Mackie <zmackie@gmail.com>
+zebrilee <zebrilee@gmail.com>
+Zhang Kun <zkazure@gmail.com>
+Zhang Wei <zhangwei555@huawei.com>
+Zhang Wentao <zhangwentao234@huawei.com>
+ZhangHang <stevezhang2014@gmail.com>
+zhenghenghuo <zhenghenghuo@zju.edu.cn>
+Zhou Hao <zhouhao@cn.fujitsu.com>
+Zhoulin Xie <zhoulin.xie@daocloud.io>
+Zhu Guihua <zhugh.fnst@cn.fujitsu.com>
+Álex González <agonzalezro@gmail.com>
+Álvaro Lázaro <alvaro.lazaro.g@gmail.com>
+Átila Camurça Alves <camurca.home@gmail.com>
+徐俊杰 <paco.xu@daocloud.io>
diff --git a/vendor/github.com/docker/cli/LICENSE b/vendor/github.com/docker/cli/LICENSE
new file mode 100644
index 00000000..9c8e20ab
--- /dev/null
+++ b/vendor/github.com/docker/cli/LICENSE
@@ -0,0 +1,191 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        https://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   Copyright 2013-2017 Docker, Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       https://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/vendor/github.com/docker/cli/NOTICE b/vendor/github.com/docker/cli/NOTICE
new file mode 100644
index 00000000..58b19b6d
--- /dev/null
+++ b/vendor/github.com/docker/cli/NOTICE
@@ -0,0 +1,19 @@
+Docker
+Copyright 2012-2017 Docker, Inc.
+
+This product includes software developed at Docker, Inc. (https://www.docker.com).
+
+This product contains software (https://github.com/creack/pty) developed
+by Keith Rarick, licensed under the MIT License.
+
+The following is courtesy of our legal counsel:
+
+
+Use and transfer of Docker may be subject to certain restrictions by the
+United States and other governments.
+It is your responsibility to ensure that your use and/or transfer does not
+violate applicable laws.
+
+For more information, please see https://www.bis.doc.gov
+
+See also https://www.apache.org/dev/crypto.html and/or seek legal counsel.
diff --git a/vendor/github.com/docker/cli/cli/config/config.go b/vendor/github.com/docker/cli/cli/config/config.go
new file mode 100644
index 00000000..6e4d73df
--- /dev/null
+++ b/vendor/github.com/docker/cli/cli/config/config.go
@@ -0,0 +1,140 @@
+package config
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/cli/cli/config/configfile"
+	"github.com/docker/cli/cli/config/credentials"
+	"github.com/docker/cli/cli/config/types"
+	"github.com/docker/docker/pkg/homedir"
+	"github.com/pkg/errors"
+)
+
+const (
+	// ConfigFileName is the name of config file
+	ConfigFileName = "config.json"
+	configFileDir  = ".docker"
+	oldConfigfile  = ".dockercfg"
+	contextsDir    = "contexts"
+)
+
+var (
+	configDir = os.Getenv("DOCKER_CONFIG")
+)
+
+func init() {
+	if configDir == "" {
+		configDir = filepath.Join(homedir.Get(), configFileDir)
+	}
+}
+
+// Dir returns the directory the configuration file is stored in
+func Dir() string {
+	return configDir
+}
+
+// ContextStoreDir returns the directory the docker contexts are stored in
+func ContextStoreDir() string {
+	return filepath.Join(Dir(), contextsDir)
+}
+
+// SetDir sets the directory the configuration file is stored in
+func SetDir(dir string) {
+	configDir = filepath.Clean(dir)
+}
+
+// Path returns the path to a file relative to the config dir
+func Path(p ...string) (string, error) {
+	path := filepath.Join(append([]string{Dir()}, p...)...)
+	if !strings.HasPrefix(path, Dir()+string(filepath.Separator)) {
+		return "", errors.Errorf("path %q is outside of root config directory %q", path, Dir())
+	}
+	return path, nil
+}
+
+// LegacyLoadFromReader is a convenience function that creates a ConfigFile object from
+// a non-nested reader
+func LegacyLoadFromReader(configData io.Reader) (*configfile.ConfigFile, error) {
+	configFile := configfile.ConfigFile{
+		AuthConfigs: make(map[string]types.AuthConfig),
+	}
+	err := configFile.LegacyLoadFromReader(configData)
+	return &configFile, err
+}
+
+// LoadFromReader is a convenience function that creates a ConfigFile object from
+// a reader
+func LoadFromReader(configData io.Reader) (*configfile.ConfigFile, error) {
+	configFile := configfile.ConfigFile{
+		AuthConfigs: make(map[string]types.AuthConfig),
+	}
+	err := configFile.LoadFromReader(configData)
+	return &configFile, err
+}
+
+// Load reads the configuration files in the given directory, and sets up
+// the auth config information and returns values.
+// FIXME: use the internal golang config parser
+func Load(configDir string) (*configfile.ConfigFile, error) {
+	if configDir == "" {
+		configDir = Dir()
+	}
+
+	filename := filepath.Join(configDir, ConfigFileName)
+	configFile := configfile.New(filename)
+
+	// Try happy path first - latest config file
+	if _, err := os.Stat(filename); err == nil {
+		file, err := os.Open(filename)
+		if err != nil {
+			return configFile, errors.Wrap(err, filename)
+		}
+		defer file.Close()
+		err = configFile.LoadFromReader(file)
+		if err != nil {
+			err = errors.Wrap(err, filename)
+		}
+		return configFile, err
+	} else if !os.IsNotExist(err) {
+		// if file is there but we can't stat it for any reason other
+		// than it doesn't exist then stop
+		return configFile, errors.Wrap(err, filename)
+	}
+
+	// Can't find latest config file so check for the old one
+	homedir, err := os.UserHomeDir()
+	if err != nil {
+		return configFile, errors.Wrap(err, oldConfigfile)
+	}
+	confFile := filepath.Join(homedir, oldConfigfile)
+	if _, err := os.Stat(confFile); err != nil {
+		return configFile, nil // missing file is not an error
+	}
+	file, err := os.Open(confFile)
+	if err != nil {
+		return configFile, errors.Wrap(err, filename)
+	}
+	defer file.Close()
+	err = configFile.LegacyLoadFromReader(file)
+	if err != nil {
+		return configFile, errors.Wrap(err, filename)
+	}
+	return configFile, nil
+}
+
+// LoadDefaultConfigFile attempts to load the default config file and returns
+// an initialized ConfigFile struct if none is found.
+func LoadDefaultConfigFile(stderr io.Writer) *configfile.ConfigFile {
+	configFile, err := Load(Dir())
+	if err != nil {
+		fmt.Fprintf(stderr, "WARNING: Error loading config file: %v\n", err)
+	}
+	if !configFile.ContainsAuth() {
+		configFile.CredentialsStore = credentials.DetectDefaultStore(configFile.CredentialsStore)
+	}
+	return configFile
+}
diff --git a/vendor/github.com/docker/cli/cli/config/configfile/file.go b/vendor/github.com/docker/cli/cli/config/configfile/file.go
new file mode 100644
index 00000000..a4e97a5c
--- /dev/null
+++ b/vendor/github.com/docker/cli/cli/config/configfile/file.go
@@ -0,0 +1,390 @@
+package configfile
+
+import (
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/docker/cli/cli/config/credentials"
+	"github.com/docker/cli/cli/config/types"
+	"github.com/pkg/errors"
+)
+
+const (
+	// This constant is only used for really old config files when the
+	// URL wasn't saved as part of the config file and it was just
+	// assumed to be this value.
+	defaultIndexServer = "https://index.docker.io/v1/"
+)
+
+// ConfigFile ~/.docker/config.json file info
+type ConfigFile struct {
+	AuthConfigs          map[string]types.AuthConfig  `json:"auths"`
+	HTTPHeaders          map[string]string            `json:"HttpHeaders,omitempty"`
+	PsFormat             string                       `json:"psFormat,omitempty"`
+	ImagesFormat         string                       `json:"imagesFormat,omitempty"`
+	NetworksFormat       string                       `json:"networksFormat,omitempty"`
+	PluginsFormat        string                       `json:"pluginsFormat,omitempty"`
+	VolumesFormat        string                       `json:"volumesFormat,omitempty"`
+	StatsFormat          string                       `json:"statsFormat,omitempty"`
+	DetachKeys           string                       `json:"detachKeys,omitempty"`
+	CredentialsStore     string                       `json:"credsStore,omitempty"`
+	CredentialHelpers    map[string]string            `json:"credHelpers,omitempty"`
+	Filename             string                       `json:"-"` // Note: for internal use only
+	ServiceInspectFormat string                       `json:"serviceInspectFormat,omitempty"`
+	ServicesFormat       string                       `json:"servicesFormat,omitempty"`
+	TasksFormat          string                       `json:"tasksFormat,omitempty"`
+	SecretFormat         string                       `json:"secretFormat,omitempty"`
+	ConfigFormat         string                       `json:"configFormat,omitempty"`
+	NodesFormat          string                       `json:"nodesFormat,omitempty"`
+	PruneFilters         []string                     `json:"pruneFilters,omitempty"`
+	Proxies              map[string]ProxyConfig       `json:"proxies,omitempty"`
+	Experimental         string                       `json:"experimental,omitempty"`
+	StackOrchestrator    string                       `json:"stackOrchestrator,omitempty"`
+	Kubernetes           *KubernetesConfig            `json:"kubernetes,omitempty"`
+	CurrentContext       string                       `json:"currentContext,omitempty"`
+	CLIPluginsExtraDirs  []string                     `json:"cliPluginsExtraDirs,omitempty"`
+	Plugins              map[string]map[string]string `json:"plugins,omitempty"`
+	Aliases              map[string]string            `json:"aliases,omitempty"`
+}
+
+// ProxyConfig contains proxy configuration settings
+type ProxyConfig struct {
+	HTTPProxy  string `json:"httpProxy,omitempty"`
+	HTTPSProxy string `json:"httpsProxy,omitempty"`
+	NoProxy    string `json:"noProxy,omitempty"`
+	FTPProxy   string `json:"ftpProxy,omitempty"`
+}
+
+// KubernetesConfig contains Kubernetes orchestrator settings
+type KubernetesConfig struct {
+	AllNamespaces string `json:"allNamespaces,omitempty"`
+}
+
+// New initializes an empty configuration file for the given filename 'fn'
+func New(fn string) *ConfigFile {
+	return &ConfigFile{
+		AuthConfigs: make(map[string]types.AuthConfig),
+		HTTPHeaders: make(map[string]string),
+		Filename:    fn,
+		Plugins:     make(map[string]map[string]string),
+		Aliases:     make(map[string]string),
+	}
+}
+
+// LegacyLoadFromReader reads the non-nested configuration data given and sets up the
+// auth config information with given directory and populates the receiver object
+func (configFile *ConfigFile) LegacyLoadFromReader(configData io.Reader) error {
+	b, err := ioutil.ReadAll(configData)
+	if err != nil {
+		return err
+	}
+
+	if err := json.Unmarshal(b, &configFile.AuthConfigs); err != nil {
+		arr := strings.Split(string(b), "\n")
+		if len(arr) < 2 {
+			return errors.Errorf("The Auth config file is empty")
+		}
+		authConfig := types.AuthConfig{}
+		origAuth := strings.Split(arr[0], " = ")
+		if len(origAuth) != 2 {
+			return errors.Errorf("Invalid Auth config file")
+		}
+		authConfig.Username, authConfig.Password, err = decodeAuth(origAuth[1])
+		if err != nil {
+			return err
+		}
+		authConfig.ServerAddress = defaultIndexServer
+		configFile.AuthConfigs[defaultIndexServer] = authConfig
+	} else {
+		for k, authConfig := range configFile.AuthConfigs {
+			authConfig.Username, authConfig.Password, err = decodeAuth(authConfig.Auth)
+			if err != nil {
+				return err
+			}
+			authConfig.Auth = ""
+			authConfig.ServerAddress = k
+			configFile.AuthConfigs[k] = authConfig
+		}
+	}
+	return nil
+}
+
+// LoadFromReader reads the configuration data given and sets up the auth config
+// information with given directory and populates the receiver object
+func (configFile *ConfigFile) LoadFromReader(configData io.Reader) error {
+	if err := json.NewDecoder(configData).Decode(&configFile); err != nil {
+		return err
+	}
+	var err error
+	for addr, ac := range configFile.AuthConfigs {
+		if ac.Auth != "" {
+			ac.Username, ac.Password, err = decodeAuth(ac.Auth)
+			if err != nil {
+				return err
+			}
+		}
+		ac.Auth = ""
+		ac.ServerAddress = addr
+		configFile.AuthConfigs[addr] = ac
+	}
+	return checkKubernetesConfiguration(configFile.Kubernetes)
+}
+
+// ContainsAuth returns whether there is authentication configured
+// in this file or not.
+func (configFile *ConfigFile) ContainsAuth() bool {
+	return configFile.CredentialsStore != "" ||
+		len(configFile.CredentialHelpers) > 0 ||
+		len(configFile.AuthConfigs) > 0
+}
+
+// GetAuthConfigs returns the mapping of repo to auth configuration
+func (configFile *ConfigFile) GetAuthConfigs() map[string]types.AuthConfig {
+	return configFile.AuthConfigs
+}
+
+// SaveToWriter encodes and writes out all the authorization information to
+// the given writer
+func (configFile *ConfigFile) SaveToWriter(writer io.Writer) error {
+	// Encode sensitive data into a new/temp struct
+	tmpAuthConfigs := make(map[string]types.AuthConfig, len(configFile.AuthConfigs))
+	for k, authConfig := range configFile.AuthConfigs {
+		authCopy := authConfig
+		// encode and save the authstring, while blanking out the original fields
+		authCopy.Auth = encodeAuth(&authCopy)
+		authCopy.Username = ""
+		authCopy.Password = ""
+		authCopy.ServerAddress = ""
+		tmpAuthConfigs[k] = authCopy
+	}
+
+	saveAuthConfigs := configFile.AuthConfigs
+	configFile.AuthConfigs = tmpAuthConfigs
+	defer func() { configFile.AuthConfigs = saveAuthConfigs }()
+
+	data, err := json.MarshalIndent(configFile, "", "\t")
+	if err != nil {
+		return err
+	}
+	_, err = writer.Write(data)
+	return err
+}
+
+// Save encodes and writes out all the authorization information
+func (configFile *ConfigFile) Save() error {
+	if configFile.Filename == "" {
+		return errors.Errorf("Can't save config with empty filename")
+	}
+
+	dir := filepath.Dir(configFile.Filename)
+	if err := os.MkdirAll(dir, 0700); err != nil {
+		return err
+	}
+	temp, err := ioutil.TempFile(dir, filepath.Base(configFile.Filename))
+	if err != nil {
+		return err
+	}
+	err = configFile.SaveToWriter(temp)
+	temp.Close()
+	if err != nil {
+		os.Remove(temp.Name())
+		return err
+	}
+	// Try copying the current config file (if any) ownership and permissions
+	copyFilePermissions(configFile.Filename, temp.Name())
+
+	return os.Rename(temp.Name(), configFile.Filename)
+}
+
+// ParseProxyConfig computes proxy configuration by retrieving the config for the provided host and
+// then checking this against any environment variables provided to the container
+func (configFile *ConfigFile) ParseProxyConfig(host string, runOpts map[string]*string) map[string]*string {
+	var cfgKey string
+
+	if _, ok := configFile.Proxies[host]; !ok {
+		cfgKey = "default"
+	} else {
+		cfgKey = host
+	}
+
+	config := configFile.Proxies[cfgKey]
+	permitted := map[string]*string{
+		"HTTP_PROXY":  &config.HTTPProxy,
+		"HTTPS_PROXY": &config.HTTPSProxy,
+		"NO_PROXY":    &config.NoProxy,
+		"FTP_PROXY":   &config.FTPProxy,
+	}
+	m := runOpts
+	if m == nil {
+		m = make(map[string]*string)
+	}
+	for k := range permitted {
+		if *permitted[k] == "" {
+			continue
+		}
+		if _, ok := m[k]; !ok {
+			m[k] = permitted[k]
+		}
+		if _, ok := m[strings.ToLower(k)]; !ok {
+			m[strings.ToLower(k)] = permitted[k]
+		}
+	}
+	return m
+}
+
+// encodeAuth creates a base64 encoded string to containing authorization information
+func encodeAuth(authConfig *types.AuthConfig) string {
+	if authConfig.Username == "" && authConfig.Password == "" {
+		return ""
+	}
+
+	authStr := authConfig.Username + ":" + authConfig.Password
+	msg := []byte(authStr)
+	encoded := make([]byte, base64.StdEncoding.EncodedLen(len(msg)))
+	base64.StdEncoding.Encode(encoded, msg)
+	return string(encoded)
+}
+
+// decodeAuth decodes a base64 encoded string and returns username and password
+func decodeAuth(authStr string) (string, string, error) {
+	if authStr == "" {
+		return "", "", nil
+	}
+
+	decLen := base64.StdEncoding.DecodedLen(len(authStr))
+	decoded := make([]byte, decLen)
+	authByte := []byte(authStr)
+	n, err := base64.StdEncoding.Decode(decoded, authByte)
+	if err != nil {
+		return "", "", err
+	}
+	if n > decLen {
+		return "", "", errors.Errorf("Something went wrong decoding auth config")
+	}
+	arr := strings.SplitN(string(decoded), ":", 2)
+	if len(arr) != 2 {
+		return "", "", errors.Errorf("Invalid auth configuration file")
+	}
+	password := strings.Trim(arr[1], "\x00")
+	return arr[0], password, nil
+}
+
+// GetCredentialsStore returns a new credentials store from the settings in the
+// configuration file
+func (configFile *ConfigFile) GetCredentialsStore(registryHostname string) credentials.Store {
+	if helper := getConfiguredCredentialStore(configFile, registryHostname); helper != "" {
+		return newNativeStore(configFile, helper)
+	}
+	return credentials.NewFileStore(configFile)
+}
+
+// var for unit testing.
+var newNativeStore = func(configFile *ConfigFile, helperSuffix string) credentials.Store {
+	return credentials.NewNativeStore(configFile, helperSuffix)
+}
+
+// GetAuthConfig for a repository from the credential store
+func (configFile *ConfigFile) GetAuthConfig(registryHostname string) (types.AuthConfig, error) {
+	return configFile.GetCredentialsStore(registryHostname).Get(registryHostname)
+}
+
+// getConfiguredCredentialStore returns the credential helper configured for the
+// given registry, the default credsStore, or the empty string if neither are
+// configured.
+func getConfiguredCredentialStore(c *ConfigFile, registryHostname string) string {
+	if c.CredentialHelpers != nil && registryHostname != "" {
+		if helper, exists := c.CredentialHelpers[registryHostname]; exists {
+			return helper
+		}
+	}
+	return c.CredentialsStore
+}
+
+// GetAllCredentials returns all of the credentials stored in all of the
+// configured credential stores.
+func (configFile *ConfigFile) GetAllCredentials() (map[string]types.AuthConfig, error) {
+	auths := make(map[string]types.AuthConfig)
+	addAll := func(from map[string]types.AuthConfig) {
+		for reg, ac := range from {
+			auths[reg] = ac
+		}
+	}
+
+	defaultStore := configFile.GetCredentialsStore("")
+	newAuths, err := defaultStore.GetAll()
+	if err != nil {
+		return nil, err
+	}
+	addAll(newAuths)
+
+	// Auth configs from a registry-specific helper should override those from the default store.
+	for registryHostname := range configFile.CredentialHelpers {
+		newAuth, err := configFile.GetAuthConfig(registryHostname)
+		if err != nil {
+			return nil, err
+		}
+		auths[registryHostname] = newAuth
+	}
+	return auths, nil
+}
+
+// GetFilename returns the file name that this config file is based on.
+func (configFile *ConfigFile) GetFilename() string {
+	return configFile.Filename
+}
+
+// PluginConfig retrieves the requested option for the given plugin.
+func (configFile *ConfigFile) PluginConfig(pluginname, option string) (string, bool) {
+	if configFile.Plugins == nil {
+		return "", false
+	}
+	pluginConfig, ok := configFile.Plugins[pluginname]
+	if !ok {
+		return "", false
+	}
+	value, ok := pluginConfig[option]
+	return value, ok
+}
+
+// SetPluginConfig sets the option to the given value for the given
+// plugin. Passing a value of "" will remove the option. If removing
+// the final config item for a given plugin then also cleans up the
+// overall plugin entry.
+func (configFile *ConfigFile) SetPluginConfig(pluginname, option, value string) {
+	if configFile.Plugins == nil {
+		configFile.Plugins = make(map[string]map[string]string)
+	}
+	pluginConfig, ok := configFile.Plugins[pluginname]
+	if !ok {
+		pluginConfig = make(map[string]string)
+		configFile.Plugins[pluginname] = pluginConfig
+	}
+	if value != "" {
+		pluginConfig[option] = value
+	} else {
+		delete(pluginConfig, option)
+	}
+	if len(pluginConfig) == 0 {
+		delete(configFile.Plugins, pluginname)
+	}
+}
+
+func checkKubernetesConfiguration(kubeConfig *KubernetesConfig) error {
+	if kubeConfig == nil {
+		return nil
+	}
+	switch kubeConfig.AllNamespaces {
+	case "":
+	case "enabled":
+	case "disabled":
+	default:
+		return fmt.Errorf("invalid 'kubernetes.allNamespaces' value, should be 'enabled' or 'disabled': %s", kubeConfig.AllNamespaces)
+	}
+	return nil
+}
diff --git a/vendor/github.com/docker/cli/cli/config/configfile/file_unix.go b/vendor/github.com/docker/cli/cli/config/configfile/file_unix.go
new file mode 100644
index 00000000..3ca65c61
--- /dev/null
+++ b/vendor/github.com/docker/cli/cli/config/configfile/file_unix.go
@@ -0,0 +1,35 @@
+// +build !windows
+
+package configfile
+
+import (
+	"os"
+	"syscall"
+)
+
+// copyFilePermissions copies file ownership and permissions from "src" to "dst",
+// ignoring any error during the process.
+func copyFilePermissions(src, dst string) {
+	var (
+		mode     os.FileMode = 0600
+		uid, gid int
+	)
+
+	fi, err := os.Stat(src)
+	if err != nil {
+		return
+	}
+	if fi.Mode().IsRegular() {
+		mode = fi.Mode()
+	}
+	if err := os.Chmod(dst, mode); err != nil {
+		return
+	}
+
+	uid = int(fi.Sys().(*syscall.Stat_t).Uid)
+	gid = int(fi.Sys().(*syscall.Stat_t).Gid)
+
+	if uid > 0 && gid > 0 {
+		_ = os.Chown(dst, uid, gid)
+	}
+}
diff --git a/vendor/github.com/docker/cli/cli/config/configfile/file_windows.go b/vendor/github.com/docker/cli/cli/config/configfile/file_windows.go
new file mode 100644
index 00000000..42fffc39
--- /dev/null
+++ b/vendor/github.com/docker/cli/cli/config/configfile/file_windows.go
@@ -0,0 +1,5 @@
+package configfile
+
+func copyFilePermissions(src, dst string) {
+	// TODO implement for Windows
+}
diff --git a/vendor/github.com/docker/cli/cli/config/credentials/credentials.go b/vendor/github.com/docker/cli/cli/config/credentials/credentials.go
new file mode 100644
index 00000000..28d58ec4
--- /dev/null
+++ b/vendor/github.com/docker/cli/cli/config/credentials/credentials.go
@@ -0,0 +1,17 @@
+package credentials
+
+import (
+	"github.com/docker/cli/cli/config/types"
+)
+
+// Store is the interface that any credentials store must implement.
+type Store interface {
+	// Erase removes credentials from the store for a given server.
+	Erase(serverAddress string) error
+	// Get retrieves credentials from the store for a given server.
+	Get(serverAddress string) (types.AuthConfig, error)
+	// GetAll retrieves all the credentials from the store.
+	GetAll() (map[string]types.AuthConfig, error)
+	// Store saves credentials in the store.
+	Store(authConfig types.AuthConfig) error
+}
diff --git a/vendor/github.com/docker/cli/cli/config/credentials/default_store.go b/vendor/github.com/docker/cli/cli/config/credentials/default_store.go
new file mode 100644
index 00000000..7a760f1a
--- /dev/null
+++ b/vendor/github.com/docker/cli/cli/config/credentials/default_store.go
@@ -0,0 +1,21 @@
+package credentials
+
+import (
+	"os/exec"
+)
+
+// DetectDefaultStore return the default credentials store for the platform if
+// the store executable is available.
+func DetectDefaultStore(store string) string {
+	platformDefault := defaultCredentialsStore()
+
+	// user defined or no default for platform
+	if store != "" || platformDefault == "" {
+		return store
+	}
+
+	if _, err := exec.LookPath(remoteCredentialsPrefix + platformDefault); err == nil {
+		return platformDefault
+	}
+	return ""
+}
diff --git a/vendor/github.com/docker/cli/cli/config/credentials/default_store_darwin.go b/vendor/github.com/docker/cli/cli/config/credentials/default_store_darwin.go
new file mode 100644
index 00000000..5d42dec6
--- /dev/null
+++ b/vendor/github.com/docker/cli/cli/config/credentials/default_store_darwin.go
@@ -0,0 +1,5 @@
+package credentials
+
+func defaultCredentialsStore() string {
+	return "osxkeychain"
+}
diff --git a/vendor/github.com/docker/cli/cli/config/credentials/default_store_linux.go b/vendor/github.com/docker/cli/cli/config/credentials/default_store_linux.go
new file mode 100644
index 00000000..a9012c6d
--- /dev/null
+++ b/vendor/github.com/docker/cli/cli/config/credentials/default_store_linux.go
@@ -0,0 +1,13 @@
+package credentials
+
+import (
+	"os/exec"
+)
+
+func defaultCredentialsStore() string {
+	if _, err := exec.LookPath("pass"); err == nil {
+		return "pass"
+	}
+
+	return "secretservice"
+}
diff --git a/vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go b/vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go
new file mode 100644
index 00000000..3028168a
--- /dev/null
+++ b/vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go
@@ -0,0 +1,7 @@
+// +build !windows,!darwin,!linux
+
+package credentials
+
+func defaultCredentialsStore() string {
+	return ""
+}
diff --git a/vendor/github.com/docker/cli/cli/config/credentials/default_store_windows.go b/vendor/github.com/docker/cli/cli/config/credentials/default_store_windows.go
new file mode 100644
index 00000000..bb799ca6
--- /dev/null
+++ b/vendor/github.com/docker/cli/cli/config/credentials/default_store_windows.go
@@ -0,0 +1,5 @@
+package credentials
+
+func defaultCredentialsStore() string {
+	return "wincred"
+}
diff --git a/vendor/github.com/docker/cli/cli/config/credentials/file_store.go b/vendor/github.com/docker/cli/cli/config/credentials/file_store.go
new file mode 100644
index 00000000..e509820b
--- /dev/null
+++ b/vendor/github.com/docker/cli/cli/config/credentials/file_store.go
@@ -0,0 +1,81 @@
+package credentials
+
+import (
+	"strings"
+
+	"github.com/docker/cli/cli/config/types"
+)
+
+type store interface {
+	Save() error
+	GetAuthConfigs() map[string]types.AuthConfig
+	GetFilename() string
+}
+
+// fileStore implements a credentials store using
+// the docker configuration file to keep the credentials in plain text.
+type fileStore struct {
+	file store
+}
+
+// NewFileStore creates a new file credentials store.
+func NewFileStore(file store) Store {
+	return &fileStore{file: file}
+}
+
+// Erase removes the given credentials from the file store.
+func (c *fileStore) Erase(serverAddress string) error {
+	delete(c.file.GetAuthConfigs(), serverAddress)
+	return c.file.Save()
+}
+
+// Get retrieves credentials for a specific server from the file store.
+func (c *fileStore) Get(serverAddress string) (types.AuthConfig, error) {
+	authConfig, ok := c.file.GetAuthConfigs()[serverAddress]
+	if !ok {
+		// Maybe they have a legacy config file, we will iterate the keys converting
+		// them to the new format and testing
+		for r, ac := range c.file.GetAuthConfigs() {
+			if serverAddress == ConvertToHostname(r) {
+				return ac, nil
+			}
+		}
+
+		authConfig = types.AuthConfig{}
+	}
+	return authConfig, nil
+}
+
+func (c *fileStore) GetAll() (map[string]types.AuthConfig, error) {
+	return c.file.GetAuthConfigs(), nil
+}
+
+// Store saves the given credentials in the file store.
+func (c *fileStore) Store(authConfig types.AuthConfig) error {
+	c.file.GetAuthConfigs()[authConfig.ServerAddress] = authConfig
+	return c.file.Save()
+}
+
+func (c *fileStore) GetFilename() string {
+	return c.file.GetFilename()
+}
+
+func (c *fileStore) IsFileStore() bool {
+	return true
+}
+
+// ConvertToHostname converts a registry url which has http|https prepended
+// to just an hostname.
+// Copied from github.com/docker/docker/registry.ConvertToHostname to reduce dependencies.
+func ConvertToHostname(url string) string {
+	stripped := url
+	if strings.HasPrefix(url, "http://") {
+		stripped = strings.TrimPrefix(url, "http://")
+	} else if strings.HasPrefix(url, "https://") {
+		stripped = strings.TrimPrefix(url, "https://")
+	}
+
+	nameParts := strings.SplitN(stripped, "/", 2)
+
+	return nameParts[0]
+}
diff --git a/vendor/github.com/docker/cli/cli/config/credentials/native_store.go b/vendor/github.com/docker/cli/cli/config/credentials/native_store.go
new file mode 100644
index 00000000..afe542cc
--- /dev/null
+++ b/vendor/github.com/docker/cli/cli/config/credentials/native_store.go
@@ -0,0 +1,143 @@
+package credentials
+
+import (
+	"github.com/docker/cli/cli/config/types"
+	"github.com/docker/docker-credential-helpers/client"
+	"github.com/docker/docker-credential-helpers/credentials"
+)
+
+const (
+	remoteCredentialsPrefix = "docker-credential-"
+	tokenUsername           = "<token>"
+)
+
+// nativeStore implements a credentials store
+// using native keychain to keep credentials secure.
+// It piggybacks into a file store to keep users' emails.
+type nativeStore struct {
+	programFunc client.ProgramFunc
+	fileStore   Store
+}
+
+// NewNativeStore creates a new native store that
+// uses a remote helper program to manage credentials.
+func NewNativeStore(file store, helperSuffix string) Store {
+	name := remoteCredentialsPrefix + helperSuffix
+	return &nativeStore{
+		programFunc: client.NewShellProgramFunc(name),
+		fileStore:   NewFileStore(file),
+	}
+}
+
+// Erase removes the given credentials from the native store.
+func (c *nativeStore) Erase(serverAddress string) error {
+	if err := client.Erase(c.programFunc, serverAddress); err != nil {
+		return err
+	}
+
+	// Fallback to plain text store to remove email
+	return c.fileStore.Erase(serverAddress)
+}
+
+// Get retrieves credentials for a specific server from the native store.
+func (c *nativeStore) Get(serverAddress string) (types.AuthConfig, error) {
+	// load user email if it exist or an empty auth config.
+	auth, _ := c.fileStore.Get(serverAddress)
+
+	creds, err := c.getCredentialsFromStore(serverAddress)
+	if err != nil {
+		return auth, err
+	}
+	auth.Username = creds.Username
+	auth.IdentityToken = creds.IdentityToken
+	auth.Password = creds.Password
+
+	return auth, nil
+}
+
+// GetAll retrieves all the credentials from the native store.
+func (c *nativeStore) GetAll() (map[string]types.AuthConfig, error) {
+	auths, err := c.listCredentialsInStore()
+	if err != nil {
+		return nil, err
+	}
+
+	// Emails are only stored in the file store.
+	// This call can be safely eliminated when emails are removed.
+	fileConfigs, _ := c.fileStore.GetAll()
+
+	authConfigs := make(map[string]types.AuthConfig)
+	for registry := range auths {
+		creds, err := c.getCredentialsFromStore(registry)
+		if err != nil {
+			return nil, err
+		}
+		ac := fileConfigs[registry] // might contain Email
+		ac.Username = creds.Username
+		ac.Password = creds.Password
+		ac.IdentityToken = creds.IdentityToken
+		authConfigs[registry] = ac
+	}
+
+	return authConfigs, nil
+}
+
+// Store saves the given credentials in the file store.
+func (c *nativeStore) Store(authConfig types.AuthConfig) error {
+	if err := c.storeCredentialsInStore(authConfig); err != nil {
+		return err
+	}
+	authConfig.Username = ""
+	authConfig.Password = ""
+	authConfig.IdentityToken = ""
+
+	// Fallback to old credential in plain text to save only the email
+	return c.fileStore.Store(authConfig)
+}
+
+// storeCredentialsInStore executes the command to store the credentials in the native store.
+func (c *nativeStore) storeCredentialsInStore(config types.AuthConfig) error {
+	creds := &credentials.Credentials{
+		ServerURL: config.ServerAddress,
+		Username:  config.Username,
+		Secret:    config.Password,
+	}
+
+	if config.IdentityToken != "" {
+		creds.Username = tokenUsername
+		creds.Secret = config.IdentityToken
+	}
+
+	return client.Store(c.programFunc, creds)
+}
+
+// getCredentialsFromStore executes the command to get the credentials from the native store.
+func (c *nativeStore) getCredentialsFromStore(serverAddress string) (types.AuthConfig, error) {
+	var ret types.AuthConfig
+
+	creds, err := client.Get(c.programFunc, serverAddress)
+	if err != nil {
+		if credentials.IsErrCredentialsNotFound(err) {
+			// do not return an error if the credentials are not
+			// in the keychain. Let docker ask for new credentials.
+			return ret, nil
+		}
+		return ret, err
+	}
+
+	if creds.Username == tokenUsername {
+		ret.IdentityToken = creds.Secret
+	} else {
+		ret.Password = creds.Secret
+		ret.Username = creds.Username
+	}
+
+	ret.ServerAddress = serverAddress
+	return ret, nil
+}
+
+// listCredentialsInStore returns a listing of stored credentials as a map of
+// URL -> username.
+func (c *nativeStore) listCredentialsInStore() (map[string]string, error) {
+	return client.List(c.programFunc)
+}
diff --git a/vendor/github.com/docker/cli/cli/config/types/authconfig.go b/vendor/github.com/docker/cli/cli/config/types/authconfig.go
new file mode 100644
index 00000000..056af6b8
--- /dev/null
+++ b/vendor/github.com/docker/cli/cli/config/types/authconfig.go
@@ -0,0 +1,22 @@
+package types
+
+// AuthConfig contains authorization information for connecting to a Registry
+type AuthConfig struct {
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty"`
+	Auth     string `json:"auth,omitempty"`
+
+	// Email is an optional value associated with the username.
+	// This field is deprecated and will be removed in a later
+	// version of docker.
+	Email string `json:"email,omitempty"`
+
+	ServerAddress string `json:"serveraddress,omitempty"`
+
+	// IdentityToken is used to authenticate the user and get
+	// an access token for the registry.
+	IdentityToken string `json:"identitytoken,omitempty"`
+
+	// RegistryToken is a bearer token to be sent to a registry
+	RegistryToken string `json:"registrytoken,omitempty"`
+}
diff --git a/vendor/github.com/docker/distribution/registry/client/auth/challenge/addr.go b/vendor/github.com/docker/distribution/registry/client/auth/challenge/addr.go
new file mode 100644
index 00000000..2c3ebe16
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/client/auth/challenge/addr.go
@@ -0,0 +1,27 @@
+package challenge
+
+import (
+	"net/url"
+	"strings"
+)
+
+// FROM: https://golang.org/src/net/http/http.go
+// Given a string of the form "host", "host:port", or "[ipv6::address]:port",
+// return true if the string includes a port.
+func hasPort(s string) bool { return strings.LastIndex(s, ":") > strings.LastIndex(s, "]") }
+
+// FROM: http://golang.org/src/net/http/transport.go
+var portMap = map[string]string{
+	"http":  "80",
+	"https": "443",
+}
+
+// canonicalAddr returns url.Host but always with a ":port" suffix
+// FROM: http://golang.org/src/net/http/transport.go
+func canonicalAddr(url *url.URL) string {
+	addr := url.Host
+	if !hasPort(addr) {
+		return addr + ":" + portMap[url.Scheme]
+	}
+	return addr
+}
diff --git a/vendor/github.com/docker/distribution/registry/client/auth/challenge/authchallenge.go b/vendor/github.com/docker/distribution/registry/client/auth/challenge/authchallenge.go
new file mode 100644
index 00000000..6e3f1ccc
--- /dev/null
+++ b/vendor/github.com/docker/distribution/registry/client/auth/challenge/authchallenge.go
@@ -0,0 +1,237 @@
+package challenge
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+	"sync"
+)
+
+// Challenge carries information from a WWW-Authenticate response header.
+// See RFC 2617.
+type Challenge struct {
+	// Scheme is the auth-scheme according to RFC 2617
+	Scheme string
+
+	// Parameters are the auth-params according to RFC 2617
+	Parameters map[string]string
+}
+
+// Manager manages the challenges for endpoints.
+// The challenges are pulled out of HTTP responses. Only
+// responses which expect challenges should be added to
+// the manager, since a non-unauthorized request will be
+// viewed as not requiring challenges.
+type Manager interface {
+	// GetChallenges returns the challenges for the given
+	// endpoint URL.
+	GetChallenges(endpoint url.URL) ([]Challenge, error)
+
+	// AddResponse adds the response to the challenge
+	// manager. The challenges will be parsed out of
+	// the WWW-Authenicate headers and added to the
+	// URL which was produced the response. If the
+	// response was authorized, any challenges for the
+	// endpoint will be cleared.
+	AddResponse(resp *http.Response) error
+}
+
+// NewSimpleManager returns an instance of
+// Manger which only maps endpoints to challenges
+// based on the responses which have been added the
+// manager. The simple manager will make no attempt to
+// perform requests on the endpoints or cache the responses
+// to a backend.
+func NewSimpleManager() Manager {
+	return &simpleManager{
+		Challenges: make(map[string][]Challenge),
+	}
+}
+
+type simpleManager struct {
+	sync.RWMutex
+	Challenges map[string][]Challenge
+}
+
+func normalizeURL(endpoint *url.URL) {
+	endpoint.Host = strings.ToLower(endpoint.Host)
+	endpoint.Host = canonicalAddr(endpoint)
+}
+
+func (m *simpleManager) GetChallenges(endpoint url.URL) ([]Challenge, error) {
+	normalizeURL(&endpoint)
+
+	m.RLock()
+	defer m.RUnlock()
+	challenges := m.Challenges[endpoint.String()]
+	return challenges, nil
+}
+
+func (m *simpleManager) AddResponse(resp *http.Response) error {
+	challenges := ResponseChallenges(resp)
+	if resp.Request == nil {
+		return fmt.Errorf("missing request reference")
+	}
+	urlCopy := url.URL{
+		Path:   resp.Request.URL.Path,
+		Host:   resp.Request.URL.Host,
+		Scheme: resp.Request.URL.Scheme,
+	}
+	normalizeURL(&urlCopy)
+
+	m.Lock()
+	defer m.Unlock()
+	m.Challenges[urlCopy.String()] = challenges
+	return nil
+}
+
+// Octet types from RFC 2616.
+type octetType byte
+
+var octetTypes [256]octetType
+
+const (
+	isToken octetType = 1 << iota
+	isSpace
+)
+
+func init() {
+	// OCTET      = <any 8-bit sequence of data>
+	// CHAR       = <any US-ASCII character (octets 0 - 127)>
+	// CTL        = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
+	// CR         = <US-ASCII CR, carriage return (13)>
+	// LF         = <US-ASCII LF, linefeed (10)>
+	// SP         = <US-ASCII SP, space (32)>
+	// HT         = <US-ASCII HT, horizontal-tab (9)>
+	// <">        = <US-ASCII double-quote mark (34)>
+	// CRLF       = CR LF
+	// LWS        = [CRLF] 1*( SP | HT )
+	// TEXT       = <any OCTET except CTLs, but including LWS>
+	// separators = "(" | ")" | "<" | ">" | "@" | "," | ";" | ":" | "\" | <">
+	//              | "/" | "[" | "]" | "?" | "=" | "{" | "}" | SP | HT
+	// token      = 1*<any CHAR except CTLs or separators>
+	// qdtext     = <any TEXT except <">>
+
+	for c := 0; c < 256; c++ {
+		var t octetType
+		isCtl := c <= 31 || c == 127
+		isChar := 0 <= c && c <= 127
+		isSeparator := strings.IndexRune(" \t\"(),/:;<=>?@[]\\{}", rune(c)) >= 0
+		if strings.IndexRune(" \t\r\n", rune(c)) >= 0 {
+			t |= isSpace
+		}
+		if isChar && !isCtl && !isSeparator {
+			t |= isToken
+		}
+		octetTypes[c] = t
+	}
+}
+
+// ResponseChallenges returns a list of authorization challenges
+// for the given http Response. Challenges are only checked if
+// the response status code was a 401.
+func ResponseChallenges(resp *http.Response) []Challenge {
+	if resp.StatusCode == http.StatusUnauthorized {
+		// Parse the WWW-Authenticate Header and store the challenges
+		// on this endpoint object.
+		return parseAuthHeader(resp.Header)
+	}
+
+	return nil
+}
+
+func parseAuthHeader(header http.Header) []Challenge {
+	challenges := []Challenge{}
+	for _, h := range header[http.CanonicalHeaderKey("WWW-Authenticate")] {
+		v, p := parseValueAndParams(h)
+		if v != "" {
+			challenges = append(challenges, Challenge{Scheme: v, Parameters: p})
+		}
+	}
+	return challenges
+}
+
+func parseValueAndParams(header string) (value string, params map[string]string) {
+	params = make(map[string]string)
+	value, s := expectToken(header)
+	if value == "" {
+		return
+	}
+	value = strings.ToLower(value)
+	s = "," + skipSpace(s)
+	for strings.HasPrefix(s, ",") {
+		var pkey string
+		pkey, s = expectToken(skipSpace(s[1:]))
+		if pkey == "" {
+			return
+		}
+		if !strings.HasPrefix(s, "=") {
+			return
+		}
+		var pvalue string
+		pvalue, s = expectTokenOrQuoted(s[1:])
+		if pvalue == "" {
+			return
+		}
+		pkey = strings.ToLower(pkey)
+		params[pkey] = pvalue
+		s = skipSpace(s)
+	}
+	return
+}
+
+func skipSpace(s string) (rest string) {
+	i := 0
+	for ; i < len(s); i++ {
+		if octetTypes[s[i]]&isSpace == 0 {
+			break
+		}
+	}
+	return s[i:]
+}
+
+func expectToken(s string) (token, rest string) {
+	i := 0
+	for ; i < len(s); i++ {
+		if octetTypes[s[i]]&isToken == 0 {
+			break
+		}
+	}
+	return s[:i], s[i:]
+}
+
+func expectTokenOrQuoted(s string) (value string, rest string) {
+	if !strings.HasPrefix(s, "\"") {
+		return expectToken(s)
+	}
+	s = s[1:]
+	for i := 0; i < len(s); i++ {
+		switch s[i] {
+		case '"':
+			return s[:i], s[i+1:]
+		case '\\':
+			p := make([]byte, len(s)-1)
+			j := copy(p, s[:i])
+			escape := true
+			for i = i + 1; i < len(s); i++ {
+				b := s[i]
+				switch {
+				case escape:
+					escape = false
+					p[j] = b
+					j++
+				case b == '\\':
+					escape = true
+				case b == '"':
+					return string(p[:j]), s[i+1:]
+				default:
+					p[j] = b
+					j++
+				}
+			}
+			return "", ""
+		}
+	}
+	return "", ""
+}
diff --git a/vendor/github.com/docker/docker-credential-helpers/LICENSE b/vendor/github.com/docker/docker-credential-helpers/LICENSE
new file mode 100644
index 00000000..1ea555e2
--- /dev/null
+++ b/vendor/github.com/docker/docker-credential-helpers/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2016 David Calavera
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/docker/docker-credential-helpers/client/client.go b/vendor/github.com/docker/docker-credential-helpers/client/client.go
new file mode 100644
index 00000000..d1d0434c
--- /dev/null
+++ b/vendor/github.com/docker/docker-credential-helpers/client/client.go
@@ -0,0 +1,121 @@
+package client
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/docker/docker-credential-helpers/credentials"
+)
+
+// isValidCredsMessage checks if 'msg' contains invalid credentials error message.
+// It returns whether the logs are free of invalid credentials errors and the error if it isn't.
+// error values can be errCredentialsMissingServerURL or errCredentialsMissingUsername.
+func isValidCredsMessage(msg string) error {
+	if credentials.IsCredentialsMissingServerURLMessage(msg) {
+		return credentials.NewErrCredentialsMissingServerURL()
+	}
+
+	if credentials.IsCredentialsMissingUsernameMessage(msg) {
+		return credentials.NewErrCredentialsMissingUsername()
+	}
+
+	return nil
+}
+
+// Store uses an external program to save credentials.
+func Store(program ProgramFunc, creds *credentials.Credentials) error {
+	cmd := program("store")
+
+	buffer := new(bytes.Buffer)
+	if err := json.NewEncoder(buffer).Encode(creds); err != nil {
+		return err
+	}
+	cmd.Input(buffer)
+
+	out, err := cmd.Output()
+	if err != nil {
+		t := strings.TrimSpace(string(out))
+
+		if isValidErr := isValidCredsMessage(t); isValidErr != nil {
+			err = isValidErr
+		}
+
+		return fmt.Errorf("error storing credentials - err: %v, out: `%s`", err, t)
+	}
+
+	return nil
+}
+
+// Get executes an external program to get the credentials from a native store.
+func Get(program ProgramFunc, serverURL string) (*credentials.Credentials, error) {
+	cmd := program("get")
+	cmd.Input(strings.NewReader(serverURL))
+
+	out, err := cmd.Output()
+	if err != nil {
+		t := strings.TrimSpace(string(out))
+
+		if credentials.IsErrCredentialsNotFoundMessage(t) {
+			return nil, credentials.NewErrCredentialsNotFound()
+		}
+
+		if isValidErr := isValidCredsMessage(t); isValidErr != nil {
+			err = isValidErr
+		}
+
+		return nil, fmt.Errorf("error getting credentials - err: %v, out: `%s`", err, t)
+	}
+
+	resp := &credentials.Credentials{
+		ServerURL: serverURL,
+	}
+
+	if err := json.NewDecoder(bytes.NewReader(out)).Decode(resp); err != nil {
+		return nil, err
+	}
+
+	return resp, nil
+}
+
+// Erase executes a program to remove the server credentials from the native store.
+func Erase(program ProgramFunc, serverURL string) error {
+	cmd := program("erase")
+	cmd.Input(strings.NewReader(serverURL))
+	out, err := cmd.Output()
+	if err != nil {
+		t := strings.TrimSpace(string(out))
+
+		if isValidErr := isValidCredsMessage(t); isValidErr != nil {
+			err = isValidErr
+		}
+
+		return fmt.Errorf("error erasing credentials - err: %v, out: `%s`", err, t)
+	}
+
+	return nil
+}
+
+// List executes a program to list server credentials in the native store.
+func List(program ProgramFunc) (map[string]string, error) {
+	cmd := program("list")
+	cmd.Input(strings.NewReader("unused"))
+	out, err := cmd.Output()
+	if err != nil {
+		t := strings.TrimSpace(string(out))
+
+		if isValidErr := isValidCredsMessage(t); isValidErr != nil {
+			err = isValidErr
+		}
+
+		return nil, fmt.Errorf("error listing credentials - err: %v, out: `%s`", err, t)
+	}
+
+	var resp map[string]string
+	if err = json.NewDecoder(bytes.NewReader(out)).Decode(&resp); err != nil {
+		return nil, err
+	}
+
+	return resp, nil
+}
diff --git a/vendor/github.com/docker/docker-credential-helpers/client/command.go b/vendor/github.com/docker/docker-credential-helpers/client/command.go
new file mode 100644
index 00000000..8da33430
--- /dev/null
+++ b/vendor/github.com/docker/docker-credential-helpers/client/command.go
@@ -0,0 +1,56 @@
+package client
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+)
+
+// Program is an interface to execute external programs.
+type Program interface {
+	Output() ([]byte, error)
+	Input(in io.Reader)
+}
+
+// ProgramFunc is a type of function that initializes programs based on arguments.
+type ProgramFunc func(args ...string) Program
+
+// NewShellProgramFunc creates programs that are executed in a Shell.
+func NewShellProgramFunc(name string) ProgramFunc {
+	return NewShellProgramFuncWithEnv(name, nil)
+}
+
+// NewShellProgramFuncWithEnv creates programs that are executed in a Shell with environment variables
+func NewShellProgramFuncWithEnv(name string, env *map[string]string) ProgramFunc {
+	return func(args ...string) Program {
+		return &Shell{cmd: createProgramCmdRedirectErr(name, args, env)}
+	}
+}
+
+func createProgramCmdRedirectErr(commandName string, args []string, env *map[string]string) *exec.Cmd {
+	programCmd := exec.Command(commandName, args...)
+	programCmd.Env = os.Environ()
+	if env != nil {
+		for k, v := range *env {
+			programCmd.Env = append(programCmd.Env, fmt.Sprintf("%s=%s", k, v))
+		}
+	}
+	programCmd.Stderr = os.Stderr
+	return programCmd
+}
+
+// Shell invokes shell commands to talk with a remote credentials helper.
+type Shell struct {
+	cmd *exec.Cmd
+}
+
+// Output returns responses from the remote credentials helper.
+func (s *Shell) Output() ([]byte, error) {
+	return s.cmd.Output()
+}
+
+// Input sets the input to send to a remote credentials helper.
+func (s *Shell) Input(in io.Reader) {
+	s.cmd.Stdin = in
+}
diff --git a/vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go b/vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go
new file mode 100644
index 00000000..da8b594e
--- /dev/null
+++ b/vendor/github.com/docker/docker-credential-helpers/credentials/credentials.go
@@ -0,0 +1,186 @@
+package credentials
+
+import (
+	"bufio"
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+)
+
+// Credentials holds the information shared between docker and the credentials store.
+type Credentials struct {
+	ServerURL string
+	Username  string
+	Secret    string
+}
+
+// isValid checks the integrity of Credentials object such that no credentials lack
+// a server URL or a username.
+// It returns whether the credentials are valid and the error if it isn't.
+// error values can be errCredentialsMissingServerURL or errCredentialsMissingUsername
+func (c *Credentials) isValid() (bool, error) {
+	if len(c.ServerURL) == 0 {
+		return false, NewErrCredentialsMissingServerURL()
+	}
+
+	if len(c.Username) == 0 {
+		return false, NewErrCredentialsMissingUsername()
+	}
+
+	return true, nil
+}
+
+// CredsLabel holds the way Docker credentials should be labeled as such in credentials stores that allow labelling.
+// That label allows to filter out non-Docker credentials too at lookup/search in macOS keychain,
+// Windows credentials manager and Linux libsecret. Default value is "Docker Credentials"
+var CredsLabel = "Docker Credentials"
+
+// SetCredsLabel is a simple setter for CredsLabel
+func SetCredsLabel(label string) {
+	CredsLabel = label
+}
+
+// Serve initializes the credentials helper and parses the action argument.
+// This function is designed to be called from a command line interface.
+// It uses os.Args[1] as the key for the action.
+// It uses os.Stdin as input and os.Stdout as output.
+// This function terminates the program with os.Exit(1) if there is an error.
+func Serve(helper Helper) {
+	var err error
+	if len(os.Args) != 2 {
+		err = fmt.Errorf("Usage: %s <store|get|erase|list|version>", os.Args[0])
+	}
+
+	if err == nil {
+		err = HandleCommand(helper, os.Args[1], os.Stdin, os.Stdout)
+	}
+
+	if err != nil {
+		fmt.Fprintf(os.Stdout, "%v\n", err)
+		os.Exit(1)
+	}
+}
+
+// HandleCommand uses a helper and a key to run a credential action.
+func HandleCommand(helper Helper, key string, in io.Reader, out io.Writer) error {
+	switch key {
+	case "store":
+		return Store(helper, in)
+	case "get":
+		return Get(helper, in, out)
+	case "erase":
+		return Erase(helper, in)
+	case "list":
+		return List(helper, out)
+	case "version":
+		return PrintVersion(out)
+	}
+	return fmt.Errorf("Unknown credential action `%s`", key)
+}
+
+// Store uses a helper and an input reader to save credentials.
+// The reader must contain the JSON serialization of a Credentials struct.
+func Store(helper Helper, reader io.Reader) error {
+	scanner := bufio.NewScanner(reader)
+
+	buffer := new(bytes.Buffer)
+	for scanner.Scan() {
+		buffer.Write(scanner.Bytes())
+	}
+
+	if err := scanner.Err(); err != nil && err != io.EOF {
+		return err
+	}
+
+	var creds Credentials
+	if err := json.NewDecoder(buffer).Decode(&creds); err != nil {
+		return err
+	}
+
+	if ok, err := creds.isValid(); !ok {
+		return err
+	}
+
+	return helper.Add(&creds)
+}
+
+// Get retrieves the credentials for a given server url.
+// The reader must contain the server URL to search.
+// The writer is used to write the JSON serialization of the credentials.
+func Get(helper Helper, reader io.Reader, writer io.Writer) error {
+	scanner := bufio.NewScanner(reader)
+
+	buffer := new(bytes.Buffer)
+	for scanner.Scan() {
+		buffer.Write(scanner.Bytes())
+	}
+
+	if err := scanner.Err(); err != nil && err != io.EOF {
+		return err
+	}
+
+	serverURL := strings.TrimSpace(buffer.String())
+	if len(serverURL) == 0 {
+		return NewErrCredentialsMissingServerURL()
+	}
+
+	username, secret, err := helper.Get(serverURL)
+	if err != nil {
+		return err
+	}
+
+	resp := Credentials{
+		ServerURL: serverURL,
+		Username:  username,
+		Secret:    secret,
+	}
+
+	buffer.Reset()
+	if err := json.NewEncoder(buffer).Encode(resp); err != nil {
+		return err
+	}
+
+	fmt.Fprint(writer, buffer.String())
+	return nil
+}
+
+// Erase removes credentials from the store.
+// The reader must contain the server URL to remove.
+func Erase(helper Helper, reader io.Reader) error {
+	scanner := bufio.NewScanner(reader)
+
+	buffer := new(bytes.Buffer)
+	for scanner.Scan() {
+		buffer.Write(scanner.Bytes())
+	}
+
+	if err := scanner.Err(); err != nil && err != io.EOF {
+		return err
+	}
+
+	serverURL := strings.TrimSpace(buffer.String())
+	if len(serverURL) == 0 {
+		return NewErrCredentialsMissingServerURL()
+	}
+
+	return helper.Delete(serverURL)
+}
+
+//List returns all the serverURLs of keys in
+//the OS store as a list of strings
+func List(helper Helper, writer io.Writer) error {
+	accts, err := helper.List()
+	if err != nil {
+		return err
+	}
+	return json.NewEncoder(writer).Encode(accts)
+}
+
+//PrintVersion outputs the current version.
+func PrintVersion(writer io.Writer) error {
+	fmt.Fprintln(writer, Version)
+	return nil
+}
diff --git a/vendor/github.com/docker/docker-credential-helpers/credentials/error.go b/vendor/github.com/docker/docker-credential-helpers/credentials/error.go
new file mode 100644
index 00000000..fe6a5aef
--- /dev/null
+++ b/vendor/github.com/docker/docker-credential-helpers/credentials/error.go
@@ -0,0 +1,102 @@
+package credentials
+
+const (
+	// ErrCredentialsNotFound standardizes the not found error, so every helper returns
+	// the same message and docker can handle it properly.
+	errCredentialsNotFoundMessage = "credentials not found in native keychain"
+
+	// ErrCredentialsMissingServerURL and ErrCredentialsMissingUsername standardize
+	// invalid credentials or credentials management operations
+	errCredentialsMissingServerURLMessage = "no credentials server URL"
+	errCredentialsMissingUsernameMessage  = "no credentials username"
+)
+
+// errCredentialsNotFound represents an error
+// raised when credentials are not in the store.
+type errCredentialsNotFound struct{}
+
+// Error returns the standard error message
+// for when the credentials are not in the store.
+func (errCredentialsNotFound) Error() string {
+	return errCredentialsNotFoundMessage
+}
+
+// NewErrCredentialsNotFound creates a new error
+// for when the credentials are not in the store.
+func NewErrCredentialsNotFound() error {
+	return errCredentialsNotFound{}
+}
+
+// IsErrCredentialsNotFound returns true if the error
+// was caused by not having a set of credentials in a store.
+func IsErrCredentialsNotFound(err error) bool {
+	_, ok := err.(errCredentialsNotFound)
+	return ok
+}
+
+// IsErrCredentialsNotFoundMessage returns true if the error
+// was caused by not having a set of credentials in a store.
+//
+// This function helps to check messages returned by an
+// external program via its standard output.
+func IsErrCredentialsNotFoundMessage(err string) bool {
+	return err == errCredentialsNotFoundMessage
+}
+
+// errCredentialsMissingServerURL represents an error raised
+// when the credentials object has no server URL or when no
+// server URL is provided to a credentials operation requiring
+// one.
+type errCredentialsMissingServerURL struct{}
+
+func (errCredentialsMissingServerURL) Error() string {
+	return errCredentialsMissingServerURLMessage
+}
+
+// errCredentialsMissingUsername represents an error raised
+// when the credentials object has no username or when no
+// username is provided to a credentials operation requiring
+// one.
+type errCredentialsMissingUsername struct{}
+
+func (errCredentialsMissingUsername) Error() string {
+	return errCredentialsMissingUsernameMessage
+}
+
+// NewErrCredentialsMissingServerURL creates a new error for
+// errCredentialsMissingServerURL.
+func NewErrCredentialsMissingServerURL() error {
+	return errCredentialsMissingServerURL{}
+}
+
+// NewErrCredentialsMissingUsername creates a new error for
+// errCredentialsMissingUsername.
+func NewErrCredentialsMissingUsername() error {
+	return errCredentialsMissingUsername{}
+}
+
+// IsCredentialsMissingServerURL returns true if the error
+// was an errCredentialsMissingServerURL.
+func IsCredentialsMissingServerURL(err error) bool {
+	_, ok := err.(errCredentialsMissingServerURL)
+	return ok
+}
+
+// IsCredentialsMissingServerURLMessage checks for an
+// errCredentialsMissingServerURL in the error message.
+func IsCredentialsMissingServerURLMessage(err string) bool {
+	return err == errCredentialsMissingServerURLMessage
+}
+
+// IsCredentialsMissingUsername returns true if the error
+// was an errCredentialsMissingUsername.
+func IsCredentialsMissingUsername(err error) bool {
+	_, ok := err.(errCredentialsMissingUsername)
+	return ok
+}
+
+// IsCredentialsMissingUsernameMessage checks for an
+// errCredentialsMissingUsername in the error message.
+func IsCredentialsMissingUsernameMessage(err string) bool {
+	return err == errCredentialsMissingUsernameMessage
+}
diff --git a/vendor/github.com/docker/docker-credential-helpers/credentials/helper.go b/vendor/github.com/docker/docker-credential-helpers/credentials/helper.go
new file mode 100644
index 00000000..135acd25
--- /dev/null
+++ b/vendor/github.com/docker/docker-credential-helpers/credentials/helper.go
@@ -0,0 +1,14 @@
+package credentials
+
+// Helper is the interface a credentials store helper must implement.
+type Helper interface {
+	// Add appends credentials to the store.
+	Add(*Credentials) error
+	// Delete removes credentials from the store.
+	Delete(serverURL string) error
+	// Get retrieves credentials from the store.
+	// It returns username and secret as strings.
+	Get(serverURL string) (string, string, error)
+	// List returns the stored serverURLs and their associated usernames.
+	List() (map[string]string, error)
+}
diff --git a/vendor/github.com/docker/docker-credential-helpers/credentials/version.go b/vendor/github.com/docker/docker-credential-helpers/credentials/version.go
new file mode 100644
index 00000000..c2cc3e2e
--- /dev/null
+++ b/vendor/github.com/docker/docker-credential-helpers/credentials/version.go
@@ -0,0 +1,4 @@
+package credentials
+
+// Version holds a string describing the current version
+const Version = "0.6.3"
diff --git a/vendor/github.com/google/go-containerregistry/LICENSE b/vendor/github.com/google/go-containerregistry/LICENSE
new file mode 100644
index 00000000..7a4a3ea2
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/LICENSE
@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
\ No newline at end of file
diff --git a/vendor/github.com/google/go-containerregistry/pkg/authn/README.md b/vendor/github.com/google/go-containerregistry/pkg/authn/README.md
new file mode 100644
index 00000000..1eb17c7a
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/authn/README.md
@@ -0,0 +1,242 @@
+# `authn`
+
+[![GoDoc](https://godoc.org/github.com/google/go-containerregistry/pkg/authn?status.svg)](https://godoc.org/github.com/google/go-containerregistry/pkg/authn)
+
+This README outlines how we acquire and use credentials when interacting with a registry.
+
+As much as possible, we attempt to emulate docker's authentication behavior and configuration so that this library "just works" if you've already configured credentials that work with docker; however, when things don't work, a basic understanding of what's going on can help with debugging.
+
+The official documentation for how docker authentication works is (reasonably) scattered across several different sites and GitHub repositories, so we've tried to summarize the relevant bits here.
+
+## tl;dr for consumers of this package
+
+By default, [`pkg/v1/remote`](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/remote) uses [`Anonymous`](https://godoc.org/github.com/google/go-containerregistry/pkg/authn#Anonymous) credentials (i.e. _none_), which for most registries will only allow read access to public images.
+
+To use the credentials found in your docker config file, you can use the [`DefaultKeychain`](https://godoc.org/github.com/google/go-containerregistry/pkg/authn#DefaultKeychain), e.g.:
+
+```go
+package main
+
+import (
+	"fmt"
+
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+)
+
+func main() {
+	ref, err := name.ParseReference("registry.example.com/private/repo")
+	if err != nil {
+		panic(err)
+	}
+
+	// Fetch the manifest using default credentials.
+	img, err := remote.Get(ref, remote.WithAuthFromKeychain(authn.DefaultKeychain))
+	if err != nil {
+		panic(err)
+	}
+
+	// Prints the digest of registry.example.com/private/repo
+	fmt.Println(img.Digest)
+}
+```
+
+(If you're only using [gcr.io](https://gcr.io), see the [`pkg/v1/google.Keychain`](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/google#Keychain), which emulates [`docker-credential-gcr`](https://github.com/GoogleCloudPlatform/docker-credential-gcr).)
+
+## The Config File
+
+This file contains various configuration options for docker and is (by default) located at:
+* `$HOME/.docker/config.json` (on linux and darwin), or
+* `%USERPROFILE%\.docker\config.json` (on windows).
+
+You can override this location with the `DOCKER_CONFIG` environment variable.
+
+### Plaintext
+
+The config file is where your credentials are stored when you invoke `docker login`, e.g. the contents may look something like this:
+
+```json
+{
+	"auths": {
+		"registry.example.com": {
+			"auth": "QXp1cmVEaWFtb25kOmh1bnRlcjI="
+		}
+	}
+}
+```
+
+The `auths` map has an entry per registry, and the `auth` field contains your username and password encoded as [HTTP 'Basic' Auth](https://tools.ietf.org/html/rfc7617).
+
+**NOTE**: This means that your credentials are stored _in plaintext_:
+
+```bash
+$ echo "QXp1cmVEaWFtb25kOmh1bnRlcjI=" | base64 -d
+AzureDiamond:hunter2
+```
+
+For what it's worth, this config file is equivalent to:
+
+```json
+{
+	"auths": {
+		"registry.example.com": {
+			"username": "AzureDiamond",
+			"password": "hunter2"
+		}
+	}
+}
+```
+
+... which is useful to know if e.g. your CI system provides you a registry username and password via environment variables and you want to populate this file manually without invoking `docker login`.
+
+### Helpers
+
+If you log in like this, docker will warn you that you should use a [credential helper](https://docs.docker.com/engine/reference/commandline/login/#credentials-store), and you should!
+
+To configure a global credential helper:
+```json
+{
+	"credsStore": "osxkeychain"
+}
+```
+
+To configure a per-registry credential helper:
+```json
+{
+	"credHelpers": {
+		"gcr.io": "gcr"
+	}
+}
+```
+
+We use [`github.com/docker/cli/cli/config.Load`](https://godoc.org/github.com/docker/cli/cli/config#Load) to parse the config file and invoke any necessary credential helpers. This handles the logic of taking a [`ConfigFile`](https://github.com/docker/cli/blob/ba63a92655c0bea4857b8d6cc4991498858b3c60/cli/config/configfile/file.go#L25-L54) + registry domain and producing an [`AuthConfig`](https://github.com/docker/cli/blob/ba63a92655c0bea4857b8d6cc4991498858b3c60/cli/config/types/authconfig.go#L3-L22), which determines how we authenticate to the registry.
+
+## Credential Helpers
+
+The [credential helper protocol](https://github.com/docker/docker-credential-helpers) allows you to configure a binary that supplies credentials for the registry, rather than hard-coding them in the config file.
+
+The protocol has several verbs, but the one we most care about is `get`.
+
+For example, using the following config file:
+```json
+{
+	"credHelpers": {
+		"gcr.io": "gcr",
+		"eu.gcr.io": "gcr"
+	}
+}
+```
+
+To acquire credentials for `gcr.io`, we look in the `credHelpers` map to find
+the credential helper for `gcr.io` is `gcr`. By appending that value to
+`docker-credential-`, we can get the name of the binary we need to use.
+
+For this example, that's `docker-credential-gcr`, which must be on our `$PATH`.
+We'll then invoke that binary to get credentials:
+
+```bash
+$ echo "gcr.io" | docker-credential-gcr get
+{"Username":"_token","Secret":"<long access token>"}
+```
+
+You can configure the same credential helper for multiple registries, which is
+why we need to pass the domain in via STDIN, e.g. if we were trying to access
+`eu.gcr.io`, we'd do this instead:
+
+```bash
+$ echo "eu.gcr.io" | docker-credential-gcr get
+{"Username":"_token","Secret":"<long access token>"}
+```
+
+### Debugging credential helpers
+
+If a credential helper is configured but doesn't seem to be working, it can be
+challenging to debug. Implementing a fake credential helper lets you poke around
+to make it easier to see where the failure is happening.
+
+This "implements" a credential helper with hard-coded values:
+```
+#!/usr/bin/env bash
+echo '{"Username":"<token>","Secret":"hunter2"}'
+```
+
+
+This implements a credential helper that prints the output of
+`docker-credential-gcr` to both stderr and whatever called it, which allows you
+to snoop on another credential helper:
+```
+#!/usr/bin/env bash
+docker-credential-gcr $@ | tee >(cat 1>&2)
+```
+
+Put those files somewhere on your path, naming them e.g.
+`docker-credential-hardcoded` and `docker-credential-tee`, then modify the
+config file to use them:
+
+```json
+{
+	"credHelpers": {
+		"gcr.io": "tee",
+		"eu.gcr.io": "hardcoded"
+	}
+}
+```
+
+The `docker-credential-tee` trick works with both `crane` and `docker`:
+
+```bash
+$ crane manifest gcr.io/google-containers/pause > /dev/null
+{"ServerURL":"","Username":"_dcgcr_1_5_0_token","Secret":"<redacted>"}
+
+$ docker pull gcr.io/google-containers/pause
+Using default tag: latest
+{"ServerURL":"","Username":"_dcgcr_1_5_0_token","Secret":"<redacted>"}
+latest: Pulling from google-containers/pause
+a3ed95caeb02: Pull complete
+4964c72cd024: Pull complete
+Digest: sha256:a78c2d6208eff9b672de43f880093100050983047b7b0afe0217d3656e1b0d5f
+Status: Downloaded newer image for gcr.io/google-containers/pause:latest
+gcr.io/google-containers/pause:latest
+```
+
+## The Registry
+
+There are two methods for authenticating against a registry:
+[token](https://docs.docker.com/registry/spec/auth/token/) and
+[oauth2](https://docs.docker.com/registry/spec/auth/oauth/).
+
+Both methods are used to acquire an opaque `Bearer` token (or
+[RegistryToken](https://github.com/docker/cli/blob/ba63a92655c0bea4857b8d6cc4991498858b3c60/cli/config/types/authconfig.go#L21))
+to use in the `Authorization` header. The registry will return a `401
+Unauthorized` during the [version
+check](https://github.com/opencontainers/distribution-spec/blob/2c3975d1f03b67c9a0203199038adea0413f0573/spec.md#api-version-check)
+(or during normal operations) with
+[Www-Authenticate](https://tools.ietf.org/html/rfc7235#section-4.1) challenge
+indicating how to proceed.
+
+### Token
+
+If we get back an `AuthConfig` containing a [`Username/Password`](https://github.com/docker/cli/blob/ba63a92655c0bea4857b8d6cc4991498858b3c60/cli/config/types/authconfig.go#L5-L6)
+or
+[`Auth`](https://github.com/docker/cli/blob/ba63a92655c0bea4857b8d6cc4991498858b3c60/cli/config/types/authconfig.go#L7),
+we'll use the token method for authentication:
+
+![basic](../../images/credhelper-basic.svg)
+
+### OAuth 2
+
+If we get back an `AuthConfig` containing an [`IdentityToken`](https://github.com/docker/cli/blob/ba63a92655c0bea4857b8d6cc4991498858b3c60/cli/config/types/authconfig.go#L18)
+we'll use the oauth2 method for authentication:
+
+![oauth](../../images/credhelper-oauth.svg)
+
+This happens when a credential helper returns a response with the
+[`Username`](https://github.com/docker/docker-credential-helpers/blob/f78081d1f7fef6ad74ad6b79368de6348386e591/credentials/credentials.go#L16)
+set to `<token>` (no, that's not a placeholder, the literal string `"<token>"`).
+It is unclear why: [moby/moby#36926](https://github.com/moby/moby/issues/36926).
+
+We only support the oauth2 `grant_type` for `refresh_token` ([#629](https://github.com/google/go-containerregistry/issues/629)),
+since it's impossible to determine from the registry response whether we should
+use oauth, and the token method for authentication is widely implemented by
+registries.
diff --git a/vendor/github.com/google/go-containerregistry/pkg/authn/anon.go b/vendor/github.com/google/go-containerregistry/pkg/authn/anon.go
new file mode 100644
index 00000000..83214957
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/authn/anon.go
@@ -0,0 +1,26 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package authn
+
+// anonymous implements Authenticator for anonymous authentication.
+type anonymous struct{}
+
+// Authorization implements Authenticator.
+func (a *anonymous) Authorization() (*AuthConfig, error) {
+	return &AuthConfig{}, nil
+}
+
+// Anonymous is a singleton Authenticator for providing anonymous auth.
+var Anonymous Authenticator = &anonymous{}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/authn/auth.go b/vendor/github.com/google/go-containerregistry/pkg/authn/auth.go
new file mode 100644
index 00000000..0111f1ae
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/authn/auth.go
@@ -0,0 +1,30 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package authn
+
+// auth is an Authenticator that simply returns the wrapped AuthConfig.
+type auth struct {
+	config AuthConfig
+}
+
+// FromConfig returns an Authenticator that just returns the given AuthConfig.
+func FromConfig(cfg AuthConfig) Authenticator {
+	return &auth{cfg}
+}
+
+// Authorization implements Authenticator.
+func (a *auth) Authorization() (*AuthConfig, error) {
+	return &a.config, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/authn/authn.go b/vendor/github.com/google/go-containerregistry/pkg/authn/authn.go
new file mode 100644
index 00000000..3c43fbd3
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/authn/authn.go
@@ -0,0 +1,36 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package authn
+
+// AuthConfig contains authorization information for connecting to a Registry
+// Inlined what we use from github.com/cli/cli/config/types
+type AuthConfig struct {
+	Username string `json:"username,omitempty"`
+	Password string `json:"password,omitempty"`
+	Auth     string `json:"auth,omitempty"`
+
+	// IdentityToken is used to authenticate the user and get
+	// an access token for the registry.
+	IdentityToken string `json:"identitytoken,omitempty"`
+
+	// RegistryToken is a bearer token to be sent to a registry
+	RegistryToken string `json:"registrytoken,omitempty"`
+}
+
+// Authenticator is used to authenticate Docker transports.
+type Authenticator interface {
+	// Authorization returns the value to use in an http transport's Authorization header.
+	Authorization() (*AuthConfig, error)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/authn/basic.go b/vendor/github.com/google/go-containerregistry/pkg/authn/basic.go
new file mode 100644
index 00000000..500cb661
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/authn/basic.go
@@ -0,0 +1,29 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package authn
+
+// Basic implements Authenticator for basic authentication.
+type Basic struct {
+	Username string
+	Password string
+}
+
+// Authorization implements Authenticator.
+func (b *Basic) Authorization() (*AuthConfig, error) {
+	return &AuthConfig{
+		Username: b.Username,
+		Password: b.Password,
+	}, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/authn/bearer.go b/vendor/github.com/google/go-containerregistry/pkg/authn/bearer.go
new file mode 100644
index 00000000..4cf86df9
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/authn/bearer.go
@@ -0,0 +1,27 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package authn
+
+// Bearer implements Authenticator for bearer authentication.
+type Bearer struct {
+	Token string `json:"token"`
+}
+
+// Authorization implements Authenticator.
+func (b *Bearer) Authorization() (*AuthConfig, error) {
+	return &AuthConfig{
+		RegistryToken: b.Token,
+	}, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/authn/doc.go b/vendor/github.com/google/go-containerregistry/pkg/authn/doc.go
new file mode 100644
index 00000000..c2a5fc02
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/authn/doc.go
@@ -0,0 +1,17 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package authn defines different methods of authentication for
+// talking to a container registry.
+package authn
diff --git a/vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go b/vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go
new file mode 100644
index 00000000..60eebc75
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/authn/keychain.go
@@ -0,0 +1,89 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package authn
+
+import (
+	"os"
+
+	"github.com/docker/cli/cli/config"
+	"github.com/docker/cli/cli/config/types"
+	"github.com/google/go-containerregistry/pkg/name"
+)
+
+// Resource represents a registry or repository that can be authenticated against.
+type Resource interface {
+	// String returns the full string representation of the target, e.g.
+	// gcr.io/my-project or just gcr.io.
+	String() string
+
+	// RegistryStr returns just the registry portion of the target, e.g. for
+	// gcr.io/my-project, this should just return gcr.io. This is needed to
+	// pull out an appropriate hostname.
+	RegistryStr() string
+}
+
+// Keychain is an interface for resolving an image reference to a credential.
+type Keychain interface {
+	// Resolve looks up the most appropriate credential for the specified target.
+	Resolve(Resource) (Authenticator, error)
+}
+
+// defaultKeychain implements Keychain with the semantics of the standard Docker
+// credential keychain.
+type defaultKeychain struct{}
+
+var (
+	// DefaultKeychain implements Keychain by interpreting the docker config file.
+	DefaultKeychain Keychain = &defaultKeychain{}
+)
+
+const (
+	// DefaultAuthKey is the key used for dockerhub in config files, which
+	// is hardcoded for historical reasons.
+	DefaultAuthKey = "https://" + name.DefaultRegistry + "/v1/"
+)
+
+// Resolve implements Keychain.
+func (dk *defaultKeychain) Resolve(target Resource) (Authenticator, error) {
+	cf, err := config.Load(os.Getenv("DOCKER_CONFIG"))
+	if err != nil {
+		return nil, err
+	}
+
+	// See:
+	// https://github.com/google/ko/issues/90
+	// https://github.com/moby/moby/blob/fc01c2b481097a6057bec3cd1ab2d7b4488c50c4/registry/config.go#L397-L404
+	key := target.RegistryStr()
+	if key == name.DefaultRegistry {
+		key = DefaultAuthKey
+	}
+
+	cfg, err := cf.GetAuthConfig(key)
+	if err != nil {
+		return nil, err
+	}
+
+	empty := types.AuthConfig{}
+	if cfg == empty {
+		return Anonymous, nil
+	}
+	return FromConfig(AuthConfig{
+		Username:      cfg.Username,
+		Password:      cfg.Password,
+		Auth:          cfg.Auth,
+		IdentityToken: cfg.IdentityToken,
+		RegistryToken: cfg.RegistryToken,
+	}), nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/authn/multikeychain.go b/vendor/github.com/google/go-containerregistry/pkg/authn/multikeychain.go
new file mode 100644
index 00000000..3b1804f5
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/authn/multikeychain.go
@@ -0,0 +1,41 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package authn
+
+type multiKeychain struct {
+	keychains []Keychain
+}
+
+// Assert that our multi-keychain implements Keychain.
+var _ (Keychain) = (*multiKeychain)(nil)
+
+// NewMultiKeychain composes a list of keychains into one new keychain.
+func NewMultiKeychain(kcs ...Keychain) Keychain {
+	return &multiKeychain{keychains: kcs}
+}
+
+// Resolve implements Keychain.
+func (mk *multiKeychain) Resolve(target Resource) (Authenticator, error) {
+	for _, kc := range mk.keychains {
+		auth, err := kc.Resolve(target)
+		if err != nil {
+			return nil, err
+		}
+		if auth != Anonymous {
+			return auth, nil
+		}
+	}
+	return Anonymous, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/crane/append.go b/vendor/github.com/google/go-containerregistry/pkg/crane/append.go
new file mode 100644
index 00000000..5e2b5422
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/append.go
@@ -0,0 +1,37 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crane
+
+import (
+	"fmt"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/mutate"
+	"github.com/google/go-containerregistry/pkg/v1/tarball"
+)
+
+// Append reads a layer from path and appends it the the v1.Image base.
+func Append(base v1.Image, paths ...string) (v1.Image, error) {
+	layers := make([]v1.Layer, 0, len(paths))
+	for _, path := range paths {
+		layer, err := tarball.LayerFromFile(path)
+		if err != nil {
+			return nil, fmt.Errorf("reading tar %q: %v", path, err)
+		}
+		layers = append(layers, layer)
+	}
+
+	return mutate.AppendLayers(base, layers...)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/crane/catalog.go b/vendor/github.com/google/go-containerregistry/pkg/crane/catalog.go
new file mode 100644
index 00000000..528722f6
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/catalog.go
@@ -0,0 +1,33 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crane
+
+import (
+	"context"
+
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+)
+
+// Catalog returns the repositories in a registry's catalog.
+func Catalog(src string, opt ...Option) (res []string, err error) {
+	o := makeOptions(opt...)
+	reg, err := name.NewRegistry(src, o.name...)
+	if err != nil {
+		return nil, err
+	}
+
+	return remote.Catalog(context.TODO(), reg, o.remote...)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/crane/config.go b/vendor/github.com/google/go-containerregistry/pkg/crane/config.go
new file mode 100644
index 00000000..3e55cc93
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/config.go
@@ -0,0 +1,24 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crane
+
+// Config returns the config file for the remote image ref.
+func Config(ref string, opt ...Option) ([]byte, error) {
+	i, _, err := getImage(ref, opt...)
+	if err != nil {
+		return nil, err
+	}
+	return i.RawConfigFile()
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/crane/copy.go b/vendor/github.com/google/go-containerregistry/pkg/crane/copy.go
new file mode 100644
index 00000000..ab73cb36
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/copy.go
@@ -0,0 +1,102 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crane
+
+import (
+	"fmt"
+
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/internal/legacy"
+	"github.com/google/go-containerregistry/pkg/logs"
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
+
+// Copy copies a remote image or index from src to dst.
+func Copy(src, dst string, opt ...Option) error {
+	o := makeOptions(opt...)
+	srcRef, err := name.ParseReference(src, o.name...)
+	if err != nil {
+		return fmt.Errorf("parsing reference %q: %v", src, err)
+	}
+
+	dstRef, err := name.ParseReference(dst, o.name...)
+	if err != nil {
+		return fmt.Errorf("parsing reference for %q: %v", dst, err)
+	}
+
+	logs.Progress.Printf("Copying from %v to %v", srcRef, dstRef)
+	desc, err := remote.Get(srcRef, o.remote...)
+	if err != nil {
+		return fmt.Errorf("fetching %q: %v", src, err)
+	}
+
+	switch desc.MediaType {
+	case types.OCIImageIndex, types.DockerManifestList:
+		// Handle indexes separately.
+		if o.platform != nil {
+			// If platform is explicitly set, don't copy the whole index, just the appropriate image.
+			if err := copyImage(desc, dstRef, o); err != nil {
+				return fmt.Errorf("failed to copy image: %v", err)
+			}
+		} else {
+			if err := copyIndex(desc, dstRef, o); err != nil {
+				return fmt.Errorf("failed to copy index: %v", err)
+			}
+		}
+	case types.DockerManifestSchema1, types.DockerManifestSchema1Signed:
+		// Handle schema 1 images separately.
+		if err := copySchema1(desc, srcRef, dstRef); err != nil {
+			return fmt.Errorf("failed to copy schema 1 image: %v", err)
+		}
+	default:
+		// Assume anything else is an image, since some registries don't set mediaTypes properly.
+		if err := copyImage(desc, dstRef, o); err != nil {
+			return fmt.Errorf("failed to copy image: %v", err)
+		}
+	}
+
+	return nil
+}
+
+func copyImage(desc *remote.Descriptor, dstRef name.Reference, o options) error {
+	img, err := desc.Image()
+	if err != nil {
+		return err
+	}
+	return remote.Write(dstRef, img, o.remote...)
+}
+
+func copyIndex(desc *remote.Descriptor, dstRef name.Reference, o options) error {
+	idx, err := desc.ImageIndex()
+	if err != nil {
+		return err
+	}
+	return remote.WriteIndex(dstRef, idx, o.remote...)
+}
+
+func copySchema1(desc *remote.Descriptor, srcRef, dstRef name.Reference) error {
+	srcAuth, err := authn.DefaultKeychain.Resolve(srcRef.Context().Registry)
+	if err != nil {
+		return err
+	}
+	dstAuth, err := authn.DefaultKeychain.Resolve(dstRef.Context().Registry)
+	if err != nil {
+		return err
+	}
+
+	return legacy.CopySchema1(desc, srcRef, dstRef, srcAuth, dstAuth)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/crane/delete.go b/vendor/github.com/google/go-containerregistry/pkg/crane/delete.go
new file mode 100644
index 00000000..487c888c
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/delete.go
@@ -0,0 +1,33 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crane
+
+import (
+	"fmt"
+
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+)
+
+// Delete deletes the remote reference at src.
+func Delete(src string, opt ...Option) error {
+	o := makeOptions(opt...)
+	ref, err := name.ParseReference(src, o.name...)
+	if err != nil {
+		return fmt.Errorf("parsing reference %q: %v", src, err)
+	}
+
+	return remote.Delete(ref, o.remote...)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/crane/digest.go b/vendor/github.com/google/go-containerregistry/pkg/crane/digest.go
new file mode 100644
index 00000000..ead2b019
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/digest.go
@@ -0,0 +1,40 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crane
+
+// Digest returns the sha256 hash of the remote image at ref.
+func Digest(ref string, opt ...Option) (string, error) {
+	o := makeOptions(opt...)
+	if o.platform != nil {
+		desc, err := getManifest(ref, opt...)
+		if err != nil {
+			return "", err
+		}
+		img, err := desc.Image()
+		if err != nil {
+			return "", err
+		}
+		digest, err := img.Digest()
+		if err != nil {
+			return "", err
+		}
+		return digest.String(), nil
+	}
+	desc, err := head(ref, opt...)
+	if err != nil {
+		return "", err
+	}
+	return desc.Digest.String(), nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/crane/doc.go b/vendor/github.com/google/go-containerregistry/pkg/crane/doc.go
new file mode 100644
index 00000000..7602d795
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/doc.go
@@ -0,0 +1,16 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package crane holds libraries used to implement the crane CLI.
+package crane
diff --git a/vendor/github.com/google/go-containerregistry/pkg/crane/export.go b/vendor/github.com/google/go-containerregistry/pkg/crane/export.go
new file mode 100644
index 00000000..29334912
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/export.go
@@ -0,0 +1,29 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crane
+
+import (
+	"io"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/mutate"
+)
+
+// Export writes the filesystem contents (as a tarball) of img to w.
+func Export(img v1.Image, w io.Writer) error {
+	fs := mutate.Extract(img)
+	_, err := io.Copy(w, fs)
+	return err
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/crane/filemap.go b/vendor/github.com/google/go-containerregistry/pkg/crane/filemap.go
new file mode 100644
index 00000000..e9eee1ba
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/filemap.go
@@ -0,0 +1,67 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crane
+
+import (
+	"archive/tar"
+	"bytes"
+	"sort"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/empty"
+	"github.com/google/go-containerregistry/pkg/v1/mutate"
+	"github.com/google/go-containerregistry/pkg/v1/tarball"
+)
+
+// Layer creates a layer from a single file map. These layers are reproducible and consistent.
+// A filemap is a path -> file content map representing a file system.
+func Layer(filemap map[string][]byte) (v1.Layer, error) {
+	b := &bytes.Buffer{}
+	w := tar.NewWriter(b)
+
+	fn := []string{}
+	for f := range filemap {
+		fn = append(fn, f)
+	}
+	sort.Strings(fn)
+
+	for _, f := range fn {
+		c := filemap[f]
+		if err := w.WriteHeader(&tar.Header{
+			Name: f,
+			Size: int64(len(c)),
+		}); err != nil {
+			return nil, err
+		}
+		if _, err := w.Write(c); err != nil {
+			return nil, err
+		}
+	}
+	if err := w.Close(); err != nil {
+		return nil, err
+	}
+	return tarball.LayerFromReader(b)
+}
+
+// Image creates a image with the given filemaps as its contents. These images are reproducible and consistent.
+// A filemap is a path -> file content map representing a file system.
+func Image(filemap map[string][]byte) (v1.Image, error) {
+	y, err := Layer(filemap)
+	if err != nil {
+		return nil, err
+	}
+
+	return mutate.AppendLayers(empty.Image, y)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/crane/get.go b/vendor/github.com/google/go-containerregistry/pkg/crane/get.go
new file mode 100644
index 00000000..80855710
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/get.go
@@ -0,0 +1,54 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crane
+
+import (
+	"fmt"
+
+	"github.com/google/go-containerregistry/pkg/name"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+)
+
+func getImage(r string, opt ...Option) (v1.Image, name.Reference, error) {
+	o := makeOptions(opt...)
+	ref, err := name.ParseReference(r, o.name...)
+	if err != nil {
+		return nil, nil, fmt.Errorf("parsing reference %q: %v", r, err)
+	}
+	img, err := remote.Image(ref, o.remote...)
+	if err != nil {
+		return nil, nil, fmt.Errorf("reading image %q: %v", ref, err)
+	}
+	return img, ref, nil
+}
+
+func getManifest(r string, opt ...Option) (*remote.Descriptor, error) {
+	o := makeOptions(opt...)
+	ref, err := name.ParseReference(r, o.name...)
+	if err != nil {
+		return nil, fmt.Errorf("parsing reference %q: %v", r, err)
+	}
+	return remote.Get(ref, o.remote...)
+}
+
+func head(r string, opt ...Option) (*v1.Descriptor, error) {
+	o := makeOptions(opt...)
+	ref, err := name.ParseReference(r, o.name...)
+	if err != nil {
+		return nil, err
+	}
+	return remote.Head(ref, o.remote...)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/crane/list.go b/vendor/github.com/google/go-containerregistry/pkg/crane/list.go
new file mode 100644
index 00000000..5e3a40df
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/list.go
@@ -0,0 +1,33 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crane
+
+import (
+	"fmt"
+
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+)
+
+// ListTags returns the tags in repository src.
+func ListTags(src string, opt ...Option) ([]string, error) {
+	o := makeOptions(opt...)
+	repo, err := name.NewRepository(src, o.name...)
+	if err != nil {
+		return nil, fmt.Errorf("parsing repo %q: %v", src, err)
+	}
+
+	return remote.List(repo, o.remote...)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/crane/manifest.go b/vendor/github.com/google/go-containerregistry/pkg/crane/manifest.go
new file mode 100644
index 00000000..1c8ffa57
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/manifest.go
@@ -0,0 +1,32 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crane
+
+// Manifest returns the manifest for the remote image or index ref.
+func Manifest(ref string, opt ...Option) ([]byte, error) {
+	desc, err := getManifest(ref, opt...)
+	if err != nil {
+		return nil, err
+	}
+	o := makeOptions(opt...)
+	if o.platform != nil {
+		img, err := desc.Image()
+		if err != nil {
+			return nil, err
+		}
+		return img.RawManifest()
+	}
+	return desc.Manifest, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/crane/options.go b/vendor/github.com/google/go-containerregistry/pkg/crane/options.go
new file mode 100644
index 00000000..c25570f9
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/options.go
@@ -0,0 +1,99 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crane
+
+import (
+	"net/http"
+
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/name"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+)
+
+type options struct {
+	name     []name.Option
+	remote   []remote.Option
+	platform *v1.Platform
+}
+
+func makeOptions(opts ...Option) options {
+	opt := options{
+		remote: []remote.Option{
+			remote.WithAuthFromKeychain(authn.DefaultKeychain),
+		},
+	}
+	for _, o := range opts {
+		o(&opt)
+	}
+	return opt
+}
+
+// Option is a functional option for crane.
+type Option func(*options)
+
+// WithTransport is a functional option for overriding the default transport
+// for remote operations.
+func WithTransport(t http.RoundTripper) Option {
+	return func(o *options) {
+		o.remote = append(o.remote, remote.WithTransport(t))
+	}
+}
+
+// Insecure is an Option that allows image references to be fetched without TLS.
+func Insecure(o *options) {
+	o.name = append(o.name, name.Insecure)
+}
+
+// WithPlatform is an Option to specify the platform.
+func WithPlatform(platform *v1.Platform) Option {
+	return func(o *options) {
+		if platform != nil {
+			o.remote = append(o.remote, remote.WithPlatform(*platform))
+		}
+		o.platform = platform
+	}
+}
+
+// WithAuthFromKeychain is a functional option for overriding the default
+// authenticator for remote operations, using an authn.Keychain to find
+// credentials.
+//
+// By default, crane will use authn.DefaultKeychain.
+func WithAuthFromKeychain(keys authn.Keychain) Option {
+	return func(o *options) {
+		// Replace the default keychain at position 0.
+		o.remote[0] = remote.WithAuthFromKeychain(keys)
+	}
+}
+
+// WithAuth is a functional option for overriding the default authenticator
+// for remote operations.
+//
+// By default, crane will use authn.DefaultKeychain.
+func WithAuth(auth authn.Authenticator) Option {
+	return func(o *options) {
+		// Replace the default keychain at position 0.
+		o.remote[0] = remote.WithAuth(auth)
+	}
+}
+
+// WithUserAgent adds the given string to the User-Agent header for any HTTP
+// requests.
+func WithUserAgent(ua string) Option {
+	return func(o *options) {
+		o.remote = append(o.remote, remote.WithUserAgent(ua))
+	}
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/crane/pull.go b/vendor/github.com/google/go-containerregistry/pkg/crane/pull.go
new file mode 100644
index 00000000..74beaa1a
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/pull.go
@@ -0,0 +1,108 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crane
+
+import (
+	"fmt"
+	"os"
+
+	legacy "github.com/google/go-containerregistry/pkg/legacy/tarball"
+	"github.com/google/go-containerregistry/pkg/name"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/empty"
+	"github.com/google/go-containerregistry/pkg/v1/layout"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+	"github.com/google/go-containerregistry/pkg/v1/tarball"
+)
+
+// Tag applied to images that were pulled by digest. This denotes that the
+// image was (probably) never tagged with this, but lets us avoid applying the
+// ":latest" tag which might be misleading.
+const iWasADigestTag = "i-was-a-digest"
+
+// Pull returns a v1.Image of the remote image src.
+func Pull(src string, opt ...Option) (v1.Image, error) {
+	o := makeOptions(opt...)
+	ref, err := name.ParseReference(src, o.name...)
+	if err != nil {
+		return nil, fmt.Errorf("parsing tag %q: %v", src, err)
+	}
+
+	return remote.Image(ref, o.remote...)
+}
+
+// Save writes the v1.Image img as a tarball at path with tag src.
+func Save(img v1.Image, src, path string) error {
+	ref, err := name.ParseReference(src)
+	if err != nil {
+		return fmt.Errorf("parsing ref %q: %v", src, err)
+	}
+
+	// WriteToFile wants a tag to write to the tarball, but we might have
+	// been given a digest.
+	// If the original ref was a tag, use that. Otherwise, if it was a
+	// digest, tag the image with :i-was-a-digest instead.
+	tag, ok := ref.(name.Tag)
+	if !ok {
+		d, ok := ref.(name.Digest)
+		if !ok {
+			return fmt.Errorf("ref wasn't a tag or digest")
+		}
+		tag = d.Repository.Tag(iWasADigestTag)
+	}
+
+	// no progress channel (for now)
+	return tarball.WriteToFile(path, tag, img)
+}
+
+// PullLayer returns the given layer from a registry.
+func PullLayer(ref string, opt ...Option) (v1.Layer, error) {
+	o := makeOptions(opt...)
+	digest, err := name.NewDigest(ref, o.name...)
+	if err != nil {
+		return nil, err
+	}
+
+	return remote.Layer(digest, o.remote...)
+}
+
+// SaveLegacy writes the v1.Image img as a legacy tarball at path with tag src.
+func SaveLegacy(img v1.Image, src, path string) error {
+	ref, err := name.ParseReference(src)
+	if err != nil {
+		return fmt.Errorf("parsing ref %q: %v", src, err)
+	}
+
+	w, err := os.Create(path)
+	if err != nil {
+		return err
+	}
+	defer w.Close()
+
+	return legacy.Write(ref, img, w)
+}
+
+// SaveOCI writes the v1.Image img as an OCI Image Layout at path. If a layout
+// already exists at that path, it will add the image to the index.
+func SaveOCI(img v1.Image, path string) error {
+	p, err := layout.FromPath(path)
+	if err != nil {
+		p, err = layout.Write(path, empty.Index)
+		if err != nil {
+			return err
+		}
+	}
+	return p.AppendImage(img)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/crane/push.go b/vendor/github.com/google/go-containerregistry/pkg/crane/push.go
new file mode 100644
index 00000000..8cddb366
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/push.go
@@ -0,0 +1,42 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crane
+
+import (
+	"fmt"
+
+	"github.com/google/go-containerregistry/pkg/name"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+	"github.com/google/go-containerregistry/pkg/v1/tarball"
+)
+
+// Load reads the tarball at path as a v1.Image.
+func Load(path string) (v1.Image, error) {
+	// TODO: Allow tag?
+	return tarball.ImageFromPath(path, nil)
+}
+
+// Push pushes the v1.Image img to a registry as dst.
+func Push(img v1.Image, dst string, opt ...Option) error {
+	o := makeOptions(opt...)
+	tag, err := name.NewTag(dst, o.name...)
+	if err != nil {
+		return fmt.Errorf("parsing tag %q: %v", dst, err)
+	}
+	return remote.MultiWrite(map[name.Reference]remote.Taggable{
+		tag: img,
+	}, o.remote...)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/crane/tag.go b/vendor/github.com/google/go-containerregistry/pkg/crane/tag.go
new file mode 100644
index 00000000..d3e9abb3
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/crane/tag.go
@@ -0,0 +1,39 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package crane
+
+import (
+	"fmt"
+
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+)
+
+// Tag adds tag to the remote img.
+func Tag(img, tag string, opt ...Option) error {
+	o := makeOptions(opt...)
+	ref, err := name.ParseReference(img, o.name...)
+	if err != nil {
+		return fmt.Errorf("parsing reference %q: %v", img, err)
+	}
+	desc, err := remote.Get(ref, o.remote...)
+	if err != nil {
+		return fmt.Errorf("fetching %q: %v", img, err)
+	}
+
+	dst := ref.Context().Tag(tag)
+
+	return remote.Tag(dst, desc, o.remote...)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/internal/legacy/copy.go b/vendor/github.com/google/go-containerregistry/pkg/internal/legacy/copy.go
new file mode 100644
index 00000000..557c1d1f
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/internal/legacy/copy.go
@@ -0,0 +1,102 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package legacy provides methods for interacting with legacy image formats.
+package legacy
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/logs"
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
+)
+
+// CopySchema1 allows `[g]crane cp` to work with old images without adding
+// full support for schema 1 images to this package.
+func CopySchema1(desc *remote.Descriptor, srcRef, dstRef name.Reference, srcAuth, dstAuth authn.Authenticator) error {
+	m := schema1{}
+	if err := json.NewDecoder(bytes.NewReader(desc.Manifest)).Decode(&m); err != nil {
+		return err
+	}
+
+	for _, layer := range m.FSLayers {
+		src := srcRef.Context().Digest(layer.BlobSum)
+		dst := dstRef.Context().Digest(layer.BlobSum)
+
+		blob, err := remote.Layer(src, remote.WithAuth(srcAuth))
+		if err != nil {
+			return err
+		}
+
+		if err := remote.WriteLayer(dst.Context(), blob, remote.WithAuth(dstAuth)); err != nil {
+			return err
+		}
+	}
+
+	return putManifest(desc, dstRef, dstAuth)
+}
+
+// TODO: perhaps expose this in remote?
+func putManifest(desc *remote.Descriptor, dstRef name.Reference, dstAuth authn.Authenticator) error {
+	reg := dstRef.Context().Registry
+	scopes := []string{dstRef.Scope(transport.PushScope)}
+
+	// TODO(jonjohnsonjr): Use NewWithContext.
+	tr, err := transport.New(reg, dstAuth, http.DefaultTransport, scopes)
+	if err != nil {
+		return err
+	}
+	client := &http.Client{Transport: tr}
+
+	u := url.URL{
+		Scheme: dstRef.Context().Registry.Scheme(),
+		Host:   dstRef.Context().RegistryStr(),
+		Path:   fmt.Sprintf("/v2/%s/manifests/%s", dstRef.Context().RepositoryStr(), dstRef.Identifier()),
+	}
+
+	req, err := http.NewRequest(http.MethodPut, u.String(), bytes.NewBuffer(desc.Manifest))
+	if err != nil {
+		return err
+	}
+	req.Header.Set("Content-Type", string(desc.MediaType))
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if err := transport.CheckError(resp, http.StatusOK, http.StatusCreated, http.StatusAccepted); err != nil {
+		return err
+	}
+
+	// The image was successfully pushed!
+	logs.Progress.Printf("%v: digest: %v size: %d", dstRef, desc.Digest, len(desc.Manifest))
+	return nil
+}
+
+type fslayer struct {
+	BlobSum string `json:"blobSum"`
+}
+
+type schema1 struct {
+	FSLayers []fslayer `json:"fsLayers"`
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/internal/redact/redact.go b/vendor/github.com/google/go-containerregistry/pkg/internal/redact/redact.go
new file mode 100644
index 00000000..dc9c56b7
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/internal/redact/redact.go
@@ -0,0 +1,35 @@
+// Copyright 2020 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package redact contains a simple context signal for redacting requests.
+package redact
+
+import (
+	"context"
+)
+
+type contextKey string
+
+var redactKey = contextKey("redact")
+
+// NewContext creates a new ctx with the reason for redaction.
+func NewContext(ctx context.Context, reason string) context.Context {
+	return context.WithValue(ctx, redactKey, reason)
+}
+
+// FromContext returns the redaction reason, if any.
+func FromContext(ctx context.Context) (bool, string) {
+	reason, ok := ctx.Value(redactKey).(string)
+	return ok, reason
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/internal/retry/retry.go b/vendor/github.com/google/go-containerregistry/pkg/internal/retry/retry.go
new file mode 100644
index 00000000..542ba49b
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/internal/retry/retry.go
@@ -0,0 +1,77 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package retry provides methods for retrying operations. It is a thin wrapper
+// around k8s.io/apimachinery/pkg/util/wait to make certain operations easier.
+package retry
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/google/go-containerregistry/pkg/internal/retry/wait"
+)
+
+// Backoff is an alias of our own wait.Backoff to avoid name conflicts with
+// the kubernetes wait package. Typing retry.Backoff is aesier than fixing
+// the wrong import every time you use wait.Backoff.
+type Backoff = wait.Backoff
+
+// This is implemented by several errors in the net package as well as our
+// transport.Error.
+type temporary interface {
+	Temporary() bool
+}
+
+// IsTemporary returns true if err implements Temporary() and it returns true.
+func IsTemporary(err error) bool {
+	if err == context.DeadlineExceeded {
+		return false
+	}
+	if te, ok := err.(temporary); ok && te.Temporary() {
+		return true
+	}
+	return false
+}
+
+// IsNotNil returns true if err is not nil.
+func IsNotNil(err error) bool {
+	return err != nil
+}
+
+// Predicate determines whether an error should be retried.
+type Predicate func(error) (retry bool)
+
+// Retry retries a given function, f, until a predicate is satisfied, using
+// exponential backoff. If the predicate is never satisfied, it will return the
+// last error returned by f.
+func Retry(f func() error, p Predicate, backoff wait.Backoff) (err error) {
+	if f == nil {
+		return fmt.Errorf("nil f passed to retry")
+	}
+	if p == nil {
+		return fmt.Errorf("nil p passed to retry")
+	}
+
+	condition := func() (bool, error) {
+		err = f()
+		if p(err) {
+			return false, nil
+		}
+		return true, err
+	}
+
+	wait.ExponentialBackoff(backoff, condition)
+	return
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/internal/retry/wait/kubernetes_apimachinery_wait.go b/vendor/github.com/google/go-containerregistry/pkg/internal/retry/wait/kubernetes_apimachinery_wait.go
new file mode 100644
index 00000000..ab06e5f1
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/internal/retry/wait/kubernetes_apimachinery_wait.go
@@ -0,0 +1,123 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package wait is a subset of k8s.io/apimachinery to avoid conflicts
+// in dependencies (specifically, logging).
+package wait
+
+import (
+	"errors"
+	"math/rand"
+	"time"
+)
+
+// Jitter returns a time.Duration between duration and duration + maxFactor *
+// duration.
+//
+// This allows clients to avoid converging on periodic behavior. If maxFactor
+// is 0.0, a suggested default value will be chosen.
+func Jitter(duration time.Duration, maxFactor float64) time.Duration {
+	if maxFactor <= 0.0 {
+		maxFactor = 1.0
+	}
+	wait := duration + time.Duration(rand.Float64()*maxFactor*float64(duration))
+	return wait
+}
+
+// ErrWaitTimeout is returned when the condition exited without success.
+var ErrWaitTimeout = errors.New("timed out waiting for the condition")
+
+// ConditionFunc returns true if the condition is satisfied, or an error
+// if the loop should be aborted.
+type ConditionFunc func() (done bool, err error)
+
+// Backoff holds parameters applied to a Backoff function.
+type Backoff struct {
+	// The initial duration.
+	Duration time.Duration
+	// Duration is multiplied by factor each iteration, if factor is not zero
+	// and the limits imposed by Steps and Cap have not been reached.
+	// Should not be negative.
+	// The jitter does not contribute to the updates to the duration parameter.
+	Factor float64
+	// The sleep at each iteration is the duration plus an additional
+	// amount chosen uniformly at random from the interval between
+	// zero and `jitter*duration`.
+	Jitter float64
+	// The remaining number of iterations in which the duration
+	// parameter may change (but progress can be stopped earlier by
+	// hitting the cap). If not positive, the duration is not
+	// changed. Used for exponential backoff in combination with
+	// Factor and Cap.
+	Steps int
+	// A limit on revised values of the duration parameter. If a
+	// multiplication by the factor parameter would make the duration
+	// exceed the cap then the duration is set to the cap and the
+	// steps parameter is set to zero.
+	Cap time.Duration
+}
+
+// Step (1) returns an amount of time to sleep determined by the
+// original Duration and Jitter and (2) mutates the provided Backoff
+// to update its Steps and Duration.
+func (b *Backoff) Step() time.Duration {
+	if b.Steps < 1 {
+		if b.Jitter > 0 {
+			return Jitter(b.Duration, b.Jitter)
+		}
+		return b.Duration
+	}
+	b.Steps--
+
+	duration := b.Duration
+
+	// calculate the next step
+	if b.Factor != 0 {
+		b.Duration = time.Duration(float64(b.Duration) * b.Factor)
+		if b.Cap > 0 && b.Duration > b.Cap {
+			b.Duration = b.Cap
+			b.Steps = 0
+		}
+	}
+
+	if b.Jitter > 0 {
+		duration = Jitter(duration, b.Jitter)
+	}
+	return duration
+}
+
+// ExponentialBackoff repeats a condition check with exponential backoff.
+//
+// It repeatedly checks the condition and then sleeps, using `backoff.Step()`
+// to determine the length of the sleep and adjust Duration and Steps.
+// Stops and returns as soon as:
+// 1. the condition check returns true or an error,
+// 2. `backoff.Steps` checks of the condition have been done, or
+// 3. a sleep truncated by the cap on duration has been completed.
+// In case (1) the returned error is what the condition function returned.
+// In all other cases, ErrWaitTimeout is returned.
+func ExponentialBackoff(backoff Backoff, condition ConditionFunc) error {
+	for backoff.Steps > 0 {
+		if ok, err := condition(); err != nil || ok {
+			return err
+		}
+		if backoff.Steps == 1 {
+			break
+		}
+		time.Sleep(backoff.Step())
+	}
+	return ErrWaitTimeout
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/legacy/config.go b/vendor/github.com/google/go-containerregistry/pkg/legacy/config.go
new file mode 100644
index 00000000..3364bec6
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/legacy/config.go
@@ -0,0 +1,33 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package legacy
+
+import (
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+)
+
+// LayerConfigFile is the configuration file that holds the metadata describing
+// a v1 layer. See:
+// https://github.com/moby/moby/blob/master/image/spec/v1.md
+type LayerConfigFile struct {
+	v1.ConfigFile
+
+	ContainerConfig v1.Config `json:"container_config,omitempty"`
+
+	ID        string `json:"id,omitempty"`
+	Parent    string `json:"parent,omitempty"`
+	Throwaway bool   `json:"throwaway,omitempty"`
+	Comment   string `json:"comment,omitempty"`
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/legacy/doc.go b/vendor/github.com/google/go-containerregistry/pkg/legacy/doc.go
new file mode 100644
index 00000000..1d166888
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/legacy/doc.go
@@ -0,0 +1,18 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package legacy provides functionality to work with docker images in the v1
+// format.
+// See: https://github.com/moby/moby/blob/master/image/spec/v1.md
+package legacy
diff --git a/vendor/github.com/google/go-containerregistry/pkg/legacy/tarball/README.md b/vendor/github.com/google/go-containerregistry/pkg/legacy/tarball/README.md
new file mode 100644
index 00000000..90b88c75
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/legacy/tarball/README.md
@@ -0,0 +1,6 @@
+# `legacy/tarball`
+
+[![GoDoc](https://godoc.org/github.com/google/go-containerregistry/pkg/legacy/tarball?status.svg)](https://godoc.org/github.com/google/go-containerregistry/pkg/legacy/tarball)
+
+This package implements support for writing legacy tarballs, as described
+[here](https://github.com/moby/moby/blob/749d90e10f989802638ae542daf54257f3bf71f2/image/spec/v1.2.md#combined-image-json--filesystem-changeset-format).
diff --git a/vendor/github.com/google/go-containerregistry/pkg/legacy/tarball/doc.go b/vendor/github.com/google/go-containerregistry/pkg/legacy/tarball/doc.go
new file mode 100644
index 00000000..62684d6e
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/legacy/tarball/doc.go
@@ -0,0 +1,18 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package tarball provides facilities for writing v1 docker images
+// (https://github.com/moby/moby/blob/master/image/spec/v1.md) from/to a tarball
+// on-disk.
+package tarball
diff --git a/vendor/github.com/google/go-containerregistry/pkg/legacy/tarball/write.go b/vendor/github.com/google/go-containerregistry/pkg/legacy/tarball/write.go
new file mode 100644
index 00000000..fb139544
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/legacy/tarball/write.go
@@ -0,0 +1,373 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package tarball
+
+import (
+	"archive/tar"
+	"bytes"
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"io"
+	"sort"
+	"strings"
+
+	"github.com/google/go-containerregistry/pkg/legacy"
+	"github.com/google/go-containerregistry/pkg/name"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/partial"
+	"github.com/google/go-containerregistry/pkg/v1/tarball"
+)
+
+// repositoriesTarDescriptor represents the repositories file inside a `docker save` tarball.
+type repositoriesTarDescriptor map[string]map[string]string
+
+// v1Layer represents a layer with metadata needed by the v1 image spec https://github.com/moby/moby/blob/master/image/spec/v1.md.
+type v1Layer struct {
+	// config is the layer metadata.
+	config *legacy.LayerConfigFile
+	// layer is the v1.Layer object this v1Layer represents.
+	layer v1.Layer
+}
+
+// json returns the raw bytes of the json metadata of the given v1Layer.
+func (l *v1Layer) json() ([]byte, error) {
+	return json.Marshal(l.config)
+}
+
+// version returns the raw bytes of the "VERSION" file of the given v1Layer.
+func (l *v1Layer) version() []byte {
+	return []byte("1.0")
+}
+
+// v1LayerID computes the v1 image format layer id for the given v1.Layer with the given v1 parent ID and raw image config.
+func v1LayerID(layer v1.Layer, parentID string, rawConfig []byte) (string, error) {
+	d, err := layer.Digest()
+	if err != nil {
+		return "", fmt.Errorf("unable to get layer digest to generate v1 layer ID: %v", err)
+	}
+	s := fmt.Sprintf("%s %s", d.Hex, parentID)
+	if len(rawConfig) != 0 {
+		s = fmt.Sprintf("%s %s", s, string(rawConfig))
+	}
+	rawDigest := sha256.Sum256([]byte(s))
+	return hex.EncodeToString(rawDigest[:]), nil
+}
+
+// newTopV1Layer creates a new v1Layer for a layer other than the top layer in a v1 image tarball.
+func newV1Layer(layer v1.Layer, parent *v1Layer, history v1.History) (*v1Layer, error) {
+	parentID := ""
+	if parent != nil {
+		parentID = parent.config.ID
+	}
+	id, err := v1LayerID(layer, parentID, nil)
+	if err != nil {
+		return nil, fmt.Errorf("unable to generate v1 layer ID: %v", err)
+	}
+	result := &v1Layer{
+		layer: layer,
+		config: &legacy.LayerConfigFile{
+			ConfigFile: v1.ConfigFile{
+				Created: history.Created,
+				Author:  history.Author,
+			},
+			ContainerConfig: v1.Config{
+				Cmd: []string{history.CreatedBy},
+			},
+			ID:        id,
+			Parent:    parentID,
+			Throwaway: history.EmptyLayer,
+			Comment:   history.Comment,
+		},
+	}
+	return result, nil
+}
+
+// newTopV1Layer creates a new v1Layer for the top layer in a v1 image tarball.
+func newTopV1Layer(layer v1.Layer, parent *v1Layer, history v1.History, imgConfig *v1.ConfigFile, rawConfig []byte) (*v1Layer, error) {
+	result, err := newV1Layer(layer, parent, history)
+	if err != nil {
+		return nil, err
+	}
+	id, err := v1LayerID(layer, result.config.Parent, rawConfig)
+	if err != nil {
+		return nil, fmt.Errorf("unable to generate v1 layer ID for top layer: %v", err)
+	}
+	result.config.ID = id
+	result.config.Architecture = imgConfig.Architecture
+	result.config.Container = imgConfig.Container
+	result.config.DockerVersion = imgConfig.DockerVersion
+	result.config.OS = imgConfig.OS
+	result.config.Config = imgConfig.Config
+	result.config.Created = imgConfig.Created
+	return result, nil
+}
+
+// splitTag splits the given tagged image name <registry>/<repository>:<tag>
+// into <registry>/<repository> and <tag>.
+func splitTag(name string) (string, string) {
+	// Split on ":"
+	parts := strings.Split(name, ":")
+	// Verify that we aren't confusing a tag for a hostname w/ port for the purposes of weak validation.
+	if len(parts) > 1 && !strings.Contains(parts[len(parts)-1], "/") {
+		base := strings.Join(parts[:len(parts)-1], ":")
+		tag := parts[len(parts)-1]
+		return base, tag
+	}
+	return name, ""
+}
+
+// addTags adds the given image tags to the given "repositories" file descriptor in a v1 image tarball.
+func addTags(repos repositoriesTarDescriptor, tags []string, topLayerID string) {
+	for _, t := range tags {
+		base, tag := splitTag(t)
+		tagToID, ok := repos[base]
+		if !ok {
+			tagToID = make(map[string]string)
+			repos[base] = tagToID
+		}
+		tagToID[tag] = topLayerID
+	}
+}
+
+// updateLayerSources updates the given layer digest to descriptor map with the descriptor of the given layer in the given image if it's an undistributable layer.
+func updateLayerSources(layerSources map[v1.Hash]v1.Descriptor, layer v1.Layer, img v1.Image) error {
+	d, err := layer.Digest()
+	if err != nil {
+		return err
+	}
+	// Add to LayerSources if it's a foreign layer.
+	desc, err := partial.BlobDescriptor(img, d)
+	if err != nil {
+		return err
+	}
+	if !desc.MediaType.IsDistributable() {
+		diffid, err := partial.BlobToDiffID(img, d)
+		if err != nil {
+			return err
+		}
+		layerSources[diffid] = *desc
+	}
+	return nil
+}
+
+// Write is a wrapper to write a single image in V1 format and tag to a tarball.
+func Write(ref name.Reference, img v1.Image, w io.Writer) error {
+	return MultiWrite(map[name.Reference]v1.Image{ref: img}, w)
+}
+
+// filterEmpty filters out the history corresponding to empty layers from the
+// given history.
+func filterEmpty(h []v1.History) []v1.History {
+	result := []v1.History{}
+	for _, i := range h {
+		if i.EmptyLayer {
+			continue
+		}
+		result = append(result, i)
+	}
+	return result
+}
+
+// MultiWrite writes the contents of each image to the provided reader, in the V1 image tarball format.
+// The contents are written in the following format:
+// One manifest.json file at the top level containing information about several images.
+// One repositories file mapping from the image <registry>/<repo name> to <tag> to the id of the top most layer.
+// For every layer, a directory named with the layer ID is created with the following contents:
+//   layer.tar - The uncompressed layer tarball.
+//   <layer id>.json- Layer metadata json.
+//   VERSION- Schema version string. Always set to "1.0".
+// One file for the config blob, named after its SHA.
+func MultiWrite(refToImage map[name.Reference]v1.Image, w io.Writer) error {
+	tf := tar.NewWriter(w)
+	defer tf.Close()
+
+	sortedImages, imageToTags := dedupRefToImage(refToImage)
+	var m tarball.Manifest
+	repos := make(repositoriesTarDescriptor)
+
+	seenLayerIDs := make(map[string]struct{})
+	for _, img := range sortedImages {
+		tags := imageToTags[img]
+
+		// Write the config.
+		cfgName, err := img.ConfigName()
+		if err != nil {
+			return err
+		}
+		cfgFileName := fmt.Sprintf("%s.json", cfgName.Hex)
+		cfgBlob, err := img.RawConfigFile()
+		if err != nil {
+			return err
+		}
+		if err := writeTarEntry(tf, cfgFileName, bytes.NewReader(cfgBlob), int64(len(cfgBlob))); err != nil {
+			return err
+		}
+		cfg, err := img.ConfigFile()
+		if err != nil {
+			return err
+		}
+
+		// Store foreign layer info.
+		layerSources := make(map[v1.Hash]v1.Descriptor)
+
+		// Write the layers.
+		layers, err := img.Layers()
+		if err != nil {
+			return err
+		}
+		history := filterEmpty(cfg.History)
+		// Create a blank config history if the config didn't have a history.
+		if len(history) == 0 && len(layers) != 0 {
+			history = make([]v1.History, len(layers))
+		} else if len(layers) != len(history) {
+			return fmt.Errorf("image config had layer history which did not match the number of layers, got len(history)=%d, len(layers)=%d, want len(history)=len(layers)", len(history), len(layers))
+		}
+		layerFiles := make([]string, len(layers))
+		var prev *v1Layer
+		for i, l := range layers {
+			if err := updateLayerSources(layerSources, l, img); err != nil {
+				return fmt.Errorf("unable to update image metadata to include undistributable layer source information: %v", err)
+			}
+			var cur *v1Layer
+			if i < (len(layers) - 1) {
+				cur, err = newV1Layer(l, prev, history[i])
+			} else {
+				cur, err = newTopV1Layer(l, prev, history[i], cfg, cfgBlob)
+			}
+			if err != nil {
+				return err
+			}
+			layerFiles[i] = fmt.Sprintf("%s/layer.tar", cur.config.ID)
+			if _, ok := seenLayerIDs[cur.config.ID]; ok {
+				prev = cur
+				continue
+			}
+			seenLayerIDs[cur.config.ID] = struct{}{}
+
+			// If the v1.Layer implements UncompressedSize efficiently, use that
+			// for the tar header. Otherwise, this iterates over Uncompressed().
+			// NOTE: If using a streaming layer, this may consume the layer.
+			size, err := partial.UncompressedSize(l)
+			if err != nil {
+				return err
+			}
+			u, err := l.Uncompressed()
+			if err != nil {
+				return err
+			}
+			defer u.Close()
+			if err := writeTarEntry(tf, layerFiles[i], u, size); err != nil {
+				return err
+			}
+
+			j, err := cur.json()
+			if err != nil {
+				return err
+			}
+			if err := writeTarEntry(tf, fmt.Sprintf("%s/json", cur.config.ID), bytes.NewReader(j), int64(len(j))); err != nil {
+				return err
+			}
+			v := cur.version()
+			if err := writeTarEntry(tf, fmt.Sprintf("%s/VERSION", cur.config.ID), bytes.NewReader(v), int64(len(v))); err != nil {
+				return err
+			}
+			prev = cur
+		}
+
+		// Generate the tar descriptor and write it.
+		m = append(m, tarball.Descriptor{
+			Config:       cfgFileName,
+			RepoTags:     tags,
+			Layers:       layerFiles,
+			LayerSources: layerSources,
+		})
+		// prev should be the top layer here. Use it to add the image tags
+		// to the tarball repositories file.
+		addTags(repos, tags, prev.config.ID)
+	}
+
+	mBytes, err := json.Marshal(m)
+	if err != nil {
+		return err
+	}
+
+	if err := writeTarEntry(tf, "manifest.json", bytes.NewReader(mBytes), int64(len(mBytes))); err != nil {
+		return err
+	}
+	reposBytes, err := json.Marshal(&repos)
+	if err != nil {
+		return err
+	}
+	if err := writeTarEntry(tf, "repositories", bytes.NewReader(reposBytes), int64(len(reposBytes))); err != nil {
+		return err
+	}
+	return nil
+}
+
+func dedupRefToImage(refToImage map[name.Reference]v1.Image) ([]v1.Image, map[v1.Image][]string) {
+	imageToTags := make(map[v1.Image][]string)
+
+	for ref, img := range refToImage {
+		if tag, ok := ref.(name.Tag); ok {
+			if tags, ok := imageToTags[img]; ok && tags != nil {
+				imageToTags[img] = append(tags, tag.String())
+			} else {
+				imageToTags[img] = []string{tag.String()}
+			}
+		} else {
+			if _, ok := imageToTags[img]; !ok {
+				imageToTags[img] = nil
+			}
+		}
+	}
+
+	// Force specific order on tags
+	imgs := []v1.Image{}
+	for img, tags := range imageToTags {
+		sort.Strings(tags)
+		imgs = append(imgs, img)
+	}
+
+	sort.Slice(imgs, func(i, j int) bool {
+		cfI, err := imgs[i].ConfigName()
+		if err != nil {
+			return false
+		}
+		cfJ, err := imgs[j].ConfigName()
+		if err != nil {
+			return false
+		}
+		return cfI.Hex < cfJ.Hex
+	})
+
+	return imgs, imageToTags
+}
+
+// Writes a file to the provided writer with a corresponding tar header
+func writeTarEntry(tf *tar.Writer, path string, r io.Reader, size int64) error {
+	hdr := &tar.Header{
+		Mode:     0644,
+		Typeflag: tar.TypeReg,
+		Size:     size,
+		Name:     path,
+	}
+	if err := tf.WriteHeader(hdr); err != nil {
+		return err
+	}
+	_, err := io.Copy(tf, r)
+	return err
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/logs/logs.go b/vendor/github.com/google/go-containerregistry/pkg/logs/logs.go
new file mode 100644
index 00000000..5d25d63d
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/logs/logs.go
@@ -0,0 +1,39 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package logs exposes the loggers used by this library.
+package logs
+
+import (
+	"io/ioutil"
+	"log"
+)
+
+var (
+	// Warn is used to log non-fatal errors.
+	Warn = log.New(ioutil.Discard, "", log.LstdFlags)
+
+	// Progress is used to log notable, successful events.
+	Progress = log.New(ioutil.Discard, "", log.LstdFlags)
+
+	// Debug is used to log information that is useful for debugging.
+	Debug = log.New(ioutil.Discard, "", log.LstdFlags)
+)
+
+// Enabled checks to see if the logger's writer is set to something other
+// than ioutil.Discard. This allows callers to avoid expensive operations
+// that will end up in /dev/null anyway.
+func Enabled(l *log.Logger) bool {
+	return l.Writer() != ioutil.Discard
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/name/README.md b/vendor/github.com/google/go-containerregistry/pkg/name/README.md
new file mode 100644
index 00000000..4889b844
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/name/README.md
@@ -0,0 +1,3 @@
+# `name`
+
+[![GoDoc](https://godoc.org/github.com/google/go-containerregistry/pkg/name?status.svg)](https://godoc.org/github.com/google/go-containerregistry/pkg/name)
diff --git a/vendor/github.com/google/go-containerregistry/pkg/name/check.go b/vendor/github.com/google/go-containerregistry/pkg/name/check.go
new file mode 100644
index 00000000..01b03e56
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/name/check.go
@@ -0,0 +1,43 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package name
+
+import (
+	"strings"
+	"unicode/utf8"
+)
+
+// stripRunesFn returns a function which returns -1 (i.e. a value which
+// signals deletion in strings.Map) for runes in 'runes', and the rune otherwise.
+func stripRunesFn(runes string) func(rune) rune {
+	return func(r rune) rune {
+		if strings.ContainsRune(runes, r) {
+			return -1
+		}
+		return r
+	}
+}
+
+// checkElement checks a given named element matches character and length restrictions.
+// Returns true if the given element adheres to the given restrictions, false otherwise.
+func checkElement(name, element, allowedRunes string, minRunes, maxRunes int) error {
+	numRunes := utf8.RuneCountInString(element)
+	if (numRunes < minRunes) || (maxRunes < numRunes) {
+		return NewErrBadName("%s must be between %d and %d runes in length: %s", name, minRunes, maxRunes, element)
+	} else if len(strings.Map(stripRunesFn(allowedRunes), element)) != 0 {
+		return NewErrBadName("%s can only contain the runes `%s`: %s", name, allowedRunes, element)
+	}
+	return nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/name/digest.go b/vendor/github.com/google/go-containerregistry/pkg/name/digest.go
new file mode 100644
index 00000000..120dd216
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/name/digest.go
@@ -0,0 +1,96 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package name
+
+import (
+	"strings"
+)
+
+const (
+	// These have the form: sha256:<hex string>
+	// TODO(dekkagaijin): replace with opencontainers/go-digest or docker/distribution's validation.
+	digestChars = "sh:0123456789abcdef"
+	digestDelim = "@"
+)
+
+// Digest stores a digest name in a structured form.
+type Digest struct {
+	Repository
+	digest   string
+	original string
+}
+
+// Ensure Digest implements Reference
+var _ Reference = (*Digest)(nil)
+
+// Context implements Reference.
+func (d Digest) Context() Repository {
+	return d.Repository
+}
+
+// Identifier implements Reference.
+func (d Digest) Identifier() string {
+	return d.DigestStr()
+}
+
+// DigestStr returns the digest component of the Digest.
+func (d Digest) DigestStr() string {
+	return d.digest
+}
+
+// Name returns the name from which the Digest was derived.
+func (d Digest) Name() string {
+	return d.Repository.Name() + digestDelim + d.DigestStr()
+}
+
+// String returns the original input string.
+func (d Digest) String() string {
+	return d.original
+}
+
+func checkDigest(name string) error {
+	return checkElement("digest", name, digestChars, 7+64, 7+64)
+}
+
+// NewDigest returns a new Digest representing the given name.
+func NewDigest(name string, opts ...Option) (Digest, error) {
+	// Split on "@"
+	parts := strings.Split(name, digestDelim)
+	if len(parts) != 2 {
+		return Digest{}, NewErrBadName("a digest must contain exactly one '@' separator (e.g. registry/repository@digest) saw: %s", name)
+	}
+	base := parts[0]
+	digest := parts[1]
+
+	// Always check that the digest is valid.
+	if err := checkDigest(digest); err != nil {
+		return Digest{}, err
+	}
+
+	tag, err := NewTag(base, opts...)
+	if err == nil {
+		base = tag.Repository.Name()
+	}
+
+	repo, err := NewRepository(base, opts...)
+	if err != nil {
+		return Digest{}, err
+	}
+	return Digest{
+		Repository: repo,
+		digest:     digest,
+		original:   name,
+	}, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/name/doc.go b/vendor/github.com/google/go-containerregistry/pkg/name/doc.go
new file mode 100644
index 00000000..b294794d
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/name/doc.go
@@ -0,0 +1,42 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package name defines structured types for representing image references.
+//
+// What's in a name? For image references, not nearly enough!
+//
+// Image references look a lot like URLs, but they differ in that they don't
+// contain the scheme (http or https), they can end with a :tag or a @digest
+// (the latter being validated), and they perform defaulting for missing
+// components.
+//
+// Since image references don't contain the scheme, we do our best to infer
+// if we use http or https from the given hostname. We allow http fallback for
+// any host that looks like localhost (localhost, 127.0.0.1, ::1), ends in
+// ".local", or is in the "private" address space per RFC 1918. For everything
+// else, we assume https only. To override this heuristic, use the Insecure
+// option.
+//
+// Image references with a digest signal to us that we should verify the content
+// of the image matches the digest. E.g. when pulling a Digest reference, we'll
+// calculate the sha256 of the manifest returned by the registry and error out
+// if it doesn't match what we asked for.
+//
+// For defaulting, we interpret "ubuntu" as
+// "index.docker.io/library/ubuntu:latest" because we add the missing repo
+// "library", the missing registry "index.docker.io", and the missing tag
+// "latest". To disable this defaulting, use the StrictValidation option. This
+// is useful e.g. to only allow image references that explicitly set a tag or
+// digest, so that you don't accidentally pull "latest".
+package name
diff --git a/vendor/github.com/google/go-containerregistry/pkg/name/errors.go b/vendor/github.com/google/go-containerregistry/pkg/name/errors.go
new file mode 100644
index 00000000..7847cc5d
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/name/errors.go
@@ -0,0 +1,37 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package name
+
+import "fmt"
+
+// ErrBadName is an error for when a bad docker name is supplied.
+type ErrBadName struct {
+	info string
+}
+
+func (e *ErrBadName) Error() string {
+	return e.info
+}
+
+// NewErrBadName returns a ErrBadName which returns the given formatted string from Error().
+func NewErrBadName(fmtStr string, args ...interface{}) *ErrBadName {
+	return &ErrBadName{fmt.Sprintf(fmtStr, args...)}
+}
+
+// IsErrBadName returns true if the given error is an ErrBadName.
+func IsErrBadName(err error) bool {
+	_, ok := err.(*ErrBadName)
+	return ok
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/name/options.go b/vendor/github.com/google/go-containerregistry/pkg/name/options.go
new file mode 100644
index 00000000..d14fedcd
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/name/options.go
@@ -0,0 +1,83 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package name
+
+const (
+	// DefaultRegistry is the registry name that will be used if no registry
+	// provided and the default is not overridden.
+	DefaultRegistry      = "index.docker.io"
+	defaultRegistryAlias = "docker.io"
+
+	// DefaultTag is the tag name that will be used if no tag provided and the
+	// default is not overridden.
+	DefaultTag = "latest"
+)
+
+type options struct {
+	strict          bool // weak by default
+	insecure        bool // secure by default
+	defaultRegistry string
+	defaultTag      string
+}
+
+func makeOptions(opts ...Option) options {
+	opt := options{
+		defaultRegistry: DefaultRegistry,
+		defaultTag:      DefaultTag,
+	}
+	for _, o := range opts {
+		o(&opt)
+	}
+	return opt
+}
+
+// Option is a functional option for name parsing.
+type Option func(*options)
+
+// StrictValidation is an Option that requires image references to be fully
+// specified; i.e. no defaulting for registry (dockerhub), repo (library),
+// or tag (latest).
+func StrictValidation(opts *options) {
+	opts.strict = true
+}
+
+// WeakValidation is an Option that sets defaults when parsing names, see
+// StrictValidation.
+func WeakValidation(opts *options) {
+	opts.strict = false
+}
+
+// Insecure is an Option that allows image references to be fetched without TLS.
+func Insecure(opts *options) {
+	opts.insecure = true
+}
+
+// OptionFn is a function that returns an option.
+type OptionFn func() Option
+
+// WithDefaultRegistry sets the default registry that will be used if one is not
+// provided.
+func WithDefaultRegistry(r string) Option {
+	return func(opts *options) {
+		opts.defaultRegistry = r
+	}
+}
+
+// WithDefaultTag sets the default tag that will be used if one is not provided.
+func WithDefaultTag(t string) Option {
+	return func(opts *options) {
+		opts.defaultTag = t
+	}
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/name/ref.go b/vendor/github.com/google/go-containerregistry/pkg/name/ref.go
new file mode 100644
index 00000000..f9388253
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/name/ref.go
@@ -0,0 +1,49 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package name
+
+import (
+	"fmt"
+)
+
+// Reference defines the interface that consumers use when they can
+// take either a tag or a digest.
+type Reference interface {
+	fmt.Stringer
+
+	// Context accesses the Repository context of the reference.
+	Context() Repository
+
+	// Identifier accesses the type-specific portion of the reference.
+	Identifier() string
+
+	// Name is the fully-qualified reference name.
+	Name() string
+
+	// Scope is the scope needed to access this reference.
+	Scope(string) string
+}
+
+// ParseReference parses the string as a reference, either by tag or digest.
+func ParseReference(s string, opts ...Option) (Reference, error) {
+	if t, err := NewTag(s, opts...); err == nil {
+		return t, nil
+	}
+	if d, err := NewDigest(s, opts...); err == nil {
+		return d, nil
+	}
+	return nil, NewErrBadName("could not parse reference: " + s)
+
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/name/registry.go b/vendor/github.com/google/go-containerregistry/pkg/name/registry.go
new file mode 100644
index 00000000..d4da7409
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/name/registry.go
@@ -0,0 +1,136 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package name
+
+import (
+	"net"
+	"net/url"
+	"regexp"
+	"strings"
+)
+
+// Detect more complex forms of local references.
+var reLocal = regexp.MustCompile(`.*\.local(?:host)?(?::\d{1,5})?$`)
+
+// Detect the loopback IP (127.0.0.1)
+var reLoopback = regexp.MustCompile(regexp.QuoteMeta("127.0.0.1"))
+
+// Detect the loopback IPV6 (::1)
+var reipv6Loopback = regexp.MustCompile(regexp.QuoteMeta("::1"))
+
+// Registry stores a docker registry name in a structured form.
+type Registry struct {
+	insecure bool
+	registry string
+}
+
+// RegistryStr returns the registry component of the Registry.
+func (r Registry) RegistryStr() string {
+	return r.registry
+}
+
+// Name returns the name from which the Registry was derived.
+func (r Registry) Name() string {
+	return r.RegistryStr()
+}
+
+func (r Registry) String() string {
+	return r.Name()
+}
+
+// Scope returns the scope required to access the registry.
+func (r Registry) Scope(string) string {
+	// The only resource under 'registry' is 'catalog'. http://goo.gl/N9cN9Z
+	return "registry:catalog:*"
+}
+
+func (r Registry) isRFC1918() bool {
+	ipStr := strings.Split(r.Name(), ":")[0]
+	ip := net.ParseIP(ipStr)
+	if ip == nil {
+		return false
+	}
+	for _, cidr := range []string{"10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"} {
+		_, block, _ := net.ParseCIDR(cidr)
+		if block.Contains(ip) {
+			return true
+		}
+	}
+	return false
+}
+
+// Scheme returns https scheme for all the endpoints except localhost or when explicitly defined.
+func (r Registry) Scheme() string {
+	if r.insecure {
+		return "http"
+	}
+	if r.isRFC1918() {
+		return "http"
+	}
+	if strings.HasPrefix(r.Name(), "localhost:") {
+		return "http"
+	}
+	if reLocal.MatchString(r.Name()) {
+		return "http"
+	}
+	if reLoopback.MatchString(r.Name()) {
+		return "http"
+	}
+	if reipv6Loopback.MatchString(r.Name()) {
+		return "http"
+	}
+	return "https"
+}
+
+func checkRegistry(name string) error {
+	// Per RFC 3986, registries (authorities) are required to be prefixed with "//"
+	// url.Host == hostname[:port] == authority
+	if url, err := url.Parse("//" + name); err != nil || url.Host != name {
+		return NewErrBadName("registries must be valid RFC 3986 URI authorities: %s", name)
+	}
+	return nil
+}
+
+// NewRegistry returns a Registry based on the given name.
+// Strict validation requires explicit, valid RFC 3986 URI authorities to be given.
+func NewRegistry(name string, opts ...Option) (Registry, error) {
+	opt := makeOptions(opts...)
+	if opt.strict && len(name) == 0 {
+		return Registry{}, NewErrBadName("strict validation requires the registry to be explicitly defined")
+	}
+
+	if err := checkRegistry(name); err != nil {
+		return Registry{}, err
+	}
+
+	if name == "" {
+		name = opt.defaultRegistry
+	}
+	// Rewrite "docker.io" to "index.docker.io".
+	// See: https://github.com/google/go-containerregistry/issues/68
+	if name == defaultRegistryAlias {
+		name = DefaultRegistry
+	}
+
+	return Registry{registry: name, insecure: opt.insecure}, nil
+}
+
+// NewInsecureRegistry returns an Insecure Registry based on the given name.
+//
+// Deprecated: Use the Insecure Option with NewRegistry instead.
+func NewInsecureRegistry(name string, opts ...Option) (Registry, error) {
+	opts = append(opts, Insecure)
+	return NewRegistry(name, opts...)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/name/repository.go b/vendor/github.com/google/go-containerregistry/pkg/name/repository.go
new file mode 100644
index 00000000..54367a15
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/name/repository.go
@@ -0,0 +1,121 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package name
+
+import (
+	"fmt"
+	"strings"
+)
+
+const (
+	defaultNamespace = "library"
+	repositoryChars  = "abcdefghijklmnopqrstuvwxyz0123456789_-./"
+	regRepoDelimiter = "/"
+)
+
+// Repository stores a docker repository name in a structured form.
+type Repository struct {
+	Registry
+	repository string
+}
+
+// See https://docs.docker.com/docker-hub/official_repos
+func hasImplicitNamespace(repo string, reg Registry) bool {
+	return !strings.ContainsRune(repo, '/') && reg.RegistryStr() == DefaultRegistry
+}
+
+// RepositoryStr returns the repository component of the Repository.
+func (r Repository) RepositoryStr() string {
+	if hasImplicitNamespace(r.repository, r.Registry) {
+		return fmt.Sprintf("%s/%s", defaultNamespace, r.repository)
+	}
+	return r.repository
+}
+
+// Name returns the name from which the Repository was derived.
+func (r Repository) Name() string {
+	regName := r.Registry.Name()
+	if regName != "" {
+		return regName + regRepoDelimiter + r.RepositoryStr()
+	}
+	// TODO: As far as I can tell, this is unreachable.
+	return r.RepositoryStr()
+}
+
+func (r Repository) String() string {
+	return r.Name()
+}
+
+// Scope returns the scope required to perform the given action on the registry.
+// TODO(jonjohnsonjr): consider moving scopes to a separate package.
+func (r Repository) Scope(action string) string {
+	return fmt.Sprintf("repository:%s:%s", r.RepositoryStr(), action)
+}
+
+func checkRepository(repository string) error {
+	return checkElement("repository", repository, repositoryChars, 2, 255)
+}
+
+// NewRepository returns a new Repository representing the given name, according to the given strictness.
+func NewRepository(name string, opts ...Option) (Repository, error) {
+	opt := makeOptions(opts...)
+	if len(name) == 0 {
+		return Repository{}, NewErrBadName("a repository name must be specified")
+	}
+
+	var registry string
+	repo := name
+	parts := strings.SplitN(name, regRepoDelimiter, 2)
+	if len(parts) == 2 && (strings.ContainsRune(parts[0], '.') || strings.ContainsRune(parts[0], ':')) {
+		// The first part of the repository is treated as the registry domain
+		// iff it contains a '.' or ':' character, otherwise it is all repository
+		// and the domain defaults to Docker Hub.
+		registry = parts[0]
+		repo = parts[1]
+	}
+
+	if err := checkRepository(repo); err != nil {
+		return Repository{}, err
+	}
+
+	reg, err := NewRegistry(registry, opts...)
+	if err != nil {
+		return Repository{}, err
+	}
+	if hasImplicitNamespace(repo, reg) && opt.strict {
+		return Repository{}, NewErrBadName("strict validation requires the full repository path (missing 'library')")
+	}
+	return Repository{reg, repo}, nil
+}
+
+// Tag returns a Tag in this Repository.
+func (r Repository) Tag(identifier string) Tag {
+	t := Tag{
+		tag:        identifier,
+		Repository: r,
+	}
+	t.original = t.Name()
+	return t
+}
+
+// Digest returns a Digest in this Repository.
+func (r Repository) Digest(identifier string) Digest {
+	d := Digest{
+		digest:     identifier,
+		Repository: r,
+	}
+	d.original = d.Name()
+	return d
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/name/tag.go b/vendor/github.com/google/go-containerregistry/pkg/name/tag.go
new file mode 100644
index 00000000..66bd1bec
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/name/tag.go
@@ -0,0 +1,108 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package name
+
+import (
+	"strings"
+)
+
+const (
+	// TODO(dekkagaijin): use the docker/distribution regexes for validation.
+	tagChars = "abcdefghijklmnopqrstuvwxyz0123456789_-.ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+	tagDelim = ":"
+)
+
+// Tag stores a docker tag name in a structured form.
+type Tag struct {
+	Repository
+	tag      string
+	original string
+}
+
+// Ensure Tag implements Reference
+var _ Reference = (*Tag)(nil)
+
+// Context implements Reference.
+func (t Tag) Context() Repository {
+	return t.Repository
+}
+
+// Identifier implements Reference.
+func (t Tag) Identifier() string {
+	return t.TagStr()
+}
+
+// TagStr returns the tag component of the Tag.
+func (t Tag) TagStr() string {
+	return t.tag
+}
+
+// Name returns the name from which the Tag was derived.
+func (t Tag) Name() string {
+	return t.Repository.Name() + tagDelim + t.TagStr()
+}
+
+// String returns the original input string.
+func (t Tag) String() string {
+	return t.original
+}
+
+// Scope returns the scope required to perform the given action on the tag.
+func (t Tag) Scope(action string) string {
+	return t.Repository.Scope(action)
+}
+
+func checkTag(name string) error {
+	return checkElement("tag", name, tagChars, 1, 128)
+}
+
+// NewTag returns a new Tag representing the given name, according to the given strictness.
+func NewTag(name string, opts ...Option) (Tag, error) {
+	opt := makeOptions(opts...)
+	base := name
+	tag := ""
+
+	// Split on ":"
+	parts := strings.Split(name, tagDelim)
+	// Verify that we aren't confusing a tag for a hostname w/ port for the purposes of weak validation.
+	if len(parts) > 1 && !strings.Contains(parts[len(parts)-1], regRepoDelimiter) {
+		base = strings.Join(parts[:len(parts)-1], tagDelim)
+		tag = parts[len(parts)-1]
+	}
+
+	// We don't require a tag, but if we get one check it's valid,
+	// even when not being strict.
+	// If we are being strict, we want to validate the tag regardless in case
+	// it's empty.
+	if tag != "" || opt.strict {
+		if err := checkTag(tag); err != nil {
+			return Tag{}, err
+		}
+	}
+
+	if tag == "" {
+		tag = opt.defaultTag
+	}
+
+	repo, err := NewRepository(base, opts...)
+	if err != nil {
+		return Tag{}, err
+	}
+	return Tag{
+		Repository: repo,
+		tag:        tag,
+		original:   name,
+	}, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/config.go b/vendor/github.com/google/go-containerregistry/pkg/v1/config.go
new file mode 100644
index 00000000..a950b397
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/config.go
@@ -0,0 +1,133 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1
+
+import (
+	"encoding/json"
+	"io"
+	"time"
+)
+
+// ConfigFile is the configuration file that holds the metadata describing
+// how to launch a container. See:
+// https://github.com/opencontainers/image-spec/blob/master/config.md
+//
+// docker_version and os.version are not part of the spec but included
+// for backwards compatibility.
+type ConfigFile struct {
+	Architecture  string    `json:"architecture"`
+	Author        string    `json:"author,omitempty"`
+	Container     string    `json:"container,omitempty"`
+	Created       Time      `json:"created,omitempty"`
+	DockerVersion string    `json:"docker_version,omitempty"`
+	History       []History `json:"history,omitempty"`
+	OS            string    `json:"os"`
+	RootFS        RootFS    `json:"rootfs"`
+	Config        Config    `json:"config"`
+	OSVersion     string    `json:"os.version,omitempty"`
+}
+
+// History is one entry of a list recording how this container image was built.
+type History struct {
+	Author     string `json:"author,omitempty"`
+	Created    Time   `json:"created,omitempty"`
+	CreatedBy  string `json:"created_by,omitempty"`
+	Comment    string `json:"comment,omitempty"`
+	EmptyLayer bool   `json:"empty_layer,omitempty"`
+}
+
+// Time is a wrapper around time.Time to help with deep copying
+type Time struct {
+	time.Time
+}
+
+// DeepCopyInto creates a deep-copy of the Time value.  The underlying time.Time
+// type is effectively immutable in the time API, so it is safe to
+// copy-by-assign, despite the presence of (unexported) Pointer fields.
+func (t *Time) DeepCopyInto(out *Time) {
+	*out = *t
+}
+
+// RootFS holds the ordered list of file system deltas that comprise the
+// container image's root filesystem.
+type RootFS struct {
+	Type    string `json:"type"`
+	DiffIDs []Hash `json:"diff_ids"`
+}
+
+// HealthConfig holds configuration settings for the HEALTHCHECK feature.
+type HealthConfig struct {
+	// Test is the test to perform to check that the container is healthy.
+	// An empty slice means to inherit the default.
+	// The options are:
+	// {} : inherit healthcheck
+	// {"NONE"} : disable healthcheck
+	// {"CMD", args...} : exec arguments directly
+	// {"CMD-SHELL", command} : run command with system's default shell
+	Test []string `json:",omitempty"`
+
+	// Zero means to inherit. Durations are expressed as integer nanoseconds.
+	Interval    time.Duration `json:",omitempty"` // Interval is the time to wait between checks.
+	Timeout     time.Duration `json:",omitempty"` // Timeout is the time to wait before considering the check to have hung.
+	StartPeriod time.Duration `json:",omitempty"` // The start period for the container to initialize before the retries starts to count down.
+
+	// Retries is the number of consecutive failures needed to consider a container as unhealthy.
+	// Zero means inherit.
+	Retries int `json:",omitempty"`
+}
+
+// Config is a submessage of the config file described as:
+//   The execution parameters which SHOULD be used as a base when running
+//   a container using the image.
+// The names of the fields in this message are chosen to reflect the JSON
+// payload of the Config as defined here:
+// https://git.io/vrAET
+// and
+// https://github.com/opencontainers/image-spec/blob/master/config.md
+type Config struct {
+	AttachStderr    bool                `json:"AttachStderr,omitempty"`
+	AttachStdin     bool                `json:"AttachStdin,omitempty"`
+	AttachStdout    bool                `json:"AttachStdout,omitempty"`
+	Cmd             []string            `json:"Cmd,omitempty"`
+	Healthcheck     *HealthConfig       `json:"Healthcheck,omitempty"`
+	Domainname      string              `json:"Domainname,omitempty"`
+	Entrypoint      []string            `json:"Entrypoint,omitempty"`
+	Env             []string            `json:"Env,omitempty"`
+	Hostname        string              `json:"Hostname,omitempty"`
+	Image           string              `json:"Image,omitempty"`
+	Labels          map[string]string   `json:"Labels,omitempty"`
+	OnBuild         []string            `json:"OnBuild,omitempty"`
+	OpenStdin       bool                `json:"OpenStdin,omitempty"`
+	StdinOnce       bool                `json:"StdinOnce,omitempty"`
+	Tty             bool                `json:"Tty,omitempty"`
+	User            string              `json:"User,omitempty"`
+	Volumes         map[string]struct{} `json:"Volumes,omitempty"`
+	WorkingDir      string              `json:"WorkingDir,omitempty"`
+	ExposedPorts    map[string]struct{} `json:"ExposedPorts,omitempty"`
+	ArgsEscaped     bool                `json:"ArgsEscaped,omitempty"`
+	NetworkDisabled bool                `json:"NetworkDisabled,omitempty"`
+	MacAddress      string              `json:"MacAddress,omitempty"`
+	StopSignal      string              `json:"StopSignal,omitempty"`
+	Shell           []string            `json:"Shell,omitempty"`
+}
+
+// ParseConfigFile parses the io.Reader's contents into a ConfigFile.
+func ParseConfigFile(r io.Reader) (*ConfigFile, error) {
+	cf := ConfigFile{}
+	if err := json.NewDecoder(r).Decode(&cf); err != nil {
+		return nil, err
+	}
+	return &cf, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/doc.go b/vendor/github.com/google/go-containerregistry/pkg/v1/doc.go
new file mode 100644
index 00000000..7a84736b
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/doc.go
@@ -0,0 +1,18 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// +k8s:deepcopy-gen=package
+
+// Package v1 defines structured types for OCI v1 images
+package v1
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/empty/README.md b/vendor/github.com/google/go-containerregistry/pkg/v1/empty/README.md
new file mode 100644
index 00000000..8663a830
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/empty/README.md
@@ -0,0 +1,8 @@
+# `empty`
+
+[![GoDoc](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/empty?status.svg)](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/empty)
+
+The empty packages provides an empty base for constructing a `v1.Image` or `v1.ImageIndex`.
+This is especially useful when paired with the [`mutate`](/pkg/v1/mutate) package,
+see [`mutate.Append`](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/mutate#Append)
+and [`mutate.AppendManifests`](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/mutate#AppendManifests).
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/empty/doc.go b/vendor/github.com/google/go-containerregistry/pkg/v1/empty/doc.go
new file mode 100644
index 00000000..1a521e9a
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/empty/doc.go
@@ -0,0 +1,16 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package empty provides an implementation of v1.Image equivalent to "FROM scratch".
+package empty
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/empty/image.go b/vendor/github.com/google/go-containerregistry/pkg/v1/empty/image.go
new file mode 100644
index 00000000..c58a06ce
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/empty/image.go
@@ -0,0 +1,52 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package empty
+
+import (
+	"fmt"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/partial"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
+
+// Image is a singleton empty image, think: FROM scratch.
+var Image, _ = partial.UncompressedToImage(emptyImage{})
+
+type emptyImage struct{}
+
+// MediaType implements partial.UncompressedImageCore.
+func (i emptyImage) MediaType() (types.MediaType, error) {
+	return types.DockerManifestSchema2, nil
+}
+
+// RawConfigFile implements partial.UncompressedImageCore.
+func (i emptyImage) RawConfigFile() ([]byte, error) {
+	return partial.RawConfigFile(i)
+}
+
+// ConfigFile implements v1.Image.
+func (i emptyImage) ConfigFile() (*v1.ConfigFile, error) {
+	return &v1.ConfigFile{
+		RootFS: v1.RootFS{
+			// Some clients check this.
+			Type: "layers",
+		},
+	}, nil
+}
+
+func (i emptyImage) LayerByDiffID(h v1.Hash) (partial.UncompressedLayer, error) {
+	return nil, fmt.Errorf("LayerByDiffID(%s): empty image", h)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/empty/index.go b/vendor/github.com/google/go-containerregistry/pkg/v1/empty/index.go
new file mode 100644
index 00000000..8edab24d
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/empty/index.go
@@ -0,0 +1,63 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package empty
+
+import (
+	"encoding/json"
+	"errors"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/partial"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
+
+// Index is a singleton empty index, think: FROM scratch.
+var Index = emptyIndex{}
+
+type emptyIndex struct{}
+
+func (i emptyIndex) MediaType() (types.MediaType, error) {
+	return types.OCIImageIndex, nil
+}
+
+func (i emptyIndex) Digest() (v1.Hash, error) {
+	return partial.Digest(i)
+}
+
+func (i emptyIndex) Size() (int64, error) {
+	return partial.Size(i)
+}
+
+func (i emptyIndex) IndexManifest() (*v1.IndexManifest, error) {
+	return base(), nil
+}
+
+func (i emptyIndex) RawManifest() ([]byte, error) {
+	return json.Marshal(base())
+}
+
+func (i emptyIndex) Image(v1.Hash) (v1.Image, error) {
+	return nil, errors.New("empty index")
+}
+
+func (i emptyIndex) ImageIndex(v1.Hash) (v1.ImageIndex, error) {
+	return nil, errors.New("empty index")
+}
+
+func base() *v1.IndexManifest {
+	return &v1.IndexManifest{
+		SchemaVersion: 2,
+	}
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/hash.go b/vendor/github.com/google/go-containerregistry/pkg/v1/hash.go
new file mode 100644
index 00000000..7fdf22e9
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/hash.go
@@ -0,0 +1,123 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
+	"fmt"
+	"hash"
+	"io"
+	"strconv"
+	"strings"
+)
+
+// Hash is an unqualified digest of some content, e.g. sha256:deadbeef
+type Hash struct {
+	// Algorithm holds the algorithm used to compute the hash.
+	Algorithm string
+
+	// Hex holds the hex portion of the content hash.
+	Hex string
+}
+
+// String reverses NewHash returning the string-form of the hash.
+func (h Hash) String() string {
+	return fmt.Sprintf("%s:%s", h.Algorithm, h.Hex)
+}
+
+// NewHash validates the input string is a hash and returns a strongly type Hash object.
+func NewHash(s string) (Hash, error) {
+	h := Hash{}
+	if err := h.parse(s); err != nil {
+		return Hash{}, err
+	}
+	return h, nil
+}
+
+// MarshalJSON implements json.Marshaler
+func (h Hash) MarshalJSON() ([]byte, error) {
+	return json.Marshal(h.String())
+}
+
+// UnmarshalJSON implements json.Unmarshaler
+func (h *Hash) UnmarshalJSON(data []byte) error {
+	s, err := strconv.Unquote(string(data))
+	if err != nil {
+		return err
+	}
+	return h.parse(s)
+}
+
+// MarshalText implements encoding.TextMarshaler. This is required to use
+// v1.Hash as a key in a map when marshalling JSON.
+func (h Hash) MarshalText() (text []byte, err error) {
+	return []byte(h.String()), nil
+}
+
+// UnmarshalText implements encoding.TextUnmarshaler. This is required to use
+// v1.Hash as a key in a map when unmarshalling JSON.
+func (h *Hash) UnmarshalText(text []byte) error {
+	return h.parse(string(text))
+}
+
+// Hasher returns a hash.Hash for the named algorithm (e.g. "sha256")
+func Hasher(name string) (hash.Hash, error) {
+	switch name {
+	case "sha256":
+		return sha256.New(), nil
+	default:
+		return nil, fmt.Errorf("unsupported hash: %q", name)
+	}
+}
+
+func (h *Hash) parse(unquoted string) error {
+	parts := strings.Split(unquoted, ":")
+	if len(parts) != 2 {
+		return fmt.Errorf("too many parts in hash: %s", unquoted)
+	}
+
+	rest := strings.TrimLeft(parts[1], "0123456789abcdef")
+	if len(rest) != 0 {
+		return fmt.Errorf("found non-hex character in hash: %c", rest[0])
+	}
+
+	hasher, err := Hasher(parts[0])
+	if err != nil {
+		return err
+	}
+	// Compare the hex to the expected size (2 hex characters per byte)
+	if len(parts[1]) != hasher.Size()*2 {
+		return fmt.Errorf("wrong number of hex digits for %s: %s", parts[0], parts[1])
+	}
+
+	h.Algorithm = parts[0]
+	h.Hex = parts[1]
+	return nil
+}
+
+// SHA256 computes the Hash of the provided io.Reader's content.
+func SHA256(r io.Reader) (Hash, int64, error) {
+	hasher := sha256.New()
+	n, err := io.Copy(hasher, r)
+	if err != nil {
+		return Hash{}, 0, err
+	}
+	return Hash{
+		Algorithm: "sha256",
+		Hex:       hex.EncodeToString(hasher.Sum(make([]byte, 0, hasher.Size()))),
+	}, n, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/image.go b/vendor/github.com/google/go-containerregistry/pkg/v1/image.go
new file mode 100644
index 00000000..8de9e476
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/image.go
@@ -0,0 +1,59 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1
+
+import (
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
+
+// Image defines the interface for interacting with an OCI v1 image.
+type Image interface {
+	// Layers returns the ordered collection of filesystem layers that comprise this image.
+	// The order of the list is oldest/base layer first, and most-recent/top layer last.
+	Layers() ([]Layer, error)
+
+	// MediaType of this image's manifest.
+	MediaType() (types.MediaType, error)
+
+	// Size returns the size of the manifest.
+	Size() (int64, error)
+
+	// ConfigName returns the hash of the image's config file, also known as
+	// the Image ID.
+	ConfigName() (Hash, error)
+
+	// ConfigFile returns this image's config file.
+	ConfigFile() (*ConfigFile, error)
+
+	// RawConfigFile returns the serialized bytes of ConfigFile().
+	RawConfigFile() ([]byte, error)
+
+	// Digest returns the sha256 of this image's manifest.
+	Digest() (Hash, error)
+
+	// Manifest returns this image's Manifest object.
+	Manifest() (*Manifest, error)
+
+	// RawManifest returns the serialized bytes of Manifest()
+	RawManifest() ([]byte, error)
+
+	// LayerByDigest returns a Layer for interacting with a particular layer of
+	// the image, looking it up by "digest" (the compressed hash).
+	LayerByDigest(Hash) (Layer, error)
+
+	// LayerByDiffID is an analog to LayerByDigest, looking up by "diff id"
+	// (the uncompressed hash).
+	LayerByDiffID(Hash) (Layer, error)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/index.go b/vendor/github.com/google/go-containerregistry/pkg/v1/index.go
new file mode 100644
index 00000000..8e7bc8eb
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/index.go
@@ -0,0 +1,43 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1
+
+import (
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
+
+// ImageIndex defines the interface for interacting with an OCI image index.
+type ImageIndex interface {
+	// MediaType of this image's manifest.
+	MediaType() (types.MediaType, error)
+
+	// Digest returns the sha256 of this index's manifest.
+	Digest() (Hash, error)
+
+	// Size returns the size of the manifest.
+	Size() (int64, error)
+
+	// IndexManifest returns this image index's manifest object.
+	IndexManifest() (*IndexManifest, error)
+
+	// RawManifest returns the serialized bytes of IndexManifest().
+	RawManifest() ([]byte, error)
+
+	// Image returns a v1.Image that this ImageIndex references.
+	Image(Hash) (Image, error)
+
+	// ImageIndex returns a v1.ImageIndex that this ImageIndex references.
+	ImageIndex(Hash) (ImageIndex, error)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layer.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layer.go
new file mode 100644
index 00000000..57447d26
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layer.go
@@ -0,0 +1,42 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1
+
+import (
+	"io"
+
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
+
+// Layer is an interface for accessing the properties of a particular layer of a v1.Image
+type Layer interface {
+	// Digest returns the Hash of the compressed layer.
+	Digest() (Hash, error)
+
+	// DiffID returns the Hash of the uncompressed layer.
+	DiffID() (Hash, error)
+
+	// Compressed returns an io.ReadCloser for the compressed layer contents.
+	Compressed() (io.ReadCloser, error)
+
+	// Uncompressed returns an io.ReadCloser for the uncompressed layer contents.
+	Uncompressed() (io.ReadCloser, error)
+
+	// Size returns the compressed size of the Layer.
+	Size() (int64, error)
+
+	// MediaType returns the media type of the Layer.
+	MediaType() (types.MediaType, error)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/README.md b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/README.md
new file mode 100644
index 00000000..54bee6d9
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/README.md
@@ -0,0 +1,5 @@
+# `layout`
+
+[![GoDoc](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/layout?status.svg)](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/layout)
+
+The `layout` package implements support for interacting with an [OCI Image Layout](https://github.com/opencontainers/image-spec/blob/master/image-layout.md).
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/blob.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/blob.go
new file mode 100644
index 00000000..ba90d4cd
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/blob.go
@@ -0,0 +1,38 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package layout
+
+import (
+	"io"
+	"io/ioutil"
+	"os"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+)
+
+// Blob returns a blob with the given hash from the Path.
+func (l Path) Blob(h v1.Hash) (io.ReadCloser, error) {
+	return os.Open(l.blobPath(h))
+}
+
+// Bytes is a convenience function to return a blob from the Path as
+// a byte slice.
+func (l Path) Bytes(h v1.Hash) ([]byte, error) {
+	return ioutil.ReadFile(l.blobPath(h))
+}
+
+func (l Path) blobPath(h v1.Hash) string {
+	return l.path("blobs", h.Algorithm, h.Hex)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/doc.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/doc.go
new file mode 100644
index 00000000..d80d2736
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/doc.go
@@ -0,0 +1,19 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package layout provides facilities for reading/writing artifacts from/to
+// an OCI image layout on disk, see:
+//
+// https://github.com/opencontainers/image-spec/blob/master/image-layout.md
+package layout
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/image.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/image.go
new file mode 100644
index 00000000..7c76a10c
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/image.go
@@ -0,0 +1,131 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package layout
+
+import (
+	"fmt"
+	"io"
+	"sync"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/partial"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
+
+type layoutImage struct {
+	path         Path
+	desc         v1.Descriptor
+	manifestLock sync.Mutex // Protects rawManifest
+	rawManifest  []byte
+}
+
+var _ partial.CompressedImageCore = (*layoutImage)(nil)
+
+// Image reads a v1.Image with digest h from the Path.
+func (l Path) Image(h v1.Hash) (v1.Image, error) {
+	ii, err := l.ImageIndex()
+	if err != nil {
+		return nil, err
+	}
+
+	return ii.Image(h)
+}
+
+func (li *layoutImage) MediaType() (types.MediaType, error) {
+	return li.desc.MediaType, nil
+}
+
+// Implements WithManifest for partial.Blobset.
+func (li *layoutImage) Manifest() (*v1.Manifest, error) {
+	return partial.Manifest(li)
+}
+
+func (li *layoutImage) RawManifest() ([]byte, error) {
+	li.manifestLock.Lock()
+	defer li.manifestLock.Unlock()
+	if li.rawManifest != nil {
+		return li.rawManifest, nil
+	}
+
+	b, err := li.path.Bytes(li.desc.Digest)
+	if err != nil {
+		return nil, err
+	}
+
+	li.rawManifest = b
+	return li.rawManifest, nil
+}
+
+func (li *layoutImage) RawConfigFile() ([]byte, error) {
+	manifest, err := li.Manifest()
+	if err != nil {
+		return nil, err
+	}
+
+	return li.path.Bytes(manifest.Config.Digest)
+}
+
+func (li *layoutImage) LayerByDigest(h v1.Hash) (partial.CompressedLayer, error) {
+	manifest, err := li.Manifest()
+	if err != nil {
+		return nil, err
+	}
+
+	if h == manifest.Config.Digest {
+		return partial.CompressedLayer(&compressedBlob{
+			path: li.path,
+			desc: manifest.Config,
+		}), nil
+	}
+
+	for _, desc := range manifest.Layers {
+		if h == desc.Digest {
+			switch desc.MediaType {
+			case types.OCILayer, types.DockerLayer:
+				return partial.CompressedToLayer(&compressedBlob{
+					path: li.path,
+					desc: desc,
+				})
+			default:
+				// TODO: We assume everything is a compressed blob, but that might not be true.
+				// TODO: Handle foreign layers.
+				return nil, fmt.Errorf("unexpected media type: %v for layer: %v", desc.MediaType, desc.Digest)
+			}
+		}
+	}
+
+	return nil, fmt.Errorf("could not find layer in image: %s", h)
+}
+
+type compressedBlob struct {
+	path Path
+	desc v1.Descriptor
+}
+
+func (b *compressedBlob) Digest() (v1.Hash, error) {
+	return b.desc.Digest, nil
+}
+
+func (b *compressedBlob) Compressed() (io.ReadCloser, error) {
+	return b.path.Blob(b.desc.Digest)
+}
+
+func (b *compressedBlob) Size() (int64, error) {
+	return b.desc.Size, nil
+}
+
+func (b *compressedBlob) MediaType() (types.MediaType, error) {
+	return b.desc.MediaType, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/index.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/index.go
new file mode 100644
index 00000000..6b7da2c2
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/index.go
@@ -0,0 +1,161 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package layout
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/partial"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
+
+var _ v1.ImageIndex = (*layoutIndex)(nil)
+
+type layoutIndex struct {
+	mediaType types.MediaType
+	path      Path
+	rawIndex  []byte
+}
+
+// ImageIndexFromPath is a convenience function which constructs a Path and returns its v1.ImageIndex.
+func ImageIndexFromPath(path string) (v1.ImageIndex, error) {
+	lp, err := FromPath(path)
+	if err != nil {
+		return nil, err
+	}
+	return lp.ImageIndex()
+}
+
+// ImageIndex returns a v1.ImageIndex for the Path.
+func (l Path) ImageIndex() (v1.ImageIndex, error) {
+	rawIndex, err := ioutil.ReadFile(l.path("index.json"))
+	if err != nil {
+		return nil, err
+	}
+
+	idx := &layoutIndex{
+		mediaType: types.OCIImageIndex,
+		path:      l,
+		rawIndex:  rawIndex,
+	}
+
+	return idx, nil
+}
+
+func (i *layoutIndex) MediaType() (types.MediaType, error) {
+	return i.mediaType, nil
+}
+
+func (i *layoutIndex) Digest() (v1.Hash, error) {
+	return partial.Digest(i)
+}
+
+func (i *layoutIndex) Size() (int64, error) {
+	return partial.Size(i)
+}
+
+func (i *layoutIndex) IndexManifest() (*v1.IndexManifest, error) {
+	var index v1.IndexManifest
+	err := json.Unmarshal(i.rawIndex, &index)
+	return &index, err
+}
+
+func (i *layoutIndex) RawManifest() ([]byte, error) {
+	return i.rawIndex, nil
+}
+
+func (i *layoutIndex) Image(h v1.Hash) (v1.Image, error) {
+	// Look up the digest in our manifest first to return a better error.
+	desc, err := i.findDescriptor(h)
+	if err != nil {
+		return nil, err
+	}
+
+	if !isExpectedMediaType(desc.MediaType, types.OCIManifestSchema1, types.DockerManifestSchema2) {
+		return nil, fmt.Errorf("unexpected media type for %v: %s", h, desc.MediaType)
+	}
+
+	img := &layoutImage{
+		path: i.path,
+		desc: *desc,
+	}
+	return partial.CompressedToImage(img)
+}
+
+func (i *layoutIndex) ImageIndex(h v1.Hash) (v1.ImageIndex, error) {
+	// Look up the digest in our manifest first to return a better error.
+	desc, err := i.findDescriptor(h)
+	if err != nil {
+		return nil, err
+	}
+
+	if !isExpectedMediaType(desc.MediaType, types.OCIImageIndex, types.DockerManifestList) {
+		return nil, fmt.Errorf("unexpected media type for %v: %s", h, desc.MediaType)
+	}
+
+	rawIndex, err := i.path.Bytes(h)
+	if err != nil {
+		return nil, err
+	}
+
+	return &layoutIndex{
+		mediaType: desc.MediaType,
+		path:      i.path,
+		rawIndex:  rawIndex,
+	}, nil
+}
+
+func (i *layoutIndex) Blob(h v1.Hash) (io.ReadCloser, error) {
+	return i.path.Blob(h)
+}
+
+func (i *layoutIndex) findDescriptor(h v1.Hash) (*v1.Descriptor, error) {
+	im, err := i.IndexManifest()
+	if err != nil {
+		return nil, err
+	}
+
+	if h == (v1.Hash{}) {
+		if len(im.Manifests) != 1 {
+			return nil, errors.New("oci layout must contain only a single image to be used with layout.Image")
+		}
+		return &(im.Manifests)[0], nil
+	}
+
+	for _, desc := range im.Manifests {
+		if desc.Digest == h {
+			return &desc, nil
+		}
+	}
+
+	return nil, fmt.Errorf("could not find descriptor in index: %s", h)
+}
+
+// TODO: Pull this out into methods on types.MediaType? e.g. instead, have:
+// * mt.IsIndex()
+// * mt.IsImage()
+func isExpectedMediaType(mt types.MediaType, expected ...types.MediaType) bool {
+	for _, allowed := range expected {
+		if mt == allowed {
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/layoutpath.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/layoutpath.go
new file mode 100644
index 00000000..a031ff5a
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/layoutpath.go
@@ -0,0 +1,25 @@
+// Copyright 2019 The original author or authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package layout
+
+import "path/filepath"
+
+// Path represents an OCI image layout rooted in a file system path
+type Path string
+
+func (l Path) path(elem ...string) string {
+	complete := []string{string(l)}
+	return filepath.Join(append(complete, elem...)...)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/options.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/options.go
new file mode 100644
index 00000000..5569e51d
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/options.go
@@ -0,0 +1,42 @@
+package layout
+
+import v1 "github.com/google/go-containerregistry/pkg/v1"
+
+// Option is a functional option for Layout.
+//
+// TODO: We'll need to change this signature to support Sparse/Thin images.
+// Or, alternatively, wrap it in a sparse.Image that returns an empty list for layers?
+type Option func(*v1.Descriptor) error
+
+// WithAnnotations adds annotations to the artifact descriptor.
+func WithAnnotations(annotations map[string]string) Option {
+	return func(desc *v1.Descriptor) error {
+		if desc.Annotations == nil {
+			desc.Annotations = make(map[string]string)
+		}
+		for k, v := range annotations {
+			desc.Annotations[k] = v
+		}
+
+		return nil
+	}
+}
+
+// WithURLs adds urls to the artifact descriptor.
+func WithURLs(urls []string) Option {
+	return func(desc *v1.Descriptor) error {
+		if desc.URLs == nil {
+			desc.URLs = []string{}
+		}
+		desc.URLs = append(desc.URLs, urls...)
+		return nil
+	}
+}
+
+// WithPlatform sets the platform of the artifact descriptor.
+func WithPlatform(platform v1.Platform) Option {
+	return func(desc *v1.Descriptor) error {
+		desc.Platform = &platform
+		return nil
+	}
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/read.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/read.go
new file mode 100644
index 00000000..796abc7d
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/read.go
@@ -0,0 +1,32 @@
+// Copyright 2019 The original author or authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package layout
+
+import (
+	"os"
+	"path/filepath"
+)
+
+// FromPath reads an OCI image layout at path and constructs a layout.Path.
+func FromPath(path string) (Path, error) {
+	// TODO: check oci-layout exists
+
+	_, err := os.Stat(filepath.Join(path, "index.json"))
+	if err != nil {
+		return "", err
+	}
+
+	return Path(path), nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/layout/write.go b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/write.go
new file mode 100644
index 00000000..d0b623c6
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/layout/write.go
@@ -0,0 +1,318 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package layout
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+	"golang.org/x/sync/errgroup"
+)
+
+var layoutFile = `{
+    "imageLayoutVersion": "1.0.0"
+}`
+
+// AppendImage writes a v1.Image to the Path and updates
+// the index.json to reference it.
+func (l Path) AppendImage(img v1.Image, options ...Option) error {
+	if err := l.WriteImage(img); err != nil {
+		return err
+	}
+
+	mt, err := img.MediaType()
+	if err != nil {
+		return err
+	}
+
+	d, err := img.Digest()
+	if err != nil {
+		return err
+	}
+
+	manifest, err := img.RawManifest()
+	if err != nil {
+		return err
+	}
+
+	desc := v1.Descriptor{
+		MediaType: mt,
+		Size:      int64(len(manifest)),
+		Digest:    d,
+	}
+
+	for _, opt := range options {
+		if err := opt(&desc); err != nil {
+			return err
+		}
+	}
+
+	return l.AppendDescriptor(desc)
+}
+
+// AppendIndex writes a v1.ImageIndex to the Path and updates
+// the index.json to reference it.
+func (l Path) AppendIndex(ii v1.ImageIndex, options ...Option) error {
+	if err := l.WriteIndex(ii); err != nil {
+		return err
+	}
+
+	mt, err := ii.MediaType()
+	if err != nil {
+		return err
+	}
+
+	d, err := ii.Digest()
+	if err != nil {
+		return err
+	}
+
+	manifest, err := ii.RawManifest()
+	if err != nil {
+		return err
+	}
+
+	desc := v1.Descriptor{
+		MediaType: mt,
+		Size:      int64(len(manifest)),
+		Digest:    d,
+	}
+
+	for _, opt := range options {
+		if err := opt(&desc); err != nil {
+			return err
+		}
+	}
+
+	return l.AppendDescriptor(desc)
+}
+
+// AppendDescriptor adds a descriptor to the index.json of the Path.
+func (l Path) AppendDescriptor(desc v1.Descriptor) error {
+	ii, err := l.ImageIndex()
+	if err != nil {
+		return err
+	}
+
+	index, err := ii.IndexManifest()
+	if err != nil {
+		return err
+	}
+
+	index.Manifests = append(index.Manifests, desc)
+
+	rawIndex, err := json.MarshalIndent(index, "", "   ")
+	if err != nil {
+		return err
+	}
+
+	return l.WriteFile("index.json", rawIndex, os.ModePerm)
+}
+
+// WriteFile write a file with arbitrary data at an arbitrary location in a v1
+// layout. Used mostly internally to write files like "oci-layout" and
+// "index.json", also can be used to write other arbitrary files. Do *not* use
+// this to write blobs. Use only WriteBlob() for that.
+func (l Path) WriteFile(name string, data []byte, perm os.FileMode) error {
+	if err := os.MkdirAll(l.path(), os.ModePerm); err != nil && !os.IsExist(err) {
+		return err
+	}
+
+	return ioutil.WriteFile(l.path(name), data, perm)
+
+}
+
+// WriteBlob copies a file to the blobs/ directory in the Path from the given ReadCloser at
+// blobs/{hash.Algorithm}/{hash.Hex}.
+func (l Path) WriteBlob(hash v1.Hash, r io.ReadCloser) error {
+	dir := l.path("blobs", hash.Algorithm)
+	if err := os.MkdirAll(dir, os.ModePerm); err != nil && !os.IsExist(err) {
+		return err
+	}
+
+	file := filepath.Join(dir, hash.Hex)
+	if _, err := os.Stat(file); err == nil {
+		// Blob already exists, that's fine.
+		return nil
+	}
+	w, err := os.Create(file)
+	if err != nil {
+		return err
+	}
+	defer w.Close()
+
+	_, err = io.Copy(w, r)
+	return err
+}
+
+// TODO: A streaming version of WriteBlob so we don't have to know the hash
+// before we write it.
+
+// TODO: For streaming layers we should write to a tmp file then Rename to the
+// final digest.
+func (l Path) writeLayer(layer v1.Layer) error {
+	d, err := layer.Digest()
+	if err != nil {
+		return err
+	}
+
+	r, err := layer.Compressed()
+	if err != nil {
+		return err
+	}
+
+	return l.WriteBlob(d, r)
+}
+
+// WriteImage writes an image, including its manifest, config and all of its
+// layers, to the blobs directory. If any blob already exists, as determined by
+// the hash filename, does not write it.
+// This function does *not* update the `index.json` file. If you want to write the
+// image and also update the `index.json`, call AppendImage(), which wraps this
+// and also updates the `index.json`.
+func (l Path) WriteImage(img v1.Image) error {
+	layers, err := img.Layers()
+	if err != nil {
+		return err
+	}
+
+	// Write the layers concurrently.
+	var g errgroup.Group
+	for _, layer := range layers {
+		layer := layer
+		g.Go(func() error {
+			return l.writeLayer(layer)
+		})
+	}
+	if err := g.Wait(); err != nil {
+		return err
+	}
+
+	// Write the config.
+	cfgName, err := img.ConfigName()
+	if err != nil {
+		return err
+	}
+	cfgBlob, err := img.RawConfigFile()
+	if err != nil {
+		return err
+	}
+	if err := l.WriteBlob(cfgName, ioutil.NopCloser(bytes.NewReader(cfgBlob))); err != nil {
+		return err
+	}
+
+	// Write the img manifest.
+	d, err := img.Digest()
+	if err != nil {
+		return err
+	}
+	manifest, err := img.RawManifest()
+	if err != nil {
+		return err
+	}
+
+	return l.WriteBlob(d, ioutil.NopCloser(bytes.NewReader(manifest)))
+}
+
+func (l Path) writeIndexToFile(indexFile string, ii v1.ImageIndex) error {
+	index, err := ii.IndexManifest()
+	if err != nil {
+		return err
+	}
+
+	// Walk the descriptors and write any v1.Image or v1.ImageIndex that we find.
+	// If we come across something we don't expect, just write it as a blob.
+	for _, desc := range index.Manifests {
+		switch desc.MediaType {
+		case types.OCIImageIndex, types.DockerManifestList:
+			ii, err := ii.ImageIndex(desc.Digest)
+			if err != nil {
+				return err
+			}
+			if err := l.WriteIndex(ii); err != nil {
+				return err
+			}
+		case types.OCIManifestSchema1, types.DockerManifestSchema2:
+			img, err := ii.Image(desc.Digest)
+			if err != nil {
+				return err
+			}
+			if err := l.WriteImage(img); err != nil {
+				return err
+			}
+		default:
+			// TODO: The layout could reference arbitrary things, which we should
+			// probably just pass through.
+		}
+	}
+
+	rawIndex, err := ii.RawManifest()
+	if err != nil {
+		return err
+	}
+
+	return l.WriteFile(indexFile, rawIndex, os.ModePerm)
+}
+
+// WriteIndex writes an index to the blobs directory. Walks down the children,
+// including its children manifests and/or indexes, and down the tree until all of
+// config and all layers, have been written. If any blob already exists, as determined by
+// the hash filename, does not write it.
+// This function does *not* update the `index.json` file. If you want to write the
+// index and also update the `index.json`, call AppendIndex(), which wraps this
+// and also updates the `index.json`.
+func (l Path) WriteIndex(ii v1.ImageIndex) error {
+	// Always just write oci-layout file, since it's small.
+	if err := l.WriteFile("oci-layout", []byte(layoutFile), os.ModePerm); err != nil {
+		return err
+	}
+
+	h, err := ii.Digest()
+	if err != nil {
+		return err
+	}
+
+	indexFile := filepath.Join("blobs", h.Algorithm, h.Hex)
+	return l.writeIndexToFile(indexFile, ii)
+
+}
+
+// Write constructs a Path at path from an ImageIndex.
+//
+// The contents are written in the following format:
+// At the top level, there is:
+//   One oci-layout file containing the version of this image-layout.
+//   One index.json file listing descriptors for the contained images.
+// Under blobs/, there is, for each image:
+//   One file for each layer, named after the layer's SHA.
+//   One file for each config blob, named after its SHA.
+//   One file for each manifest blob, named after its SHA.
+func Write(path string, ii v1.ImageIndex) (Path, error) {
+	lp := Path(path)
+	// Always just write oci-layout file, since it's small.
+	if err := lp.WriteFile("oci-layout", []byte(layoutFile), os.ModePerm); err != nil {
+		return "", err
+	}
+
+	// TODO create blobs/ in case there is a blobs file which would prevent the directory from being created
+
+	return lp, lp.writeIndexToFile("index.json", ii)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/manifest.go b/vendor/github.com/google/go-containerregistry/pkg/v1/manifest.go
new file mode 100644
index 00000000..36c341df
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/manifest.go
@@ -0,0 +1,67 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1
+
+import (
+	"encoding/json"
+	"io"
+
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
+
+// Manifest represents the OCI image manifest in a structured way.
+type Manifest struct {
+	SchemaVersion int64             `json:"schemaVersion,omitempty"`
+	MediaType     types.MediaType   `json:"mediaType"`
+	Config        Descriptor        `json:"config"`
+	Layers        []Descriptor      `json:"layers"`
+	Annotations   map[string]string `json:"annotations,omitempty"`
+}
+
+// IndexManifest represents an OCI image index in a structured way.
+type IndexManifest struct {
+	SchemaVersion int64             `json:"schemaVersion"`
+	MediaType     types.MediaType   `json:"mediaType,omitempty"`
+	Manifests     []Descriptor      `json:"manifests"`
+	Annotations   map[string]string `json:"annotations,omitempty"`
+}
+
+// Descriptor holds a reference from the manifest to one of its constituent elements.
+type Descriptor struct {
+	MediaType   types.MediaType   `json:"mediaType"`
+	Size        int64             `json:"size"`
+	Digest      Hash              `json:"digest"`
+	URLs        []string          `json:"urls,omitempty"`
+	Annotations map[string]string `json:"annotations,omitempty"`
+	Platform    *Platform         `json:"platform,omitempty"`
+}
+
+// ParseManifest parses the io.Reader's contents into a Manifest.
+func ParseManifest(r io.Reader) (*Manifest, error) {
+	m := Manifest{}
+	if err := json.NewDecoder(r).Decode(&m); err != nil {
+		return nil, err
+	}
+	return &m, nil
+}
+
+// ParseIndexManifest parses the io.Reader's contents into an IndexManifest.
+func ParseIndexManifest(r io.Reader) (*IndexManifest, error) {
+	im := IndexManifest{}
+	if err := json.NewDecoder(r).Decode(&im); err != nil {
+		return nil, err
+	}
+	return &im, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/match/match.go b/vendor/github.com/google/go-containerregistry/pkg/v1/match/match.go
new file mode 100644
index 00000000..39fae5e6
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/match/match.go
@@ -0,0 +1,73 @@
+// Copyright 2020 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package match provides functionality for conveniently matching a v1.Descriptor.
+package match
+
+import (
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	imagespec "github.com/opencontainers/image-spec/specs-go/v1"
+)
+
+// Matcher function that is given a v1.Descriptor, and returns whether or
+// not it matches a given rule. Can match on anything it wants in the Descriptor.
+type Matcher func(desc v1.Descriptor) bool
+
+// Name returns a match.Matcher that matches based on the value of the
+//  "org.opencontainers.image.ref.name" annotation:
+// github.com/opencontainers/image-spec/blob/v1.0.1/annotations.md#pre-defined-annotation-keys
+func Name(name string) Matcher {
+	return Annotation(imagespec.AnnotationRefName, name)
+}
+
+// Annotation returns a match.Matcher that matches based on the provided annotation.
+func Annotation(key, value string) Matcher {
+	return func(desc v1.Descriptor) bool {
+		if desc.Annotations == nil {
+			return false
+		}
+		if aValue, ok := desc.Annotations[key]; ok && aValue == value {
+			return true
+		}
+		return false
+	}
+}
+
+// Platform returns a match.Matcher that matches on the provided platform.
+// Ignores any descriptors that do not have a platform.
+func Platform(platform v1.Platform) Matcher {
+	return func(desc v1.Descriptor) bool {
+		if desc.Platform == nil {
+			return false
+		}
+		return desc.Platform.Equals(platform)
+	}
+}
+
+// MediaTypes returns a match.Matcher that matches at least one of the provided media types.
+func MediaTypes(mediaTypes []string) Matcher {
+	mts := map[string]bool{}
+	for _, media := range mediaTypes {
+		mts[media] = true
+	}
+	return func(desc v1.Descriptor) bool {
+		if desc.MediaType == "" {
+			return false
+		}
+		if _, ok := mts[string(desc.MediaType)]; ok {
+			return true
+		}
+		return false
+	}
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/README.md b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/README.md
new file mode 100644
index 00000000..5ca7c8b5
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/README.md
@@ -0,0 +1,56 @@
+# `mutate`
+
+[![GoDoc](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/mutate?status.svg)](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/mutate)
+
+The `v1.Image`, `v1.ImageIndex`, and `v1.Layer` interfaces provide only
+accessor methods, so they are essentially immutable. If you want to change
+something about them, you need to produce a new instance of that interface.
+
+A common use case for this library is to read an image from somewhere (a source),
+change something about it, and write the image somewhere else (a sink).
+
+Graphically, this looks something like:
+
+<p align="center">
+  <img src="/images/mutate.dot.svg" />
+</p>
+
+## Mutations
+
+This is obviously not a comprehensive set of useful transformations (PRs welcome!),
+but a rough summary of what the `mutate` package currently does:
+
+### `Config` and `ConfigFile`
+
+These allow you to change the [image configuration](https://github.com/opencontainers/image-spec/blob/master/config.md#properties),
+e.g. to change the entrypoint, environment, author, etc.
+
+### `Time`, `Canonical`, and `CreatedAt`
+
+These are useful in the context of [reproducible builds](https://reproducible-builds.org/),
+where you may want to strip timestamps and other non-reproducible information.
+
+### `Append`, `AppendLayers`, and `AppendManifests`
+
+These functions allow the extension of a `v1.Image` or `v1.ImageIndex` with
+new layers or manifests.
+
+For constructing an image `FROM scratch`, see the [`empty`](/pkg/v1/empty) package.
+
+### `MediaType` and `IndexMediaType`
+
+Sometimes, it is necessary to change the media type of an image or index,
+e.g. to appease a registry with strict validation of images (_looking at you, GCR_).
+
+### `Rebase`
+
+Rebase has [its own README](/cmd/crane/rebase.md).
+
+This is the underlying implementation of [`crane rebase`](https://github.com/google/go-containerregistry/blob/master/cmd/crane/doc/crane_rebase.md).
+
+### `Extract`
+
+Extract will flatten an image filesystem into a single tar stream,
+respecting whiteout files.
+
+This is the underlying implementation of [`crane export`](https://github.com/google/go-containerregistry/blob/master/cmd/crane/doc/crane_export.md).
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/doc.go b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/doc.go
new file mode 100644
index 00000000..dfbd9951
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/doc.go
@@ -0,0 +1,16 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package mutate provides facilities for mutating v1.Images of any kind.
+package mutate
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/image.go b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/image.go
new file mode 100644
index 00000000..14b9c70a
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/image.go
@@ -0,0 +1,270 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package mutate
+
+import (
+	"bytes"
+	"encoding/json"
+	"errors"
+	"strings"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/partial"
+	"github.com/google/go-containerregistry/pkg/v1/stream"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
+
+type image struct {
+	base v1.Image
+	adds []Addendum
+
+	computed   bool
+	configFile *v1.ConfigFile
+	manifest   *v1.Manifest
+	mediaType  *types.MediaType
+	diffIDMap  map[v1.Hash]v1.Layer
+	digestMap  map[v1.Hash]v1.Layer
+}
+
+var _ v1.Image = (*image)(nil)
+
+func (i *image) MediaType() (types.MediaType, error) {
+	if i.mediaType != nil {
+		return *i.mediaType, nil
+	}
+	return i.base.MediaType()
+}
+
+func (i *image) compute() error {
+	// Don't re-compute if already computed.
+	if i.computed {
+		return nil
+	}
+	var configFile *v1.ConfigFile
+	if i.configFile != nil {
+		configFile = i.configFile
+	} else {
+		cf, err := i.base.ConfigFile()
+		if err != nil {
+			return err
+		}
+		configFile = cf.DeepCopy()
+	}
+	diffIDs := configFile.RootFS.DiffIDs
+	history := configFile.History
+
+	diffIDMap := make(map[v1.Hash]v1.Layer)
+	digestMap := make(map[v1.Hash]v1.Layer)
+
+	for _, add := range i.adds {
+		history = append(history, add.History)
+		if add.Layer != nil {
+			diffID, err := add.Layer.DiffID()
+			if err != nil {
+				return err
+			}
+			diffIDs = append(diffIDs, diffID)
+			diffIDMap[diffID] = add.Layer
+		}
+	}
+
+	m, err := i.base.Manifest()
+	if err != nil {
+		return err
+	}
+	manifest := m.DeepCopy()
+	manifestLayers := manifest.Layers
+	for _, add := range i.adds {
+		if add.Layer == nil {
+			// Empty layers include only history in manifest.
+			continue
+		}
+
+		desc, err := partial.Descriptor(add.Layer)
+		if err != nil {
+			return err
+		}
+
+		// Fields in the addendum override the original descriptor.
+		if len(add.Annotations) != 0 {
+			desc.Annotations = add.Annotations
+		}
+		if len(add.URLs) != 0 {
+			desc.URLs = add.URLs
+		}
+
+		if add.MediaType != "" {
+			desc.MediaType = add.MediaType
+		}
+
+		manifestLayers = append(manifestLayers, *desc)
+		digestMap[desc.Digest] = add.Layer
+	}
+
+	configFile.RootFS.DiffIDs = diffIDs
+	configFile.History = history
+
+	manifest.Layers = manifestLayers
+
+	rcfg, err := json.Marshal(configFile)
+	if err != nil {
+		return err
+	}
+	d, sz, err := v1.SHA256(bytes.NewBuffer(rcfg))
+	if err != nil {
+		return err
+	}
+	manifest.Config.Digest = d
+	manifest.Config.Size = sz
+
+	// With OCI media types, this should not be set, see discussion:
+	// https://github.com/opencontainers/image-spec/pull/795
+	if i.mediaType != nil {
+		if strings.Contains(string(*i.mediaType), types.OCIVendorPrefix) {
+			manifest.MediaType = ""
+		} else if strings.Contains(string(*i.mediaType), types.DockerVendorPrefix) {
+			manifest.MediaType = *i.mediaType
+		}
+	}
+
+	i.configFile = configFile
+	i.manifest = manifest
+	i.diffIDMap = diffIDMap
+	i.digestMap = digestMap
+	i.computed = true
+	return nil
+}
+
+// Layers returns the ordered collection of filesystem layers that comprise this image.
+// The order of the list is oldest/base layer first, and most-recent/top layer last.
+func (i *image) Layers() ([]v1.Layer, error) {
+	if err := i.compute(); err == stream.ErrNotComputed {
+		// Image contains a streamable layer which has not yet been
+		// consumed. Just return the layers we have in case the caller
+		// is going to consume the layers.
+		layers, err := i.base.Layers()
+		if err != nil {
+			return nil, err
+		}
+		for _, add := range i.adds {
+			layers = append(layers, add.Layer)
+		}
+		return layers, nil
+	} else if err != nil {
+		return nil, err
+	}
+
+	diffIDs, err := partial.DiffIDs(i)
+	if err != nil {
+		return nil, err
+	}
+	ls := make([]v1.Layer, 0, len(diffIDs))
+	for _, h := range diffIDs {
+		l, err := i.LayerByDiffID(h)
+		if err != nil {
+			return nil, err
+		}
+		ls = append(ls, l)
+	}
+	return ls, nil
+}
+
+// ConfigName returns the hash of the image's config file.
+func (i *image) ConfigName() (v1.Hash, error) {
+	if err := i.compute(); err != nil {
+		return v1.Hash{}, err
+	}
+	return partial.ConfigName(i)
+}
+
+// ConfigFile returns this image's config file.
+func (i *image) ConfigFile() (*v1.ConfigFile, error) {
+	if err := i.compute(); err != nil {
+		return nil, err
+	}
+	return i.configFile, nil
+}
+
+// RawConfigFile returns the serialized bytes of ConfigFile()
+func (i *image) RawConfigFile() ([]byte, error) {
+	if err := i.compute(); err != nil {
+		return nil, err
+	}
+	return json.Marshal(i.configFile)
+}
+
+// Digest returns the sha256 of this image's manifest.
+func (i *image) Digest() (v1.Hash, error) {
+	if err := i.compute(); err != nil {
+		return v1.Hash{}, err
+	}
+	return partial.Digest(i)
+}
+
+// Size implements v1.Image.
+func (i *image) Size() (int64, error) {
+	if err := i.compute(); err != nil {
+		return -1, err
+	}
+	return partial.Size(i)
+}
+
+// Manifest returns this image's Manifest object.
+func (i *image) Manifest() (*v1.Manifest, error) {
+	if err := i.compute(); err != nil {
+		return nil, err
+	}
+	return i.manifest, nil
+}
+
+// RawManifest returns the serialized bytes of Manifest()
+func (i *image) RawManifest() ([]byte, error) {
+	if err := i.compute(); err != nil {
+		return nil, err
+	}
+	return json.Marshal(i.manifest)
+}
+
+// LayerByDigest returns a Layer for interacting with a particular layer of
+// the image, looking it up by "digest" (the compressed hash).
+func (i *image) LayerByDigest(h v1.Hash) (v1.Layer, error) {
+	if cn, err := i.ConfigName(); err != nil {
+		return nil, err
+	} else if h == cn {
+		return partial.ConfigLayer(i)
+	}
+	if layer, ok := i.digestMap[h]; ok {
+		return layer, nil
+	}
+	return i.base.LayerByDigest(h)
+}
+
+// LayerByDiffID is an analog to LayerByDigest, looking up by "diff id"
+// (the uncompressed hash).
+func (i *image) LayerByDiffID(h v1.Hash) (v1.Layer, error) {
+	if layer, ok := i.diffIDMap[h]; ok {
+		return layer, nil
+	}
+	return i.base.LayerByDiffID(h)
+}
+
+func validate(adds []Addendum) error {
+	for _, add := range adds {
+		if add.Layer == nil && !add.History.EmptyLayer {
+			return errors.New("unable to add a nil layer to the image")
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/index.go b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/index.go
new file mode 100644
index 00000000..b8f88c3b
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/index.go
@@ -0,0 +1,161 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package mutate
+
+import (
+	"encoding/json"
+	"strings"
+
+	"github.com/google/go-containerregistry/pkg/logs"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/partial"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
+
+func computeDescriptor(ia IndexAddendum) (*v1.Descriptor, error) {
+	desc, err := partial.Descriptor(ia.Add)
+	if err != nil {
+		return nil, err
+	}
+
+	// The IndexAddendum allows overriding Descriptor values.
+	if ia.Descriptor.Size != 0 {
+		desc.Size = ia.Descriptor.Size
+	}
+	if string(ia.Descriptor.MediaType) != "" {
+		desc.MediaType = ia.Descriptor.MediaType
+	}
+	if ia.Descriptor.Digest != (v1.Hash{}) {
+		desc.Digest = ia.Descriptor.Digest
+	}
+	if ia.Descriptor.Platform != nil {
+		desc.Platform = ia.Descriptor.Platform
+	}
+	if len(ia.Descriptor.URLs) != 0 {
+		desc.URLs = ia.Descriptor.URLs
+	}
+	if len(ia.Descriptor.Annotations) != 0 {
+		desc.Annotations = ia.Descriptor.Annotations
+	}
+
+	return desc, nil
+}
+
+type index struct {
+	base v1.ImageIndex
+	adds []IndexAddendum
+
+	computed  bool
+	manifest  *v1.IndexManifest
+	mediaType *types.MediaType
+	imageMap  map[v1.Hash]v1.Image
+	indexMap  map[v1.Hash]v1.ImageIndex
+}
+
+var _ v1.ImageIndex = (*index)(nil)
+
+func (i *index) MediaType() (types.MediaType, error) {
+	if i.mediaType != nil {
+		return *i.mediaType, nil
+	}
+	return i.base.MediaType()
+}
+
+func (i *index) Size() (int64, error) { return partial.Size(i) }
+
+func (i *index) compute() error {
+	// Don't re-compute if already computed.
+	if i.computed {
+		return nil
+	}
+
+	i.imageMap = make(map[v1.Hash]v1.Image)
+	i.indexMap = make(map[v1.Hash]v1.ImageIndex)
+
+	m, err := i.base.IndexManifest()
+	if err != nil {
+		return err
+	}
+	manifest := m.DeepCopy()
+	manifests := manifest.Manifests
+	for _, add := range i.adds {
+		desc, err := computeDescriptor(add)
+		if err != nil {
+			return err
+		}
+
+		manifests = append(manifests, *desc)
+		if idx, ok := add.Add.(v1.ImageIndex); ok {
+			i.indexMap[desc.Digest] = idx
+		} else if img, ok := add.Add.(v1.Image); ok {
+			i.imageMap[desc.Digest] = img
+		} else {
+			logs.Warn.Printf("Unexpected index addendum: %T", add.Add)
+		}
+	}
+	manifest.Manifests = manifests
+
+	// With OCI media types, this should not be set, see discussion:
+	// https://github.com/opencontainers/image-spec/pull/795
+	if i.mediaType != nil {
+		if strings.Contains(string(*i.mediaType), types.OCIVendorPrefix) {
+			manifest.MediaType = ""
+		} else if strings.Contains(string(*i.mediaType), types.DockerVendorPrefix) {
+			manifest.MediaType = *i.mediaType
+		}
+	}
+
+	i.manifest = manifest
+	i.computed = true
+	return nil
+}
+
+func (i *index) Image(h v1.Hash) (v1.Image, error) {
+	if img, ok := i.imageMap[h]; ok {
+		return img, nil
+	}
+	return i.base.Image(h)
+}
+
+func (i *index) ImageIndex(h v1.Hash) (v1.ImageIndex, error) {
+	if idx, ok := i.indexMap[h]; ok {
+		return idx, nil
+	}
+	return i.base.ImageIndex(h)
+}
+
+// Digest returns the sha256 of this image's manifest.
+func (i *index) Digest() (v1.Hash, error) {
+	if err := i.compute(); err != nil {
+		return v1.Hash{}, err
+	}
+	return partial.Digest(i)
+}
+
+// Manifest returns this image's Manifest object.
+func (i *index) IndexManifest() (*v1.IndexManifest, error) {
+	if err := i.compute(); err != nil {
+		return nil, err
+	}
+	return i.manifest, nil
+}
+
+// RawManifest returns the serialized bytes of Manifest()
+func (i *index) RawManifest() ([]byte, error) {
+	if err := i.compute(); err != nil {
+		return nil, err
+	}
+	return json.Marshal(i.manifest)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/mutate.go b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/mutate.go
new file mode 100644
index 00000000..aa139b75
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/mutate.go
@@ -0,0 +1,387 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package mutate
+
+import (
+	"archive/tar"
+	"bytes"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"path/filepath"
+	"strings"
+	"time"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/empty"
+	"github.com/google/go-containerregistry/pkg/v1/tarball"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+	"github.com/google/go-containerregistry/pkg/v1/v1util"
+)
+
+const whiteoutPrefix = ".wh."
+
+// Addendum contains layers and history to be appended
+// to a base image
+type Addendum struct {
+	Layer       v1.Layer
+	History     v1.History
+	URLs        []string
+	Annotations map[string]string
+	MediaType   types.MediaType
+}
+
+// AppendLayers applies layers to a base image.
+func AppendLayers(base v1.Image, layers ...v1.Layer) (v1.Image, error) {
+	additions := make([]Addendum, 0, len(layers))
+	for _, layer := range layers {
+		additions = append(additions, Addendum{Layer: layer})
+	}
+
+	return Append(base, additions...)
+}
+
+// Append will apply the list of addendums to the base image
+func Append(base v1.Image, adds ...Addendum) (v1.Image, error) {
+	if len(adds) == 0 {
+		return base, nil
+	}
+	if err := validate(adds); err != nil {
+		return nil, err
+	}
+
+	return &image{
+		base: base,
+		adds: adds,
+	}, nil
+}
+
+// Appendable is an interface that represents something that can be appended
+// to an ImageIndex. We need to be able to construct a v1.Descriptor in order
+// to append something, and this is the minimum required information for that.
+type Appendable interface {
+	MediaType() (types.MediaType, error)
+	Digest() (v1.Hash, error)
+	Size() (int64, error)
+}
+
+// IndexAddendum represents an appendable thing and all the properties that
+// we may want to override in the resulting v1.Descriptor.
+type IndexAddendum struct {
+	Add Appendable
+	v1.Descriptor
+}
+
+// AppendManifests appends a manifest to the ImageIndex.
+func AppendManifests(base v1.ImageIndex, adds ...IndexAddendum) v1.ImageIndex {
+	return &index{
+		base: base,
+		adds: adds,
+	}
+}
+
+// Config mutates the provided v1.Image to have the provided v1.Config
+func Config(base v1.Image, cfg v1.Config) (v1.Image, error) {
+	cf, err := base.ConfigFile()
+	if err != nil {
+		return nil, err
+	}
+
+	cf.Config = cfg
+
+	return ConfigFile(base, cf)
+}
+
+// ConfigFile mutates the provided v1.Image to have the provided v1.ConfigFile
+func ConfigFile(base v1.Image, cfg *v1.ConfigFile) (v1.Image, error) {
+	m, err := base.Manifest()
+	if err != nil {
+		return nil, err
+	}
+
+	image := &image{
+		base:       base,
+		manifest:   m.DeepCopy(),
+		configFile: cfg,
+	}
+
+	return image, nil
+}
+
+// CreatedAt mutates the provided v1.Image to have the provided v1.Time
+func CreatedAt(base v1.Image, created v1.Time) (v1.Image, error) {
+	cf, err := base.ConfigFile()
+	if err != nil {
+		return nil, err
+	}
+
+	cfg := cf.DeepCopy()
+	cfg.Created = created
+
+	return ConfigFile(base, cfg)
+}
+
+// Extract takes an image and returns an io.ReadCloser containing the image's
+// flattened filesystem.
+//
+// Callers can read the filesystem contents by passing the reader to
+// tar.NewReader, or io.Copy it directly to some output.
+//
+// If a caller doesn't read the full contents, they should Close it to free up
+// resources used during extraction.
+func Extract(img v1.Image) io.ReadCloser {
+	pr, pw := io.Pipe()
+
+	go func() {
+		// Close the writer with any errors encountered during
+		// extraction. These errors will be returned by the reader end
+		// on subsequent reads. If err == nil, the reader will return
+		// EOF.
+		pw.CloseWithError(extract(img, pw))
+	}()
+
+	return pr
+}
+
+// Adapted from https://github.com/google/containerregistry/blob/da03b395ccdc4e149e34fbb540483efce962dc64/client/v2_2/docker_image_.py#L816
+func extract(img v1.Image, w io.Writer) error {
+	tarWriter := tar.NewWriter(w)
+	defer tarWriter.Close()
+
+	fileMap := map[string]bool{}
+
+	layers, err := img.Layers()
+	if err != nil {
+		return fmt.Errorf("retrieving image layers: %v", err)
+	}
+	// we iterate through the layers in reverse order because it makes handling
+	// whiteout layers more efficient, since we can just keep track of the removed
+	// files as we see .wh. layers and ignore those in previous layers.
+	for i := len(layers) - 1; i >= 0; i-- {
+		layer := layers[i]
+		layerReader, err := layer.Uncompressed()
+		if err != nil {
+			return fmt.Errorf("reading layer contents: %v", err)
+		}
+		defer layerReader.Close()
+		tarReader := tar.NewReader(layerReader)
+		for {
+			header, err := tarReader.Next()
+			if err == io.EOF {
+				break
+			}
+			if err != nil {
+				return fmt.Errorf("reading tar: %v", err)
+			}
+
+			basename := filepath.Base(header.Name)
+			dirname := filepath.Dir(header.Name)
+			tombstone := strings.HasPrefix(basename, whiteoutPrefix)
+			if tombstone {
+				basename = basename[len(whiteoutPrefix):]
+			}
+
+			// check if we have seen value before
+			// if we're checking a directory, don't filepath.Join names
+			var name string
+			if header.Typeflag == tar.TypeDir {
+				name = header.Name
+			} else {
+				name = filepath.Join(dirname, basename)
+			}
+
+			if _, ok := fileMap[name]; ok {
+				continue
+			}
+
+			// check for a whited out parent directory
+			if inWhiteoutDir(fileMap, name) {
+				continue
+			}
+
+			// mark file as handled. non-directory implicitly tombstones
+			// any entries with a matching (or child) name
+			fileMap[name] = tombstone || !(header.Typeflag == tar.TypeDir)
+			if !tombstone {
+				tarWriter.WriteHeader(header)
+				if header.Size > 0 {
+					if _, err := io.Copy(tarWriter, tarReader); err != nil {
+						return err
+					}
+				}
+			}
+		}
+	}
+	return nil
+}
+
+func inWhiteoutDir(fileMap map[string]bool, file string) bool {
+	for {
+		if file == "" {
+			break
+		}
+		dirname := filepath.Dir(file)
+		if file == dirname {
+			break
+		}
+		if val, ok := fileMap[dirname]; ok && val {
+			return true
+		}
+		file = dirname
+	}
+	return false
+}
+
+// Time sets all timestamps in an image to the given timestamp.
+func Time(img v1.Image, t time.Time) (v1.Image, error) {
+	newImage := empty.Image
+
+	layers, err := img.Layers()
+	if err != nil {
+		return nil, fmt.Errorf("getting image layers: %v", err)
+	}
+
+	// Strip away all timestamps from layers
+	var newLayers []v1.Layer
+	for _, layer := range layers {
+		newLayer, err := layerTime(layer, t)
+		if err != nil {
+			return nil, fmt.Errorf("setting layer times: %v", err)
+		}
+		newLayers = append(newLayers, newLayer)
+	}
+
+	newImage, err = AppendLayers(newImage, newLayers...)
+	if err != nil {
+		return nil, fmt.Errorf("appending layers: %v", err)
+	}
+
+	ocf, err := img.ConfigFile()
+	if err != nil {
+		return nil, fmt.Errorf("getting original config file: %v", err)
+	}
+
+	cf, err := newImage.ConfigFile()
+	if err != nil {
+		return nil, fmt.Errorf("setting config file: %v", err)
+	}
+
+	cfg := cf.DeepCopy()
+
+	// Copy basic config over
+	cfg.Architecture = ocf.Architecture
+	cfg.OS = ocf.OS
+	cfg.OSVersion = ocf.OSVersion
+	cfg.Config = ocf.Config
+
+	// Strip away timestamps from the config file
+	cfg.Created = v1.Time{Time: t}
+
+	for _, h := range cfg.History {
+		h.Created = v1.Time{Time: t}
+	}
+
+	return ConfigFile(newImage, cfg)
+}
+
+func layerTime(layer v1.Layer, t time.Time) (v1.Layer, error) {
+	layerReader, err := layer.Uncompressed()
+	if err != nil {
+		return nil, fmt.Errorf("getting layer: %v", err)
+	}
+	defer layerReader.Close()
+	w := new(bytes.Buffer)
+	tarWriter := tar.NewWriter(w)
+	defer tarWriter.Close()
+
+	tarReader := tar.NewReader(layerReader)
+	for {
+		header, err := tarReader.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			return nil, fmt.Errorf("reading layer: %v", err)
+		}
+
+		header.ModTime = t
+		if err := tarWriter.WriteHeader(header); err != nil {
+			return nil, fmt.Errorf("writing tar header: %v", err)
+		}
+
+		if header.Typeflag == tar.TypeReg {
+			if _, err = io.Copy(tarWriter, tarReader); err != nil {
+				return nil, fmt.Errorf("writing layer file: %v", err)
+			}
+		}
+	}
+
+	if err := tarWriter.Close(); err != nil {
+		return nil, err
+	}
+
+	b := w.Bytes()
+	// gzip the contents, then create the layer
+	opener := func() (io.ReadCloser, error) {
+		return v1util.GzipReadCloser(ioutil.NopCloser(bytes.NewReader(b))), nil
+	}
+	layer, err = tarball.LayerFromOpener(opener)
+	if err != nil {
+		return nil, fmt.Errorf("creating layer: %v", err)
+	}
+
+	return layer, nil
+}
+
+// Canonical is a helper function to combine Time and configFile
+// to remove any randomness during a docker build.
+func Canonical(img v1.Image) (v1.Image, error) {
+	// Set all timestamps to 0
+	created := time.Time{}
+	img, err := Time(img, created)
+	if err != nil {
+		return nil, err
+	}
+
+	cf, err := img.ConfigFile()
+	if err != nil {
+		return nil, err
+	}
+
+	// Get rid of host-dependent random config
+	cfg := cf.DeepCopy()
+
+	cfg.Container = ""
+	cfg.Config.Hostname = ""
+	cfg.DockerVersion = ""
+
+	return ConfigFile(img, cfg)
+}
+
+// MediaType modifies the MediaType() of the given image.
+func MediaType(img v1.Image, mt types.MediaType) v1.Image {
+	return &image{
+		base:      img,
+		mediaType: &mt,
+	}
+}
+
+// IndexMediaType modifies the MediaType() of the given index.
+func IndexMediaType(idx v1.ImageIndex, mt types.MediaType) v1.ImageIndex {
+	return &index{
+		base:      idx,
+		mediaType: &mt,
+	}
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/rebase.go b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/rebase.go
new file mode 100644
index 00000000..a86a6524
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/mutate/rebase.go
@@ -0,0 +1,144 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package mutate
+
+import (
+	"fmt"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/empty"
+)
+
+// Rebase returns a new v1.Image where the oldBase in orig is replaced by newBase.
+func Rebase(orig, oldBase, newBase v1.Image) (v1.Image, error) {
+	// Verify that oldBase's layers are present in orig, otherwise orig is
+	// not based on oldBase at all.
+	origLayers, err := orig.Layers()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get layers for original: %v", err)
+	}
+	oldBaseLayers, err := oldBase.Layers()
+	if err != nil {
+		return nil, err
+	}
+	if len(oldBaseLayers) > len(origLayers) {
+		return nil, fmt.Errorf("image %q is not based on %q (too few layers)", orig, oldBase)
+	}
+	for i, l := range oldBaseLayers {
+		oldLayerDigest, err := l.Digest()
+		if err != nil {
+			return nil, fmt.Errorf("failed to get digest of layer %d of %q: %v", i, oldBase, err)
+		}
+		origLayerDigest, err := origLayers[i].Digest()
+		if err != nil {
+			return nil, fmt.Errorf("failed to get digest of layer %d of %q: %v", i, orig, err)
+		}
+		if oldLayerDigest != origLayerDigest {
+			return nil, fmt.Errorf("image %q is not based on %q (layer %d mismatch)", orig, oldBase, i)
+		}
+	}
+
+	oldConfig, err := oldBase.ConfigFile()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get config for old base: %v", err)
+	}
+
+	origConfig, err := orig.ConfigFile()
+	if err != nil {
+		return nil, fmt.Errorf("failed to get config for original: %v", err)
+	}
+
+	newConfig, err := newBase.ConfigFile()
+	if err != nil {
+		return nil, fmt.Errorf("could not get config for new base: %v", err)
+	}
+
+	// Stitch together an image that contains:
+	// - original image's config
+	// - new base image's os/arch properties
+	// - new base image's layers + top of original image's layers
+	// - new base image's history + top of original image's history
+	rebasedImage, err := Config(empty.Image, *origConfig.Config.DeepCopy())
+	if err != nil {
+		return nil, fmt.Errorf("failed to create empty image with original config: %v", err)
+	}
+
+	// Add new config properties from existing images.
+	rebasedConfig, err := rebasedImage.ConfigFile()
+	if err != nil {
+		return nil, fmt.Errorf("could not get config for rebased image: %v", err)
+	}
+	// OS/Arch properties from new base
+	rebasedConfig.Architecture = newConfig.Architecture
+	rebasedConfig.OS = newConfig.OS
+	rebasedConfig.OSVersion = newConfig.OSVersion
+
+	// Apply config properties to rebased.
+	rebasedImage, err = ConfigFile(rebasedImage, rebasedConfig)
+	if err != nil {
+		return nil, fmt.Errorf("failed to replace config for rebased image: %v", err)
+	}
+
+	// Get new base layers and config for history.
+	newBaseLayers, err := newBase.Layers()
+	if err != nil {
+		return nil, fmt.Errorf("could not get new base layers for new base: %v", err)
+	}
+	// Add new base layers.
+	rebasedImage, err = Append(rebasedImage, createAddendums(0, 0, newConfig.History, newBaseLayers)...)
+	if err != nil {
+		return nil, fmt.Errorf("failed to append new base image: %v", err)
+	}
+
+	// Add original layers above the old base.
+	rebasedImage, err = Append(rebasedImage, createAddendums(len(oldConfig.History), len(oldBaseLayers)+1, origConfig.History, origLayers)...)
+	if err != nil {
+		return nil, fmt.Errorf("failed to append original image: %v", err)
+	}
+
+	return rebasedImage, nil
+}
+
+// createAddendums makes a list of addendums from a history and layers starting from a specific history and layer
+// indexes.
+func createAddendums(startHistory, startLayer int, history []v1.History, layers []v1.Layer) []Addendum {
+	var adds []Addendum
+	// History should be a superset of layers; empty layers (e.g. ENV statements) only exist in history.
+	// They cannot be iterated identically but must be walked independently, only advancing the iterator for layers
+	// when a history entry for a non-empty layer is seen.
+	layerIndex := 0
+	for historyIndex := range history {
+		var layer v1.Layer
+		emptyLayer := history[historyIndex].EmptyLayer
+		if !emptyLayer {
+			layer = layers[layerIndex]
+			layerIndex++
+		}
+		if historyIndex >= startHistory || layerIndex >= startLayer {
+			adds = append(adds, Addendum{
+				Layer:   layer,
+				History: history[historyIndex],
+			})
+		}
+	}
+	// In the event history was malformed or non-existent, append the remaining layers.
+	for i := layerIndex; i < len(layers); i++ {
+		if i >= startLayer {
+			adds = append(adds, Addendum{Layer: layers[layerIndex]})
+		}
+	}
+
+	return adds
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/partial/README.md b/vendor/github.com/google/go-containerregistry/pkg/v1/partial/README.md
new file mode 100644
index 00000000..009214a8
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/partial/README.md
@@ -0,0 +1,66 @@
+# `partial`
+
+[![GoDoc](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/partial?status.svg)](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/partial)
+
+## Partial Implementations
+
+There are roughly two kinds of image representations: compressed and uncompressed.
+
+The implementations for these kinds of images are almost identical, with the only
+major difference being how blobs (config and layers) are fetched. This common
+code lives in this package, where you provide a _partial_ implementation of a
+compressed or uncompressed image, and you get back a full `v1.Image` implementation.
+
+### Examples
+
+In a registry, blobs are compressed, so it's easiest to implement a `v1.Image` in terms
+of compressed layers. `remote.remoteImage` does this by implementing `CompressedImageCore`:
+
+```go
+type CompressedImageCore interface {
+	RawConfigFile() ([]byte, error)
+	MediaType() (types.MediaType, error)
+	RawManifest() ([]byte, error)
+	LayerByDigest(v1.Hash) (CompressedLayer, error)
+}
+```
+
+In a tarball, blobs are (often) uncompressed, so it's easiest to implement a `v1.Image` in terms
+of uncompressed layers. `tarball.uncompressedImage` does this by implementing `UncompressedImageCore`:
+
+```go
+type CompressedImageCore interface {
+	RawConfigFile() ([]byte, error)
+	MediaType() (types.MediaType, error)
+	LayerByDiffID(v1.Hash) (UncompressedLayer, error)
+}
+```
+
+## Optional Methods
+
+Where possible, we access some information via optional methods as an optimization.
+
+### [`partial.Descriptor`](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/partial#Descriptor)
+
+There are some properties of a [`Descriptor`](https://github.com/opencontainers/image-spec/blob/master/descriptor.md#properties) that aren't derivable from just image data:
+
+* `MediaType`
+* `Platform`
+* `URLs`
+* `Annotations`
+
+For example, in a `tarball.Image`, there is a `LayerSources` field that contains
+an entire layer descriptor with `URLs` information for foreign layers. This
+information can be passed through to callers by implementing this optional
+`Descriptor` method.
+
+See [`#654`](https://github.com/google/go-containerregistry/pull/654).
+
+### [`partial.UncompressedSize`](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/partial#UncompressedSize)
+
+Usually, you don't need to know the uncompressed size of a layer, since that
+information isn't stored in a config file (just he sha256 is needed); however,
+there are cases where it is very helpful to know the layer size, e.g. when
+writing the uncompressed layer into a tarball.
+
+See [`#655`](https://github.com/google/go-containerregistry/pull/655).
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/partial/compressed.go b/vendor/github.com/google/go-containerregistry/pkg/v1/partial/compressed.go
new file mode 100644
index 00000000..1f74919c
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/partial/compressed.go
@@ -0,0 +1,163 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package partial
+
+import (
+	"io"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+	"github.com/google/go-containerregistry/pkg/v1/v1util"
+)
+
+// CompressedLayer represents the bare minimum interface a natively
+// compressed layer must implement for us to produce a v1.Layer
+type CompressedLayer interface {
+	// Digest returns the Hash of the compressed layer.
+	Digest() (v1.Hash, error)
+
+	// Compressed returns an io.ReadCloser for the compressed layer contents.
+	Compressed() (io.ReadCloser, error)
+
+	// Size returns the compressed size of the Layer.
+	Size() (int64, error)
+
+	// Returns the mediaType for the compressed Layer
+	MediaType() (types.MediaType, error)
+}
+
+// compressedLayerExtender implements v1.Image using the compressed base properties.
+type compressedLayerExtender struct {
+	CompressedLayer
+}
+
+// Uncompressed implements v1.Layer
+func (cle *compressedLayerExtender) Uncompressed() (io.ReadCloser, error) {
+	r, err := cle.Compressed()
+	if err != nil {
+		return nil, err
+	}
+	return v1util.GunzipReadCloser(r)
+}
+
+// DiffID implements v1.Layer
+func (cle *compressedLayerExtender) DiffID() (v1.Hash, error) {
+	// If our nested CompressedLayer implements DiffID,
+	// then delegate to it instead.
+	if wdi, ok := cle.CompressedLayer.(WithDiffID); ok {
+		return wdi.DiffID()
+	}
+	r, err := cle.Uncompressed()
+	if err != nil {
+		return v1.Hash{}, err
+	}
+	defer r.Close()
+	h, _, err := v1.SHA256(r)
+	return h, err
+}
+
+// CompressedToLayer fills in the missing methods from a CompressedLayer so that it implements v1.Layer
+func CompressedToLayer(ul CompressedLayer) (v1.Layer, error) {
+	return &compressedLayerExtender{ul}, nil
+}
+
+// CompressedImageCore represents the base minimum interface a natively
+// compressed image must implement for us to produce a v1.Image.
+type CompressedImageCore interface {
+	ImageCore
+
+	// RawManifest returns the serialized bytes of the manifest.
+	RawManifest() ([]byte, error)
+
+	// LayerByDigest is a variation on the v1.Image method, which returns
+	// a CompressedLayer instead.
+	LayerByDigest(v1.Hash) (CompressedLayer, error)
+}
+
+// compressedImageExtender implements v1.Image by extending CompressedImageCore with the
+// appropriate methods computed from the minimal core.
+type compressedImageExtender struct {
+	CompressedImageCore
+}
+
+// Assert that our extender type completes the v1.Image interface
+var _ v1.Image = (*compressedImageExtender)(nil)
+
+// Digest implements v1.Image
+func (i *compressedImageExtender) Digest() (v1.Hash, error) {
+	return Digest(i)
+}
+
+// ConfigName implements v1.Image
+func (i *compressedImageExtender) ConfigName() (v1.Hash, error) {
+	return ConfigName(i)
+}
+
+// Layers implements v1.Image
+func (i *compressedImageExtender) Layers() ([]v1.Layer, error) {
+	hs, err := FSLayers(i)
+	if err != nil {
+		return nil, err
+	}
+	ls := make([]v1.Layer, 0, len(hs))
+	for _, h := range hs {
+		l, err := i.LayerByDigest(h)
+		if err != nil {
+			return nil, err
+		}
+		ls = append(ls, l)
+	}
+	return ls, nil
+}
+
+// LayerByDigest implements v1.Image
+func (i *compressedImageExtender) LayerByDigest(h v1.Hash) (v1.Layer, error) {
+	cl, err := i.CompressedImageCore.LayerByDigest(h)
+	if err != nil {
+		return nil, err
+	}
+	return CompressedToLayer(cl)
+}
+
+// LayerByDiffID implements v1.Image
+func (i *compressedImageExtender) LayerByDiffID(h v1.Hash) (v1.Layer, error) {
+	h, err := DiffIDToBlob(i, h)
+	if err != nil {
+		return nil, err
+	}
+	return i.LayerByDigest(h)
+}
+
+// ConfigFile implements v1.Image
+func (i *compressedImageExtender) ConfigFile() (*v1.ConfigFile, error) {
+	return ConfigFile(i)
+}
+
+// Manifest implements v1.Image
+func (i *compressedImageExtender) Manifest() (*v1.Manifest, error) {
+	return Manifest(i)
+}
+
+// Size implements v1.Image
+func (i *compressedImageExtender) Size() (int64, error) {
+	return Size(i)
+}
+
+// CompressedToImage fills in the missing methods from a CompressedImageCore so that it implements v1.Image
+func CompressedToImage(cic CompressedImageCore) (v1.Image, error) {
+	return &compressedImageExtender{
+		CompressedImageCore: cic,
+	}, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/partial/doc.go b/vendor/github.com/google/go-containerregistry/pkg/v1/partial/doc.go
new file mode 100644
index 00000000..153dfe4d
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/partial/doc.go
@@ -0,0 +1,17 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package partial defines methods for building up a v1.Image from
+// minimal subsets that are sufficient for defining a v1.Image.
+package partial
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/partial/image.go b/vendor/github.com/google/go-containerregistry/pkg/v1/partial/image.go
new file mode 100644
index 00000000..c65f45e0
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/partial/image.go
@@ -0,0 +1,28 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package partial
+
+import (
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
+
+// ImageCore is the core set of properties without which we cannot build a v1.Image
+type ImageCore interface {
+	// RawConfigFile returns the serialized bytes of this image's config file.
+	RawConfigFile() ([]byte, error)
+
+	// MediaType of this image's manifest.
+	MediaType() (types.MediaType, error)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/partial/index.go b/vendor/github.com/google/go-containerregistry/pkg/v1/partial/index.go
new file mode 100644
index 00000000..9c7a9248
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/partial/index.go
@@ -0,0 +1,85 @@
+// Copyright 2020 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package partial
+
+import (
+	"fmt"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/match"
+)
+
+// FindManifests given a v1.ImageIndex, find the manifests that fit the matcher.
+func FindManifests(index v1.ImageIndex, matcher match.Matcher) ([]v1.Descriptor, error) {
+	// get the actual manifest list
+	indexManifest, err := index.IndexManifest()
+	if err != nil {
+		return nil, fmt.Errorf("unable to get raw index: %v", err)
+	}
+	manifests := []v1.Descriptor{}
+	// try to get the root of our image
+	for _, manifest := range indexManifest.Manifests {
+		if matcher(manifest) {
+			manifests = append(manifests, manifest)
+		}
+	}
+	return manifests, nil
+}
+
+// FindImages given a v1.ImageIndex, find the images that fit the matcher. If a Descriptor
+// matches the provider Matcher, but the referenced item is not an Image, ignores it.
+// Only returns those that match the Matcher and are images.
+func FindImages(index v1.ImageIndex, matcher match.Matcher) ([]v1.Image, error) {
+	matches := []v1.Image{}
+	manifests, err := FindManifests(index, matcher)
+	if err != nil {
+		return nil, err
+	}
+	for _, desc := range manifests {
+		// if it is not an image, ignore it
+		if !desc.MediaType.IsImage() {
+			continue
+		}
+		img, err := index.Image(desc.Digest)
+		if err != nil {
+			return nil, err
+		}
+		matches = append(matches, img)
+	}
+	return matches, nil
+}
+
+// FindIndexes given a v1.ImageIndex, find the indexes that fit the matcher. If a Descriptor
+// matches the provider Matcher, but the referenced item is not an Index, ignores it.
+// Only returns those that match the Matcher and are indexes.
+func FindIndexes(index v1.ImageIndex, matcher match.Matcher) ([]v1.ImageIndex, error) {
+	matches := []v1.ImageIndex{}
+	manifests, err := FindManifests(index, matcher)
+	if err != nil {
+		return nil, err
+	}
+	for _, desc := range manifests {
+		if !desc.MediaType.IsIndex() {
+			continue
+		}
+		// if it is not an index, ignore it
+		idx, err := index.ImageIndex(desc.Digest)
+		if err != nil {
+			return nil, err
+		}
+		matches = append(matches, idx)
+	}
+	return matches, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/partial/uncompressed.go b/vendor/github.com/google/go-containerregistry/pkg/v1/partial/uncompressed.go
new file mode 100644
index 00000000..7f2062ca
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/partial/uncompressed.go
@@ -0,0 +1,223 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package partial
+
+import (
+	"bytes"
+	"io"
+	"sync"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+	"github.com/google/go-containerregistry/pkg/v1/v1util"
+)
+
+// UncompressedLayer represents the bare minimum interface a natively
+// uncompressed layer must implement for us to produce a v1.Layer
+type UncompressedLayer interface {
+	// DiffID returns the Hash of the uncompressed layer.
+	DiffID() (v1.Hash, error)
+
+	// Uncompressed returns an io.ReadCloser for the uncompressed layer contents.
+	Uncompressed() (io.ReadCloser, error)
+
+	// Returns the mediaType for the compressed Layer
+	MediaType() (types.MediaType, error)
+}
+
+// uncompressedLayerExtender implements v1.Image using the uncompressed base properties.
+type uncompressedLayerExtender struct {
+	UncompressedLayer
+	// Memoize size/hash so that the methods aren't twice as
+	// expensive as doing this manually.
+	hash          v1.Hash
+	size          int64
+	hashSizeError error
+	once          sync.Once
+}
+
+// Compressed implements v1.Layer
+func (ule *uncompressedLayerExtender) Compressed() (io.ReadCloser, error) {
+	u, err := ule.Uncompressed()
+	if err != nil {
+		return nil, err
+	}
+	return v1util.GzipReadCloser(u), nil
+}
+
+// Digest implements v1.Layer
+func (ule *uncompressedLayerExtender) Digest() (v1.Hash, error) {
+	ule.calcSizeHash()
+	return ule.hash, ule.hashSizeError
+}
+
+// Size implements v1.Layer
+func (ule *uncompressedLayerExtender) Size() (int64, error) {
+	ule.calcSizeHash()
+	return ule.size, ule.hashSizeError
+}
+
+func (ule *uncompressedLayerExtender) calcSizeHash() {
+	ule.once.Do(func() {
+		var r io.ReadCloser
+		r, ule.hashSizeError = ule.Compressed()
+		if ule.hashSizeError != nil {
+			return
+		}
+		defer r.Close()
+		ule.hash, ule.size, ule.hashSizeError = v1.SHA256(r)
+	})
+}
+
+// UncompressedToLayer fills in the missing methods from an UncompressedLayer so that it implements v1.Layer
+func UncompressedToLayer(ul UncompressedLayer) (v1.Layer, error) {
+	return &uncompressedLayerExtender{UncompressedLayer: ul}, nil
+}
+
+// UncompressedImageCore represents the bare minimum interface a natively
+// uncompressed image must implement for us to produce a v1.Image
+type UncompressedImageCore interface {
+	ImageCore
+
+	// LayerByDiffID is a variation on the v1.Image method, which returns
+	// an UncompressedLayer instead.
+	LayerByDiffID(v1.Hash) (UncompressedLayer, error)
+}
+
+// UncompressedToImage fills in the missing methods from an UncompressedImageCore so that it implements v1.Image.
+func UncompressedToImage(uic UncompressedImageCore) (v1.Image, error) {
+	return &uncompressedImageExtender{
+		UncompressedImageCore: uic,
+	}, nil
+}
+
+// uncompressedImageExtender implements v1.Image by extending UncompressedImageCore with the
+// appropriate methods computed from the minimal core.
+type uncompressedImageExtender struct {
+	UncompressedImageCore
+
+	lock     sync.Mutex
+	manifest *v1.Manifest
+}
+
+// Assert that our extender type completes the v1.Image interface
+var _ v1.Image = (*uncompressedImageExtender)(nil)
+
+// Digest implements v1.Image
+func (i *uncompressedImageExtender) Digest() (v1.Hash, error) {
+	return Digest(i)
+}
+
+// Manifest implements v1.Image
+func (i *uncompressedImageExtender) Manifest() (*v1.Manifest, error) {
+	i.lock.Lock()
+	defer i.lock.Unlock()
+	if i.manifest != nil {
+		return i.manifest, nil
+	}
+
+	b, err := i.RawConfigFile()
+	if err != nil {
+		return nil, err
+	}
+
+	cfgHash, cfgSize, err := v1.SHA256(bytes.NewReader(b))
+	if err != nil {
+		return nil, err
+	}
+
+	m := &v1.Manifest{
+		SchemaVersion: 2,
+		MediaType:     types.DockerManifestSchema2,
+		Config: v1.Descriptor{
+			MediaType: types.DockerConfigJSON,
+			Size:      cfgSize,
+			Digest:    cfgHash,
+		},
+	}
+
+	ls, err := i.Layers()
+	if err != nil {
+		return nil, err
+	}
+
+	m.Layers = make([]v1.Descriptor, len(ls))
+	for i, l := range ls {
+		desc, err := Descriptor(l)
+		if err != nil {
+			return nil, err
+		}
+
+		m.Layers[i] = *desc
+	}
+
+	i.manifest = m
+	return i.manifest, nil
+}
+
+// RawManifest implements v1.Image
+func (i *uncompressedImageExtender) RawManifest() ([]byte, error) {
+	return RawManifest(i)
+}
+
+// Size implements v1.Image
+func (i *uncompressedImageExtender) Size() (int64, error) {
+	return Size(i)
+}
+
+// ConfigName implements v1.Image
+func (i *uncompressedImageExtender) ConfigName() (v1.Hash, error) {
+	return ConfigName(i)
+}
+
+// ConfigFile implements v1.Image
+func (i *uncompressedImageExtender) ConfigFile() (*v1.ConfigFile, error) {
+	return ConfigFile(i)
+}
+
+// Layers implements v1.Image
+func (i *uncompressedImageExtender) Layers() ([]v1.Layer, error) {
+	diffIDs, err := DiffIDs(i)
+	if err != nil {
+		return nil, err
+	}
+	ls := make([]v1.Layer, 0, len(diffIDs))
+	for _, h := range diffIDs {
+		l, err := i.LayerByDiffID(h)
+		if err != nil {
+			return nil, err
+		}
+		ls = append(ls, l)
+	}
+	return ls, nil
+}
+
+// LayerByDiffID implements v1.Image
+func (i *uncompressedImageExtender) LayerByDiffID(diffID v1.Hash) (v1.Layer, error) {
+	ul, err := i.UncompressedImageCore.LayerByDiffID(diffID)
+	if err != nil {
+		return nil, err
+	}
+	return UncompressedToLayer(ul)
+}
+
+// LayerByDigest implements v1.Image
+func (i *uncompressedImageExtender) LayerByDigest(h v1.Hash) (v1.Layer, error) {
+	diffID, err := BlobToDiffID(i, h)
+	if err != nil {
+		return nil, err
+	}
+	return i.LayerByDiffID(diffID)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/partial/with.go b/vendor/github.com/google/go-containerregistry/pkg/v1/partial/with.go
new file mode 100644
index 00000000..b24f31c7
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/partial/with.go
@@ -0,0 +1,382 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package partial
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"io/ioutil"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
+
+// WithRawConfigFile defines the subset of v1.Image used by these helper methods
+type WithRawConfigFile interface {
+	// RawConfigFile returns the serialized bytes of this image's config file.
+	RawConfigFile() ([]byte, error)
+}
+
+// ConfigFile is a helper for implementing v1.Image
+func ConfigFile(i WithRawConfigFile) (*v1.ConfigFile, error) {
+	b, err := i.RawConfigFile()
+	if err != nil {
+		return nil, err
+	}
+	return v1.ParseConfigFile(bytes.NewReader(b))
+}
+
+// ConfigName is a helper for implementing v1.Image
+func ConfigName(i WithRawConfigFile) (v1.Hash, error) {
+	b, err := i.RawConfigFile()
+	if err != nil {
+		return v1.Hash{}, err
+	}
+	h, _, err := v1.SHA256(bytes.NewReader(b))
+	return h, err
+}
+
+type configLayer struct {
+	hash    v1.Hash
+	content []byte
+}
+
+// Digest implements v1.Layer
+func (cl *configLayer) Digest() (v1.Hash, error) {
+	return cl.hash, nil
+}
+
+// DiffID implements v1.Layer
+func (cl *configLayer) DiffID() (v1.Hash, error) {
+	return cl.hash, nil
+}
+
+// Uncompressed implements v1.Layer
+func (cl *configLayer) Uncompressed() (io.ReadCloser, error) {
+	return ioutil.NopCloser(bytes.NewBuffer(cl.content)), nil
+}
+
+// Compressed implements v1.Layer
+func (cl *configLayer) Compressed() (io.ReadCloser, error) {
+	return ioutil.NopCloser(bytes.NewBuffer(cl.content)), nil
+}
+
+// Size implements v1.Layer
+func (cl *configLayer) Size() (int64, error) {
+	return int64(len(cl.content)), nil
+}
+
+func (cl *configLayer) MediaType() (types.MediaType, error) {
+	// Defaulting this to OCIConfigJSON as it should remain
+	// backwards compatible with DockerConfigJSON
+	return types.OCIConfigJSON, nil
+}
+
+var _ v1.Layer = (*configLayer)(nil)
+
+// ConfigLayer implements v1.Layer from the raw config bytes.
+// This is so that clients (e.g. remote) can access the config as a blob.
+func ConfigLayer(i WithRawConfigFile) (v1.Layer, error) {
+	h, err := ConfigName(i)
+	if err != nil {
+		return nil, err
+	}
+	rcfg, err := i.RawConfigFile()
+	if err != nil {
+		return nil, err
+	}
+	return &configLayer{
+		hash:    h,
+		content: rcfg,
+	}, nil
+}
+
+// WithConfigFile defines the subset of v1.Image used by these helper methods
+type WithConfigFile interface {
+	// ConfigFile returns this image's config file.
+	ConfigFile() (*v1.ConfigFile, error)
+}
+
+// DiffIDs is a helper for implementing v1.Image
+func DiffIDs(i WithConfigFile) ([]v1.Hash, error) {
+	cfg, err := i.ConfigFile()
+	if err != nil {
+		return nil, err
+	}
+	return cfg.RootFS.DiffIDs, nil
+}
+
+// RawConfigFile is a helper for implementing v1.Image
+func RawConfigFile(i WithConfigFile) ([]byte, error) {
+	cfg, err := i.ConfigFile()
+	if err != nil {
+		return nil, err
+	}
+	return json.Marshal(cfg)
+}
+
+// WithRawManifest defines the subset of v1.Image used by these helper methods
+type WithRawManifest interface {
+	// RawManifest returns the serialized bytes of this image's config file.
+	RawManifest() ([]byte, error)
+}
+
+// Digest is a helper for implementing v1.Image
+func Digest(i WithRawManifest) (v1.Hash, error) {
+	mb, err := i.RawManifest()
+	if err != nil {
+		return v1.Hash{}, err
+	}
+	digest, _, err := v1.SHA256(bytes.NewReader(mb))
+	return digest, err
+}
+
+// Manifest is a helper for implementing v1.Image
+func Manifest(i WithRawManifest) (*v1.Manifest, error) {
+	b, err := i.RawManifest()
+	if err != nil {
+		return nil, err
+	}
+	return v1.ParseManifest(bytes.NewReader(b))
+}
+
+// WithManifest defines the subset of v1.Image used by these helper methods
+type WithManifest interface {
+	// Manifest returns this image's Manifest object.
+	Manifest() (*v1.Manifest, error)
+}
+
+// RawManifest is a helper for implementing v1.Image
+func RawManifest(i WithManifest) ([]byte, error) {
+	m, err := i.Manifest()
+	if err != nil {
+		return nil, err
+	}
+	return json.Marshal(m)
+}
+
+// Size is a helper for implementing v1.Image
+func Size(i WithRawManifest) (int64, error) {
+	b, err := i.RawManifest()
+	if err != nil {
+		return -1, err
+	}
+	return int64(len(b)), nil
+}
+
+// FSLayers is a helper for implementing v1.Image
+func FSLayers(i WithManifest) ([]v1.Hash, error) {
+	m, err := i.Manifest()
+	if err != nil {
+		return nil, err
+	}
+	fsl := make([]v1.Hash, len(m.Layers))
+	for i, l := range m.Layers {
+		fsl[i] = l.Digest
+	}
+	return fsl, nil
+}
+
+// BlobSize is a helper for implementing v1.Image
+func BlobSize(i WithManifest, h v1.Hash) (int64, error) {
+	d, err := BlobDescriptor(i, h)
+	if err != nil {
+		return -1, err
+	}
+	return d.Size, nil
+}
+
+// BlobDescriptor is a helper for implementing v1.Image
+func BlobDescriptor(i WithManifest, h v1.Hash) (*v1.Descriptor, error) {
+	m, err := i.Manifest()
+	if err != nil {
+		return nil, err
+	}
+
+	if m.Config.Digest == h {
+		return &m.Config, nil
+	}
+
+	for _, l := range m.Layers {
+		if l.Digest == h {
+			return &l, nil
+		}
+	}
+	return nil, fmt.Errorf("blob %v not found", h)
+}
+
+// WithManifestAndConfigFile defines the subset of v1.Image used by these helper methods
+type WithManifestAndConfigFile interface {
+	WithConfigFile
+
+	// Manifest returns this image's Manifest object.
+	Manifest() (*v1.Manifest, error)
+}
+
+// BlobToDiffID is a helper for mapping between compressed
+// and uncompressed blob hashes.
+func BlobToDiffID(i WithManifestAndConfigFile, h v1.Hash) (v1.Hash, error) {
+	blobs, err := FSLayers(i)
+	if err != nil {
+		return v1.Hash{}, err
+	}
+	diffIDs, err := DiffIDs(i)
+	if err != nil {
+		return v1.Hash{}, err
+	}
+	if len(blobs) != len(diffIDs) {
+		return v1.Hash{}, fmt.Errorf("mismatched fs layers (%d) and diff ids (%d)", len(blobs), len(diffIDs))
+	}
+	for i, blob := range blobs {
+		if blob == h {
+			return diffIDs[i], nil
+		}
+	}
+	return v1.Hash{}, fmt.Errorf("unknown blob %v", h)
+}
+
+// DiffIDToBlob is a helper for mapping between uncompressed
+// and compressed blob hashes.
+func DiffIDToBlob(wm WithManifestAndConfigFile, h v1.Hash) (v1.Hash, error) {
+	blobs, err := FSLayers(wm)
+	if err != nil {
+		return v1.Hash{}, err
+	}
+	diffIDs, err := DiffIDs(wm)
+	if err != nil {
+		return v1.Hash{}, err
+	}
+	if len(blobs) != len(diffIDs) {
+		return v1.Hash{}, fmt.Errorf("mismatched fs layers (%d) and diff ids (%d)", len(blobs), len(diffIDs))
+	}
+	for i, diffID := range diffIDs {
+		if diffID == h {
+			return blobs[i], nil
+		}
+	}
+	return v1.Hash{}, fmt.Errorf("unknown diffID %v", h)
+}
+
+// WithDiffID defines the subset of v1.Layer for exposing the DiffID method.
+type WithDiffID interface {
+	DiffID() (v1.Hash, error)
+}
+
+// withDescriptor allows partial layer implementations to provide a layer
+// descriptor to the partial image manifest builder. This allows partial
+// uncompressed layers to provide foreign layer metadata like URLs to the
+// uncompressed image manifest.
+type withDescriptor interface {
+	Descriptor() (*v1.Descriptor, error)
+}
+
+// Describable represents something for which we can produce a v1.Descriptor.
+type Describable interface {
+	Digest() (v1.Hash, error)
+	MediaType() (types.MediaType, error)
+	Size() (int64, error)
+}
+
+// Descriptor returns a v1.Descriptor given a Describable. It also encodes
+// some logic for unwrapping things that have been wrapped by
+// CompressedToLayer, UncompressedToLayer, CompressedToImage, or
+// UncompressedToImage.
+func Descriptor(d Describable) (*v1.Descriptor, error) {
+	// If Describable implements Descriptor itself, return that.
+	if wd, ok := d.(withDescriptor); ok {
+		return wd.Descriptor()
+	}
+
+	// Otherwise, try to unwrap any partial implementations to see
+	// if the wrapped struct implements Descriptor.
+	if ule, ok := d.(*uncompressedLayerExtender); ok {
+		if wd, ok := ule.UncompressedLayer.(withDescriptor); ok {
+			return wd.Descriptor()
+		}
+	}
+	if cle, ok := d.(*compressedLayerExtender); ok {
+		if wd, ok := cle.CompressedLayer.(withDescriptor); ok {
+			return wd.Descriptor()
+		}
+	}
+	if uie, ok := d.(*uncompressedImageExtender); ok {
+		if wd, ok := uie.UncompressedImageCore.(withDescriptor); ok {
+			return wd.Descriptor()
+		}
+	}
+	if cie, ok := d.(*compressedImageExtender); ok {
+		if wd, ok := cie.CompressedImageCore.(withDescriptor); ok {
+			return wd.Descriptor()
+		}
+	}
+
+	// If all else fails, compute the descriptor from the individual methods.
+	var (
+		desc v1.Descriptor
+		err  error
+	)
+
+	if desc.Size, err = d.Size(); err != nil {
+		return nil, err
+	}
+	if desc.Digest, err = d.Digest(); err != nil {
+		return nil, err
+	}
+	if desc.MediaType, err = d.MediaType(); err != nil {
+		return nil, err
+	}
+
+	return &desc, nil
+}
+
+type withUncompressedSize interface {
+	UncompressedSize() (int64, error)
+}
+
+// UncompressedSize returns the size of the Uncompressed layer. If the
+// underlying implementation doesn't implement UncompressedSize directly,
+// this will compute the uncompressedSize by reading everything returned
+// by Compressed(). This is potentially expensive and may consume the contents
+// for streaming layers.
+func UncompressedSize(l v1.Layer) (int64, error) {
+	// If the layer implements UncompressedSize itself, return that.
+	if wus, ok := l.(withUncompressedSize); ok {
+		return wus.UncompressedSize()
+	}
+
+	// Otherwise, try to unwrap any partial implementations to see
+	// if the wrapped struct implements UncompressedSize.
+	if ule, ok := l.(*uncompressedLayerExtender); ok {
+		if wus, ok := ule.UncompressedLayer.(withUncompressedSize); ok {
+			return wus.UncompressedSize()
+		}
+	}
+	if cle, ok := l.(*compressedLayerExtender); ok {
+		if wus, ok := cle.CompressedLayer.(withUncompressedSize); ok {
+			return wus.UncompressedSize()
+		}
+	}
+
+	// The layer doesn't implement UncompressedSize, we need to compute it.
+	rc, err := l.Uncompressed()
+	if err != nil {
+		return -1, err
+	}
+	defer rc.Close()
+
+	return io.Copy(ioutil.Discard, rc)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/platform.go b/vendor/github.com/google/go-containerregistry/pkg/v1/platform.go
new file mode 100644
index 00000000..a586ab36
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/platform.go
@@ -0,0 +1,59 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1
+
+import (
+	"sort"
+)
+
+// Platform represents the target os/arch for an image.
+type Platform struct {
+	Architecture string   `json:"architecture"`
+	OS           string   `json:"os"`
+	OSVersion    string   `json:"os.version,omitempty"`
+	OSFeatures   []string `json:"os.features,omitempty"`
+	Variant      string   `json:"variant,omitempty"`
+	Features     []string `json:"features,omitempty"`
+}
+
+// Equals returns true if the given platform is semantically equivalent to this one.
+// The order of Features and OSFeatures is not important.
+func (p Platform) Equals(o Platform) bool {
+	return p.OS == o.OS && p.Architecture == o.Architecture && p.Variant == o.Variant && p.OSVersion == o.OSVersion &&
+		stringSliceEqualIgnoreOrder(p.OSFeatures, o.OSFeatures) && stringSliceEqualIgnoreOrder(p.Features, o.Features)
+}
+
+// stringSliceEqual compares 2 string slices and returns if their contents are identical.
+func stringSliceEqual(a, b []string) bool {
+	if len(a) != len(b) {
+		return false
+	}
+	for i, elm := range a {
+		if elm != b[i] {
+			return false
+		}
+	}
+	return true
+}
+
+// stringSliceEqualIgnoreOrder compares 2 string slices and returns if their contents are identical, ignoring order
+func stringSliceEqualIgnoreOrder(a, b []string) bool {
+	a1, b1 := a[:], b[:]
+	if a1 != nil && b1 != nil {
+		sort.Strings(a1)
+		sort.Strings(b1)
+	}
+	return stringSliceEqual(a1, b1)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/progress.go b/vendor/github.com/google/go-containerregistry/pkg/v1/progress.go
new file mode 100644
index 00000000..844f04d9
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/progress.go
@@ -0,0 +1,25 @@
+// Copyright 2020 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1
+
+// Update representation of an update of transfer progress. Some functions
+// in this module can take a channel to which updates will be sent while a
+// transfer is in progress.
+// +k8s:deepcopy-gen=false
+type Update struct {
+	Total    int64
+	Complete int64
+	Error    error
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/README.md b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/README.md
new file mode 100644
index 00000000..2e16c45d
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/README.md
@@ -0,0 +1,117 @@
+# `remote`
+
+[![GoDoc](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/remote?status.svg)](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/remote)
+
+The `remote` package implements a client for accessing a registry,
+per the [OCI distribution spec](https://github.com/opencontainers/distribution-spec/blob/master/spec.md).
+
+It leans heavily on the lower level [`transport`](/pkg/v1/remote/transport) package, which handles the
+authentication handshake and structured errors.
+
+## Usage
+
+```go
+package main
+
+import (
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+)
+
+func main() {
+	ref, err := name.ParseReference("gcr.io/google-containers/pause")
+	if err != nil {
+		panic(err)
+	}
+
+	img, err := remote.Image(ref, remote.WithAuthFromKeychain(authn.DefaultKeychain))
+	if err != nil {
+		panic(err)
+	}
+
+	// do stuff with img
+}
+```
+
+## Structure
+
+<p align="center">
+  <img src="/images/remote.dot.svg" />
+</p>
+
+
+## Background
+
+There are a lot of confusingly similar terms that come up when talking about images in registries.
+
+### Anatomy of an image
+
+In general...
+
+* A tag refers to an image manifest.
+* An image manifest references a config file and an orderered list of _compressed_ layers by sha256 digest.
+* A config file references an ordered list of _uncompressed_ layers by sha256 digest and contains runtime configuration.
+* The sha256 digest of the config file is the [image id](https://github.com/opencontainers/image-spec/blob/master/config.md#imageid) for the image.
+
+For example, an image with two layers would look something like this:
+
+![image anatomy](/images/image-anatomy.dot.svg)
+
+### Anatomy of an index
+
+In the normal case, an [index](https://github.com/opencontainers/image-spec/blob/master/image-index.md) is used to represent a multi-platform image.
+This was the original use case for a [manifest
+list](https://docs.docker.com/registry/spec/manifest-v2-2/#manifest-list).
+
+![image index anatomy](/images/index-anatomy.dot.svg)
+
+It is possible for an index to reference another index, per the OCI
+[image-spec](https://github.com/opencontainers/image-spec/blob/master/media-types.md#compatibility-matrix).
+In theory, both an image and image index can reference arbitrary things via
+[descriptors](https://github.com/opencontainers/image-spec/blob/master/descriptor.md),
+e.g. see the [image layout
+example](https://github.com/opencontainers/image-spec/blob/master/image-layout.md#index-example),
+which references an application/xml file from an image index.
+
+That could look something like this:
+
+![exotic image index anatomy](/images/index-anatomy-exotic.dot.svg)
+
+Using a recursive index like this might not be possible with all registries,
+but this flexibility allows for some interesting applications, e.g. the
+[OCI Artifacts](https://github.com/opencontainers/artifacts) effort.
+
+### Anatomy of an image upload
+
+The structure of an image requires a delicate ordering when uploading an image to a registry.
+Below is a (slightly simplified) figure that describes how an image is prepared for upload
+to a registry and how the data flows between various artifacts:
+
+![upload](/images/upload.dot.svg)
+
+Note that:
+
+* A config file references the uncompressed layer contents by sha256.
+* A manifest references the compressed layer contents by sha256 and the size of the layer.
+* A manifest references the config file contents by sha256 and the size of the file.
+
+It follows that during an upload, we need to upload layers before the config file,
+and we need to upload the config file before the manifest.
+
+Sometimes, we know all of this information ahead of time, (e.g. when copying from remote.Image),
+so the ordering is less important.
+
+In other cases, e.g. when using a [`stream.Layer`](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/stream#Layer),
+we can't compute anything until we have already uploaded the layer, so we need to be careful about ordering.
+
+## Caveats
+
+### schema 1
+
+This package does not support schema 1 images, see [`#377`](https://github.com/google/go-containerregistry/issues/377),
+however, it's possible to do _something_ useful with them via [`remote.Get`](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/remote#Get),
+which doesn't try to interpret what is returned by the registry.
+
+[`crane.Copy`](https://godoc.org/github.com/google/go-containerregistry/pkg/crane#Copy) takes advantage of this to implement support for copying schema 1 images,
+see [here](https://github.com/google/go-containerregistry/blob/master/pkg/internal/legacy/copy.go).
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/catalog.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/catalog.go
new file mode 100644
index 00000000..21b5dbba
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/catalog.go
@@ -0,0 +1,151 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package remote
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
+)
+
+type catalog struct {
+	Repos []string `json:"repositories"`
+}
+
+// CatalogPage calls /_catalog, returning the list of repositories on the registry.
+func CatalogPage(target name.Registry, last string, n int, options ...Option) ([]string, error) {
+	o, err := makeOptions(target, options...)
+	if err != nil {
+		return nil, err
+	}
+
+	scopes := []string{target.Scope(transport.PullScope)}
+	tr, err := transport.NewWithContext(o.context, target, o.auth, o.transport, scopes)
+	if err != nil {
+		return nil, err
+	}
+
+	query := fmt.Sprintf("last=%s&n=%d", url.QueryEscape(last), n)
+
+	uri := url.URL{
+		Scheme:   target.Scheme(),
+		Host:     target.RegistryStr(),
+		Path:     "/v2/_catalog",
+		RawQuery: query,
+	}
+
+	client := http.Client{Transport: tr}
+	req, err := http.NewRequest(http.MethodGet, uri.String(), nil)
+	if err != nil {
+		return nil, err
+	}
+	resp, err := client.Do(req.WithContext(o.context))
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if err := transport.CheckError(resp, http.StatusOK); err != nil {
+		return nil, err
+	}
+
+	var parsed catalog
+	if err := json.NewDecoder(resp.Body).Decode(&parsed); err != nil {
+		return nil, err
+	}
+
+	return parsed.Repos, nil
+}
+
+// Catalog calls /_catalog, returning the list of repositories on the registry.
+func Catalog(ctx context.Context, target name.Registry, options ...Option) ([]string, error) {
+	o, err := makeOptions(target, options...)
+	if err != nil {
+		return nil, err
+	}
+
+	scopes := []string{target.Scope(transport.PullScope)}
+	tr, err := transport.NewWithContext(o.context, target, o.auth, o.transport, scopes)
+	if err != nil {
+		return nil, err
+	}
+
+	uri := &url.URL{
+		Scheme:   target.Scheme(),
+		Host:     target.RegistryStr(),
+		Path:     "/v2/_catalog",
+		RawQuery: "n=10000",
+	}
+
+	client := http.Client{Transport: tr}
+
+	// WithContext overrides the ctx passed directly.
+	if o.context != context.Background() {
+		ctx = o.context
+	}
+
+	var (
+		parsed   catalog
+		repoList []string
+	)
+
+	// get responses until there is no next page
+	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+		}
+
+		req, err := http.NewRequest("GET", uri.String(), nil)
+		if err != nil {
+			return nil, err
+		}
+		req = req.WithContext(ctx)
+
+		resp, err := client.Do(req)
+		if err != nil {
+			return nil, err
+		}
+
+		if err := transport.CheckError(resp, http.StatusOK); err != nil {
+			return nil, err
+		}
+
+		if err := json.NewDecoder(resp.Body).Decode(&parsed); err != nil {
+			return nil, err
+		}
+		if err := resp.Body.Close(); err != nil {
+			return nil, err
+		}
+
+		repoList = append(repoList, parsed.Repos...)
+
+		uri, err = getNextPageURL(resp)
+		if err != nil {
+			return nil, err
+		}
+		// no next page
+		if uri == nil {
+			break
+		}
+	}
+	return repoList, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/check.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/check.go
new file mode 100644
index 00000000..c841cc05
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/check.go
@@ -0,0 +1,59 @@
+package remote
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
+)
+
+// CheckPushPermission returns an error if the given keychain cannot authorize
+// a push operation to the given ref.
+//
+// This can be useful to check whether the caller has permission to push an
+// image before doing work to construct the image.
+//
+// TODO(#412): Remove the need for this method.
+func CheckPushPermission(ref name.Reference, kc authn.Keychain, t http.RoundTripper) error {
+	auth, err := kc.Resolve(ref.Context().Registry)
+	if err != nil {
+		return fmt.Errorf("resolving authorization for %v failed: %v", ref.Context().Registry, err)
+	}
+
+	scopes := []string{ref.Scope(transport.PushScope)}
+	tr, err := transport.New(ref.Context().Registry, auth, t, scopes)
+	if err != nil {
+		return fmt.Errorf("creating push check transport for %v failed: %v", ref.Context().Registry, err)
+	}
+	// TODO(jasonhall): Against GCR, just doing the token handshake is
+	// enough, but this doesn't extend to Dockerhub
+	// (https://github.com/docker/hub-feedback/issues/1771), so we actually
+	// need to initiate an upload to tell whether the credentials can
+	// authorize a push. Figure out how to return early here when we can,
+	// to avoid a roundtrip for spec-compliant registries.
+	w := writer{
+		repo:    ref.Context(),
+		client:  &http.Client{Transport: tr},
+		context: context.Background(),
+	}
+	loc, _, err := w.initiateUpload("", "")
+	if loc != "" {
+		// Since we're only initiating the upload to check whether we
+		// can, we should attempt to cancel it, in case initiating
+		// reserves some resources on the server. We shouldn't wait for
+		// cancelling to complete, and we don't care if it fails.
+		go w.cancelUpload(loc)
+	}
+	return err
+}
+
+func (w *writer) cancelUpload(loc string) {
+	req, err := http.NewRequest(http.MethodDelete, loc, nil)
+	if err != nil {
+		return
+	}
+	_, _ = w.client.Do(req)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/delete.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/delete.go
new file mode 100644
index 00000000..3b902271
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/delete.go
@@ -0,0 +1,57 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package remote
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
+)
+
+// Delete removes the specified image reference from the remote registry.
+func Delete(ref name.Reference, options ...Option) error {
+	o, err := makeOptions(ref.Context(), options...)
+	if err != nil {
+		return err
+	}
+	scopes := []string{ref.Scope(transport.DeleteScope)}
+	tr, err := transport.NewWithContext(o.context, ref.Context().Registry, o.auth, o.transport, scopes)
+	if err != nil {
+		return err
+	}
+	c := &http.Client{Transport: tr}
+
+	u := url.URL{
+		Scheme: ref.Context().Registry.Scheme(),
+		Host:   ref.Context().RegistryStr(),
+		Path:   fmt.Sprintf("/v2/%s/manifests/%s", ref.Context().RepositoryStr(), ref.Identifier()),
+	}
+
+	req, err := http.NewRequest(http.MethodDelete, u.String(), nil)
+	if err != nil {
+		return err
+	}
+
+	resp, err := c.Do(req.WithContext(o.context))
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	return transport.CheckError(resp, http.StatusOK, http.StatusAccepted)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/descriptor.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/descriptor.go
new file mode 100644
index 00000000..b77cb9a8
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/descriptor.go
@@ -0,0 +1,392 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package remote
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strconv"
+	"strings"
+
+	"github.com/google/go-containerregistry/pkg/logs"
+	"github.com/google/go-containerregistry/pkg/name"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/partial"
+	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+	"github.com/google/go-containerregistry/pkg/v1/v1util"
+)
+
+// ErrSchema1 indicates that we received a schema1 manifest from the registry.
+// This library doesn't have plans to support this legacy image format:
+// https://github.com/google/go-containerregistry/issues/377
+type ErrSchema1 struct {
+	schema string
+}
+
+// newErrSchema1 returns an ErrSchema1 with the unexpected MediaType.
+func newErrSchema1(schema types.MediaType) error {
+	return &ErrSchema1{
+		schema: string(schema),
+	}
+}
+
+// Error implements error.
+func (e *ErrSchema1) Error() string {
+	return fmt.Sprintf("unsupported MediaType: %q, see https://github.com/google/go-containerregistry/issues/377", e.schema)
+}
+
+// Descriptor provides access to metadata about remote artifact and accessors
+// for efficiently converting it into a v1.Image or v1.ImageIndex.
+type Descriptor struct {
+	fetcher
+	v1.Descriptor
+	Manifest []byte
+
+	// So we can share this implementation with Image..
+	platform v1.Platform
+}
+
+// RawManifest exists to satisfy the Taggable interface.
+func (d *Descriptor) RawManifest() ([]byte, error) {
+	return d.Manifest, nil
+}
+
+// Get returns a remote.Descriptor for the given reference. The response from
+// the registry is left un-interpreted, for the most part. This is useful for
+// querying what kind of artifact a reference represents.
+//
+// See Head if you don't need the response body.
+func Get(ref name.Reference, options ...Option) (*Descriptor, error) {
+	acceptable := []types.MediaType{
+		// Just to look at them.
+		types.DockerManifestSchema1,
+		types.DockerManifestSchema1Signed,
+	}
+	acceptable = append(acceptable, acceptableImageMediaTypes...)
+	acceptable = append(acceptable, acceptableIndexMediaTypes...)
+	return get(ref, acceptable, options...)
+}
+
+// Head returns a v1.Descriptor for the given reference by issuing a HEAD
+// request.
+//
+// Note that the server response will not have a body, so any errors encountered
+// should be retried with Get to get more details.
+func Head(ref name.Reference, options ...Option) (*v1.Descriptor, error) {
+	acceptable := []types.MediaType{
+		// Just to look at them.
+		types.DockerManifestSchema1,
+		types.DockerManifestSchema1Signed,
+	}
+	acceptable = append(acceptable, acceptableImageMediaTypes...)
+	acceptable = append(acceptable, acceptableIndexMediaTypes...)
+
+	o, err := makeOptions(ref.Context(), options...)
+	if err != nil {
+		return nil, err
+	}
+
+	f, err := makeFetcher(ref, o)
+	if err != nil {
+		return nil, err
+	}
+
+	return f.headManifest(ref, acceptable)
+}
+
+// Handle options and fetch the manifest with the acceptable MediaTypes in the
+// Accept header.
+func get(ref name.Reference, acceptable []types.MediaType, options ...Option) (*Descriptor, error) {
+	o, err := makeOptions(ref.Context(), options...)
+	if err != nil {
+		return nil, err
+	}
+	f, err := makeFetcher(ref, o)
+	if err != nil {
+		return nil, err
+	}
+	b, desc, err := f.fetchManifest(ref, acceptable)
+	if err != nil {
+		return nil, err
+	}
+	return &Descriptor{
+		fetcher:    *f,
+		Manifest:   b,
+		Descriptor: *desc,
+		platform:   o.platform,
+	}, nil
+}
+
+// Image converts the Descriptor into a v1.Image.
+//
+// If the fetched artifact is already an image, it will just return it.
+//
+// If the fetched artifact is an index, it will attempt to resolve the index to
+// a child image with the appropriate platform.
+//
+// See WithPlatform to set the desired platform.
+func (d *Descriptor) Image() (v1.Image, error) {
+	switch d.MediaType {
+	case types.DockerManifestSchema1, types.DockerManifestSchema1Signed:
+		// We don't care to support schema 1 images:
+		// https://github.com/google/go-containerregistry/issues/377
+		return nil, newErrSchema1(d.MediaType)
+	case types.OCIImageIndex, types.DockerManifestList:
+		// We want an image but the registry has an index, resolve it to an image.
+		return d.remoteIndex().imageByPlatform(d.platform)
+	case types.OCIManifestSchema1, types.DockerManifestSchema2:
+		// These are expected. Enumerated here to allow a default case.
+	default:
+		// We could just return an error here, but some registries (e.g. static
+		// registries) don't set the Content-Type headers correctly, so instead...
+		logs.Warn.Printf("Unexpected media type for Image(): %s", d.MediaType)
+	}
+
+	// Wrap the v1.Layers returned by this v1.Image in a hint for downstream
+	// remote.Write calls to facilitate cross-repo "mounting".
+	imgCore, err := partial.CompressedToImage(d.remoteImage())
+	if err != nil {
+		return nil, err
+	}
+	return &mountableImage{
+		Image:     imgCore,
+		Reference: d.Ref,
+	}, nil
+}
+
+// ImageIndex converts the Descriptor into a v1.ImageIndex.
+func (d *Descriptor) ImageIndex() (v1.ImageIndex, error) {
+	switch d.MediaType {
+	case types.DockerManifestSchema1, types.DockerManifestSchema1Signed:
+		// We don't care to support schema 1 images:
+		// https://github.com/google/go-containerregistry/issues/377
+		return nil, newErrSchema1(d.MediaType)
+	case types.OCIManifestSchema1, types.DockerManifestSchema2:
+		// We want an index but the registry has an image, nothing we can do.
+		return nil, fmt.Errorf("unexpected media type for ImageIndex(): %s; call Image() instead", d.MediaType)
+	case types.OCIImageIndex, types.DockerManifestList:
+		// These are expected.
+	default:
+		// We could just return an error here, but some registries (e.g. static
+		// registries) don't set the Content-Type headers correctly, so instead...
+		logs.Warn.Printf("Unexpected media type for ImageIndex(): %s", d.MediaType)
+	}
+	return d.remoteIndex(), nil
+}
+
+func (d *Descriptor) remoteImage() *remoteImage {
+	return &remoteImage{
+		fetcher:    d.fetcher,
+		manifest:   d.Manifest,
+		mediaType:  d.MediaType,
+		descriptor: &d.Descriptor,
+	}
+}
+
+func (d *Descriptor) remoteIndex() *remoteIndex {
+	return &remoteIndex{
+		fetcher:    d.fetcher,
+		manifest:   d.Manifest,
+		mediaType:  d.MediaType,
+		descriptor: &d.Descriptor,
+	}
+}
+
+// fetcher implements methods for reading from a registry.
+type fetcher struct {
+	Ref     name.Reference
+	Client  *http.Client
+	context context.Context
+}
+
+func makeFetcher(ref name.Reference, o *options) (*fetcher, error) {
+	tr, err := transport.NewWithContext(o.context, ref.Context().Registry, o.auth, o.transport, []string{ref.Scope(transport.PullScope)})
+	if err != nil {
+		return nil, err
+	}
+	return &fetcher{
+		Ref:     ref,
+		Client:  &http.Client{Transport: tr},
+		context: o.context,
+	}, nil
+}
+
+// url returns a url.Url for the specified path in the context of this remote image reference.
+func (f *fetcher) url(resource, identifier string) url.URL {
+	return url.URL{
+		Scheme: f.Ref.Context().Registry.Scheme(),
+		Host:   f.Ref.Context().RegistryStr(),
+		Path:   fmt.Sprintf("/v2/%s/%s/%s", f.Ref.Context().RepositoryStr(), resource, identifier),
+	}
+}
+
+func (f *fetcher) fetchManifest(ref name.Reference, acceptable []types.MediaType) ([]byte, *v1.Descriptor, error) {
+	u := f.url("manifests", ref.Identifier())
+	req, err := http.NewRequest(http.MethodGet, u.String(), nil)
+	if err != nil {
+		return nil, nil, err
+	}
+	accept := []string{}
+	for _, mt := range acceptable {
+		accept = append(accept, string(mt))
+	}
+	req.Header.Set("Accept", strings.Join(accept, ","))
+
+	resp, err := f.Client.Do(req.WithContext(f.context))
+	if err != nil {
+		return nil, nil, err
+	}
+	defer resp.Body.Close()
+
+	if err := transport.CheckError(resp, http.StatusOK); err != nil {
+		return nil, nil, err
+	}
+
+	manifest, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	digest, size, err := v1.SHA256(bytes.NewReader(manifest))
+	if err != nil {
+		return nil, nil, err
+	}
+
+	mediaType := types.MediaType(resp.Header.Get("Content-Type"))
+	contentDigest, err := v1.NewHash(resp.Header.Get("Docker-Content-Digest"))
+	if err == nil && mediaType == types.DockerManifestSchema1Signed {
+		// If we can parse the digest from the header, and it's a signed schema 1
+		// manifest, let's use that for the digest to appease older registries.
+		digest = contentDigest
+	}
+
+	// Validate the digest matches what we asked for, if pulling by digest.
+	if dgst, ok := ref.(name.Digest); ok {
+		if digest.String() != dgst.DigestStr() {
+			return nil, nil, fmt.Errorf("manifest digest: %q does not match requested digest: %q for %q", digest, dgst.DigestStr(), f.Ref)
+		}
+	}
+	// Do nothing for tags; I give up.
+	//
+	// We'd like to validate that the "Docker-Content-Digest" header matches what is returned by the registry,
+	// but so many registries implement this incorrectly that it's not worth checking.
+	//
+	// For reference:
+	// https://github.com/GoogleContainerTools/kaniko/issues/298
+
+	// Return all this info since we have to calculate it anyway.
+	desc := v1.Descriptor{
+		Digest:    digest,
+		Size:      size,
+		MediaType: mediaType,
+	}
+
+	return manifest, &desc, nil
+}
+
+func (f *fetcher) headManifest(ref name.Reference, acceptable []types.MediaType) (*v1.Descriptor, error) {
+	u := f.url("manifests", ref.Identifier())
+	req, err := http.NewRequest(http.MethodHead, u.String(), nil)
+	if err != nil {
+		return nil, err
+	}
+	accept := []string{}
+	for _, mt := range acceptable {
+		accept = append(accept, string(mt))
+	}
+	req.Header.Set("Accept", strings.Join(accept, ","))
+
+	resp, err := f.Client.Do(req.WithContext(f.context))
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if err := transport.CheckError(resp, http.StatusOK); err != nil {
+		return nil, err
+	}
+
+	mediaType := types.MediaType(resp.Header.Get("Content-Type"))
+
+	size, err := strconv.ParseInt(resp.Header.Get("Content-Length"), 10, 64)
+	if err != nil {
+		return nil, err
+	}
+
+	digest, err := v1.NewHash(resp.Header.Get("Docker-Content-Digest"))
+	if err != nil {
+		return nil, err
+	}
+
+	// Validate the digest matches what we asked for, if pulling by digest.
+	if dgst, ok := ref.(name.Digest); ok {
+		if digest.String() != dgst.DigestStr() {
+			return nil, fmt.Errorf("manifest digest: %q does not match requested digest: %q for %q", digest, dgst.DigestStr(), f.Ref)
+		}
+	}
+
+	// Return all this info since we have to calculate it anyway.
+	return &v1.Descriptor{
+		Digest:    digest,
+		Size:      size,
+		MediaType: mediaType,
+	}, nil
+}
+
+func (f *fetcher) fetchBlob(ctx context.Context, h v1.Hash) (io.ReadCloser, error) {
+	u := f.url("blobs", h.String())
+	req, err := http.NewRequest(http.MethodGet, u.String(), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := f.Client.Do(req.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+
+	if err := transport.CheckError(resp, http.StatusOK); err != nil {
+		resp.Body.Close()
+		return nil, err
+	}
+
+	return v1util.VerifyReadCloser(resp.Body, h)
+}
+
+func (f *fetcher) headBlob(h v1.Hash) (*http.Response, error) {
+	u := f.url("blobs", h.String())
+	req, err := http.NewRequest(http.MethodHead, u.String(), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	resp, err := f.Client.Do(req.WithContext(f.context))
+	if err != nil {
+		return nil, err
+	}
+
+	if err := transport.CheckError(resp, http.StatusOK); err != nil {
+		resp.Body.Close()
+		return nil, err
+	}
+
+	return resp, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/doc.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/doc.go
new file mode 100644
index 00000000..846ba07c
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/doc.go
@@ -0,0 +1,17 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package remote provides facilities for reading/writing v1.Images from/to
+// a remote image registry.
+package remote
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/image.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/image.go
new file mode 100644
index 00000000..35fee776
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/image.go
@@ -0,0 +1,230 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package remote
+
+import (
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"sync"
+
+	"github.com/google/go-containerregistry/pkg/internal/redact"
+	"github.com/google/go-containerregistry/pkg/name"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/partial"
+	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+	"github.com/google/go-containerregistry/pkg/v1/v1util"
+)
+
+var acceptableImageMediaTypes = []types.MediaType{
+	types.DockerManifestSchema2,
+	types.OCIManifestSchema1,
+}
+
+// remoteImage accesses an image from a remote registry
+type remoteImage struct {
+	fetcher
+	manifestLock sync.Mutex // Protects manifest
+	manifest     []byte
+	configLock   sync.Mutex // Protects config
+	config       []byte
+	mediaType    types.MediaType
+	descriptor   *v1.Descriptor
+}
+
+var _ partial.CompressedImageCore = (*remoteImage)(nil)
+
+// Image provides access to a remote image reference.
+func Image(ref name.Reference, options ...Option) (v1.Image, error) {
+	desc, err := Get(ref, options...)
+	if err != nil {
+		return nil, err
+	}
+
+	return desc.Image()
+}
+
+func (r *remoteImage) MediaType() (types.MediaType, error) {
+	if string(r.mediaType) != "" {
+		return r.mediaType, nil
+	}
+	return types.DockerManifestSchema2, nil
+}
+
+func (r *remoteImage) RawManifest() ([]byte, error) {
+	r.manifestLock.Lock()
+	defer r.manifestLock.Unlock()
+	if r.manifest != nil {
+		return r.manifest, nil
+	}
+
+	// NOTE(jonjohnsonjr): We should never get here because the public entrypoints
+	// do type-checking via remote.Descriptor. I've left this here for tests that
+	// directly instantiate a remoteImage.
+	manifest, desc, err := r.fetchManifest(r.Ref, acceptableImageMediaTypes)
+	if err != nil {
+		return nil, err
+	}
+
+	if r.descriptor == nil {
+		r.descriptor = desc
+	}
+	r.mediaType = desc.MediaType
+	r.manifest = manifest
+	return r.manifest, nil
+}
+
+func (r *remoteImage) RawConfigFile() ([]byte, error) {
+	r.configLock.Lock()
+	defer r.configLock.Unlock()
+	if r.config != nil {
+		return r.config, nil
+	}
+
+	m, err := partial.Manifest(r)
+	if err != nil {
+		return nil, err
+	}
+
+	body, err := r.fetchBlob(r.context, m.Config.Digest)
+	if err != nil {
+		return nil, err
+	}
+	defer body.Close()
+
+	r.config, err = ioutil.ReadAll(body)
+	if err != nil {
+		return nil, err
+	}
+	return r.config, nil
+}
+
+// Descriptor retains the original descriptor from an index manifest.
+// See partial.Descriptor.
+func (r *remoteImage) Descriptor() (*v1.Descriptor, error) {
+	// kind of a hack, but RawManifest does appropriate locking/memoization
+	// and makes sure r.descriptor is populated.
+	_, err := r.RawManifest()
+	return r.descriptor, err
+}
+
+// remoteImageLayer implements partial.CompressedLayer
+type remoteImageLayer struct {
+	ri     *remoteImage
+	digest v1.Hash
+}
+
+// Digest implements partial.CompressedLayer
+func (rl *remoteImageLayer) Digest() (v1.Hash, error) {
+	return rl.digest, nil
+}
+
+// Compressed implements partial.CompressedLayer
+func (rl *remoteImageLayer) Compressed() (io.ReadCloser, error) {
+	urls := []url.URL{rl.ri.url("blobs", rl.digest.String())}
+
+	// Add alternative layer sources from URLs (usually none).
+	d, err := partial.BlobDescriptor(rl, rl.digest)
+	if err != nil {
+		return nil, err
+	}
+
+	// We don't want to log binary layers -- this can break terminals.
+	ctx := redact.NewContext(rl.ri.context, "omitting binary blobs from logs")
+
+	for _, s := range d.URLs {
+		u, err := url.Parse(s)
+		if err != nil {
+			return nil, err
+		}
+		urls = append(urls, *u)
+	}
+
+	// The lastErr for most pulls will be the same (the first error), but for
+	// foreign layers we'll want to surface the last one, since we try to pull
+	// from the registry first, which would often fail.
+	// TODO: Maybe we don't want to try pulling from the registry first?
+	var lastErr error
+	for _, u := range urls {
+		req, err := http.NewRequest(http.MethodGet, u.String(), nil)
+		if err != nil {
+			return nil, err
+		}
+
+		resp, err := rl.ri.Client.Do(req.WithContext(ctx))
+		if err != nil {
+			lastErr = err
+			continue
+		}
+
+		if err := transport.CheckError(resp, http.StatusOK); err != nil {
+			resp.Body.Close()
+			lastErr = err
+			continue
+		}
+
+		return v1util.VerifyReadCloser(resp.Body, rl.digest)
+	}
+
+	return nil, lastErr
+}
+
+// Manifest implements partial.WithManifest so that we can use partial.BlobSize below.
+func (rl *remoteImageLayer) Manifest() (*v1.Manifest, error) {
+	return partial.Manifest(rl.ri)
+}
+
+// MediaType implements v1.Layer
+func (rl *remoteImageLayer) MediaType() (types.MediaType, error) {
+	bd, err := partial.BlobDescriptor(rl, rl.digest)
+	if err != nil {
+		return "", err
+	}
+
+	return bd.MediaType, nil
+}
+
+// Size implements partial.CompressedLayer
+func (rl *remoteImageLayer) Size() (int64, error) {
+	// Look up the size of this digest in the manifest to avoid a request.
+	return partial.BlobSize(rl, rl.digest)
+}
+
+// ConfigFile implements partial.WithManifestAndConfigFile so that we can use partial.BlobToDiffID below.
+func (rl *remoteImageLayer) ConfigFile() (*v1.ConfigFile, error) {
+	return partial.ConfigFile(rl.ri)
+}
+
+// DiffID implements partial.WithDiffID so that we don't recompute a DiffID that we already have
+// available in our ConfigFile.
+func (rl *remoteImageLayer) DiffID() (v1.Hash, error) {
+	return partial.BlobToDiffID(rl, rl.digest)
+}
+
+// Descriptor retains the original descriptor from an image manifest.
+// See partial.Descriptor.
+func (rl *remoteImageLayer) Descriptor() (*v1.Descriptor, error) {
+	return partial.BlobDescriptor(rl, rl.digest)
+}
+
+// LayerByDigest implements partial.CompressedLayer
+func (r *remoteImage) LayerByDigest(h v1.Hash) (partial.CompressedLayer, error) {
+	return &remoteImageLayer{
+		ri:     r,
+		digest: h,
+	}, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/index.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/index.go
new file mode 100644
index 00000000..7a81075c
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/index.go
@@ -0,0 +1,237 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package remote
+
+import (
+	"bytes"
+	"fmt"
+	"sync"
+
+	"github.com/google/go-containerregistry/pkg/name"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/partial"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
+
+var acceptableIndexMediaTypes = []types.MediaType{
+	types.DockerManifestList,
+	types.OCIImageIndex,
+}
+
+// remoteIndex accesses an index from a remote registry
+type remoteIndex struct {
+	fetcher
+	manifestLock sync.Mutex // Protects manifest
+	manifest     []byte
+	mediaType    types.MediaType
+	descriptor   *v1.Descriptor
+}
+
+// Index provides access to a remote index reference.
+func Index(ref name.Reference, options ...Option) (v1.ImageIndex, error) {
+	desc, err := get(ref, acceptableIndexMediaTypes, options...)
+	if err != nil {
+		return nil, err
+	}
+
+	return desc.ImageIndex()
+}
+
+func (r *remoteIndex) MediaType() (types.MediaType, error) {
+	if string(r.mediaType) != "" {
+		return r.mediaType, nil
+	}
+	return types.DockerManifestList, nil
+}
+
+func (r *remoteIndex) Digest() (v1.Hash, error) {
+	return partial.Digest(r)
+}
+
+func (r *remoteIndex) Size() (int64, error) {
+	return partial.Size(r)
+}
+
+func (r *remoteIndex) RawManifest() ([]byte, error) {
+	r.manifestLock.Lock()
+	defer r.manifestLock.Unlock()
+	if r.manifest != nil {
+		return r.manifest, nil
+	}
+
+	// NOTE(jonjohnsonjr): We should never get here because the public entrypoints
+	// do type-checking via remote.Descriptor. I've left this here for tests that
+	// directly instantiate a remoteIndex.
+	manifest, desc, err := r.fetchManifest(r.Ref, acceptableIndexMediaTypes)
+	if err != nil {
+		return nil, err
+	}
+
+	if r.descriptor == nil {
+		r.descriptor = desc
+	}
+	r.mediaType = desc.MediaType
+	r.manifest = manifest
+	return r.manifest, nil
+}
+
+func (r *remoteIndex) IndexManifest() (*v1.IndexManifest, error) {
+	b, err := r.RawManifest()
+	if err != nil {
+		return nil, err
+	}
+	return v1.ParseIndexManifest(bytes.NewReader(b))
+}
+
+func (r *remoteIndex) Image(h v1.Hash) (v1.Image, error) {
+	desc, err := r.childByHash(h)
+	if err != nil {
+		return nil, err
+	}
+
+	// Descriptor.Image will handle coercing nested indexes into an Image.
+	return desc.Image()
+}
+
+// Descriptor retains the original descriptor from an index manifest.
+// See partial.Descriptor.
+func (r *remoteIndex) Descriptor() (*v1.Descriptor, error) {
+	// kind of a hack, but RawManifest does appropriate locking/memoization
+	// and makes sure r.descriptor is populated.
+	_, err := r.RawManifest()
+	return r.descriptor, err
+}
+
+func (r *remoteIndex) ImageIndex(h v1.Hash) (v1.ImageIndex, error) {
+	desc, err := r.childByHash(h)
+	if err != nil {
+		return nil, err
+	}
+	return desc.ImageIndex()
+}
+
+func (r *remoteIndex) imageByPlatform(platform v1.Platform) (v1.Image, error) {
+	desc, err := r.childByPlatform(platform)
+	if err != nil {
+		return nil, err
+	}
+
+	// Descriptor.Image will handle coercing nested indexes into an Image.
+	return desc.Image()
+}
+
+// This naively matches the first manifest with matching platform attributes.
+//
+// We should probably use this instead:
+//	 github.com/containerd/containerd/platforms
+//
+// But first we'd need to migrate to:
+//   github.com/opencontainers/image-spec/specs-go/v1
+func (r *remoteIndex) childByPlatform(platform v1.Platform) (*Descriptor, error) {
+	index, err := r.IndexManifest()
+	if err != nil {
+		return nil, err
+	}
+	for _, childDesc := range index.Manifests {
+		// If platform is missing from child descriptor, assume it's amd64/linux.
+		p := defaultPlatform
+		if childDesc.Platform != nil {
+			p = *childDesc.Platform
+		}
+
+		if matchesPlatform(p, platform) {
+			return r.childDescriptor(childDesc, platform)
+		}
+	}
+	return nil, fmt.Errorf("no child with platform %s/%s in index %s", platform.OS, platform.Architecture, r.Ref)
+}
+
+func (r *remoteIndex) childByHash(h v1.Hash) (*Descriptor, error) {
+	index, err := r.IndexManifest()
+	if err != nil {
+		return nil, err
+	}
+	for _, childDesc := range index.Manifests {
+		if h == childDesc.Digest {
+			return r.childDescriptor(childDesc, defaultPlatform)
+		}
+	}
+	return nil, fmt.Errorf("no child with digest %s in index %s", h, r.Ref)
+}
+
+// Convert one of this index's child's v1.Descriptor into a remote.Descriptor, with the given platform option.
+func (r *remoteIndex) childDescriptor(child v1.Descriptor, platform v1.Platform) (*Descriptor, error) {
+	ref := r.Ref.Context().Digest(child.Digest.String())
+	manifest, _, err := r.fetchManifest(ref, []types.MediaType{child.MediaType})
+	if err != nil {
+		return nil, err
+	}
+	return &Descriptor{
+		fetcher: fetcher{
+			Ref:     ref,
+			Client:  r.Client,
+			context: r.context,
+		},
+		Manifest:   manifest,
+		Descriptor: child,
+		platform:   platform,
+	}, nil
+}
+
+// matchesPlatform checks if the given platform matches the required platforms.
+// The given platform matches the required platform if
+// - architecture and OS are identical.
+// - OS version and variant are identical if provided.
+// - features and OS features of the required platform are subsets of those of the given platform.
+func matchesPlatform(given, required v1.Platform) bool {
+	// Required fields that must be identical.
+	if given.Architecture != required.Architecture || given.OS != required.OS {
+		return false
+	}
+
+	// Optional fields that may be empty, but must be identical if provided.
+	if required.OSVersion != "" && given.OSVersion != required.OSVersion {
+		return false
+	}
+	if required.Variant != "" && given.Variant != required.Variant {
+		return false
+	}
+
+	// Verify required platform's features are a subset of given platform's features.
+	if !isSubset(given.OSFeatures, required.OSFeatures) {
+		return false
+	}
+	if !isSubset(given.Features, required.Features) {
+		return false
+	}
+
+	return true
+}
+
+// isSubset checks if the required array of strings is a subset of the given lst.
+func isSubset(lst, required []string) bool {
+	set := make(map[string]bool)
+	for _, value := range lst {
+		set[value] = true
+	}
+
+	for _, value := range required {
+		if _, ok := set[value]; !ok {
+			return false
+		}
+	}
+
+	return true
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/layer.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/layer.go
new file mode 100644
index 00000000..6a941a1a
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/layer.go
@@ -0,0 +1,87 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package remote
+
+import (
+	"io"
+
+	"github.com/google/go-containerregistry/pkg/internal/redact"
+	"github.com/google/go-containerregistry/pkg/name"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/partial"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
+
+// remoteImagelayer implements partial.CompressedLayer
+type remoteLayer struct {
+	fetcher
+	digest v1.Hash
+}
+
+// Compressed implements partial.CompressedLayer
+func (rl *remoteLayer) Compressed() (io.ReadCloser, error) {
+	// We don't want to log binary layers -- this can break terminals.
+	ctx := redact.NewContext(rl.context, "omitting binary blobs from logs")
+	return rl.fetchBlob(ctx, rl.digest)
+}
+
+// Compressed implements partial.CompressedLayer
+func (rl *remoteLayer) Size() (int64, error) {
+	resp, err := rl.headBlob(rl.digest)
+	if err != nil {
+		return -1, err
+	}
+	return resp.ContentLength, nil
+}
+
+// Digest implements partial.CompressedLayer
+func (rl *remoteLayer) Digest() (v1.Hash, error) {
+	return rl.digest, nil
+}
+
+// MediaType implements v1.Layer
+func (rl *remoteLayer) MediaType() (types.MediaType, error) {
+	return types.DockerLayer, nil
+}
+
+// Layer reads the given blob reference from a registry as a Layer. A blob
+// reference here is just a punned name.Digest where the digest portion is the
+// digest of the blob to be read and the repository portion is the repo where
+// that blob lives.
+func Layer(ref name.Digest, options ...Option) (v1.Layer, error) {
+	o, err := makeOptions(ref.Context(), options...)
+	if err != nil {
+		return nil, err
+	}
+	f, err := makeFetcher(ref, o)
+	if err != nil {
+		return nil, err
+	}
+	h, err := v1.NewHash(ref.Identifier())
+	if err != nil {
+		return nil, err
+	}
+	l, err := partial.CompressedToLayer(&remoteLayer{
+		fetcher: *f,
+		digest:  h,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &MountableLayer{
+		Layer:     l,
+		Reference: ref,
+	}, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/list.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/list.go
new file mode 100644
index 00000000..e4a005aa
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/list.go
@@ -0,0 +1,146 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package remote
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
+)
+
+type tags struct {
+	Name string   `json:"name"`
+	Tags []string `json:"tags"`
+}
+
+// List wraps ListWithContext using the background context.
+func List(repo name.Repository, options ...Option) ([]string, error) {
+	return ListWithContext(context.Background(), repo, options...)
+}
+
+// ListWithContext calls /tags/list for the given repository, returning the list of tags
+// in the "tags" property.
+func ListWithContext(ctx context.Context, repo name.Repository, options ...Option) ([]string, error) {
+	o, err := makeOptions(repo, options...)
+	if err != nil {
+		return nil, err
+	}
+	scopes := []string{repo.Scope(transport.PullScope)}
+	tr, err := transport.NewWithContext(o.context, repo.Registry, o.auth, o.transport, scopes)
+	if err != nil {
+		return nil, err
+	}
+
+	uri := &url.URL{
+		Scheme: repo.Registry.Scheme(),
+		Host:   repo.Registry.RegistryStr(),
+		Path:   fmt.Sprintf("/v2/%s/tags/list", repo.RepositoryStr()),
+		// ECR returns an error if n > 1000:
+		// https://github.com/google/go-containerregistry/issues/681
+		RawQuery: "n=1000",
+	}
+
+	// This is lazy, but I want to make sure List(..., WithContext(ctx)) works
+	// without calling makeOptions() twice (which can have side effects).
+	// This means ListWithContext(ctx, ..., WithContext(ctx2)) prefers ctx2.
+	if o.context != context.Background() {
+		ctx = o.context
+	}
+
+	client := http.Client{Transport: tr}
+	tagList := []string{}
+	parsed := tags{}
+
+	// get responses until there is no next page
+	for {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		default:
+		}
+
+		req, err := http.NewRequest("GET", uri.String(), nil)
+		if err != nil {
+			return nil, err
+		}
+		req = req.WithContext(ctx)
+
+		resp, err := client.Do(req)
+		if err != nil {
+			return nil, err
+		}
+
+		if err := transport.CheckError(resp, http.StatusOK); err != nil {
+			return nil, err
+		}
+
+		if err := json.NewDecoder(resp.Body).Decode(&parsed); err != nil {
+			return nil, err
+		}
+
+		if err := resp.Body.Close(); err != nil {
+			return nil, err
+		}
+
+		tagList = append(tagList, parsed.Tags...)
+
+		uri, err = getNextPageURL(resp)
+		if err != nil {
+			return nil, err
+		}
+		// no next page
+		if uri == nil {
+			break
+		}
+	}
+
+	return tagList, nil
+}
+
+// getNextPageURL checks if there is a Link header in a http.Response which
+// contains a link to the next page. If yes it returns the url.URL of the next
+// page otherwise it returns nil.
+func getNextPageURL(resp *http.Response) (*url.URL, error) {
+	link := resp.Header.Get("Link")
+	if link == "" {
+		return nil, nil
+	}
+
+	if link[0] != '<' {
+		return nil, fmt.Errorf("failed to parse link header: missing '<' in: %s", link)
+	}
+
+	end := strings.Index(link, ">")
+	if end == -1 {
+		return nil, fmt.Errorf("failed to parse link header: missing '>' in: %s", link)
+	}
+	link = link[1:end]
+
+	linkURL, err := url.Parse(link)
+	if err != nil {
+		return nil, err
+	}
+	if resp.Request == nil || resp.Request.URL == nil {
+		return nil, nil
+	}
+	linkURL = resp.Request.URL.ResolveReference(linkURL)
+	return linkURL, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/mount.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/mount.go
new file mode 100644
index 00000000..2800b330
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/mount.go
@@ -0,0 +1,90 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package remote
+
+import (
+	"github.com/google/go-containerregistry/pkg/name"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/partial"
+)
+
+// MountableLayer wraps a v1.Layer in a shim that enables the layer to be
+// "mounted" when published to another registry.
+type MountableLayer struct {
+	v1.Layer
+
+	Reference name.Reference
+}
+
+// Descriptor retains the original descriptor from an image manifest.
+// See partial.Descriptor.
+func (ml *MountableLayer) Descriptor() (*v1.Descriptor, error) {
+	return partial.Descriptor(ml.Layer)
+}
+
+// mountableImage wraps the v1.Layer references returned by the embedded v1.Image
+// in MountableLayer's so that remote.Write might attempt to mount them from their
+// source repository.
+type mountableImage struct {
+	v1.Image
+
+	Reference name.Reference
+}
+
+// Layers implements v1.Image
+func (mi *mountableImage) Layers() ([]v1.Layer, error) {
+	ls, err := mi.Image.Layers()
+	if err != nil {
+		return nil, err
+	}
+	mls := make([]v1.Layer, 0, len(ls))
+	for _, l := range ls {
+		mls = append(mls, &MountableLayer{
+			Layer:     l,
+			Reference: mi.Reference,
+		})
+	}
+	return mls, nil
+}
+
+// LayerByDigest implements v1.Image
+func (mi *mountableImage) LayerByDigest(d v1.Hash) (v1.Layer, error) {
+	l, err := mi.Image.LayerByDigest(d)
+	if err != nil {
+		return nil, err
+	}
+	return &MountableLayer{
+		Layer:     l,
+		Reference: mi.Reference,
+	}, nil
+}
+
+// LayerByDiffID implements v1.Image
+func (mi *mountableImage) LayerByDiffID(d v1.Hash) (v1.Layer, error) {
+	l, err := mi.Image.LayerByDiffID(d)
+	if err != nil {
+		return nil, err
+	}
+	return &MountableLayer{
+		Layer:     l,
+		Reference: mi.Reference,
+	}, nil
+}
+
+// Descriptor retains the original descriptor from an index manifest.
+// See partial.Descriptor.
+func (mi *mountableImage) Descriptor() (*v1.Descriptor, error) {
+	return partial.Descriptor(mi.Image)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/multi_write.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/multi_write.go
new file mode 100644
index 00000000..803c2293
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/multi_write.go
@@ -0,0 +1,241 @@
+// Copyright 2020 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package remote
+
+import (
+	"fmt"
+	"net/http"
+
+	"github.com/google/go-containerregistry/pkg/name"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/partial"
+	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+	"golang.org/x/sync/errgroup"
+)
+
+// MultiWrite writes the given Images or ImageIndexes to the given refs, as
+// efficiently as possible, by deduping shared layer blobs and uploading layers
+// in parallel, then uploading all manifests in parallel.
+//
+// Current limitations:
+// - All refs must share the same repository.
+// - Images cannot consist of stream.Layers.
+func MultiWrite(m map[name.Reference]Taggable, options ...Option) error {
+	// Determine the repository being pushed to; if asked to push to
+	// multiple repositories, give up.
+	var repo, zero name.Repository
+	for ref := range m {
+		if repo == zero {
+			repo = ref.Context()
+		} else if ref.Context() != repo {
+			return fmt.Errorf("MultiWrite can only push to the same repository (saw %q and %q)", repo, ref.Context())
+		}
+	}
+
+	// Collect unique blobs (layers and config blobs).
+	blobs := map[v1.Hash]v1.Layer{}
+	newManifests := []map[name.Reference]Taggable{}
+	// Separate originally requested images and indexes, so we can push images first.
+	images, indexes := map[name.Reference]Taggable{}, map[name.Reference]Taggable{}
+	var err error
+	for ref, i := range m {
+		if img, ok := i.(v1.Image); ok {
+			images[ref] = i
+			if err := addImageBlobs(img, blobs); err != nil {
+				return err
+			}
+			continue
+		}
+		if idx, ok := i.(v1.ImageIndex); ok {
+			indexes[ref] = i
+			newManifests, err = addIndexBlobs(idx, blobs, repo, newManifests, 0)
+			if err != nil {
+				return err
+			}
+			continue
+		}
+		return fmt.Errorf("pushable resource was not Image or ImageIndex: %T", i)
+	}
+
+	o, err := makeOptions(repo, options...)
+	if err != nil {
+		return err
+	}
+	// Determine if any of the layers are Mountable, because if so we need
+	// to request Pull scope too.
+	ls := []v1.Layer{}
+	for _, l := range blobs {
+		ls = append(ls, l)
+	}
+	scopes := scopesForUploadingImage(repo, ls)
+	tr, err := transport.NewWithContext(o.context, repo.Registry, o.auth, o.transport, scopes)
+	if err != nil {
+		return err
+	}
+	w := writer{
+		repo:    repo,
+		client:  &http.Client{Transport: tr},
+		context: o.context,
+	}
+
+	// Upload individual blobs and collect any errors.
+	blobChan := make(chan v1.Layer, 2*o.jobs)
+	var g errgroup.Group
+	for i := 0; i < o.jobs; i++ {
+		// Start N workers consuming blobs to upload.
+		g.Go(func() error {
+			for b := range blobChan {
+				if err := w.uploadOne(b); err != nil {
+					return err
+				}
+			}
+			return nil
+		})
+	}
+	go func() {
+		for _, b := range blobs {
+			blobChan <- b
+		}
+		close(blobChan)
+	}()
+	if err := g.Wait(); err != nil {
+		return err
+	}
+
+	commitMany := func(m map[name.Reference]Taggable) error {
+		// With all of the constituent elements uploaded, upload the manifests
+		// to commit the images and indexes, and collect any errors.
+		type task struct {
+			i   Taggable
+			ref name.Reference
+		}
+		taskChan := make(chan task, 2*o.jobs)
+		for i := 0; i < o.jobs; i++ {
+			// Start N workers consuming tasks to upload manifests.
+			g.Go(func() error {
+				for t := range taskChan {
+					if err := w.commitManifest(t.i, t.ref); err != nil {
+						return err
+					}
+				}
+				return nil
+			})
+		}
+		go func() {
+			for ref, i := range m {
+				taskChan <- task{i, ref}
+			}
+			close(taskChan)
+		}()
+		return g.Wait()
+	}
+	// Push originally requested image manifests. These have no
+	// dependencies.
+	if err := commitMany(images); err != nil {
+		return err
+	}
+	// Push new manifests from lowest levels up.
+	for i := len(newManifests) - 1; i >= 0; i-- {
+		if err := commitMany(newManifests[i]); err != nil {
+			return err
+		}
+	}
+	// Push originally requested index manifests, which might depend on
+	// newly discovered manifests.
+	return commitMany(indexes)
+
+}
+
+// addIndexBlobs adds blobs to the set of blobs we intend to upload, and
+// returns the latest copy of the ordered collection of manifests to upload.
+func addIndexBlobs(idx v1.ImageIndex, blobs map[v1.Hash]v1.Layer, repo name.Repository, newManifests []map[name.Reference]Taggable, lvl int) ([]map[name.Reference]Taggable, error) {
+	if lvl > len(newManifests)-1 {
+		newManifests = append(newManifests, map[name.Reference]Taggable{})
+	}
+
+	im, err := idx.IndexManifest()
+	if err != nil {
+		return nil, err
+	}
+	for _, desc := range im.Manifests {
+		switch desc.MediaType {
+		case types.OCIImageIndex, types.DockerManifestList:
+			idx, err := idx.ImageIndex(desc.Digest)
+			if err != nil {
+				return nil, err
+			}
+			newManifests, err = addIndexBlobs(idx, blobs, repo, newManifests, lvl+1)
+			if err != nil {
+				return nil, err
+			}
+
+			// Also track the sub-index manifest to upload later by digest.
+			newManifests[lvl][repo.Digest(desc.Digest.String())] = idx
+		case types.OCIManifestSchema1, types.DockerManifestSchema2:
+			img, err := idx.Image(desc.Digest)
+			if err != nil {
+				return nil, err
+			}
+			if err := addImageBlobs(img, blobs); err != nil {
+				return nil, err
+			}
+
+			// Also track the sub-image manifest to upload later by digest.
+			newManifests[lvl][repo.Digest(desc.Digest.String())] = img
+		default:
+			return nil, fmt.Errorf("unknown media type: %v", desc.MediaType)
+		}
+	}
+	return newManifests, nil
+}
+
+func addImageBlobs(img v1.Image, blobs map[v1.Hash]v1.Layer) error {
+	ls, err := img.Layers()
+	if err != nil {
+		return err
+	}
+	// Collect all layers.
+	for _, l := range ls {
+		d, err := l.Digest()
+		if err != nil {
+			return err
+		}
+
+		// Ignore foreign layers.
+		mt, err := l.MediaType()
+		if err != nil {
+			return err
+		}
+		if !mt.IsDistributable() {
+			// TODO(jonjohnsonjr): Add "allow-nondistributable-artifacts" option.
+			continue
+		}
+
+		blobs[d] = l
+	}
+
+	// Collect config blob.
+	cl, err := partial.ConfigLayer(img)
+	if err != nil {
+		return err
+	}
+	cld, err := cl.Digest()
+	if err != nil {
+		return err
+	}
+	blobs[cld] = cl
+	return nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/options.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/options.go
new file mode 100644
index 00000000..c8697c82
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/options.go
@@ -0,0 +1,175 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package remote
+
+import (
+	"context"
+	"errors"
+	"net/http"
+
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/logs"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
+)
+
+// Option is a functional option for remote operations.
+type Option func(*options) error
+
+type options struct {
+	auth      authn.Authenticator
+	keychain  authn.Keychain
+	transport http.RoundTripper
+	platform  v1.Platform
+	context   context.Context
+	jobs      int
+	userAgent string
+}
+
+var defaultPlatform = v1.Platform{
+	Architecture: "amd64",
+	OS:           "linux",
+}
+
+const defaultJobs = 4
+
+func makeOptions(target authn.Resource, opts ...Option) (*options, error) {
+	o := &options{
+		auth:      authn.Anonymous,
+		transport: http.DefaultTransport,
+		platform:  defaultPlatform,
+		context:   context.Background(),
+		jobs:      defaultJobs,
+	}
+
+	for _, option := range opts {
+		if err := option(o); err != nil {
+			return nil, err
+		}
+	}
+
+	if o.keychain != nil {
+		auth, err := o.keychain.Resolve(target)
+		if err != nil {
+			return nil, err
+		}
+		if auth == authn.Anonymous {
+			logs.Warn.Println("No matching credentials were found, falling back on anonymous")
+		}
+		o.auth = auth
+	}
+
+	// Wrap the transport in something that logs requests and responses.
+	// It's expensive to generate the dumps, so skip it if we're writing
+	// to nothing.
+	if logs.Enabled(logs.Debug) {
+		o.transport = transport.NewLogger(o.transport)
+	}
+
+	// Wrap the transport in something that can retry network flakes.
+	o.transport = transport.NewRetry(o.transport)
+
+	// Wrap this last to prevent transport.New from double-wrapping.
+	if o.userAgent != "" {
+		o.transport = transport.NewUserAgent(o.transport, o.userAgent)
+	}
+
+	return o, nil
+}
+
+// WithTransport is a functional option for overriding the default transport
+// for remote operations.
+//
+// The default transport its http.DefaultTransport.
+func WithTransport(t http.RoundTripper) Option {
+	return func(o *options) error {
+		o.transport = t
+		return nil
+	}
+}
+
+// WithAuth is a functional option for overriding the default authenticator
+// for remote operations.
+//
+// The default authenticator is authn.Anonymous.
+func WithAuth(auth authn.Authenticator) Option {
+	return func(o *options) error {
+		o.auth = auth
+		return nil
+	}
+}
+
+// WithAuthFromKeychain is a functional option for overriding the default
+// authenticator for remote operations, using an authn.Keychain to find
+// credentials.
+//
+// The default authenticator is authn.Anonymous.
+func WithAuthFromKeychain(keys authn.Keychain) Option {
+	return func(o *options) error {
+		o.keychain = keys
+		return nil
+	}
+}
+
+// WithPlatform is a functional option for overriding the default platform
+// that Image and Descriptor.Image use for resolving an index to an image.
+//
+// The default platform is amd64/linux.
+func WithPlatform(p v1.Platform) Option {
+	return func(o *options) error {
+		o.platform = p
+		return nil
+	}
+}
+
+// WithContext is a functional option for setting the context in http requests
+// performed by a given function. Note that this context is used for _all_
+// http requests, not just the initial volley. E.g., for remote.Image, the
+// context will be set on http requests generated by subsequent calls to
+// RawConfigFile() and even methods on layers returned by Layers().
+//
+// The default context is context.Background().
+func WithContext(ctx context.Context) Option {
+	return func(o *options) error {
+		o.context = ctx
+		return nil
+	}
+}
+
+// WithJobs is a functional option for setting the parallelism of remote
+// operations performed by a given function. Note that not all remote
+// operations support parallelism.
+//
+// The default value is 4.
+func WithJobs(jobs int) Option {
+	return func(o *options) error {
+		if jobs <= 0 {
+			return errors.New("jobs must be greater than zero")
+		}
+		o.jobs = jobs
+		return nil
+	}
+}
+
+// WithUserAgent adds the given string to the User-Agent header for any HTTP
+// requests. This header will also include "go-containerregistry/${version}".
+//
+// If you want to completely overwrite the User-Agent header, use WithTransport.
+func WithUserAgent(ua string) Option {
+	return func(o *options) error {
+		o.userAgent = ua
+		return nil
+	}
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/README.md b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/README.md
new file mode 100644
index 00000000..bd4d957b
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/README.md
@@ -0,0 +1,129 @@
+# `transport`
+
+[![GoDoc](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/transport?status.svg)](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/transport)
+
+The [distribution protocol](https://github.com/opencontainers/distribution-spec) is fairly simple, but correctly [implementing authentication](../../../authn/README.md) is **hard**.
+
+This package [implements](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/remote/transport#New) an [`http.RoundTripper`](https://godoc.org/net/http#RoundTripper)
+that transparently performs:
+* [Token
+Authentication](https://docs.docker.com/registry/spec/auth/token/) and
+* [OAuth2
+Authentication](https://docs.docker.com/registry/spec/auth/oauth/)
+
+for registry clients.
+
+## Raison d'être
+
+> Why not just use the [`docker/distribution`](https://godoc.org/github.com/docker/distribution/registry/client/auth) client?
+
+Great question! Mostly, because I don't want to depend on [`prometheus/client_golang`](https://github.com/prometheus/client_golang).
+
+As a performance optimization, that client uses [a cache](https://github.com/docker/distribution/blob/a8371794149d1d95f1e846744b05c87f2f825e5a/registry/client/repository.go#L173) to keep track of a mapping between blob digests and their [descriptors](https://github.com/docker/distribution/blob/a8371794149d1d95f1e846744b05c87f2f825e5a/blobs.go#L57-L86). Unfortunately, the cache [uses prometheus](https://github.com/docker/distribution/blob/a8371794149d1d95f1e846744b05c87f2f825e5a/registry/storage/cache/cachedblobdescriptorstore.go#L44) to track hits and misses, so if you want to use that client you have to pull in all of prometheus, which is pretty large.
+
+![docker/distribution](../../../../images/docker.dot.svg)
+
+> Why does it matter if you depend on prometheus? Who cares?
+
+It's generally polite to your downstream to reduce the number of dependencies your package requires:
+
+* Downloading your package is faster, which helps our Australian friends and people on airplanes.
+* There is less code to compile, which speeds up builds and saves the planet from global warming.
+* You reduce the likelihood of inflicting dependency hell upon your consumers.
+* [Tim Hockin](https://twitter.com/thockin/status/958606077456654336) prefers it based on his experience working on Kubernetes, and he's a pretty smart guy.
+
+> Okay, what about [`containerd/containerd`](https://godoc.org/github.com/containerd/containerd/remotes/docker)?
+
+Similar reasons! That ends up pulling in grpc, protobuf, and logrus.
+
+![containerd/containerd](../../../../images/containerd.dot.svg)
+
+> Well... what about [`containers/image`](https://godoc.org/github.com/containers/image/docker)?
+
+That just uses the the `docker/distribution` client... and more!
+
+![containers/image](../../../../images/containers.dot.svg)
+
+> Wow, what about this package?
+
+Of course, this package isn't perfect either. `transport` depends on `authn`,
+which in turn depends on docker's config file parsing and handling package,
+which you don't strictly need but almost certainly want if you're going to be
+interacting with a registry.
+
+![google/go-containerregistry](../../../../images/ggcr.dot.svg)
+
+*These graphs were generated by
+[`kisielk/godepgraph`](https://github.com/kisielk/godepgraph).*
+
+## Usage
+
+This is heavily used by the
+[`remote`](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/remote)
+package, which implements higher level image-centric functionality, but this
+package is useful if you want to interact directly with the registry to do
+something that `remote` doesn't support, e.g. [to handle with schema 1
+images](https://github.com/google/go-containerregistry/pull/509).
+
+This package also includes some [error
+handling](https://github.com/opencontainers/distribution-spec/blob/60be706c34ee7805bdd1d3d11affec53b0dfb8fb/spec.md#errors)
+facilities in the form of
+[`CheckError`](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/remote/transport#CheckError),
+which will parse the response body into a structured error for unexpected http
+status codes.
+
+Here's a "simple" program that writes the result of
+[listing tags](https://github.com/opencontainers/distribution-spec/blob/60be706c34ee7805bdd1d3d11affec53b0dfb8fb/spec.md#tags)
+for [`gcr.io/google-containers/pause`](https://gcr.io/google-containers/pause)
+to stdout.
+
+```go
+package main
+
+import (
+	"io"
+	"net/http"
+	"os"
+
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
+)
+
+func main() {
+	repo, err := name.NewRepository("gcr.io/google-containers/pause")
+	if err != nil {
+		panic(err)
+	}
+
+	// Fetch credentials based on your docker config file, which is $HOME/.docker/config.json or $DOCKER_CONFIG.
+	auth, err := authn.DefaultKeychain.Resolve(repo.Registry)
+	if err != nil {
+		panic(err)
+	}
+
+	// Construct an http.Client that is authorized to pull from gcr.io/google-containers/pause.
+	scopes := []string{repo.Scope(transport.PullScope)}
+	t, err := transport.New(repo.Registry, auth, http.DefaultTransport, scopes)
+	if err != nil {
+		panic(err)
+	}
+	client := &http.Client{Transport: t}
+
+	// Make the actual request.
+	resp, err := client.Get("https://gcr.io/v2/google-containers/pause/tags/list")
+	if err != nil {
+		panic(err)
+	}
+
+	// Assert that we get a 200, otherwise attempt to parse body as a structured error.
+	if err := transport.CheckError(resp, http.StatusOK); err != nil {
+		panic(err)
+	}
+
+	// Write the response to stdout.
+	if _, err := io.Copy(os.Stdout, resp.Body); err != nil {
+		panic(err)
+	}
+}
+```
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/basic.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/basic.go
new file mode 100644
index 00000000..fdb362b7
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/basic.go
@@ -0,0 +1,62 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package transport
+
+import (
+	"encoding/base64"
+	"fmt"
+	"net/http"
+
+	"github.com/google/go-containerregistry/pkg/authn"
+)
+
+type basicTransport struct {
+	inner  http.RoundTripper
+	auth   authn.Authenticator
+	target string
+}
+
+var _ http.RoundTripper = (*basicTransport)(nil)
+
+// RoundTrip implements http.RoundTripper
+func (bt *basicTransport) RoundTrip(in *http.Request) (*http.Response, error) {
+	if bt.auth != authn.Anonymous {
+		auth, err := bt.auth.Authorization()
+		if err != nil {
+			return nil, err
+		}
+
+		// http.Client handles redirects at a layer above the http.RoundTripper
+		// abstraction, so to avoid forwarding Authorization headers to places
+		// we are redirected, only set it when the authorization header matches
+		// the host with which we are interacting.
+		// In case of redirect http.Client can use an empty Host, check URL too.
+		if in.Host == bt.target || in.URL.Host == bt.target {
+			if bearer := auth.RegistryToken; bearer != "" {
+				hdr := fmt.Sprintf("Bearer %s", bearer)
+				in.Header.Set("Authorization", hdr)
+			} else if user, pass := auth.Username, auth.Password; user != "" && pass != "" {
+				delimited := fmt.Sprintf("%s:%s", user, pass)
+				encoded := base64.StdEncoding.EncodeToString([]byte(delimited))
+				hdr := fmt.Sprintf("Basic %s", encoded)
+				in.Header.Set("Authorization", hdr)
+			} else if token := auth.Auth; token != "" {
+				hdr := fmt.Sprintf("Basic %s", token)
+				in.Header.Set("Authorization", hdr)
+			}
+		}
+	}
+	return bt.inner.RoundTrip(in)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go
new file mode 100644
index 00000000..cd05509e
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/bearer.go
@@ -0,0 +1,308 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package transport
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/url"
+	"strings"
+
+	authchallenge "github.com/docker/distribution/registry/client/auth/challenge"
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/internal/redact"
+	"github.com/google/go-containerregistry/pkg/name"
+)
+
+type bearerTransport struct {
+	// Wrapped by bearerTransport.
+	inner http.RoundTripper
+	// Basic credentials that we exchange for bearer tokens.
+	basic authn.Authenticator
+	// Holds the bearer response from the token service.
+	bearer authn.AuthConfig
+	// Registry to which we send bearer tokens.
+	registry name.Registry
+	// See https://tools.ietf.org/html/rfc6750#section-3
+	realm string
+	// See https://docs.docker.com/registry/spec/auth/token/
+	service string
+	scopes  []string
+	// Scheme we should use, determined by ping response.
+	scheme string
+}
+
+var _ http.RoundTripper = (*bearerTransport)(nil)
+
+var portMap = map[string]string{
+	"http":  "80",
+	"https": "443",
+}
+
+func stringSet(ss []string) map[string]struct{} {
+	set := make(map[string]struct{})
+	for _, s := range ss {
+		set[s] = struct{}{}
+	}
+	return set
+}
+
+// RoundTrip implements http.RoundTripper
+func (bt *bearerTransport) RoundTrip(in *http.Request) (*http.Response, error) {
+	sendRequest := func() (*http.Response, error) {
+		// http.Client handles redirects at a layer above the http.RoundTripper
+		// abstraction, so to avoid forwarding Authorization headers to places
+		// we are redirected, only set it when the authorization header matches
+		// the registry with which we are interacting.
+		// In case of redirect http.Client can use an empty Host, check URL too.
+		if matchesHost(bt.registry, in, bt.scheme) {
+			hdr := fmt.Sprintf("Bearer %s", bt.bearer.RegistryToken)
+			in.Header.Set("Authorization", hdr)
+		}
+		return bt.inner.RoundTrip(in)
+	}
+
+	res, err := sendRequest()
+	if err != nil {
+		return nil, err
+	}
+
+	// If we hit a WWW-Authenticate challenge, it might be due to expired tokens or insufficient scope.
+	if challenges := authchallenge.ResponseChallenges(res); len(challenges) != 0 {
+		for _, wac := range challenges {
+			// TODO(jonjohnsonjr): Should we also update "realm" or "service"?
+			if scope, ok := wac.Parameters["scope"]; ok {
+				// From https://tools.ietf.org/html/rfc6750#section-3
+				// The "scope" attribute is defined in Section 3.3 of [RFC6749].  The
+				// "scope" attribute is a space-delimited list of case-sensitive scope
+				// values indicating the required scope of the access token for
+				// accessing the requested resource.
+				scopes := strings.Split(scope, " ")
+
+				// Add any scopes that we don't already request.
+				got := stringSet(bt.scopes)
+				for _, want := range scopes {
+					if _, ok := got[want]; !ok {
+						bt.scopes = append(bt.scopes, want)
+					}
+				}
+			}
+		}
+
+		// TODO(jonjohnsonjr): Teach transport.Error about "error" and "error_description" from challenge.
+
+		// Retry the request to attempt to get a valid token.
+		if err = bt.refresh(in.Context()); err != nil {
+			return nil, err
+		}
+		return sendRequest()
+	}
+
+	return res, err
+}
+
+// It's unclear which authentication flow to use based purely on the protocol,
+// so we rely on heuristics and fallbacks to support as many registries as possible.
+// The basic token exchange is attempted first, falling back to the oauth flow.
+// If the IdentityToken is set, this indicates that we should start with the oauth flow.
+func (bt *bearerTransport) refresh(ctx context.Context) error {
+	auth, err := bt.basic.Authorization()
+	if err != nil {
+		return err
+	}
+
+	if auth.RegistryToken != "" {
+		bt.bearer.RegistryToken = auth.RegistryToken
+		return nil
+	}
+
+	var content []byte
+	if auth.IdentityToken != "" {
+		// If the secret being stored is an identity token,
+		// the Username should be set to <token>, which indicates
+		// we are using an oauth flow.
+		content, err = bt.refreshOauth(ctx)
+		if terr, ok := err.(*Error); ok && terr.StatusCode == http.StatusNotFound {
+			// Note: Not all token servers implement oauth2.
+			// If the request to the endpoint returns 404 using the HTTP POST method,
+			// refer to Token Documentation for using the HTTP GET method supported by all token servers.
+			content, err = bt.refreshBasic(ctx)
+		}
+	} else {
+		content, err = bt.refreshBasic(ctx)
+	}
+	if err != nil {
+		return err
+	}
+
+	// Some registries don't have "token" in the response. See #54.
+	type tokenResponse struct {
+		Token        string `json:"token"`
+		AccessToken  string `json:"access_token"`
+		RefreshToken string `json:"refresh_token"`
+		// TODO: handle expiry?
+	}
+
+	var response tokenResponse
+	if err := json.Unmarshal(content, &response); err != nil {
+		return err
+	}
+
+	// Some registries set access_token instead of token.
+	if response.AccessToken != "" {
+		response.Token = response.AccessToken
+	}
+
+	// Find a token to turn into a Bearer authenticator
+	if response.Token != "" {
+		bt.bearer.RegistryToken = response.Token
+	} else {
+		return fmt.Errorf("no token in bearer response:\n%s", content)
+	}
+
+	// If we obtained a refresh token from the oauth flow, use that for refresh() now.
+	if response.RefreshToken != "" {
+		bt.basic = authn.FromConfig(authn.AuthConfig{
+			IdentityToken: response.RefreshToken,
+		})
+	}
+
+	return nil
+}
+
+func matchesHost(reg name.Registry, in *http.Request, scheme string) bool {
+	canonicalHeaderHost := canonicalAddress(in.Host, scheme)
+	canonicalURLHost := canonicalAddress(in.URL.Host, scheme)
+	canonicalRegistryHost := canonicalAddress(reg.RegistryStr(), scheme)
+	return canonicalHeaderHost == canonicalRegistryHost || canonicalURLHost == canonicalRegistryHost
+}
+
+func canonicalAddress(host, scheme string) (address string) {
+	// The host may be any one of:
+	// - hostname
+	// - hostname:port
+	// - ipv4
+	// - ipv4:port
+	// - ipv6
+	// - [ipv6]:port
+	// As net.SplitHostPort returns an error if the host does not contain a port, we should only attempt
+	// to call it when we know that the address contains a port
+	if strings.Count(host, ":") == 1 || (strings.Count(host, ":") >= 2 && strings.Contains(host, "]:")) {
+		hostname, port, err := net.SplitHostPort(host)
+		if err != nil {
+			return host
+		}
+		if port == "" {
+			port = portMap[scheme]
+		}
+
+		return net.JoinHostPort(hostname, port)
+	}
+
+	return net.JoinHostPort(host, portMap[scheme])
+}
+
+// https://docs.docker.com/registry/spec/auth/oauth/
+func (bt *bearerTransport) refreshOauth(ctx context.Context) ([]byte, error) {
+	auth, err := bt.basic.Authorization()
+	if err != nil {
+		return nil, err
+	}
+
+	u, err := url.Parse(bt.realm)
+	if err != nil {
+		return nil, err
+	}
+
+	v := url.Values{}
+	v.Set("scope", strings.Join(bt.scopes, " "))
+	v.Set("service", bt.service)
+	v.Set("client_id", defaultUserAgent)
+	if auth.IdentityToken != "" {
+		v.Set("grant_type", "refresh_token")
+		v.Set("refresh_token", auth.IdentityToken)
+	} else if auth.Username != "" && auth.Password != "" {
+		// TODO(#629): This is unreachable.
+		v.Set("grant_type", "password")
+		v.Set("username", auth.Username)
+		v.Set("password", auth.Password)
+		v.Set("access_type", "offline")
+	}
+
+	client := http.Client{Transport: bt.inner}
+	req, err := http.NewRequest(http.MethodPost, u.String(), strings.NewReader(v.Encode()))
+	if err != nil {
+		return nil, err
+	}
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+
+	// We don't want to log credentials.
+	ctx = redact.NewContext(ctx, "oauth token response contains credentials")
+
+	resp, err := client.Do(req.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if err := CheckError(resp, http.StatusOK); err != nil {
+		return nil, err
+	}
+
+	return ioutil.ReadAll(resp.Body)
+}
+
+// https://docs.docker.com/registry/spec/auth/token/
+func (bt *bearerTransport) refreshBasic(ctx context.Context) ([]byte, error) {
+	u, err := url.Parse(bt.realm)
+	if err != nil {
+		return nil, err
+	}
+	b := &basicTransport{
+		inner:  bt.inner,
+		auth:   bt.basic,
+		target: u.Host,
+	}
+	client := http.Client{Transport: b}
+
+	v := u.Query()
+	v["scope"] = bt.scopes
+	v.Set("service", bt.service)
+	u.RawQuery = v.Encode()
+
+	req, err := http.NewRequest(http.MethodGet, u.String(), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	// We don't want to log credentials.
+	ctx = redact.NewContext(ctx, "basic token response contains credentials")
+
+	resp, err := client.Do(req.WithContext(ctx))
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	if err := CheckError(resp, http.StatusOK); err != nil {
+		return nil, err
+	}
+
+	return ioutil.ReadAll(resp.Body)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/doc.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/doc.go
new file mode 100644
index 00000000..ff7025b5
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/doc.go
@@ -0,0 +1,18 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package transport provides facilities for setting up an authenticated
+// http.RoundTripper given an Authenticator and base RoundTripper.  See
+// transport.New for more information.
+package transport
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/error.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/error.go
new file mode 100644
index 00000000..dba7d841
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/error.go
@@ -0,0 +1,189 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package transport
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+// The set of query string keys that we expect to send as part of the registry
+// protocol. Anything else is potentially dangerous to leak, as it's probably
+// from a redirect. These redirects often included tokens or signed URLs.
+var paramWhitelist = map[string]struct{}{
+	// Token exchange
+	"scope":   {},
+	"service": {},
+	// Cross-repo mounting
+	"mount": {},
+	"from":  {},
+	// Layer PUT
+	"digest": {},
+	// Listing tags and catalog
+	"n":    {},
+	"last": {},
+}
+
+// Error implements error to support the following error specification:
+// https://github.com/docker/distribution/blob/master/docs/spec/api.md#errors
+type Error struct {
+	Errors []Diagnostic `json:"errors,omitempty"`
+	// The http status code returned.
+	StatusCode int
+	// The raw body if we couldn't understand it.
+	rawBody string
+	// The request that failed.
+	request *http.Request
+}
+
+// Check that Error implements error
+var _ error = (*Error)(nil)
+
+// Error implements error
+func (e *Error) Error() string {
+	prefix := ""
+	if e.request != nil {
+		prefix = fmt.Sprintf("%s %s: ", e.request.Method, redactURL(e.request.URL))
+	}
+	return prefix + e.responseErr()
+}
+
+func (e *Error) responseErr() string {
+	switch len(e.Errors) {
+	case 0:
+		if len(e.rawBody) == 0 {
+			if e.request != nil && e.request.Method == http.MethodHead {
+				return fmt.Sprintf("unexpected status code %d %s (HEAD responses have no body, use GET for details)", e.StatusCode, http.StatusText(e.StatusCode))
+			}
+			return fmt.Sprintf("unexpected status code %d %s", e.StatusCode, http.StatusText(e.StatusCode))
+		}
+		return fmt.Sprintf("unexpected status code %d %s: %s", e.StatusCode, http.StatusText(e.StatusCode), e.rawBody)
+	case 1:
+		return e.Errors[0].String()
+	default:
+		var errors []string
+		for _, d := range e.Errors {
+			errors = append(errors, d.String())
+		}
+		return fmt.Sprintf("multiple errors returned: %s",
+			strings.Join(errors, "; "))
+	}
+}
+
+// Temporary returns whether the request that preceded the error is temporary.
+func (e *Error) Temporary() bool {
+	if len(e.Errors) == 0 {
+		return false
+	}
+	for _, d := range e.Errors {
+		if _, ok := temporaryErrorCodes[d.Code]; !ok {
+			return false
+		}
+	}
+	return true
+}
+
+// TODO(jonjohnsonjr): Consider moving to pkg/internal/redact.
+func redactURL(original *url.URL) *url.URL {
+	qs := original.Query()
+	for k, v := range qs {
+		for i := range v {
+			if _, ok := paramWhitelist[k]; !ok {
+				// key is not in the whitelist
+				v[i] = "REDACTED"
+			}
+		}
+	}
+	redacted := *original
+	redacted.RawQuery = qs.Encode()
+	return &redacted
+}
+
+// Diagnostic represents a single error returned by a Docker registry interaction.
+type Diagnostic struct {
+	Code    ErrorCode   `json:"code"`
+	Message string      `json:"message,omitempty"`
+	Detail  interface{} `json:"detail,omitempty"`
+}
+
+// String stringifies the Diagnostic in the form: $Code: $Message[; $Detail]
+func (d Diagnostic) String() string {
+	msg := fmt.Sprintf("%s: %s", d.Code, d.Message)
+	if d.Detail != nil {
+		msg = fmt.Sprintf("%s; %v", msg, d.Detail)
+	}
+	return msg
+}
+
+// ErrorCode is an enumeration of supported error codes.
+type ErrorCode string
+
+// The set of error conditions a registry may return:
+// https://github.com/docker/distribution/blob/master/docs/spec/api.md#errors-2
+const (
+	BlobUnknownErrorCode         ErrorCode = "BLOB_UNKNOWN"
+	BlobUploadInvalidErrorCode   ErrorCode = "BLOB_UPLOAD_INVALID"
+	BlobUploadUnknownErrorCode   ErrorCode = "BLOB_UPLOAD_UNKNOWN"
+	DigestInvalidErrorCode       ErrorCode = "DIGEST_INVALID"
+	ManifestBlobUnknownErrorCode ErrorCode = "MANIFEST_BLOB_UNKNOWN"
+	ManifestInvalidErrorCode     ErrorCode = "MANIFEST_INVALID"
+	ManifestUnknownErrorCode     ErrorCode = "MANIFEST_UNKNOWN"
+	ManifestUnverifiedErrorCode  ErrorCode = "MANIFEST_UNVERIFIED"
+	NameInvalidErrorCode         ErrorCode = "NAME_INVALID"
+	NameUnknownErrorCode         ErrorCode = "NAME_UNKNOWN"
+	SizeInvalidErrorCode         ErrorCode = "SIZE_INVALID"
+	TagInvalidErrorCode          ErrorCode = "TAG_INVALID"
+	UnauthorizedErrorCode        ErrorCode = "UNAUTHORIZED"
+	DeniedErrorCode              ErrorCode = "DENIED"
+	UnsupportedErrorCode         ErrorCode = "UNSUPPORTED"
+	TooManyRequestsErrorCode     ErrorCode = "TOOMANYREQUESTS"
+)
+
+// TODO: Include other error types.
+var temporaryErrorCodes = map[ErrorCode]struct{}{
+	BlobUploadInvalidErrorCode: {},
+	TooManyRequestsErrorCode:   {},
+}
+
+// CheckError returns a structured error if the response status is not in codes.
+func CheckError(resp *http.Response, codes ...int) error {
+	for _, code := range codes {
+		if resp.StatusCode == code {
+			// This is one of the supported status codes.
+			return nil
+		}
+	}
+	b, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+
+	// https://github.com/docker/distribution/blob/master/docs/spec/api.md#errors
+	structuredError := &Error{}
+
+	// This can fail if e.g. the response body is not valid JSON. That's fine,
+	// we'll construct an appropriate error string from the body and status code.
+	_ = json.Unmarshal(b, structuredError)
+
+	structuredError.rawBody = string(b)
+	structuredError.StatusCode = resp.StatusCode
+	structuredError.request = resp.Request
+
+	return structuredError
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/logger.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/logger.go
new file mode 100644
index 00000000..b7e0c60d
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/logger.go
@@ -0,0 +1,91 @@
+// Copyright 2020 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package transport
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httputil"
+	"time"
+
+	"github.com/google/go-containerregistry/pkg/internal/redact"
+	"github.com/google/go-containerregistry/pkg/logs"
+)
+
+type logTransport struct {
+	inner http.RoundTripper
+}
+
+// NewLogger returns a transport that logs requests and responses to
+// github.com/google/go-containerregistry/pkg/logs.Debug.
+func NewLogger(inner http.RoundTripper) http.RoundTripper {
+	return &logTransport{inner}
+}
+
+func (t *logTransport) RoundTrip(in *http.Request) (out *http.Response, err error) {
+	// Inspired by: github.com/motemen/go-loghttp
+
+	// We redact token responses and binary blobs in response/request.
+	omitBody, reason := redact.FromContext(in.Context())
+	if omitBody {
+		logs.Debug.Printf("--> %s %s [body redacted: %s]", in.Method, in.URL, reason)
+	} else {
+		logs.Debug.Printf("--> %s %s", in.Method, in.URL)
+	}
+
+	// Save these headers so we can redact Authorization.
+	savedHeaders := in.Header.Clone()
+	if in.Header != nil {
+		in.Header.Set("authorization", "<redacted>")
+	}
+
+	b, err := httputil.DumpRequestOut(in, !omitBody)
+	if err == nil {
+		logs.Debug.Println(string(b))
+	} else {
+		logs.Debug.Printf("Failed to dump request %s %s: %v", in.Method, in.URL, err)
+	}
+
+	// Restore the non-redacted headers.
+	in.Header = savedHeaders
+
+	start := time.Now()
+	out, err = t.inner.RoundTrip(in)
+	duration := time.Since(start)
+	if err != nil {
+		logs.Debug.Printf("<-- %v %s %s (%s)", err, in.Method, in.URL, duration)
+	}
+	if out != nil {
+		msg := fmt.Sprintf("<-- %d", out.StatusCode)
+		if out.Request != nil {
+			msg = fmt.Sprintf("%s %s", msg, out.Request.URL)
+		}
+		msg = fmt.Sprintf("%s (%s)", msg, duration)
+
+		if omitBody {
+			msg = fmt.Sprintf("%s [body redacted: %s]", msg, reason)
+		}
+
+		logs.Debug.Print(msg)
+
+		b, err := httputil.DumpResponse(out, !omitBody)
+		if err == nil {
+			logs.Debug.Println(string(b))
+		} else {
+			logs.Debug.Printf("Failed to dump response %s %s: %v", in.Method, in.URL, err)
+		}
+	}
+	return
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/ping.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/ping.go
new file mode 100644
index 00000000..6ed1d464
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/ping.go
@@ -0,0 +1,128 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package transport
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"strings"
+
+	authchallenge "github.com/docker/distribution/registry/client/auth/challenge"
+	"github.com/google/go-containerregistry/pkg/name"
+)
+
+type challenge string
+
+const (
+	anonymous challenge = "anonymous"
+	basic     challenge = "basic"
+	bearer    challenge = "bearer"
+)
+
+type pingResp struct {
+	challenge challenge
+
+	// Following the challenge there are often key/value pairs
+	// e.g. Bearer service="gcr.io",realm="https://auth.gcr.io/v36/tokenz"
+	parameters map[string]string
+
+	// The registry's scheme to use. Communicates whether we fell back to http.
+	scheme string
+}
+
+func (c challenge) Canonical() challenge {
+	return challenge(strings.ToLower(string(c)))
+}
+
+func parseChallenge(suffix string) map[string]string {
+	kv := make(map[string]string)
+	for _, token := range strings.Split(suffix, ",") {
+		// Trim any whitespace around each token.
+		token = strings.Trim(token, " ")
+
+		// Break the token into a key/value pair
+		if parts := strings.SplitN(token, "=", 2); len(parts) == 2 {
+			// Unquote the value, if it is quoted.
+			kv[parts[0]] = strings.Trim(parts[1], `"`)
+		} else {
+			// If there was only one part, treat is as a key with an empty value
+			kv[token] = ""
+		}
+	}
+	return kv
+}
+
+func ping(ctx context.Context, reg name.Registry, t http.RoundTripper) (*pingResp, error) {
+	client := http.Client{Transport: t}
+
+	// This first attempts to use "https" for every request, falling back to http
+	// if the registry matches our localhost heuristic or if it is intentionally
+	// set to insecure via name.NewInsecureRegistry.
+	schemes := []string{"https"}
+	if reg.Scheme() == "http" {
+		schemes = append(schemes, "http")
+	}
+
+	var connErr error
+	for _, scheme := range schemes {
+		url := fmt.Sprintf("%s://%s/v2/", scheme, reg.Name())
+		req, err := http.NewRequest(http.MethodGet, url, nil)
+		if err != nil {
+			return nil, err
+		}
+		resp, err := client.Do(req.WithContext(ctx))
+		if err != nil {
+			connErr = err
+			// Potentially retry with http.
+			continue
+		}
+		defer func() {
+			// By draining the body, make sure to reuse the connection made by
+			// the ping for the following access to the registry
+			io.Copy(ioutil.Discard, resp.Body)
+			resp.Body.Close()
+		}()
+
+		switch resp.StatusCode {
+		case http.StatusOK:
+			// If we get a 200, then no authentication is needed.
+			return &pingResp{
+				challenge: anonymous,
+				scheme:    scheme,
+			}, nil
+		case http.StatusUnauthorized:
+			if challenges := authchallenge.ResponseChallenges(resp); len(challenges) != 0 {
+				// If we hit more than one, I'm not even sure what to do.
+				wac := challenges[0]
+				return &pingResp{
+					challenge:  challenge(wac.Scheme).Canonical(),
+					parameters: wac.Parameters,
+					scheme:     scheme,
+				}, nil
+			}
+			// Otherwise, just return the challenge without parameters.
+			return &pingResp{
+				challenge: challenge(resp.Header.Get("WWW-Authenticate")).Canonical(),
+				scheme:    scheme,
+			}, nil
+		default:
+			return nil, CheckError(resp, http.StatusOK, http.StatusUnauthorized)
+		}
+	}
+	return nil, connErr
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/retry.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/retry.go
new file mode 100644
index 00000000..672622b6
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/retry.go
@@ -0,0 +1,88 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package transport
+
+import (
+	"net/http"
+	"time"
+
+	"github.com/google/go-containerregistry/pkg/internal/retry"
+)
+
+// Sleep for 0.1, 0.3, 0.9, 2.7 seconds. This should cover networking blips.
+var defaultBackoff = retry.Backoff{
+	Duration: 100 * time.Millisecond,
+	Factor:   3.0,
+	Jitter:   0.1,
+	Steps:    5,
+}
+
+var _ http.RoundTripper = (*retryTransport)(nil)
+
+// retryTransport wraps a RoundTripper and retries temporary network errors.
+type retryTransport struct {
+	inner     http.RoundTripper
+	backoff   retry.Backoff
+	predicate retry.Predicate
+}
+
+// Option is a functional option for retryTransport.
+type Option func(*options)
+
+type options struct {
+	backoff   retry.Backoff
+	predicate retry.Predicate
+}
+
+// WithRetryBackoff sets the backoff for retry operations.
+func WithRetryBackoff(backoff retry.Backoff) Option {
+	return func(o *options) {
+		o.backoff = backoff
+	}
+}
+
+// WithRetryPredicate sets the predicate for retry operations.
+func WithRetryPredicate(predicate func(error) bool) Option {
+	return func(o *options) {
+		o.predicate = predicate
+	}
+}
+
+// NewRetry returns a transport that retries errors.
+func NewRetry(inner http.RoundTripper, opts ...Option) http.RoundTripper {
+	o := &options{
+		backoff:   defaultBackoff,
+		predicate: retry.IsTemporary,
+	}
+
+	for _, opt := range opts {
+		opt(o)
+	}
+
+	return &retryTransport{
+		inner:     inner,
+		backoff:   o.backoff,
+		predicate: o.predicate,
+	}
+}
+
+func (t *retryTransport) RoundTrip(in *http.Request) (out *http.Response, err error) {
+	roundtrip := func() error {
+		out, err = t.inner.RoundTrip(in)
+		return err
+	}
+	retry.Retry(roundtrip, t.predicate, t.backoff)
+	return
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/schemer.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/schemer.go
new file mode 100644
index 00000000..d70b6a85
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/schemer.go
@@ -0,0 +1,44 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package transport
+
+import (
+	"net/http"
+
+	"github.com/google/go-containerregistry/pkg/name"
+)
+
+type schemeTransport struct {
+	// Scheme we should use, determined by ping response.
+	scheme string
+
+	// Registry we're talking to.
+	registry name.Registry
+
+	// Wrapped by schemeTransport.
+	inner http.RoundTripper
+}
+
+// RoundTrip implements http.RoundTripper
+func (st *schemeTransport) RoundTrip(in *http.Request) (*http.Response, error) {
+	// When we ping() the registry, we determine whether to use http or https
+	// based on which scheme was successful. That is only valid for the
+	// registry server and not e.g. a separate token server or blob storage,
+	// so we should only override the scheme if the host is the registry.
+	if matchesHost(st.registry, in, st.scheme) {
+		in.URL.Scheme = st.scheme
+	}
+	return st.inner.RoundTrip(in)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/scope.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/scope.go
new file mode 100644
index 00000000..c3b56f7a
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/scope.go
@@ -0,0 +1,24 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package transport
+
+// Scopes suitable to qualify each Repository
+const (
+	PullScope string = "pull"
+	PushScope string = "push,pull"
+	// For now DELETE is PUSH, which is the read/write ACL.
+	DeleteScope  string = PushScope
+	CatalogScope string = "catalog"
+)
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/transport.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/transport.go
new file mode 100644
index 00000000..5c35fc7c
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/transport.go
@@ -0,0 +1,103 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package transport
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/google/go-containerregistry/pkg/authn"
+	"github.com/google/go-containerregistry/pkg/name"
+)
+
+// New returns a new RoundTripper based on the provided RoundTripper that has been
+// setup to authenticate with the remote registry "reg", in the capacity
+// laid out by the specified scopes.
+//
+// TODO(jonjohnsonjr): Deprecate this.
+func New(reg name.Registry, auth authn.Authenticator, t http.RoundTripper, scopes []string) (http.RoundTripper, error) {
+	return NewWithContext(context.Background(), reg, auth, t, scopes)
+}
+
+// NewWithContext returns a new RoundTripper based on the provided RoundTripper that has been
+// setup to authenticate with the remote registry "reg", in the capacity
+// laid out by the specified scopes.
+func NewWithContext(ctx context.Context, reg name.Registry, auth authn.Authenticator, t http.RoundTripper, scopes []string) (http.RoundTripper, error) {
+	// The handshake:
+	//  1. Use "t" to ping() the registry for the authentication challenge.
+	//
+	//  2a. If we get back a 200, then simply use "t".
+	//
+	//  2b. If we get back a 401 with a Basic challenge, then use a transport
+	//     that just attachs auth each roundtrip.
+	//
+	//  2c. If we get back a 401 with a Bearer challenge, then use a transport
+	//     that attaches a bearer token to each request, and refreshes is on 401s.
+	//     Perform an initial refresh to seed the bearer token.
+
+	// First we ping the registry to determine the parameters of the authentication handshake
+	// (if one is even necessary).
+	pr, err := ping(ctx, reg, t)
+	if err != nil {
+		return nil, err
+	}
+
+	// Wrap t with a useragent transport unless we already have one.
+	if _, ok := t.(*userAgentTransport); !ok {
+		t = NewUserAgent(t, "")
+	}
+
+	// Wrap t in a transport that selects the appropriate scheme based on the ping response.
+	t = &schemeTransport{
+		scheme:   pr.scheme,
+		registry: reg,
+		inner:    t,
+	}
+
+	switch pr.challenge.Canonical() {
+	case anonymous:
+		return t, nil
+	case basic:
+		return &basicTransport{inner: t, auth: auth, target: reg.RegistryStr()}, nil
+	case bearer:
+		// We require the realm, which tells us where to send our Basic auth to turn it into Bearer auth.
+		realm, ok := pr.parameters["realm"]
+		if !ok {
+			return nil, fmt.Errorf("malformed www-authenticate, missing realm: %v", pr.parameters)
+		}
+		service, ok := pr.parameters["service"]
+		if !ok {
+			// If the service parameter is not specified, then default it to the registry
+			// with which we are talking.
+			service = reg.String()
+		}
+		bt := &bearerTransport{
+			inner:    t,
+			basic:    auth,
+			realm:    realm,
+			registry: reg,
+			service:  service,
+			scopes:   scopes,
+			scheme:   pr.scheme,
+		}
+		if err := bt.refresh(ctx); err != nil {
+			return nil, err
+		}
+		return bt, nil
+	default:
+		return nil, fmt.Errorf("unrecognized challenge: %s", pr.challenge)
+	}
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/useragent.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/useragent.go
new file mode 100644
index 00000000..5d709099
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/transport/useragent.go
@@ -0,0 +1,83 @@
+// Copyright 2019 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package transport
+
+import (
+	"fmt"
+	"net/http"
+	"runtime/debug"
+)
+
+const (
+	defaultUserAgent = "go-containerregistry"
+	moduleName       = "github.com/google/go-containerregistry"
+)
+
+var ggcrVersion = defaultUserAgent
+
+type userAgentTransport struct {
+	inner http.RoundTripper
+	ua    string
+}
+
+func init() {
+	if v := version(); v != "" {
+		ggcrVersion = fmt.Sprintf("%s/%s", defaultUserAgent, v)
+	}
+}
+
+func version() string {
+	info, ok := debug.ReadBuildInfo()
+	if !ok {
+		return ""
+	}
+
+	// Happens for crane and gcrane.
+	if info.Main.Path == moduleName {
+		return info.Main.Version
+	}
+
+	// Anything else.
+	for _, dep := range info.Deps {
+		if dep.Path == moduleName {
+			return dep.Version
+		}
+	}
+
+	return ""
+}
+
+// NewUserAgent returns an http.Roundtripper that sets the user agent to
+// The provided string plus additional go-containerregistry information,
+// e.g. if provided "crane/v0.1.4" and this modules was built at v0.1.4:
+//
+// User-Agent: crane/v0.1.4 go-containerregistry/v0.1.4
+func NewUserAgent(inner http.RoundTripper, ua string) http.RoundTripper {
+	if ua == "" {
+		ua = ggcrVersion
+	} else {
+		ua = fmt.Sprintf("%s %s", ua, ggcrVersion)
+	}
+	return &userAgentTransport{
+		inner: inner,
+		ua:    ua,
+	}
+}
+
+// RoundTrip implements http.RoundTripper
+func (ut *userAgentTransport) RoundTrip(in *http.Request) (*http.Response, error) {
+	in.Header.Set("User-Agent", ut.ua)
+	return ut.inner.RoundTrip(in)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go
new file mode 100644
index 00000000..521b2250
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/remote/write.go
@@ -0,0 +1,609 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package remote
+
+import (
+	"bytes"
+	"context"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/google/go-containerregistry/pkg/internal/redact"
+	"github.com/google/go-containerregistry/pkg/internal/retry"
+	"github.com/google/go-containerregistry/pkg/logs"
+	"github.com/google/go-containerregistry/pkg/name"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/partial"
+	"github.com/google/go-containerregistry/pkg/v1/remote/transport"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+	"golang.org/x/sync/errgroup"
+)
+
+// Taggable is an interface that enables a manifest PUT (e.g. for tagging).
+type Taggable interface {
+	RawManifest() ([]byte, error)
+}
+
+// Write pushes the provided img to the specified image reference.
+func Write(ref name.Reference, img v1.Image, options ...Option) error {
+	ls, err := img.Layers()
+	if err != nil {
+		return err
+	}
+
+	o, err := makeOptions(ref.Context(), options...)
+	if err != nil {
+		return err
+	}
+
+	scopes := scopesForUploadingImage(ref.Context(), ls)
+	tr, err := transport.NewWithContext(o.context, ref.Context().Registry, o.auth, o.transport, scopes)
+	if err != nil {
+		return err
+	}
+	w := writer{
+		repo:    ref.Context(),
+		client:  &http.Client{Transport: tr},
+		context: o.context,
+	}
+
+	// Upload individual layers in goroutines and collect any errors.
+	// If we can dedupe by the layer digest, try to do so. If we can't determine
+	// the digest for whatever reason, we can't dedupe and might re-upload.
+	var g errgroup.Group
+	uploaded := map[v1.Hash]bool{}
+	for _, l := range ls {
+		l := l
+
+		// Handle foreign layers.
+		mt, err := l.MediaType()
+		if err != nil {
+			return err
+		}
+		if !mt.IsDistributable() {
+			// TODO(jonjohnsonjr): Add "allow-nondistributable-artifacts" option.
+			continue
+		}
+
+		// Streaming layers calculate their digests while uploading them. Assume
+		// an error here indicates we need to upload the layer.
+		h, err := l.Digest()
+		if err == nil {
+			// If we can determine the layer's digest ahead of
+			// time, use it to dedupe uploads.
+			if uploaded[h] {
+				continue // Already uploading.
+			}
+			uploaded[h] = true
+		}
+
+		// TODO(#803): Pipe through remote.WithJobs and upload these in parallel.
+		g.Go(func() error {
+			return w.uploadOne(l)
+		})
+	}
+
+	if l, err := partial.ConfigLayer(img); err != nil {
+		// We can't read the ConfigLayer, possibly because of streaming layers,
+		// since the layer DiffIDs haven't been calculated yet. Attempt to wait
+		// for the other layers to be uploaded, then try the config again.
+		if err := g.Wait(); err != nil {
+			return err
+		}
+
+		// Now that all the layers are uploaded, try to upload the config file blob.
+		l, err := partial.ConfigLayer(img)
+		if err != nil {
+			return err
+		}
+		if err := w.uploadOne(l); err != nil {
+			return err
+		}
+	} else {
+		// We *can* read the ConfigLayer, so upload it concurrently with the layers.
+		g.Go(func() error {
+			return w.uploadOne(l)
+		})
+
+		// Wait for the layers + config.
+		if err := g.Wait(); err != nil {
+			return err
+		}
+	}
+
+	// With all of the constituent elements uploaded, upload the manifest
+	// to commit the image.
+	return w.commitManifest(img, ref)
+}
+
+// writer writes the elements of an image to a remote image reference.
+type writer struct {
+	repo    name.Repository
+	client  *http.Client
+	context context.Context
+}
+
+// url returns a url.Url for the specified path in the context of this remote image reference.
+func (w *writer) url(path string) url.URL {
+	return url.URL{
+		Scheme: w.repo.Registry.Scheme(),
+		Host:   w.repo.RegistryStr(),
+		Path:   path,
+	}
+}
+
+// nextLocation extracts the fully-qualified URL to which we should send the next request in an upload sequence.
+func (w *writer) nextLocation(resp *http.Response) (string, error) {
+	loc := resp.Header.Get("Location")
+	if len(loc) == 0 {
+		return "", errors.New("missing Location header")
+	}
+	u, err := url.Parse(loc)
+	if err != nil {
+		return "", err
+	}
+
+	// If the location header returned is just a url path, then fully qualify it.
+	// We cannot simply call w.url, since there might be an embedded query string.
+	return resp.Request.URL.ResolveReference(u).String(), nil
+}
+
+// checkExistingBlob checks if a blob exists already in the repository by making a
+// HEAD request to the blob store API.  GCR performs an existence check on the
+// initiation if "mount" is specified, even if no "from" sources are specified.
+// However, this is not broadly applicable to all registries, e.g. ECR.
+func (w *writer) checkExistingBlob(h v1.Hash) (bool, error) {
+	u := w.url(fmt.Sprintf("/v2/%s/blobs/%s", w.repo.RepositoryStr(), h.String()))
+
+	req, err := http.NewRequest(http.MethodHead, u.String(), nil)
+	if err != nil {
+		return false, err
+	}
+
+	resp, err := w.client.Do(req.WithContext(w.context))
+	if err != nil {
+		return false, err
+	}
+	defer resp.Body.Close()
+
+	if err := transport.CheckError(resp, http.StatusOK, http.StatusNotFound); err != nil {
+		return false, err
+	}
+
+	return resp.StatusCode == http.StatusOK, nil
+}
+
+// checkExistingManifest checks if a manifest exists already in the repository
+// by making a HEAD request to the manifest API.
+func (w *writer) checkExistingManifest(h v1.Hash, mt types.MediaType) (bool, error) {
+	u := w.url(fmt.Sprintf("/v2/%s/manifests/%s", w.repo.RepositoryStr(), h.String()))
+
+	req, err := http.NewRequest(http.MethodHead, u.String(), nil)
+	if err != nil {
+		return false, err
+	}
+	req.Header.Set("Accept", string(mt))
+
+	resp, err := w.client.Do(req.WithContext(w.context))
+	if err != nil {
+		return false, err
+	}
+	defer resp.Body.Close()
+
+	if err := transport.CheckError(resp, http.StatusOK, http.StatusNotFound); err != nil {
+		return false, err
+	}
+
+	return resp.StatusCode == http.StatusOK, nil
+}
+
+// initiateUpload initiates the blob upload, which starts with a POST that can
+// optionally include the hash of the layer and a list of repositories from
+// which that layer might be read. On failure, an error is returned.
+// On success, the layer was either mounted (nothing more to do) or a blob
+// upload was initiated and the body of that blob should be sent to the returned
+// location.
+func (w *writer) initiateUpload(from, mount string) (location string, mounted bool, err error) {
+	u := w.url(fmt.Sprintf("/v2/%s/blobs/uploads/", w.repo.RepositoryStr()))
+	uv := url.Values{}
+	if mount != "" && from != "" {
+		// Quay will fail if we specify a "mount" without a "from".
+		uv["mount"] = []string{mount}
+		uv["from"] = []string{from}
+	}
+	u.RawQuery = uv.Encode()
+
+	// Make the request to initiate the blob upload.
+	req, err := http.NewRequest(http.MethodPost, u.String(), nil)
+	if err != nil {
+		return "", false, err
+	}
+	req.Header.Set("Content-Type", "application/json")
+	resp, err := w.client.Do(req.WithContext(w.context))
+	if err != nil {
+		return "", false, err
+	}
+	defer resp.Body.Close()
+
+	if err := transport.CheckError(resp, http.StatusCreated, http.StatusAccepted); err != nil {
+		return "", false, err
+	}
+
+	// Check the response code to determine the result.
+	switch resp.StatusCode {
+	case http.StatusCreated:
+		// We're done, we were able to fast-path.
+		return "", true, nil
+	case http.StatusAccepted:
+		// Proceed to PATCH, upload has begun.
+		loc, err := w.nextLocation(resp)
+		return loc, false, err
+	default:
+		panic("Unreachable: initiateUpload")
+	}
+}
+
+// streamBlob streams the contents of the blob to the specified location.
+// On failure, this will return an error.  On success, this will return the location
+// header indicating how to commit the streamed blob.
+func (w *writer) streamBlob(ctx context.Context, blob io.ReadCloser, streamLocation string) (commitLocation string, err error) {
+	req, err := http.NewRequest(http.MethodPatch, streamLocation, blob)
+	if err != nil {
+		return "", err
+	}
+
+	resp, err := w.client.Do(req.WithContext(ctx))
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+
+	if err := transport.CheckError(resp, http.StatusNoContent, http.StatusAccepted, http.StatusCreated); err != nil {
+		return "", err
+	}
+
+	// The blob has been uploaded, return the location header indicating
+	// how to commit this layer.
+	return w.nextLocation(resp)
+}
+
+// commitBlob commits this blob by sending a PUT to the location returned from
+// streaming the blob.
+func (w *writer) commitBlob(location, digest string) error {
+	u, err := url.Parse(location)
+	if err != nil {
+		return err
+	}
+	v := u.Query()
+	v.Set("digest", digest)
+	u.RawQuery = v.Encode()
+
+	req, err := http.NewRequest(http.MethodPut, u.String(), nil)
+	if err != nil {
+		return err
+	}
+
+	resp, err := w.client.Do(req.WithContext(w.context))
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	return transport.CheckError(resp, http.StatusCreated)
+}
+
+// uploadOne performs a complete upload of a single layer.
+func (w *writer) uploadOne(l v1.Layer) error {
+	var from, mount string
+	if h, err := l.Digest(); err == nil {
+		// If we know the digest, this isn't a streaming layer. Do an existence
+		// check so we can skip uploading the layer if possible.
+		existing, err := w.checkExistingBlob(h)
+		if err != nil {
+			return err
+		}
+		if existing {
+			logs.Progress.Printf("existing blob: %v", h)
+			return nil
+		}
+
+		mount = h.String()
+	}
+	if ml, ok := l.(*MountableLayer); ok {
+		if w.repo.RegistryStr() == ml.Reference.Context().RegistryStr() {
+			from = ml.Reference.Context().RepositoryStr()
+		}
+	}
+
+	ctx := w.context
+
+	tryUpload := func() error {
+		location, mounted, err := w.initiateUpload(from, mount)
+		if err != nil {
+			return err
+		} else if mounted {
+			h, err := l.Digest()
+			if err != nil {
+				return err
+			}
+			logs.Progress.Printf("mounted blob: %s", h.String())
+			return nil
+		}
+
+		// Only log layers with +json or +yaml. We can let through other stuff if it becomes popular.
+		// TODO(opencontainers/image-spec#791): Would be great to have an actual parser.
+		mt, err := l.MediaType()
+		if err != nil {
+			return err
+		}
+		smt := string(mt)
+		if !(strings.HasSuffix(smt, "+json") || strings.HasSuffix(smt, "+yaml")) {
+			ctx = redact.NewContext(ctx, "omitting binary blobs from logs")
+		}
+
+		blob, err := l.Compressed()
+		if err != nil {
+			return err
+		}
+		location, err = w.streamBlob(ctx, blob, location)
+		if err != nil {
+			return err
+		}
+
+		h, err := l.Digest()
+		if err != nil {
+			return err
+		}
+		digest := h.String()
+
+		if err := w.commitBlob(location, digest); err != nil {
+			return err
+		}
+		logs.Progress.Printf("pushed blob: %s", digest)
+		return nil
+	}
+
+	// Try this three times, waiting 1s after first failure, 3s after second.
+	backoff := retry.Backoff{
+		Duration: 1.0 * time.Second,
+		Factor:   3.0,
+		Jitter:   0.1,
+		Steps:    3,
+	}
+
+	return retry.Retry(tryUpload, retry.IsTemporary, backoff)
+}
+
+func (w *writer) writeIndex(ref name.Reference, ii v1.ImageIndex, options ...Option) error {
+	index, err := ii.IndexManifest()
+	if err != nil {
+		return err
+	}
+
+	// TODO(#803): Pipe through remote.WithJobs and upload these in parallel.
+	for _, desc := range index.Manifests {
+		ref := ref.Context().Digest(desc.Digest.String())
+		exists, err := w.checkExistingManifest(desc.Digest, desc.MediaType)
+		if err != nil {
+			return err
+		}
+		if exists {
+			logs.Progress.Print("existing manifest: ", desc.Digest)
+			continue
+		}
+
+		switch desc.MediaType {
+		case types.OCIImageIndex, types.DockerManifestList:
+			ii, err := ii.ImageIndex(desc.Digest)
+			if err != nil {
+				return err
+			}
+
+			if err := w.writeIndex(ref, ii); err != nil {
+				return err
+			}
+		case types.OCIManifestSchema1, types.DockerManifestSchema2:
+			img, err := ii.Image(desc.Digest)
+			if err != nil {
+				return err
+			}
+			// TODO: Ideally we could reuse this writer, but we need to know
+			// scopes before we do the token exchange. To be lazy here, just
+			// re-do the token exchange. MultiWrite fixes this.
+			if err := Write(ref, img, options...); err != nil {
+				return err
+			}
+		}
+	}
+
+	// With all of the constituent elements uploaded, upload the manifest
+	// to commit the image.
+	return w.commitManifest(ii, ref)
+}
+
+type withMediaType interface {
+	MediaType() (types.MediaType, error)
+}
+
+// This is really silly, but go interfaces don't let me satisfy remote.Taggable
+// with remote.Descriptor because of name collisions between method names and
+// struct fields.
+//
+// Use reflection to either pull the v1.Descriptor out of remote.Descriptor or
+// create a descriptor based on the RawManifest and (optionally) MediaType.
+func unpackTaggable(t Taggable) (*v1.Descriptor, error) {
+	if d, ok := t.(*Descriptor); ok {
+		return &d.Descriptor, nil
+	}
+	b, err := t.RawManifest()
+	if err != nil {
+		return nil, err
+	}
+
+	// A reasonable default if Taggable doesn't implement MediaType.
+	mt := types.DockerManifestSchema2
+
+	if wmt, ok := t.(withMediaType); ok {
+		m, err := wmt.MediaType()
+		if err != nil {
+			return nil, err
+		}
+		mt = m
+	}
+
+	h, sz, err := v1.SHA256(bytes.NewReader(b))
+	if err != nil {
+		return nil, err
+	}
+
+	return &v1.Descriptor{
+		MediaType: mt,
+		Size:      sz,
+		Digest:    h,
+	}, nil
+}
+
+// commitManifest does a PUT of the image's manifest.
+func (w *writer) commitManifest(t Taggable, ref name.Reference) error {
+	raw, err := t.RawManifest()
+	if err != nil {
+		return err
+	}
+	desc, err := unpackTaggable(t)
+	if err != nil {
+		return err
+	}
+
+	u := w.url(fmt.Sprintf("/v2/%s/manifests/%s", w.repo.RepositoryStr(), ref.Identifier()))
+
+	// Make the request to PUT the serialized manifest
+	req, err := http.NewRequest(http.MethodPut, u.String(), bytes.NewBuffer(raw))
+	if err != nil {
+		return err
+	}
+	req.Header.Set("Content-Type", string(desc.MediaType))
+
+	resp, err := w.client.Do(req.WithContext(w.context))
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if err := transport.CheckError(resp, http.StatusOK, http.StatusCreated, http.StatusAccepted); err != nil {
+		return err
+	}
+
+	// The image was successfully pushed!
+	logs.Progress.Printf("%v: digest: %v size: %d", ref, desc.Digest, len(raw))
+	return nil
+}
+
+func scopesForUploadingImage(repo name.Repository, layers []v1.Layer) []string {
+	// use a map as set to remove duplicates scope strings
+	scopeSet := map[string]struct{}{}
+
+	for _, l := range layers {
+		if ml, ok := l.(*MountableLayer); ok {
+			// we will add push scope for ref.Context() after the loop.
+			// for now we ask pull scope for references of the same registry
+			if ml.Reference.Context().String() != repo.String() && ml.Reference.Context().Registry.String() == repo.Registry.String() {
+				scopeSet[ml.Reference.Scope(transport.PullScope)] = struct{}{}
+			}
+		}
+	}
+
+	scopes := make([]string, 0)
+	// Push scope should be the first element because a few registries just look at the first scope to determine access.
+	scopes = append(scopes, repo.Scope(transport.PushScope))
+
+	for scope := range scopeSet {
+		scopes = append(scopes, scope)
+	}
+
+	return scopes
+}
+
+// WriteIndex pushes the provided ImageIndex to the specified image reference.
+// WriteIndex will attempt to push all of the referenced manifests before
+// attempting to push the ImageIndex, to retain referential integrity.
+func WriteIndex(ref name.Reference, ii v1.ImageIndex, options ...Option) error {
+	o, err := makeOptions(ref.Context(), options...)
+	if err != nil {
+		return err
+	}
+	scopes := []string{ref.Scope(transport.PushScope)}
+	tr, err := transport.NewWithContext(o.context, ref.Context().Registry, o.auth, o.transport, scopes)
+	if err != nil {
+		return err
+	}
+	w := writer{
+		repo:    ref.Context(),
+		client:  &http.Client{Transport: tr},
+		context: o.context,
+	}
+	return w.writeIndex(ref, ii, options...)
+}
+
+// WriteLayer uploads the provided Layer to the specified repo.
+func WriteLayer(repo name.Repository, layer v1.Layer, options ...Option) error {
+	o, err := makeOptions(repo, options...)
+	if err != nil {
+		return err
+	}
+	scopes := scopesForUploadingImage(repo, []v1.Layer{layer})
+	tr, err := transport.NewWithContext(o.context, repo.Registry, o.auth, o.transport, scopes)
+	if err != nil {
+		return err
+	}
+	w := writer{
+		repo:    repo,
+		client:  &http.Client{Transport: tr},
+		context: o.context,
+	}
+
+	return w.uploadOne(layer)
+}
+
+// Tag adds a tag to the given Taggable.
+func Tag(tag name.Tag, t Taggable, options ...Option) error {
+	o, err := makeOptions(tag.Context(), options...)
+	if err != nil {
+		return err
+	}
+	scopes := []string{tag.Scope(transport.PushScope)}
+
+	// TODO: This *always* does a token exchange. For some registries,
+	// that's pretty slow. Some ideas;
+	// * Tag could take a list of tags.
+	// * Allow callers to pass in a transport.Transport, typecheck
+	//   it to allow them to reuse the transport across multiple calls.
+	// * WithTag option to do multiple manifest PUTs in commitManifest.
+	tr, err := transport.NewWithContext(o.context, tag.Context().Registry, o.auth, o.transport, scopes)
+	if err != nil {
+		return err
+	}
+	w := writer{
+		repo:    tag.Context(),
+		client:  &http.Client{Transport: tr},
+		context: o.context,
+	}
+
+	return w.commitManifest(t, tag)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/stream/README.md b/vendor/github.com/google/go-containerregistry/pkg/v1/stream/README.md
new file mode 100644
index 00000000..da0dda48
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/stream/README.md
@@ -0,0 +1,68 @@
+# `stream`
+
+[![GoDoc](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/stream?status.svg)](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/stream)
+
+The `stream` package contains an implementation of
+[`v1.Layer`](https://godoc.org/github.com/google/go-containerregistry/pkg/v1#Layer)
+that supports _streaming_ access, i.e. the layer contents are read once and not
+buffered.
+
+## Usage
+
+```go
+package main
+
+import (
+	"os"
+
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/remote"
+	"github.com/google/go-containerregistry/pkg/v1/stream"
+)
+
+// upload the contents of stdin as a layer to a local registry
+func main() {
+	repo, err := name.NewRepository("localhost:5000/stream")
+	if err != nil {
+		panic(err)
+	}
+
+	layer := stream.NewLayer(os.Stdin)
+
+	if err := remote.WriteLayer(repo, layer); err != nil {
+		panic(err)
+	}
+}
+```
+
+## Structure
+
+This implements the layer portion of an [image
+upload](/pkg/v1/remote#anatomy-of-an-image-upload). We launch a goroutine that
+is responsible for hashing the uncompressed contents to compute the `DiffID`,
+gzipping them to produce the `Compressed` contents, and hashing/counting the
+bytes to produce the `Digest`/`Size`. This goroutine writes to an
+`io.PipeWriter`, which blocks until `Compressed` reads the gzipped contents from
+the corresponding `io.PipeReader`.
+
+<p align="center">
+  <img src="/images/stream.dot.svg" />
+</p>
+
+## Caveats
+
+This assumes that you have an uncompressed layer (i.e. a tarball) and would like
+to compress it. Calling `Uncompressed` is always an error. Likewise, other
+methods are invalid until the contents of `Compressed` have been completely
+consumed and `Close`d.
+
+Using a `stream.Layer` will likely not work without careful consideration. For
+example, in the `mutate` package, we defer computing the manifest and config
+file until they are actually called. This allows you to `mutate.Append` a
+streaming layer to an image without accidentally consuming it. Similarly, in
+`remote.Write`, if calling `Digest` on a layer fails, we attempt to upload the
+layer anyway, understanding that we may be dealing with a `stream.Layer` whose
+contents need to be uploaded before we can upload the config file.
+
+Given the [structure](#structure) of how this is implemented, forgetting to
+`Close` a `stream.Layer` will leak a goroutine.
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/stream/layer.go b/vendor/github.com/google/go-containerregistry/pkg/v1/stream/layer.go
new file mode 100644
index 00000000..03ddfb9a
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/stream/layer.go
@@ -0,0 +1,224 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package stream
+
+import (
+	"compress/gzip"
+	"crypto/sha256"
+	"encoding/hex"
+	"errors"
+	"hash"
+	"io"
+	"sync"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+)
+
+var (
+	// ErrNotComputed is returned when the requested value is not yet
+	// computed because the stream has not been consumed yet.
+	ErrNotComputed = errors.New("value not computed until stream is consumed")
+
+	// ErrConsumed is returned by Compressed when the underlying stream has
+	// already been consumed and closed.
+	ErrConsumed = errors.New("stream was already consumed")
+)
+
+// Layer is a streaming implementation of v1.Layer.
+type Layer struct {
+	blob        io.ReadCloser
+	consumed    bool
+	compression int
+
+	mu             sync.Mutex
+	digest, diffID *v1.Hash
+	size           int64
+}
+
+var _ v1.Layer = (*Layer)(nil)
+
+// LayerOption applies options to layer
+type LayerOption func(*Layer)
+
+// WithCompressionLevel sets the gzip compression. See `gzip.NewWriterLevel` for possible values.
+func WithCompressionLevel(level int) LayerOption {
+	return func(l *Layer) {
+		l.compression = level
+	}
+}
+
+// NewLayer creates a Layer from an io.ReadCloser.
+func NewLayer(rc io.ReadCloser, opts ...LayerOption) *Layer {
+	layer := &Layer{
+		blob:        rc,
+		compression: gzip.BestSpeed,
+	}
+
+	for _, opt := range opts {
+		opt(layer)
+	}
+
+	return layer
+}
+
+// Digest implements v1.Layer.
+func (l *Layer) Digest() (v1.Hash, error) {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+	if l.digest == nil {
+		return v1.Hash{}, ErrNotComputed
+	}
+	return *l.digest, nil
+}
+
+// DiffID implements v1.Layer.
+func (l *Layer) DiffID() (v1.Hash, error) {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+	if l.diffID == nil {
+		return v1.Hash{}, ErrNotComputed
+	}
+	return *l.diffID, nil
+}
+
+// Size implements v1.Layer.
+func (l *Layer) Size() (int64, error) {
+	l.mu.Lock()
+	defer l.mu.Unlock()
+	if l.size == 0 {
+		return 0, ErrNotComputed
+	}
+	return l.size, nil
+}
+
+// MediaType implements v1.Layer
+func (l *Layer) MediaType() (types.MediaType, error) {
+	// We return DockerLayer for now as uncompressed layers
+	// are unimplemented
+	return types.DockerLayer, nil
+}
+
+// Uncompressed implements v1.Layer.
+func (l *Layer) Uncompressed() (io.ReadCloser, error) {
+	return nil, errors.New("NYI: stream.Layer.Uncompressed is not implemented")
+}
+
+// Compressed implements v1.Layer.
+func (l *Layer) Compressed() (io.ReadCloser, error) {
+	if l.consumed {
+		return nil, ErrConsumed
+	}
+	return newCompressedReader(l)
+}
+
+type compressedReader struct {
+	closer io.Closer // original blob's Closer.
+
+	h, zh hash.Hash // collects digests of compressed and uncompressed stream.
+	pr    io.Reader
+	count *countWriter
+
+	l *Layer // stream.Layer to update upon Close.
+}
+
+func newCompressedReader(l *Layer) (*compressedReader, error) {
+	h := sha256.New()
+	zh := sha256.New()
+	count := &countWriter{}
+
+	// gzip.Writer writes to the output stream via pipe, a hasher to
+	// capture compressed digest, and a countWriter to capture compressed
+	// size.
+	pr, pw := io.Pipe()
+	zw, err := gzip.NewWriterLevel(io.MultiWriter(pw, zh, count), l.compression)
+	if err != nil {
+		return nil, err
+	}
+
+	cr := &compressedReader{
+		closer: newMultiCloser(zw, l.blob),
+		pr:     pr,
+		h:      h,
+		zh:     zh,
+		count:  count,
+		l:      l,
+	}
+	go func() {
+		if _, err := io.Copy(io.MultiWriter(h, zw), l.blob); err != nil {
+			pw.CloseWithError(err)
+			return
+		}
+		// Now close the compressed reader, to flush the gzip stream
+		// and calculate digest/diffID/size. This will cause pr to
+		// return EOF which will cause readers of the Compressed stream
+		// to finish reading.
+		pw.CloseWithError(cr.Close())
+	}()
+
+	return cr, nil
+}
+
+func (cr *compressedReader) Read(b []byte) (int, error) { return cr.pr.Read(b) }
+
+func (cr *compressedReader) Close() error {
+	cr.l.mu.Lock()
+	defer cr.l.mu.Unlock()
+
+	// Close the inner ReadCloser.
+	if err := cr.closer.Close(); err != nil {
+		return err
+	}
+
+	diffID, err := v1.NewHash("sha256:" + hex.EncodeToString(cr.h.Sum(nil)))
+	if err != nil {
+		return err
+	}
+	cr.l.diffID = &diffID
+
+	digest, err := v1.NewHash("sha256:" + hex.EncodeToString(cr.zh.Sum(nil)))
+	if err != nil {
+		return err
+	}
+	cr.l.digest = &digest
+
+	cr.l.size = cr.count.n
+	cr.l.consumed = true
+	return nil
+}
+
+// countWriter counts bytes written to it.
+type countWriter struct{ n int64 }
+
+func (c *countWriter) Write(p []byte) (int, error) {
+	c.n += int64(len(p))
+	return len(p), nil
+}
+
+// multiCloser is a Closer that collects multiple Closers and Closes them in order.
+type multiCloser []io.Closer
+
+var _ io.Closer = (multiCloser)(nil)
+
+func newMultiCloser(c ...io.Closer) multiCloser { return multiCloser(c) }
+
+func (m multiCloser) Close() error {
+	for _, c := range m {
+		if err := c.Close(); err != nil {
+			return err
+		}
+	}
+	return nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/README.md b/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/README.md
new file mode 100644
index 00000000..03f339b0
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/README.md
@@ -0,0 +1,280 @@
+# `tarball`
+
+[![GoDoc](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/tarball?status.svg)](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/tarball)
+
+This package produces tarballs that can consumed via `docker load`. Note
+that this is a _different_ format from the [`legacy`](/pkg/legacy/tarball)
+tarballs that are produced by `docker save`, but this package is still able to
+read the legacy tarballs produced by `docker save`.
+
+## Usage
+
+```go
+package main
+
+import (
+	"os"
+
+	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/google/go-containerregistry/pkg/v1/tarball"
+)
+
+func main() {
+	// Read a tarball from os.Args[1] that contains ubuntu.
+	tag, err := name.NewTag("ubuntu")
+	if err != nil {
+		panic(err)
+	}
+	img, err := tarball.ImageFromPath(os.Args[1], &tag)
+	if err != nil {
+		panic(err)
+	}
+
+	// Write that tarball to os.Args[2] with a different tag.
+	newTag, err := name.NewTag("ubuntu:newest")
+	if err != nil {
+		panic(err)
+	}
+	f, err := os.Create(os.Args[2])
+	if err != nil {
+		panic(err)
+	}
+	defer f.Close()
+
+	if err := tarball.Write(newTag, img, f); err != nil {
+		panic(err)
+	}
+}
+```
+
+## Structure
+
+<p align="center">
+  <img src="/images/tarball.dot.svg" />
+</p>
+
+Let's look at what happens when we write out a tarball:
+
+
+### `ubuntu:latest`
+
+```
+$ crane pull ubuntu ubuntu.tar && mkdir ubuntu && tar xf ubuntu.tar -C ubuntu && rm ubuntu.tar
+$ tree ubuntu/
+ubuntu/
+├── 423ae2b273f4c17ceee9e8482fa8d071d90c7d052ae208e1fe4963fceb3d6954.tar.gz
+├── b6b53be908de2c0c78070fff0a9f04835211b3156c4e73785747af365e71a0d7.tar.gz
+├── de83a2304fa1f7c4a13708a0d15b9704f5945c2be5cbb2b3ed9b2ccb718d0b3d.tar.gz
+├── f9a83bce3af0648efaa60b9bb28225b09136d2d35d0bed25ac764297076dec1b.tar.gz
+├── manifest.json
+└── sha256:72300a873c2ca11c70d0c8642177ce76ff69ae04d61a5813ef58d40ff66e3e7c
+
+0 directories, 6 files
+```
+
+There are a couple interesting files here.
+
+`manifest.json` is the entrypoint: a list of [`tarball.Descriptor`s](https://godoc.org/github.com/google/go-containerregistry/pkg/v1/tarball#Descriptor)
+that describe the images contained in this tarball.
+
+For each image, this has the `RepoTags` (how it was pulled), a `Config` file
+that points to the image's config file, a list of `Layers`, and (optionally)
+`LayerSources`.
+
+```
+$ jq < ubuntu/manifest.json
+[
+  {
+    "Config": "sha256:72300a873c2ca11c70d0c8642177ce76ff69ae04d61a5813ef58d40ff66e3e7c",
+    "RepoTags": [
+      "ubuntu"
+    ],
+    "Layers": [
+      "423ae2b273f4c17ceee9e8482fa8d071d90c7d052ae208e1fe4963fceb3d6954.tar.gz",
+      "de83a2304fa1f7c4a13708a0d15b9704f5945c2be5cbb2b3ed9b2ccb718d0b3d.tar.gz",
+      "f9a83bce3af0648efaa60b9bb28225b09136d2d35d0bed25ac764297076dec1b.tar.gz",
+      "b6b53be908de2c0c78070fff0a9f04835211b3156c4e73785747af365e71a0d7.tar.gz"
+    ]
+  }
+]
+```
+
+The config file and layers are exactly what you would expect, and match the
+registry representations of the same artifacts. You'll notice that the
+`manifest.json` contains similar information as the registry manifest, but isn't
+quite the same:
+
+```
+$ crane manifest ubuntu@sha256:0925d086715714114c1988f7c947db94064fd385e171a63c07730f1fa014e6f9
+{
+   "schemaVersion": 2,
+   "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
+   "config": {
+      "mediaType": "application/vnd.docker.container.image.v1+json",
+      "size": 3408,
+      "digest": "sha256:72300a873c2ca11c70d0c8642177ce76ff69ae04d61a5813ef58d40ff66e3e7c"
+   },
+   "layers": [
+      {
+         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
+         "size": 26692096,
+         "digest": "sha256:423ae2b273f4c17ceee9e8482fa8d071d90c7d052ae208e1fe4963fceb3d6954"
+      },
+      {
+         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
+         "size": 35365,
+         "digest": "sha256:de83a2304fa1f7c4a13708a0d15b9704f5945c2be5cbb2b3ed9b2ccb718d0b3d"
+      },
+      {
+         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
+         "size": 852,
+         "digest": "sha256:f9a83bce3af0648efaa60b9bb28225b09136d2d35d0bed25ac764297076dec1b"
+      },
+      {
+         "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
+         "size": 163,
+         "digest": "sha256:b6b53be908de2c0c78070fff0a9f04835211b3156c4e73785747af365e71a0d7"
+      }
+   ]
+}
+```
+
+This makes it difficult to maintain image digests when roundtripping images
+through the tarball format, so it's not a great format if you care about
+provenance.
+
+The ubuntu example didn't have any `LayerSources` -- let's look at another image
+that does.
+
+### `hello-world:nanoserver`
+
+```
+$ crane pull hello-world:nanoserver@sha256:63c287625c2b0b72900e562de73c0e381472a83b1b39217aef3856cd398eca0b nanoserver.tar
+$ mkdir nanoserver && tar xf nanoserver.tar -C nanoserver && rm nanoserver.tar
+$ tree nanoserver/
+nanoserver/
+├── 10d1439be4eb8819987ec2e9c140d44d74d6b42a823d57fe1953bd99948e1bc0.tar.gz
+├── a35da61c356213336e646756218539950461ff2bf096badf307a23add6e70053.tar.gz
+├── be21f08f670160cbae227e3053205b91d6bfa3de750b90c7e00bd2c511ccb63a.tar.gz
+├── manifest.json
+└── sha256:bc5d255ea81f83c8c38a982a6d29a6f2198427d258aea5f166e49856896b2da6
+
+0 directories, 5 files
+
+$ jq < nanoserver/manifest.json
+[
+  {
+    "Config": "sha256:bc5d255ea81f83c8c38a982a6d29a6f2198427d258aea5f166e49856896b2da6",
+    "RepoTags": [
+      "index.docker.io/library/hello-world:i-was-a-digest"
+    ],
+    "Layers": [
+      "a35da61c356213336e646756218539950461ff2bf096badf307a23add6e70053.tar.gz",
+      "be21f08f670160cbae227e3053205b91d6bfa3de750b90c7e00bd2c511ccb63a.tar.gz",
+      "10d1439be4eb8819987ec2e9c140d44d74d6b42a823d57fe1953bd99948e1bc0.tar.gz"
+    ],
+    "LayerSources": {
+      "sha256:26fd2d9d4c64a4f965bbc77939a454a31b607470f430b5d69fc21ded301fa55e": {
+        "mediaType": "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip",
+        "size": 101145811,
+        "digest": "sha256:a35da61c356213336e646756218539950461ff2bf096badf307a23add6e70053",
+        "urls": [
+          "https://mcr.microsoft.com/v2/windows/nanoserver/blobs/sha256:a35da61c356213336e646756218539950461ff2bf096badf307a23add6e70053"
+        ]
+      }
+    }
+  }
+]
+```
+
+A couple things to note about this `manifest.json` versus the other:
+* The `RepoTags` field is a bit weird here. `hello-world` is a multi-platform
+  image, so We had to pull this image by digest, since we're (I'm) on
+  amd64/linux and wanted to grab a windows image. Since the tarball format
+  expects a tag under `RepoTags`, and we didn't pull by tag, we replace the
+  digest with a sentinel `i-was-a-digest` "tag" to appease docker.
+* The `LayerSources` has enough information to reconstruct the foreign layers
+  pointer when pushing/pulling from the registry. For legal reasons, microsoft
+  doesn't want anyone but them to serve windows base images, so the mediaType
+  here indicates a "foreign" or "non-distributable" layer with an URL for where
+  you can download it from microsoft (see the [OCI
+  image-spec](https://github.com/opencontainers/image-spec/blob/master/layer.md#non-distributable-layers)).
+
+We can look at what's in the registry to explain both of these things:
+```
+$ crane manifest hello-world:nanoserver | jq .
+{
+  "manifests": [
+    {
+      "digest": "sha256:63c287625c2b0b72900e562de73c0e381472a83b1b39217aef3856cd398eca0b",
+      "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
+      "platform": {
+        "architecture": "amd64",
+        "os": "windows",
+        "os.version": "10.0.17763.1040"
+      },
+      "size": 1124
+    }
+  ],
+  "mediaType": "application/vnd.docker.distribution.manifest.list.v2+json",
+  "schemaVersion": 2
+}
+
+
+# Note the media type and "urls" field.
+$ crane manifest hello-world:nanoserver@sha256:63c287625c2b0b72900e562de73c0e381472a83b1b39217aef3856cd398eca0b | jq .
+{
+  "schemaVersion": 2,
+  "mediaType": "application/vnd.docker.distribution.manifest.v2+json",
+  "config": {
+    "mediaType": "application/vnd.docker.container.image.v1+json",
+    "size": 1721,
+    "digest": "sha256:bc5d255ea81f83c8c38a982a6d29a6f2198427d258aea5f166e49856896b2da6"
+  },
+  "layers": [
+    {
+      "mediaType": "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip",
+      "size": 101145811,
+      "digest": "sha256:a35da61c356213336e646756218539950461ff2bf096badf307a23add6e70053",
+      "urls": [
+        "https://mcr.microsoft.com/v2/windows/nanoserver/blobs/sha256:a35da61c356213336e646756218539950461ff2bf096badf307a23add6e70053"
+      ]
+    },
+    {
+      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
+      "size": 1669,
+      "digest": "sha256:be21f08f670160cbae227e3053205b91d6bfa3de750b90c7e00bd2c511ccb63a"
+    },
+    {
+      "mediaType": "application/vnd.docker.image.rootfs.diff.tar.gzip",
+      "size": 949,
+      "digest": "sha256:10d1439be4eb8819987ec2e9c140d44d74d6b42a823d57fe1953bd99948e1bc0"
+    }
+  ]
+}
+```
+
+The `LayerSources` map is keyed by the diffid. Note that `sha256:26fd2d9d4c64a4f965bbc77939a454a31b607470f430b5d69fc21ded301fa55e` matches the first layer in the config file:
+```
+$ jq '.[0].LayerSources' < nanoserver/manifest.json
+{
+  "sha256:26fd2d9d4c64a4f965bbc77939a454a31b607470f430b5d69fc21ded301fa55e": {
+    "mediaType": "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip",
+    "size": 101145811,
+    "digest": "sha256:a35da61c356213336e646756218539950461ff2bf096badf307a23add6e70053",
+    "urls": [
+      "https://mcr.microsoft.com/v2/windows/nanoserver/blobs/sha256:a35da61c356213336e646756218539950461ff2bf096badf307a23add6e70053"
+    ]
+  }
+}
+
+$ jq < nanoserver/sha256\:bc5d255ea81f83c8c38a982a6d29a6f2198427d258aea5f166e49856896b2da6 | jq .rootfs
+{
+  "type": "layers",
+  "diff_ids": [
+    "sha256:26fd2d9d4c64a4f965bbc77939a454a31b607470f430b5d69fc21ded301fa55e",
+    "sha256:601cf7d78c62e4b4d32a7bbf96a17606a9cea5bd9d22ffa6f34aa431d056b0e8",
+    "sha256:a1e1a3bf6529adcce4d91dce2cad86c2604a66b507ccbc4d2239f3da0ec5aab9"
+  ]
+}
+```
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/doc.go b/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/doc.go
new file mode 100644
index 00000000..4eb79bb4
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/doc.go
@@ -0,0 +1,17 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package tarball provides facilities for reading/writing v1.Images from/to
+// a tarball on-disk.
+package tarball
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/image.go b/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/image.go
new file mode 100644
index 00000000..905da0fb
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/image.go
@@ -0,0 +1,401 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package tarball
+
+import (
+	"archive/tar"
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"io/ioutil"
+	"os"
+	"sync"
+
+	"github.com/google/go-containerregistry/pkg/name"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/partial"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+	"github.com/google/go-containerregistry/pkg/v1/v1util"
+)
+
+type image struct {
+	opener        Opener
+	manifest      *Manifest
+	config        []byte
+	imgDescriptor *Descriptor
+
+	tag *name.Tag
+}
+
+type uncompressedImage struct {
+	*image
+}
+
+type compressedImage struct {
+	*image
+	manifestLock sync.Mutex // Protects manifest
+	manifest     *v1.Manifest
+}
+
+var _ partial.UncompressedImageCore = (*uncompressedImage)(nil)
+var _ partial.CompressedImageCore = (*compressedImage)(nil)
+
+// Opener is a thunk for opening a tar file.
+type Opener func() (io.ReadCloser, error)
+
+func pathOpener(path string) Opener {
+	return func() (io.ReadCloser, error) {
+		return os.Open(path)
+	}
+}
+
+// ImageFromPath returns a v1.Image from a tarball located on path.
+func ImageFromPath(path string, tag *name.Tag) (v1.Image, error) {
+	return Image(pathOpener(path), tag)
+}
+
+// Image exposes an image from the tarball at the provided path.
+func Image(opener Opener, tag *name.Tag) (v1.Image, error) {
+	img := &image{
+		opener: opener,
+		tag:    tag,
+	}
+	if err := img.loadTarDescriptorAndConfig(); err != nil {
+		return nil, err
+	}
+
+	// Peek at the first layer and see if it's compressed.
+	if len(img.imgDescriptor.Layers) > 0 {
+		compressed, err := img.areLayersCompressed()
+		if err != nil {
+			return nil, err
+		}
+		if compressed {
+			c := compressedImage{
+				image: img,
+			}
+			return partial.CompressedToImage(&c)
+		}
+	}
+
+	uc := uncompressedImage{
+		image: img,
+	}
+	return partial.UncompressedToImage(&uc)
+}
+
+func (i *image) MediaType() (types.MediaType, error) {
+	return types.DockerManifestSchema2, nil
+}
+
+// Descriptor stores the manifest data for a single image inside a `docker save` tarball.
+type Descriptor struct {
+	Config   string
+	RepoTags []string
+	Layers   []string
+
+	// Tracks foreign layer info. Key is DiffID.
+	LayerSources map[v1.Hash]v1.Descriptor `json:",omitempty"`
+}
+
+// Manifest represents the manifests of all images as the `manifest.json` file in a `docker save` tarball.
+type Manifest []Descriptor
+
+func (m Manifest) findDescriptor(tag *name.Tag) (*Descriptor, error) {
+	if tag == nil {
+		if len(m) != 1 {
+			return nil, errors.New("tarball must contain only a single image to be used with tarball.Image")
+		}
+		return &(m)[0], nil
+	}
+	for _, img := range m {
+		for _, tagStr := range img.RepoTags {
+			repoTag, err := name.NewTag(tagStr)
+			if err != nil {
+				return nil, err
+			}
+
+			// Compare the resolved names, since there are several ways to specify the same tag.
+			if repoTag.Name() == tag.Name() {
+				return &img, nil
+			}
+		}
+	}
+	return nil, fmt.Errorf("tag %s not found in tarball", tag)
+}
+
+func (i *image) areLayersCompressed() (bool, error) {
+	if len(i.imgDescriptor.Layers) == 0 {
+		return false, errors.New("0 layers found in image")
+	}
+	layer := i.imgDescriptor.Layers[0]
+	blob, err := extractFileFromTar(i.opener, layer)
+	if err != nil {
+		return false, err
+	}
+	defer blob.Close()
+	return v1util.IsGzipped(blob)
+}
+
+func (i *image) loadTarDescriptorAndConfig() error {
+	m, err := extractFileFromTar(i.opener, "manifest.json")
+	if err != nil {
+		return err
+	}
+	defer m.Close()
+
+	if err := json.NewDecoder(m).Decode(&i.manifest); err != nil {
+		return err
+	}
+
+	if i.manifest == nil {
+		return errors.New("no valid manifest.json in tarball")
+	}
+
+	i.imgDescriptor, err = i.manifest.findDescriptor(i.tag)
+	if err != nil {
+		return err
+	}
+
+	cfg, err := extractFileFromTar(i.opener, i.imgDescriptor.Config)
+	if err != nil {
+		return err
+	}
+	defer cfg.Close()
+
+	i.config, err = ioutil.ReadAll(cfg)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (i *image) RawConfigFile() ([]byte, error) {
+	return i.config, nil
+}
+
+// tarFile represents a single file inside a tar. Closing it closes the tar itself.
+type tarFile struct {
+	io.Reader
+	io.Closer
+}
+
+func extractFileFromTar(opener Opener, filePath string) (io.ReadCloser, error) {
+	f, err := opener()
+	if err != nil {
+		return nil, err
+	}
+	close := true
+	defer func() {
+		if close {
+			f.Close()
+		}
+	}()
+
+	tf := tar.NewReader(f)
+	for {
+		hdr, err := tf.Next()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			return nil, err
+		}
+		if hdr.Name == filePath {
+			close = false
+			return tarFile{
+				Reader: tf,
+				Closer: f,
+			}, nil
+		}
+	}
+	return nil, fmt.Errorf("file %s not found in tar", filePath)
+}
+
+// uncompressedLayerFromTarball implements partial.UncompressedLayer
+type uncompressedLayerFromTarball struct {
+	diffID    v1.Hash
+	mediaType types.MediaType
+	opener    Opener
+	filePath  string
+}
+
+// foreignUncompressedLayer implements partial.UncompressedLayer but returns
+// a custom descriptor. This allows the foreign layer URLs to be included in
+// the generated image manifest for uncompressed layers.
+type foreignUncompressedLayer struct {
+	uncompressedLayerFromTarball
+	desc v1.Descriptor
+}
+
+func (fl *foreignUncompressedLayer) Descriptor() (*v1.Descriptor, error) {
+	return &fl.desc, nil
+}
+
+// DiffID implements partial.UncompressedLayer
+func (ulft *uncompressedLayerFromTarball) DiffID() (v1.Hash, error) {
+	return ulft.diffID, nil
+}
+
+// Uncompressed implements partial.UncompressedLayer
+func (ulft *uncompressedLayerFromTarball) Uncompressed() (io.ReadCloser, error) {
+	return extractFileFromTar(ulft.opener, ulft.filePath)
+}
+
+func (ulft *uncompressedLayerFromTarball) MediaType() (types.MediaType, error) {
+	return ulft.mediaType, nil
+}
+
+func (i *uncompressedImage) LayerByDiffID(h v1.Hash) (partial.UncompressedLayer, error) {
+	cfg, err := partial.ConfigFile(i)
+	if err != nil {
+		return nil, err
+	}
+	for idx, diffID := range cfg.RootFS.DiffIDs {
+		if diffID == h {
+			// Technically the media type should be 'application/tar' but given that our
+			// v1.Layer doesn't force consumers to care about whether the layer is compressed
+			// we should be fine returning the DockerLayer media type
+			mt := types.DockerLayer
+			if bd, ok := i.imgDescriptor.LayerSources[h]; ok {
+				// Overwrite the mediaType for foreign layers.
+				return &foreignUncompressedLayer{
+					uncompressedLayerFromTarball: uncompressedLayerFromTarball{
+						diffID:    diffID,
+						mediaType: bd.MediaType,
+						opener:    i.opener,
+						filePath:  i.imgDescriptor.Layers[idx],
+					},
+					desc: bd,
+				}, nil
+			}
+			return &uncompressedLayerFromTarball{
+				diffID:    diffID,
+				mediaType: mt,
+				opener:    i.opener,
+				filePath:  i.imgDescriptor.Layers[idx],
+			}, nil
+		}
+	}
+	return nil, fmt.Errorf("diff id %q not found", h)
+}
+
+func (c *compressedImage) Manifest() (*v1.Manifest, error) {
+	c.manifestLock.Lock()
+	defer c.manifestLock.Unlock()
+	if c.manifest != nil {
+		return c.manifest, nil
+	}
+
+	b, err := c.RawConfigFile()
+	if err != nil {
+		return nil, err
+	}
+
+	cfgHash, cfgSize, err := v1.SHA256(bytes.NewReader(b))
+	if err != nil {
+		return nil, err
+	}
+
+	c.manifest = &v1.Manifest{
+		SchemaVersion: 2,
+		MediaType:     types.DockerManifestSchema2,
+		Config: v1.Descriptor{
+			MediaType: types.DockerConfigJSON,
+			Size:      cfgSize,
+			Digest:    cfgHash,
+		},
+	}
+
+	for i, p := range c.imgDescriptor.Layers {
+		cfg, err := partial.ConfigFile(c)
+		if err != nil {
+			return nil, err
+		}
+		diffid := cfg.RootFS.DiffIDs[i]
+		if d, ok := c.imgDescriptor.LayerSources[diffid]; ok {
+			// If it's a foreign layer, just append the descriptor so we can avoid
+			// reading the entire file.
+			c.manifest.Layers = append(c.manifest.Layers, d)
+		} else {
+			l, err := extractFileFromTar(c.opener, p)
+			if err != nil {
+				return nil, err
+			}
+			defer l.Close()
+			sha, size, err := v1.SHA256(l)
+			if err != nil {
+				return nil, err
+			}
+			c.manifest.Layers = append(c.manifest.Layers, v1.Descriptor{
+				MediaType: types.DockerLayer,
+				Size:      size,
+				Digest:    sha,
+			})
+		}
+	}
+	return c.manifest, nil
+}
+
+func (c *compressedImage) RawManifest() ([]byte, error) {
+	return partial.RawManifest(c)
+}
+
+// compressedLayerFromTarball implements partial.CompressedLayer
+type compressedLayerFromTarball struct {
+	desc     v1.Descriptor
+	opener   Opener
+	filePath string
+}
+
+// Digest implements partial.CompressedLayer
+func (clft *compressedLayerFromTarball) Digest() (v1.Hash, error) {
+	return clft.desc.Digest, nil
+}
+
+// Compressed implements partial.CompressedLayer
+func (clft *compressedLayerFromTarball) Compressed() (io.ReadCloser, error) {
+	return extractFileFromTar(clft.opener, clft.filePath)
+}
+
+// MediaType implements partial.CompressedLayer
+func (clft *compressedLayerFromTarball) MediaType() (types.MediaType, error) {
+	return clft.desc.MediaType, nil
+}
+
+// Size implements partial.CompressedLayer
+func (clft *compressedLayerFromTarball) Size() (int64, error) {
+	return clft.desc.Size, nil
+}
+
+func (c *compressedImage) LayerByDigest(h v1.Hash) (partial.CompressedLayer, error) {
+	m, err := c.Manifest()
+	if err != nil {
+		return nil, err
+	}
+	for i, l := range m.Layers {
+		if l.Digest == h {
+			fp := c.imgDescriptor.Layers[i]
+			return &compressedLayerFromTarball{
+				desc:     l,
+				opener:   c.opener,
+				filePath: fp,
+			}, nil
+		}
+	}
+	return nil, fmt.Errorf("blob %v not found", h)
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/layer.go b/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/layer.go
new file mode 100644
index 00000000..1fa4b6bb
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/layer.go
@@ -0,0 +1,170 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package tarball
+
+import (
+	"bytes"
+	"compress/gzip"
+	"io"
+	"io/ioutil"
+	"os"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/types"
+	"github.com/google/go-containerregistry/pkg/v1/v1util"
+)
+
+type layer struct {
+	digest      v1.Hash
+	diffID      v1.Hash
+	size        int64
+	opener      Opener
+	compressed  bool
+	compression int
+}
+
+func (l *layer) Digest() (v1.Hash, error) {
+	return l.digest, nil
+}
+
+func (l *layer) DiffID() (v1.Hash, error) {
+	return l.diffID, nil
+}
+
+func (l *layer) Compressed() (io.ReadCloser, error) {
+	rc, err := l.opener()
+	if err == nil && !l.compressed {
+		return v1util.GzipReadCloserLevel(rc, l.compression), nil
+	}
+
+	return rc, err
+}
+
+func (l *layer) Uncompressed() (io.ReadCloser, error) {
+	rc, err := l.opener()
+	if err == nil && l.compressed {
+		return v1util.GunzipReadCloser(rc)
+	}
+
+	return rc, err
+}
+
+func (l *layer) Size() (int64, error) {
+	return l.size, nil
+}
+
+func (l *layer) MediaType() (types.MediaType, error) {
+	return types.DockerLayer, nil
+}
+
+// LayerOption applies options to layer
+type LayerOption func(*layer)
+
+// WithCompressionLevel sets the gzip compression. See `gzip.NewWriterLevel` for possible values.
+func WithCompressionLevel(level int) LayerOption {
+	return func(l *layer) {
+		l.compression = level
+	}
+}
+
+// LayerFromFile returns a v1.Layer given a tarball
+func LayerFromFile(path string, opts ...LayerOption) (v1.Layer, error) {
+	opener := func() (io.ReadCloser, error) {
+		return os.Open(path)
+	}
+	return LayerFromOpener(opener, opts...)
+}
+
+// LayerFromOpener returns a v1.Layer given an Opener function
+func LayerFromOpener(opener Opener, opts ...LayerOption) (v1.Layer, error) {
+	rc, err := opener()
+	if err != nil {
+		return nil, err
+	}
+	defer rc.Close()
+
+	compressed, err := v1util.IsGzipped(rc)
+	if err != nil {
+		return nil, err
+	}
+
+	layer := &layer{
+		compressed:  compressed,
+		compression: gzip.BestSpeed,
+		opener:      opener,
+	}
+
+	for _, opt := range opts {
+		opt(layer)
+	}
+
+	if layer.digest, layer.size, err = computeDigest(opener, compressed, layer.compression); err != nil {
+		return nil, err
+	}
+
+	if layer.diffID, err = computeDiffID(opener, compressed); err != nil {
+		return nil, err
+	}
+
+	return layer, nil
+}
+
+// LayerFromReader returns a v1.Layer given a io.Reader.
+func LayerFromReader(reader io.Reader, opts ...LayerOption) (v1.Layer, error) {
+	// Buffering due to Opener requiring multiple calls.
+	a, err := ioutil.ReadAll(reader)
+	if err != nil {
+		return nil, err
+	}
+	return LayerFromOpener(func() (io.ReadCloser, error) {
+		return ioutil.NopCloser(bytes.NewReader(a)), nil
+	}, opts...)
+}
+
+func computeDigest(opener Opener, compressed bool, compression int) (v1.Hash, int64, error) {
+	rc, err := opener()
+	if err != nil {
+		return v1.Hash{}, 0, err
+	}
+	defer rc.Close()
+
+	if compressed {
+		return v1.SHA256(rc)
+	}
+
+	return v1.SHA256(v1util.GzipReadCloserLevel(ioutil.NopCloser(rc), compression))
+}
+
+func computeDiffID(opener Opener, compressed bool) (v1.Hash, error) {
+	rc, err := opener()
+	if err != nil {
+		return v1.Hash{}, err
+	}
+	defer rc.Close()
+
+	if !compressed {
+		digest, _, err := v1.SHA256(rc)
+		return digest, err
+	}
+
+	reader, err := gzip.NewReader(rc)
+	if err != nil {
+		return v1.Hash{}, err
+	}
+	defer reader.Close()
+
+	diffID, _, err := v1.SHA256(reader)
+	return diffID, err
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/write.go b/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/write.go
new file mode 100644
index 00000000..cceb16cd
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/tarball/write.go
@@ -0,0 +1,440 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package tarball
+
+import (
+	"archive/tar"
+	"bytes"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"os"
+	"sort"
+	"strings"
+
+	"github.com/google/go-containerregistry/pkg/name"
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+	"github.com/google/go-containerregistry/pkg/v1/partial"
+)
+
+// WriteToFile writes in the compressed format to a tarball, on disk.
+// This is just syntactic sugar wrapping tarball.Write with a new file.
+func WriteToFile(p string, ref name.Reference, img v1.Image, opts ...WriteOption) error {
+	w, err := os.Create(p)
+	if err != nil {
+		return err
+	}
+	defer w.Close()
+
+	return Write(ref, img, w, opts...)
+}
+
+// MultiWriteToFile writes in the compressed format to a tarball, on disk.
+// This is just syntactic sugar wrapping tarball.MultiWrite with a new file.
+func MultiWriteToFile(p string, tagToImage map[name.Tag]v1.Image, opts ...WriteOption) error {
+	refToImage := make(map[name.Reference]v1.Image, len(tagToImage))
+	for i, d := range tagToImage {
+		refToImage[i] = d
+	}
+	return MultiRefWriteToFile(p, refToImage, opts...)
+}
+
+// MultiRefWriteToFile writes in the compressed format to a tarball, on disk.
+// This is just syntactic sugar wrapping tarball.MultiRefWrite with a new file.
+func MultiRefWriteToFile(p string, refToImage map[name.Reference]v1.Image, opts ...WriteOption) error {
+	w, err := os.Create(p)
+	if err != nil {
+		return err
+	}
+	defer w.Close()
+
+	return MultiRefWrite(refToImage, w, opts...)
+}
+
+// Write is a wrapper to write a single image and tag to a tarball.
+func Write(ref name.Reference, img v1.Image, w io.Writer, opts ...WriteOption) error {
+	return MultiRefWrite(map[name.Reference]v1.Image{ref: img}, w, opts...)
+}
+
+// MultiWrite writes the contents of each image to the provided reader, in the compressed format.
+// The contents are written in the following format:
+// One manifest.json file at the top level containing information about several images.
+// One file for each layer, named after the layer's SHA.
+// One file for the config blob, named after its SHA.
+func MultiWrite(tagToImage map[name.Tag]v1.Image, w io.Writer, opts ...WriteOption) error {
+	refToImage := make(map[name.Reference]v1.Image, len(tagToImage))
+	for i, d := range tagToImage {
+		refToImage[i] = d
+	}
+	return MultiRefWrite(refToImage, w, opts...)
+}
+
+// MultiRefWrite writes the contents of each image to the provided reader, in the compressed format.
+// The contents are written in the following format:
+// One manifest.json file at the top level containing information about several images.
+// One file for each layer, named after the layer's SHA.
+// One file for the config blob, named after its SHA.
+func MultiRefWrite(refToImage map[name.Reference]v1.Image, w io.Writer, opts ...WriteOption) error {
+	// process options
+	o := &writeOptions{
+		updates: nil,
+	}
+	for _, option := range opts {
+		if err := option(o); err != nil {
+			return err
+		}
+	}
+
+	size, _, mBytes, err := getSizeAndManifest(refToImage)
+	if err != nil {
+		return sendUpdateReturn(o, err)
+	}
+
+	return writeImagesToTar(refToImage, mBytes, size, w, o)
+}
+
+// sendUpdateReturn return the passed in error message, also sending on update channel, if it exists
+func sendUpdateReturn(o *writeOptions, err error) error {
+	if o != nil && o.updates != nil {
+		o.updates <- v1.Update{
+			Error: err,
+		}
+	}
+	return err
+}
+
+// sendProgressWriterReturn return the passed in error message, also sending on update channel, if it exists, along with downloaded information
+func sendProgressWriterReturn(pw *progressWriter, err error) error {
+	if pw != nil {
+		return pw.Error(err)
+	}
+	return err
+}
+
+// writeImagesToTar writes the images to the tarball
+func writeImagesToTar(refToImage map[name.Reference]v1.Image, m []byte, size int64, w io.Writer, o *writeOptions) (err error) {
+	if w == nil {
+		return sendUpdateReturn(o, errors.New("must pass valid writer"))
+	}
+	imageToTags := dedupRefToImage(refToImage)
+
+	tw := w
+	var pw *progressWriter
+
+	// we only calculate the sizes and use a progressWriter if we were provided
+	// an option with a progress channel
+	if o != nil && o.updates != nil {
+		pw = &progressWriter{
+			w:       w,
+			updates: o.updates,
+			size:    size,
+		}
+		tw = pw
+	}
+
+	tf := tar.NewWriter(tw)
+	defer tf.Close()
+
+	seenLayerDigests := make(map[string]struct{})
+
+	for img := range imageToTags {
+		// Write the config.
+		cfgName, err := img.ConfigName()
+		if err != nil {
+			return sendProgressWriterReturn(pw, err)
+		}
+		cfgBlob, err := img.RawConfigFile()
+		if err != nil {
+			return sendProgressWriterReturn(pw, err)
+		}
+		if err := writeTarEntry(tf, cfgName.String(), bytes.NewReader(cfgBlob), int64(len(cfgBlob))); err != nil {
+			return sendProgressWriterReturn(pw, err)
+		}
+
+		// Write the layers.
+		layers, err := img.Layers()
+		if err != nil {
+			return sendProgressWriterReturn(pw, err)
+		}
+		layerFiles := make([]string, len(layers))
+		for i, l := range layers {
+			d, err := l.Digest()
+			if err != nil {
+				return sendProgressWriterReturn(pw, err)
+			}
+			// Munge the file name to appease ancient technology.
+			//
+			// tar assumes anything with a colon is a remote tape drive:
+			// https://www.gnu.org/software/tar/manual/html_section/tar_45.html
+			// Drop the algorithm prefix, e.g. "sha256:"
+			hex := d.Hex
+
+			// gunzip expects certain file extensions:
+			// https://www.gnu.org/software/gzip/manual/html_node/Overview.html
+			layerFiles[i] = fmt.Sprintf("%s.tar.gz", hex)
+
+			if _, ok := seenLayerDigests[hex]; ok {
+				continue
+			}
+			seenLayerDigests[hex] = struct{}{}
+
+			r, err := l.Compressed()
+			if err != nil {
+				return sendProgressWriterReturn(pw, err)
+			}
+			blobSize, err := l.Size()
+			if err != nil {
+				return sendProgressWriterReturn(pw, err)
+			}
+
+			if err := writeTarEntry(tf, layerFiles[i], r, blobSize); err != nil {
+				return sendProgressWriterReturn(pw, err)
+			}
+		}
+	}
+	if err := writeTarEntry(tf, "manifest.json", bytes.NewReader(m), int64(len(m))); err != nil {
+		return sendProgressWriterReturn(pw, err)
+	}
+
+	// be sure to close the tar writer so everything is flushed out before we send our EOF
+	if err := tf.Close(); err != nil {
+		return sendProgressWriterReturn(pw, err)
+	}
+	// send an EOF to indicate finished on the channel, but nil as our return error
+	_ = sendProgressWriterReturn(pw, io.EOF)
+	return nil
+}
+
+// calculateManifest calculates the manifest and optionally the size of the tar file
+func calculateManifest(refToImage map[name.Reference]v1.Image) (m Manifest, err error) {
+	imageToTags := dedupRefToImage(refToImage)
+
+	for img, tags := range imageToTags {
+		cfgName, err := img.ConfigName()
+		if err != nil {
+			return nil, err
+		}
+
+		// Store foreign layer info.
+		layerSources := make(map[v1.Hash]v1.Descriptor)
+
+		// Write the layers.
+		layers, err := img.Layers()
+		if err != nil {
+			return nil, err
+		}
+		layerFiles := make([]string, len(layers))
+		for i, l := range layers {
+			d, err := l.Digest()
+			if err != nil {
+				return nil, err
+			}
+			// Munge the file name to appease ancient technology.
+			//
+			// tar assumes anything with a colon is a remote tape drive:
+			// https://www.gnu.org/software/tar/manual/html_section/tar_45.html
+			// Drop the algorithm prefix, e.g. "sha256:"
+			hex := d.Hex
+
+			// gunzip expects certain file extensions:
+			// https://www.gnu.org/software/gzip/manual/html_node/Overview.html
+			layerFiles[i] = fmt.Sprintf("%s.tar.gz", hex)
+
+			// Add to LayerSources if it's a foreign layer.
+			desc, err := partial.BlobDescriptor(img, d)
+			if err != nil {
+				return nil, err
+			}
+			if !desc.MediaType.IsDistributable() {
+				diffid, err := partial.BlobToDiffID(img, d)
+				if err != nil {
+					return nil, err
+				}
+				layerSources[diffid] = *desc
+			}
+		}
+
+		// Generate the tar descriptor and write it.
+		m = append(m, Descriptor{
+			Config:       cfgName.String(),
+			RepoTags:     tags,
+			Layers:       layerFiles,
+			LayerSources: layerSources,
+		})
+	}
+	// sort by name of the repotags so it is consistent. Alternatively, we could sort by hash of the
+	// descriptor, but that would make it hard for humans to process
+	sort.Slice(m, func(i, j int) bool {
+		return strings.Join(m[i].RepoTags, ",") < strings.Join(m[j].RepoTags, ",")
+	})
+
+	return m, nil
+}
+
+// CalculateSize calculates the expected complete size of the output tar file
+func CalculateSize(refToImage map[name.Reference]v1.Image) (size int64, err error) {
+	size, _, _, err = getSizeAndManifest(refToImage)
+	return size, err
+}
+
+func getSizeAndManifest(refToImage map[name.Reference]v1.Image) (size int64, m Manifest, mBytes []byte, err error) {
+	m, err = calculateManifest(refToImage)
+	if err != nil {
+		return 0, nil, nil, fmt.Errorf("unable to calculate manifest: %v", err)
+	}
+	mBytes, err = json.Marshal(m)
+	if err != nil {
+		return 0, nil, nil, fmt.Errorf("could not marshall manifest to bytes: %v", err)
+	}
+
+	size, err = calculateTarballSize(refToImage, mBytes)
+	if err != nil {
+		return 0, nil, nil, fmt.Errorf("error calculating tarball size: %v", err)
+	}
+	return size, m, mBytes, nil
+}
+
+// calculateTarballSize calculates the size of the tar file
+func calculateTarballSize(refToImage map[name.Reference]v1.Image, mBytes []byte) (size int64, err error) {
+	imageToTags := dedupRefToImage(refToImage)
+
+	for img, name := range imageToTags {
+		manifest, err := img.Manifest()
+		if err != nil {
+			return size, fmt.Errorf("unable to get manifest for img %s: %v", name, err)
+		}
+		size += calculateSingleFileInTarSize(manifest.Config.Size)
+		for _, l := range manifest.Layers {
+			size += calculateSingleFileInTarSize(l.Size)
+		}
+	}
+	// add the manifest
+	size += calculateSingleFileInTarSize(int64(len(mBytes)))
+
+	// add the two padding blocks that indicate end of a tar file
+	size += 1024
+	return size, nil
+}
+
+func dedupRefToImage(refToImage map[name.Reference]v1.Image) map[v1.Image][]string {
+	imageToTags := make(map[v1.Image][]string)
+
+	for ref, img := range refToImage {
+		if tag, ok := ref.(name.Tag); ok {
+			if tags, ok := imageToTags[img]; ok && tags != nil {
+				imageToTags[img] = append(tags, tag.String())
+			} else {
+				imageToTags[img] = []string{tag.String()}
+			}
+		} else {
+			if _, ok := imageToTags[img]; !ok {
+				imageToTags[img] = nil
+			}
+		}
+	}
+
+	return imageToTags
+}
+
+// writeTarEntry writes a file to the provided writer with a corresponding tar header
+func writeTarEntry(tf *tar.Writer, path string, r io.Reader, size int64) error {
+	hdr := &tar.Header{
+		Mode:     0644,
+		Typeflag: tar.TypeReg,
+		Size:     size,
+		Name:     path,
+	}
+	if err := tf.WriteHeader(hdr); err != nil {
+		return err
+	}
+	_, err := io.Copy(tf, r)
+	return err
+}
+
+// ComputeManifest get the manifest.json that will be written to the tarball
+// for multiple references
+func ComputeManifest(refToImage map[name.Reference]v1.Image) (Manifest, error) {
+	return calculateManifest(refToImage)
+}
+
+// WriteOption a function option to pass to Write()
+type WriteOption func(*writeOptions) error
+type writeOptions struct {
+	updates chan<- v1.Update
+}
+
+// WithProgress create a WriteOption for passing to Write() that enables
+// a channel to receive updates as they are downloaded and written to disk.
+func WithProgress(updates chan<- v1.Update) WriteOption {
+	return func(o *writeOptions) error {
+		o.updates = updates
+		return nil
+	}
+}
+
+// progressWriter is a writer which will send the download progress
+type progressWriter struct {
+	w              io.Writer
+	updates        chan<- v1.Update
+	size, complete int64
+}
+
+func (pw *progressWriter) Write(p []byte) (int, error) {
+	n, err := pw.w.Write(p)
+	if err != nil {
+		return n, err
+	}
+
+	pw.complete += int64(n)
+
+	pw.updates <- v1.Update{
+		Total:    pw.size,
+		Complete: pw.complete,
+	}
+
+	return n, err
+}
+
+func (pw *progressWriter) Error(err error) error {
+	pw.updates <- v1.Update{
+		Total:    pw.size,
+		Complete: pw.complete,
+		Error:    err,
+	}
+	return err
+}
+
+func (pw *progressWriter) Close() error {
+	pw.updates <- v1.Update{
+		Total:    pw.size,
+		Complete: pw.complete,
+		Error:    io.EOF,
+	}
+	return io.EOF
+}
+
+// calculateSingleFileInTarSize calculate the size a file will take up in a tar archive,
+// given the input data. Provided by rounding up to nearest whole block (512)
+// and adding header 512
+func calculateSingleFileInTarSize(in int64) (out int64) {
+	// doing this manually, because math.Round() works with float64
+	out += in
+	if remainder := out % 512; remainder != 0 {
+		out += (512 - remainder)
+	}
+	out += 512
+	return out
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/types/types.go b/vendor/github.com/google/go-containerregistry/pkg/v1/types/types.go
new file mode 100644
index 00000000..21f22365
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/types/types.go
@@ -0,0 +1,71 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package types
+
+// MediaType is an enumeration of the supported mime types that an element of an image might have.
+type MediaType string
+
+// The collection of known MediaType values.
+const (
+	OCIContentDescriptor           MediaType = "application/vnd.oci.descriptor.v1+json"
+	OCIImageIndex                  MediaType = "application/vnd.oci.image.index.v1+json"
+	OCIManifestSchema1             MediaType = "application/vnd.oci.image.manifest.v1+json"
+	OCIConfigJSON                  MediaType = "application/vnd.oci.image.config.v1+json"
+	OCILayer                       MediaType = "application/vnd.oci.image.layer.v1.tar+gzip"
+	OCIRestrictedLayer             MediaType = "application/vnd.oci.image.layer.nondistributable.v1.tar+gzip"
+	OCIUncompressedLayer           MediaType = "application/vnd.oci.image.layer.v1.tar"
+	OCIUncompressedRestrictedLayer MediaType = "application/vnd.oci.image.layer.nondistributable.v1.tar"
+
+	DockerManifestSchema1       MediaType = "application/vnd.docker.distribution.manifest.v1+json"
+	DockerManifestSchema1Signed MediaType = "application/vnd.docker.distribution.manifest.v1+prettyjws"
+	DockerManifestSchema2       MediaType = "application/vnd.docker.distribution.manifest.v2+json"
+	DockerManifestList          MediaType = "application/vnd.docker.distribution.manifest.list.v2+json"
+	DockerLayer                 MediaType = "application/vnd.docker.image.rootfs.diff.tar.gzip"
+	DockerConfigJSON            MediaType = "application/vnd.docker.container.image.v1+json"
+	DockerPluginConfig          MediaType = "application/vnd.docker.plugin.v1+json"
+	DockerForeignLayer          MediaType = "application/vnd.docker.image.rootfs.foreign.diff.tar.gzip"
+	DockerUncompressedLayer     MediaType = "application/vnd.docker.image.rootfs.diff.tar"
+
+	OCIVendorPrefix    = "vnd.oci"
+	DockerVendorPrefix = "vnd.docker"
+)
+
+// IsDistributable returns true if a layer is distributable, see:
+// https://github.com/opencontainers/image-spec/blob/master/layer.md#non-distributable-layers
+func (m MediaType) IsDistributable() bool {
+	switch m {
+	case DockerForeignLayer, OCIRestrictedLayer, OCIUncompressedRestrictedLayer:
+		return false
+	}
+	return true
+}
+
+// IsImage returns true if the mediaType represents an image manifest, as opposed to something else, like an index.
+func (m MediaType) IsImage() bool {
+	switch m {
+	case OCIManifestSchema1, DockerManifestSchema2:
+		return true
+	}
+	return false
+}
+
+// IsIndex returns true if the mediaType represents an index, as opposed to something else, like an image.
+func (m MediaType) IsIndex() bool {
+	switch m {
+	case OCIImageIndex, DockerManifestList:
+		return true
+	}
+	return false
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/v1util/and_closer.go b/vendor/github.com/google/go-containerregistry/pkg/v1/v1util/and_closer.go
new file mode 100644
index 00000000..0925f13d
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/v1util/and_closer.go
@@ -0,0 +1,47 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1util
+
+import (
+	"io"
+)
+
+// readAndCloser implements io.ReadCloser by reading from a particular io.Reader
+// and then calling the provided "Close()" method.
+type readAndCloser struct {
+	io.Reader
+	CloseFunc func() error
+}
+
+var _ io.ReadCloser = (*readAndCloser)(nil)
+
+// Close implements io.ReadCloser
+func (rac *readAndCloser) Close() error {
+	return rac.CloseFunc()
+}
+
+// writeAndCloser implements io.WriteCloser by reading from a particular io.Writer
+// and then calling the provided "Close()" method.
+type writeAndCloser struct {
+	io.Writer
+	CloseFunc func() error
+}
+
+var _ io.WriteCloser = (*writeAndCloser)(nil)
+
+// Close implements io.WriteCloser
+func (wac *writeAndCloser) Close() error {
+	return wac.CloseFunc()
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/v1util/verify.go b/vendor/github.com/google/go-containerregistry/pkg/v1/v1util/verify.go
new file mode 100644
index 00000000..c9699770
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/v1util/verify.go
@@ -0,0 +1,61 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1util
+
+import (
+	"encoding/hex"
+	"fmt"
+	"hash"
+	"io"
+
+	v1 "github.com/google/go-containerregistry/pkg/v1"
+)
+
+type verifyReader struct {
+	inner    io.Reader
+	hasher   hash.Hash
+	expected v1.Hash
+}
+
+// Read implements io.Reader
+func (vc *verifyReader) Read(b []byte) (int, error) {
+	n, err := vc.inner.Read(b)
+	if err == io.EOF {
+		got := hex.EncodeToString(vc.hasher.Sum(make([]byte, 0, vc.hasher.Size())))
+		if want := vc.expected.Hex; got != want {
+			return n, fmt.Errorf("error verifying %s checksum; got %q, want %q",
+				vc.expected.Algorithm, got, want)
+		}
+	}
+	return n, err
+}
+
+// VerifyReadCloser wraps the given io.ReadCloser to verify that its contents match
+// the provided v1.Hash before io.EOF is returned.
+func VerifyReadCloser(r io.ReadCloser, h v1.Hash) (io.ReadCloser, error) {
+	w, err := v1.Hasher(h.Algorithm)
+	if err != nil {
+		return nil, err
+	}
+	r2 := io.TeeReader(r, w)
+	return &readAndCloser{
+		Reader: &verifyReader{
+			inner:    r2,
+			hasher:   w,
+			expected: h,
+		},
+		CloseFunc: r.Close,
+	}, nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/v1util/zip.go b/vendor/github.com/google/go-containerregistry/pkg/v1/v1util/zip.go
new file mode 100644
index 00000000..8e48b8ad
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/v1util/zip.go
@@ -0,0 +1,92 @@
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package v1util
+
+import (
+	"bytes"
+	"compress/gzip"
+	"io"
+)
+
+var gzipMagicHeader = []byte{'\x1f', '\x8b'}
+
+// GzipReadCloser reads uncompressed input data from the io.ReadCloser and
+// returns an io.ReadCloser from which compressed data may be read.
+// This uses gzip.BestSpeed for the compression level.
+func GzipReadCloser(r io.ReadCloser) io.ReadCloser {
+	return GzipReadCloserLevel(r, gzip.BestSpeed)
+}
+
+// GzipReadCloserLevel reads uncompressed input data from the io.ReadCloser and
+// returns an io.ReadCloser from which compressed data may be read.
+// Refer to compress/gzip for the level:
+// https://golang.org/pkg/compress/gzip/#pkg-constants
+func GzipReadCloserLevel(r io.ReadCloser, level int) io.ReadCloser {
+	pr, pw := io.Pipe()
+
+	// Returns err so we can pw.CloseWithError(err)
+	go func() error {
+		// TODO(go1.14): Just defer {pw,gw,r}.Close like you'd expect.
+		// Context: https://golang.org/issue/24283
+		gw, err := gzip.NewWriterLevel(pw, level)
+		if err != nil {
+			return pw.CloseWithError(err)
+		}
+
+		if _, err := io.Copy(gw, r); err != nil {
+			defer r.Close()
+			defer gw.Close()
+			return pw.CloseWithError(err)
+		}
+		defer pw.Close()
+		defer r.Close()
+		defer gw.Close()
+
+		return nil
+	}()
+
+	return pr
+}
+
+// GunzipReadCloser reads compressed input data from the io.ReadCloser and
+// returns an io.ReadCloser from which uncompessed data may be read.
+func GunzipReadCloser(r io.ReadCloser) (io.ReadCloser, error) {
+	gr, err := gzip.NewReader(r)
+	if err != nil {
+		return nil, err
+	}
+	return &readAndCloser{
+		Reader: gr,
+		CloseFunc: func() error {
+			if err := gr.Close(); err != nil {
+				return err
+			}
+			return r.Close()
+		},
+	}, nil
+}
+
+// IsGzipped detects whether the input stream is compressed.
+func IsGzipped(r io.Reader) (bool, error) {
+	magicHeader := make([]byte, 2)
+	n, err := r.Read(magicHeader)
+	if n == 0 && err == io.EOF {
+		return false, nil
+	}
+	if err != nil {
+		return false, err
+	}
+	return bytes.Equal(magicHeader, gzipMagicHeader), nil
+}
diff --git a/vendor/github.com/google/go-containerregistry/pkg/v1/zz_deepcopy_generated.go b/vendor/github.com/google/go-containerregistry/pkg/v1/zz_deepcopy_generated.go
new file mode 100644
index 00000000..3f92f091
--- /dev/null
+++ b/vendor/github.com/google/go-containerregistry/pkg/v1/zz_deepcopy_generated.go
@@ -0,0 +1,318 @@
+// +build !ignore_autogenerated
+
+// Copyright 2018 Google LLC All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by deepcopy-gen. DO NOT EDIT.
+
+package v1
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Config) DeepCopyInto(out *Config) {
+	*out = *in
+	if in.Cmd != nil {
+		in, out := &in.Cmd, &out.Cmd
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.Healthcheck != nil {
+		in, out := &in.Healthcheck, &out.Healthcheck
+		*out = new(HealthConfig)
+		(*in).DeepCopyInto(*out)
+	}
+	if in.Entrypoint != nil {
+		in, out := &in.Entrypoint, &out.Entrypoint
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.Env != nil {
+		in, out := &in.Env, &out.Env
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.Labels != nil {
+		in, out := &in.Labels, &out.Labels
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.OnBuild != nil {
+		in, out := &in.OnBuild, &out.OnBuild
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.Volumes != nil {
+		in, out := &in.Volumes, &out.Volumes
+		*out = make(map[string]struct{}, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.ExposedPorts != nil {
+		in, out := &in.ExposedPorts, &out.ExposedPorts
+		*out = make(map[string]struct{}, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.Shell != nil {
+		in, out := &in.Shell, &out.Shell
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Config.
+func (in *Config) DeepCopy() *Config {
+	if in == nil {
+		return nil
+	}
+	out := new(Config)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *ConfigFile) DeepCopyInto(out *ConfigFile) {
+	*out = *in
+	in.Created.DeepCopyInto(&out.Created)
+	if in.History != nil {
+		in, out := &in.History, &out.History
+		*out = make([]History, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	in.RootFS.DeepCopyInto(&out.RootFS)
+	in.Config.DeepCopyInto(&out.Config)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConfigFile.
+func (in *ConfigFile) DeepCopy() *ConfigFile {
+	if in == nil {
+		return nil
+	}
+	out := new(ConfigFile)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Descriptor) DeepCopyInto(out *Descriptor) {
+	*out = *in
+	out.Digest = in.Digest
+	if in.URLs != nil {
+		in, out := &in.URLs, &out.URLs
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.Annotations != nil {
+		in, out := &in.Annotations, &out.Annotations
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.Platform != nil {
+		in, out := &in.Platform, &out.Platform
+		*out = new(Platform)
+		(*in).DeepCopyInto(*out)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Descriptor.
+func (in *Descriptor) DeepCopy() *Descriptor {
+	if in == nil {
+		return nil
+	}
+	out := new(Descriptor)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Hash) DeepCopyInto(out *Hash) {
+	*out = *in
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Hash.
+func (in *Hash) DeepCopy() *Hash {
+	if in == nil {
+		return nil
+	}
+	out := new(Hash)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *HealthConfig) DeepCopyInto(out *HealthConfig) {
+	*out = *in
+	if in.Test != nil {
+		in, out := &in.Test, &out.Test
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HealthConfig.
+func (in *HealthConfig) DeepCopy() *HealthConfig {
+	if in == nil {
+		return nil
+	}
+	out := new(HealthConfig)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *History) DeepCopyInto(out *History) {
+	*out = *in
+	in.Created.DeepCopyInto(&out.Created)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new History.
+func (in *History) DeepCopy() *History {
+	if in == nil {
+		return nil
+	}
+	out := new(History)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *IndexManifest) DeepCopyInto(out *IndexManifest) {
+	*out = *in
+	if in.Manifests != nil {
+		in, out := &in.Manifests, &out.Manifests
+		*out = make([]Descriptor, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.Annotations != nil {
+		in, out := &in.Annotations, &out.Annotations
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IndexManifest.
+func (in *IndexManifest) DeepCopy() *IndexManifest {
+	if in == nil {
+		return nil
+	}
+	out := new(IndexManifest)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Manifest) DeepCopyInto(out *Manifest) {
+	*out = *in
+	in.Config.DeepCopyInto(&out.Config)
+	if in.Layers != nil {
+		in, out := &in.Layers, &out.Layers
+		*out = make([]Descriptor, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	if in.Annotations != nil {
+		in, out := &in.Annotations, &out.Annotations
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Manifest.
+func (in *Manifest) DeepCopy() *Manifest {
+	if in == nil {
+		return nil
+	}
+	out := new(Manifest)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *Platform) DeepCopyInto(out *Platform) {
+	*out = *in
+	if in.OSFeatures != nil {
+		in, out := &in.OSFeatures, &out.OSFeatures
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	if in.Features != nil {
+		in, out := &in.Features, &out.Features
+		*out = make([]string, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Platform.
+func (in *Platform) DeepCopy() *Platform {
+	if in == nil {
+		return nil
+	}
+	out := new(Platform)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RootFS) DeepCopyInto(out *RootFS) {
+	*out = *in
+	if in.DiffIDs != nil {
+		in, out := &in.DiffIDs, &out.DiffIDs
+		*out = make([]Hash, len(*in))
+		copy(*out, *in)
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RootFS.
+func (in *RootFS) DeepCopy() *RootFS {
+	if in == nil {
+		return nil
+	}
+	out := new(RootFS)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Time.
+func (in *Time) DeepCopy() *Time {
+	if in == nil {
+		return nil
+	}
+	out := new(Time)
+	in.DeepCopyInto(out)
+	return out
+}
diff --git a/vendor/github.com/googleapis/gnostic/OpenAPIv2/OpenAPIv2.go b/vendor/github.com/googleapis/gnostic/OpenAPIv2/OpenAPIv2.go
index 0e32451a..5351f36f 100644
--- a/vendor/github.com/googleapis/gnostic/OpenAPIv2/OpenAPIv2.go
+++ b/vendor/github.com/googleapis/gnostic/OpenAPIv2/OpenAPIv2.go
@@ -7106,20 +7106,20 @@ func (m *Any) ToRawInfo() interface{} {
 func (m *ApiKeySecurity) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Type != "" {
-		info = append(info, yaml.MapItem{"type", m.Type})
+		info = append(info, yaml.MapItem{Key: "type", Value: m.Type})
 	}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	if m.In != "" {
-		info = append(info, yaml.MapItem{"in", m.In})
+		info = append(info, yaml.MapItem{Key: "in", Value: m.In})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -7130,14 +7130,14 @@ func (m *ApiKeySecurity) ToRawInfo() interface{} {
 func (m *BasicAuthenticationSecurity) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Type != "" {
-		info = append(info, yaml.MapItem{"type", m.Type})
+		info = append(info, yaml.MapItem{Key: "type", Value: m.Type})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -7148,24 +7148,24 @@ func (m *BasicAuthenticationSecurity) ToRawInfo() interface{} {
 func (m *BodyParameter) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	if m.In != "" {
-		info = append(info, yaml.MapItem{"in", m.In})
+		info = append(info, yaml.MapItem{Key: "in", Value: m.In})
 	}
 	if m.Required != false {
-		info = append(info, yaml.MapItem{"required", m.Required})
+		info = append(info, yaml.MapItem{Key: "required", Value: m.Required})
 	}
 	if m.Schema != nil {
-		info = append(info, yaml.MapItem{"schema", m.Schema.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "schema", Value: m.Schema.ToRawInfo()})
 	}
 	// &{Name:schema Type:Schema StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -7176,17 +7176,17 @@ func (m *BodyParameter) ToRawInfo() interface{} {
 func (m *Contact) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	if m.Url != "" {
-		info = append(info, yaml.MapItem{"url", m.Url})
+		info = append(info, yaml.MapItem{Key: "url", Value: m.Url})
 	}
 	if m.Email != "" {
-		info = append(info, yaml.MapItem{"email", m.Email})
+		info = append(info, yaml.MapItem{Key: "email", Value: m.Email})
 	}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -7198,7 +7198,7 @@ func (m *Default) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.AdditionalProperties != nil {
 		for _, item := range m.AdditionalProperties {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:additionalProperties Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern: Implicit:false Description:}
@@ -7210,7 +7210,7 @@ func (m *Definitions) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.AdditionalProperties != nil {
 		for _, item := range m.AdditionalProperties {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:additionalProperties Type:NamedSchema StringEnumValues:[] MapType:Schema Repeated:true Pattern: Implicit:true Description:}
@@ -7221,41 +7221,41 @@ func (m *Definitions) ToRawInfo() interface{} {
 func (m *Document) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Swagger != "" {
-		info = append(info, yaml.MapItem{"swagger", m.Swagger})
+		info = append(info, yaml.MapItem{Key: "swagger", Value: m.Swagger})
 	}
 	if m.Info != nil {
-		info = append(info, yaml.MapItem{"info", m.Info.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "info", Value: m.Info.ToRawInfo()})
 	}
 	// &{Name:info Type:Info StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Host != "" {
-		info = append(info, yaml.MapItem{"host", m.Host})
+		info = append(info, yaml.MapItem{Key: "host", Value: m.Host})
 	}
 	if m.BasePath != "" {
-		info = append(info, yaml.MapItem{"basePath", m.BasePath})
+		info = append(info, yaml.MapItem{Key: "basePath", Value: m.BasePath})
 	}
 	if len(m.Schemes) != 0 {
-		info = append(info, yaml.MapItem{"schemes", m.Schemes})
+		info = append(info, yaml.MapItem{Key: "schemes", Value: m.Schemes})
 	}
 	if len(m.Consumes) != 0 {
-		info = append(info, yaml.MapItem{"consumes", m.Consumes})
+		info = append(info, yaml.MapItem{Key: "consumes", Value: m.Consumes})
 	}
 	if len(m.Produces) != 0 {
-		info = append(info, yaml.MapItem{"produces", m.Produces})
+		info = append(info, yaml.MapItem{Key: "produces", Value: m.Produces})
 	}
 	if m.Paths != nil {
-		info = append(info, yaml.MapItem{"paths", m.Paths.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "paths", Value: m.Paths.ToRawInfo()})
 	}
 	// &{Name:paths Type:Paths StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Definitions != nil {
-		info = append(info, yaml.MapItem{"definitions", m.Definitions.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "definitions", Value: m.Definitions.ToRawInfo()})
 	}
 	// &{Name:definitions Type:Definitions StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Parameters != nil {
-		info = append(info, yaml.MapItem{"parameters", m.Parameters.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "parameters", Value: m.Parameters.ToRawInfo()})
 	}
 	// &{Name:parameters Type:ParameterDefinitions StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Responses != nil {
-		info = append(info, yaml.MapItem{"responses", m.Responses.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "responses", Value: m.Responses.ToRawInfo()})
 	}
 	// &{Name:responses Type:ResponseDefinitions StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if len(m.Security) != 0 {
@@ -7263,11 +7263,11 @@ func (m *Document) ToRawInfo() interface{} {
 		for _, item := range m.Security {
 			items = append(items, item.ToRawInfo())
 		}
-		info = append(info, yaml.MapItem{"security", items})
+		info = append(info, yaml.MapItem{Key: "security", Value: items})
 	}
 	// &{Name:security Type:SecurityRequirement StringEnumValues:[] MapType: Repeated:true Pattern: Implicit:false Description:}
 	if m.SecurityDefinitions != nil {
-		info = append(info, yaml.MapItem{"securityDefinitions", m.SecurityDefinitions.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "securityDefinitions", Value: m.SecurityDefinitions.ToRawInfo()})
 	}
 	// &{Name:securityDefinitions Type:SecurityDefinitions StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if len(m.Tags) != 0 {
@@ -7275,16 +7275,16 @@ func (m *Document) ToRawInfo() interface{} {
 		for _, item := range m.Tags {
 			items = append(items, item.ToRawInfo())
 		}
-		info = append(info, yaml.MapItem{"tags", items})
+		info = append(info, yaml.MapItem{Key: "tags", Value: items})
 	}
 	// &{Name:tags Type:Tag StringEnumValues:[] MapType: Repeated:true Pattern: Implicit:false Description:}
 	if m.ExternalDocs != nil {
-		info = append(info, yaml.MapItem{"externalDocs", m.ExternalDocs.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "externalDocs", Value: m.ExternalDocs.ToRawInfo()})
 	}
 	// &{Name:externalDocs Type:ExternalDocs StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -7296,7 +7296,7 @@ func (m *Examples) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.AdditionalProperties != nil {
 		for _, item := range m.AdditionalProperties {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:additionalProperties Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern: Implicit:true Description:}
@@ -7307,14 +7307,14 @@ func (m *Examples) ToRawInfo() interface{} {
 func (m *ExternalDocs) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.Url != "" {
-		info = append(info, yaml.MapItem{"url", m.Url})
+		info = append(info, yaml.MapItem{Key: "url", Value: m.Url})
 	}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -7325,38 +7325,38 @@ func (m *ExternalDocs) ToRawInfo() interface{} {
 func (m *FileSchema) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Format != "" {
-		info = append(info, yaml.MapItem{"format", m.Format})
+		info = append(info, yaml.MapItem{Key: "format", Value: m.Format})
 	}
 	if m.Title != "" {
-		info = append(info, yaml.MapItem{"title", m.Title})
+		info = append(info, yaml.MapItem{Key: "title", Value: m.Title})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.Default != nil {
-		info = append(info, yaml.MapItem{"default", m.Default.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "default", Value: m.Default.ToRawInfo()})
 	}
 	// &{Name:default Type:Any StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if len(m.Required) != 0 {
-		info = append(info, yaml.MapItem{"required", m.Required})
+		info = append(info, yaml.MapItem{Key: "required", Value: m.Required})
 	}
 	if m.Type != "" {
-		info = append(info, yaml.MapItem{"type", m.Type})
+		info = append(info, yaml.MapItem{Key: "type", Value: m.Type})
 	}
 	if m.ReadOnly != false {
-		info = append(info, yaml.MapItem{"readOnly", m.ReadOnly})
+		info = append(info, yaml.MapItem{Key: "readOnly", Value: m.ReadOnly})
 	}
 	if m.ExternalDocs != nil {
-		info = append(info, yaml.MapItem{"externalDocs", m.ExternalDocs.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "externalDocs", Value: m.ExternalDocs.ToRawInfo()})
 	}
 	// &{Name:externalDocs Type:ExternalDocs StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Example != nil {
-		info = append(info, yaml.MapItem{"example", m.Example.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "example", Value: m.Example.ToRawInfo()})
 	}
 	// &{Name:example Type:Any StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -7367,81 +7367,81 @@ func (m *FileSchema) ToRawInfo() interface{} {
 func (m *FormDataParameterSubSchema) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Required != false {
-		info = append(info, yaml.MapItem{"required", m.Required})
+		info = append(info, yaml.MapItem{Key: "required", Value: m.Required})
 	}
 	if m.In != "" {
-		info = append(info, yaml.MapItem{"in", m.In})
+		info = append(info, yaml.MapItem{Key: "in", Value: m.In})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	if m.AllowEmptyValue != false {
-		info = append(info, yaml.MapItem{"allowEmptyValue", m.AllowEmptyValue})
+		info = append(info, yaml.MapItem{Key: "allowEmptyValue", Value: m.AllowEmptyValue})
 	}
 	if m.Type != "" {
-		info = append(info, yaml.MapItem{"type", m.Type})
+		info = append(info, yaml.MapItem{Key: "type", Value: m.Type})
 	}
 	if m.Format != "" {
-		info = append(info, yaml.MapItem{"format", m.Format})
+		info = append(info, yaml.MapItem{Key: "format", Value: m.Format})
 	}
 	if m.Items != nil {
-		info = append(info, yaml.MapItem{"items", m.Items.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "items", Value: m.Items.ToRawInfo()})
 	}
 	// &{Name:items Type:PrimitivesItems StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.CollectionFormat != "" {
-		info = append(info, yaml.MapItem{"collectionFormat", m.CollectionFormat})
+		info = append(info, yaml.MapItem{Key: "collectionFormat", Value: m.CollectionFormat})
 	}
 	if m.Default != nil {
-		info = append(info, yaml.MapItem{"default", m.Default.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "default", Value: m.Default.ToRawInfo()})
 	}
 	// &{Name:default Type:Any StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Maximum != 0.0 {
-		info = append(info, yaml.MapItem{"maximum", m.Maximum})
+		info = append(info, yaml.MapItem{Key: "maximum", Value: m.Maximum})
 	}
 	if m.ExclusiveMaximum != false {
-		info = append(info, yaml.MapItem{"exclusiveMaximum", m.ExclusiveMaximum})
+		info = append(info, yaml.MapItem{Key: "exclusiveMaximum", Value: m.ExclusiveMaximum})
 	}
 	if m.Minimum != 0.0 {
-		info = append(info, yaml.MapItem{"minimum", m.Minimum})
+		info = append(info, yaml.MapItem{Key: "minimum", Value: m.Minimum})
 	}
 	if m.ExclusiveMinimum != false {
-		info = append(info, yaml.MapItem{"exclusiveMinimum", m.ExclusiveMinimum})
+		info = append(info, yaml.MapItem{Key: "exclusiveMinimum", Value: m.ExclusiveMinimum})
 	}
 	if m.MaxLength != 0 {
-		info = append(info, yaml.MapItem{"maxLength", m.MaxLength})
+		info = append(info, yaml.MapItem{Key: "maxLength", Value: m.MaxLength})
 	}
 	if m.MinLength != 0 {
-		info = append(info, yaml.MapItem{"minLength", m.MinLength})
+		info = append(info, yaml.MapItem{Key: "minLength", Value: m.MinLength})
 	}
 	if m.Pattern != "" {
-		info = append(info, yaml.MapItem{"pattern", m.Pattern})
+		info = append(info, yaml.MapItem{Key: "pattern", Value: m.Pattern})
 	}
 	if m.MaxItems != 0 {
-		info = append(info, yaml.MapItem{"maxItems", m.MaxItems})
+		info = append(info, yaml.MapItem{Key: "maxItems", Value: m.MaxItems})
 	}
 	if m.MinItems != 0 {
-		info = append(info, yaml.MapItem{"minItems", m.MinItems})
+		info = append(info, yaml.MapItem{Key: "minItems", Value: m.MinItems})
 	}
 	if m.UniqueItems != false {
-		info = append(info, yaml.MapItem{"uniqueItems", m.UniqueItems})
+		info = append(info, yaml.MapItem{Key: "uniqueItems", Value: m.UniqueItems})
 	}
 	if len(m.Enum) != 0 {
 		items := make([]interface{}, 0)
 		for _, item := range m.Enum {
 			items = append(items, item.ToRawInfo())
 		}
-		info = append(info, yaml.MapItem{"enum", items})
+		info = append(info, yaml.MapItem{Key: "enum", Value: items})
 	}
 	// &{Name:enum Type:Any StringEnumValues:[] MapType: Repeated:true Pattern: Implicit:false Description:}
 	if m.MultipleOf != 0.0 {
-		info = append(info, yaml.MapItem{"multipleOf", m.MultipleOf})
+		info = append(info, yaml.MapItem{Key: "multipleOf", Value: m.MultipleOf})
 	}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -7452,69 +7452,69 @@ func (m *FormDataParameterSubSchema) ToRawInfo() interface{} {
 func (m *Header) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Type != "" {
-		info = append(info, yaml.MapItem{"type", m.Type})
+		info = append(info, yaml.MapItem{Key: "type", Value: m.Type})
 	}
 	if m.Format != "" {
-		info = append(info, yaml.MapItem{"format", m.Format})
+		info = append(info, yaml.MapItem{Key: "format", Value: m.Format})
 	}
 	if m.Items != nil {
-		info = append(info, yaml.MapItem{"items", m.Items.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "items", Value: m.Items.ToRawInfo()})
 	}
 	// &{Name:items Type:PrimitivesItems StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.CollectionFormat != "" {
-		info = append(info, yaml.MapItem{"collectionFormat", m.CollectionFormat})
+		info = append(info, yaml.MapItem{Key: "collectionFormat", Value: m.CollectionFormat})
 	}
 	if m.Default != nil {
-		info = append(info, yaml.MapItem{"default", m.Default.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "default", Value: m.Default.ToRawInfo()})
 	}
 	// &{Name:default Type:Any StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Maximum != 0.0 {
-		info = append(info, yaml.MapItem{"maximum", m.Maximum})
+		info = append(info, yaml.MapItem{Key: "maximum", Value: m.Maximum})
 	}
 	if m.ExclusiveMaximum != false {
-		info = append(info, yaml.MapItem{"exclusiveMaximum", m.ExclusiveMaximum})
+		info = append(info, yaml.MapItem{Key: "exclusiveMaximum", Value: m.ExclusiveMaximum})
 	}
 	if m.Minimum != 0.0 {
-		info = append(info, yaml.MapItem{"minimum", m.Minimum})
+		info = append(info, yaml.MapItem{Key: "minimum", Value: m.Minimum})
 	}
 	if m.ExclusiveMinimum != false {
-		info = append(info, yaml.MapItem{"exclusiveMinimum", m.ExclusiveMinimum})
+		info = append(info, yaml.MapItem{Key: "exclusiveMinimum", Value: m.ExclusiveMinimum})
 	}
 	if m.MaxLength != 0 {
-		info = append(info, yaml.MapItem{"maxLength", m.MaxLength})
+		info = append(info, yaml.MapItem{Key: "maxLength", Value: m.MaxLength})
 	}
 	if m.MinLength != 0 {
-		info = append(info, yaml.MapItem{"minLength", m.MinLength})
+		info = append(info, yaml.MapItem{Key: "minLength", Value: m.MinLength})
 	}
 	if m.Pattern != "" {
-		info = append(info, yaml.MapItem{"pattern", m.Pattern})
+		info = append(info, yaml.MapItem{Key: "pattern", Value: m.Pattern})
 	}
 	if m.MaxItems != 0 {
-		info = append(info, yaml.MapItem{"maxItems", m.MaxItems})
+		info = append(info, yaml.MapItem{Key: "maxItems", Value: m.MaxItems})
 	}
 	if m.MinItems != 0 {
-		info = append(info, yaml.MapItem{"minItems", m.MinItems})
+		info = append(info, yaml.MapItem{Key: "minItems", Value: m.MinItems})
 	}
 	if m.UniqueItems != false {
-		info = append(info, yaml.MapItem{"uniqueItems", m.UniqueItems})
+		info = append(info, yaml.MapItem{Key: "uniqueItems", Value: m.UniqueItems})
 	}
 	if len(m.Enum) != 0 {
 		items := make([]interface{}, 0)
 		for _, item := range m.Enum {
 			items = append(items, item.ToRawInfo())
 		}
-		info = append(info, yaml.MapItem{"enum", items})
+		info = append(info, yaml.MapItem{Key: "enum", Value: items})
 	}
 	// &{Name:enum Type:Any StringEnumValues:[] MapType: Repeated:true Pattern: Implicit:false Description:}
 	if m.MultipleOf != 0.0 {
-		info = append(info, yaml.MapItem{"multipleOf", m.MultipleOf})
+		info = append(info, yaml.MapItem{Key: "multipleOf", Value: m.MultipleOf})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -7525,78 +7525,78 @@ func (m *Header) ToRawInfo() interface{} {
 func (m *HeaderParameterSubSchema) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Required != false {
-		info = append(info, yaml.MapItem{"required", m.Required})
+		info = append(info, yaml.MapItem{Key: "required", Value: m.Required})
 	}
 	if m.In != "" {
-		info = append(info, yaml.MapItem{"in", m.In})
+		info = append(info, yaml.MapItem{Key: "in", Value: m.In})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	if m.Type != "" {
-		info = append(info, yaml.MapItem{"type", m.Type})
+		info = append(info, yaml.MapItem{Key: "type", Value: m.Type})
 	}
 	if m.Format != "" {
-		info = append(info, yaml.MapItem{"format", m.Format})
+		info = append(info, yaml.MapItem{Key: "format", Value: m.Format})
 	}
 	if m.Items != nil {
-		info = append(info, yaml.MapItem{"items", m.Items.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "items", Value: m.Items.ToRawInfo()})
 	}
 	// &{Name:items Type:PrimitivesItems StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.CollectionFormat != "" {
-		info = append(info, yaml.MapItem{"collectionFormat", m.CollectionFormat})
+		info = append(info, yaml.MapItem{Key: "collectionFormat", Value: m.CollectionFormat})
 	}
 	if m.Default != nil {
-		info = append(info, yaml.MapItem{"default", m.Default.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "default", Value: m.Default.ToRawInfo()})
 	}
 	// &{Name:default Type:Any StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Maximum != 0.0 {
-		info = append(info, yaml.MapItem{"maximum", m.Maximum})
+		info = append(info, yaml.MapItem{Key: "maximum", Value: m.Maximum})
 	}
 	if m.ExclusiveMaximum != false {
-		info = append(info, yaml.MapItem{"exclusiveMaximum", m.ExclusiveMaximum})
+		info = append(info, yaml.MapItem{Key: "exclusiveMaximum", Value: m.ExclusiveMaximum})
 	}
 	if m.Minimum != 0.0 {
-		info = append(info, yaml.MapItem{"minimum", m.Minimum})
+		info = append(info, yaml.MapItem{Key: "minimum", Value: m.Minimum})
 	}
 	if m.ExclusiveMinimum != false {
-		info = append(info, yaml.MapItem{"exclusiveMinimum", m.ExclusiveMinimum})
+		info = append(info, yaml.MapItem{Key: "exclusiveMinimum", Value: m.ExclusiveMinimum})
 	}
 	if m.MaxLength != 0 {
-		info = append(info, yaml.MapItem{"maxLength", m.MaxLength})
+		info = append(info, yaml.MapItem{Key: "maxLength", Value: m.MaxLength})
 	}
 	if m.MinLength != 0 {
-		info = append(info, yaml.MapItem{"minLength", m.MinLength})
+		info = append(info, yaml.MapItem{Key: "minLength", Value: m.MinLength})
 	}
 	if m.Pattern != "" {
-		info = append(info, yaml.MapItem{"pattern", m.Pattern})
+		info = append(info, yaml.MapItem{Key: "pattern", Value: m.Pattern})
 	}
 	if m.MaxItems != 0 {
-		info = append(info, yaml.MapItem{"maxItems", m.MaxItems})
+		info = append(info, yaml.MapItem{Key: "maxItems", Value: m.MaxItems})
 	}
 	if m.MinItems != 0 {
-		info = append(info, yaml.MapItem{"minItems", m.MinItems})
+		info = append(info, yaml.MapItem{Key: "minItems", Value: m.MinItems})
 	}
 	if m.UniqueItems != false {
-		info = append(info, yaml.MapItem{"uniqueItems", m.UniqueItems})
+		info = append(info, yaml.MapItem{Key: "uniqueItems", Value: m.UniqueItems})
 	}
 	if len(m.Enum) != 0 {
 		items := make([]interface{}, 0)
 		for _, item := range m.Enum {
 			items = append(items, item.ToRawInfo())
 		}
-		info = append(info, yaml.MapItem{"enum", items})
+		info = append(info, yaml.MapItem{Key: "enum", Value: items})
 	}
 	// &{Name:enum Type:Any StringEnumValues:[] MapType: Repeated:true Pattern: Implicit:false Description:}
 	if m.MultipleOf != 0.0 {
-		info = append(info, yaml.MapItem{"multipleOf", m.MultipleOf})
+		info = append(info, yaml.MapItem{Key: "multipleOf", Value: m.MultipleOf})
 	}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -7608,7 +7608,7 @@ func (m *Headers) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.AdditionalProperties != nil {
 		for _, item := range m.AdditionalProperties {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:additionalProperties Type:NamedHeader StringEnumValues:[] MapType:Header Repeated:true Pattern: Implicit:true Description:}
@@ -7619,28 +7619,28 @@ func (m *Headers) ToRawInfo() interface{} {
 func (m *Info) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Title != "" {
-		info = append(info, yaml.MapItem{"title", m.Title})
+		info = append(info, yaml.MapItem{Key: "title", Value: m.Title})
 	}
 	if m.Version != "" {
-		info = append(info, yaml.MapItem{"version", m.Version})
+		info = append(info, yaml.MapItem{Key: "version", Value: m.Version})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.TermsOfService != "" {
-		info = append(info, yaml.MapItem{"termsOfService", m.TermsOfService})
+		info = append(info, yaml.MapItem{Key: "termsOfService", Value: m.TermsOfService})
 	}
 	if m.Contact != nil {
-		info = append(info, yaml.MapItem{"contact", m.Contact.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "contact", Value: m.Contact.ToRawInfo()})
 	}
 	// &{Name:contact Type:Contact StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.License != nil {
-		info = append(info, yaml.MapItem{"license", m.License.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "license", Value: m.License.ToRawInfo()})
 	}
 	// &{Name:license Type:License StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -7655,7 +7655,7 @@ func (m *ItemsItem) ToRawInfo() interface{} {
 		for _, item := range m.Schema {
 			items = append(items, item.ToRawInfo())
 		}
-		info = append(info, yaml.MapItem{"schema", items})
+		info = append(info, yaml.MapItem{Key: "schema", Value: items})
 	}
 	// &{Name:schema Type:Schema StringEnumValues:[] MapType: Repeated:true Pattern: Implicit:false Description:}
 	return info
@@ -7665,10 +7665,10 @@ func (m *ItemsItem) ToRawInfo() interface{} {
 func (m *JsonReference) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.XRef != "" {
-		info = append(info, yaml.MapItem{"$ref", m.XRef})
+		info = append(info, yaml.MapItem{Key: "$ref", Value: m.XRef})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	return info
 }
@@ -7677,14 +7677,14 @@ func (m *JsonReference) ToRawInfo() interface{} {
 func (m *License) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	if m.Url != "" {
-		info = append(info, yaml.MapItem{"url", m.Url})
+		info = append(info, yaml.MapItem{Key: "url", Value: m.Url})
 	}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -7695,7 +7695,7 @@ func (m *License) ToRawInfo() interface{} {
 func (m *NamedAny) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	// &{Name:value Type:Any StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
 	return info
@@ -7705,7 +7705,7 @@ func (m *NamedAny) ToRawInfo() interface{} {
 func (m *NamedHeader) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	// &{Name:value Type:Header StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
 	return info
@@ -7715,7 +7715,7 @@ func (m *NamedHeader) ToRawInfo() interface{} {
 func (m *NamedParameter) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	// &{Name:value Type:Parameter StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
 	return info
@@ -7725,7 +7725,7 @@ func (m *NamedParameter) ToRawInfo() interface{} {
 func (m *NamedPathItem) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	// &{Name:value Type:PathItem StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
 	return info
@@ -7735,7 +7735,7 @@ func (m *NamedPathItem) ToRawInfo() interface{} {
 func (m *NamedResponse) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	// &{Name:value Type:Response StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
 	return info
@@ -7745,7 +7745,7 @@ func (m *NamedResponse) ToRawInfo() interface{} {
 func (m *NamedResponseValue) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	// &{Name:value Type:ResponseValue StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
 	return info
@@ -7755,7 +7755,7 @@ func (m *NamedResponseValue) ToRawInfo() interface{} {
 func (m *NamedSchema) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	// &{Name:value Type:Schema StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
 	return info
@@ -7765,7 +7765,7 @@ func (m *NamedSchema) ToRawInfo() interface{} {
 func (m *NamedSecurityDefinitionsItem) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	// &{Name:value Type:SecurityDefinitionsItem StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
 	return info
@@ -7775,10 +7775,10 @@ func (m *NamedSecurityDefinitionsItem) ToRawInfo() interface{} {
 func (m *NamedString) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	if m.Value != "" {
-		info = append(info, yaml.MapItem{"value", m.Value})
+		info = append(info, yaml.MapItem{Key: "value", Value: m.Value})
 	}
 	return info
 }
@@ -7787,7 +7787,7 @@ func (m *NamedString) ToRawInfo() interface{} {
 func (m *NamedStringArray) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	// &{Name:value Type:StringArray StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:Mapped value}
 	return info
@@ -7824,27 +7824,27 @@ func (m *NonBodyParameter) ToRawInfo() interface{} {
 func (m *Oauth2AccessCodeSecurity) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Type != "" {
-		info = append(info, yaml.MapItem{"type", m.Type})
+		info = append(info, yaml.MapItem{Key: "type", Value: m.Type})
 	}
 	if m.Flow != "" {
-		info = append(info, yaml.MapItem{"flow", m.Flow})
+		info = append(info, yaml.MapItem{Key: "flow", Value: m.Flow})
 	}
 	if m.Scopes != nil {
-		info = append(info, yaml.MapItem{"scopes", m.Scopes.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "scopes", Value: m.Scopes.ToRawInfo()})
 	}
 	// &{Name:scopes Type:Oauth2Scopes StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.AuthorizationUrl != "" {
-		info = append(info, yaml.MapItem{"authorizationUrl", m.AuthorizationUrl})
+		info = append(info, yaml.MapItem{Key: "authorizationUrl", Value: m.AuthorizationUrl})
 	}
 	if m.TokenUrl != "" {
-		info = append(info, yaml.MapItem{"tokenUrl", m.TokenUrl})
+		info = append(info, yaml.MapItem{Key: "tokenUrl", Value: m.TokenUrl})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -7855,24 +7855,24 @@ func (m *Oauth2AccessCodeSecurity) ToRawInfo() interface{} {
 func (m *Oauth2ApplicationSecurity) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Type != "" {
-		info = append(info, yaml.MapItem{"type", m.Type})
+		info = append(info, yaml.MapItem{Key: "type", Value: m.Type})
 	}
 	if m.Flow != "" {
-		info = append(info, yaml.MapItem{"flow", m.Flow})
+		info = append(info, yaml.MapItem{Key: "flow", Value: m.Flow})
 	}
 	if m.Scopes != nil {
-		info = append(info, yaml.MapItem{"scopes", m.Scopes.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "scopes", Value: m.Scopes.ToRawInfo()})
 	}
 	// &{Name:scopes Type:Oauth2Scopes StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.TokenUrl != "" {
-		info = append(info, yaml.MapItem{"tokenUrl", m.TokenUrl})
+		info = append(info, yaml.MapItem{Key: "tokenUrl", Value: m.TokenUrl})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -7883,24 +7883,24 @@ func (m *Oauth2ApplicationSecurity) ToRawInfo() interface{} {
 func (m *Oauth2ImplicitSecurity) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Type != "" {
-		info = append(info, yaml.MapItem{"type", m.Type})
+		info = append(info, yaml.MapItem{Key: "type", Value: m.Type})
 	}
 	if m.Flow != "" {
-		info = append(info, yaml.MapItem{"flow", m.Flow})
+		info = append(info, yaml.MapItem{Key: "flow", Value: m.Flow})
 	}
 	if m.Scopes != nil {
-		info = append(info, yaml.MapItem{"scopes", m.Scopes.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "scopes", Value: m.Scopes.ToRawInfo()})
 	}
 	// &{Name:scopes Type:Oauth2Scopes StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.AuthorizationUrl != "" {
-		info = append(info, yaml.MapItem{"authorizationUrl", m.AuthorizationUrl})
+		info = append(info, yaml.MapItem{Key: "authorizationUrl", Value: m.AuthorizationUrl})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -7911,24 +7911,24 @@ func (m *Oauth2ImplicitSecurity) ToRawInfo() interface{} {
 func (m *Oauth2PasswordSecurity) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Type != "" {
-		info = append(info, yaml.MapItem{"type", m.Type})
+		info = append(info, yaml.MapItem{Key: "type", Value: m.Type})
 	}
 	if m.Flow != "" {
-		info = append(info, yaml.MapItem{"flow", m.Flow})
+		info = append(info, yaml.MapItem{Key: "flow", Value: m.Flow})
 	}
 	if m.Scopes != nil {
-		info = append(info, yaml.MapItem{"scopes", m.Scopes.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "scopes", Value: m.Scopes.ToRawInfo()})
 	}
 	// &{Name:scopes Type:Oauth2Scopes StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.TokenUrl != "" {
-		info = append(info, yaml.MapItem{"tokenUrl", m.TokenUrl})
+		info = append(info, yaml.MapItem{Key: "tokenUrl", Value: m.TokenUrl})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -7946,56 +7946,56 @@ func (m *Oauth2Scopes) ToRawInfo() interface{} {
 func (m *Operation) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if len(m.Tags) != 0 {
-		info = append(info, yaml.MapItem{"tags", m.Tags})
+		info = append(info, yaml.MapItem{Key: "tags", Value: m.Tags})
 	}
 	if m.Summary != "" {
-		info = append(info, yaml.MapItem{"summary", m.Summary})
+		info = append(info, yaml.MapItem{Key: "summary", Value: m.Summary})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.ExternalDocs != nil {
-		info = append(info, yaml.MapItem{"externalDocs", m.ExternalDocs.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "externalDocs", Value: m.ExternalDocs.ToRawInfo()})
 	}
 	// &{Name:externalDocs Type:ExternalDocs StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.OperationId != "" {
-		info = append(info, yaml.MapItem{"operationId", m.OperationId})
+		info = append(info, yaml.MapItem{Key: "operationId", Value: m.OperationId})
 	}
 	if len(m.Produces) != 0 {
-		info = append(info, yaml.MapItem{"produces", m.Produces})
+		info = append(info, yaml.MapItem{Key: "produces", Value: m.Produces})
 	}
 	if len(m.Consumes) != 0 {
-		info = append(info, yaml.MapItem{"consumes", m.Consumes})
+		info = append(info, yaml.MapItem{Key: "consumes", Value: m.Consumes})
 	}
 	if len(m.Parameters) != 0 {
 		items := make([]interface{}, 0)
 		for _, item := range m.Parameters {
 			items = append(items, item.ToRawInfo())
 		}
-		info = append(info, yaml.MapItem{"parameters", items})
+		info = append(info, yaml.MapItem{Key: "parameters", Value: items})
 	}
 	// &{Name:parameters Type:ParametersItem StringEnumValues:[] MapType: Repeated:true Pattern: Implicit:false Description:The parameters needed to send a valid API call.}
 	if m.Responses != nil {
-		info = append(info, yaml.MapItem{"responses", m.Responses.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "responses", Value: m.Responses.ToRawInfo()})
 	}
 	// &{Name:responses Type:Responses StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if len(m.Schemes) != 0 {
-		info = append(info, yaml.MapItem{"schemes", m.Schemes})
+		info = append(info, yaml.MapItem{Key: "schemes", Value: m.Schemes})
 	}
 	if m.Deprecated != false {
-		info = append(info, yaml.MapItem{"deprecated", m.Deprecated})
+		info = append(info, yaml.MapItem{Key: "deprecated", Value: m.Deprecated})
 	}
 	if len(m.Security) != 0 {
 		items := make([]interface{}, 0)
 		for _, item := range m.Security {
 			items = append(items, item.ToRawInfo())
 		}
-		info = append(info, yaml.MapItem{"security", items})
+		info = append(info, yaml.MapItem{Key: "security", Value: items})
 	}
 	// &{Name:security Type:SecurityRequirement StringEnumValues:[] MapType: Repeated:true Pattern: Implicit:false Description:}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -8024,7 +8024,7 @@ func (m *ParameterDefinitions) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.AdditionalProperties != nil {
 		for _, item := range m.AdditionalProperties {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:additionalProperties Type:NamedParameter StringEnumValues:[] MapType:Parameter Repeated:true Pattern: Implicit:true Description:}
@@ -8052,34 +8052,34 @@ func (m *ParametersItem) ToRawInfo() interface{} {
 func (m *PathItem) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.XRef != "" {
-		info = append(info, yaml.MapItem{"$ref", m.XRef})
+		info = append(info, yaml.MapItem{Key: "$ref", Value: m.XRef})
 	}
 	if m.Get != nil {
-		info = append(info, yaml.MapItem{"get", m.Get.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "get", Value: m.Get.ToRawInfo()})
 	}
 	// &{Name:get Type:Operation StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Put != nil {
-		info = append(info, yaml.MapItem{"put", m.Put.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "put", Value: m.Put.ToRawInfo()})
 	}
 	// &{Name:put Type:Operation StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Post != nil {
-		info = append(info, yaml.MapItem{"post", m.Post.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "post", Value: m.Post.ToRawInfo()})
 	}
 	// &{Name:post Type:Operation StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Delete != nil {
-		info = append(info, yaml.MapItem{"delete", m.Delete.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "delete", Value: m.Delete.ToRawInfo()})
 	}
 	// &{Name:delete Type:Operation StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Options != nil {
-		info = append(info, yaml.MapItem{"options", m.Options.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "options", Value: m.Options.ToRawInfo()})
 	}
 	// &{Name:options Type:Operation StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Head != nil {
-		info = append(info, yaml.MapItem{"head", m.Head.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "head", Value: m.Head.ToRawInfo()})
 	}
 	// &{Name:head Type:Operation StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Patch != nil {
-		info = append(info, yaml.MapItem{"patch", m.Patch.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "patch", Value: m.Patch.ToRawInfo()})
 	}
 	// &{Name:patch Type:Operation StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if len(m.Parameters) != 0 {
@@ -8087,12 +8087,12 @@ func (m *PathItem) ToRawInfo() interface{} {
 		for _, item := range m.Parameters {
 			items = append(items, item.ToRawInfo())
 		}
-		info = append(info, yaml.MapItem{"parameters", items})
+		info = append(info, yaml.MapItem{Key: "parameters", Value: items})
 	}
 	// &{Name:parameters Type:ParametersItem StringEnumValues:[] MapType: Repeated:true Pattern: Implicit:false Description:The parameters needed to send a valid API call.}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -8103,78 +8103,78 @@ func (m *PathItem) ToRawInfo() interface{} {
 func (m *PathParameterSubSchema) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Required != false {
-		info = append(info, yaml.MapItem{"required", m.Required})
+		info = append(info, yaml.MapItem{Key: "required", Value: m.Required})
 	}
 	if m.In != "" {
-		info = append(info, yaml.MapItem{"in", m.In})
+		info = append(info, yaml.MapItem{Key: "in", Value: m.In})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	if m.Type != "" {
-		info = append(info, yaml.MapItem{"type", m.Type})
+		info = append(info, yaml.MapItem{Key: "type", Value: m.Type})
 	}
 	if m.Format != "" {
-		info = append(info, yaml.MapItem{"format", m.Format})
+		info = append(info, yaml.MapItem{Key: "format", Value: m.Format})
 	}
 	if m.Items != nil {
-		info = append(info, yaml.MapItem{"items", m.Items.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "items", Value: m.Items.ToRawInfo()})
 	}
 	// &{Name:items Type:PrimitivesItems StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.CollectionFormat != "" {
-		info = append(info, yaml.MapItem{"collectionFormat", m.CollectionFormat})
+		info = append(info, yaml.MapItem{Key: "collectionFormat", Value: m.CollectionFormat})
 	}
 	if m.Default != nil {
-		info = append(info, yaml.MapItem{"default", m.Default.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "default", Value: m.Default.ToRawInfo()})
 	}
 	// &{Name:default Type:Any StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Maximum != 0.0 {
-		info = append(info, yaml.MapItem{"maximum", m.Maximum})
+		info = append(info, yaml.MapItem{Key: "maximum", Value: m.Maximum})
 	}
 	if m.ExclusiveMaximum != false {
-		info = append(info, yaml.MapItem{"exclusiveMaximum", m.ExclusiveMaximum})
+		info = append(info, yaml.MapItem{Key: "exclusiveMaximum", Value: m.ExclusiveMaximum})
 	}
 	if m.Minimum != 0.0 {
-		info = append(info, yaml.MapItem{"minimum", m.Minimum})
+		info = append(info, yaml.MapItem{Key: "minimum", Value: m.Minimum})
 	}
 	if m.ExclusiveMinimum != false {
-		info = append(info, yaml.MapItem{"exclusiveMinimum", m.ExclusiveMinimum})
+		info = append(info, yaml.MapItem{Key: "exclusiveMinimum", Value: m.ExclusiveMinimum})
 	}
 	if m.MaxLength != 0 {
-		info = append(info, yaml.MapItem{"maxLength", m.MaxLength})
+		info = append(info, yaml.MapItem{Key: "maxLength", Value: m.MaxLength})
 	}
 	if m.MinLength != 0 {
-		info = append(info, yaml.MapItem{"minLength", m.MinLength})
+		info = append(info, yaml.MapItem{Key: "minLength", Value: m.MinLength})
 	}
 	if m.Pattern != "" {
-		info = append(info, yaml.MapItem{"pattern", m.Pattern})
+		info = append(info, yaml.MapItem{Key: "pattern", Value: m.Pattern})
 	}
 	if m.MaxItems != 0 {
-		info = append(info, yaml.MapItem{"maxItems", m.MaxItems})
+		info = append(info, yaml.MapItem{Key: "maxItems", Value: m.MaxItems})
 	}
 	if m.MinItems != 0 {
-		info = append(info, yaml.MapItem{"minItems", m.MinItems})
+		info = append(info, yaml.MapItem{Key: "minItems", Value: m.MinItems})
 	}
 	if m.UniqueItems != false {
-		info = append(info, yaml.MapItem{"uniqueItems", m.UniqueItems})
+		info = append(info, yaml.MapItem{Key: "uniqueItems", Value: m.UniqueItems})
 	}
 	if len(m.Enum) != 0 {
 		items := make([]interface{}, 0)
 		for _, item := range m.Enum {
 			items = append(items, item.ToRawInfo())
 		}
-		info = append(info, yaml.MapItem{"enum", items})
+		info = append(info, yaml.MapItem{Key: "enum", Value: items})
 	}
 	// &{Name:enum Type:Any StringEnumValues:[] MapType: Repeated:true Pattern: Implicit:false Description:}
 	if m.MultipleOf != 0.0 {
-		info = append(info, yaml.MapItem{"multipleOf", m.MultipleOf})
+		info = append(info, yaml.MapItem{Key: "multipleOf", Value: m.MultipleOf})
 	}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -8186,13 +8186,13 @@ func (m *Paths) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
 	if m.Path != nil {
 		for _, item := range m.Path {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:Path Type:NamedPathItem StringEnumValues:[] MapType:PathItem Repeated:true Pattern:^/ Implicit:true Description:}
@@ -8203,66 +8203,66 @@ func (m *Paths) ToRawInfo() interface{} {
 func (m *PrimitivesItems) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Type != "" {
-		info = append(info, yaml.MapItem{"type", m.Type})
+		info = append(info, yaml.MapItem{Key: "type", Value: m.Type})
 	}
 	if m.Format != "" {
-		info = append(info, yaml.MapItem{"format", m.Format})
+		info = append(info, yaml.MapItem{Key: "format", Value: m.Format})
 	}
 	if m.Items != nil {
-		info = append(info, yaml.MapItem{"items", m.Items.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "items", Value: m.Items.ToRawInfo()})
 	}
 	// &{Name:items Type:PrimitivesItems StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.CollectionFormat != "" {
-		info = append(info, yaml.MapItem{"collectionFormat", m.CollectionFormat})
+		info = append(info, yaml.MapItem{Key: "collectionFormat", Value: m.CollectionFormat})
 	}
 	if m.Default != nil {
-		info = append(info, yaml.MapItem{"default", m.Default.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "default", Value: m.Default.ToRawInfo()})
 	}
 	// &{Name:default Type:Any StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Maximum != 0.0 {
-		info = append(info, yaml.MapItem{"maximum", m.Maximum})
+		info = append(info, yaml.MapItem{Key: "maximum", Value: m.Maximum})
 	}
 	if m.ExclusiveMaximum != false {
-		info = append(info, yaml.MapItem{"exclusiveMaximum", m.ExclusiveMaximum})
+		info = append(info, yaml.MapItem{Key: "exclusiveMaximum", Value: m.ExclusiveMaximum})
 	}
 	if m.Minimum != 0.0 {
-		info = append(info, yaml.MapItem{"minimum", m.Minimum})
+		info = append(info, yaml.MapItem{Key: "minimum", Value: m.Minimum})
 	}
 	if m.ExclusiveMinimum != false {
-		info = append(info, yaml.MapItem{"exclusiveMinimum", m.ExclusiveMinimum})
+		info = append(info, yaml.MapItem{Key: "exclusiveMinimum", Value: m.ExclusiveMinimum})
 	}
 	if m.MaxLength != 0 {
-		info = append(info, yaml.MapItem{"maxLength", m.MaxLength})
+		info = append(info, yaml.MapItem{Key: "maxLength", Value: m.MaxLength})
 	}
 	if m.MinLength != 0 {
-		info = append(info, yaml.MapItem{"minLength", m.MinLength})
+		info = append(info, yaml.MapItem{Key: "minLength", Value: m.MinLength})
 	}
 	if m.Pattern != "" {
-		info = append(info, yaml.MapItem{"pattern", m.Pattern})
+		info = append(info, yaml.MapItem{Key: "pattern", Value: m.Pattern})
 	}
 	if m.MaxItems != 0 {
-		info = append(info, yaml.MapItem{"maxItems", m.MaxItems})
+		info = append(info, yaml.MapItem{Key: "maxItems", Value: m.MaxItems})
 	}
 	if m.MinItems != 0 {
-		info = append(info, yaml.MapItem{"minItems", m.MinItems})
+		info = append(info, yaml.MapItem{Key: "minItems", Value: m.MinItems})
 	}
 	if m.UniqueItems != false {
-		info = append(info, yaml.MapItem{"uniqueItems", m.UniqueItems})
+		info = append(info, yaml.MapItem{Key: "uniqueItems", Value: m.UniqueItems})
 	}
 	if len(m.Enum) != 0 {
 		items := make([]interface{}, 0)
 		for _, item := range m.Enum {
 			items = append(items, item.ToRawInfo())
 		}
-		info = append(info, yaml.MapItem{"enum", items})
+		info = append(info, yaml.MapItem{Key: "enum", Value: items})
 	}
 	// &{Name:enum Type:Any StringEnumValues:[] MapType: Repeated:true Pattern: Implicit:false Description:}
 	if m.MultipleOf != 0.0 {
-		info = append(info, yaml.MapItem{"multipleOf", m.MultipleOf})
+		info = append(info, yaml.MapItem{Key: "multipleOf", Value: m.MultipleOf})
 	}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -8274,7 +8274,7 @@ func (m *Properties) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.AdditionalProperties != nil {
 		for _, item := range m.AdditionalProperties {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:additionalProperties Type:NamedSchema StringEnumValues:[] MapType:Schema Repeated:true Pattern: Implicit:true Description:}
@@ -8285,81 +8285,81 @@ func (m *Properties) ToRawInfo() interface{} {
 func (m *QueryParameterSubSchema) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Required != false {
-		info = append(info, yaml.MapItem{"required", m.Required})
+		info = append(info, yaml.MapItem{Key: "required", Value: m.Required})
 	}
 	if m.In != "" {
-		info = append(info, yaml.MapItem{"in", m.In})
+		info = append(info, yaml.MapItem{Key: "in", Value: m.In})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	if m.AllowEmptyValue != false {
-		info = append(info, yaml.MapItem{"allowEmptyValue", m.AllowEmptyValue})
+		info = append(info, yaml.MapItem{Key: "allowEmptyValue", Value: m.AllowEmptyValue})
 	}
 	if m.Type != "" {
-		info = append(info, yaml.MapItem{"type", m.Type})
+		info = append(info, yaml.MapItem{Key: "type", Value: m.Type})
 	}
 	if m.Format != "" {
-		info = append(info, yaml.MapItem{"format", m.Format})
+		info = append(info, yaml.MapItem{Key: "format", Value: m.Format})
 	}
 	if m.Items != nil {
-		info = append(info, yaml.MapItem{"items", m.Items.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "items", Value: m.Items.ToRawInfo()})
 	}
 	// &{Name:items Type:PrimitivesItems StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.CollectionFormat != "" {
-		info = append(info, yaml.MapItem{"collectionFormat", m.CollectionFormat})
+		info = append(info, yaml.MapItem{Key: "collectionFormat", Value: m.CollectionFormat})
 	}
 	if m.Default != nil {
-		info = append(info, yaml.MapItem{"default", m.Default.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "default", Value: m.Default.ToRawInfo()})
 	}
 	// &{Name:default Type:Any StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Maximum != 0.0 {
-		info = append(info, yaml.MapItem{"maximum", m.Maximum})
+		info = append(info, yaml.MapItem{Key: "maximum", Value: m.Maximum})
 	}
 	if m.ExclusiveMaximum != false {
-		info = append(info, yaml.MapItem{"exclusiveMaximum", m.ExclusiveMaximum})
+		info = append(info, yaml.MapItem{Key: "exclusiveMaximum", Value: m.ExclusiveMaximum})
 	}
 	if m.Minimum != 0.0 {
-		info = append(info, yaml.MapItem{"minimum", m.Minimum})
+		info = append(info, yaml.MapItem{Key: "minimum", Value: m.Minimum})
 	}
 	if m.ExclusiveMinimum != false {
-		info = append(info, yaml.MapItem{"exclusiveMinimum", m.ExclusiveMinimum})
+		info = append(info, yaml.MapItem{Key: "exclusiveMinimum", Value: m.ExclusiveMinimum})
 	}
 	if m.MaxLength != 0 {
-		info = append(info, yaml.MapItem{"maxLength", m.MaxLength})
+		info = append(info, yaml.MapItem{Key: "maxLength", Value: m.MaxLength})
 	}
 	if m.MinLength != 0 {
-		info = append(info, yaml.MapItem{"minLength", m.MinLength})
+		info = append(info, yaml.MapItem{Key: "minLength", Value: m.MinLength})
 	}
 	if m.Pattern != "" {
-		info = append(info, yaml.MapItem{"pattern", m.Pattern})
+		info = append(info, yaml.MapItem{Key: "pattern", Value: m.Pattern})
 	}
 	if m.MaxItems != 0 {
-		info = append(info, yaml.MapItem{"maxItems", m.MaxItems})
+		info = append(info, yaml.MapItem{Key: "maxItems", Value: m.MaxItems})
 	}
 	if m.MinItems != 0 {
-		info = append(info, yaml.MapItem{"minItems", m.MinItems})
+		info = append(info, yaml.MapItem{Key: "minItems", Value: m.MinItems})
 	}
 	if m.UniqueItems != false {
-		info = append(info, yaml.MapItem{"uniqueItems", m.UniqueItems})
+		info = append(info, yaml.MapItem{Key: "uniqueItems", Value: m.UniqueItems})
 	}
 	if len(m.Enum) != 0 {
 		items := make([]interface{}, 0)
 		for _, item := range m.Enum {
 			items = append(items, item.ToRawInfo())
 		}
-		info = append(info, yaml.MapItem{"enum", items})
+		info = append(info, yaml.MapItem{Key: "enum", Value: items})
 	}
 	// &{Name:enum Type:Any StringEnumValues:[] MapType: Repeated:true Pattern: Implicit:false Description:}
 	if m.MultipleOf != 0.0 {
-		info = append(info, yaml.MapItem{"multipleOf", m.MultipleOf})
+		info = append(info, yaml.MapItem{Key: "multipleOf", Value: m.MultipleOf})
 	}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -8370,23 +8370,23 @@ func (m *QueryParameterSubSchema) ToRawInfo() interface{} {
 func (m *Response) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.Schema != nil {
-		info = append(info, yaml.MapItem{"schema", m.Schema.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "schema", Value: m.Schema.ToRawInfo()})
 	}
 	// &{Name:schema Type:SchemaItem StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Headers != nil {
-		info = append(info, yaml.MapItem{"headers", m.Headers.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "headers", Value: m.Headers.ToRawInfo()})
 	}
 	// &{Name:headers Type:Headers StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Examples != nil {
-		info = append(info, yaml.MapItem{"examples", m.Examples.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "examples", Value: m.Examples.ToRawInfo()})
 	}
 	// &{Name:examples Type:Examples StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -8398,7 +8398,7 @@ func (m *ResponseDefinitions) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.AdditionalProperties != nil {
 		for _, item := range m.AdditionalProperties {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:additionalProperties Type:NamedResponse StringEnumValues:[] MapType:Response Repeated:true Pattern: Implicit:true Description:}
@@ -8427,13 +8427,13 @@ func (m *Responses) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.ResponseCode != nil {
 		for _, item := range m.ResponseCode {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:ResponseCode Type:NamedResponseValue StringEnumValues:[] MapType:ResponseValue Repeated:true Pattern:^([0-9]{3})$|^(default)$ Implicit:true Description:}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -8444,80 +8444,80 @@ func (m *Responses) ToRawInfo() interface{} {
 func (m *Schema) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.XRef != "" {
-		info = append(info, yaml.MapItem{"$ref", m.XRef})
+		info = append(info, yaml.MapItem{Key: "$ref", Value: m.XRef})
 	}
 	if m.Format != "" {
-		info = append(info, yaml.MapItem{"format", m.Format})
+		info = append(info, yaml.MapItem{Key: "format", Value: m.Format})
 	}
 	if m.Title != "" {
-		info = append(info, yaml.MapItem{"title", m.Title})
+		info = append(info, yaml.MapItem{Key: "title", Value: m.Title})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.Default != nil {
-		info = append(info, yaml.MapItem{"default", m.Default.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "default", Value: m.Default.ToRawInfo()})
 	}
 	// &{Name:default Type:Any StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.MultipleOf != 0.0 {
-		info = append(info, yaml.MapItem{"multipleOf", m.MultipleOf})
+		info = append(info, yaml.MapItem{Key: "multipleOf", Value: m.MultipleOf})
 	}
 	if m.Maximum != 0.0 {
-		info = append(info, yaml.MapItem{"maximum", m.Maximum})
+		info = append(info, yaml.MapItem{Key: "maximum", Value: m.Maximum})
 	}
 	if m.ExclusiveMaximum != false {
-		info = append(info, yaml.MapItem{"exclusiveMaximum", m.ExclusiveMaximum})
+		info = append(info, yaml.MapItem{Key: "exclusiveMaximum", Value: m.ExclusiveMaximum})
 	}
 	if m.Minimum != 0.0 {
-		info = append(info, yaml.MapItem{"minimum", m.Minimum})
+		info = append(info, yaml.MapItem{Key: "minimum", Value: m.Minimum})
 	}
 	if m.ExclusiveMinimum != false {
-		info = append(info, yaml.MapItem{"exclusiveMinimum", m.ExclusiveMinimum})
+		info = append(info, yaml.MapItem{Key: "exclusiveMinimum", Value: m.ExclusiveMinimum})
 	}
 	if m.MaxLength != 0 {
-		info = append(info, yaml.MapItem{"maxLength", m.MaxLength})
+		info = append(info, yaml.MapItem{Key: "maxLength", Value: m.MaxLength})
 	}
 	if m.MinLength != 0 {
-		info = append(info, yaml.MapItem{"minLength", m.MinLength})
+		info = append(info, yaml.MapItem{Key: "minLength", Value: m.MinLength})
 	}
 	if m.Pattern != "" {
-		info = append(info, yaml.MapItem{"pattern", m.Pattern})
+		info = append(info, yaml.MapItem{Key: "pattern", Value: m.Pattern})
 	}
 	if m.MaxItems != 0 {
-		info = append(info, yaml.MapItem{"maxItems", m.MaxItems})
+		info = append(info, yaml.MapItem{Key: "maxItems", Value: m.MaxItems})
 	}
 	if m.MinItems != 0 {
-		info = append(info, yaml.MapItem{"minItems", m.MinItems})
+		info = append(info, yaml.MapItem{Key: "minItems", Value: m.MinItems})
 	}
 	if m.UniqueItems != false {
-		info = append(info, yaml.MapItem{"uniqueItems", m.UniqueItems})
+		info = append(info, yaml.MapItem{Key: "uniqueItems", Value: m.UniqueItems})
 	}
 	if m.MaxProperties != 0 {
-		info = append(info, yaml.MapItem{"maxProperties", m.MaxProperties})
+		info = append(info, yaml.MapItem{Key: "maxProperties", Value: m.MaxProperties})
 	}
 	if m.MinProperties != 0 {
-		info = append(info, yaml.MapItem{"minProperties", m.MinProperties})
+		info = append(info, yaml.MapItem{Key: "minProperties", Value: m.MinProperties})
 	}
 	if len(m.Required) != 0 {
-		info = append(info, yaml.MapItem{"required", m.Required})
+		info = append(info, yaml.MapItem{Key: "required", Value: m.Required})
 	}
 	if len(m.Enum) != 0 {
 		items := make([]interface{}, 0)
 		for _, item := range m.Enum {
 			items = append(items, item.ToRawInfo())
 		}
-		info = append(info, yaml.MapItem{"enum", items})
+		info = append(info, yaml.MapItem{Key: "enum", Value: items})
 	}
 	// &{Name:enum Type:Any StringEnumValues:[] MapType: Repeated:true Pattern: Implicit:false Description:}
 	if m.AdditionalProperties != nil {
-		info = append(info, yaml.MapItem{"additionalProperties", m.AdditionalProperties.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "additionalProperties", Value: m.AdditionalProperties.ToRawInfo()})
 	}
 	// &{Name:additionalProperties Type:AdditionalPropertiesItem StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Type != nil {
 		if len(m.Type.Value) == 1 {
-			info = append(info, yaml.MapItem{"type", m.Type.Value[0]})
+			info = append(info, yaml.MapItem{Key: "type", Value: m.Type.Value[0]})
 		} else {
-			info = append(info, yaml.MapItem{"type", m.Type.Value})
+			info = append(info, yaml.MapItem{Key: "type", Value: m.Type.Value})
 		}
 	}
 	// &{Name:type Type:TypeItem StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
@@ -8526,7 +8526,7 @@ func (m *Schema) ToRawInfo() interface{} {
 		for _, item := range m.Items.Schema {
 			items = append(items, item.ToRawInfo())
 		}
-		info = append(info, yaml.MapItem{"items", items[0]})
+		info = append(info, yaml.MapItem{Key: "items", Value: items[0]})
 	}
 	// &{Name:items Type:ItemsItem StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if len(m.AllOf) != 0 {
@@ -8534,34 +8534,34 @@ func (m *Schema) ToRawInfo() interface{} {
 		for _, item := range m.AllOf {
 			items = append(items, item.ToRawInfo())
 		}
-		info = append(info, yaml.MapItem{"allOf", items})
+		info = append(info, yaml.MapItem{Key: "allOf", Value: items})
 	}
 	// &{Name:allOf Type:Schema StringEnumValues:[] MapType: Repeated:true Pattern: Implicit:false Description:}
 	if m.Properties != nil {
-		info = append(info, yaml.MapItem{"properties", m.Properties.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "properties", Value: m.Properties.ToRawInfo()})
 	}
 	// &{Name:properties Type:Properties StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Discriminator != "" {
-		info = append(info, yaml.MapItem{"discriminator", m.Discriminator})
+		info = append(info, yaml.MapItem{Key: "discriminator", Value: m.Discriminator})
 	}
 	if m.ReadOnly != false {
-		info = append(info, yaml.MapItem{"readOnly", m.ReadOnly})
+		info = append(info, yaml.MapItem{Key: "readOnly", Value: m.ReadOnly})
 	}
 	if m.Xml != nil {
-		info = append(info, yaml.MapItem{"xml", m.Xml.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "xml", Value: m.Xml.ToRawInfo()})
 	}
 	// &{Name:xml Type:Xml StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.ExternalDocs != nil {
-		info = append(info, yaml.MapItem{"externalDocs", m.ExternalDocs.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "externalDocs", Value: m.ExternalDocs.ToRawInfo()})
 	}
 	// &{Name:externalDocs Type:ExternalDocs StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.Example != nil {
-		info = append(info, yaml.MapItem{"example", m.Example.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "example", Value: m.Example.ToRawInfo()})
 	}
 	// &{Name:example Type:Any StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -8590,7 +8590,7 @@ func (m *SecurityDefinitions) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.AdditionalProperties != nil {
 		for _, item := range m.AdditionalProperties {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:additionalProperties Type:NamedSecurityDefinitionsItem StringEnumValues:[] MapType:SecurityDefinitionsItem Repeated:true Pattern: Implicit:true Description:}
@@ -8639,7 +8639,7 @@ func (m *SecurityRequirement) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.AdditionalProperties != nil {
 		for _, item := range m.AdditionalProperties {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:additionalProperties Type:NamedStringArray StringEnumValues:[] MapType:StringArray Repeated:true Pattern: Implicit:true Description:}
@@ -8655,18 +8655,18 @@ func (m *StringArray) ToRawInfo() interface{} {
 func (m *Tag) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	if m.Description != "" {
-		info = append(info, yaml.MapItem{"description", m.Description})
+		info = append(info, yaml.MapItem{Key: "description", Value: m.Description})
 	}
 	if m.ExternalDocs != nil {
-		info = append(info, yaml.MapItem{"externalDocs", m.ExternalDocs.ToRawInfo()})
+		info = append(info, yaml.MapItem{Key: "externalDocs", Value: m.ExternalDocs.ToRawInfo()})
 	}
 	// &{Name:externalDocs Type:ExternalDocs StringEnumValues:[] MapType: Repeated:false Pattern: Implicit:false Description:}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
@@ -8677,7 +8677,7 @@ func (m *Tag) ToRawInfo() interface{} {
 func (m *TypeItem) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if len(m.Value) != 0 {
-		info = append(info, yaml.MapItem{"value", m.Value})
+		info = append(info, yaml.MapItem{Key: "value", Value: m.Value})
 	}
 	return info
 }
@@ -8687,7 +8687,7 @@ func (m *VendorExtension) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.AdditionalProperties != nil {
 		for _, item := range m.AdditionalProperties {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:additionalProperties Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern: Implicit:true Description:}
@@ -8698,23 +8698,23 @@ func (m *VendorExtension) ToRawInfo() interface{} {
 func (m *Xml) ToRawInfo() interface{} {
 	info := yaml.MapSlice{}
 	if m.Name != "" {
-		info = append(info, yaml.MapItem{"name", m.Name})
+		info = append(info, yaml.MapItem{Key: "name", Value: m.Name})
 	}
 	if m.Namespace != "" {
-		info = append(info, yaml.MapItem{"namespace", m.Namespace})
+		info = append(info, yaml.MapItem{Key: "namespace", Value: m.Namespace})
 	}
 	if m.Prefix != "" {
-		info = append(info, yaml.MapItem{"prefix", m.Prefix})
+		info = append(info, yaml.MapItem{Key: "prefix", Value: m.Prefix})
 	}
 	if m.Attribute != false {
-		info = append(info, yaml.MapItem{"attribute", m.Attribute})
+		info = append(info, yaml.MapItem{Key: "attribute", Value: m.Attribute})
 	}
 	if m.Wrapped != false {
-		info = append(info, yaml.MapItem{"wrapped", m.Wrapped})
+		info = append(info, yaml.MapItem{Key: "wrapped", Value: m.Wrapped})
 	}
 	if m.VendorExtension != nil {
 		for _, item := range m.VendorExtension {
-			info = append(info, yaml.MapItem{item.Name, item.Value.ToRawInfo()})
+			info = append(info, yaml.MapItem{Key: item.Name, Value: item.Value.ToRawInfo()})
 		}
 	}
 	// &{Name:VendorExtension Type:NamedAny StringEnumValues:[] MapType:Any Repeated:true Pattern:^x- Implicit:true Description:}
diff --git a/vendor/github.com/googleapis/gnostic/OpenAPIv2/OpenAPIv2.pb.go b/vendor/github.com/googleapis/gnostic/OpenAPIv2/OpenAPIv2.pb.go
index 37da7df2..a030fa67 100644
--- a/vendor/github.com/googleapis/gnostic/OpenAPIv2/OpenAPIv2.pb.go
+++ b/vendor/github.com/googleapis/gnostic/OpenAPIv2/OpenAPIv2.pb.go
@@ -1,6 +1,5 @@
-// Code generated by protoc-gen-go.
+// Code generated by protoc-gen-go. DO NOT EDIT.
 // source: OpenAPIv2/OpenAPIv2.proto
-// DO NOT EDIT!
 
 /*
 Package openapi_v2 is a generated protocol buffer package.
@@ -4257,7 +4256,7 @@ func init() { proto.RegisterFile("OpenAPIv2/OpenAPIv2.proto", fileDescriptor0) }
 
 var fileDescriptor0 = []byte{
 	// 3129 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x09, 0x6e, 0x88, 0x02, 0xff, 0xec, 0x3b, 0x4b, 0x73, 0x1c, 0x57,
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x3b, 0x4b, 0x73, 0x1c, 0x57,
 	0xd5, 0xf3, 0x7e, 0x1c, 0x69, 0x46, 0xa3, 0x96, 0x2c, 0xb7, 0x24, 0xc7, 0x71, 0xe4, 0x3c, 0x6c,
 	0xe7, 0xb3, 0x9c, 0x4f, 0x29, 0x48, 0x05, 0x2a, 0x05, 0xf2, 0xab, 0xc6, 0xc4, 0x44, 0x4a, 0xcb,
 	0x0e, 0x09, 0x04, 0xba, 0xae, 0x66, 0xee, 0x48, 0x9d, 0x74, 0xf7, 0x6d, 0x77, 0xf7, 0xc8, 0x1a,
diff --git a/vendor/github.com/googleapis/gnostic/compiler/reader.go b/vendor/github.com/googleapis/gnostic/compiler/reader.go
index 2d4b3303..c954a2d9 100644
--- a/vendor/github.com/googleapis/gnostic/compiler/reader.go
+++ b/vendor/github.com/googleapis/gnostic/compiler/reader.go
@@ -110,7 +110,9 @@ func ReadInfoFromBytes(filename string, bytes []byte) (interface{}, error) {
 	if err != nil {
 		return nil, err
 	}
-	infoCache[filename] = info
+	if len(filename) > 0 {
+		infoCache[filename] = info
+	}
 	return info, nil
 }
 
diff --git a/vendor/github.com/googleapis/gnostic/extensions/extension.pb.go b/vendor/github.com/googleapis/gnostic/extensions/extension.pb.go
index 7c6b9149..749ff784 100644
--- a/vendor/github.com/googleapis/gnostic/extensions/extension.pb.go
+++ b/vendor/github.com/googleapis/gnostic/extensions/extension.pb.go
@@ -1,6 +1,5 @@
-// Code generated by protoc-gen-go.
+// Code generated by protoc-gen-go. DO NOT EDIT.
 // source: extension.proto
-// DO NOT EDIT!
 
 /*
 Package openapiextension_v1 is a generated protocol buffer package.
@@ -78,7 +77,7 @@ func (m *Version) GetSuffix() string {
 // An encoded Request is written to the ExtensionHandler's stdin.
 type ExtensionHandlerRequest struct {
 	// The OpenAPI descriptions that were explicitly listed on the command line.
-	// The specifications will appear in the order they are specified to openapic.
+	// The specifications will appear in the order they are specified to gnostic.
 	Wrapper *Wrapper `protobuf:"bytes,1,opt,name=wrapper" json:"wrapper,omitempty"`
 	// The version number of openapi compiler.
 	CompilerVersion *Version `protobuf:"bytes,3,opt,name=compiler_version,json=compilerVersion" json:"compiler_version,omitempty"`
@@ -192,28 +191,28 @@ func init() {
 func init() { proto.RegisterFile("extension.proto", fileDescriptor0) }
 
 var fileDescriptor0 = []byte{
-	// 355 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x91, 0x4d, 0x4b, 0xf3, 0x40,
-	0x1c, 0xc4, 0x49, 0xdf, 0xf2, 0x64, 0x1f, 0xb4, 0xb2, 0x16, 0x8d, 0xe2, 0xa1, 0x04, 0x84, 0x22,
-	0xb8, 0xa5, 0x0a, 0xde, 0x5b, 0x28, 0xea, 0xc5, 0x96, 0x3d, 0xd4, 0x9b, 0x65, 0x9b, 0xfe, 0xdb,
-	0x46, 0x92, 0xdd, 0x75, 0xf3, 0x62, 0xfb, 0x55, 0x3c, 0xfa, 0x49, 0x25, 0xbb, 0xd9, 0x7a, 0x50,
-	0x6f, 0x99, 0x1f, 0x93, 0xfc, 0x67, 0x26, 0xa8, 0x0d, 0xdb, 0x0c, 0x78, 0x1a, 0x09, 0x4e, 0xa4,
-	0x12, 0x99, 0xc0, 0xc7, 0x42, 0x02, 0x67, 0x32, 0xfa, 0xe6, 0xc5, 0xe0, 0xfc, 0x6c, 0x2d, 0xc4,
-	0x3a, 0x86, 0xbe, 0xb6, 0x2c, 0xf2, 0x55, 0x9f, 0xf1, 0x9d, 0xf1, 0x07, 0x21, 0x72, 0x67, 0xa0,
-	0x4a, 0x23, 0xee, 0xa0, 0x66, 0xc2, 0x5e, 0x85, 0xf2, 0x9d, 0xae, 0xd3, 0x6b, 0x52, 0x23, 0x34,
-	0x8d, 0xb8, 0x50, 0x7e, 0xad, 0xa2, 0xa5, 0x28, 0xa9, 0x64, 0x59, 0xb8, 0xf1, 0xeb, 0x86, 0x6a,
-	0x81, 0x4f, 0x50, 0x2b, 0xcd, 0x57, 0xab, 0x68, 0xeb, 0x37, 0xba, 0x4e, 0xcf, 0xa3, 0x95, 0x0a,
-	0x3e, 0x1c, 0x74, 0x3a, 0xb6, 0x81, 0x1e, 0x18, 0x5f, 0xc6, 0xa0, 0x28, 0xbc, 0xe5, 0x90, 0x66,
-	0xf8, 0x0e, 0xb9, 0xef, 0x8a, 0x49, 0x09, 0xe6, 0xee, 0xff, 0x9b, 0x0b, 0xf2, 0x4b, 0x05, 0xf2,
-	0x6c, 0x3c, 0xd4, 0x9a, 0xf1, 0x3d, 0x3a, 0x0a, 0x45, 0x22, 0xa3, 0x18, 0xd4, 0xbc, 0x30, 0x0d,
-	0x74, 0x98, 0xbf, 0x3e, 0x50, 0xb5, 0xa4, 0x6d, 0xfb, 0x56, 0x05, 0x82, 0x02, 0xf9, 0x3f, 0xb3,
-	0xa5, 0x52, 0xf0, 0x14, 0xb0, 0x8f, 0xdc, 0x8d, 0x46, 0x4b, 0x1d, 0xee, 0x1f, 0xb5, 0xb2, 0x1c,
-	0x00, 0x94, 0xd2, 0xb3, 0xd4, 0x7b, 0x1e, 0x35, 0x02, 0x5f, 0xa1, 0x66, 0xc1, 0xe2, 0x1c, 0xaa,
-	0x24, 0x1d, 0x62, 0x86, 0x27, 0x76, 0x78, 0x32, 0xe4, 0x3b, 0x6a, 0x2c, 0xc1, 0x0b, 0x72, 0xab,
-	0x52, 0xe5, 0x19, 0x5b, 0xc1, 0xd1, 0xc3, 0x59, 0x89, 0x2f, 0xd1, 0xe1, 0xbe, 0xc5, 0x9c, 0xb3,
-	0x04, 0xf4, 0x6f, 0xf0, 0xe8, 0xc1, 0x9e, 0x3e, 0xb1, 0x04, 0x30, 0x46, 0x8d, 0x1d, 0x4b, 0x62,
-	0x7d, 0xd6, 0xa3, 0xfa, 0x79, 0x74, 0x8d, 0xda, 0x42, 0xad, 0xed, 0x16, 0x21, 0x29, 0x06, 0x23,
-	0x3c, 0x91, 0xc0, 0x87, 0xd3, 0xc7, 0x7d, 0xdf, 0xd9, 0x60, 0xea, 0x7c, 0xd6, 0xea, 0x93, 0xe1,
-	0x78, 0xd1, 0xd2, 0x19, 0x6f, 0xbf, 0x02, 0x00, 0x00, 0xff, 0xff, 0xfc, 0x56, 0x40, 0x4d, 0x52,
-	0x02, 0x00, 0x00,
+	// 357 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x91, 0x4d, 0x4b, 0xc3, 0x40,
+	0x18, 0x84, 0x49, 0xbf, 0x62, 0x56, 0x6c, 0x65, 0x2d, 0x1a, 0xc5, 0x43, 0x09, 0x08, 0x45, 0x64,
+	0x4b, 0x15, 0xbc, 0xb7, 0x50, 0xd4, 0x8b, 0x2d, 0x7b, 0xa8, 0x37, 0xcb, 0x36, 0x7d, 0x9b, 0x46,
+	0x92, 0xdd, 0x75, 0xf3, 0x61, 0xfb, 0x57, 0x3c, 0xfa, 0x4b, 0x25, 0xbb, 0x49, 0x3d, 0xa8, 0xb7,
+	0xcc, 0xc3, 0x24, 0xef, 0xcc, 0x04, 0x75, 0x60, 0x9b, 0x02, 0x4f, 0x42, 0xc1, 0x89, 0x54, 0x22,
+	0x15, 0xf8, 0x44, 0x48, 0xe0, 0x4c, 0x86, 0x3f, 0x3c, 0x1f, 0x5e, 0x9c, 0x07, 0x42, 0x04, 0x11,
+	0x0c, 0xb4, 0x65, 0x99, 0xad, 0x07, 0x8c, 0xef, 0x8c, 0xdf, 0xf3, 0x91, 0x3d, 0x07, 0x55, 0x18,
+	0x71, 0x17, 0x35, 0x63, 0xf6, 0x26, 0x94, 0x6b, 0xf5, 0xac, 0x7e, 0x93, 0x1a, 0xa1, 0x69, 0xc8,
+	0x85, 0x72, 0x6b, 0x25, 0x2d, 0x44, 0x41, 0x25, 0x4b, 0xfd, 0x8d, 0x5b, 0x37, 0x54, 0x0b, 0x7c,
+	0x8a, 0x5a, 0x49, 0xb6, 0x5e, 0x87, 0x5b, 0xb7, 0xd1, 0xb3, 0xfa, 0x0e, 0x2d, 0x95, 0xf7, 0x69,
+	0xa1, 0xb3, 0x49, 0x15, 0xe8, 0x91, 0xf1, 0x55, 0x04, 0x8a, 0xc2, 0x7b, 0x06, 0x49, 0x8a, 0xef,
+	0x91, 0xfd, 0xa1, 0x98, 0x94, 0x60, 0xee, 0x1e, 0xde, 0x5e, 0x92, 0x3f, 0x2a, 0x90, 0x17, 0xe3,
+	0xa1, 0x95, 0x19, 0x3f, 0xa0, 0x63, 0x5f, 0xc4, 0x32, 0x8c, 0x40, 0x2d, 0x72, 0xd3, 0x40, 0x87,
+	0xf9, 0xef, 0x03, 0x65, 0x4b, 0xda, 0xa9, 0xde, 0x2a, 0x81, 0x97, 0x23, 0xf7, 0x77, 0xb6, 0x44,
+	0x0a, 0x9e, 0x00, 0x76, 0x91, 0xbd, 0xd1, 0x68, 0xa5, 0xc3, 0x1d, 0xd0, 0x4a, 0x16, 0x03, 0x80,
+	0x52, 0x7a, 0x96, 0x7a, 0xdf, 0xa1, 0x46, 0xe0, 0x6b, 0xd4, 0xcc, 0x59, 0x94, 0x41, 0x99, 0xa4,
+	0x4b, 0xcc, 0xf0, 0xa4, 0x1a, 0x9e, 0x8c, 0xf8, 0x8e, 0x1a, 0x8b, 0xf7, 0x8a, 0xec, 0xb2, 0x54,
+	0x71, 0xa6, 0xaa, 0x60, 0xe9, 0xe1, 0x2a, 0x89, 0xaf, 0x50, 0x7b, 0xdf, 0x62, 0xc1, 0x59, 0x0c,
+	0xfa, 0x37, 0x38, 0xf4, 0x68, 0x4f, 0x9f, 0x59, 0x0c, 0x18, 0xa3, 0xc6, 0x8e, 0xc5, 0x91, 0x3e,
+	0xeb, 0x50, 0xfd, 0x3c, 0xbe, 0x41, 0x6d, 0xa1, 0x02, 0x12, 0x70, 0x91, 0xa4, 0xa1, 0x4f, 0xf2,
+	0xe1, 0x18, 0x4f, 0x25, 0xf0, 0xd1, 0xec, 0x69, 0x5f, 0x77, 0x3e, 0x9c, 0x59, 0x5f, 0xb5, 0xfa,
+	0x74, 0x34, 0x59, 0xb6, 0x74, 0xc4, 0xbb, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0x84, 0x5c, 0x6b,
+	0x80, 0x51, 0x02, 0x00, 0x00,
 }
diff --git a/vendor/github.com/googleapis/gnostic/extensions/extension.proto b/vendor/github.com/googleapis/gnostic/extensions/extension.proto
index 806760a1..04856f91 100644
--- a/vendor/github.com/googleapis/gnostic/extensions/extension.proto
+++ b/vendor/github.com/googleapis/gnostic/extensions/extension.proto
@@ -29,7 +29,7 @@ option java_multiple_files = true;
 option java_outer_classname = "OpenAPIExtensionV1";
 
 // The Java package name must be proto package name with proper prefix.
-option java_package = "org.openapic.v1";
+option java_package = "org.gnostic.v1";
 
 // A reasonable prefix for the Objective-C symbols generated from the package.
 // It should at a minimum be 3 characters long, all uppercase, and convention
@@ -53,7 +53,7 @@ message Version {
 message ExtensionHandlerRequest {
 
   // The OpenAPI descriptions that were explicitly listed on the command line.
-  // The specifications will appear in the order they are specified to openapic.
+  // The specifications will appear in the order they are specified to gnostic.
   Wrapper wrapper = 1;
 
   // The version number of openapi compiler.
diff --git a/vendor/go.opencensus.io/go.sum b/vendor/go.opencensus.io/go.sum
index ed2a1d84..01c02972 100644
--- a/vendor/go.opencensus.io/go.sum
+++ b/vendor/go.opencensus.io/go.sum
@@ -67,6 +67,7 @@ google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZi
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1 h1:Hz2g2wirWK7H0qIIhGIqRGTuMwTE8HEKFnDZZ7lm9NU=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/vendor/golang.org/x/lint/go.mod b/vendor/golang.org/x/lint/go.mod
index 44179f3a..b32309c4 100644
--- a/vendor/golang.org/x/lint/go.mod
+++ b/vendor/golang.org/x/lint/go.mod
@@ -2,4 +2,4 @@ module golang.org/x/lint
 
 go 1.11
 
-require golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f
+require golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7
diff --git a/vendor/golang.org/x/lint/go.sum b/vendor/golang.org/x/lint/go.sum
index 539c98a9..2ad45cae 100644
--- a/vendor/golang.org/x/lint/go.sum
+++ b/vendor/golang.org/x/lint/go.sum
@@ -1,8 +1,12 @@
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f h1:kDxGY2VmgABOe55qheT/TFqUMtcTHnomIPS1iv3G4Ms=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7 h1:EBZoQjiKKPaLbPrbpssUfuHtwM6KV/vb4U85g/cigFY=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/vendor/golang.org/x/lint/lint.go b/vendor/golang.org/x/lint/lint.go
index 532a75ad..7d813e06 100644
--- a/vendor/golang.org/x/lint/lint.go
+++ b/vendor/golang.org/x/lint/lint.go
@@ -839,6 +839,7 @@ var commonMethods = map[string]bool{
 	"ServeHTTP": true,
 	"String":    true,
 	"Write":     true,
+	"Unwrap":    true,
 }
 
 // lintFuncDoc examines doc comments on functions and methods.
diff --git a/vendor/golang.org/x/mod/LICENSE b/vendor/golang.org/x/mod/LICENSE
new file mode 100644
index 00000000..6a66aea5
--- /dev/null
+++ b/vendor/golang.org/x/mod/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2009 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/golang.org/x/mod/PATENTS b/vendor/golang.org/x/mod/PATENTS
new file mode 100644
index 00000000..73309904
--- /dev/null
+++ b/vendor/golang.org/x/mod/PATENTS
@@ -0,0 +1,22 @@
+Additional IP Rights Grant (Patents)
+
+"This implementation" means the copyrightable works distributed by
+Google as part of the Go project.
+
+Google hereby grants to You a perpetual, worldwide, non-exclusive,
+no-charge, royalty-free, irrevocable (except as stated in this section)
+patent license to make, have made, use, offer to sell, sell, import,
+transfer and otherwise run, modify and propagate the contents of this
+implementation of Go, where such license applies only to those patent
+claims, both currently owned or controlled by Google and acquired in
+the future, licensable by Google that are necessarily infringed by this
+implementation of Go.  This grant does not include claims that would be
+infringed only as a consequence of further modification of this
+implementation.  If you or your agent or exclusive licensee institute or
+order or agree to the institution of patent litigation against any
+entity (including a cross-claim or counterclaim in a lawsuit) alleging
+that this implementation of Go or any code incorporated within this
+implementation of Go constitutes direct or contributory patent
+infringement, or inducement of patent infringement, then any patent
+rights granted to you under this License for this implementation of Go
+shall terminate as of the date such litigation is filed.
diff --git a/vendor/golang.org/x/tools/internal/semver/semver.go b/vendor/golang.org/x/mod/semver/semver.go
similarity index 99%
rename from vendor/golang.org/x/tools/internal/semver/semver.go
rename to vendor/golang.org/x/mod/semver/semver.go
index 4af7118e..2988e3cf 100644
--- a/vendor/golang.org/x/tools/internal/semver/semver.go
+++ b/vendor/golang.org/x/mod/semver/semver.go
@@ -107,7 +107,7 @@ func Build(v string) string {
 }
 
 // Compare returns an integer comparing two versions according to
-// according to semantic version precedence.
+// semantic version precedence.
 // The result will be 0 if v == w, -1 if v < w, or +1 if v > w.
 //
 // An invalid semantic version string is considered less than a valid one.
@@ -263,7 +263,7 @@ func parseBuild(v string) (t, rest string, ok bool) {
 	i := 1
 	start := 1
 	for i < len(v) {
-		if !isIdentChar(v[i]) {
+		if !isIdentChar(v[i]) && v[i] != '.' {
 			return
 		}
 		if v[i] == '.' {
diff --git a/vendor/golang.org/x/oauth2/README.md b/vendor/golang.org/x/oauth2/README.md
index 0f443e69..8cfd6063 100644
--- a/vendor/golang.org/x/oauth2/README.md
+++ b/vendor/golang.org/x/oauth2/README.md
@@ -16,15 +16,16 @@ Or you can manually git clone the repository to
 
 See godoc for further documentation and examples.
 
-* [godoc.org/golang.org/x/oauth2](http://godoc.org/golang.org/x/oauth2)
-* [godoc.org/golang.org/x/oauth2/google](http://godoc.org/golang.org/x/oauth2/google)
+* [godoc.org/golang.org/x/oauth2](https://godoc.org/golang.org/x/oauth2)
+* [godoc.org/golang.org/x/oauth2/google](https://godoc.org/golang.org/x/oauth2/google)
 
 ## Policy for new packages
 
-We no longer accept new provider-specific packages in this repo. For
-defining provider endpoints and provider-specific OAuth2 behavior, we
-encourage you to create packages elsewhere. We'll keep the existing
-packages for compatibility.
+We no longer accept new provider-specific packages in this repo if all
+they do is add a single endpoint variable. If you just want to add a
+single endpoint, add it to the
+[godoc.org/golang.org/x/oauth2/endpoints](https://godoc.org/golang.org/x/oauth2/endpoints)
+package.
 
 ## Report Issues / Send Patches
 
diff --git a/vendor/golang.org/x/oauth2/transport.go b/vendor/golang.org/x/oauth2/transport.go
index aa0d34f1..90657915 100644
--- a/vendor/golang.org/x/oauth2/transport.go
+++ b/vendor/golang.org/x/oauth2/transport.go
@@ -6,7 +6,7 @@ package oauth2
 
 import (
 	"errors"
-	"io"
+	"log"
 	"net/http"
 	"sync"
 )
@@ -25,9 +25,6 @@ type Transport struct {
 	// Base is the base RoundTripper used to make HTTP requests.
 	// If nil, http.DefaultTransport is used.
 	Base http.RoundTripper
-
-	mu     sync.Mutex                      // guards modReq
-	modReq map[*http.Request]*http.Request // original -> modified
 }
 
 // RoundTrip authorizes and authenticates the request with an
@@ -52,35 +49,22 @@ func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error) {
 
 	req2 := cloneRequest(req) // per RoundTripper contract
 	token.SetAuthHeader(req2)
-	t.setModReq(req, req2)
-	res, err := t.base().RoundTrip(req2)
 
-	// req.Body is assumed to have been closed by the base RoundTripper.
+	// req.Body is assumed to be closed by the base RoundTripper.
 	reqBodyClosed = true
-
-	if err != nil {
-		t.setModReq(req, nil)
-		return nil, err
-	}
-	res.Body = &onEOFReader{
-		rc: res.Body,
-		fn: func() { t.setModReq(req, nil) },
-	}
-	return res, nil
+	return t.base().RoundTrip(req2)
 }
 
-// CancelRequest cancels an in-flight request by closing its connection.
+var cancelOnce sync.Once
+
+// CancelRequest does nothing. It used to be a legacy cancellation mechanism
+// but now only it only logs on first use to warn that it's deprecated.
+//
+// Deprecated: use contexts for cancellation instead.
 func (t *Transport) CancelRequest(req *http.Request) {
-	type canceler interface {
-		CancelRequest(*http.Request)
-	}
-	if cr, ok := t.base().(canceler); ok {
-		t.mu.Lock()
-		modReq := t.modReq[req]
-		delete(t.modReq, req)
-		t.mu.Unlock()
-		cr.CancelRequest(modReq)
-	}
+	cancelOnce.Do(func() {
+		log.Printf("deprecated: golang.org/x/oauth2: Transport.CancelRequest no longer does anything; use contexts")
+	})
 }
 
 func (t *Transport) base() http.RoundTripper {
@@ -90,19 +74,6 @@ func (t *Transport) base() http.RoundTripper {
 	return http.DefaultTransport
 }
 
-func (t *Transport) setModReq(orig, mod *http.Request) {
-	t.mu.Lock()
-	defer t.mu.Unlock()
-	if t.modReq == nil {
-		t.modReq = make(map[*http.Request]*http.Request)
-	}
-	if mod == nil {
-		delete(t.modReq, orig)
-	} else {
-		t.modReq[orig] = mod
-	}
-}
-
 // cloneRequest returns a clone of the provided *http.Request.
 // The clone is a shallow copy of the struct and its Header map.
 func cloneRequest(r *http.Request) *http.Request {
@@ -116,29 +87,3 @@ func cloneRequest(r *http.Request) *http.Request {
 	}
 	return r2
 }
-
-type onEOFReader struct {
-	rc io.ReadCloser
-	fn func()
-}
-
-func (r *onEOFReader) Read(p []byte) (n int, err error) {
-	n, err = r.rc.Read(p)
-	if err == io.EOF {
-		r.runFunc()
-	}
-	return
-}
-
-func (r *onEOFReader) Close() error {
-	err := r.rc.Close()
-	r.runFunc()
-	return err
-}
-
-func (r *onEOFReader) runFunc() {
-	if fn := r.fn; fn != nil {
-		fn()
-		r.fn = nil
-	}
-}
diff --git a/vendor/golang.org/x/time/rate/rate.go b/vendor/golang.org/x/time/rate/rate.go
index 563f7042..a114b1aa 100644
--- a/vendor/golang.org/x/time/rate/rate.go
+++ b/vendor/golang.org/x/time/rate/rate.go
@@ -196,7 +196,7 @@ func (lim *Limiter) Reserve() *Reservation {
 
 // ReserveN returns a Reservation that indicates how long the caller must wait before n events happen.
 // The Limiter takes this Reservation into account when allowing future events.
-// ReserveN returns false if n exceeds the Limiter's burst size.
+// The returned Reservation’s OK() method returns false if n exceeds the Limiter's burst size.
 // Usage example:
 //   r := lim.ReserveN(time.Now(), 1)
 //   if !r.OK() {
diff --git a/vendor/golang.org/x/tools/go/analysis/analysis.go b/vendor/golang.org/x/tools/go/analysis/analysis.go
index ea605f4f..8c997735 100644
--- a/vendor/golang.org/x/tools/go/analysis/analysis.go
+++ b/vendor/golang.org/x/tools/go/analysis/analysis.go
@@ -7,6 +7,8 @@ import (
 	"go/token"
 	"go/types"
 	"reflect"
+
+	"golang.org/x/tools/internal/analysisinternal"
 )
 
 // An Analyzer describes an analysis function and its options.
@@ -69,6 +71,17 @@ type Analyzer struct {
 
 func (a *Analyzer) String() string { return a.Name }
 
+func init() {
+	// Set the analysisinternal functions to be able to pass type errors
+	// to the Pass type without modifying the go/analysis API.
+	analysisinternal.SetTypeErrors = func(p interface{}, errors []types.Error) {
+		p.(*Pass).typeErrors = errors
+	}
+	analysisinternal.GetTypeErrors = func(p interface{}) []types.Error {
+		return p.(*Pass).typeErrors
+	}
+}
+
 // A Pass provides information to the Run function that
 // applies a specific analyzer to a single Go package.
 //
@@ -138,6 +151,9 @@ type Pass struct {
 	// WARNING: This is an experimental API and may change in the future.
 	AllObjectFacts func() []ObjectFact
 
+	// typeErrors contains types.Errors that are associated with the pkg.
+	typeErrors []types.Error
+
 	/* Further fields may be added in future. */
 	// For example, suggested or applied refactorings.
 }
diff --git a/vendor/golang.org/x/tools/go/analysis/doc.go b/vendor/golang.org/x/tools/go/analysis/doc.go
index 1b7b7ed5..fb17a0e4 100644
--- a/vendor/golang.org/x/tools/go/analysis/doc.go
+++ b/vendor/golang.org/x/tools/go/analysis/doc.go
@@ -1,6 +1,6 @@
 /*
 
-The analysis package defines the interface between a modular static
+Package analysis defines the interface between a modular static
 analysis and an analysis driver program.
 
 
@@ -70,39 +70,6 @@ A driver may use the name, flags, and documentation to provide on-line
 help that describes the analyses it performs.
 The doc comment contains a brief one-line summary,
 optionally followed by paragraphs of explanation.
-The vet command, shown below, is an example of a driver that runs
-multiple analyzers. It is based on the multichecker package
-(see the "Standalone commands" section for details).
-
-	$ go build golang.org/x/tools/go/analysis/cmd/vet
-	$ ./vet help
-	vet is a tool for static analysis of Go programs.
-
-	Usage: vet [-flag] [package]
-
-	Registered analyzers:
-
-	    asmdecl      report mismatches between assembly files and Go declarations
-	    assign       check for useless assignments
-	    atomic       check for common mistakes using the sync/atomic package
-	    ...
-	    unusedresult check for unused results of calls to some functions
-
-	$ ./vet help unusedresult
-	unusedresult: check for unused results of calls to some functions
-
-	Analyzer flags:
-
-	  -unusedresult.funcs value
-	        comma-separated list of functions whose results must be used (default Error,String)
-	  -unusedresult.stringmethods value
-	        comma-separated list of names of methods of type func() string whose results must be used
-
-	Some functions like fmt.Errorf return a result and have no side effects,
-	so it is always a mistake to discard the result. This analyzer reports
-	calls to certain functions in which the result of the call is ignored.
-
-	The set of functions may be controlled using flags.
 
 The Analyzer type has more fields besides those shown above:
 
@@ -203,6 +170,15 @@ Diagnostic is defined as:
 The optional Category field is a short identifier that classifies the
 kind of message when an analysis produces several kinds of diagnostic.
 
+Many analyses want to associate diagnostics with a severity level.
+Because Diagnostic does not have a severity level field, an Analyzer's
+diagnostics effectively all have the same severity level. To separate which
+diagnostics are high severity and which are low severity, expose multiple
+Analyzers instead. Analyzers should also be separated when their
+diagnostics belong in different groups, or could be tagged differently
+before being shown to the end user. Analyzers should document their severity
+level to help downstream tools surface diagnostics properly.
+
 Most Analyzers inspect typed Go syntax trees, but a few, such as asmdecl
 and buildtag, inspect the raw text of Go source files or even non-Go
 files such as assembly. To report a diagnostic against a line of a
diff --git a/vendor/golang.org/x/tools/go/analysis/validate.go b/vendor/golang.org/x/tools/go/analysis/validate.go
index be981434..ad0e7276 100644
--- a/vendor/golang.org/x/tools/go/analysis/validate.go
+++ b/vendor/golang.org/x/tools/go/analysis/validate.go
@@ -3,6 +3,7 @@ package analysis
 import (
 	"fmt"
 	"reflect"
+	"strings"
 	"unicode"
 )
 
@@ -58,14 +59,28 @@ func Validate(analyzers []*Analyzer) error {
 			}
 
 			// recursion
-			for i, req := range a.Requires {
+			for _, req := range a.Requires {
 				if err := visit(req); err != nil {
-					return fmt.Errorf("%s.Requires[%d]: %v", a.Name, i, err)
+					return err
 				}
 			}
 			color[a] = black
 		}
 
+		if color[a] == grey {
+			stack := []*Analyzer{a}
+			inCycle := map[string]bool{}
+			for len(stack) > 0 {
+				current := stack[len(stack)-1]
+				stack = stack[:len(stack)-1]
+				if color[current] == grey && !inCycle[current.Name] {
+					inCycle[current.Name] = true
+					stack = append(stack, current.Requires...)
+				}
+			}
+			return &CycleInRequiresGraphError{AnalyzerNames: inCycle}
+		}
+
 		return nil
 	}
 	for _, a := range analyzers {
@@ -95,3 +110,17 @@ func validIdent(name string) bool {
 	}
 	return name != ""
 }
+
+type CycleInRequiresGraphError struct {
+	AnalyzerNames map[string]bool
+}
+
+func (e *CycleInRequiresGraphError) Error() string {
+	var b strings.Builder
+	b.WriteString("cycle detected involving the following analyzers:")
+	for n := range e.AnalyzerNames {
+		b.WriteByte(' ')
+		b.WriteString(n)
+	}
+	return b.String()
+}
diff --git a/vendor/golang.org/x/tools/go/ast/astutil/imports.go b/vendor/golang.org/x/tools/go/ast/astutil/imports.go
index 3e4b1953..2087ceec 100644
--- a/vendor/golang.org/x/tools/go/ast/astutil/imports.go
+++ b/vendor/golang.org/x/tools/go/ast/astutil/imports.go
@@ -275,9 +275,10 @@ func DeleteNamedImport(fset *token.FileSet, f *ast.File, name, path string) (del
 
 				// We deleted an entry but now there may be
 				// a blank line-sized hole where the import was.
-				if line-lastLine > 1 {
+				if line-lastLine > 1 || !gen.Rparen.IsValid() {
 					// There was a blank line immediately preceding the deleted import,
-					// so there's no need to close the hole.
+					// so there's no need to close the hole. The right parenthesis is
+					// invalid after AddImport to an import statement without parenthesis.
 					// Do nothing.
 				} else if line != fset.File(gen.Rparen).LineCount() {
 					// There was no blank line. Close the hole.
diff --git a/vendor/golang.org/x/tools/go/ast/inspector/inspector.go b/vendor/golang.org/x/tools/go/ast/inspector/inspector.go
index ddbdd3f0..af5e17fe 100644
--- a/vendor/golang.org/x/tools/go/ast/inspector/inspector.go
+++ b/vendor/golang.org/x/tools/go/ast/inspector/inspector.go
@@ -90,7 +90,7 @@ func (in *Inspector) Preorder(types []ast.Node, f func(ast.Node)) {
 // The types argument, if non-empty, enables type-based filtering of
 // events. The function f if is called only for nodes whose type
 // matches an element of the types slice.
-func (in *Inspector) Nodes(types []ast.Node, f func(n ast.Node, push bool) (prune bool)) {
+func (in *Inspector) Nodes(types []ast.Node, f func(n ast.Node, push bool) (proceed bool)) {
 	mask := maskOf(types)
 	for i := 0; i < len(in.events); {
 		ev := in.events[i]
@@ -114,7 +114,7 @@ func (in *Inspector) Nodes(types []ast.Node, f func(n ast.Node, push bool) (prun
 // supplies each call to f an additional argument, the current
 // traversal stack. The stack's first element is the outermost node,
 // an *ast.File; its last is the innermost, n.
-func (in *Inspector) WithStack(types []ast.Node, f func(n ast.Node, push bool, stack []ast.Node) (prune bool)) {
+func (in *Inspector) WithStack(types []ast.Node, f func(n ast.Node, push bool, stack []ast.Node) (proceed bool)) {
 	mask := maskOf(types)
 	var stack []ast.Node
 	for i := 0; i < len(in.events); {
@@ -150,7 +150,11 @@ func traverse(files []*ast.File) []event {
 		extent += int(f.End() - f.Pos())
 	}
 	// This estimate is based on the net/http package.
-	events := make([]event, 0, extent*33/100)
+	capacity := extent * 33 / 100
+	if capacity > 1e6 {
+		capacity = 1e6 // impose some reasonable maximum
+	}
+	events := make([]event, 0, capacity)
 
 	var stack []event
 	for _, f := range files {
diff --git a/vendor/golang.org/x/tools/go/internal/cgo/cgo.go b/vendor/golang.org/x/tools/go/internal/cgo/cgo.go
new file mode 100644
index 00000000..5db8b309
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/internal/cgo/cgo.go
@@ -0,0 +1,220 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package cgo handles cgo preprocessing of files containing `import "C"`.
+//
+// DESIGN
+//
+// The approach taken is to run the cgo processor on the package's
+// CgoFiles and parse the output, faking the filenames of the
+// resulting ASTs so that the synthetic file containing the C types is
+// called "C" (e.g. "~/go/src/net/C") and the preprocessed files
+// have their original names (e.g. "~/go/src/net/cgo_unix.go"),
+// not the names of the actual temporary files.
+//
+// The advantage of this approach is its fidelity to 'go build'.  The
+// downside is that the token.Position.Offset for each AST node is
+// incorrect, being an offset within the temporary file.  Line numbers
+// should still be correct because of the //line comments.
+//
+// The logic of this file is mostly plundered from the 'go build'
+// tool, which also invokes the cgo preprocessor.
+//
+//
+// REJECTED ALTERNATIVE
+//
+// An alternative approach that we explored is to extend go/types'
+// Importer mechanism to provide the identity of the importing package
+// so that each time `import "C"` appears it resolves to a different
+// synthetic package containing just the objects needed in that case.
+// The loader would invoke cgo but parse only the cgo_types.go file
+// defining the package-level objects, discarding the other files
+// resulting from preprocessing.
+//
+// The benefit of this approach would have been that source-level
+// syntax information would correspond exactly to the original cgo
+// file, with no preprocessing involved, making source tools like
+// godoc, guru, and eg happy.  However, the approach was rejected
+// due to the additional complexity it would impose on go/types.  (It
+// made for a beautiful demo, though.)
+//
+// cgo files, despite their *.go extension, are not legal Go source
+// files per the specification since they may refer to unexported
+// members of package "C" such as C.int.  Also, a function such as
+// C.getpwent has in effect two types, one matching its C type and one
+// which additionally returns (errno C.int).  The cgo preprocessor
+// uses name mangling to distinguish these two functions in the
+// processed code, but go/types would need to duplicate this logic in
+// its handling of function calls, analogous to the treatment of map
+// lookups in which y=m[k] and y,ok=m[k] are both legal.
+
+package cgo
+
+import (
+	"fmt"
+	"go/ast"
+	"go/build"
+	"go/parser"
+	"go/token"
+	"io/ioutil"
+	"log"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"regexp"
+	"strings"
+)
+
+// ProcessFiles invokes the cgo preprocessor on bp.CgoFiles, parses
+// the output and returns the resulting ASTs.
+//
+func ProcessFiles(bp *build.Package, fset *token.FileSet, DisplayPath func(path string) string, mode parser.Mode) ([]*ast.File, error) {
+	tmpdir, err := ioutil.TempDir("", strings.Replace(bp.ImportPath, "/", "_", -1)+"_C")
+	if err != nil {
+		return nil, err
+	}
+	defer os.RemoveAll(tmpdir)
+
+	pkgdir := bp.Dir
+	if DisplayPath != nil {
+		pkgdir = DisplayPath(pkgdir)
+	}
+
+	cgoFiles, cgoDisplayFiles, err := Run(bp, pkgdir, tmpdir, false)
+	if err != nil {
+		return nil, err
+	}
+	var files []*ast.File
+	for i := range cgoFiles {
+		rd, err := os.Open(cgoFiles[i])
+		if err != nil {
+			return nil, err
+		}
+		display := filepath.Join(bp.Dir, cgoDisplayFiles[i])
+		f, err := parser.ParseFile(fset, display, rd, mode)
+		rd.Close()
+		if err != nil {
+			return nil, err
+		}
+		files = append(files, f)
+	}
+	return files, nil
+}
+
+var cgoRe = regexp.MustCompile(`[/\\:]`)
+
+// Run invokes the cgo preprocessor on bp.CgoFiles and returns two
+// lists of files: the resulting processed files (in temporary
+// directory tmpdir) and the corresponding names of the unprocessed files.
+//
+// Run is adapted from (*builder).cgo in
+// $GOROOT/src/cmd/go/build.go, but these features are unsupported:
+// Objective C, CGOPKGPATH, CGO_FLAGS.
+//
+// If useabs is set to true, absolute paths of the bp.CgoFiles will be passed in
+// to the cgo preprocessor. This in turn will set the // line comments
+// referring to those files to use absolute paths. This is needed for
+// go/packages using the legacy go list support so it is able to find
+// the original files.
+func Run(bp *build.Package, pkgdir, tmpdir string, useabs bool) (files, displayFiles []string, err error) {
+	cgoCPPFLAGS, _, _, _ := cflags(bp, true)
+	_, cgoexeCFLAGS, _, _ := cflags(bp, false)
+
+	if len(bp.CgoPkgConfig) > 0 {
+		pcCFLAGS, err := pkgConfigFlags(bp)
+		if err != nil {
+			return nil, nil, err
+		}
+		cgoCPPFLAGS = append(cgoCPPFLAGS, pcCFLAGS...)
+	}
+
+	// Allows including _cgo_export.h from .[ch] files in the package.
+	cgoCPPFLAGS = append(cgoCPPFLAGS, "-I", tmpdir)
+
+	// _cgo_gotypes.go (displayed "C") contains the type definitions.
+	files = append(files, filepath.Join(tmpdir, "_cgo_gotypes.go"))
+	displayFiles = append(displayFiles, "C")
+	for _, fn := range bp.CgoFiles {
+		// "foo.cgo1.go" (displayed "foo.go") is the processed Go source.
+		f := cgoRe.ReplaceAllString(fn[:len(fn)-len("go")], "_")
+		files = append(files, filepath.Join(tmpdir, f+"cgo1.go"))
+		displayFiles = append(displayFiles, fn)
+	}
+
+	var cgoflags []string
+	if bp.Goroot && bp.ImportPath == "runtime/cgo" {
+		cgoflags = append(cgoflags, "-import_runtime_cgo=false")
+	}
+	if bp.Goroot && bp.ImportPath == "runtime/race" || bp.ImportPath == "runtime/cgo" {
+		cgoflags = append(cgoflags, "-import_syscall=false")
+	}
+
+	var cgoFiles []string = bp.CgoFiles
+	if useabs {
+		cgoFiles = make([]string, len(bp.CgoFiles))
+		for i := range cgoFiles {
+			cgoFiles[i] = filepath.Join(pkgdir, bp.CgoFiles[i])
+		}
+	}
+
+	args := stringList(
+		"go", "tool", "cgo", "-objdir", tmpdir, cgoflags, "--",
+		cgoCPPFLAGS, cgoexeCFLAGS, cgoFiles,
+	)
+	if false {
+		log.Printf("Running cgo for package %q: %s (dir=%s)", bp.ImportPath, args, pkgdir)
+	}
+	cmd := exec.Command(args[0], args[1:]...)
+	cmd.Dir = pkgdir
+	cmd.Stdout = os.Stderr
+	cmd.Stderr = os.Stderr
+	if err := cmd.Run(); err != nil {
+		return nil, nil, fmt.Errorf("cgo failed: %s: %s", args, err)
+	}
+
+	return files, displayFiles, nil
+}
+
+// -- unmodified from 'go build' ---------------------------------------
+
+// Return the flags to use when invoking the C or C++ compilers, or cgo.
+func cflags(p *build.Package, def bool) (cppflags, cflags, cxxflags, ldflags []string) {
+	var defaults string
+	if def {
+		defaults = "-g -O2"
+	}
+
+	cppflags = stringList(envList("CGO_CPPFLAGS", ""), p.CgoCPPFLAGS)
+	cflags = stringList(envList("CGO_CFLAGS", defaults), p.CgoCFLAGS)
+	cxxflags = stringList(envList("CGO_CXXFLAGS", defaults), p.CgoCXXFLAGS)
+	ldflags = stringList(envList("CGO_LDFLAGS", defaults), p.CgoLDFLAGS)
+	return
+}
+
+// envList returns the value of the given environment variable broken
+// into fields, using the default value when the variable is empty.
+func envList(key, def string) []string {
+	v := os.Getenv(key)
+	if v == "" {
+		v = def
+	}
+	return strings.Fields(v)
+}
+
+// stringList's arguments should be a sequence of string or []string values.
+// stringList flattens them into a single []string.
+func stringList(args ...interface{}) []string {
+	var x []string
+	for _, arg := range args {
+		switch arg := arg.(type) {
+		case []string:
+			x = append(x, arg...)
+		case string:
+			x = append(x, arg)
+		default:
+			panic("stringList: invalid argument")
+		}
+	}
+	return x
+}
diff --git a/vendor/golang.org/x/tools/go/internal/cgo/cgo_pkgconfig.go b/vendor/golang.org/x/tools/go/internal/cgo/cgo_pkgconfig.go
new file mode 100644
index 00000000..b5bb95a6
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/internal/cgo/cgo_pkgconfig.go
@@ -0,0 +1,39 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cgo
+
+import (
+	"errors"
+	"fmt"
+	"go/build"
+	"os/exec"
+	"strings"
+)
+
+// pkgConfig runs pkg-config with the specified arguments and returns the flags it prints.
+func pkgConfig(mode string, pkgs []string) (flags []string, err error) {
+	cmd := exec.Command("pkg-config", append([]string{mode}, pkgs...)...)
+	out, err := cmd.CombinedOutput()
+	if err != nil {
+		s := fmt.Sprintf("%s failed: %v", strings.Join(cmd.Args, " "), err)
+		if len(out) > 0 {
+			s = fmt.Sprintf("%s: %s", s, out)
+		}
+		return nil, errors.New(s)
+	}
+	if len(out) > 0 {
+		flags = strings.Fields(string(out))
+	}
+	return
+}
+
+// pkgConfigFlags calls pkg-config if needed and returns the cflags
+// needed to build the package.
+func pkgConfigFlags(p *build.Package) (cflags []string, err error) {
+	if len(p.CgoPkgConfig) == 0 {
+		return nil, nil
+	}
+	return pkgConfig("--cflags", p.CgoPkgConfig)
+}
diff --git a/vendor/golang.org/x/tools/go/internal/gcimporter/gcimporter.go b/vendor/golang.org/x/tools/go/internal/gcimporter/gcimporter.go
index 9cf18660..8dcd8bbb 100644
--- a/vendor/golang.org/x/tools/go/internal/gcimporter/gcimporter.go
+++ b/vendor/golang.org/x/tools/go/internal/gcimporter/gcimporter.go
@@ -344,7 +344,7 @@ func (p *parser) expectKeyword(keyword string) {
 
 // PackageId = string_lit .
 //
-func (p *parser) parsePackageId() string {
+func (p *parser) parsePackageID() string {
 	id, err := strconv.Unquote(p.expect(scanner.String))
 	if err != nil {
 		p.error(err)
@@ -384,7 +384,7 @@ func (p *parser) parseDotIdent() string {
 //
 func (p *parser) parseQualifiedName() (id, name string) {
 	p.expect('@')
-	id = p.parsePackageId()
+	id = p.parsePackageID()
 	p.expect('.')
 	// Per rev f280b8a485fd (10/2/2013), qualified names may be used for anonymous fields.
 	if p.tok == '?' {
@@ -696,7 +696,7 @@ func (p *parser) parseInterfaceType(parent *types.Package) types.Type {
 
 	// Complete requires the type's embedded interfaces to be fully defined,
 	// but we do not define any
-	return types.NewInterface(methods, nil).Complete()
+	return newInterface(methods, nil).Complete()
 }
 
 // ChanType = ( "chan" [ "<-" ] | "<-" "chan" ) Type .
@@ -785,7 +785,7 @@ func (p *parser) parseType(parent *types.Package) types.Type {
 func (p *parser) parseImportDecl() {
 	p.expectKeyword("import")
 	name := p.parsePackageName()
-	p.getPkg(p.parsePackageId(), name)
+	p.getPkg(p.parsePackageID(), name)
 }
 
 // int_lit = [ "+" | "-" ] { "0" ... "9" } .
diff --git a/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go b/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go
index db0c9a7e..dc6177c1 100644
--- a/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go
+++ b/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go
@@ -11,17 +11,15 @@ import (
 	"encoding/json"
 	"fmt"
 	"go/types"
-	"log"
-	"os"
 	"os/exec"
 	"strings"
-	"time"
+
+	"golang.org/x/tools/internal/gocommand"
 )
 
 var debug = false
 
-// GetSizes returns the sizes used by the underlying driver with the given parameters.
-func GetSizes(ctx context.Context, buildFlags, env []string, dir string, usesExportData bool) (types.Sizes, error) {
+func GetSizes(ctx context.Context, buildFlags, env []string, gocmdRunner *gocommand.Runner, dir string) (types.Sizes, error) {
 	// TODO(matloob): Clean this up. This code is mostly a copy of packages.findExternalDriver.
 	const toolPrefix = "GOPACKAGESDRIVER="
 	tool := ""
@@ -41,7 +39,7 @@ func GetSizes(ctx context.Context, buildFlags, env []string, dir string, usesExp
 	}
 
 	if tool == "off" {
-		return GetSizesGolist(ctx, buildFlags, env, dir, usesExportData)
+		return GetSizesGolist(ctx, buildFlags, env, gocmdRunner, dir)
 	}
 
 	req, err := json.Marshal(struct {
@@ -77,98 +75,43 @@ func GetSizes(ctx context.Context, buildFlags, env []string, dir string, usesExp
 	return response.Sizes, nil
 }
 
-func GetSizesGolist(ctx context.Context, buildFlags, env []string, dir string, usesExportData bool) (types.Sizes, error) {
-	args := []string{"list", "-f", "{{context.GOARCH}} {{context.Compiler}}"}
-	args = append(args, buildFlags...)
-	args = append(args, "--", "unsafe")
-	stdout, stderr, err := invokeGo(ctx, env, dir, usesExportData, args...)
+func GetSizesGolist(ctx context.Context, buildFlags, env []string, gocmdRunner *gocommand.Runner, dir string) (types.Sizes, error) {
+	inv := gocommand.Invocation{
+		Verb:       "list",
+		Args:       []string{"-f", "{{context.GOARCH}} {{context.Compiler}}", "--", "unsafe"},
+		Env:        env,
+		BuildFlags: buildFlags,
+		WorkingDir: dir,
+	}
+	stdout, stderr, friendlyErr, rawErr := gocmdRunner.RunRaw(ctx, inv)
 	var goarch, compiler string
-	if err != nil {
-		if strings.Contains(err.Error(), "cannot find main module") {
+	if rawErr != nil {
+		if strings.Contains(rawErr.Error(), "cannot find main module") {
 			// User's running outside of a module. All bets are off. Get GOARCH and guess compiler is gc.
 			// TODO(matloob): Is this a problem in practice?
-			envout, _, enverr := invokeGo(ctx, env, dir, usesExportData, "env", "GOARCH")
+			inv := gocommand.Invocation{
+				Verb:       "env",
+				Args:       []string{"GOARCH"},
+				Env:        env,
+				WorkingDir: dir,
+			}
+			envout, enverr := gocmdRunner.Run(ctx, inv)
 			if enverr != nil {
-				return nil, err
+				return nil, enverr
 			}
 			goarch = strings.TrimSpace(envout.String())
 			compiler = "gc"
 		} else {
-			return nil, err
+			return nil, friendlyErr
 		}
 	} else {
 		fields := strings.Fields(stdout.String())
 		if len(fields) < 2 {
-			return nil, fmt.Errorf("could not parse GOARCH and Go compiler in format \"<GOARCH> <compiler>\" from stdout of go command:\n%s\ndir: %s\nstdout: <<%s>>\nstderr: <<%s>>",
-				cmdDebugStr(env, args...), dir, stdout.String(), stderr.String())
+			return nil, fmt.Errorf("could not parse GOARCH and Go compiler in format \"<GOARCH> <compiler>\":\nstdout: <<%s>>\nstderr: <<%s>>",
+				stdout.String(), stderr.String())
 		}
 		goarch = fields[0]
 		compiler = fields[1]
 	}
 	return types.SizesFor(compiler, goarch), nil
 }
-
-// invokeGo returns the stdout and stderr of a go command invocation.
-func invokeGo(ctx context.Context, env []string, dir string, usesExportData bool, args ...string) (*bytes.Buffer, *bytes.Buffer, error) {
-	if debug {
-		defer func(start time.Time) { log.Printf("%s for %v", time.Since(start), cmdDebugStr(env, args...)) }(time.Now())
-	}
-	stdout := new(bytes.Buffer)
-	stderr := new(bytes.Buffer)
-	cmd := exec.CommandContext(ctx, "go", args...)
-	// On darwin the cwd gets resolved to the real path, which breaks anything that
-	// expects the working directory to keep the original path, including the
-	// go command when dealing with modules.
-	// The Go stdlib has a special feature where if the cwd and the PWD are the
-	// same node then it trusts the PWD, so by setting it in the env for the child
-	// process we fix up all the paths returned by the go command.
-	cmd.Env = append(append([]string{}, env...), "PWD="+dir)
-	cmd.Dir = dir
-	cmd.Stdout = stdout
-	cmd.Stderr = stderr
-	if err := cmd.Run(); err != nil {
-		exitErr, ok := err.(*exec.ExitError)
-		if !ok {
-			// Catastrophic error:
-			// - executable not found
-			// - context cancellation
-			return nil, nil, fmt.Errorf("couldn't exec 'go %v': %s %T", args, err, err)
-		}
-
-		// Export mode entails a build.
-		// If that build fails, errors appear on stderr
-		// (despite the -e flag) and the Export field is blank.
-		// Do not fail in that case.
-		if !usesExportData {
-			return nil, nil, fmt.Errorf("go %v: %s: %s", args, exitErr, stderr)
-		}
-	}
-
-	// As of writing, go list -export prints some non-fatal compilation
-	// errors to stderr, even with -e set. We would prefer that it put
-	// them in the Package.Error JSON (see https://golang.org/issue/26319).
-	// In the meantime, there's nowhere good to put them, but they can
-	// be useful for debugging. Print them if $GOPACKAGESPRINTGOLISTERRORS
-	// is set.
-	if len(stderr.Bytes()) != 0 && os.Getenv("GOPACKAGESPRINTGOLISTERRORS") != "" {
-		fmt.Fprintf(os.Stderr, "%s stderr: <<%s>>\n", cmdDebugStr(env, args...), stderr)
-	}
-
-	// debugging
-	if false {
-		fmt.Fprintf(os.Stderr, "%s stdout: <<%s>>\n", cmdDebugStr(env, args...), stdout)
-	}
-
-	return stdout, stderr, nil
-}
-
-func cmdDebugStr(envlist []string, args ...string) string {
-	env := make(map[string]string)
-	for _, kv := range envlist {
-		split := strings.Split(kv, "=")
-		k, v := split[0], split[1]
-		env[k] = v
-	}
-
-	return fmt.Sprintf("GOROOT=%v GOPATH=%v GO111MODULE=%v PWD=%v go %v", env["GOROOT"], env["GOPATH"], env["GO111MODULE"], env["PWD"], args)
-}
diff --git a/vendor/golang.org/x/tools/go/loader/doc.go b/vendor/golang.org/x/tools/go/loader/doc.go
new file mode 100644
index 00000000..c5aa31c1
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/loader/doc.go
@@ -0,0 +1,204 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package loader loads a complete Go program from source code, parsing
+// and type-checking the initial packages plus their transitive closure
+// of dependencies.  The ASTs and the derived facts are retained for
+// later use.
+//
+// Deprecated: This is an older API and does not have support
+// for modules. Use golang.org/x/tools/go/packages instead.
+//
+// The package defines two primary types: Config, which specifies a
+// set of initial packages to load and various other options; and
+// Program, which is the result of successfully loading the packages
+// specified by a configuration.
+//
+// The configuration can be set directly, but *Config provides various
+// convenience methods to simplify the common cases, each of which can
+// be called any number of times.  Finally, these are followed by a
+// call to Load() to actually load and type-check the program.
+//
+//      var conf loader.Config
+//
+//      // Use the command-line arguments to specify
+//      // a set of initial packages to load from source.
+//      // See FromArgsUsage for help.
+//      rest, err := conf.FromArgs(os.Args[1:], wantTests)
+//
+//      // Parse the specified files and create an ad hoc package with path "foo".
+//      // All files must have the same 'package' declaration.
+//      conf.CreateFromFilenames("foo", "foo.go", "bar.go")
+//
+//      // Create an ad hoc package with path "foo" from
+//      // the specified already-parsed files.
+//      // All ASTs must have the same 'package' declaration.
+//      conf.CreateFromFiles("foo", parsedFiles)
+//
+//      // Add "runtime" to the set of packages to be loaded.
+//      conf.Import("runtime")
+//
+//      // Adds "fmt" and "fmt_test" to the set of packages
+//      // to be loaded.  "fmt" will include *_test.go files.
+//      conf.ImportWithTests("fmt")
+//
+//      // Finally, load all the packages specified by the configuration.
+//      prog, err := conf.Load()
+//
+// See examples_test.go for examples of API usage.
+//
+//
+// CONCEPTS AND TERMINOLOGY
+//
+// The WORKSPACE is the set of packages accessible to the loader.  The
+// workspace is defined by Config.Build, a *build.Context.  The
+// default context treats subdirectories of $GOROOT and $GOPATH as
+// packages, but this behavior may be overridden.
+//
+// An AD HOC package is one specified as a set of source files on the
+// command line.  In the simplest case, it may consist of a single file
+// such as $GOROOT/src/net/http/triv.go.
+//
+// EXTERNAL TEST packages are those comprised of a set of *_test.go
+// files all with the same 'package foo_test' declaration, all in the
+// same directory.  (go/build.Package calls these files XTestFiles.)
+//
+// An IMPORTABLE package is one that can be referred to by some import
+// spec.  Every importable package is uniquely identified by its
+// PACKAGE PATH or just PATH, a string such as "fmt", "encoding/json",
+// or "cmd/vendor/golang.org/x/arch/x86/x86asm".  A package path
+// typically denotes a subdirectory of the workspace.
+//
+// An import declaration uses an IMPORT PATH to refer to a package.
+// Most import declarations use the package path as the import path.
+//
+// Due to VENDORING (https://golang.org/s/go15vendor), the
+// interpretation of an import path may depend on the directory in which
+// it appears.  To resolve an import path to a package path, go/build
+// must search the enclosing directories for a subdirectory named
+// "vendor".
+//
+// ad hoc packages and external test packages are NON-IMPORTABLE.  The
+// path of an ad hoc package is inferred from the package
+// declarations of its files and is therefore not a unique package key.
+// For example, Config.CreatePkgs may specify two initial ad hoc
+// packages, both with path "main".
+//
+// An AUGMENTED package is an importable package P plus all the
+// *_test.go files with same 'package foo' declaration as P.
+// (go/build.Package calls these files TestFiles.)
+//
+// The INITIAL packages are those specified in the configuration.  A
+// DEPENDENCY is a package loaded to satisfy an import in an initial
+// package or another dependency.
+//
+package loader
+
+// IMPLEMENTATION NOTES
+//
+// 'go test', in-package test files, and import cycles
+// ---------------------------------------------------
+//
+// An external test package may depend upon members of the augmented
+// package that are not in the unaugmented package, such as functions
+// that expose internals.  (See bufio/export_test.go for an example.)
+// So, the loader must ensure that for each external test package
+// it loads, it also augments the corresponding non-test package.
+//
+// The import graph over n unaugmented packages must be acyclic; the
+// import graph over n-1 unaugmented packages plus one augmented
+// package must also be acyclic.  ('go test' relies on this.)  But the
+// import graph over n augmented packages may contain cycles.
+//
+// First, all the (unaugmented) non-test packages and their
+// dependencies are imported in the usual way; the loader reports an
+// error if it detects an import cycle.
+//
+// Then, each package P for which testing is desired is augmented by
+// the list P' of its in-package test files, by calling
+// (*types.Checker).Files.  This arrangement ensures that P' may
+// reference definitions within P, but P may not reference definitions
+// within P'.  Furthermore, P' may import any other package, including
+// ones that depend upon P, without an import cycle error.
+//
+// Consider two packages A and B, both of which have lists of
+// in-package test files we'll call A' and B', and which have the
+// following import graph edges:
+//    B  imports A
+//    B' imports A
+//    A' imports B
+// This last edge would be expected to create an error were it not
+// for the special type-checking discipline above.
+// Cycles of size greater than two are possible.  For example:
+//   compress/bzip2/bzip2_test.go (package bzip2)  imports "io/ioutil"
+//   io/ioutil/tempfile_test.go   (package ioutil) imports "regexp"
+//   regexp/exec_test.go          (package regexp) imports "compress/bzip2"
+//
+//
+// Concurrency
+// -----------
+//
+// Let us define the import dependency graph as follows.  Each node is a
+// list of files passed to (Checker).Files at once.  Many of these lists
+// are the production code of an importable Go package, so those nodes
+// are labelled by the package's path.  The remaining nodes are
+// ad hoc packages and lists of in-package *_test.go files that augment
+// an importable package; those nodes have no label.
+//
+// The edges of the graph represent import statements appearing within a
+// file.  An edge connects a node (a list of files) to the node it
+// imports, which is importable and thus always labelled.
+//
+// Loading is controlled by this dependency graph.
+//
+// To reduce I/O latency, we start loading a package's dependencies
+// asynchronously as soon as we've parsed its files and enumerated its
+// imports (scanImports).  This performs a preorder traversal of the
+// import dependency graph.
+//
+// To exploit hardware parallelism, we type-check unrelated packages in
+// parallel, where "unrelated" means not ordered by the partial order of
+// the import dependency graph.
+//
+// We use a concurrency-safe non-blocking cache (importer.imported) to
+// record the results of type-checking, whether success or failure.  An
+// entry is created in this cache by startLoad the first time the
+// package is imported.  The first goroutine to request an entry becomes
+// responsible for completing the task and broadcasting completion to
+// subsequent requestors, which block until then.
+//
+// Type checking occurs in (parallel) postorder: we cannot type-check a
+// set of files until we have loaded and type-checked all of their
+// immediate dependencies (and thus all of their transitive
+// dependencies). If the input were guaranteed free of import cycles,
+// this would be trivial: we could simply wait for completion of the
+// dependencies and then invoke the typechecker.
+//
+// But as we saw in the 'go test' section above, some cycles in the
+// import graph over packages are actually legal, so long as the
+// cycle-forming edge originates in the in-package test files that
+// augment the package.  This explains why the nodes of the import
+// dependency graph are not packages, but lists of files: the unlabelled
+// nodes avoid the cycles.  Consider packages A and B where B imports A
+// and A's in-package tests AT import B.  The naively constructed import
+// graph over packages would contain a cycle (A+AT) --> B --> (A+AT) but
+// the graph over lists of files is AT --> B --> A, where AT is an
+// unlabelled node.
+//
+// Awaiting completion of the dependencies in a cyclic graph would
+// deadlock, so we must materialize the import dependency graph (as
+// importer.graph) and check whether each import edge forms a cycle.  If
+// x imports y, and the graph already contains a path from y to x, then
+// there is an import cycle, in which case the processing of x must not
+// wait for the completion of processing of y.
+//
+// When the type-checker makes a callback (doImport) to the loader for a
+// given import edge, there are two possible cases.  In the normal case,
+// the dependency has already been completely type-checked; doImport
+// does a cache lookup and returns it.  In the cyclic case, the entry in
+// the cache is still necessarily incomplete, indicating a cycle.  We
+// perform the cycle check again to obtain the error message, and return
+// the error.
+//
+// The result of using concurrency is about a 2.5x speedup for stdlib_test.
diff --git a/vendor/golang.org/x/tools/go/loader/loader.go b/vendor/golang.org/x/tools/go/loader/loader.go
new file mode 100644
index 00000000..bc12ca33
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/loader/loader.go
@@ -0,0 +1,1086 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package loader
+
+// See doc.go for package documentation and implementation notes.
+
+import (
+	"errors"
+	"fmt"
+	"go/ast"
+	"go/build"
+	"go/parser"
+	"go/token"
+	"go/types"
+	"os"
+	"path/filepath"
+	"sort"
+	"strings"
+	"sync"
+	"time"
+
+	"golang.org/x/tools/go/ast/astutil"
+	"golang.org/x/tools/go/internal/cgo"
+)
+
+var ignoreVendor build.ImportMode
+
+const trace = false // show timing info for type-checking
+
+// Config specifies the configuration for loading a whole program from
+// Go source code.
+// The zero value for Config is a ready-to-use default configuration.
+type Config struct {
+	// Fset is the file set for the parser to use when loading the
+	// program.  If nil, it may be lazily initialized by any
+	// method of Config.
+	Fset *token.FileSet
+
+	// ParserMode specifies the mode to be used by the parser when
+	// loading source packages.
+	ParserMode parser.Mode
+
+	// TypeChecker contains options relating to the type checker.
+	//
+	// The supplied IgnoreFuncBodies is not used; the effective
+	// value comes from the TypeCheckFuncBodies func below.
+	// The supplied Import function is not used either.
+	TypeChecker types.Config
+
+	// TypeCheckFuncBodies is a predicate over package paths.
+	// A package for which the predicate is false will
+	// have its package-level declarations type checked, but not
+	// its function bodies; this can be used to quickly load
+	// dependencies from source.  If nil, all func bodies are type
+	// checked.
+	TypeCheckFuncBodies func(path string) bool
+
+	// If Build is non-nil, it is used to locate source packages.
+	// Otherwise &build.Default is used.
+	//
+	// By default, cgo is invoked to preprocess Go files that
+	// import the fake package "C".  This behaviour can be
+	// disabled by setting CGO_ENABLED=0 in the environment prior
+	// to startup, or by setting Build.CgoEnabled=false.
+	Build *build.Context
+
+	// The current directory, used for resolving relative package
+	// references such as "./go/loader".  If empty, os.Getwd will be
+	// used instead.
+	Cwd string
+
+	// If DisplayPath is non-nil, it is used to transform each
+	// file name obtained from Build.Import().  This can be used
+	// to prevent a virtualized build.Config's file names from
+	// leaking into the user interface.
+	DisplayPath func(path string) string
+
+	// If AllowErrors is true, Load will return a Program even
+	// if some of the its packages contained I/O, parser or type
+	// errors; such errors are accessible via PackageInfo.Errors.  If
+	// false, Load will fail if any package had an error.
+	AllowErrors bool
+
+	// CreatePkgs specifies a list of non-importable initial
+	// packages to create.  The resulting packages will appear in
+	// the corresponding elements of the Program.Created slice.
+	CreatePkgs []PkgSpec
+
+	// ImportPkgs specifies a set of initial packages to load.
+	// The map keys are package paths.
+	//
+	// The map value indicates whether to load tests.  If true, Load
+	// will add and type-check two lists of files to the package:
+	// non-test files followed by in-package *_test.go files.  In
+	// addition, it will append the external test package (if any)
+	// to Program.Created.
+	ImportPkgs map[string]bool
+
+	// FindPackage is called during Load to create the build.Package
+	// for a given import path from a given directory.
+	// If FindPackage is nil, (*build.Context).Import is used.
+	// A client may use this hook to adapt to a proprietary build
+	// system that does not follow the "go build" layout
+	// conventions, for example.
+	//
+	// It must be safe to call concurrently from multiple goroutines.
+	FindPackage func(ctxt *build.Context, importPath, fromDir string, mode build.ImportMode) (*build.Package, error)
+
+	// AfterTypeCheck is called immediately after a list of files
+	// has been type-checked and appended to info.Files.
+	//
+	// This optional hook function is the earliest opportunity for
+	// the client to observe the output of the type checker,
+	// which may be useful to reduce analysis latency when loading
+	// a large program.
+	//
+	// The function is permitted to modify info.Info, for instance
+	// to clear data structures that are no longer needed, which can
+	// dramatically reduce peak memory consumption.
+	//
+	// The function may be called twice for the same PackageInfo:
+	// once for the files of the package and again for the
+	// in-package test files.
+	//
+	// It must be safe to call concurrently from multiple goroutines.
+	AfterTypeCheck func(info *PackageInfo, files []*ast.File)
+}
+
+// A PkgSpec specifies a non-importable package to be created by Load.
+// Files are processed first, but typically only one of Files and
+// Filenames is provided.  The path needn't be globally unique.
+//
+// For vendoring purposes, the package's directory is the one that
+// contains the first file.
+type PkgSpec struct {
+	Path      string      // package path ("" => use package declaration)
+	Files     []*ast.File // ASTs of already-parsed files
+	Filenames []string    // names of files to be parsed
+}
+
+// A Program is a Go program loaded from source as specified by a Config.
+type Program struct {
+	Fset *token.FileSet // the file set for this program
+
+	// Created[i] contains the initial package whose ASTs or
+	// filenames were supplied by Config.CreatePkgs[i], followed by
+	// the external test package, if any, of each package in
+	// Config.ImportPkgs ordered by ImportPath.
+	//
+	// NOTE: these files must not import "C".  Cgo preprocessing is
+	// only performed on imported packages, not ad hoc packages.
+	//
+	// TODO(adonovan): we need to copy and adapt the logic of
+	// goFilesPackage (from $GOROOT/src/cmd/go/build.go) and make
+	// Config.Import and Config.Create methods return the same kind
+	// of entity, essentially a build.Package.
+	// Perhaps we can even reuse that type directly.
+	Created []*PackageInfo
+
+	// Imported contains the initially imported packages,
+	// as specified by Config.ImportPkgs.
+	Imported map[string]*PackageInfo
+
+	// AllPackages contains the PackageInfo of every package
+	// encountered by Load: all initial packages and all
+	// dependencies, including incomplete ones.
+	AllPackages map[*types.Package]*PackageInfo
+
+	// importMap is the canonical mapping of package paths to
+	// packages.  It contains all Imported initial packages, but not
+	// Created ones, and all imported dependencies.
+	importMap map[string]*types.Package
+}
+
+// PackageInfo holds the ASTs and facts derived by the type-checker
+// for a single package.
+//
+// Not mutated once exposed via the API.
+//
+type PackageInfo struct {
+	Pkg                   *types.Package
+	Importable            bool        // true if 'import "Pkg.Path()"' would resolve to this
+	TransitivelyErrorFree bool        // true if Pkg and all its dependencies are free of errors
+	Files                 []*ast.File // syntax trees for the package's files
+	Errors                []error     // non-nil if the package had errors
+	types.Info                        // type-checker deductions.
+	dir                   string      // package directory
+
+	checker   *types.Checker // transient type-checker state
+	errorFunc func(error)
+}
+
+func (info *PackageInfo) String() string { return info.Pkg.Path() }
+
+func (info *PackageInfo) appendError(err error) {
+	if info.errorFunc != nil {
+		info.errorFunc(err)
+	} else {
+		fmt.Fprintln(os.Stderr, err)
+	}
+	info.Errors = append(info.Errors, err)
+}
+
+func (conf *Config) fset() *token.FileSet {
+	if conf.Fset == nil {
+		conf.Fset = token.NewFileSet()
+	}
+	return conf.Fset
+}
+
+// ParseFile is a convenience function (intended for testing) that invokes
+// the parser using the Config's FileSet, which is initialized if nil.
+//
+// src specifies the parser input as a string, []byte, or io.Reader, and
+// filename is its apparent name.  If src is nil, the contents of
+// filename are read from the file system.
+//
+func (conf *Config) ParseFile(filename string, src interface{}) (*ast.File, error) {
+	// TODO(adonovan): use conf.build() etc like parseFiles does.
+	return parser.ParseFile(conf.fset(), filename, src, conf.ParserMode)
+}
+
+// FromArgsUsage is a partial usage message that applications calling
+// FromArgs may wish to include in their -help output.
+const FromArgsUsage = `
+<args> is a list of arguments denoting a set of initial packages.
+It may take one of two forms:
+
+1. A list of *.go source files.
+
+   All of the specified files are loaded, parsed and type-checked
+   as a single package.  All the files must belong to the same directory.
+
+2. A list of import paths, each denoting a package.
+
+   The package's directory is found relative to the $GOROOT and
+   $GOPATH using similar logic to 'go build', and the *.go files in
+   that directory are loaded, parsed and type-checked as a single
+   package.
+
+   In addition, all *_test.go files in the directory are then loaded
+   and parsed.  Those files whose package declaration equals that of
+   the non-*_test.go files are included in the primary package.  Test
+   files whose package declaration ends with "_test" are type-checked
+   as another package, the 'external' test package, so that a single
+   import path may denote two packages.  (Whether this behaviour is
+   enabled is tool-specific, and may depend on additional flags.)
+
+A '--' argument terminates the list of packages.
+`
+
+// FromArgs interprets args as a set of initial packages to load from
+// source and updates the configuration.  It returns the list of
+// unconsumed arguments.
+//
+// It is intended for use in command-line interfaces that require a
+// set of initial packages to be specified; see FromArgsUsage message
+// for details.
+//
+// Only superficial errors are reported at this stage; errors dependent
+// on I/O are detected during Load.
+//
+func (conf *Config) FromArgs(args []string, xtest bool) ([]string, error) {
+	var rest []string
+	for i, arg := range args {
+		if arg == "--" {
+			rest = args[i+1:]
+			args = args[:i]
+			break // consume "--" and return the remaining args
+		}
+	}
+
+	if len(args) > 0 && strings.HasSuffix(args[0], ".go") {
+		// Assume args is a list of a *.go files
+		// denoting a single ad hoc package.
+		for _, arg := range args {
+			if !strings.HasSuffix(arg, ".go") {
+				return nil, fmt.Errorf("named files must be .go files: %s", arg)
+			}
+		}
+		conf.CreateFromFilenames("", args...)
+	} else {
+		// Assume args are directories each denoting a
+		// package and (perhaps) an external test, iff xtest.
+		for _, arg := range args {
+			if xtest {
+				conf.ImportWithTests(arg)
+			} else {
+				conf.Import(arg)
+			}
+		}
+	}
+
+	return rest, nil
+}
+
+// CreateFromFilenames is a convenience function that adds
+// a conf.CreatePkgs entry to create a package of the specified *.go
+// files.
+//
+func (conf *Config) CreateFromFilenames(path string, filenames ...string) {
+	conf.CreatePkgs = append(conf.CreatePkgs, PkgSpec{Path: path, Filenames: filenames})
+}
+
+// CreateFromFiles is a convenience function that adds a conf.CreatePkgs
+// entry to create package of the specified path and parsed files.
+//
+func (conf *Config) CreateFromFiles(path string, files ...*ast.File) {
+	conf.CreatePkgs = append(conf.CreatePkgs, PkgSpec{Path: path, Files: files})
+}
+
+// ImportWithTests is a convenience function that adds path to
+// ImportPkgs, the set of initial source packages located relative to
+// $GOPATH.  The package will be augmented by any *_test.go files in
+// its directory that contain a "package x" (not "package x_test")
+// declaration.
+//
+// In addition, if any *_test.go files contain a "package x_test"
+// declaration, an additional package comprising just those files will
+// be added to CreatePkgs.
+//
+func (conf *Config) ImportWithTests(path string) { conf.addImport(path, true) }
+
+// Import is a convenience function that adds path to ImportPkgs, the
+// set of initial packages that will be imported from source.
+//
+func (conf *Config) Import(path string) { conf.addImport(path, false) }
+
+func (conf *Config) addImport(path string, tests bool) {
+	if path == "C" {
+		return // ignore; not a real package
+	}
+	if conf.ImportPkgs == nil {
+		conf.ImportPkgs = make(map[string]bool)
+	}
+	conf.ImportPkgs[path] = conf.ImportPkgs[path] || tests
+}
+
+// PathEnclosingInterval returns the PackageInfo and ast.Node that
+// contain source interval [start, end), and all the node's ancestors
+// up to the AST root.  It searches all ast.Files of all packages in prog.
+// exact is defined as for astutil.PathEnclosingInterval.
+//
+// The zero value is returned if not found.
+//
+func (prog *Program) PathEnclosingInterval(start, end token.Pos) (pkg *PackageInfo, path []ast.Node, exact bool) {
+	for _, info := range prog.AllPackages {
+		for _, f := range info.Files {
+			if f.Pos() == token.NoPos {
+				// This can happen if the parser saw
+				// too many errors and bailed out.
+				// (Use parser.AllErrors to prevent that.)
+				continue
+			}
+			if !tokenFileContainsPos(prog.Fset.File(f.Pos()), start) {
+				continue
+			}
+			if path, exact := astutil.PathEnclosingInterval(f, start, end); path != nil {
+				return info, path, exact
+			}
+		}
+	}
+	return nil, nil, false
+}
+
+// InitialPackages returns a new slice containing the set of initial
+// packages (Created + Imported) in unspecified order.
+//
+func (prog *Program) InitialPackages() []*PackageInfo {
+	infos := make([]*PackageInfo, 0, len(prog.Created)+len(prog.Imported))
+	infos = append(infos, prog.Created...)
+	for _, info := range prog.Imported {
+		infos = append(infos, info)
+	}
+	return infos
+}
+
+// Package returns the ASTs and results of type checking for the
+// specified package.
+func (prog *Program) Package(path string) *PackageInfo {
+	if info, ok := prog.AllPackages[prog.importMap[path]]; ok {
+		return info
+	}
+	for _, info := range prog.Created {
+		if path == info.Pkg.Path() {
+			return info
+		}
+	}
+	return nil
+}
+
+// ---------- Implementation ----------
+
+// importer holds the working state of the algorithm.
+type importer struct {
+	conf  *Config   // the client configuration
+	start time.Time // for logging
+
+	progMu sync.Mutex // guards prog
+	prog   *Program   // the resulting program
+
+	// findpkg is a memoization of FindPackage.
+	findpkgMu sync.Mutex // guards findpkg
+	findpkg   map[findpkgKey]*findpkgValue
+
+	importedMu sync.Mutex             // guards imported
+	imported   map[string]*importInfo // all imported packages (incl. failures) by import path
+
+	// import dependency graph: graph[x][y] => x imports y
+	//
+	// Since non-importable packages cannot be cyclic, we ignore
+	// their imports, thus we only need the subgraph over importable
+	// packages.  Nodes are identified by their import paths.
+	graphMu sync.Mutex
+	graph   map[string]map[string]bool
+}
+
+type findpkgKey struct {
+	importPath string
+	fromDir    string
+	mode       build.ImportMode
+}
+
+type findpkgValue struct {
+	ready chan struct{} // closed to broadcast readiness
+	bp    *build.Package
+	err   error
+}
+
+// importInfo tracks the success or failure of a single import.
+//
+// Upon completion, exactly one of info and err is non-nil:
+// info on successful creation of a package, err otherwise.
+// A successful package may still contain type errors.
+//
+type importInfo struct {
+	path     string        // import path
+	info     *PackageInfo  // results of typechecking (including errors)
+	complete chan struct{} // closed to broadcast that info is set.
+}
+
+// awaitCompletion blocks until ii is complete,
+// i.e. the info field is safe to inspect.
+func (ii *importInfo) awaitCompletion() {
+	<-ii.complete // wait for close
+}
+
+// Complete marks ii as complete.
+// Its info and err fields will not be subsequently updated.
+func (ii *importInfo) Complete(info *PackageInfo) {
+	if info == nil {
+		panic("info == nil")
+	}
+	ii.info = info
+	close(ii.complete)
+}
+
+type importError struct {
+	path string // import path
+	err  error  // reason for failure to create a package
+}
+
+// Load creates the initial packages specified by conf.{Create,Import}Pkgs,
+// loading their dependencies packages as needed.
+//
+// On success, Load returns a Program containing a PackageInfo for
+// each package.  On failure, it returns an error.
+//
+// If AllowErrors is true, Load will return a Program even if some
+// packages contained I/O, parser or type errors, or if dependencies
+// were missing.  (Such errors are accessible via PackageInfo.Errors.  If
+// false, Load will fail if any package had an error.
+//
+// It is an error if no packages were loaded.
+//
+func (conf *Config) Load() (*Program, error) {
+	// Create a simple default error handler for parse/type errors.
+	if conf.TypeChecker.Error == nil {
+		conf.TypeChecker.Error = func(e error) { fmt.Fprintln(os.Stderr, e) }
+	}
+
+	// Set default working directory for relative package references.
+	if conf.Cwd == "" {
+		var err error
+		conf.Cwd, err = os.Getwd()
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	// Install default FindPackage hook using go/build logic.
+	if conf.FindPackage == nil {
+		conf.FindPackage = (*build.Context).Import
+	}
+
+	prog := &Program{
+		Fset:        conf.fset(),
+		Imported:    make(map[string]*PackageInfo),
+		importMap:   make(map[string]*types.Package),
+		AllPackages: make(map[*types.Package]*PackageInfo),
+	}
+
+	imp := importer{
+		conf:     conf,
+		prog:     prog,
+		findpkg:  make(map[findpkgKey]*findpkgValue),
+		imported: make(map[string]*importInfo),
+		start:    time.Now(),
+		graph:    make(map[string]map[string]bool),
+	}
+
+	// -- loading proper (concurrent phase) --------------------------------
+
+	var errpkgs []string // packages that contained errors
+
+	// Load the initially imported packages and their dependencies,
+	// in parallel.
+	// No vendor check on packages imported from the command line.
+	infos, importErrors := imp.importAll("", conf.Cwd, conf.ImportPkgs, ignoreVendor)
+	for _, ie := range importErrors {
+		conf.TypeChecker.Error(ie.err) // failed to create package
+		errpkgs = append(errpkgs, ie.path)
+	}
+	for _, info := range infos {
+		prog.Imported[info.Pkg.Path()] = info
+	}
+
+	// Augment the designated initial packages by their tests.
+	// Dependencies are loaded in parallel.
+	var xtestPkgs []*build.Package
+	for importPath, augment := range conf.ImportPkgs {
+		if !augment {
+			continue
+		}
+
+		// No vendor check on packages imported from command line.
+		bp, err := imp.findPackage(importPath, conf.Cwd, ignoreVendor)
+		if err != nil {
+			// Package not found, or can't even parse package declaration.
+			// Already reported by previous loop; ignore it.
+			continue
+		}
+
+		// Needs external test package?
+		if len(bp.XTestGoFiles) > 0 {
+			xtestPkgs = append(xtestPkgs, bp)
+		}
+
+		// Consult the cache using the canonical package path.
+		path := bp.ImportPath
+		imp.importedMu.Lock() // (unnecessary, we're sequential here)
+		ii, ok := imp.imported[path]
+		// Paranoid checks added due to issue #11012.
+		if !ok {
+			// Unreachable.
+			// The previous loop called importAll and thus
+			// startLoad for each path in ImportPkgs, which
+			// populates imp.imported[path] with a non-zero value.
+			panic(fmt.Sprintf("imported[%q] not found", path))
+		}
+		if ii == nil {
+			// Unreachable.
+			// The ii values in this loop are the same as in
+			// the previous loop, which enforced the invariant
+			// that at least one of ii.err and ii.info is non-nil.
+			panic(fmt.Sprintf("imported[%q] == nil", path))
+		}
+		if ii.info == nil {
+			// Unreachable.
+			// awaitCompletion has the postcondition
+			// ii.info != nil.
+			panic(fmt.Sprintf("imported[%q].info = nil", path))
+		}
+		info := ii.info
+		imp.importedMu.Unlock()
+
+		// Parse the in-package test files.
+		files, errs := imp.conf.parsePackageFiles(bp, 't')
+		for _, err := range errs {
+			info.appendError(err)
+		}
+
+		// The test files augmenting package P cannot be imported,
+		// but may import packages that import P,
+		// so we must disable the cycle check.
+		imp.addFiles(info, files, false)
+	}
+
+	createPkg := func(path, dir string, files []*ast.File, errs []error) {
+		info := imp.newPackageInfo(path, dir)
+		for _, err := range errs {
+			info.appendError(err)
+		}
+
+		// Ad hoc packages are non-importable,
+		// so no cycle check is needed.
+		// addFiles loads dependencies in parallel.
+		imp.addFiles(info, files, false)
+		prog.Created = append(prog.Created, info)
+	}
+
+	// Create packages specified by conf.CreatePkgs.
+	for _, cp := range conf.CreatePkgs {
+		files, errs := parseFiles(conf.fset(), conf.build(), nil, conf.Cwd, cp.Filenames, conf.ParserMode)
+		files = append(files, cp.Files...)
+
+		path := cp.Path
+		if path == "" {
+			if len(files) > 0 {
+				path = files[0].Name.Name
+			} else {
+				path = "(unnamed)"
+			}
+		}
+
+		dir := conf.Cwd
+		if len(files) > 0 && files[0].Pos().IsValid() {
+			dir = filepath.Dir(conf.fset().File(files[0].Pos()).Name())
+		}
+		createPkg(path, dir, files, errs)
+	}
+
+	// Create external test packages.
+	sort.Sort(byImportPath(xtestPkgs))
+	for _, bp := range xtestPkgs {
+		files, errs := imp.conf.parsePackageFiles(bp, 'x')
+		createPkg(bp.ImportPath+"_test", bp.Dir, files, errs)
+	}
+
+	// -- finishing up (sequential) ----------------------------------------
+
+	if len(prog.Imported)+len(prog.Created) == 0 {
+		return nil, errors.New("no initial packages were loaded")
+	}
+
+	// Create infos for indirectly imported packages.
+	// e.g. incomplete packages without syntax, loaded from export data.
+	for _, obj := range prog.importMap {
+		info := prog.AllPackages[obj]
+		if info == nil {
+			prog.AllPackages[obj] = &PackageInfo{Pkg: obj, Importable: true}
+		} else {
+			// finished
+			info.checker = nil
+			info.errorFunc = nil
+		}
+	}
+
+	if !conf.AllowErrors {
+		// Report errors in indirectly imported packages.
+		for _, info := range prog.AllPackages {
+			if len(info.Errors) > 0 {
+				errpkgs = append(errpkgs, info.Pkg.Path())
+			}
+		}
+		if errpkgs != nil {
+			var more string
+			if len(errpkgs) > 3 {
+				more = fmt.Sprintf(" and %d more", len(errpkgs)-3)
+				errpkgs = errpkgs[:3]
+			}
+			return nil, fmt.Errorf("couldn't load packages due to errors: %s%s",
+				strings.Join(errpkgs, ", "), more)
+		}
+	}
+
+	markErrorFreePackages(prog.AllPackages)
+
+	return prog, nil
+}
+
+type byImportPath []*build.Package
+
+func (b byImportPath) Len() int           { return len(b) }
+func (b byImportPath) Less(i, j int) bool { return b[i].ImportPath < b[j].ImportPath }
+func (b byImportPath) Swap(i, j int)      { b[i], b[j] = b[j], b[i] }
+
+// markErrorFreePackages sets the TransitivelyErrorFree flag on all
+// applicable packages.
+func markErrorFreePackages(allPackages map[*types.Package]*PackageInfo) {
+	// Build the transpose of the import graph.
+	importedBy := make(map[*types.Package]map[*types.Package]bool)
+	for P := range allPackages {
+		for _, Q := range P.Imports() {
+			clients, ok := importedBy[Q]
+			if !ok {
+				clients = make(map[*types.Package]bool)
+				importedBy[Q] = clients
+			}
+			clients[P] = true
+		}
+	}
+
+	// Find all packages reachable from some error package.
+	reachable := make(map[*types.Package]bool)
+	var visit func(*types.Package)
+	visit = func(p *types.Package) {
+		if !reachable[p] {
+			reachable[p] = true
+			for q := range importedBy[p] {
+				visit(q)
+			}
+		}
+	}
+	for _, info := range allPackages {
+		if len(info.Errors) > 0 {
+			visit(info.Pkg)
+		}
+	}
+
+	// Mark the others as "transitively error-free".
+	for _, info := range allPackages {
+		if !reachable[info.Pkg] {
+			info.TransitivelyErrorFree = true
+		}
+	}
+}
+
+// build returns the effective build context.
+func (conf *Config) build() *build.Context {
+	if conf.Build != nil {
+		return conf.Build
+	}
+	return &build.Default
+}
+
+// parsePackageFiles enumerates the files belonging to package path,
+// then loads, parses and returns them, plus a list of I/O or parse
+// errors that were encountered.
+//
+// 'which' indicates which files to include:
+//    'g': include non-test *.go source files (GoFiles + processed CgoFiles)
+//    't': include in-package *_test.go source files (TestGoFiles)
+//    'x': include external *_test.go source files. (XTestGoFiles)
+//
+func (conf *Config) parsePackageFiles(bp *build.Package, which rune) ([]*ast.File, []error) {
+	if bp.ImportPath == "unsafe" {
+		return nil, nil
+	}
+	var filenames []string
+	switch which {
+	case 'g':
+		filenames = bp.GoFiles
+	case 't':
+		filenames = bp.TestGoFiles
+	case 'x':
+		filenames = bp.XTestGoFiles
+	default:
+		panic(which)
+	}
+
+	files, errs := parseFiles(conf.fset(), conf.build(), conf.DisplayPath, bp.Dir, filenames, conf.ParserMode)
+
+	// Preprocess CgoFiles and parse the outputs (sequentially).
+	if which == 'g' && bp.CgoFiles != nil {
+		cgofiles, err := cgo.ProcessFiles(bp, conf.fset(), conf.DisplayPath, conf.ParserMode)
+		if err != nil {
+			errs = append(errs, err)
+		} else {
+			files = append(files, cgofiles...)
+		}
+	}
+
+	return files, errs
+}
+
+// doImport imports the package denoted by path.
+// It implements the types.Importer signature.
+//
+// It returns an error if a package could not be created
+// (e.g. go/build or parse error), but type errors are reported via
+// the types.Config.Error callback (the first of which is also saved
+// in the package's PackageInfo).
+//
+// Idempotent.
+//
+func (imp *importer) doImport(from *PackageInfo, to string) (*types.Package, error) {
+	if to == "C" {
+		// This should be unreachable, but ad hoc packages are
+		// not currently subject to cgo preprocessing.
+		// See https://golang.org/issue/11627.
+		return nil, fmt.Errorf(`the loader doesn't cgo-process ad hoc packages like %q; see Go issue 11627`,
+			from.Pkg.Path())
+	}
+
+	bp, err := imp.findPackage(to, from.dir, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	// The standard unsafe package is handled specially,
+	// and has no PackageInfo.
+	if bp.ImportPath == "unsafe" {
+		return types.Unsafe, nil
+	}
+
+	// Look for the package in the cache using its canonical path.
+	path := bp.ImportPath
+	imp.importedMu.Lock()
+	ii := imp.imported[path]
+	imp.importedMu.Unlock()
+	if ii == nil {
+		panic("internal error: unexpected import: " + path)
+	}
+	if ii.info != nil {
+		return ii.info.Pkg, nil
+	}
+
+	// Import of incomplete package: this indicates a cycle.
+	fromPath := from.Pkg.Path()
+	if cycle := imp.findPath(path, fromPath); cycle != nil {
+		// Normalize cycle: start from alphabetically largest node.
+		pos, start := -1, ""
+		for i, s := range cycle {
+			if pos < 0 || s > start {
+				pos, start = i, s
+			}
+		}
+		cycle = append(cycle, cycle[:pos]...)[pos:] // rotate cycle to start from largest
+		cycle = append(cycle, cycle[0])             // add start node to end to show cycliness
+		return nil, fmt.Errorf("import cycle: %s", strings.Join(cycle, " -> "))
+	}
+
+	panic("internal error: import of incomplete (yet acyclic) package: " + fromPath)
+}
+
+// findPackage locates the package denoted by the importPath in the
+// specified directory.
+func (imp *importer) findPackage(importPath, fromDir string, mode build.ImportMode) (*build.Package, error) {
+	// We use a non-blocking duplicate-suppressing cache (gopl.io §9.7)
+	// to avoid holding the lock around FindPackage.
+	key := findpkgKey{importPath, fromDir, mode}
+	imp.findpkgMu.Lock()
+	v, ok := imp.findpkg[key]
+	if ok {
+		// cache hit
+		imp.findpkgMu.Unlock()
+
+		<-v.ready // wait for entry to become ready
+	} else {
+		// Cache miss: this goroutine becomes responsible for
+		// populating the map entry and broadcasting its readiness.
+		v = &findpkgValue{ready: make(chan struct{})}
+		imp.findpkg[key] = v
+		imp.findpkgMu.Unlock()
+
+		ioLimit <- true
+		v.bp, v.err = imp.conf.FindPackage(imp.conf.build(), importPath, fromDir, mode)
+		<-ioLimit
+
+		if _, ok := v.err.(*build.NoGoError); ok {
+			v.err = nil // empty directory is not an error
+		}
+
+		close(v.ready) // broadcast ready condition
+	}
+	return v.bp, v.err
+}
+
+// importAll loads, parses, and type-checks the specified packages in
+// parallel and returns their completed importInfos in unspecified order.
+//
+// fromPath is the package path of the importing package, if it is
+// importable, "" otherwise.  It is used for cycle detection.
+//
+// fromDir is the directory containing the import declaration that
+// caused these imports.
+//
+func (imp *importer) importAll(fromPath, fromDir string, imports map[string]bool, mode build.ImportMode) (infos []*PackageInfo, errors []importError) {
+	// TODO(adonovan): opt: do the loop in parallel once
+	// findPackage is non-blocking.
+	var pending []*importInfo
+	for importPath := range imports {
+		bp, err := imp.findPackage(importPath, fromDir, mode)
+		if err != nil {
+			errors = append(errors, importError{
+				path: importPath,
+				err:  err,
+			})
+			continue
+		}
+		pending = append(pending, imp.startLoad(bp))
+	}
+
+	if fromPath != "" {
+		// We're loading a set of imports.
+		//
+		// We must record graph edges from the importing package
+		// to its dependencies, and check for cycles.
+		imp.graphMu.Lock()
+		deps, ok := imp.graph[fromPath]
+		if !ok {
+			deps = make(map[string]bool)
+			imp.graph[fromPath] = deps
+		}
+		for _, ii := range pending {
+			deps[ii.path] = true
+		}
+		imp.graphMu.Unlock()
+	}
+
+	for _, ii := range pending {
+		if fromPath != "" {
+			if cycle := imp.findPath(ii.path, fromPath); cycle != nil {
+				// Cycle-forming import: we must not await its
+				// completion since it would deadlock.
+				//
+				// We don't record the error in ii since
+				// the error is really associated with the
+				// cycle-forming edge, not the package itself.
+				// (Also it would complicate the
+				// invariants of importPath completion.)
+				if trace {
+					fmt.Fprintf(os.Stderr, "import cycle: %q\n", cycle)
+				}
+				continue
+			}
+		}
+		ii.awaitCompletion()
+		infos = append(infos, ii.info)
+	}
+
+	return infos, errors
+}
+
+// findPath returns an arbitrary path from 'from' to 'to' in the import
+// graph, or nil if there was none.
+func (imp *importer) findPath(from, to string) []string {
+	imp.graphMu.Lock()
+	defer imp.graphMu.Unlock()
+
+	seen := make(map[string]bool)
+	var search func(stack []string, importPath string) []string
+	search = func(stack []string, importPath string) []string {
+		if !seen[importPath] {
+			seen[importPath] = true
+			stack = append(stack, importPath)
+			if importPath == to {
+				return stack
+			}
+			for x := range imp.graph[importPath] {
+				if p := search(stack, x); p != nil {
+					return p
+				}
+			}
+		}
+		return nil
+	}
+	return search(make([]string, 0, 20), from)
+}
+
+// startLoad initiates the loading, parsing and type-checking of the
+// specified package and its dependencies, if it has not already begun.
+//
+// It returns an importInfo, not necessarily in a completed state.  The
+// caller must call awaitCompletion() before accessing its info field.
+//
+// startLoad is concurrency-safe and idempotent.
+//
+func (imp *importer) startLoad(bp *build.Package) *importInfo {
+	path := bp.ImportPath
+	imp.importedMu.Lock()
+	ii, ok := imp.imported[path]
+	if !ok {
+		ii = &importInfo{path: path, complete: make(chan struct{})}
+		imp.imported[path] = ii
+		go func() {
+			info := imp.load(bp)
+			ii.Complete(info)
+		}()
+	}
+	imp.importedMu.Unlock()
+
+	return ii
+}
+
+// load implements package loading by parsing Go source files
+// located by go/build.
+func (imp *importer) load(bp *build.Package) *PackageInfo {
+	info := imp.newPackageInfo(bp.ImportPath, bp.Dir)
+	info.Importable = true
+	files, errs := imp.conf.parsePackageFiles(bp, 'g')
+	for _, err := range errs {
+		info.appendError(err)
+	}
+
+	imp.addFiles(info, files, true)
+
+	imp.progMu.Lock()
+	imp.prog.importMap[bp.ImportPath] = info.Pkg
+	imp.progMu.Unlock()
+
+	return info
+}
+
+// addFiles adds and type-checks the specified files to info, loading
+// their dependencies if needed.  The order of files determines the
+// package initialization order.  It may be called multiple times on the
+// same package.  Errors are appended to the info.Errors field.
+//
+// cycleCheck determines whether the imports within files create
+// dependency edges that should be checked for potential cycles.
+//
+func (imp *importer) addFiles(info *PackageInfo, files []*ast.File, cycleCheck bool) {
+	// Ensure the dependencies are loaded, in parallel.
+	var fromPath string
+	if cycleCheck {
+		fromPath = info.Pkg.Path()
+	}
+	// TODO(adonovan): opt: make the caller do scanImports.
+	// Callers with a build.Package can skip it.
+	imp.importAll(fromPath, info.dir, scanImports(files), 0)
+
+	if trace {
+		fmt.Fprintf(os.Stderr, "%s: start %q (%d)\n",
+			time.Since(imp.start), info.Pkg.Path(), len(files))
+	}
+
+	// Don't call checker.Files on Unsafe, even with zero files,
+	// because it would mutate the package, which is a global.
+	if info.Pkg == types.Unsafe {
+		if len(files) > 0 {
+			panic(`"unsafe" package contains unexpected files`)
+		}
+	} else {
+		// Ignore the returned (first) error since we
+		// already collect them all in the PackageInfo.
+		info.checker.Files(files)
+		info.Files = append(info.Files, files...)
+	}
+
+	if imp.conf.AfterTypeCheck != nil {
+		imp.conf.AfterTypeCheck(info, files)
+	}
+
+	if trace {
+		fmt.Fprintf(os.Stderr, "%s: stop %q\n",
+			time.Since(imp.start), info.Pkg.Path())
+	}
+}
+
+func (imp *importer) newPackageInfo(path, dir string) *PackageInfo {
+	var pkg *types.Package
+	if path == "unsafe" {
+		pkg = types.Unsafe
+	} else {
+		pkg = types.NewPackage(path, "")
+	}
+	info := &PackageInfo{
+		Pkg: pkg,
+		Info: types.Info{
+			Types:      make(map[ast.Expr]types.TypeAndValue),
+			Defs:       make(map[*ast.Ident]types.Object),
+			Uses:       make(map[*ast.Ident]types.Object),
+			Implicits:  make(map[ast.Node]types.Object),
+			Scopes:     make(map[ast.Node]*types.Scope),
+			Selections: make(map[*ast.SelectorExpr]*types.Selection),
+		},
+		errorFunc: imp.conf.TypeChecker.Error,
+		dir:       dir,
+	}
+
+	// Copy the types.Config so we can vary it across PackageInfos.
+	tc := imp.conf.TypeChecker
+	tc.IgnoreFuncBodies = false
+	if f := imp.conf.TypeCheckFuncBodies; f != nil {
+		tc.IgnoreFuncBodies = !f(path)
+	}
+	tc.Importer = closure{imp, info}
+	tc.Error = info.appendError // appendError wraps the user's Error function
+
+	info.checker = types.NewChecker(&tc, imp.conf.fset(), pkg, &info.Info)
+	imp.progMu.Lock()
+	imp.prog.AllPackages[pkg] = info
+	imp.progMu.Unlock()
+	return info
+}
+
+type closure struct {
+	imp  *importer
+	info *PackageInfo
+}
+
+func (c closure) Import(to string) (*types.Package, error) { return c.imp.doImport(c.info, to) }
diff --git a/vendor/golang.org/x/tools/go/loader/util.go b/vendor/golang.org/x/tools/go/loader/util.go
new file mode 100644
index 00000000..7f38dd74
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/loader/util.go
@@ -0,0 +1,124 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package loader
+
+import (
+	"go/ast"
+	"go/build"
+	"go/parser"
+	"go/token"
+	"io"
+	"os"
+	"strconv"
+	"sync"
+
+	"golang.org/x/tools/go/buildutil"
+)
+
+// We use a counting semaphore to limit
+// the number of parallel I/O calls per process.
+var ioLimit = make(chan bool, 10)
+
+// parseFiles parses the Go source files within directory dir and
+// returns the ASTs of the ones that could be at least partially parsed,
+// along with a list of I/O and parse errors encountered.
+//
+// I/O is done via ctxt, which may specify a virtual file system.
+// displayPath is used to transform the filenames attached to the ASTs.
+//
+func parseFiles(fset *token.FileSet, ctxt *build.Context, displayPath func(string) string, dir string, files []string, mode parser.Mode) ([]*ast.File, []error) {
+	if displayPath == nil {
+		displayPath = func(path string) string { return path }
+	}
+	var wg sync.WaitGroup
+	n := len(files)
+	parsed := make([]*ast.File, n)
+	errors := make([]error, n)
+	for i, file := range files {
+		if !buildutil.IsAbsPath(ctxt, file) {
+			file = buildutil.JoinPath(ctxt, dir, file)
+		}
+		wg.Add(1)
+		go func(i int, file string) {
+			ioLimit <- true // wait
+			defer func() {
+				wg.Done()
+				<-ioLimit // signal
+			}()
+			var rd io.ReadCloser
+			var err error
+			if ctxt.OpenFile != nil {
+				rd, err = ctxt.OpenFile(file)
+			} else {
+				rd, err = os.Open(file)
+			}
+			if err != nil {
+				errors[i] = err // open failed
+				return
+			}
+
+			// ParseFile may return both an AST and an error.
+			parsed[i], errors[i] = parser.ParseFile(fset, displayPath(file), rd, mode)
+			rd.Close()
+		}(i, file)
+	}
+	wg.Wait()
+
+	// Eliminate nils, preserving order.
+	var o int
+	for _, f := range parsed {
+		if f != nil {
+			parsed[o] = f
+			o++
+		}
+	}
+	parsed = parsed[:o]
+
+	o = 0
+	for _, err := range errors {
+		if err != nil {
+			errors[o] = err
+			o++
+		}
+	}
+	errors = errors[:o]
+
+	return parsed, errors
+}
+
+// scanImports returns the set of all import paths from all
+// import specs in the specified files.
+func scanImports(files []*ast.File) map[string]bool {
+	imports := make(map[string]bool)
+	for _, f := range files {
+		for _, decl := range f.Decls {
+			if decl, ok := decl.(*ast.GenDecl); ok && decl.Tok == token.IMPORT {
+				for _, spec := range decl.Specs {
+					spec := spec.(*ast.ImportSpec)
+
+					// NB: do not assume the program is well-formed!
+					path, err := strconv.Unquote(spec.Path.Value)
+					if err != nil {
+						continue // quietly ignore the error
+					}
+					if path == "C" {
+						continue // skip pseudopackage
+					}
+					imports[path] = true
+				}
+			}
+		}
+	}
+	return imports
+}
+
+// ---------- Internal helpers ----------
+
+// TODO(adonovan): make this a method: func (*token.File) Contains(token.Pos)
+func tokenFileContainsPos(f *token.File, pos token.Pos) bool {
+	p := int(pos)
+	base := f.Base()
+	return base <= p && p < base+f.Size()
+}
diff --git a/vendor/golang.org/x/tools/go/packages/golist.go b/vendor/golang.org/x/tools/go/packages/golist.go
index 2ac7c02a..bc04503c 100644
--- a/vendor/golang.org/x/tools/go/packages/golist.go
+++ b/vendor/golang.org/x/tools/go/packages/golist.go
@@ -6,26 +6,25 @@ package packages
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"go/types"
-	"io/ioutil"
 	"log"
 	"os"
 	"os/exec"
 	"path"
 	"path/filepath"
 	"reflect"
-	"regexp"
+	"sort"
 	"strconv"
 	"strings"
 	"sync"
-	"time"
 	"unicode"
 
 	"golang.org/x/tools/go/internal/packagesdriver"
-	"golang.org/x/tools/internal/gopathwalk"
-	"golang.org/x/tools/internal/semver"
+	"golang.org/x/tools/internal/gocommand"
+	"golang.org/x/xerrors"
 )
 
 // debug controls verbose logging.
@@ -44,16 +43,21 @@ type responseDeduper struct {
 	dr           *driverResponse
 }
 
-// init fills in r with a driverResponse.
-func (r *responseDeduper) init(dr *driverResponse) {
-	r.dr = dr
-	r.seenRoots = map[string]bool{}
-	r.seenPackages = map[string]*Package{}
+func newDeduper() *responseDeduper {
+	return &responseDeduper{
+		dr:           &driverResponse{},
+		seenRoots:    map[string]bool{},
+		seenPackages: map[string]*Package{},
+	}
+}
+
+// addAll fills in r with a driverResponse.
+func (r *responseDeduper) addAll(dr *driverResponse) {
 	for _, pkg := range dr.Packages {
-		r.seenPackages[pkg.ID] = pkg
+		r.addPackage(pkg)
 	}
 	for _, root := range dr.Roots {
-		r.seenRoots[root] = true
+		r.addRoot(root)
 	}
 }
 
@@ -73,25 +77,51 @@ func (r *responseDeduper) addRoot(id string) {
 	r.dr.Roots = append(r.dr.Roots, id)
 }
 
-// goInfo contains global information from the go tool.
-type goInfo struct {
-	rootDirs map[string]string
-	env      goEnv
+type golistState struct {
+	cfg *Config
+	ctx context.Context
+
+	envOnce    sync.Once
+	goEnvError error
+	goEnv      map[string]string
+
+	rootsOnce     sync.Once
+	rootDirsError error
+	rootDirs      map[string]string
+
+	goVersionOnce  sync.Once
+	goVersionError error
+	goVersion      string // third field of 'go version'
+
+	// vendorDirs caches the (non)existence of vendor directories.
+	vendorDirs map[string]bool
 }
 
-type goEnv struct {
-	modulesOn bool
+// getEnv returns Go environment variables. Only specific variables are
+// populated -- computing all of them is slow.
+func (state *golistState) getEnv() (map[string]string, error) {
+	state.envOnce.Do(func() {
+		var b *bytes.Buffer
+		b, state.goEnvError = state.invokeGo("env", "-json", "GOMOD", "GOPATH")
+		if state.goEnvError != nil {
+			return
+		}
+
+		state.goEnv = make(map[string]string)
+		decoder := json.NewDecoder(b)
+		if state.goEnvError = decoder.Decode(&state.goEnv); state.goEnvError != nil {
+			return
+		}
+	})
+	return state.goEnv, state.goEnvError
 }
 
-func determineEnv(cfg *Config) goEnv {
-	buf, err := invokeGo(cfg, "env", "GOMOD")
+// mustGetEnv is a convenience function that can be used if getEnv has already succeeded.
+func (state *golistState) mustGetEnv() map[string]string {
+	env, err := state.getEnv()
 	if err != nil {
-		return goEnv{}
+		panic(fmt.Sprintf("mustGetEnv: %v", err))
 	}
-	gomod := bytes.TrimSpace(buf.Bytes())
-
-	env := goEnv{}
-	env.modulesOn = len(gomod) > 0
 	return env
 }
 
@@ -99,47 +129,38 @@ func determineEnv(cfg *Config) goEnv {
 // the build system package structure.
 // See driver for more details.
 func goListDriver(cfg *Config, patterns ...string) (*driverResponse, error) {
-	var sizes types.Sizes
+	// Make sure that any asynchronous go commands are killed when we return.
+	parentCtx := cfg.Context
+	if parentCtx == nil {
+		parentCtx = context.Background()
+	}
+	ctx, cancel := context.WithCancel(parentCtx)
+	defer cancel()
+
+	response := newDeduper()
+
+	// Fill in response.Sizes asynchronously if necessary.
 	var sizeserr error
 	var sizeswg sync.WaitGroup
 	if cfg.Mode&NeedTypesSizes != 0 || cfg.Mode&NeedTypes != 0 {
 		sizeswg.Add(1)
 		go func() {
-			sizes, sizeserr = getSizes(cfg)
+			var sizes types.Sizes
+			sizes, sizeserr = packagesdriver.GetSizesGolist(ctx, cfg.BuildFlags, cfg.Env, cfg.gocmdRunner, cfg.Dir)
+			// types.SizesFor always returns nil or a *types.StdSizes.
+			response.dr.Sizes, _ = sizes.(*types.StdSizes)
 			sizeswg.Done()
 		}()
 	}
-	defer sizeswg.Wait()
 
-	// start fetching rootDirs
-	var info goInfo
-	var rootDirsReady, envReady = make(chan struct{}), make(chan struct{})
-	go func() {
-		info.rootDirs = determineRootDirs(cfg)
-		close(rootDirsReady)
-	}()
-	go func() {
-		info.env = determineEnv(cfg)
-		close(envReady)
-	}()
-	getGoInfo := func() *goInfo {
-		<-rootDirsReady
-		<-envReady
-		return &info
-	}
-
-	// Ensure that we don't leak goroutines: Load is synchronous, so callers will
-	// not expect it to access the fields of cfg after the call returns.
-	defer getGoInfo()
-
-	// always pass getGoInfo to golistDriver
-	golistDriver := func(cfg *Config, patterns ...string) (*driverResponse, error) {
-		return golistDriver(cfg, getGoInfo, patterns...)
+	state := &golistState{
+		cfg:        cfg,
+		ctx:        ctx,
+		vendorDirs: map[string]bool{},
 	}
 
 	// Determine files requested in contains patterns
 	var containFiles []string
-	var packagesNamed []string
 	restPatterns := make([]string, 0, len(patterns))
 	// Extract file= and other [querytype]= patterns. Report an error if querytype
 	// doesn't exist.
@@ -155,8 +176,6 @@ extractQueries:
 				containFiles = append(containFiles, value)
 			case "pattern":
 				restPatterns = append(restPatterns, value)
-			case "iamashamedtousethedisabledqueryname":
-				packagesNamed = append(packagesNamed, value)
 			case "": // not a reserved query
 				restPatterns = append(restPatterns, pattern)
 			default:
@@ -172,52 +191,34 @@ extractQueries:
 		}
 	}
 
-	response := &responseDeduper{}
-	var err error
-
 	// See if we have any patterns to pass through to go list. Zero initial
 	// patterns also requires a go list call, since it's the equivalent of
 	// ".".
 	if len(restPatterns) > 0 || len(patterns) == 0 {
-		dr, err := golistDriver(cfg, restPatterns...)
+		dr, err := state.createDriverResponse(restPatterns...)
 		if err != nil {
 			return nil, err
 		}
-		response.init(dr)
-	} else {
-		response.init(&driverResponse{})
+		response.addAll(dr)
 	}
 
-	sizeswg.Wait()
-	if sizeserr != nil {
-		return nil, sizeserr
-	}
-	// types.SizesFor always returns nil or a *types.StdSizes
-	response.dr.Sizes, _ = sizes.(*types.StdSizes)
-
-	var containsCandidates []string
-
 	if len(containFiles) != 0 {
-		if err := runContainsQueries(cfg, golistDriver, response, containFiles, getGoInfo); err != nil {
+		if err := state.runContainsQueries(response, containFiles); err != nil {
 			return nil, err
 		}
 	}
 
-	if len(packagesNamed) != 0 {
-		if err := runNamedQueries(cfg, golistDriver, response, packagesNamed); err != nil {
-			return nil, err
-		}
-	}
-
-	modifiedPkgs, needPkgs, err := processGolistOverlay(cfg, response, getGoInfo)
+	modifiedPkgs, needPkgs, err := state.processGolistOverlay(response)
 	if err != nil {
 		return nil, err
 	}
+
+	var containsCandidates []string
 	if len(containFiles) > 0 {
 		containsCandidates = append(containsCandidates, modifiedPkgs...)
 		containsCandidates = append(containsCandidates, needPkgs...)
 	}
-	if err := addNeededOverlayPackages(cfg, golistDriver, response, needPkgs, getGoInfo); err != nil {
+	if err := state.addNeededOverlayPackages(response, needPkgs); err != nil {
 		return nil, err
 	}
 	// Check candidate packages for containFiles.
@@ -245,29 +246,48 @@ extractQueries:
 			}
 		}
 	}
+	// Add root for any package that matches a pattern. This applies only to
+	// packages that are modified by overlays, since they are not added as
+	// roots automatically.
+	for _, pattern := range restPatterns {
+		match := matchPattern(pattern)
+		for _, pkgID := range modifiedPkgs {
+			pkg, ok := response.seenPackages[pkgID]
+			if !ok {
+				continue
+			}
+			if match(pkg.PkgPath) {
+				response.addRoot(pkg.ID)
+			}
+		}
+	}
 
+	sizeswg.Wait()
+	if sizeserr != nil {
+		return nil, sizeserr
+	}
 	return response.dr, nil
 }
 
-func addNeededOverlayPackages(cfg *Config, driver driver, response *responseDeduper, pkgs []string, getGoInfo func() *goInfo) error {
+func (state *golistState) addNeededOverlayPackages(response *responseDeduper, pkgs []string) error {
 	if len(pkgs) == 0 {
 		return nil
 	}
-	dr, err := driver(cfg, pkgs...)
+	dr, err := state.createDriverResponse(pkgs...)
 	if err != nil {
 		return err
 	}
 	for _, pkg := range dr.Packages {
 		response.addPackage(pkg)
 	}
-	_, needPkgs, err := processGolistOverlay(cfg, response, getGoInfo)
+	_, needPkgs, err := state.processGolistOverlay(response)
 	if err != nil {
 		return err
 	}
-	return addNeededOverlayPackages(cfg, driver, response, needPkgs, getGoInfo)
+	return state.addNeededOverlayPackages(response, needPkgs)
 }
 
-func runContainsQueries(cfg *Config, driver driver, response *responseDeduper, queries []string, goInfo func() *goInfo) error {
+func (state *golistState) runContainsQueries(response *responseDeduper, queries []string) error {
 	for _, query := range queries {
 		// TODO(matloob): Do only one query per directory.
 		fdir := filepath.Dir(query)
@@ -277,44 +297,17 @@ func runContainsQueries(cfg *Config, driver driver, response *responseDeduper, q
 		if err != nil {
 			return fmt.Errorf("could not determine absolute path of file= query path %q: %v", query, err)
 		}
-		dirResponse, err := driver(cfg, pattern)
-		if err != nil || (len(dirResponse.Packages) == 1 && len(dirResponse.Packages[0].Errors) == 1) {
-			// There was an error loading the package. Try to load the file as an ad-hoc package.
-			// Usually the error will appear in a returned package, but may not if we're in modules mode
-			// and the ad-hoc is located outside a module.
+		dirResponse, err := state.createDriverResponse(pattern)
+
+		// If there was an error loading the package, or the package is returned
+		// with errors, try to load the file as an ad-hoc package.
+		// Usually the error will appear in a returned package, but may not if we're
+		// in module mode and the ad-hoc is located outside a module.
+		if err != nil || len(dirResponse.Packages) == 1 && len(dirResponse.Packages[0].GoFiles) == 0 &&
+			len(dirResponse.Packages[0].Errors) == 1 {
 			var queryErr error
-			dirResponse, queryErr = driver(cfg, query)
-			if queryErr != nil {
-				// Return the original error if the attempt to fall back failed.
-				return err
-			}
-			// If we get nothing back from `go list`, try to make this file into its own ad-hoc package.
-			if len(dirResponse.Packages) == 0 && queryErr == nil {
-				dirResponse.Packages = append(dirResponse.Packages, &Package{
-					ID:              "command-line-arguments",
-					PkgPath:         query,
-					GoFiles:         []string{query},
-					CompiledGoFiles: []string{query},
-					Imports:         make(map[string]*Package),
-				})
-				dirResponse.Roots = append(dirResponse.Roots, "command-line-arguments")
-			}
-			// Special case to handle issue #33482:
-			// If this is a file= query for ad-hoc packages where the file only exists on an overlay,
-			// and exists outside of a module, add the file in for the package.
-			if len(dirResponse.Packages) == 1 && (dirResponse.Packages[0].ID == "command-line-arguments" ||
-				filepath.ToSlash(dirResponse.Packages[0].PkgPath) == filepath.ToSlash(query)) {
-				if len(dirResponse.Packages[0].GoFiles) == 0 {
-					filename := filepath.Join(pattern, filepath.Base(query)) // avoid recomputing abspath
-					// TODO(matloob): check if the file is outside of a root dir?
-					for path := range cfg.Overlay {
-						if path == filename {
-							dirResponse.Packages[0].Errors = nil
-							dirResponse.Packages[0].GoFiles = []string{path}
-							dirResponse.Packages[0].CompiledGoFiles = []string{path}
-						}
-					}
-				}
+			if dirResponse, queryErr = state.adhocPackage(pattern, query); queryErr != nil {
+				return err // return the original error
 			}
 		}
 		isRoot := make(map[string]bool, len(dirResponse.Roots))
@@ -342,276 +335,47 @@ func runContainsQueries(cfg *Config, driver driver, response *responseDeduper, q
 	return nil
 }
 
-// modCacheRegexp splits a path in a module cache into module, module version, and package.
-var modCacheRegexp = regexp.MustCompile(`(.*)@([^/\\]*)(.*)`)
-
-func runNamedQueries(cfg *Config, driver driver, response *responseDeduper, queries []string) error {
-	// calling `go env` isn't free; bail out if there's nothing to do.
-	if len(queries) == 0 {
-		return nil
-	}
-	// Determine which directories are relevant to scan.
-	roots, modRoot, err := roots(cfg)
+// adhocPackage attempts to load or construct an ad-hoc package for a given
+// query, if the original call to the driver produced inadequate results.
+func (state *golistState) adhocPackage(pattern, query string) (*driverResponse, error) {
+	response, err := state.createDriverResponse(query)
 	if err != nil {
-		return err
+		return nil, err
 	}
-
-	// Scan the selected directories. Simple matches, from GOPATH/GOROOT
-	// or the local module, can simply be "go list"ed. Matches from the
-	// module cache need special treatment.
-	var matchesMu sync.Mutex
-	var simpleMatches, modCacheMatches []string
-	add := func(root gopathwalk.Root, dir string) {
-		// Walk calls this concurrently; protect the result slices.
-		matchesMu.Lock()
-		defer matchesMu.Unlock()
-
-		path := dir
-		if dir != root.Path {
-			path = dir[len(root.Path)+1:]
-		}
-		if pathMatchesQueries(path, queries) {
-			switch root.Type {
-			case gopathwalk.RootModuleCache:
-				modCacheMatches = append(modCacheMatches, path)
-			case gopathwalk.RootCurrentModule:
-				// We'd need to read go.mod to find the full
-				// import path. Relative's easier.
-				rel, err := filepath.Rel(cfg.Dir, dir)
-				if err != nil {
-					// This ought to be impossible, since
-					// we found dir in the current module.
-					panic(err)
-				}
-				simpleMatches = append(simpleMatches, "./"+rel)
-			case gopathwalk.RootGOPATH, gopathwalk.RootGOROOT:
-				simpleMatches = append(simpleMatches, path)
-			}
-		}
-	}
-
-	startWalk := time.Now()
-	gopathwalk.Walk(roots, add, gopathwalk.Options{ModulesEnabled: modRoot != "", Debug: debug})
-	cfg.Logf("%v for walk", time.Since(startWalk))
-
-	// Weird special case: the top-level package in a module will be in
-	// whatever directory the user checked the repository out into. It's
-	// more reasonable for that to not match the package name. So, if there
-	// are any Go files in the mod root, query it just to be safe.
-	if modRoot != "" {
-		rel, err := filepath.Rel(cfg.Dir, modRoot)
-		if err != nil {
-			panic(err) // See above.
-		}
-
-		files, err := ioutil.ReadDir(modRoot)
-		if err != nil {
-			panic(err) // See above.
-		}
-
-		for _, f := range files {
-			if strings.HasSuffix(f.Name(), ".go") {
-				simpleMatches = append(simpleMatches, rel)
-				break
-			}
-		}
-	}
-
-	addResponse := func(r *driverResponse) {
-		for _, pkg := range r.Packages {
-			response.addPackage(pkg)
-			for _, name := range queries {
-				if pkg.Name == name {
-					response.addRoot(pkg.ID)
-					break
-				}
-			}
-		}
-	}
-
-	if len(simpleMatches) != 0 {
-		resp, err := driver(cfg, simpleMatches...)
-		if err != nil {
-			return err
-		}
-		addResponse(resp)
-	}
-
-	// Module cache matches are tricky. We want to avoid downloading new
-	// versions of things, so we need to use the ones present in the cache.
-	// go list doesn't accept version specifiers, so we have to write out a
-	// temporary module, and do the list in that module.
-	if len(modCacheMatches) != 0 {
-		// Collect all the matches, deduplicating by major version
-		// and preferring the newest.
-		type modInfo struct {
-			mod   string
-			major string
-		}
-		mods := make(map[modInfo]string)
-		var imports []string
-		for _, modPath := range modCacheMatches {
-			matches := modCacheRegexp.FindStringSubmatch(modPath)
-			mod, ver := filepath.ToSlash(matches[1]), matches[2]
-			importPath := filepath.ToSlash(filepath.Join(matches[1], matches[3]))
-
-			major := semver.Major(ver)
-			if prevVer, ok := mods[modInfo{mod, major}]; !ok || semver.Compare(ver, prevVer) > 0 {
-				mods[modInfo{mod, major}] = ver
-			}
-
-			imports = append(imports, importPath)
-		}
-
-		// Build the temporary module.
-		var gomod bytes.Buffer
-		gomod.WriteString("module modquery\nrequire (\n")
-		for mod, version := range mods {
-			gomod.WriteString("\t" + mod.mod + " " + version + "\n")
-		}
-		gomod.WriteString(")\n")
-
-		tmpCfg := *cfg
-
-		// We're only trying to look at stuff in the module cache, so
-		// disable the network. This should speed things up, and has
-		// prevented errors in at least one case, #28518.
-		tmpCfg.Env = append([]string{"GOPROXY=off"}, cfg.Env...)
-
-		var err error
-		tmpCfg.Dir, err = ioutil.TempDir("", "gopackages-modquery")
-		if err != nil {
-			return err
-		}
-		defer os.RemoveAll(tmpCfg.Dir)
-
-		if err := ioutil.WriteFile(filepath.Join(tmpCfg.Dir, "go.mod"), gomod.Bytes(), 0777); err != nil {
-			return fmt.Errorf("writing go.mod for module cache query: %v", err)
-		}
-
-		// Run the query, using the import paths calculated from the matches above.
-		resp, err := driver(&tmpCfg, imports...)
-		if err != nil {
-			return fmt.Errorf("querying module cache matches: %v", err)
-		}
-		addResponse(resp)
-	}
-
-	return nil
-}
-
-func getSizes(cfg *Config) (types.Sizes, error) {
-	return packagesdriver.GetSizesGolist(cfg.Context, cfg.BuildFlags, cfg.Env, cfg.Dir, usesExportData(cfg))
-}
-
-// roots selects the appropriate paths to walk based on the passed-in configuration,
-// particularly the environment and the presence of a go.mod in cfg.Dir's parents.
-func roots(cfg *Config) ([]gopathwalk.Root, string, error) {
-	stdout, err := invokeGo(cfg, "env", "GOROOT", "GOPATH", "GOMOD")
-	if err != nil {
-		return nil, "", err
-	}
-
-	fields := strings.Split(stdout.String(), "\n")
-	if len(fields) != 4 || len(fields[3]) != 0 {
-		return nil, "", fmt.Errorf("go env returned unexpected output: %q", stdout.String())
-	}
-	goroot, gopath, gomod := fields[0], filepath.SplitList(fields[1]), fields[2]
-	var modDir string
-	if gomod != "" {
-		modDir = filepath.Dir(gomod)
-	}
-
-	var roots []gopathwalk.Root
-	// Always add GOROOT.
-	roots = append(roots, gopathwalk.Root{
-		Path: filepath.Join(goroot, "/src"),
-		Type: gopathwalk.RootGOROOT,
-	})
-	// If modules are enabled, scan the module dir.
-	if modDir != "" {
-		roots = append(roots, gopathwalk.Root{
-			Path: modDir,
-			Type: gopathwalk.RootCurrentModule,
+	// If we get nothing back from `go list`,
+	// try to make this file into its own ad-hoc package.
+	// TODO(rstambler): Should this check against the original response?
+	if len(response.Packages) == 0 {
+		response.Packages = append(response.Packages, &Package{
+			ID:              "command-line-arguments",
+			PkgPath:         query,
+			GoFiles:         []string{query},
+			CompiledGoFiles: []string{query},
+			Imports:         make(map[string]*Package),
 		})
+		response.Roots = append(response.Roots, "command-line-arguments")
 	}
-	// Add either GOPATH/src or GOPATH/pkg/mod, depending on module mode.
-	for _, p := range gopath {
-		if modDir != "" {
-			roots = append(roots, gopathwalk.Root{
-				Path: filepath.Join(p, "/pkg/mod"),
-				Type: gopathwalk.RootModuleCache,
-			})
-		} else {
-			roots = append(roots, gopathwalk.Root{
-				Path: filepath.Join(p, "/src"),
-				Type: gopathwalk.RootGOPATH,
-			})
-		}
-	}
-
-	return roots, modDir, nil
-}
-
-// These functions were copied from goimports. See further documentation there.
-
-// pathMatchesQueries is adapted from pkgIsCandidate.
-// TODO: is it reasonable to do Contains here, rather than an exact match on a path component?
-func pathMatchesQueries(path string, queries []string) bool {
-	lastTwo := lastTwoComponents(path)
-	for _, query := range queries {
-		if strings.Contains(lastTwo, query) {
-			return true
-		}
-		if hasHyphenOrUpperASCII(lastTwo) && !hasHyphenOrUpperASCII(query) {
-			lastTwo = lowerASCIIAndRemoveHyphen(lastTwo)
-			if strings.Contains(lastTwo, query) {
-				return true
+	// Handle special cases.
+	if len(response.Packages) == 1 {
+		// golang/go#33482: If this is a file= query for ad-hoc packages where
+		// the file only exists on an overlay, and exists outside of a module,
+		// add the file to the package and remove the errors.
+		if response.Packages[0].ID == "command-line-arguments" ||
+			filepath.ToSlash(response.Packages[0].PkgPath) == filepath.ToSlash(query) {
+			if len(response.Packages[0].GoFiles) == 0 {
+				filename := filepath.Join(pattern, filepath.Base(query)) // avoid recomputing abspath
+				// TODO(matloob): check if the file is outside of a root dir?
+				for path := range state.cfg.Overlay {
+					if path == filename {
+						response.Packages[0].Errors = nil
+						response.Packages[0].GoFiles = []string{path}
+						response.Packages[0].CompiledGoFiles = []string{path}
+					}
+				}
 			}
 		}
 	}
-	return false
-}
-
-// lastTwoComponents returns at most the last two path components
-// of v, using either / or \ as the path separator.
-func lastTwoComponents(v string) string {
-	nslash := 0
-	for i := len(v) - 1; i >= 0; i-- {
-		if v[i] == '/' || v[i] == '\\' {
-			nslash++
-			if nslash == 2 {
-				return v[i:]
-			}
-		}
-	}
-	return v
-}
-
-func hasHyphenOrUpperASCII(s string) bool {
-	for i := 0; i < len(s); i++ {
-		b := s[i]
-		if b == '-' || ('A' <= b && b <= 'Z') {
-			return true
-		}
-	}
-	return false
-}
-
-func lowerASCIIAndRemoveHyphen(s string) (ret string) {
-	buf := make([]byte, 0, len(s))
-	for i := 0; i < len(s); i++ {
-		b := s[i]
-		switch {
-		case b == '-':
-			continue
-		case 'A' <= b && b <= 'Z':
-			buf = append(buf, b+('a'-'A'))
-		default:
-			buf = append(buf, b)
-		}
-	}
-	return string(buf)
+	return response, nil
 }
 
 // Fields must match go list;
@@ -636,6 +400,7 @@ type jsonPackage struct {
 	Imports         []string
 	ImportMap       map[string]string
 	Deps            []string
+	Module          *Module
 	TestGoFiles     []string
 	TestImports     []string
 	XTestGoFiles    []string
@@ -656,10 +421,9 @@ func otherFiles(p *jsonPackage) [][]string {
 	return [][]string{p.CFiles, p.CXXFiles, p.MFiles, p.HFiles, p.FFiles, p.SFiles, p.SwigFiles, p.SwigCXXFiles, p.SysoFiles}
 }
 
-// golistDriver uses the "go list" command to expand the pattern
-// words and return metadata for the specified packages. dir may be
-// "" and env may be nil, as per os/exec.Command.
-func golistDriver(cfg *Config, rootsDirs func() *goInfo, words ...string) (*driverResponse, error) {
+// createDriverResponse uses the "go list" command to expand the pattern
+// words and return a response for the specified packages.
+func (state *golistState) createDriverResponse(words ...string) (*driverResponse, error) {
 	// go list uses the following identifiers in ImportPath and Imports:
 	//
 	// 	"p"			-- importable package or main (command)
@@ -673,11 +437,13 @@ func golistDriver(cfg *Config, rootsDirs func() *goInfo, words ...string) (*driv
 
 	// Run "go list" for complete
 	// information on the specified packages.
-	buf, err := invokeGo(cfg, golistargs(cfg, words)...)
+	buf, err := state.invokeGo("list", golistargs(state.cfg, words)...)
 	if err != nil {
 		return nil, err
 	}
 	seen := make(map[string]*jsonPackage)
+	pkgs := make(map[string]*Package)
+	additionalErrors := make(map[string][]Error)
 	// Decode the JSON and convert it to Package form.
 	var response driverResponse
 	for dec := json.NewDecoder(buf); dec.More(); {
@@ -708,18 +474,81 @@ func golistDriver(cfg *Config, rootsDirs func() *goInfo, words ...string) (*driv
 		// contained in a known module or GOPATH entry. This will allow the package to be
 		// properly "reclaimed" when overlays are processed.
 		if filepath.IsAbs(p.ImportPath) && p.Error != nil {
-			pkgPath, ok := getPkgPath(cfg, p.ImportPath, rootsDirs)
+			pkgPath, ok, err := state.getPkgPath(p.ImportPath)
+			if err != nil {
+				return nil, err
+			}
 			if ok {
 				p.ImportPath = pkgPath
 			}
 		}
 
 		if old, found := seen[p.ImportPath]; found {
-			if !reflect.DeepEqual(p, old) {
-				return nil, fmt.Errorf("internal error: go list gives conflicting information for package %v", p.ImportPath)
+			// If one version of the package has an error, and the other doesn't, assume
+			// that this is a case where go list is reporting a fake dependency variant
+			// of the imported package: When a package tries to invalidly import another
+			// package, go list emits a variant of the imported package (with the same
+			// import path, but with an error on it, and the package will have a
+			// DepError set on it). An example of when this can happen is for imports of
+			// main packages: main packages can not be imported, but they may be
+			// separately matched and listed by another pattern.
+			// See golang.org/issue/36188 for more details.
+
+			// The plan is that eventually, hopefully in Go 1.15, the error will be
+			// reported on the importing package rather than the duplicate "fake"
+			// version of the imported package. Once all supported versions of Go
+			// have the new behavior this logic can be deleted.
+			// TODO(matloob): delete the workaround logic once all supported versions of
+			// Go return the errors on the proper package.
+
+			// There should be exactly one version of a package that doesn't have an
+			// error.
+			if old.Error == nil && p.Error == nil {
+				if !reflect.DeepEqual(p, old) {
+					return nil, fmt.Errorf("internal error: go list gives conflicting information for package %v", p.ImportPath)
+				}
+				continue
 			}
-			// skip the duplicate
-			continue
+
+			// Determine if this package's error needs to be bubbled up.
+			// This is a hack, and we expect for go list to eventually set the error
+			// on the package.
+			if old.Error != nil {
+				var errkind string
+				if strings.Contains(old.Error.Err, "not an importable package") {
+					errkind = "not an importable package"
+				} else if strings.Contains(old.Error.Err, "use of internal package") && strings.Contains(old.Error.Err, "not allowed") {
+					errkind = "use of internal package not allowed"
+				}
+				if errkind != "" {
+					if len(old.Error.ImportStack) < 1 {
+						return nil, fmt.Errorf(`internal error: go list gave a %q error with empty import stack`, errkind)
+					}
+					importingPkg := old.Error.ImportStack[len(old.Error.ImportStack)-1]
+					if importingPkg == old.ImportPath {
+						// Using an older version of Go which put this package itself on top of import
+						// stack, instead of the importer. Look for importer in second from top
+						// position.
+						if len(old.Error.ImportStack) < 2 {
+							return nil, fmt.Errorf(`internal error: go list gave a %q error with an import stack without importing package`, errkind)
+						}
+						importingPkg = old.Error.ImportStack[len(old.Error.ImportStack)-2]
+					}
+					additionalErrors[importingPkg] = append(additionalErrors[importingPkg], Error{
+						Pos:  old.Error.Pos,
+						Msg:  old.Error.Err,
+						Kind: ListError,
+					})
+				}
+			}
+
+			// Make sure that if there's a version of the package without an error,
+			// that's the one reported to the user.
+			if old.Error == nil {
+				continue
+			}
+
+			// This package will replace the old one at the end of the loop.
 		}
 		seen[p.ImportPath] = p
 
@@ -729,6 +558,27 @@ func golistDriver(cfg *Config, rootsDirs func() *goInfo, words ...string) (*driv
 			GoFiles:         absJoin(p.Dir, p.GoFiles, p.CgoFiles),
 			CompiledGoFiles: absJoin(p.Dir, p.CompiledGoFiles),
 			OtherFiles:      absJoin(p.Dir, otherFiles(p)...),
+			forTest:         p.ForTest,
+			Module:          p.Module,
+		}
+
+		if (state.cfg.Mode&typecheckCgo) != 0 && len(p.CgoFiles) != 0 {
+			if len(p.CompiledGoFiles) > len(p.GoFiles) {
+				// We need the cgo definitions, which are in the first
+				// CompiledGoFile after the non-cgo ones. This is a hack but there
+				// isn't currently a better way to find it. We also need the pure
+				// Go files and unprocessed cgo files, all of which are already
+				// in pkg.GoFiles.
+				cgoTypes := p.CompiledGoFiles[len(p.GoFiles)]
+				pkg.CompiledGoFiles = append([]string{cgoTypes}, pkg.GoFiles...)
+			} else {
+				// golang/go#38990: go list silently fails to do cgo processing
+				pkg.CompiledGoFiles = nil
+				pkg.Errors = append(pkg.Errors, Error{
+					Msg:  "go list failed to return CompiledGoFiles; https://golang.org/issue/38990?",
+					Kind: ListError,
+				})
+			}
 		}
 
 		// Work around https://golang.org/issue/28749:
@@ -804,6 +654,39 @@ func golistDriver(cfg *Config, rootsDirs func() *goInfo, words ...string) (*driv
 			pkg.CompiledGoFiles = pkg.GoFiles
 		}
 
+		// Temporary work-around for golang/go#39986. Parse filenames out of
+		// error messages. This happens if there are unrecoverable syntax
+		// errors in the source, so we can't match on a specific error message.
+		if err := p.Error; err != nil && state.shouldAddFilenameFromError(p) {
+			addFilenameFromPos := func(pos string) bool {
+				split := strings.Split(pos, ":")
+				if len(split) < 1 {
+					return false
+				}
+				filename := strings.TrimSpace(split[0])
+				if filename == "" {
+					return false
+				}
+				if !filepath.IsAbs(filename) {
+					filename = filepath.Join(state.cfg.Dir, filename)
+				}
+				info, _ := os.Stat(filename)
+				if info == nil {
+					return false
+				}
+				pkg.CompiledGoFiles = append(pkg.CompiledGoFiles, filename)
+				pkg.GoFiles = append(pkg.GoFiles, filename)
+				return true
+			}
+			found := addFilenameFromPos(err.Pos)
+			// In some cases, go list only reports the error position in the
+			// error text, not the error position. One such case is when the
+			// file's package name is a keyword (see golang.org/issue/39763).
+			if !found {
+				addFilenameFromPos(err.Err)
+			}
+		}
+
 		if p.Error != nil {
 			msg := strings.TrimSpace(p.Error.Err) // Trim to work around golang.org/issue/32363.
 			// Address golang.org/issue/35964 by appending import stack to error message.
@@ -817,29 +700,90 @@ func golistDriver(cfg *Config, rootsDirs func() *goInfo, words ...string) (*driv
 			})
 		}
 
+		pkgs[pkg.ID] = pkg
+	}
+
+	for id, errs := range additionalErrors {
+		if p, ok := pkgs[id]; ok {
+			p.Errors = append(p.Errors, errs...)
+		}
+	}
+	for _, pkg := range pkgs {
 		response.Packages = append(response.Packages, pkg)
 	}
+	sort.Slice(response.Packages, func(i, j int) bool { return response.Packages[i].ID < response.Packages[j].ID })
 
 	return &response, nil
 }
 
-// getPkgPath finds the package path of a directory if it's relative to a root directory.
-func getPkgPath(cfg *Config, dir string, goInfo func() *goInfo) (string, bool) {
+func (state *golistState) shouldAddFilenameFromError(p *jsonPackage) bool {
+	if len(p.GoFiles) > 0 || len(p.CompiledGoFiles) > 0 {
+		return false
+	}
+
+	goV, err := state.getGoVersion()
+	if err != nil {
+		return false
+	}
+
+	// On Go 1.14 and earlier, only add filenames from errors if the import stack is empty.
+	// The import stack behaves differently for these versions than newer Go versions.
+	if strings.HasPrefix(goV, "go1.13") || strings.HasPrefix(goV, "go1.14") {
+		return len(p.Error.ImportStack) == 0
+	}
+
+	// On Go 1.15 and later, only parse filenames out of error if there's no import stack,
+	// or the current package is at the top of the import stack. This is not guaranteed
+	// to work perfectly, but should avoid some cases where files in errors don't belong to this
+	// package.
+	return len(p.Error.ImportStack) == 0 || p.Error.ImportStack[len(p.Error.ImportStack)-1] == p.ImportPath
+}
+
+func (state *golistState) getGoVersion() (string, error) {
+	state.goVersionOnce.Do(func() {
+		var b *bytes.Buffer
+		// Invoke go version. Don't use invokeGo because it will supply build flags, and
+		// go version doesn't expect build flags.
+		inv := gocommand.Invocation{
+			Verb: "version",
+			Env:  state.cfg.Env,
+			Logf: state.cfg.Logf,
+		}
+		gocmdRunner := state.cfg.gocmdRunner
+		if gocmdRunner == nil {
+			gocmdRunner = &gocommand.Runner{}
+		}
+		b, _, _, state.goVersionError = gocmdRunner.RunRaw(state.cfg.Context, inv)
+		if state.goVersionError != nil {
+			return
+		}
+
+		sp := strings.Split(b.String(), " ")
+		if len(sp) < 3 {
+			state.goVersionError = fmt.Errorf("go version output: expected 'go version <version>', got '%s'", b.String())
+			return
+		}
+		state.goVersion = sp[2]
+	})
+	return state.goVersion, state.goVersionError
+}
+
+// getPkgPath finds the package path of a directory if it's relative to a root
+// directory.
+func (state *golistState) getPkgPath(dir string) (string, bool, error) {
 	absDir, err := filepath.Abs(dir)
 	if err != nil {
-		cfg.Logf("error getting absolute path of %s: %v", dir, err)
-		return "", false
+		return "", false, err
 	}
-	for rdir, rpath := range goInfo().rootDirs {
-		absRdir, err := filepath.Abs(rdir)
-		if err != nil {
-			cfg.Logf("error getting absolute path of %s: %v", rdir, err)
-			continue
-		}
+	roots, err := state.determineRootDirs()
+	if err != nil {
+		return "", false, err
+	}
+
+	for rdir, rpath := range roots {
 		// Make sure that the directory is in the module,
 		// to avoid creating a path relative to another module.
-		if !strings.HasPrefix(absDir, absRdir) {
-			cfg.Logf("%s does not have prefix %s", absDir, absRdir)
+		if !strings.HasPrefix(absDir, rdir) {
 			continue
 		}
 		// TODO(matloob): This doesn't properly handle symlinks.
@@ -854,11 +798,11 @@ func getPkgPath(cfg *Config, dir string, goInfo func() *goInfo) (string, bool) {
 			// Once the file is saved, gopls, or the next invocation of the tool will get the correct
 			// result straight from golist.
 			// TODO(matloob): Implement module tiebreaking?
-			return path.Join(rpath, filepath.ToSlash(r)), true
+			return path.Join(rpath, filepath.ToSlash(r)), true, nil
 		}
-		return filepath.ToSlash(r), true
+		return filepath.ToSlash(r), true, nil
 	}
-	return "", false
+	return "", false, nil
 }
 
 // absJoin absolutizes and flattens the lists of files.
@@ -877,8 +821,8 @@ func absJoin(dir string, fileses ...[]string) (res []string) {
 func golistargs(cfg *Config, words []string) []string {
 	const findFlags = NeedImports | NeedTypes | NeedSyntax | NeedTypesInfo
 	fullargs := []string{
-		"list", "-e", "-json",
-		fmt.Sprintf("-compiled=%t", cfg.Mode&(NeedCompiledGoFiles|NeedSyntax|NeedTypesInfo|NeedTypesSizes) != 0),
+		"-e", "-json",
+		fmt.Sprintf("-compiled=%t", cfg.Mode&(NeedCompiledGoFiles|NeedSyntax|NeedTypes|NeedTypesInfo|NeedTypesSizes) != 0),
 		fmt.Sprintf("-test=%t", cfg.Tests),
 		fmt.Sprintf("-export=%t", usesExportData(cfg)),
 		fmt.Sprintf("-deps=%t", cfg.Mode&NeedImports != 0),
@@ -893,25 +837,23 @@ func golistargs(cfg *Config, words []string) []string {
 }
 
 // invokeGo returns the stdout of a go command invocation.
-func invokeGo(cfg *Config, args ...string) (*bytes.Buffer, error) {
-	stdout := new(bytes.Buffer)
-	stderr := new(bytes.Buffer)
-	cmd := exec.CommandContext(cfg.Context, "go", args...)
-	// On darwin the cwd gets resolved to the real path, which breaks anything that
-	// expects the working directory to keep the original path, including the
-	// go command when dealing with modules.
-	// The Go stdlib has a special feature where if the cwd and the PWD are the
-	// same node then it trusts the PWD, so by setting it in the env for the child
-	// process we fix up all the paths returned by the go command.
-	cmd.Env = append(append([]string{}, cfg.Env...), "PWD="+cfg.Dir)
-	cmd.Dir = cfg.Dir
-	cmd.Stdout = stdout
-	cmd.Stderr = stderr
-	defer func(start time.Time) {
-		cfg.Logf("%s for %v, stderr: <<%s>> stdout: <<%s>>\n", time.Since(start), cmdDebugStr(cmd, args...), stderr, stdout)
-	}(time.Now())
+func (state *golistState) invokeGo(verb string, args ...string) (*bytes.Buffer, error) {
+	cfg := state.cfg
 
-	if err := cmd.Run(); err != nil {
+	inv := gocommand.Invocation{
+		Verb:       verb,
+		Args:       args,
+		BuildFlags: cfg.BuildFlags,
+		Env:        cfg.Env,
+		Logf:       cfg.Logf,
+		WorkingDir: cfg.Dir,
+	}
+	gocmdRunner := cfg.gocmdRunner
+	if gocmdRunner == nil {
+		gocmdRunner = &gocommand.Runner{}
+	}
+	stdout, stderr, _, err := gocmdRunner.RunRaw(cfg.Context, inv)
+	if err != nil {
 		// Check for 'go' executable not being found.
 		if ee, ok := err.(*exec.Error); ok && ee.Err == exec.ErrNotFound {
 			return nil, fmt.Errorf("'go list' driver requires 'go', but %s", exec.ErrNotFound)
@@ -921,7 +863,7 @@ func invokeGo(cfg *Config, args ...string) (*bytes.Buffer, error) {
 		if !ok {
 			// Catastrophic error:
 			// - context cancellation
-			return nil, fmt.Errorf("couldn't exec 'go %v': %s %T", args, err, err)
+			return nil, xerrors.Errorf("couldn't run 'go': %w", err)
 		}
 
 		// Old go version?
@@ -948,7 +890,12 @@ func invokeGo(cfg *Config, args ...string) (*bytes.Buffer, error) {
 				!strings.ContainsRune("!\"#$%&'()*,:;<=>?[\\]^`{|}\uFFFD", r)
 		}
 		if len(stderr.String()) > 0 && strings.HasPrefix(stderr.String(), "# ") {
-			if strings.HasPrefix(strings.TrimLeftFunc(stderr.String()[len("# "):], isPkgPathRune), "\n") {
+			msg := stderr.String()[len("# "):]
+			if strings.HasPrefix(strings.TrimLeftFunc(msg, isPkgPathRune), "\n") {
+				return stdout, nil
+			}
+			// Treat pkg-config errors as a special case (golang.org/issue/36770).
+			if strings.HasPrefix(msg, "pkg-config") {
 				return stdout, nil
 			}
 		}
@@ -1037,16 +984,6 @@ func invokeGo(cfg *Config, args ...string) (*bytes.Buffer, error) {
 			return nil, fmt.Errorf("go %v: %s: %s", args, exitErr, stderr)
 		}
 	}
-
-	// As of writing, go list -export prints some non-fatal compilation
-	// errors to stderr, even with -e set. We would prefer that it put
-	// them in the Package.Error JSON (see https://golang.org/issue/26319).
-	// In the meantime, there's nowhere good to put them, but they can
-	// be useful for debugging. Print them if $GOPACKAGESPRINTGOLISTERRORS
-	// is set.
-	if len(stderr.Bytes()) != 0 && os.Getenv("GOPACKAGESPRINTGOLISTERRORS") != "" {
-		fmt.Fprintf(os.Stderr, "%s stderr: <<%s>>\n", cmdDebugStr(cmd, args...), stderr)
-	}
 	return stdout, nil
 }
 
diff --git a/vendor/golang.org/x/tools/go/packages/golist_overlay.go b/vendor/golang.org/x/tools/go/packages/golist_overlay.go
index a7de6229..874f9013 100644
--- a/vendor/golang.org/x/tools/go/packages/golist_overlay.go
+++ b/vendor/golang.org/x/tools/go/packages/golist_overlay.go
@@ -1,14 +1,19 @@
 package packages
 
 import (
-	"bytes"
 	"encoding/json"
 	"fmt"
 	"go/parser"
 	"go/token"
+	"log"
+	"os"
 	"path/filepath"
+	"regexp"
+	"sort"
 	"strconv"
 	"strings"
+
+	"golang.org/x/tools/internal/gocommand"
 )
 
 // processGolistOverlay provides rudimentary support for adding
@@ -16,15 +21,20 @@ import (
 // sometimes incorrect.
 // TODO(matloob): Handle unsupported cases, including the following:
 // - determining the correct package to add given a new import path
-func processGolistOverlay(cfg *Config, response *responseDeduper, rootDirs func() *goInfo) (modifiedPkgs, needPkgs []string, err error) {
+func (state *golistState) processGolistOverlay(response *responseDeduper) (modifiedPkgs, needPkgs []string, err error) {
 	havePkgs := make(map[string]string) // importPath -> non-test package ID
 	needPkgsSet := make(map[string]bool)
 	modifiedPkgsSet := make(map[string]bool)
 
+	pkgOfDir := make(map[string][]*Package)
 	for _, pkg := range response.dr.Packages {
 		// This is an approximation of import path to id. This can be
 		// wrong for tests, vendored packages, and a number of other cases.
 		havePkgs[pkg.PkgPath] = pkg.ID
+		x := commonDir(pkg.GoFiles)
+		if x != "" {
+			pkgOfDir[x] = append(pkgOfDir[x], pkg)
+		}
 	}
 
 	// If no new imports are added, it is safe to avoid loading any needPkgs.
@@ -34,7 +44,23 @@ func processGolistOverlay(cfg *Config, response *responseDeduper, rootDirs func(
 	// potentially modifying the transitive set of dependencies).
 	var overlayAddsImports bool
 
-	for opath, contents := range cfg.Overlay {
+	// If both a package and its test package are created by the overlay, we
+	// need the real package first. Process all non-test files before test
+	// files, and make the whole process deterministic while we're at it.
+	var overlayFiles []string
+	for opath := range state.cfg.Overlay {
+		overlayFiles = append(overlayFiles, opath)
+	}
+	sort.Slice(overlayFiles, func(i, j int) bool {
+		iTest := strings.HasSuffix(overlayFiles[i], "_test.go")
+		jTest := strings.HasSuffix(overlayFiles[j], "_test.go")
+		if iTest != jTest {
+			return !iTest // non-tests are before tests.
+		}
+		return overlayFiles[i] < overlayFiles[j]
+	})
+	for _, opath := range overlayFiles {
+		contents := state.cfg.Overlay[opath]
 		base := filepath.Base(opath)
 		dir := filepath.Dir(opath)
 		var pkg *Package           // if opath belongs to both a package and its test variant, this will be the test variant
@@ -47,6 +73,9 @@ func processGolistOverlay(cfg *Config, response *responseDeduper, rootDirs func(
 			// to the overlay.
 			continue
 		}
+		// If all the overlay files belong to a different package, change the
+		// package name to that package.
+		maybeFixPackageName(pkgName, isTestFile, pkgOfDir[dir])
 	nextPackage:
 		for _, p := range response.dr.Packages {
 			if pkgName != p.Name && p.ID != "command-line-arguments" {
@@ -63,15 +92,19 @@ func processGolistOverlay(cfg *Config, response *responseDeduper, rootDirs func(
 					// because the file is generated in another directory.
 					testVariantOf = p
 					continue nextPackage
+				} else if !isTestFile && hasTestFiles(p) {
+					// We're examining a test variant, but the overlaid file is
+					// a non-test file. Because the overlay implementation
+					// (currently) only adds a file to one package, skip this
+					// package, so that we can add the file to the production
+					// variant of the package. (https://golang.org/issue/36857
+					// tracks handling overlays on both the production and test
+					// variant of a package).
+					continue nextPackage
 				}
 				if pkg != nil && p != pkg && pkg.PkgPath == p.PkgPath {
-					// If we've already seen the test variant,
-					// make sure to label which package it is a test variant of.
-					if hasTestFiles(pkg) {
-						testVariantOf = p
-						continue nextPackage
-					}
-					// If we have already seen the package of which this is a test variant.
+					// We have already seen the production version of the
+					// for which p is a test variant.
 					if hasTestFiles(p) {
 						testVariantOf = pkg
 					}
@@ -82,38 +115,68 @@ func processGolistOverlay(cfg *Config, response *responseDeduper, rootDirs func(
 				}
 			}
 		}
-		// The overlay could have included an entirely new package.
-		if pkg == nil {
+		// The overlay could have included an entirely new package or an
+		// ad-hoc package. An ad-hoc package is one that we have manually
+		// constructed from inadequate `go list` results for a file= query.
+		// It will have the ID command-line-arguments.
+		if pkg == nil || pkg.ID == "command-line-arguments" {
 			// Try to find the module or gopath dir the file is contained in.
 			// Then for modules, add the module opath to the beginning.
-			pkgPath, ok := getPkgPath(cfg, dir, rootDirs)
+			pkgPath, ok, err := state.getPkgPath(dir)
+			if err != nil {
+				return nil, nil, err
+			}
 			if !ok {
 				break
 			}
+			var forTest string // only set for x tests
 			isXTest := strings.HasSuffix(pkgName, "_test")
 			if isXTest {
+				forTest = pkgPath
 				pkgPath += "_test"
 			}
 			id := pkgPath
-			if isTestFile && !isXTest {
-				id = fmt.Sprintf("%s [%s.test]", pkgPath, pkgPath)
-			}
-			// Try to reclaim a package with the same id if it exists in the response.
-			for _, p := range response.dr.Packages {
-				if reclaimPackage(p, id, opath, contents) {
-					pkg = p
-					break
+			if isTestFile {
+				if isXTest {
+					id = fmt.Sprintf("%s [%s.test]", pkgPath, forTest)
+				} else {
+					id = fmt.Sprintf("%s [%s.test]", pkgPath, pkgPath)
 				}
 			}
-			// Otherwise, create a new package
-			if pkg == nil {
-				pkg = &Package{PkgPath: pkgPath, ID: id, Name: pkgName, Imports: make(map[string]*Package)}
-				response.addPackage(pkg)
-				havePkgs[pkg.PkgPath] = id
-				// Add the production package's sources for a test variant.
-				if isTestFile && !isXTest && testVariantOf != nil {
-					pkg.GoFiles = append(pkg.GoFiles, testVariantOf.GoFiles...)
-					pkg.CompiledGoFiles = append(pkg.CompiledGoFiles, testVariantOf.CompiledGoFiles...)
+			if pkg != nil {
+				// TODO(rstambler): We should change the package's path and ID
+				// here. The only issue is that this messes with the roots.
+			} else {
+				// Try to reclaim a package with the same ID, if it exists in the response.
+				for _, p := range response.dr.Packages {
+					if reclaimPackage(p, id, opath, contents) {
+						pkg = p
+						break
+					}
+				}
+				// Otherwise, create a new package.
+				if pkg == nil {
+					pkg = &Package{
+						PkgPath: pkgPath,
+						ID:      id,
+						Name:    pkgName,
+						Imports: make(map[string]*Package),
+					}
+					response.addPackage(pkg)
+					havePkgs[pkg.PkgPath] = id
+					// Add the production package's sources for a test variant.
+					if isTestFile && !isXTest && testVariantOf != nil {
+						pkg.GoFiles = append(pkg.GoFiles, testVariantOf.GoFiles...)
+						pkg.CompiledGoFiles = append(pkg.CompiledGoFiles, testVariantOf.CompiledGoFiles...)
+						// Add the package under test and its imports to the test variant.
+						pkg.forTest = testVariantOf.PkgPath
+						for k, v := range testVariantOf.Imports {
+							pkg.Imports[k] = &Package{ID: v.ID}
+						}
+					}
+					if isXTest {
+						pkg.forTest = forTest
+					}
 				}
 			}
 		}
@@ -130,42 +193,47 @@ func processGolistOverlay(cfg *Config, response *responseDeduper, rootDirs func(
 			continue
 		}
 		for _, imp := range imports {
-			_, found := pkg.Imports[imp]
-			if !found {
-				overlayAddsImports = true
-				// TODO(matloob): Handle cases when the following block isn't correct.
-				// These include imports of vendored packages, etc.
-				id, ok := havePkgs[imp]
-				if !ok {
-					id = imp
-				}
-				pkg.Imports[imp] = &Package{ID: id}
-				// Add dependencies to the non-test variant version of this package as wel.
-				if testVariantOf != nil {
-					testVariantOf.Imports[imp] = &Package{ID: id}
+			// TODO(rstambler): If the package is an x test and the import has
+			// a test variant, make sure to replace it.
+			if _, found := pkg.Imports[imp]; found {
+				continue
+			}
+			overlayAddsImports = true
+			id, ok := havePkgs[imp]
+			if !ok {
+				var err error
+				id, err = state.resolveImport(dir, imp)
+				if err != nil {
+					return nil, nil, err
 				}
 			}
+			pkg.Imports[imp] = &Package{ID: id}
+			// Add dependencies to the non-test variant version of this package as well.
+			if testVariantOf != nil {
+				testVariantOf.Imports[imp] = &Package{ID: id}
+			}
 		}
-		continue
 	}
 
-	// toPkgPath tries to guess the package path given the id.
-	// This isn't always correct -- it's certainly wrong for
-	// vendored packages' paths.
-	toPkgPath := func(id string) string {
-		// TODO(matloob): Handle vendor paths.
-		i := strings.IndexByte(id, ' ')
-		if i >= 0 {
-			return id[:i]
+	// toPkgPath guesses the package path given the id.
+	toPkgPath := func(sourceDir, id string) (string, error) {
+		if i := strings.IndexByte(id, ' '); i >= 0 {
+			return state.resolveImport(sourceDir, id[:i])
 		}
-		return id
+		return state.resolveImport(sourceDir, id)
 	}
 
-	// Do another pass now that new packages have been created to determine the
-	// set of missing packages.
+	// Now that new packages have been created, do another pass to determine
+	// the new set of missing packages.
 	for _, pkg := range response.dr.Packages {
 		for _, imp := range pkg.Imports {
-			pkgPath := toPkgPath(imp.ID)
+			if len(pkg.GoFiles) == 0 {
+				return nil, nil, fmt.Errorf("cannot resolve imports for package %q with no Go files", pkg.PkgPath)
+			}
+			pkgPath, err := toPkgPath(filepath.Dir(pkg.GoFiles[0]), imp.ID)
+			if err != nil {
+				return nil, nil, err
+			}
 			if _, ok := havePkgs[pkgPath]; !ok {
 				needPkgsSet[pkgPath] = true
 			}
@@ -185,6 +253,52 @@ func processGolistOverlay(cfg *Config, response *responseDeduper, rootDirs func(
 	return modifiedPkgs, needPkgs, err
 }
 
+// resolveImport finds the the ID of a package given its import path.
+// In particular, it will find the right vendored copy when in GOPATH mode.
+func (state *golistState) resolveImport(sourceDir, importPath string) (string, error) {
+	env, err := state.getEnv()
+	if err != nil {
+		return "", err
+	}
+	if env["GOMOD"] != "" {
+		return importPath, nil
+	}
+
+	searchDir := sourceDir
+	for {
+		vendorDir := filepath.Join(searchDir, "vendor")
+		exists, ok := state.vendorDirs[vendorDir]
+		if !ok {
+			info, err := os.Stat(vendorDir)
+			exists = err == nil && info.IsDir()
+			state.vendorDirs[vendorDir] = exists
+		}
+
+		if exists {
+			vendoredPath := filepath.Join(vendorDir, importPath)
+			if info, err := os.Stat(vendoredPath); err == nil && info.IsDir() {
+				// We should probably check for .go files here, but shame on anyone who fools us.
+				path, ok, err := state.getPkgPath(vendoredPath)
+				if err != nil {
+					return "", err
+				}
+				if ok {
+					return path, nil
+				}
+			}
+		}
+
+		// We know we've hit the top of the filesystem when we Dir / and get /,
+		// or C:\ and get C:\, etc.
+		next := filepath.Dir(searchDir)
+		if next == searchDir {
+			break
+		}
+		searchDir = next
+	}
+	return importPath, nil
+}
+
 func hasTestFiles(p *Package) bool {
 	for _, f := range p.GoFiles {
 		if strings.HasSuffix(f, "_test.go") {
@@ -194,44 +308,75 @@ func hasTestFiles(p *Package) bool {
 	return false
 }
 
-// determineRootDirs returns a mapping from directories code can be contained in to the
-// corresponding import path prefixes of those directories.
-// Its result is used to try to determine the import path for a package containing
-// an overlay file.
-func determineRootDirs(cfg *Config) map[string]string {
-	// Assume modules first:
-	out, err := invokeGo(cfg, "list", "-m", "-json", "all")
+// determineRootDirs returns a mapping from absolute directories that could
+// contain code to their corresponding import path prefixes.
+func (state *golistState) determineRootDirs() (map[string]string, error) {
+	env, err := state.getEnv()
 	if err != nil {
-		return determineRootDirsGOPATH(cfg)
+		return nil, err
 	}
-	m := map[string]string{}
-	type jsonMod struct{ Path, Dir string }
+	if env["GOMOD"] != "" {
+		state.rootsOnce.Do(func() {
+			state.rootDirs, state.rootDirsError = state.determineRootDirsModules()
+		})
+	} else {
+		state.rootsOnce.Do(func() {
+			state.rootDirs, state.rootDirsError = state.determineRootDirsGOPATH()
+		})
+	}
+	return state.rootDirs, state.rootDirsError
+}
+
+func (state *golistState) determineRootDirsModules() (map[string]string, error) {
+	// List all of the modules--the first will be the directory for the main
+	// module. Any replaced modules will also need to be treated as roots.
+	// Editing files in the module cache isn't a great idea, so we don't
+	// plan to ever support that.
+	out, err := state.invokeGo("list", "-m", "-json", "all")
+	if err != nil {
+		// 'go list all' will fail if we're outside of a module and
+		// GO111MODULE=on. Try falling back without 'all'.
+		var innerErr error
+		out, innerErr = state.invokeGo("list", "-m", "-json")
+		if innerErr != nil {
+			return nil, err
+		}
+	}
+	roots := map[string]string{}
+	modules := map[string]string{}
+	var i int
 	for dec := json.NewDecoder(out); dec.More(); {
-		mod := new(jsonMod)
+		mod := new(gocommand.ModuleJSON)
 		if err := dec.Decode(mod); err != nil {
-			return m // Give up and return an empty map. Package won't be found for overlay.
+			return nil, err
 		}
 		if mod.Dir != "" && mod.Path != "" {
 			// This is a valid module; add it to the map.
-			m[mod.Dir] = mod.Path
+			absDir, err := filepath.Abs(mod.Dir)
+			if err != nil {
+				return nil, err
+			}
+			modules[absDir] = mod.Path
+			// The first result is the main module.
+			if i == 0 || mod.Replace != nil && mod.Replace.Path != "" {
+				roots[absDir] = mod.Path
+			}
 		}
+		i++
 	}
-	return m
+	return roots, nil
 }
 
-func determineRootDirsGOPATH(cfg *Config) map[string]string {
+func (state *golistState) determineRootDirsGOPATH() (map[string]string, error) {
 	m := map[string]string{}
-	out, err := invokeGo(cfg, "env", "GOPATH")
-	if err != nil {
-		// Could not determine root dir mapping. Everything is best-effort, so just return an empty map.
-		// When we try to find the import path for a directory, there will be no root-dir match and
-		// we'll give up.
-		return m
+	for _, dir := range filepath.SplitList(state.mustGetEnv()["GOPATH"]) {
+		absDir, err := filepath.Abs(dir)
+		if err != nil {
+			return nil, err
+		}
+		m[filepath.Join(absDir, "src")] = ""
 	}
-	for _, p := range filepath.SplitList(string(bytes.TrimSpace(out.Bytes()))) {
-		m[filepath.Join(p, "src")] = ""
-	}
-	return m
+	return m, nil
 }
 
 func extractImports(filename string, contents []byte) ([]string, error) {
@@ -291,3 +436,133 @@ func extractPackageName(filename string, contents []byte) (string, bool) {
 	}
 	return f.Name.Name, true
 }
+
+func commonDir(a []string) string {
+	seen := make(map[string]bool)
+	x := append([]string{}, a...)
+	for _, f := range x {
+		seen[filepath.Dir(f)] = true
+	}
+	if len(seen) > 1 {
+		log.Fatalf("commonDir saw %v for %v", seen, x)
+	}
+	for k := range seen {
+		// len(seen) == 1
+		return k
+	}
+	return "" // no files
+}
+
+// It is possible that the files in the disk directory dir have a different package
+// name from newName, which is deduced from the overlays. If they all have a different
+// package name, and they all have the same package name, then that name becomes
+// the package name.
+// It returns true if it changes the package name, false otherwise.
+func maybeFixPackageName(newName string, isTestFile bool, pkgsOfDir []*Package) {
+	names := make(map[string]int)
+	for _, p := range pkgsOfDir {
+		names[p.Name]++
+	}
+	if len(names) != 1 {
+		// some files are in different packages
+		return
+	}
+	var oldName string
+	for k := range names {
+		oldName = k
+	}
+	if newName == oldName {
+		return
+	}
+	// We might have a case where all of the package names in the directory are
+	// the same, but the overlay file is for an x test, which belongs to its
+	// own package. If the x test does not yet exist on disk, we may not yet
+	// have its package name on disk, but we should not rename the packages.
+	//
+	// We use a heuristic to determine if this file belongs to an x test:
+	// The test file should have a package name whose package name has a _test
+	// suffix or looks like "newName_test".
+	maybeXTest := strings.HasPrefix(oldName+"_test", newName) || strings.HasSuffix(newName, "_test")
+	if isTestFile && maybeXTest {
+		return
+	}
+	for _, p := range pkgsOfDir {
+		p.Name = newName
+	}
+}
+
+// This function is copy-pasted from
+// https://github.com/golang/go/blob/9706f510a5e2754595d716bd64be8375997311fb/src/cmd/go/internal/search/search.go#L360.
+// It should be deleted when we remove support for overlays from go/packages.
+//
+// NOTE: This does not handle any ./... or ./ style queries, as this function
+// doesn't know the working directory.
+//
+// matchPattern(pattern)(name) reports whether
+// name matches pattern. Pattern is a limited glob
+// pattern in which '...' means 'any string' and there
+// is no other special syntax.
+// Unfortunately, there are two special cases. Quoting "go help packages":
+//
+// First, /... at the end of the pattern can match an empty string,
+// so that net/... matches both net and packages in its subdirectories, like net/http.
+// Second, any slash-separated pattern element containing a wildcard never
+// participates in a match of the "vendor" element in the path of a vendored
+// package, so that ./... does not match packages in subdirectories of
+// ./vendor or ./mycode/vendor, but ./vendor/... and ./mycode/vendor/... do.
+// Note, however, that a directory named vendor that itself contains code
+// is not a vendored package: cmd/vendor would be a command named vendor,
+// and the pattern cmd/... matches it.
+func matchPattern(pattern string) func(name string) bool {
+	// Convert pattern to regular expression.
+	// The strategy for the trailing /... is to nest it in an explicit ? expression.
+	// The strategy for the vendor exclusion is to change the unmatchable
+	// vendor strings to a disallowed code point (vendorChar) and to use
+	// "(anything but that codepoint)*" as the implementation of the ... wildcard.
+	// This is a bit complicated but the obvious alternative,
+	// namely a hand-written search like in most shell glob matchers,
+	// is too easy to make accidentally exponential.
+	// Using package regexp guarantees linear-time matching.
+
+	const vendorChar = "\x00"
+
+	if strings.Contains(pattern, vendorChar) {
+		return func(name string) bool { return false }
+	}
+
+	re := regexp.QuoteMeta(pattern)
+	re = replaceVendor(re, vendorChar)
+	switch {
+	case strings.HasSuffix(re, `/`+vendorChar+`/\.\.\.`):
+		re = strings.TrimSuffix(re, `/`+vendorChar+`/\.\.\.`) + `(/vendor|/` + vendorChar + `/\.\.\.)`
+	case re == vendorChar+`/\.\.\.`:
+		re = `(/vendor|/` + vendorChar + `/\.\.\.)`
+	case strings.HasSuffix(re, `/\.\.\.`):
+		re = strings.TrimSuffix(re, `/\.\.\.`) + `(/\.\.\.)?`
+	}
+	re = strings.ReplaceAll(re, `\.\.\.`, `[^`+vendorChar+`]*`)
+
+	reg := regexp.MustCompile(`^` + re + `$`)
+
+	return func(name string) bool {
+		if strings.Contains(name, vendorChar) {
+			return false
+		}
+		return reg.MatchString(replaceVendor(name, vendorChar))
+	}
+}
+
+// replaceVendor returns the result of replacing
+// non-trailing vendor path elements in x with repl.
+func replaceVendor(x, repl string) string {
+	if !strings.Contains(x, "vendor") {
+		return x
+	}
+	elem := strings.Split(x, "/")
+	for i := 0; i < len(elem)-1; i++ {
+		if elem[i] == "vendor" {
+			elem[i] = repl
+		}
+	}
+	return strings.Join(elem, "/")
+}
diff --git a/vendor/golang.org/x/tools/go/packages/loadmode_string.go b/vendor/golang.org/x/tools/go/packages/loadmode_string.go
index aff94a3f..7ea37e7e 100644
--- a/vendor/golang.org/x/tools/go/packages/loadmode_string.go
+++ b/vendor/golang.org/x/tools/go/packages/loadmode_string.go
@@ -38,7 +38,7 @@ var modeStrings = []string{
 func (mod LoadMode) String() string {
 	m := mod
 	if m == 0 {
-		return fmt.Sprintf("LoadMode(0)")
+		return "LoadMode(0)"
 	}
 	var out []string
 	for i, x := range allModes {
diff --git a/vendor/golang.org/x/tools/go/packages/packages.go b/vendor/golang.org/x/tools/go/packages/packages.go
index f98a0bdc..04053f1e 100644
--- a/vendor/golang.org/x/tools/go/packages/packages.go
+++ b/vendor/golang.org/x/tools/go/packages/packages.go
@@ -21,8 +21,12 @@ import (
 	"path/filepath"
 	"strings"
 	"sync"
+	"time"
 
 	"golang.org/x/tools/go/gcexportdata"
+	"golang.org/x/tools/internal/gocommand"
+	"golang.org/x/tools/internal/packagesinternal"
+	"golang.org/x/tools/internal/typesinternal"
 )
 
 // A LoadMode controls the amount of detail to return when loading.
@@ -34,6 +38,9 @@ import (
 // Load may return more information than requested.
 type LoadMode int
 
+// TODO(matloob): When a V2 of go/packages is released, rename NeedExportsFile to
+// NeedExportFile to make it consistent with the Package field it's adding.
+
 const (
 	// NeedName adds Name and PkgPath.
 	NeedName LoadMode = 1 << iota
@@ -51,7 +58,7 @@ const (
 	// NeedDeps adds the fields requested by the LoadMode in the packages in Imports.
 	NeedDeps
 
-	// NeedExportsFile adds ExportsFile.
+	// NeedExportsFile adds ExportFile.
 	NeedExportsFile
 
 	// NeedTypes adds Types, Fset, and IllTyped.
@@ -65,6 +72,13 @@ const (
 
 	// NeedTypesSizes adds TypesSizes.
 	NeedTypesSizes
+
+	// typecheckCgo enables full support for type checking cgo. Requires Go 1.15+.
+	// Modifies CompiledGoFiles and Types, and has no effect on its own.
+	typecheckCgo
+
+	// NeedModule adds Module.
+	NeedModule
 )
 
 const (
@@ -123,6 +137,9 @@ type Config struct {
 	//
 	Env []string
 
+	// gocmdRunner guards go command calls from concurrency errors.
+	gocmdRunner *gocommand.Runner
+
 	// BuildFlags is a list of command-line flags to be passed through to
 	// the build system's query tool.
 	BuildFlags []string
@@ -174,6 +191,13 @@ type driver func(cfg *Config, patterns ...string) (*driverResponse, error)
 
 // driverResponse contains the results for a driver query.
 type driverResponse struct {
+	// NotHandled is returned if the request can't be handled by the current
+	// driver. If an external driver returns a response with NotHandled, the
+	// rest of the driverResponse is ignored, and go/packages will fallback
+	// to the next driver. If go/packages is extended in the future to support
+	// lists of multiple drivers, go/packages will fall back to the next driver.
+	NotHandled bool
+
 	// Sizes, if not nil, is the types.Sizes to use when type checking.
 	Sizes *types.StdSizes
 
@@ -215,14 +239,22 @@ func Load(cfg *Config, patterns ...string) ([]*Package, error) {
 	return l.refine(response.Roots, response.Packages...)
 }
 
-// defaultDriver is a driver that looks for an external driver binary, and if
-// it does not find it falls back to the built in go list driver.
+// defaultDriver is a driver that implements go/packages' fallback behavior.
+// It will try to request to an external driver, if one exists. If there's
+// no external driver, or the driver returns a response with NotHandled set,
+// defaultDriver will fall back to the go list driver.
 func defaultDriver(cfg *Config, patterns ...string) (*driverResponse, error) {
 	driver := findExternalDriver(cfg)
 	if driver == nil {
 		driver = goListDriver
 	}
-	return driver(cfg, patterns...)
+	response, err := driver(cfg, patterns...)
+	if err != nil {
+		return response, err
+	} else if response.NotHandled {
+		return goListDriver(cfg, patterns...)
+	}
+	return response, nil
 }
 
 // A Package describes a loaded Go package.
@@ -249,7 +281,7 @@ type Package struct {
 	GoFiles []string
 
 	// CompiledGoFiles lists the absolute file paths of the package's source
-	// files that were presented to the compiler.
+	// files that are suitable for type checking.
 	// This may differ from GoFiles if files are processed before compilation.
 	CompiledGoFiles []string
 
@@ -292,6 +324,44 @@ type Package struct {
 
 	// TypesSizes provides the effective size function for types in TypesInfo.
 	TypesSizes types.Sizes
+
+	// forTest is the package under test, if any.
+	forTest string
+
+	// module is the module information for the package if it exists.
+	Module *Module
+}
+
+// Module provides module information for a package.
+type Module struct {
+	Path      string       // module path
+	Version   string       // module version
+	Replace   *Module      // replaced by this module
+	Time      *time.Time   // time version was created
+	Main      bool         // is this the main module?
+	Indirect  bool         // is this module only an indirect dependency of main module?
+	Dir       string       // directory holding files for this module, if any
+	GoMod     string       // path to go.mod file used when loading this module, if any
+	GoVersion string       // go version used in module
+	Error     *ModuleError // error loading module
+}
+
+// ModuleError holds errors loading a module.
+type ModuleError struct {
+	Err string // the error itself
+}
+
+func init() {
+	packagesinternal.GetForTest = func(p interface{}) string {
+		return p.(*Package).forTest
+	}
+	packagesinternal.GetGoCmdRunner = func(config interface{}) *gocommand.Runner {
+		return config.(*Config).gocmdRunner
+	}
+	packagesinternal.SetGoCmdRunner = func(config interface{}, runner *gocommand.Runner) {
+		config.(*Config).gocmdRunner = runner
+	}
+	packagesinternal.TypecheckCgo = int(typecheckCgo)
 }
 
 // An Error describes a problem with a package's metadata, syntax, or types.
@@ -454,6 +524,9 @@ func newLoader(cfg *Config) *loader {
 	if ld.Config.Env == nil {
 		ld.Config.Env = os.Environ()
 	}
+	if ld.Config.gocmdRunner == nil {
+		ld.Config.gocmdRunner = &gocommand.Runner{}
+	}
 	if ld.Context == nil {
 		ld.Context = context.Background()
 	}
@@ -500,12 +573,23 @@ func (ld *loader) refine(roots []string, list ...*Package) ([]*Package, error) {
 		if i, found := rootMap[pkg.ID]; found {
 			rootIndex = i
 		}
+
+		// Overlays can invalidate export data.
+		// TODO(matloob): make this check fine-grained based on dependencies on overlaid files
+		exportDataInvalid := len(ld.Overlay) > 0 || pkg.ExportFile == "" && pkg.PkgPath != "unsafe"
+		// This package needs type information if the caller requested types and the package is
+		// either a root, or it's a non-root and the user requested dependencies ...
+		needtypes := (ld.Mode&NeedTypes|NeedTypesInfo != 0 && (rootIndex >= 0 || ld.Mode&NeedDeps != 0))
+		// This package needs source if the call requested source (or types info, which implies source)
+		// and the package is either a root, or itas a non- root and the user requested dependencies...
+		needsrc := ((ld.Mode&(NeedSyntax|NeedTypesInfo) != 0 && (rootIndex >= 0 || ld.Mode&NeedDeps != 0)) ||
+			// ... or if we need types and the exportData is invalid. We fall back to (incompletely)
+			// typechecking packages from source if they fail to compile.
+			(ld.Mode&NeedTypes|NeedTypesInfo != 0 && exportDataInvalid)) && pkg.PkgPath != "unsafe"
 		lpkg := &loaderPackage{
 			Package:   pkg,
-			needtypes: (ld.Mode&(NeedTypes|NeedTypesInfo) != 0 && ld.Mode&NeedDeps != 0 && rootIndex < 0) || rootIndex >= 0,
-			needsrc: (ld.Mode&(NeedSyntax|NeedTypesInfo) != 0 && ld.Mode&NeedDeps != 0 && rootIndex < 0) || rootIndex >= 0 ||
-				len(ld.Overlay) > 0 || // Overlays can invalidate export data. TODO(matloob): make this check fine-grained based on dependencies on overlaid files
-				pkg.ExportFile == "" && pkg.PkgPath != "unsafe",
+			needtypes: needtypes,
+			needsrc:   needsrc,
 		}
 		ld.pkgs[lpkg.ID] = lpkg
 		if rootIndex >= 0 {
@@ -660,6 +744,9 @@ func (ld *loader) refine(roots []string, list ...*Package) ([]*Package, error) {
 		if ld.requestedMode&NeedTypesSizes == 0 {
 			ld.pkgs[i].TypesSizes = nil
 		}
+		if ld.requestedMode&NeedModule == 0 {
+			ld.pkgs[i].Module = nil
+		}
 	}
 
 	return result, nil
@@ -835,6 +922,15 @@ func (ld *loader) loadPackage(lpkg *loaderPackage) {
 		Error: appendError,
 		Sizes: ld.sizes,
 	}
+	if (ld.Mode & typecheckCgo) != 0 {
+		if !typesinternal.SetUsesCgo(tc) {
+			appendError(Error{
+				Msg:  "typecheckCgo requires Go 1.15+",
+				Kind: ListError,
+			})
+			return
+		}
+	}
 	types.NewChecker(tc, ld.Fset, lpkg.Types, lpkg.TypesInfo).Files(lpkg.Syntax)
 
 	lpkg.importErrors = nil // no longer needed
diff --git a/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go b/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go
index 882e3b3d..cffd7acb 100644
--- a/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go
+++ b/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go
@@ -226,7 +226,8 @@ func For(obj types.Object) (Path, error) {
 	// the best paths because non-types may
 	// refer to types, but not the reverse.
 	empty := make([]byte, 0, 48) // initial space
-	for _, name := range scope.Names() {
+	names := scope.Names()
+	for _, name := range names {
 		o := scope.Lookup(name)
 		tname, ok := o.(*types.TypeName)
 		if !ok {
@@ -253,7 +254,7 @@ func For(obj types.Object) (Path, error) {
 
 	// Then inspect everything else:
 	// non-types, and declared methods of defined types.
-	for _, name := range scope.Names() {
+	for _, name := range names {
 		o := scope.Lookup(name)
 		path := append(empty, name...)
 		if _, ok := o.(*types.TypeName); !ok {
diff --git a/vendor/golang.org/x/tools/internal/analysisinternal/analysis.go b/vendor/golang.org/x/tools/internal/analysisinternal/analysis.go
new file mode 100644
index 00000000..01f6e829
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/analysisinternal/analysis.go
@@ -0,0 +1,425 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package analysisinternal exposes internal-only fields from go/analysis.
+package analysisinternal
+
+import (
+	"bytes"
+	"fmt"
+	"go/ast"
+	"go/token"
+	"go/types"
+	"strings"
+
+	"golang.org/x/tools/go/ast/astutil"
+	"golang.org/x/tools/internal/lsp/fuzzy"
+)
+
+var (
+	GetTypeErrors func(p interface{}) []types.Error
+	SetTypeErrors func(p interface{}, errors []types.Error)
+)
+
+func TypeErrorEndPos(fset *token.FileSet, src []byte, start token.Pos) token.Pos {
+	// Get the end position for the type error.
+	offset, end := fset.PositionFor(start, false).Offset, start
+	if offset >= len(src) {
+		return end
+	}
+	if width := bytes.IndexAny(src[offset:], " \n,():;[]+-*"); width > 0 {
+		end = start + token.Pos(width)
+	}
+	return end
+}
+
+func ZeroValue(fset *token.FileSet, f *ast.File, pkg *types.Package, typ types.Type) ast.Expr {
+	under := typ
+	if n, ok := typ.(*types.Named); ok {
+		under = n.Underlying()
+	}
+	switch u := under.(type) {
+	case *types.Basic:
+		switch {
+		case u.Info()&types.IsNumeric != 0:
+			return &ast.BasicLit{Kind: token.INT, Value: "0"}
+		case u.Info()&types.IsBoolean != 0:
+			return &ast.Ident{Name: "false"}
+		case u.Info()&types.IsString != 0:
+			return &ast.BasicLit{Kind: token.STRING, Value: `""`}
+		default:
+			panic("unknown basic type")
+		}
+	case *types.Chan, *types.Interface, *types.Map, *types.Pointer, *types.Signature, *types.Slice, *types.Array:
+		return ast.NewIdent("nil")
+	case *types.Struct:
+		texpr := TypeExpr(fset, f, pkg, typ) // typ because we want the name here.
+		if texpr == nil {
+			return nil
+		}
+		return &ast.CompositeLit{
+			Type: texpr,
+		}
+	}
+	return nil
+}
+
+// IsZeroValue checks whether the given expression is a 'zero value' (as determined by output of
+// analysisinternal.ZeroValue)
+func IsZeroValue(expr ast.Expr) bool {
+	switch e := expr.(type) {
+	case *ast.BasicLit:
+		return e.Value == "0" || e.Value == `""`
+	case *ast.Ident:
+		return e.Name == "nil" || e.Name == "false"
+	default:
+		return false
+	}
+}
+
+func TypeExpr(fset *token.FileSet, f *ast.File, pkg *types.Package, typ types.Type) ast.Expr {
+	switch t := typ.(type) {
+	case *types.Basic:
+		switch t.Kind() {
+		case types.UnsafePointer:
+			return &ast.SelectorExpr{X: ast.NewIdent("unsafe"), Sel: ast.NewIdent("Pointer")}
+		default:
+			return ast.NewIdent(t.Name())
+		}
+	case *types.Pointer:
+		x := TypeExpr(fset, f, pkg, t.Elem())
+		if x == nil {
+			return nil
+		}
+		return &ast.UnaryExpr{
+			Op: token.MUL,
+			X:  x,
+		}
+	case *types.Array:
+		elt := TypeExpr(fset, f, pkg, t.Elem())
+		if elt == nil {
+			return nil
+		}
+		return &ast.ArrayType{
+			Len: &ast.BasicLit{
+				Kind:  token.INT,
+				Value: fmt.Sprintf("%d", t.Len()),
+			},
+			Elt: elt,
+		}
+	case *types.Slice:
+		elt := TypeExpr(fset, f, pkg, t.Elem())
+		if elt == nil {
+			return nil
+		}
+		return &ast.ArrayType{
+			Elt: elt,
+		}
+	case *types.Map:
+		key := TypeExpr(fset, f, pkg, t.Key())
+		value := TypeExpr(fset, f, pkg, t.Elem())
+		if key == nil || value == nil {
+			return nil
+		}
+		return &ast.MapType{
+			Key:   key,
+			Value: value,
+		}
+	case *types.Chan:
+		dir := ast.ChanDir(t.Dir())
+		if t.Dir() == types.SendRecv {
+			dir = ast.SEND | ast.RECV
+		}
+		value := TypeExpr(fset, f, pkg, t.Elem())
+		if value == nil {
+			return nil
+		}
+		return &ast.ChanType{
+			Dir:   dir,
+			Value: value,
+		}
+	case *types.Signature:
+		var params []*ast.Field
+		for i := 0; i < t.Params().Len(); i++ {
+			p := TypeExpr(fset, f, pkg, t.Params().At(i).Type())
+			if p == nil {
+				return nil
+			}
+			params = append(params, &ast.Field{
+				Type: p,
+				Names: []*ast.Ident{
+					{
+						Name: t.Params().At(i).Name(),
+					},
+				},
+			})
+		}
+		var returns []*ast.Field
+		for i := 0; i < t.Results().Len(); i++ {
+			r := TypeExpr(fset, f, pkg, t.Results().At(i).Type())
+			if r == nil {
+				return nil
+			}
+			returns = append(returns, &ast.Field{
+				Type: r,
+			})
+		}
+		return &ast.FuncType{
+			Params: &ast.FieldList{
+				List: params,
+			},
+			Results: &ast.FieldList{
+				List: returns,
+			},
+		}
+	case *types.Named:
+		if t.Obj().Pkg() == nil {
+			return ast.NewIdent(t.Obj().Name())
+		}
+		if t.Obj().Pkg() == pkg {
+			return ast.NewIdent(t.Obj().Name())
+		}
+		pkgName := t.Obj().Pkg().Name()
+		// If the file already imports the package under another name, use that.
+		for _, group := range astutil.Imports(fset, f) {
+			for _, cand := range group {
+				if strings.Trim(cand.Path.Value, `"`) == t.Obj().Pkg().Path() {
+					if cand.Name != nil && cand.Name.Name != "" {
+						pkgName = cand.Name.Name
+					}
+				}
+			}
+		}
+		if pkgName == "." {
+			return ast.NewIdent(t.Obj().Name())
+		}
+		return &ast.SelectorExpr{
+			X:   ast.NewIdent(pkgName),
+			Sel: ast.NewIdent(t.Obj().Name()),
+		}
+	case *types.Struct:
+		return ast.NewIdent(t.String())
+	case *types.Interface:
+		return ast.NewIdent(t.String())
+	default:
+		return nil
+	}
+}
+
+type TypeErrorPass string
+
+const (
+	NoNewVars      TypeErrorPass = "nonewvars"
+	NoResultValues TypeErrorPass = "noresultvalues"
+	UndeclaredName TypeErrorPass = "undeclaredname"
+)
+
+// StmtToInsertVarBefore returns the ast.Stmt before which we can safely insert a new variable.
+// Some examples:
+//
+// Basic Example:
+// z := 1
+// y := z + x
+// If x is undeclared, then this function would return `y := z + x`, so that we
+// can insert `x := ` on the line before `y := z + x`.
+//
+// If stmt example:
+// if z == 1 {
+// } else if z == y {}
+// If y is undeclared, then this function would return `if z == 1 {`, because we cannot
+// insert a statement between an if and an else if statement. As a result, we need to find
+// the top of the if chain to insert `y := ` before.
+func StmtToInsertVarBefore(path []ast.Node) ast.Stmt {
+	enclosingIndex := -1
+	for i, p := range path {
+		if _, ok := p.(ast.Stmt); ok {
+			enclosingIndex = i
+			break
+		}
+	}
+	if enclosingIndex == -1 {
+		return nil
+	}
+	enclosingStmt := path[enclosingIndex]
+	switch enclosingStmt.(type) {
+	case *ast.IfStmt:
+		// The enclosingStmt is inside of the if declaration,
+		// We need to check if we are in an else-if stmt and
+		// get the base if statement.
+		return baseIfStmt(path, enclosingIndex)
+	case *ast.CaseClause:
+		// Get the enclosing switch stmt if the enclosingStmt is
+		// inside of the case statement.
+		for i := enclosingIndex + 1; i < len(path); i++ {
+			if node, ok := path[i].(*ast.SwitchStmt); ok {
+				return node
+			} else if node, ok := path[i].(*ast.TypeSwitchStmt); ok {
+				return node
+			}
+		}
+	}
+	if len(path) <= enclosingIndex+1 {
+		return enclosingStmt.(ast.Stmt)
+	}
+	// Check if the enclosing statement is inside another node.
+	switch expr := path[enclosingIndex+1].(type) {
+	case *ast.IfStmt:
+		// Get the base if statement.
+		return baseIfStmt(path, enclosingIndex+1)
+	case *ast.ForStmt:
+		if expr.Init == enclosingStmt || expr.Post == enclosingStmt {
+			return expr
+		}
+	}
+	return enclosingStmt.(ast.Stmt)
+}
+
+// baseIfStmt walks up the if/else-if chain until we get to
+// the top of the current if chain.
+func baseIfStmt(path []ast.Node, index int) ast.Stmt {
+	stmt := path[index]
+	for i := index + 1; i < len(path); i++ {
+		if node, ok := path[i].(*ast.IfStmt); ok && node.Else == stmt {
+			stmt = node
+			continue
+		}
+		break
+	}
+	return stmt.(ast.Stmt)
+}
+
+// WalkASTWithParent walks the AST rooted at n. The semantics are
+// similar to ast.Inspect except it does not call f(nil).
+func WalkASTWithParent(n ast.Node, f func(n ast.Node, parent ast.Node) bool) {
+	var ancestors []ast.Node
+	ast.Inspect(n, func(n ast.Node) (recurse bool) {
+		if n == nil {
+			ancestors = ancestors[:len(ancestors)-1]
+			return false
+		}
+
+		var parent ast.Node
+		if len(ancestors) > 0 {
+			parent = ancestors[len(ancestors)-1]
+		}
+		ancestors = append(ancestors, n)
+		return f(n, parent)
+	})
+}
+
+// FindMatchingIdents finds all identifiers in 'node' that match any of the given types.
+// 'pos' represents the position at which the identifiers may be inserted. 'pos' must be within
+// the scope of each of identifier we select. Otherwise, we will insert a variable at 'pos' that
+// is unrecognized.
+func FindMatchingIdents(typs []types.Type, node ast.Node, pos token.Pos, info *types.Info, pkg *types.Package) map[types.Type][]*ast.Ident {
+	matches := map[types.Type][]*ast.Ident{}
+	// Initialize matches to contain the variable types we are searching for.
+	for _, typ := range typs {
+		if typ == nil {
+			continue
+		}
+		matches[typ] = []*ast.Ident{}
+	}
+	seen := map[types.Object]struct{}{}
+	ast.Inspect(node, func(n ast.Node) bool {
+		if n == nil {
+			return false
+		}
+		// Prevent circular definitions. If 'pos' is within an assignment statement, do not
+		// allow any identifiers in that assignment statement to be selected. Otherwise,
+		// we could do the following, where 'x' satisfies the type of 'f0':
+		//
+		// x := fakeStruct{f0: x}
+		//
+		assignment, ok := n.(*ast.AssignStmt)
+		if ok && pos > assignment.Pos() && pos <= assignment.End() {
+			return false
+		}
+		if n.End() > pos {
+			return n.Pos() <= pos
+		}
+		ident, ok := n.(*ast.Ident)
+		if !ok || ident.Name == "_" {
+			return true
+		}
+		obj := info.Defs[ident]
+		if obj == nil || obj.Type() == nil {
+			return true
+		}
+		if _, ok := obj.(*types.TypeName); ok {
+			return true
+		}
+		// Prevent duplicates in matches' values.
+		if _, ok = seen[obj]; ok {
+			return true
+		}
+		seen[obj] = struct{}{}
+		// Find the scope for the given position. Then, check whether the object
+		// exists within the scope.
+		innerScope := pkg.Scope().Innermost(pos)
+		if innerScope == nil {
+			return true
+		}
+		_, foundObj := innerScope.LookupParent(ident.Name, pos)
+		if foundObj != obj {
+			return true
+		}
+		// The object must match one of the types that we are searching for.
+		if idents, ok := matches[obj.Type()]; ok {
+			matches[obj.Type()] = append(idents, ast.NewIdent(ident.Name))
+		}
+		// If the object type does not exactly match any of the target types, greedily
+		// find the first target type that the object type can satisfy.
+		for typ := range matches {
+			if obj.Type() == typ {
+				continue
+			}
+			if equivalentTypes(obj.Type(), typ) {
+				matches[typ] = append(matches[typ], ast.NewIdent(ident.Name))
+			}
+		}
+		return true
+	})
+	return matches
+}
+
+func equivalentTypes(want, got types.Type) bool {
+	if want == got || types.Identical(want, got) {
+		return true
+	}
+	// Code segment to help check for untyped equality from (golang/go#32146).
+	if rhs, ok := want.(*types.Basic); ok && rhs.Info()&types.IsUntyped > 0 {
+		if lhs, ok := got.Underlying().(*types.Basic); ok {
+			return rhs.Info()&types.IsConstType == lhs.Info()&types.IsConstType
+		}
+	}
+	return types.AssignableTo(want, got)
+}
+
+// FindBestMatch employs fuzzy matching to evaluate the similarity of each given identifier to the
+// given pattern. We return the identifier whose name is most similar to the pattern.
+func FindBestMatch(pattern string, idents []*ast.Ident) ast.Expr {
+	fuzz := fuzzy.NewMatcher(pattern)
+	var bestFuzz ast.Expr
+	highScore := float32(0) // minimum score is 0 (no match)
+	for _, ident := range idents {
+		// TODO: Improve scoring algorithm.
+		score := fuzz.Score(ident.Name)
+		if score > highScore {
+			highScore = score
+			bestFuzz = ident
+		} else if score == 0 {
+			// Order matters in the fuzzy matching algorithm. If we find no match
+			// when matching the target to the identifier, try matching the identifier
+			// to the target.
+			revFuzz := fuzzy.NewMatcher(ident.Name)
+			revScore := revFuzz.Score(pattern)
+			if revScore > highScore {
+				highScore = revScore
+				bestFuzz = ident
+			}
+		}
+	}
+	return bestFuzz
+}
diff --git a/vendor/golang.org/x/tools/internal/event/core/event.go b/vendor/golang.org/x/tools/internal/event/core/event.go
new file mode 100644
index 00000000..e37b4949
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/event/core/event.go
@@ -0,0 +1,85 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package core provides support for event based telemetry.
+package core
+
+import (
+	"fmt"
+	"time"
+
+	"golang.org/x/tools/internal/event/label"
+)
+
+// Event holds the information about an event of note that ocurred.
+type Event struct {
+	at time.Time
+
+	// As events are often on the stack, storing the first few labels directly
+	// in the event can avoid an allocation at all for the very common cases of
+	// simple events.
+	// The length needs to be large enough to cope with the majority of events
+	// but no so large as to cause undue stack pressure.
+	// A log message with two values will use 3 labels (one for each value and
+	// one for the message itself).
+
+	static  [3]label.Label // inline storage for the first few labels
+	dynamic []label.Label  // dynamically sized storage for remaining labels
+}
+
+// eventLabelMap implements label.Map for a the labels of an Event.
+type eventLabelMap struct {
+	event Event
+}
+
+func (ev Event) At() time.Time { return ev.at }
+
+func (ev Event) Format(f fmt.State, r rune) {
+	if !ev.at.IsZero() {
+		fmt.Fprint(f, ev.at.Format("2006/01/02 15:04:05 "))
+	}
+	for index := 0; ev.Valid(index); index++ {
+		if l := ev.Label(index); l.Valid() {
+			fmt.Fprintf(f, "\n\t%v", l)
+		}
+	}
+}
+
+func (ev Event) Valid(index int) bool {
+	return index >= 0 && index < len(ev.static)+len(ev.dynamic)
+}
+
+func (ev Event) Label(index int) label.Label {
+	if index < len(ev.static) {
+		return ev.static[index]
+	}
+	return ev.dynamic[index-len(ev.static)]
+}
+
+func (ev Event) Find(key label.Key) label.Label {
+	for _, l := range ev.static {
+		if l.Key() == key {
+			return l
+		}
+	}
+	for _, l := range ev.dynamic {
+		if l.Key() == key {
+			return l
+		}
+	}
+	return label.Label{}
+}
+
+func MakeEvent(static [3]label.Label, labels []label.Label) Event {
+	return Event{
+		static:  static,
+		dynamic: labels,
+	}
+}
+
+// CloneEvent event returns a copy of the event with the time adjusted to at.
+func CloneEvent(ev Event, at time.Time) Event {
+	ev.at = at
+	return ev
+}
diff --git a/vendor/golang.org/x/tools/internal/event/core/export.go b/vendor/golang.org/x/tools/internal/event/core/export.go
new file mode 100644
index 00000000..05f3a9a5
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/event/core/export.go
@@ -0,0 +1,70 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package core
+
+import (
+	"context"
+	"sync/atomic"
+	"time"
+	"unsafe"
+
+	"golang.org/x/tools/internal/event/label"
+)
+
+// Exporter is a function that handles events.
+// It may return a modified context and event.
+type Exporter func(context.Context, Event, label.Map) context.Context
+
+var (
+	exporter unsafe.Pointer
+)
+
+// SetExporter sets the global exporter function that handles all events.
+// The exporter is called synchronously from the event call site, so it should
+// return quickly so as not to hold up user code.
+func SetExporter(e Exporter) {
+	p := unsafe.Pointer(&e)
+	if e == nil {
+		// &e is always valid, and so p is always valid, but for the early abort
+		// of ProcessEvent to be efficient it needs to make the nil check on the
+		// pointer without having to dereference it, so we make the nil function
+		// also a nil pointer
+		p = nil
+	}
+	atomic.StorePointer(&exporter, p)
+}
+
+// deliver is called to deliver an event to the supplied exporter.
+// it will fill in the time.
+func deliver(ctx context.Context, exporter Exporter, ev Event) context.Context {
+	// add the current time to the event
+	ev.at = time.Now()
+	// hand the event off to the current exporter
+	return exporter(ctx, ev, ev)
+}
+
+// Export is called to deliver an event to the global exporter if set.
+func Export(ctx context.Context, ev Event) context.Context {
+	// get the global exporter and abort early if there is not one
+	exporterPtr := (*Exporter)(atomic.LoadPointer(&exporter))
+	if exporterPtr == nil {
+		return ctx
+	}
+	return deliver(ctx, *exporterPtr, ev)
+}
+
+// ExportPair is called to deliver a start event to the supplied exporter.
+// It also returns a function that will deliver the end event to the same
+// exporter.
+// It will fill in the time.
+func ExportPair(ctx context.Context, begin, end Event) (context.Context, func()) {
+	// get the global exporter and abort early if there is not one
+	exporterPtr := (*Exporter)(atomic.LoadPointer(&exporter))
+	if exporterPtr == nil {
+		return ctx, func() {}
+	}
+	ctx = deliver(ctx, *exporterPtr, begin)
+	return ctx, func() { deliver(ctx, *exporterPtr, end) }
+}
diff --git a/vendor/golang.org/x/tools/internal/event/core/fast.go b/vendor/golang.org/x/tools/internal/event/core/fast.go
new file mode 100644
index 00000000..06c1d461
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/event/core/fast.go
@@ -0,0 +1,77 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package core
+
+import (
+	"context"
+
+	"golang.org/x/tools/internal/event/keys"
+	"golang.org/x/tools/internal/event/label"
+)
+
+// Log1 takes a message and one label delivers a log event to the exporter.
+// It is a customized version of Print that is faster and does no allocation.
+func Log1(ctx context.Context, message string, t1 label.Label) {
+	Export(ctx, MakeEvent([3]label.Label{
+		keys.Msg.Of(message),
+		t1,
+	}, nil))
+}
+
+// Log2 takes a message and two labels and delivers a log event to the exporter.
+// It is a customized version of Print that is faster and does no allocation.
+func Log2(ctx context.Context, message string, t1 label.Label, t2 label.Label) {
+	Export(ctx, MakeEvent([3]label.Label{
+		keys.Msg.Of(message),
+		t1,
+		t2,
+	}, nil))
+}
+
+// Metric1 sends a label event to the exporter with the supplied labels.
+func Metric1(ctx context.Context, t1 label.Label) context.Context {
+	return Export(ctx, MakeEvent([3]label.Label{
+		keys.Metric.New(),
+		t1,
+	}, nil))
+}
+
+// Metric2 sends a label event to the exporter with the supplied labels.
+func Metric2(ctx context.Context, t1, t2 label.Label) context.Context {
+	return Export(ctx, MakeEvent([3]label.Label{
+		keys.Metric.New(),
+		t1,
+		t2,
+	}, nil))
+}
+
+// Start1 sends a span start event with the supplied label list to the exporter.
+// It also returns a function that will end the span, which should normally be
+// deferred.
+func Start1(ctx context.Context, name string, t1 label.Label) (context.Context, func()) {
+	return ExportPair(ctx,
+		MakeEvent([3]label.Label{
+			keys.Start.Of(name),
+			t1,
+		}, nil),
+		MakeEvent([3]label.Label{
+			keys.End.New(),
+		}, nil))
+}
+
+// Start2 sends a span start event with the supplied label list to the exporter.
+// It also returns a function that will end the span, which should normally be
+// deferred.
+func Start2(ctx context.Context, name string, t1, t2 label.Label) (context.Context, func()) {
+	return ExportPair(ctx,
+		MakeEvent([3]label.Label{
+			keys.Start.Of(name),
+			t1,
+			t2,
+		}, nil),
+		MakeEvent([3]label.Label{
+			keys.End.New(),
+		}, nil))
+}
diff --git a/vendor/golang.org/x/tools/internal/event/doc.go b/vendor/golang.org/x/tools/internal/event/doc.go
new file mode 100644
index 00000000..5dc6e6ba
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/event/doc.go
@@ -0,0 +1,7 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package event provides a set of packages that cover the main
+// concepts of telemetry in an implementation agnostic way.
+package event
diff --git a/vendor/golang.org/x/tools/internal/event/event.go b/vendor/golang.org/x/tools/internal/event/event.go
new file mode 100644
index 00000000..4d55e577
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/event/event.go
@@ -0,0 +1,127 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package event
+
+import (
+	"context"
+
+	"golang.org/x/tools/internal/event/core"
+	"golang.org/x/tools/internal/event/keys"
+	"golang.org/x/tools/internal/event/label"
+)
+
+// Exporter is a function that handles events.
+// It may return a modified context and event.
+type Exporter func(context.Context, core.Event, label.Map) context.Context
+
+// SetExporter sets the global exporter function that handles all events.
+// The exporter is called synchronously from the event call site, so it should
+// return quickly so as not to hold up user code.
+func SetExporter(e Exporter) {
+	core.SetExporter(core.Exporter(e))
+}
+
+// Log takes a message and a label list and combines them into a single event
+// before delivering them to the exporter.
+func Log(ctx context.Context, message string, labels ...label.Label) {
+	core.Export(ctx, core.MakeEvent([3]label.Label{
+		keys.Msg.Of(message),
+	}, labels))
+}
+
+// IsLog returns true if the event was built by the Log function.
+// It is intended to be used in exporters to identify the semantics of the
+// event when deciding what to do with it.
+func IsLog(ev core.Event) bool {
+	return ev.Label(0).Key() == keys.Msg
+}
+
+// Error takes a message and a label list and combines them into a single event
+// before delivering them to the exporter. It captures the error in the
+// delivered event.
+func Error(ctx context.Context, message string, err error, labels ...label.Label) {
+	core.Export(ctx, core.MakeEvent([3]label.Label{
+		keys.Msg.Of(message),
+		keys.Err.Of(err),
+	}, labels))
+}
+
+// IsError returns true if the event was built by the Error function.
+// It is intended to be used in exporters to identify the semantics of the
+// event when deciding what to do with it.
+func IsError(ev core.Event) bool {
+	return ev.Label(0).Key() == keys.Msg &&
+		ev.Label(1).Key() == keys.Err
+}
+
+// Metric sends a label event to the exporter with the supplied labels.
+func Metric(ctx context.Context, labels ...label.Label) {
+	core.Export(ctx, core.MakeEvent([3]label.Label{
+		keys.Metric.New(),
+	}, labels))
+}
+
+// IsMetric returns true if the event was built by the Metric function.
+// It is intended to be used in exporters to identify the semantics of the
+// event when deciding what to do with it.
+func IsMetric(ev core.Event) bool {
+	return ev.Label(0).Key() == keys.Metric
+}
+
+// Label sends a label event to the exporter with the supplied labels.
+func Label(ctx context.Context, labels ...label.Label) context.Context {
+	return core.Export(ctx, core.MakeEvent([3]label.Label{
+		keys.Label.New(),
+	}, labels))
+}
+
+// IsLabel returns true if the event was built by the Label function.
+// It is intended to be used in exporters to identify the semantics of the
+// event when deciding what to do with it.
+func IsLabel(ev core.Event) bool {
+	return ev.Label(0).Key() == keys.Label
+}
+
+// Start sends a span start event with the supplied label list to the exporter.
+// It also returns a function that will end the span, which should normally be
+// deferred.
+func Start(ctx context.Context, name string, labels ...label.Label) (context.Context, func()) {
+	return core.ExportPair(ctx,
+		core.MakeEvent([3]label.Label{
+			keys.Start.Of(name),
+		}, labels),
+		core.MakeEvent([3]label.Label{
+			keys.End.New(),
+		}, nil))
+}
+
+// IsStart returns true if the event was built by the Start function.
+// It is intended to be used in exporters to identify the semantics of the
+// event when deciding what to do with it.
+func IsStart(ev core.Event) bool {
+	return ev.Label(0).Key() == keys.Start
+}
+
+// IsEnd returns true if the event was built by the End function.
+// It is intended to be used in exporters to identify the semantics of the
+// event when deciding what to do with it.
+func IsEnd(ev core.Event) bool {
+	return ev.Label(0).Key() == keys.End
+}
+
+// Detach returns a context without an associated span.
+// This allows the creation of spans that are not children of the current span.
+func Detach(ctx context.Context) context.Context {
+	return core.Export(ctx, core.MakeEvent([3]label.Label{
+		keys.Detach.New(),
+	}, nil))
+}
+
+// IsDetach returns true if the event was built by the Detach function.
+// It is intended to be used in exporters to identify the semantics of the
+// event when deciding what to do with it.
+func IsDetach(ev core.Event) bool {
+	return ev.Label(0).Key() == keys.Detach
+}
diff --git a/vendor/golang.org/x/tools/internal/event/keys/keys.go b/vendor/golang.org/x/tools/internal/event/keys/keys.go
new file mode 100644
index 00000000..a02206e3
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/event/keys/keys.go
@@ -0,0 +1,564 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package keys
+
+import (
+	"fmt"
+	"io"
+	"math"
+	"strconv"
+
+	"golang.org/x/tools/internal/event/label"
+)
+
+// Value represents a key for untyped values.
+type Value struct {
+	name        string
+	description string
+}
+
+// New creates a new Key for untyped values.
+func New(name, description string) *Value {
+	return &Value{name: name, description: description}
+}
+
+func (k *Value) Name() string        { return k.name }
+func (k *Value) Description() string { return k.description }
+
+func (k *Value) Format(w io.Writer, buf []byte, l label.Label) {
+	fmt.Fprint(w, k.From(l))
+}
+
+// Get can be used to get a label for the key from a label.Map.
+func (k *Value) Get(lm label.Map) interface{} {
+	if t := lm.Find(k); t.Valid() {
+		return k.From(t)
+	}
+	return nil
+}
+
+// From can be used to get a value from a Label.
+func (k *Value) From(t label.Label) interface{} { return t.UnpackValue() }
+
+// Of creates a new Label with this key and the supplied value.
+func (k *Value) Of(value interface{}) label.Label { return label.OfValue(k, value) }
+
+// Tag represents a key for tagging labels that have no value.
+// These are used when the existence of the label is the entire information it
+// carries, such as marking events to be of a specific kind, or from a specific
+// package.
+type Tag struct {
+	name        string
+	description string
+}
+
+// NewTag creates a new Key for tagging labels.
+func NewTag(name, description string) *Tag {
+	return &Tag{name: name, description: description}
+}
+
+func (k *Tag) Name() string        { return k.name }
+func (k *Tag) Description() string { return k.description }
+
+func (k *Tag) Format(w io.Writer, buf []byte, l label.Label) {}
+
+// New creates a new Label with this key.
+func (k *Tag) New() label.Label { return label.OfValue(k, nil) }
+
+// Int represents a key
+type Int struct {
+	name        string
+	description string
+}
+
+// NewInt creates a new Key for int values.
+func NewInt(name, description string) *Int {
+	return &Int{name: name, description: description}
+}
+
+func (k *Int) Name() string        { return k.name }
+func (k *Int) Description() string { return k.description }
+
+func (k *Int) Format(w io.Writer, buf []byte, l label.Label) {
+	w.Write(strconv.AppendInt(buf, int64(k.From(l)), 10))
+}
+
+// Of creates a new Label with this key and the supplied value.
+func (k *Int) Of(v int) label.Label { return label.Of64(k, uint64(v)) }
+
+// Get can be used to get a label for the key from a label.Map.
+func (k *Int) Get(lm label.Map) int {
+	if t := lm.Find(k); t.Valid() {
+		return k.From(t)
+	}
+	return 0
+}
+
+// From can be used to get a value from a Label.
+func (k *Int) From(t label.Label) int { return int(t.Unpack64()) }
+
+// Int8 represents a key
+type Int8 struct {
+	name        string
+	description string
+}
+
+// NewInt8 creates a new Key for int8 values.
+func NewInt8(name, description string) *Int8 {
+	return &Int8{name: name, description: description}
+}
+
+func (k *Int8) Name() string        { return k.name }
+func (k *Int8) Description() string { return k.description }
+
+func (k *Int8) Format(w io.Writer, buf []byte, l label.Label) {
+	w.Write(strconv.AppendInt(buf, int64(k.From(l)), 10))
+}
+
+// Of creates a new Label with this key and the supplied value.
+func (k *Int8) Of(v int8) label.Label { return label.Of64(k, uint64(v)) }
+
+// Get can be used to get a label for the key from a label.Map.
+func (k *Int8) Get(lm label.Map) int8 {
+	if t := lm.Find(k); t.Valid() {
+		return k.From(t)
+	}
+	return 0
+}
+
+// From can be used to get a value from a Label.
+func (k *Int8) From(t label.Label) int8 { return int8(t.Unpack64()) }
+
+// Int16 represents a key
+type Int16 struct {
+	name        string
+	description string
+}
+
+// NewInt16 creates a new Key for int16 values.
+func NewInt16(name, description string) *Int16 {
+	return &Int16{name: name, description: description}
+}
+
+func (k *Int16) Name() string        { return k.name }
+func (k *Int16) Description() string { return k.description }
+
+func (k *Int16) Format(w io.Writer, buf []byte, l label.Label) {
+	w.Write(strconv.AppendInt(buf, int64(k.From(l)), 10))
+}
+
+// Of creates a new Label with this key and the supplied value.
+func (k *Int16) Of(v int16) label.Label { return label.Of64(k, uint64(v)) }
+
+// Get can be used to get a label for the key from a label.Map.
+func (k *Int16) Get(lm label.Map) int16 {
+	if t := lm.Find(k); t.Valid() {
+		return k.From(t)
+	}
+	return 0
+}
+
+// From can be used to get a value from a Label.
+func (k *Int16) From(t label.Label) int16 { return int16(t.Unpack64()) }
+
+// Int32 represents a key
+type Int32 struct {
+	name        string
+	description string
+}
+
+// NewInt32 creates a new Key for int32 values.
+func NewInt32(name, description string) *Int32 {
+	return &Int32{name: name, description: description}
+}
+
+func (k *Int32) Name() string        { return k.name }
+func (k *Int32) Description() string { return k.description }
+
+func (k *Int32) Format(w io.Writer, buf []byte, l label.Label) {
+	w.Write(strconv.AppendInt(buf, int64(k.From(l)), 10))
+}
+
+// Of creates a new Label with this key and the supplied value.
+func (k *Int32) Of(v int32) label.Label { return label.Of64(k, uint64(v)) }
+
+// Get can be used to get a label for the key from a label.Map.
+func (k *Int32) Get(lm label.Map) int32 {
+	if t := lm.Find(k); t.Valid() {
+		return k.From(t)
+	}
+	return 0
+}
+
+// From can be used to get a value from a Label.
+func (k *Int32) From(t label.Label) int32 { return int32(t.Unpack64()) }
+
+// Int64 represents a key
+type Int64 struct {
+	name        string
+	description string
+}
+
+// NewInt64 creates a new Key for int64 values.
+func NewInt64(name, description string) *Int64 {
+	return &Int64{name: name, description: description}
+}
+
+func (k *Int64) Name() string        { return k.name }
+func (k *Int64) Description() string { return k.description }
+
+func (k *Int64) Format(w io.Writer, buf []byte, l label.Label) {
+	w.Write(strconv.AppendInt(buf, k.From(l), 10))
+}
+
+// Of creates a new Label with this key and the supplied value.
+func (k *Int64) Of(v int64) label.Label { return label.Of64(k, uint64(v)) }
+
+// Get can be used to get a label for the key from a label.Map.
+func (k *Int64) Get(lm label.Map) int64 {
+	if t := lm.Find(k); t.Valid() {
+		return k.From(t)
+	}
+	return 0
+}
+
+// From can be used to get a value from a Label.
+func (k *Int64) From(t label.Label) int64 { return int64(t.Unpack64()) }
+
+// UInt represents a key
+type UInt struct {
+	name        string
+	description string
+}
+
+// NewUInt creates a new Key for uint values.
+func NewUInt(name, description string) *UInt {
+	return &UInt{name: name, description: description}
+}
+
+func (k *UInt) Name() string        { return k.name }
+func (k *UInt) Description() string { return k.description }
+
+func (k *UInt) Format(w io.Writer, buf []byte, l label.Label) {
+	w.Write(strconv.AppendUint(buf, uint64(k.From(l)), 10))
+}
+
+// Of creates a new Label with this key and the supplied value.
+func (k *UInt) Of(v uint) label.Label { return label.Of64(k, uint64(v)) }
+
+// Get can be used to get a label for the key from a label.Map.
+func (k *UInt) Get(lm label.Map) uint {
+	if t := lm.Find(k); t.Valid() {
+		return k.From(t)
+	}
+	return 0
+}
+
+// From can be used to get a value from a Label.
+func (k *UInt) From(t label.Label) uint { return uint(t.Unpack64()) }
+
+// UInt8 represents a key
+type UInt8 struct {
+	name        string
+	description string
+}
+
+// NewUInt8 creates a new Key for uint8 values.
+func NewUInt8(name, description string) *UInt8 {
+	return &UInt8{name: name, description: description}
+}
+
+func (k *UInt8) Name() string        { return k.name }
+func (k *UInt8) Description() string { return k.description }
+
+func (k *UInt8) Format(w io.Writer, buf []byte, l label.Label) {
+	w.Write(strconv.AppendUint(buf, uint64(k.From(l)), 10))
+}
+
+// Of creates a new Label with this key and the supplied value.
+func (k *UInt8) Of(v uint8) label.Label { return label.Of64(k, uint64(v)) }
+
+// Get can be used to get a label for the key from a label.Map.
+func (k *UInt8) Get(lm label.Map) uint8 {
+	if t := lm.Find(k); t.Valid() {
+		return k.From(t)
+	}
+	return 0
+}
+
+// From can be used to get a value from a Label.
+func (k *UInt8) From(t label.Label) uint8 { return uint8(t.Unpack64()) }
+
+// UInt16 represents a key
+type UInt16 struct {
+	name        string
+	description string
+}
+
+// NewUInt16 creates a new Key for uint16 values.
+func NewUInt16(name, description string) *UInt16 {
+	return &UInt16{name: name, description: description}
+}
+
+func (k *UInt16) Name() string        { return k.name }
+func (k *UInt16) Description() string { return k.description }
+
+func (k *UInt16) Format(w io.Writer, buf []byte, l label.Label) {
+	w.Write(strconv.AppendUint(buf, uint64(k.From(l)), 10))
+}
+
+// Of creates a new Label with this key and the supplied value.
+func (k *UInt16) Of(v uint16) label.Label { return label.Of64(k, uint64(v)) }
+
+// Get can be used to get a label for the key from a label.Map.
+func (k *UInt16) Get(lm label.Map) uint16 {
+	if t := lm.Find(k); t.Valid() {
+		return k.From(t)
+	}
+	return 0
+}
+
+// From can be used to get a value from a Label.
+func (k *UInt16) From(t label.Label) uint16 { return uint16(t.Unpack64()) }
+
+// UInt32 represents a key
+type UInt32 struct {
+	name        string
+	description string
+}
+
+// NewUInt32 creates a new Key for uint32 values.
+func NewUInt32(name, description string) *UInt32 {
+	return &UInt32{name: name, description: description}
+}
+
+func (k *UInt32) Name() string        { return k.name }
+func (k *UInt32) Description() string { return k.description }
+
+func (k *UInt32) Format(w io.Writer, buf []byte, l label.Label) {
+	w.Write(strconv.AppendUint(buf, uint64(k.From(l)), 10))
+}
+
+// Of creates a new Label with this key and the supplied value.
+func (k *UInt32) Of(v uint32) label.Label { return label.Of64(k, uint64(v)) }
+
+// Get can be used to get a label for the key from a label.Map.
+func (k *UInt32) Get(lm label.Map) uint32 {
+	if t := lm.Find(k); t.Valid() {
+		return k.From(t)
+	}
+	return 0
+}
+
+// From can be used to get a value from a Label.
+func (k *UInt32) From(t label.Label) uint32 { return uint32(t.Unpack64()) }
+
+// UInt64 represents a key
+type UInt64 struct {
+	name        string
+	description string
+}
+
+// NewUInt64 creates a new Key for uint64 values.
+func NewUInt64(name, description string) *UInt64 {
+	return &UInt64{name: name, description: description}
+}
+
+func (k *UInt64) Name() string        { return k.name }
+func (k *UInt64) Description() string { return k.description }
+
+func (k *UInt64) Format(w io.Writer, buf []byte, l label.Label) {
+	w.Write(strconv.AppendUint(buf, k.From(l), 10))
+}
+
+// Of creates a new Label with this key and the supplied value.
+func (k *UInt64) Of(v uint64) label.Label { return label.Of64(k, v) }
+
+// Get can be used to get a label for the key from a label.Map.
+func (k *UInt64) Get(lm label.Map) uint64 {
+	if t := lm.Find(k); t.Valid() {
+		return k.From(t)
+	}
+	return 0
+}
+
+// From can be used to get a value from a Label.
+func (k *UInt64) From(t label.Label) uint64 { return t.Unpack64() }
+
+// Float32 represents a key
+type Float32 struct {
+	name        string
+	description string
+}
+
+// NewFloat32 creates a new Key for float32 values.
+func NewFloat32(name, description string) *Float32 {
+	return &Float32{name: name, description: description}
+}
+
+func (k *Float32) Name() string        { return k.name }
+func (k *Float32) Description() string { return k.description }
+
+func (k *Float32) Format(w io.Writer, buf []byte, l label.Label) {
+	w.Write(strconv.AppendFloat(buf, float64(k.From(l)), 'E', -1, 32))
+}
+
+// Of creates a new Label with this key and the supplied value.
+func (k *Float32) Of(v float32) label.Label {
+	return label.Of64(k, uint64(math.Float32bits(v)))
+}
+
+// Get can be used to get a label for the key from a label.Map.
+func (k *Float32) Get(lm label.Map) float32 {
+	if t := lm.Find(k); t.Valid() {
+		return k.From(t)
+	}
+	return 0
+}
+
+// From can be used to get a value from a Label.
+func (k *Float32) From(t label.Label) float32 {
+	return math.Float32frombits(uint32(t.Unpack64()))
+}
+
+// Float64 represents a key
+type Float64 struct {
+	name        string
+	description string
+}
+
+// NewFloat64 creates a new Key for int64 values.
+func NewFloat64(name, description string) *Float64 {
+	return &Float64{name: name, description: description}
+}
+
+func (k *Float64) Name() string        { return k.name }
+func (k *Float64) Description() string { return k.description }
+
+func (k *Float64) Format(w io.Writer, buf []byte, l label.Label) {
+	w.Write(strconv.AppendFloat(buf, k.From(l), 'E', -1, 64))
+}
+
+// Of creates a new Label with this key and the supplied value.
+func (k *Float64) Of(v float64) label.Label {
+	return label.Of64(k, math.Float64bits(v))
+}
+
+// Get can be used to get a label for the key from a label.Map.
+func (k *Float64) Get(lm label.Map) float64 {
+	if t := lm.Find(k); t.Valid() {
+		return k.From(t)
+	}
+	return 0
+}
+
+// From can be used to get a value from a Label.
+func (k *Float64) From(t label.Label) float64 {
+	return math.Float64frombits(t.Unpack64())
+}
+
+// String represents a key
+type String struct {
+	name        string
+	description string
+}
+
+// NewString creates a new Key for int64 values.
+func NewString(name, description string) *String {
+	return &String{name: name, description: description}
+}
+
+func (k *String) Name() string        { return k.name }
+func (k *String) Description() string { return k.description }
+
+func (k *String) Format(w io.Writer, buf []byte, l label.Label) {
+	w.Write(strconv.AppendQuote(buf, k.From(l)))
+}
+
+// Of creates a new Label with this key and the supplied value.
+func (k *String) Of(v string) label.Label { return label.OfString(k, v) }
+
+// Get can be used to get a label for the key from a label.Map.
+func (k *String) Get(lm label.Map) string {
+	if t := lm.Find(k); t.Valid() {
+		return k.From(t)
+	}
+	return ""
+}
+
+// From can be used to get a value from a Label.
+func (k *String) From(t label.Label) string { return t.UnpackString() }
+
+// Boolean represents a key
+type Boolean struct {
+	name        string
+	description string
+}
+
+// NewBoolean creates a new Key for bool values.
+func NewBoolean(name, description string) *Boolean {
+	return &Boolean{name: name, description: description}
+}
+
+func (k *Boolean) Name() string        { return k.name }
+func (k *Boolean) Description() string { return k.description }
+
+func (k *Boolean) Format(w io.Writer, buf []byte, l label.Label) {
+	w.Write(strconv.AppendBool(buf, k.From(l)))
+}
+
+// Of creates a new Label with this key and the supplied value.
+func (k *Boolean) Of(v bool) label.Label {
+	if v {
+		return label.Of64(k, 1)
+	}
+	return label.Of64(k, 0)
+}
+
+// Get can be used to get a label for the key from a label.Map.
+func (k *Boolean) Get(lm label.Map) bool {
+	if t := lm.Find(k); t.Valid() {
+		return k.From(t)
+	}
+	return false
+}
+
+// From can be used to get a value from a Label.
+func (k *Boolean) From(t label.Label) bool { return t.Unpack64() > 0 }
+
+// Error represents a key
+type Error struct {
+	name        string
+	description string
+}
+
+// NewError creates a new Key for int64 values.
+func NewError(name, description string) *Error {
+	return &Error{name: name, description: description}
+}
+
+func (k *Error) Name() string        { return k.name }
+func (k *Error) Description() string { return k.description }
+
+func (k *Error) Format(w io.Writer, buf []byte, l label.Label) {
+	io.WriteString(w, k.From(l).Error())
+}
+
+// Of creates a new Label with this key and the supplied value.
+func (k *Error) Of(v error) label.Label { return label.OfValue(k, v) }
+
+// Get can be used to get a label for the key from a label.Map.
+func (k *Error) Get(lm label.Map) error {
+	if t := lm.Find(k); t.Valid() {
+		return k.From(t)
+	}
+	return nil
+}
+
+// From can be used to get a value from a Label.
+func (k *Error) From(t label.Label) error {
+	err, _ := t.UnpackValue().(error)
+	return err
+}
diff --git a/vendor/golang.org/x/tools/internal/event/keys/standard.go b/vendor/golang.org/x/tools/internal/event/keys/standard.go
new file mode 100644
index 00000000..7e958665
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/event/keys/standard.go
@@ -0,0 +1,22 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package keys
+
+var (
+	// Msg is a key used to add message strings to label lists.
+	Msg = NewString("message", "a readable message")
+	// Label is a key used to indicate an event adds labels to the context.
+	Label = NewTag("label", "a label context marker")
+	// Start is used for things like traces that have a name.
+	Start = NewString("start", "span start")
+	// Metric is a key used to indicate an event records metrics.
+	End = NewTag("end", "a span end marker")
+	// Metric is a key used to indicate an event records metrics.
+	Detach = NewTag("detach", "a span detach marker")
+	// Err is a key used to add error values to label lists.
+	Err = NewError("error", "an error that occurred")
+	// Metric is a key used to indicate an event records metrics.
+	Metric = NewTag("metric", "a metric event marker")
+)
diff --git a/vendor/golang.org/x/tools/internal/event/label/label.go b/vendor/golang.org/x/tools/internal/event/label/label.go
new file mode 100644
index 00000000..b55c12eb
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/event/label/label.go
@@ -0,0 +1,213 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package label
+
+import (
+	"fmt"
+	"io"
+	"reflect"
+	"unsafe"
+)
+
+// Key is used as the identity of a Label.
+// Keys are intended to be compared by pointer only, the name should be unique
+// for communicating with external systems, but it is not required or enforced.
+type Key interface {
+	// Name returns the key name.
+	Name() string
+	// Description returns a string that can be used to describe the value.
+	Description() string
+
+	// Format is used in formatting to append the value of the label to the
+	// supplied buffer.
+	// The formatter may use the supplied buf as a scratch area to avoid
+	// allocations.
+	Format(w io.Writer, buf []byte, l Label)
+}
+
+// Label holds a key and value pair.
+// It is normally used when passing around lists of labels.
+type Label struct {
+	key     Key
+	packed  uint64
+	untyped interface{}
+}
+
+// Map is the interface to a collection of Labels indexed by key.
+type Map interface {
+	// Find returns the label that matches the supplied key.
+	Find(key Key) Label
+}
+
+// List is the interface to something that provides an iterable
+// list of labels.
+// Iteration should start from 0 and continue until Valid returns false.
+type List interface {
+	// Valid returns true if the index is within range for the list.
+	// It does not imply the label at that index will itself be valid.
+	Valid(index int) bool
+	// Label returns the label at the given index.
+	Label(index int) Label
+}
+
+// list implements LabelList for a list of Labels.
+type list struct {
+	labels []Label
+}
+
+// filter wraps a LabelList filtering out specific labels.
+type filter struct {
+	keys       []Key
+	underlying List
+}
+
+// listMap implements LabelMap for a simple list of labels.
+type listMap struct {
+	labels []Label
+}
+
+// mapChain implements LabelMap for a list of underlying LabelMap.
+type mapChain struct {
+	maps []Map
+}
+
+// OfValue creates a new label from the key and value.
+// This method is for implementing new key types, label creation should
+// normally be done with the Of method of the key.
+func OfValue(k Key, value interface{}) Label { return Label{key: k, untyped: value} }
+
+// UnpackValue assumes the label was built using LabelOfValue and returns the value
+// that was passed to that constructor.
+// This method is for implementing new key types, for type safety normal
+// access should be done with the From method of the key.
+func (t Label) UnpackValue() interface{} { return t.untyped }
+
+// Of64 creates a new label from a key and a uint64. This is often
+// used for non uint64 values that can be packed into a uint64.
+// This method is for implementing new key types, label creation should
+// normally be done with the Of method of the key.
+func Of64(k Key, v uint64) Label { return Label{key: k, packed: v} }
+
+// Unpack64 assumes the label was built using LabelOf64 and returns the value that
+// was passed to that constructor.
+// This method is for implementing new key types, for type safety normal
+// access should be done with the From method of the key.
+func (t Label) Unpack64() uint64 { return t.packed }
+
+// OfString creates a new label from a key and a string.
+// This method is for implementing new key types, label creation should
+// normally be done with the Of method of the key.
+func OfString(k Key, v string) Label {
+	hdr := (*reflect.StringHeader)(unsafe.Pointer(&v))
+	return Label{
+		key:     k,
+		packed:  uint64(hdr.Len),
+		untyped: unsafe.Pointer(hdr.Data),
+	}
+}
+
+// UnpackString assumes the label was built using LabelOfString and returns the
+// value that was passed to that constructor.
+// This method is for implementing new key types, for type safety normal
+// access should be done with the From method of the key.
+func (t Label) UnpackString() string {
+	var v string
+	hdr := (*reflect.StringHeader)(unsafe.Pointer(&v))
+	hdr.Data = uintptr(t.untyped.(unsafe.Pointer))
+	hdr.Len = int(t.packed)
+	return *(*string)(unsafe.Pointer(hdr))
+}
+
+// Valid returns true if the Label is a valid one (it has a key).
+func (t Label) Valid() bool { return t.key != nil }
+
+// Key returns the key of this Label.
+func (t Label) Key() Key { return t.key }
+
+// Format is used for debug printing of labels.
+func (t Label) Format(f fmt.State, r rune) {
+	if !t.Valid() {
+		io.WriteString(f, `nil`)
+		return
+	}
+	io.WriteString(f, t.Key().Name())
+	io.WriteString(f, "=")
+	var buf [128]byte
+	t.Key().Format(f, buf[:0], t)
+}
+
+func (l *list) Valid(index int) bool {
+	return index >= 0 && index < len(l.labels)
+}
+
+func (l *list) Label(index int) Label {
+	return l.labels[index]
+}
+
+func (f *filter) Valid(index int) bool {
+	return f.underlying.Valid(index)
+}
+
+func (f *filter) Label(index int) Label {
+	l := f.underlying.Label(index)
+	for _, f := range f.keys {
+		if l.Key() == f {
+			return Label{}
+		}
+	}
+	return l
+}
+
+func (lm listMap) Find(key Key) Label {
+	for _, l := range lm.labels {
+		if l.Key() == key {
+			return l
+		}
+	}
+	return Label{}
+}
+
+func (c mapChain) Find(key Key) Label {
+	for _, src := range c.maps {
+		l := src.Find(key)
+		if l.Valid() {
+			return l
+		}
+	}
+	return Label{}
+}
+
+var emptyList = &list{}
+
+func NewList(labels ...Label) List {
+	if len(labels) == 0 {
+		return emptyList
+	}
+	return &list{labels: labels}
+}
+
+func Filter(l List, keys ...Key) List {
+	if len(keys) == 0 {
+		return l
+	}
+	return &filter{keys: keys, underlying: l}
+}
+
+func NewMap(labels ...Label) Map {
+	return listMap{labels: labels}
+}
+
+func MergeMaps(srcs ...Map) Map {
+	var nonNil []Map
+	for _, src := range srcs {
+		if src != nil {
+			nonNil = append(nonNil, src)
+		}
+	}
+	if len(nonNil) == 1 {
+		return nonNil[0]
+	}
+	return mapChain{maps: nonNil}
+}
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk.go
deleted file mode 100644
index 7219c8e9..00000000
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk.go
+++ /dev/null
@@ -1,196 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package fastwalk provides a faster version of filepath.Walk for file system
-// scanning tools.
-package fastwalk
-
-import (
-	"errors"
-	"os"
-	"path/filepath"
-	"runtime"
-	"sync"
-)
-
-// TraverseLink is used as a return value from WalkFuncs to indicate that the
-// symlink named in the call may be traversed.
-var TraverseLink = errors.New("fastwalk: traverse symlink, assuming target is a directory")
-
-// SkipFiles is a used as a return value from WalkFuncs to indicate that the
-// callback should not be called for any other files in the current directory.
-// Child directories will still be traversed.
-var SkipFiles = errors.New("fastwalk: skip remaining files in directory")
-
-// Walk is a faster implementation of filepath.Walk.
-//
-// filepath.Walk's design necessarily calls os.Lstat on each file,
-// even if the caller needs less info.
-// Many tools need only the type of each file.
-// On some platforms, this information is provided directly by the readdir
-// system call, avoiding the need to stat each file individually.
-// fastwalk_unix.go contains a fork of the syscall routines.
-//
-// See golang.org/issue/16399
-//
-// Walk walks the file tree rooted at root, calling walkFn for
-// each file or directory in the tree, including root.
-//
-// If fastWalk returns filepath.SkipDir, the directory is skipped.
-//
-// Unlike filepath.Walk:
-//   * file stat calls must be done by the user.
-//     The only provided metadata is the file type, which does not include
-//     any permission bits.
-//   * multiple goroutines stat the filesystem concurrently. The provided
-//     walkFn must be safe for concurrent use.
-//   * fastWalk can follow symlinks if walkFn returns the TraverseLink
-//     sentinel error. It is the walkFn's responsibility to prevent
-//     fastWalk from going into symlink cycles.
-func Walk(root string, walkFn func(path string, typ os.FileMode) error) error {
-	// TODO(bradfitz): make numWorkers configurable? We used a
-	// minimum of 4 to give the kernel more info about multiple
-	// things we want, in hopes its I/O scheduling can take
-	// advantage of that. Hopefully most are in cache. Maybe 4 is
-	// even too low of a minimum. Profile more.
-	numWorkers := 4
-	if n := runtime.NumCPU(); n > numWorkers {
-		numWorkers = n
-	}
-
-	// Make sure to wait for all workers to finish, otherwise
-	// walkFn could still be called after returning. This Wait call
-	// runs after close(e.donec) below.
-	var wg sync.WaitGroup
-	defer wg.Wait()
-
-	w := &walker{
-		fn:       walkFn,
-		enqueuec: make(chan walkItem, numWorkers), // buffered for performance
-		workc:    make(chan walkItem, numWorkers), // buffered for performance
-		donec:    make(chan struct{}),
-
-		// buffered for correctness & not leaking goroutines:
-		resc: make(chan error, numWorkers),
-	}
-	defer close(w.donec)
-
-	for i := 0; i < numWorkers; i++ {
-		wg.Add(1)
-		go w.doWork(&wg)
-	}
-	todo := []walkItem{{dir: root}}
-	out := 0
-	for {
-		workc := w.workc
-		var workItem walkItem
-		if len(todo) == 0 {
-			workc = nil
-		} else {
-			workItem = todo[len(todo)-1]
-		}
-		select {
-		case workc <- workItem:
-			todo = todo[:len(todo)-1]
-			out++
-		case it := <-w.enqueuec:
-			todo = append(todo, it)
-		case err := <-w.resc:
-			out--
-			if err != nil {
-				return err
-			}
-			if out == 0 && len(todo) == 0 {
-				// It's safe to quit here, as long as the buffered
-				// enqueue channel isn't also readable, which might
-				// happen if the worker sends both another unit of
-				// work and its result before the other select was
-				// scheduled and both w.resc and w.enqueuec were
-				// readable.
-				select {
-				case it := <-w.enqueuec:
-					todo = append(todo, it)
-				default:
-					return nil
-				}
-			}
-		}
-	}
-}
-
-// doWork reads directories as instructed (via workc) and runs the
-// user's callback function.
-func (w *walker) doWork(wg *sync.WaitGroup) {
-	defer wg.Done()
-	for {
-		select {
-		case <-w.donec:
-			return
-		case it := <-w.workc:
-			select {
-			case <-w.donec:
-				return
-			case w.resc <- w.walk(it.dir, !it.callbackDone):
-			}
-		}
-	}
-}
-
-type walker struct {
-	fn func(path string, typ os.FileMode) error
-
-	donec    chan struct{} // closed on fastWalk's return
-	workc    chan walkItem // to workers
-	enqueuec chan walkItem // from workers
-	resc     chan error    // from workers
-}
-
-type walkItem struct {
-	dir          string
-	callbackDone bool // callback already called; don't do it again
-}
-
-func (w *walker) enqueue(it walkItem) {
-	select {
-	case w.enqueuec <- it:
-	case <-w.donec:
-	}
-}
-
-func (w *walker) onDirEnt(dirName, baseName string, typ os.FileMode) error {
-	joined := dirName + string(os.PathSeparator) + baseName
-	if typ == os.ModeDir {
-		w.enqueue(walkItem{dir: joined})
-		return nil
-	}
-
-	err := w.fn(joined, typ)
-	if typ == os.ModeSymlink {
-		if err == TraverseLink {
-			// Set callbackDone so we don't call it twice for both the
-			// symlink-as-symlink and the symlink-as-directory later:
-			w.enqueue(walkItem{dir: joined, callbackDone: true})
-			return nil
-		}
-		if err == filepath.SkipDir {
-			// Permit SkipDir on symlinks too.
-			return nil
-		}
-	}
-	return err
-}
-
-func (w *walker) walk(root string, runUserCallback bool) error {
-	if runUserCallback {
-		err := w.fn(root, os.ModeDir)
-		if err == filepath.SkipDir {
-			return nil
-		}
-		if err != nil {
-			return err
-		}
-	}
-
-	return readDir(root, w.onDirEnt)
-}
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_fileno.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_fileno.go
deleted file mode 100644
index ccffec5a..00000000
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_fileno.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build freebsd openbsd netbsd
-
-package fastwalk
-
-import "syscall"
-
-func direntInode(dirent *syscall.Dirent) uint64 {
-	return uint64(dirent.Fileno)
-}
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_ino.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_ino.go
deleted file mode 100644
index ab7fbc0a..00000000
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_ino.go
+++ /dev/null
@@ -1,14 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build linux darwin
-// +build !appengine
-
-package fastwalk
-
-import "syscall"
-
-func direntInode(dirent *syscall.Dirent) uint64 {
-	return uint64(dirent.Ino)
-}
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_bsd.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_bsd.go
deleted file mode 100644
index a3b26a7b..00000000
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_bsd.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build darwin freebsd openbsd netbsd
-
-package fastwalk
-
-import "syscall"
-
-func direntNamlen(dirent *syscall.Dirent) uint64 {
-	return uint64(dirent.Namlen)
-}
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_linux.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_linux.go
deleted file mode 100644
index e880d358..00000000
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_dirent_namlen_linux.go
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build linux
-// +build !appengine
-
-package fastwalk
-
-import (
-	"bytes"
-	"syscall"
-	"unsafe"
-)
-
-func direntNamlen(dirent *syscall.Dirent) uint64 {
-	const fixedHdr = uint16(unsafe.Offsetof(syscall.Dirent{}.Name))
-	nameBuf := (*[unsafe.Sizeof(dirent.Name)]byte)(unsafe.Pointer(&dirent.Name[0]))
-	const nameBufLen = uint16(len(nameBuf))
-	limit := dirent.Reclen - fixedHdr
-	if limit > nameBufLen {
-		limit = nameBufLen
-	}
-	nameLen := bytes.IndexByte(nameBuf[:limit], 0)
-	if nameLen < 0 {
-		panic("failed to find terminating 0 byte in dirent")
-	}
-	return uint64(nameLen)
-}
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_portable.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_portable.go
deleted file mode 100644
index a906b875..00000000
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_portable.go
+++ /dev/null
@@ -1,37 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build appengine !linux,!darwin,!freebsd,!openbsd,!netbsd
-
-package fastwalk
-
-import (
-	"io/ioutil"
-	"os"
-)
-
-// readDir calls fn for each directory entry in dirName.
-// It does not descend into directories or follow symlinks.
-// If fn returns a non-nil error, readDir returns with that error
-// immediately.
-func readDir(dirName string, fn func(dirName, entName string, typ os.FileMode) error) error {
-	fis, err := ioutil.ReadDir(dirName)
-	if err != nil {
-		return err
-	}
-	skipFiles := false
-	for _, fi := range fis {
-		if fi.Mode().IsRegular() && skipFiles {
-			continue
-		}
-		if err := fn(dirName, fi.Name(), fi.Mode()&os.ModeType); err != nil {
-			if err == SkipFiles {
-				skipFiles = true
-				continue
-			}
-			return err
-		}
-	}
-	return nil
-}
diff --git a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_unix.go b/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_unix.go
deleted file mode 100644
index 3369b1a0..00000000
--- a/vendor/golang.org/x/tools/internal/fastwalk/fastwalk_unix.go
+++ /dev/null
@@ -1,127 +0,0 @@
-// Copyright 2016 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// +build linux darwin freebsd openbsd netbsd
-// +build !appengine
-
-package fastwalk
-
-import (
-	"fmt"
-	"os"
-	"syscall"
-	"unsafe"
-)
-
-const blockSize = 8 << 10
-
-// unknownFileMode is a sentinel (and bogus) os.FileMode
-// value used to represent a syscall.DT_UNKNOWN Dirent.Type.
-const unknownFileMode os.FileMode = os.ModeNamedPipe | os.ModeSocket | os.ModeDevice
-
-func readDir(dirName string, fn func(dirName, entName string, typ os.FileMode) error) error {
-	fd, err := syscall.Open(dirName, 0, 0)
-	if err != nil {
-		return &os.PathError{Op: "open", Path: dirName, Err: err}
-	}
-	defer syscall.Close(fd)
-
-	// The buffer must be at least a block long.
-	buf := make([]byte, blockSize) // stack-allocated; doesn't escape
-	bufp := 0                      // starting read position in buf
-	nbuf := 0                      // end valid data in buf
-	skipFiles := false
-	for {
-		if bufp >= nbuf {
-			bufp = 0
-			nbuf, err = syscall.ReadDirent(fd, buf)
-			if err != nil {
-				return os.NewSyscallError("readdirent", err)
-			}
-			if nbuf <= 0 {
-				return nil
-			}
-		}
-		consumed, name, typ := parseDirEnt(buf[bufp:nbuf])
-		bufp += consumed
-		if name == "" || name == "." || name == ".." {
-			continue
-		}
-		// Fallback for filesystems (like old XFS) that don't
-		// support Dirent.Type and have DT_UNKNOWN (0) there
-		// instead.
-		if typ == unknownFileMode {
-			fi, err := os.Lstat(dirName + "/" + name)
-			if err != nil {
-				// It got deleted in the meantime.
-				if os.IsNotExist(err) {
-					continue
-				}
-				return err
-			}
-			typ = fi.Mode() & os.ModeType
-		}
-		if skipFiles && typ.IsRegular() {
-			continue
-		}
-		if err := fn(dirName, name, typ); err != nil {
-			if err == SkipFiles {
-				skipFiles = true
-				continue
-			}
-			return err
-		}
-	}
-}
-
-func parseDirEnt(buf []byte) (consumed int, name string, typ os.FileMode) {
-	// golang.org/issue/15653
-	dirent := (*syscall.Dirent)(unsafe.Pointer(&buf[0]))
-	if v := unsafe.Offsetof(dirent.Reclen) + unsafe.Sizeof(dirent.Reclen); uintptr(len(buf)) < v {
-		panic(fmt.Sprintf("buf size of %d smaller than dirent header size %d", len(buf), v))
-	}
-	if len(buf) < int(dirent.Reclen) {
-		panic(fmt.Sprintf("buf size %d < record length %d", len(buf), dirent.Reclen))
-	}
-	consumed = int(dirent.Reclen)
-	if direntInode(dirent) == 0 { // File absent in directory.
-		return
-	}
-	switch dirent.Type {
-	case syscall.DT_REG:
-		typ = 0
-	case syscall.DT_DIR:
-		typ = os.ModeDir
-	case syscall.DT_LNK:
-		typ = os.ModeSymlink
-	case syscall.DT_BLK:
-		typ = os.ModeDevice
-	case syscall.DT_FIFO:
-		typ = os.ModeNamedPipe
-	case syscall.DT_SOCK:
-		typ = os.ModeSocket
-	case syscall.DT_UNKNOWN:
-		typ = unknownFileMode
-	default:
-		// Skip weird things.
-		// It's probably a DT_WHT (http://lwn.net/Articles/325369/)
-		// or something. Revisit if/when this package is moved outside
-		// of goimports. goimports only cares about regular files,
-		// symlinks, and directories.
-		return
-	}
-
-	nameBuf := (*[unsafe.Sizeof(dirent.Name)]byte)(unsafe.Pointer(&dirent.Name[0]))
-	nameLen := direntNamlen(dirent)
-
-	// Special cases for common things:
-	if nameLen == 1 && nameBuf[0] == '.' {
-		name = "."
-	} else if nameLen == 2 && nameBuf[0] == '.' && nameBuf[1] == '.' {
-		name = ".."
-	} else {
-		name = string(nameBuf[:nameLen])
-	}
-	return
-}
diff --git a/vendor/golang.org/x/tools/internal/gocommand/invoke.go b/vendor/golang.org/x/tools/internal/gocommand/invoke.go
new file mode 100644
index 00000000..f516e176
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/gocommand/invoke.go
@@ -0,0 +1,230 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package gocommand is a helper for calling the go command.
+package gocommand
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io"
+	"os"
+	"os/exec"
+	"regexp"
+	"strings"
+	"sync"
+	"time"
+
+	"golang.org/x/tools/internal/event"
+)
+
+// An Runner will run go command invocations and serialize
+// them if it sees a concurrency error.
+type Runner struct {
+	// once guards the runner initialization.
+	once sync.Once
+
+	// inFlight tracks available workers.
+	inFlight chan struct{}
+
+	// serialized guards the ability to run a go command serially,
+	// to avoid deadlocks when claiming workers.
+	serialized chan struct{}
+}
+
+const maxInFlight = 10
+
+func (runner *Runner) initialize() {
+	runner.once.Do(func() {
+		runner.inFlight = make(chan struct{}, maxInFlight)
+		runner.serialized = make(chan struct{}, 1)
+	})
+}
+
+// 1.13: go: updates to go.mod needed, but contents have changed
+// 1.14: go: updating go.mod: existing contents have changed since last read
+var modConcurrencyError = regexp.MustCompile(`go:.*go.mod.*contents have changed`)
+
+// Run is a convenience wrapper around RunRaw.
+// It returns only stdout and a "friendly" error.
+func (runner *Runner) Run(ctx context.Context, inv Invocation) (*bytes.Buffer, error) {
+	stdout, _, friendly, _ := runner.RunRaw(ctx, inv)
+	return stdout, friendly
+}
+
+// RunPiped runs the invocation serially, always waiting for any concurrent
+// invocations to complete first.
+func (runner *Runner) RunPiped(ctx context.Context, inv Invocation, stdout, stderr io.Writer) error {
+	_, err := runner.runPiped(ctx, inv, stdout, stderr)
+	return err
+}
+
+// RunRaw runs the invocation, serializing requests only if they fight over
+// go.mod changes.
+func (runner *Runner) RunRaw(ctx context.Context, inv Invocation) (*bytes.Buffer, *bytes.Buffer, error, error) {
+	// Make sure the runner is always initialized.
+	runner.initialize()
+
+	// First, try to run the go command concurrently.
+	stdout, stderr, friendlyErr, err := runner.runConcurrent(ctx, inv)
+
+	// If we encounter a load concurrency error, we need to retry serially.
+	if friendlyErr == nil || !modConcurrencyError.MatchString(friendlyErr.Error()) {
+		return stdout, stderr, friendlyErr, err
+	}
+	event.Error(ctx, "Load concurrency error, will retry serially", err)
+
+	// Run serially by calling runPiped.
+	stdout.Reset()
+	stderr.Reset()
+	friendlyErr, err = runner.runPiped(ctx, inv, stdout, stderr)
+	return stdout, stderr, friendlyErr, err
+}
+
+func (runner *Runner) runConcurrent(ctx context.Context, inv Invocation) (*bytes.Buffer, *bytes.Buffer, error, error) {
+	// Wait for 1 worker to become available.
+	select {
+	case <-ctx.Done():
+		return nil, nil, nil, ctx.Err()
+	case runner.inFlight <- struct{}{}:
+		defer func() { <-runner.inFlight }()
+	}
+
+	stdout, stderr := &bytes.Buffer{}, &bytes.Buffer{}
+	friendlyErr, err := inv.runWithFriendlyError(ctx, stdout, stderr)
+	return stdout, stderr, friendlyErr, err
+}
+
+func (runner *Runner) runPiped(ctx context.Context, inv Invocation, stdout, stderr io.Writer) (error, error) {
+	// Make sure the runner is always initialized.
+	runner.initialize()
+
+	// Acquire the serialization lock. This avoids deadlocks between two
+	// runPiped commands.
+	select {
+	case <-ctx.Done():
+		return nil, ctx.Err()
+	case runner.serialized <- struct{}{}:
+		defer func() { <-runner.serialized }()
+	}
+
+	// Wait for all in-progress go commands to return before proceeding,
+	// to avoid load concurrency errors.
+	for i := 0; i < maxInFlight; i++ {
+		select {
+		case <-ctx.Done():
+			return nil, ctx.Err()
+		case runner.inFlight <- struct{}{}:
+			// Make sure we always "return" any workers we took.
+			defer func() { <-runner.inFlight }()
+		}
+	}
+
+	return inv.runWithFriendlyError(ctx, stdout, stderr)
+}
+
+// An Invocation represents a call to the go command.
+type Invocation struct {
+	Verb       string
+	Args       []string
+	BuildFlags []string
+	Env        []string
+	WorkingDir string
+	Logf       func(format string, args ...interface{})
+}
+
+func (i *Invocation) runWithFriendlyError(ctx context.Context, stdout, stderr io.Writer) (friendlyError error, rawError error) {
+	rawError = i.run(ctx, stdout, stderr)
+	if rawError != nil {
+		friendlyError = rawError
+		// Check for 'go' executable not being found.
+		if ee, ok := rawError.(*exec.Error); ok && ee.Err == exec.ErrNotFound {
+			friendlyError = fmt.Errorf("go command required, not found: %v", ee)
+		}
+		if ctx.Err() != nil {
+			friendlyError = ctx.Err()
+		}
+		friendlyError = fmt.Errorf("err: %v: stderr: %s", friendlyError, stderr)
+	}
+	return
+}
+
+func (i *Invocation) run(ctx context.Context, stdout, stderr io.Writer) error {
+	log := i.Logf
+	if log == nil {
+		log = func(string, ...interface{}) {}
+	}
+
+	goArgs := []string{i.Verb}
+	switch i.Verb {
+	case "mod":
+		// mod needs the sub-verb before build flags.
+		goArgs = append(goArgs, i.Args[0])
+		goArgs = append(goArgs, i.BuildFlags...)
+		goArgs = append(goArgs, i.Args[1:]...)
+	case "env":
+		// env doesn't take build flags.
+		goArgs = append(goArgs, i.Args...)
+	default:
+		goArgs = append(goArgs, i.BuildFlags...)
+		goArgs = append(goArgs, i.Args...)
+	}
+	cmd := exec.Command("go", goArgs...)
+	cmd.Stdout = stdout
+	cmd.Stderr = stderr
+	// On darwin the cwd gets resolved to the real path, which breaks anything that
+	// expects the working directory to keep the original path, including the
+	// go command when dealing with modules.
+	// The Go stdlib has a special feature where if the cwd and the PWD are the
+	// same node then it trusts the PWD, so by setting it in the env for the child
+	// process we fix up all the paths returned by the go command.
+	cmd.Env = append(os.Environ(), i.Env...)
+	if i.WorkingDir != "" {
+		cmd.Env = append(cmd.Env, "PWD="+i.WorkingDir)
+		cmd.Dir = i.WorkingDir
+	}
+	defer func(start time.Time) { log("%s for %v", time.Since(start), cmdDebugStr(cmd)) }(time.Now())
+
+	return runCmdContext(ctx, cmd)
+}
+
+// runCmdContext is like exec.CommandContext except it sends os.Interrupt
+// before os.Kill.
+func runCmdContext(ctx context.Context, cmd *exec.Cmd) error {
+	if err := cmd.Start(); err != nil {
+		return err
+	}
+	resChan := make(chan error, 1)
+	go func() {
+		resChan <- cmd.Wait()
+	}()
+
+	select {
+	case err := <-resChan:
+		return err
+	case <-ctx.Done():
+	}
+	// Cancelled. Interrupt and see if it ends voluntarily.
+	cmd.Process.Signal(os.Interrupt)
+	select {
+	case err := <-resChan:
+		return err
+	case <-time.After(time.Second):
+	}
+	// Didn't shut down in response to interrupt. Kill it hard.
+	cmd.Process.Kill()
+	return <-resChan
+}
+
+func cmdDebugStr(cmd *exec.Cmd) string {
+	env := make(map[string]string)
+	for _, kv := range cmd.Env {
+		split := strings.Split(kv, "=")
+		k, v := split[0], split[1]
+		env[k] = v
+	}
+
+	return fmt.Sprintf("GOROOT=%v GOPATH=%v GO111MODULE=%v GOPROXY=%v PWD=%v go %v", env["GOROOT"], env["GOPATH"], env["GO111MODULE"], env["GOPROXY"], env["PWD"], cmd.Args)
+}
diff --git a/vendor/golang.org/x/tools/internal/gocommand/vendor.go b/vendor/golang.org/x/tools/internal/gocommand/vendor.go
new file mode 100644
index 00000000..1cd8d847
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/gocommand/vendor.go
@@ -0,0 +1,102 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package gocommand
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strings"
+
+	"golang.org/x/mod/semver"
+)
+
+// ModuleJSON holds information about a module.
+type ModuleJSON struct {
+	Path      string      // module path
+	Replace   *ModuleJSON // replaced by this module
+	Main      bool        // is this the main module?
+	Indirect  bool        // is this module only an indirect dependency of main module?
+	Dir       string      // directory holding files for this module, if any
+	GoMod     string      // path to go.mod file for this module, if any
+	GoVersion string      // go version used in module
+}
+
+var modFlagRegexp = regexp.MustCompile(`-mod[ =](\w+)`)
+
+// VendorEnabled reports whether vendoring is enabled. It takes a *Runner to execute Go commands
+// with the supplied context.Context and Invocation. The Invocation can contain pre-defined fields,
+// of which only Verb and Args are modified to run the appropriate Go command.
+// Inspired by setDefaultBuildMod in modload/init.go
+func VendorEnabled(ctx context.Context, inv Invocation, r *Runner) (*ModuleJSON, bool, error) {
+	mainMod, go114, err := getMainModuleAnd114(ctx, inv, r)
+	if err != nil {
+		return nil, false, err
+	}
+
+	// We check the GOFLAGS to see if there is anything overridden or not.
+	inv.Verb = "env"
+	inv.Args = []string{"GOFLAGS"}
+	stdout, err := r.Run(ctx, inv)
+	if err != nil {
+		return nil, false, err
+	}
+	goflags := string(bytes.TrimSpace(stdout.Bytes()))
+	matches := modFlagRegexp.FindStringSubmatch(goflags)
+	var modFlag string
+	if len(matches) != 0 {
+		modFlag = matches[1]
+	}
+	if modFlag != "" {
+		// Don't override an explicit '-mod=' argument.
+		return mainMod, modFlag == "vendor", nil
+	}
+	if mainMod == nil || !go114 {
+		return mainMod, false, nil
+	}
+	// Check 1.14's automatic vendor mode.
+	if fi, err := os.Stat(filepath.Join(mainMod.Dir, "vendor")); err == nil && fi.IsDir() {
+		if mainMod.GoVersion != "" && semver.Compare("v"+mainMod.GoVersion, "v1.14") >= 0 {
+			// The Go version is at least 1.14, and a vendor directory exists.
+			// Set -mod=vendor by default.
+			return mainMod, true, nil
+		}
+	}
+	return mainMod, false, nil
+}
+
+// getMainModuleAnd114 gets the main module's information and whether the
+// go command in use is 1.14+. This is the information needed to figure out
+// if vendoring should be enabled.
+func getMainModuleAnd114(ctx context.Context, inv Invocation, r *Runner) (*ModuleJSON, bool, error) {
+	const format = `{{.Path}}
+{{.Dir}}
+{{.GoMod}}
+{{.GoVersion}}
+{{range context.ReleaseTags}}{{if eq . "go1.14"}}{{.}}{{end}}{{end}}
+`
+	inv.Verb = "list"
+	inv.Args = []string{"-m", "-f", format}
+	stdout, err := r.Run(ctx, inv)
+	if err != nil {
+		return nil, false, err
+	}
+
+	lines := strings.Split(stdout.String(), "\n")
+	if len(lines) < 5 {
+		return nil, false, fmt.Errorf("unexpected stdout: %q", stdout.String())
+	}
+	mod := &ModuleJSON{
+		Path:      lines[0],
+		Dir:       lines[1],
+		GoMod:     lines[2],
+		GoVersion: lines[3],
+		Main:      true,
+	}
+	return mod, lines[4] == "go1.14", nil
+}
diff --git a/vendor/golang.org/x/tools/internal/gopathwalk/walk.go b/vendor/golang.org/x/tools/internal/gopathwalk/walk.go
deleted file mode 100644
index d0675622..00000000
--- a/vendor/golang.org/x/tools/internal/gopathwalk/walk.go
+++ /dev/null
@@ -1,273 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package gopathwalk is like filepath.Walk but specialized for finding Go
-// packages, particularly in $GOPATH and $GOROOT.
-package gopathwalk
-
-import (
-	"bufio"
-	"bytes"
-	"fmt"
-	"go/build"
-	"io/ioutil"
-	"log"
-	"os"
-	"path/filepath"
-	"strings"
-	"time"
-
-	"golang.org/x/tools/internal/fastwalk"
-)
-
-// Options controls the behavior of a Walk call.
-type Options struct {
-	Debug          bool // Enable debug logging
-	ModulesEnabled bool // Search module caches. Also disables legacy goimports ignore rules.
-}
-
-// RootType indicates the type of a Root.
-type RootType int
-
-const (
-	RootUnknown RootType = iota
-	RootGOROOT
-	RootGOPATH
-	RootCurrentModule
-	RootModuleCache
-	RootOther
-)
-
-// A Root is a starting point for a Walk.
-type Root struct {
-	Path string
-	Type RootType
-}
-
-// SrcDirsRoots returns the roots from build.Default.SrcDirs(). Not modules-compatible.
-func SrcDirsRoots(ctx *build.Context) []Root {
-	var roots []Root
-	roots = append(roots, Root{filepath.Join(ctx.GOROOT, "src"), RootGOROOT})
-	for _, p := range filepath.SplitList(ctx.GOPATH) {
-		roots = append(roots, Root{filepath.Join(p, "src"), RootGOPATH})
-	}
-	return roots
-}
-
-// Walk walks Go source directories ($GOROOT, $GOPATH, etc) to find packages.
-// For each package found, add will be called (concurrently) with the absolute
-// paths of the containing source directory and the package directory.
-// add will be called concurrently.
-func Walk(roots []Root, add func(root Root, dir string), opts Options) {
-	WalkSkip(roots, add, func(Root, string) bool { return false }, opts)
-}
-
-// WalkSkip walks Go source directories ($GOROOT, $GOPATH, etc) to find packages.
-// For each package found, add will be called (concurrently) with the absolute
-// paths of the containing source directory and the package directory.
-// For each directory that will be scanned, skip will be called (concurrently)
-// with the absolute paths of the containing source directory and the directory.
-// If skip returns false on a directory it will be processed.
-// add will be called concurrently.
-// skip will be called concurrently.
-func WalkSkip(roots []Root, add func(root Root, dir string), skip func(root Root, dir string) bool, opts Options) {
-	for _, root := range roots {
-		walkDir(root, add, skip, opts)
-	}
-}
-
-// walkDir creates a walker and starts fastwalk with this walker.
-func walkDir(root Root, add func(Root, string), skip func(root Root, dir string) bool, opts Options) {
-	if _, err := os.Stat(root.Path); os.IsNotExist(err) {
-		if opts.Debug {
-			log.Printf("skipping nonexistent directory: %v", root.Path)
-		}
-		return
-	}
-	start := time.Now()
-	if opts.Debug {
-		log.Printf("gopathwalk: scanning %s", root.Path)
-	}
-	w := &walker{
-		root: root,
-		add:  add,
-		skip: skip,
-		opts: opts,
-	}
-	w.init()
-	if err := fastwalk.Walk(root.Path, w.walk); err != nil {
-		log.Printf("gopathwalk: scanning directory %v: %v", root.Path, err)
-	}
-
-	if opts.Debug {
-		log.Printf("gopathwalk: scanned %s in %v", root.Path, time.Since(start))
-	}
-}
-
-// walker is the callback for fastwalk.Walk.
-type walker struct {
-	root Root                    // The source directory to scan.
-	add  func(Root, string)      // The callback that will be invoked for every possible Go package dir.
-	skip func(Root, string) bool // The callback that will be invoked for every dir. dir is skipped if it returns true.
-	opts Options                 // Options passed to Walk by the user.
-
-	ignoredDirs []os.FileInfo // The ignored directories, loaded from .goimportsignore files.
-}
-
-// init initializes the walker based on its Options
-func (w *walker) init() {
-	var ignoredPaths []string
-	if w.root.Type == RootModuleCache {
-		ignoredPaths = []string{"cache"}
-	}
-	if !w.opts.ModulesEnabled && w.root.Type == RootGOPATH {
-		ignoredPaths = w.getIgnoredDirs(w.root.Path)
-		ignoredPaths = append(ignoredPaths, "v", "mod")
-	}
-
-	for _, p := range ignoredPaths {
-		full := filepath.Join(w.root.Path, p)
-		if fi, err := os.Stat(full); err == nil {
-			w.ignoredDirs = append(w.ignoredDirs, fi)
-			if w.opts.Debug {
-				log.Printf("Directory added to ignore list: %s", full)
-			}
-		} else if w.opts.Debug {
-			log.Printf("Error statting ignored directory: %v", err)
-		}
-	}
-}
-
-// getIgnoredDirs reads an optional config file at <path>/.goimportsignore
-// of relative directories to ignore when scanning for go files.
-// The provided path is one of the $GOPATH entries with "src" appended.
-func (w *walker) getIgnoredDirs(path string) []string {
-	file := filepath.Join(path, ".goimportsignore")
-	slurp, err := ioutil.ReadFile(file)
-	if w.opts.Debug {
-		if err != nil {
-			log.Print(err)
-		} else {
-			log.Printf("Read %s", file)
-		}
-	}
-	if err != nil {
-		return nil
-	}
-
-	var ignoredDirs []string
-	bs := bufio.NewScanner(bytes.NewReader(slurp))
-	for bs.Scan() {
-		line := strings.TrimSpace(bs.Text())
-		if line == "" || strings.HasPrefix(line, "#") {
-			continue
-		}
-		ignoredDirs = append(ignoredDirs, line)
-	}
-	return ignoredDirs
-}
-
-// shouldSkipDir reports whether the file should be skipped or not.
-func (w *walker) shouldSkipDir(fi os.FileInfo, dir string) bool {
-	for _, ignoredDir := range w.ignoredDirs {
-		if os.SameFile(fi, ignoredDir) {
-			return true
-		}
-	}
-	if w.skip != nil {
-		// Check with the user specified callback.
-		return w.skip(w.root, dir)
-	}
-	return false
-}
-
-// walk walks through the given path.
-func (w *walker) walk(path string, typ os.FileMode) error {
-	dir := filepath.Dir(path)
-	if typ.IsRegular() {
-		if dir == w.root.Path && (w.root.Type == RootGOROOT || w.root.Type == RootGOPATH) {
-			// Doesn't make sense to have regular files
-			// directly in your $GOPATH/src or $GOROOT/src.
-			return fastwalk.SkipFiles
-		}
-		if !strings.HasSuffix(path, ".go") {
-			return nil
-		}
-
-		w.add(w.root, dir)
-		return fastwalk.SkipFiles
-	}
-	if typ == os.ModeDir {
-		base := filepath.Base(path)
-		if base == "" || base[0] == '.' || base[0] == '_' ||
-			base == "testdata" ||
-			(w.root.Type == RootGOROOT && w.opts.ModulesEnabled && base == "vendor") ||
-			(!w.opts.ModulesEnabled && base == "node_modules") {
-			return filepath.SkipDir
-		}
-		fi, err := os.Lstat(path)
-		if err == nil && w.shouldSkipDir(fi, path) {
-			return filepath.SkipDir
-		}
-		return nil
-	}
-	if typ == os.ModeSymlink {
-		base := filepath.Base(path)
-		if strings.HasPrefix(base, ".#") {
-			// Emacs noise.
-			return nil
-		}
-		fi, err := os.Lstat(path)
-		if err != nil {
-			// Just ignore it.
-			return nil
-		}
-		if w.shouldTraverse(dir, fi) {
-			return fastwalk.TraverseLink
-		}
-	}
-	return nil
-}
-
-// shouldTraverse reports whether the symlink fi, found in dir,
-// should be followed.  It makes sure symlinks were never visited
-// before to avoid symlink loops.
-func (w *walker) shouldTraverse(dir string, fi os.FileInfo) bool {
-	path := filepath.Join(dir, fi.Name())
-	target, err := filepath.EvalSymlinks(path)
-	if err != nil {
-		return false
-	}
-	ts, err := os.Stat(target)
-	if err != nil {
-		fmt.Fprintln(os.Stderr, err)
-		return false
-	}
-	if !ts.IsDir() {
-		return false
-	}
-	if w.shouldSkipDir(ts, dir) {
-		return false
-	}
-	// Check for symlink loops by statting each directory component
-	// and seeing if any are the same file as ts.
-	for {
-		parent := filepath.Dir(path)
-		if parent == path {
-			// Made it to the root without seeing a cycle.
-			// Use this symlink.
-			return true
-		}
-		parentInfo, err := os.Stat(parent)
-		if err != nil {
-			return false
-		}
-		if os.SameFile(ts, parentInfo) {
-			// Cycle. Don't traverse.
-			return false
-		}
-		path = parent
-	}
-
-}
diff --git a/vendor/golang.org/x/tools/internal/lsp/fuzzy/input.go b/vendor/golang.org/x/tools/internal/lsp/fuzzy/input.go
new file mode 100644
index 00000000..ac377035
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/lsp/fuzzy/input.go
@@ -0,0 +1,168 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package fuzzy
+
+import (
+	"unicode"
+)
+
+// RuneRole specifies the role of a rune in the context of an input.
+type RuneRole byte
+
+const (
+	// RNone specifies a rune without any role in the input (i.e., whitespace/non-ASCII).
+	RNone RuneRole = iota
+	// RSep specifies a rune with the role of segment separator.
+	RSep
+	// RTail specifies a rune which is a lower-case tail in a word in the input.
+	RTail
+	// RUCTail specifies a rune which is an upper-case tail in a word in the input.
+	RUCTail
+	// RHead specifies a rune which is the first character in a word in the input.
+	RHead
+)
+
+// RuneRoles detects the roles of each byte rune in an input string and stores it in the output
+// slice. The rune role depends on the input type. Stops when it parsed all the runes in the string
+// or when it filled the output. If output is nil, then it gets created.
+func RuneRoles(str string, reuse []RuneRole) []RuneRole {
+	var output []RuneRole
+	if cap(reuse) < len(str) {
+		output = make([]RuneRole, 0, len(str))
+	} else {
+		output = reuse[:0]
+	}
+
+	prev, prev2 := rtNone, rtNone
+	for i := 0; i < len(str); i++ {
+		r := rune(str[i])
+
+		role := RNone
+
+		curr := rtLower
+		if str[i] <= unicode.MaxASCII {
+			curr = runeType(rt[str[i]] - '0')
+		}
+
+		if curr == rtLower {
+			if prev == rtNone || prev == rtPunct {
+				role = RHead
+			} else {
+				role = RTail
+			}
+		} else if curr == rtUpper {
+			role = RHead
+
+			if prev == rtUpper {
+				// This and previous characters are both upper case.
+
+				if i+1 == len(str) {
+					// This is last character, previous was also uppercase -> this is UCTail
+					// i.e., (current char is C): aBC / BC / ABC
+					role = RUCTail
+				}
+			}
+		} else if curr == rtPunct {
+			switch r {
+			case '.', ':':
+				role = RSep
+			}
+		}
+		if curr != rtLower {
+			if i > 1 && output[i-1] == RHead && prev2 == rtUpper && (output[i-2] == RHead || output[i-2] == RUCTail) {
+				// The previous two characters were uppercase. The current one is not a lower case, so the
+				// previous one can't be a HEAD. Make it a UCTail.
+				// i.e., (last char is current char - B must be a UCTail): ABC / ZABC / AB.
+				output[i-1] = RUCTail
+			}
+		}
+
+		output = append(output, role)
+		prev2 = prev
+		prev = curr
+	}
+	return output
+}
+
+type runeType byte
+
+const (
+	rtNone runeType = iota
+	rtPunct
+	rtLower
+	rtUpper
+)
+
+const rt = "00000000000000000000000000000000000000000000001122222222221000000333333333333333333333333330000002222222222222222222222222200000"
+
+// LastSegment returns the substring representing the last segment from the input, where each
+// byte has an associated RuneRole in the roles slice. This makes sense only for inputs of Symbol
+// or Filename type.
+func LastSegment(input string, roles []RuneRole) string {
+	// Exclude ending separators.
+	end := len(input) - 1
+	for end >= 0 && roles[end] == RSep {
+		end--
+	}
+	if end < 0 {
+		return ""
+	}
+
+	start := end - 1
+	for start >= 0 && roles[start] != RSep {
+		start--
+	}
+
+	return input[start+1 : end+1]
+}
+
+// ToLower transforms the input string to lower case, which is stored in the output byte slice.
+// The lower casing considers only ASCII values - non ASCII values are left unmodified.
+// Stops when parsed all input or when it filled the output slice. If output is nil, then it gets
+// created.
+func ToLower(input string, reuse []byte) []byte {
+	output := reuse
+	if cap(reuse) < len(input) {
+		output = make([]byte, len(input))
+	}
+
+	for i := 0; i < len(input); i++ {
+		r := rune(input[i])
+		if r <= unicode.MaxASCII {
+			if 'A' <= r && r <= 'Z' {
+				r += 'a' - 'A'
+			}
+		}
+		output[i] = byte(r)
+	}
+	return output[:len(input)]
+}
+
+// WordConsumer defines a consumer for a word delimited by the [start,end) byte offsets in an input
+// (start is inclusive, end is exclusive).
+type WordConsumer func(start, end int)
+
+// Words find word delimiters in an input based on its bytes' mappings to rune roles. The offset
+// delimiters for each word are fed to the provided consumer function.
+func Words(roles []RuneRole, consume WordConsumer) {
+	var wordStart int
+	for i, r := range roles {
+		switch r {
+		case RUCTail, RTail:
+		case RHead, RNone, RSep:
+			if i != wordStart {
+				consume(wordStart, i)
+			}
+			wordStart = i
+			if r != RHead {
+				// Skip this character.
+				wordStart = i + 1
+			}
+		}
+	}
+	if wordStart != len(roles) {
+		consume(wordStart, len(roles))
+	}
+}
diff --git a/vendor/golang.org/x/tools/internal/lsp/fuzzy/matcher.go b/vendor/golang.org/x/tools/internal/lsp/fuzzy/matcher.go
new file mode 100644
index 00000000..16a64309
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/lsp/fuzzy/matcher.go
@@ -0,0 +1,398 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package fuzzy implements a fuzzy matching algorithm.
+package fuzzy
+
+import (
+	"bytes"
+	"fmt"
+)
+
+const (
+	// MaxInputSize is the maximum size of the input scored against the fuzzy matcher. Longer inputs
+	// will be truncated to this size.
+	MaxInputSize = 127
+	// MaxPatternSize is the maximum size of the pattern used to construct the fuzzy matcher. Longer
+	// inputs are truncated to this size.
+	MaxPatternSize = 63
+)
+
+type scoreVal int
+
+func (s scoreVal) val() int {
+	return int(s) >> 1
+}
+
+func (s scoreVal) prevK() int {
+	return int(s) & 1
+}
+
+func score(val int, prevK int /*0 or 1*/) scoreVal {
+	return scoreVal(val<<1 + prevK)
+}
+
+// Matcher implements a fuzzy matching algorithm for scoring candidates against a pattern.
+// The matcher does not support parallel usage.
+type Matcher struct {
+	pattern       string
+	patternLower  []byte // lower-case version of the pattern
+	patternShort  []byte // first characters of the pattern
+	caseSensitive bool   // set if the pattern is mix-cased
+
+	patternRoles []RuneRole // the role of each character in the pattern
+	roles        []RuneRole // the role of each character in the tested string
+
+	scores [MaxInputSize + 1][MaxPatternSize + 1][2]scoreVal
+
+	scoreScale float32
+
+	lastCandidateLen     int // in bytes
+	lastCandidateMatched bool
+
+	// Here we save the last candidate in lower-case. This is basically a byte slice we reuse for
+	// performance reasons, so the slice is not reallocated for every candidate.
+	lowerBuf [MaxInputSize]byte
+	rolesBuf [MaxInputSize]RuneRole
+}
+
+func (m *Matcher) bestK(i, j int) int {
+	if m.scores[i][j][0].val() < m.scores[i][j][1].val() {
+		return 1
+	}
+	return 0
+}
+
+// NewMatcher returns a new fuzzy matcher for scoring candidates against the provided pattern.
+func NewMatcher(pattern string) *Matcher {
+	if len(pattern) > MaxPatternSize {
+		pattern = pattern[:MaxPatternSize]
+	}
+
+	m := &Matcher{
+		pattern:      pattern,
+		patternLower: ToLower(pattern, nil),
+	}
+
+	for i, c := range m.patternLower {
+		if pattern[i] != c {
+			m.caseSensitive = true
+			break
+		}
+	}
+
+	if len(pattern) > 3 {
+		m.patternShort = m.patternLower[:3]
+	} else {
+		m.patternShort = m.patternLower
+	}
+
+	m.patternRoles = RuneRoles(pattern, nil)
+
+	if len(pattern) > 0 {
+		maxCharScore := 4
+		m.scoreScale = 1 / float32(maxCharScore*len(pattern))
+	}
+
+	return m
+}
+
+// Score returns the score returned by matching the candidate to the pattern.
+// This is not designed for parallel use. Multiple candidates must be scored sequentially.
+// Returns a score between 0 and 1 (0 - no match, 1 - perfect match).
+func (m *Matcher) Score(candidate string) float32 {
+	if len(candidate) > MaxInputSize {
+		candidate = candidate[:MaxInputSize]
+	}
+	lower := ToLower(candidate, m.lowerBuf[:])
+	m.lastCandidateLen = len(candidate)
+
+	if len(m.pattern) == 0 {
+		// Empty patterns perfectly match candidates.
+		return 1
+	}
+
+	if m.match(candidate, lower) {
+		sc := m.computeScore(candidate, lower)
+		if sc > minScore/2 && !m.poorMatch() {
+			m.lastCandidateMatched = true
+			if len(m.pattern) == len(candidate) {
+				// Perfect match.
+				return 1
+			}
+
+			if sc < 0 {
+				sc = 0
+			}
+			normalizedScore := float32(sc) * m.scoreScale
+			if normalizedScore > 1 {
+				normalizedScore = 1
+			}
+
+			return normalizedScore
+		}
+	}
+
+	m.lastCandidateMatched = false
+	return 0
+}
+
+const minScore = -10000
+
+// MatchedRanges returns matches ranges for the last scored string as a flattened array of
+// [begin, end) byte offset pairs.
+func (m *Matcher) MatchedRanges() []int {
+	if len(m.pattern) == 0 || !m.lastCandidateMatched {
+		return nil
+	}
+	i, j := m.lastCandidateLen, len(m.pattern)
+	if m.scores[i][j][0].val() < minScore/2 && m.scores[i][j][1].val() < minScore/2 {
+		return nil
+	}
+
+	var ret []int
+	k := m.bestK(i, j)
+	for i > 0 {
+		take := (k == 1)
+		k = m.scores[i][j][k].prevK()
+		if take {
+			if len(ret) == 0 || ret[len(ret)-1] != i {
+				ret = append(ret, i)
+				ret = append(ret, i-1)
+			} else {
+				ret[len(ret)-1] = i - 1
+			}
+			j--
+		}
+		i--
+	}
+	// Reverse slice.
+	for i := 0; i < len(ret)/2; i++ {
+		ret[i], ret[len(ret)-1-i] = ret[len(ret)-1-i], ret[i]
+	}
+	return ret
+}
+
+func (m *Matcher) match(candidate string, candidateLower []byte) bool {
+	i, j := 0, 0
+	for ; i < len(candidateLower) && j < len(m.patternLower); i++ {
+		if candidateLower[i] == m.patternLower[j] {
+			j++
+		}
+	}
+	if j != len(m.patternLower) {
+		return false
+	}
+
+	// The input passes the simple test against pattern, so it is time to classify its characters.
+	// Character roles are used below to find the last segment.
+	m.roles = RuneRoles(candidate, m.rolesBuf[:])
+
+	return true
+}
+
+func (m *Matcher) computeScore(candidate string, candidateLower []byte) int {
+	pattLen, candLen := len(m.pattern), len(candidate)
+
+	for j := 0; j <= len(m.pattern); j++ {
+		m.scores[0][j][0] = minScore << 1
+		m.scores[0][j][1] = minScore << 1
+	}
+	m.scores[0][0][0] = score(0, 0) // Start with 0.
+
+	segmentsLeft, lastSegStart := 1, 0
+	for i := 0; i < candLen; i++ {
+		if m.roles[i] == RSep {
+			segmentsLeft++
+			lastSegStart = i + 1
+		}
+	}
+
+	// A per-character bonus for a consecutive match.
+	consecutiveBonus := 2
+	wordIdx := 0 // Word count within segment.
+	for i := 1; i <= candLen; i++ {
+
+		role := m.roles[i-1]
+		isHead := role == RHead
+
+		if isHead {
+			wordIdx++
+		} else if role == RSep && segmentsLeft > 1 {
+			wordIdx = 0
+			segmentsLeft--
+		}
+
+		var skipPenalty int
+		if i == 1 || (i-1) == lastSegStart {
+			// Skipping the start of first or last segment.
+			skipPenalty++
+		}
+
+		for j := 0; j <= pattLen; j++ {
+			// By default, we don't have a match. Fill in the skip data.
+			m.scores[i][j][1] = minScore << 1
+
+			// Compute the skip score.
+			k := 0
+			if m.scores[i-1][j][0].val() < m.scores[i-1][j][1].val() {
+				k = 1
+			}
+
+			skipScore := m.scores[i-1][j][k].val()
+			// Do not penalize missing characters after the last matched segment.
+			if j != pattLen {
+				skipScore -= skipPenalty
+			}
+			m.scores[i][j][0] = score(skipScore, k)
+
+			if j == 0 || candidateLower[i-1] != m.patternLower[j-1] {
+				// Not a match.
+				continue
+			}
+			pRole := m.patternRoles[j-1]
+
+			if role == RTail && pRole == RHead {
+				if j > 1 {
+					// Not a match: a head in the pattern matches a tail character in the candidate.
+					continue
+				}
+				// Special treatment for the first character of the pattern. We allow
+				// matches in the middle of a word if they are long enough, at least
+				// min(3, pattern.length) characters.
+				if !bytes.HasPrefix(candidateLower[i-1:], m.patternShort) {
+					continue
+				}
+			}
+
+			// Compute the char score.
+			var charScore int
+			// Bonus 1: the char is in the candidate's last segment.
+			if segmentsLeft <= 1 {
+				charScore++
+			}
+			// Bonus 2: Case match or a Head in the pattern aligns with one in the word.
+			// Single-case patterns lack segmentation signals and we assume any character
+			// can be a head of a segment.
+			if candidate[i-1] == m.pattern[j-1] || role == RHead && (!m.caseSensitive || pRole == RHead) {
+				charScore++
+			}
+
+			// Penalty 1: pattern char is Head, candidate char is Tail.
+			if role == RTail && pRole == RHead {
+				charScore--
+			}
+			// Penalty 2: first pattern character matched in the middle of a word.
+			if j == 1 && role == RTail {
+				charScore -= 4
+			}
+
+			// Third dimension encodes whether there is a gap between the previous match and the current
+			// one.
+			for k := 0; k < 2; k++ {
+				sc := m.scores[i-1][j-1][k].val() + charScore
+
+				isConsecutive := k == 1 || i-1 == 0 || i-1 == lastSegStart
+				if isConsecutive {
+					// Bonus 3: a consecutive match. First character match also gets a bonus to
+					// ensure prefix final match score normalizes to 1.0.
+					// Logically, this is a part of charScore, but we have to compute it here because it
+					// only applies for consecutive matches (k == 1).
+					sc += consecutiveBonus
+				}
+				if k == 0 {
+					// Penalty 3: Matching inside a segment (and previous char wasn't matched). Penalize for the lack
+					// of alignment.
+					if role == RTail || role == RUCTail {
+						sc -= 3
+					}
+				}
+
+				if sc > m.scores[i][j][1].val() {
+					m.scores[i][j][1] = score(sc, k)
+				}
+			}
+		}
+	}
+
+	result := m.scores[len(candidate)][len(m.pattern)][m.bestK(len(candidate), len(m.pattern))].val()
+
+	return result
+}
+
+// ScoreTable returns the score table computed for the provided candidate. Used only for debugging.
+func (m *Matcher) ScoreTable(candidate string) string {
+	var buf bytes.Buffer
+
+	var line1, line2, separator bytes.Buffer
+	line1.WriteString("\t")
+	line2.WriteString("\t")
+	for j := 0; j < len(m.pattern); j++ {
+		line1.WriteString(fmt.Sprintf("%c\t\t", m.pattern[j]))
+		separator.WriteString("----------------")
+	}
+
+	buf.WriteString(line1.String())
+	buf.WriteString("\n")
+	buf.WriteString(separator.String())
+	buf.WriteString("\n")
+
+	for i := 1; i <= len(candidate); i++ {
+		line1.Reset()
+		line2.Reset()
+
+		line1.WriteString(fmt.Sprintf("%c\t", candidate[i-1]))
+		line2.WriteString("\t")
+
+		for j := 1; j <= len(m.pattern); j++ {
+			line1.WriteString(fmt.Sprintf("M%6d(%c)\t", m.scores[i][j][0].val(), dir(m.scores[i][j][0].prevK())))
+			line2.WriteString(fmt.Sprintf("H%6d(%c)\t", m.scores[i][j][1].val(), dir(m.scores[i][j][1].prevK())))
+		}
+		buf.WriteString(line1.String())
+		buf.WriteString("\n")
+		buf.WriteString(line2.String())
+		buf.WriteString("\n")
+		buf.WriteString(separator.String())
+		buf.WriteString("\n")
+	}
+
+	return buf.String()
+}
+
+func dir(prevK int) rune {
+	if prevK == 0 {
+		return 'M'
+	}
+	return 'H'
+}
+
+func (m *Matcher) poorMatch() bool {
+	if len(m.pattern) < 2 {
+		return false
+	}
+
+	i, j := m.lastCandidateLen, len(m.pattern)
+	k := m.bestK(i, j)
+
+	var counter, len int
+	for i > 0 {
+		take := (k == 1)
+		k = m.scores[i][j][k].prevK()
+		if take {
+			len++
+			if k == 0 && len < 3 && m.roles[i-1] == RTail {
+				// Short match in the middle of a word
+				counter++
+				if counter > 1 {
+					return true
+				}
+			}
+			j--
+		} else {
+			len = 0
+		}
+		i--
+	}
+	return false
+}
diff --git a/vendor/golang.org/x/tools/internal/packagesinternal/packages.go b/vendor/golang.org/x/tools/internal/packagesinternal/packages.go
new file mode 100644
index 00000000..2c4527f2
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/packagesinternal/packages.go
@@ -0,0 +1,14 @@
+// Package packagesinternal exposes internal-only fields from go/packages.
+package packagesinternal
+
+import (
+	"golang.org/x/tools/internal/gocommand"
+)
+
+var GetForTest = func(p interface{}) string { return "" }
+
+var GetGoCmdRunner = func(config interface{}) *gocommand.Runner { return nil }
+
+var SetGoCmdRunner = func(config interface{}, runner *gocommand.Runner) {}
+
+var TypecheckCgo int
diff --git a/vendor/golang.org/x/tools/internal/typesinternal/types.go b/vendor/golang.org/x/tools/internal/typesinternal/types.go
new file mode 100644
index 00000000..a5bb408e
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/typesinternal/types.go
@@ -0,0 +1,28 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package typesinternal
+
+import (
+	"go/types"
+	"reflect"
+	"unsafe"
+)
+
+func SetUsesCgo(conf *types.Config) bool {
+	v := reflect.ValueOf(conf).Elem()
+
+	f := v.FieldByName("go115UsesCgo")
+	if !f.IsValid() {
+		f = v.FieldByName("UsesCgo")
+		if !f.IsValid() {
+			return false
+		}
+	}
+
+	addr := unsafe.Pointer(f.UnsafeAddr())
+	*(*bool)(addr) = true
+
+	return true
+}
diff --git a/vendor/google.golang.org/appengine/internal/api.go b/vendor/google.golang.org/appengine/internal/api.go
index a6ec19e1..721053c2 100644
--- a/vendor/google.golang.org/appengine/internal/api.go
+++ b/vendor/google.golang.org/appengine/internal/api.go
@@ -58,8 +58,11 @@ var (
 
 	apiHTTPClient = &http.Client{
 		Transport: &http.Transport{
-			Proxy: http.ProxyFromEnvironment,
-			Dial:  limitDial,
+			Proxy:               http.ProxyFromEnvironment,
+			Dial:                limitDial,
+			MaxIdleConns:        1000,
+			MaxIdleConnsPerHost: 10000,
+			IdleConnTimeout:     90 * time.Second,
 		},
 	}
 
diff --git a/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go b/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go
index 0b9907f8..063d724c 100644
--- a/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go
+++ b/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go
@@ -1,163 +1,206 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 // Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// 	protoc-gen-go v1.22.0
+// 	protoc        v3.11.2
 // source: google/rpc/status.proto
 
 package status
 
 import (
-	fmt "fmt"
-	math "math"
+	reflect "reflect"
+	sync "sync"
 
 	proto "github.com/golang/protobuf/proto"
 	any "github.com/golang/protobuf/ptypes/any"
+	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
 )
 
-// Reference imports to suppress errors if they are not otherwise used.
-var _ = proto.Marshal
-var _ = fmt.Errorf
-var _ = math.Inf
+const (
+	// Verify that this generated code is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+	// Verify that runtime/protoimpl is sufficiently up-to-date.
+	_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
 
-// This is a compile-time assertion to ensure that this generated file
-// is compatible with the proto package it is being compiled against.
-// A compilation error at this line likely means your copy of the
-// proto package needs to be updated.
-const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
+// This is a compile-time assertion that a sufficiently up-to-date version
+// of the legacy proto package is being used.
+const _ = proto.ProtoPackageIsVersion4
 
 // The `Status` type defines a logical error model that is suitable for
 // different programming environments, including REST APIs and RPC APIs. It is
-// used by [gRPC](https://github.com/grpc). The error model is designed to be:
+// used by [gRPC](https://github.com/grpc). Each `Status` message contains
+// three pieces of data: error code, error message, and error details.
 //
-// - Simple to use and understand for most users
-// - Flexible enough to meet unexpected needs
-//
-// # Overview
-//
-// The `Status` message contains three pieces of data: error code, error
-// message, and error details. The error code should be an enum value of
-// [google.rpc.Code][google.rpc.Code], but it may accept additional error codes
-// if needed.  The error message should be a developer-facing English message
-// that helps developers *understand* and *resolve* the error. If a localized
-// user-facing error message is needed, put the localized message in the error
-// details or localize it in the client. The optional error details may contain
-// arbitrary information about the error. There is a predefined set of error
-// detail types in the package `google.rpc` that can be used for common error
-// conditions.
-//
-// # Language mapping
-//
-// The `Status` message is the logical representation of the error model, but it
-// is not necessarily the actual wire format. When the `Status` message is
-// exposed in different client libraries and different wire protocols, it can be
-// mapped differently. For example, it will likely be mapped to some exceptions
-// in Java, but more likely mapped to some error codes in C.
-//
-// # Other uses
-//
-// The error model and the `Status` message can be used in a variety of
-// environments, either with or without APIs, to provide a
-// consistent developer experience across different environments.
-//
-// Example uses of this error model include:
-//
-// - Partial errors. If a service needs to return partial errors to the client,
-//     it may embed the `Status` in the normal response to indicate the partial
-//     errors.
-//
-// - Workflow errors. A typical workflow has multiple steps. Each step may
-//     have a `Status` message for error reporting.
-//
-// - Batch operations. If a client uses batch request and batch response, the
-//     `Status` message should be used directly inside batch response, one for
-//     each error sub-response.
-//
-// - Asynchronous operations. If an API call embeds asynchronous operation
-//     results in its response, the status of those operations should be
-//     represented directly using the `Status` message.
-//
-// - Logging. If some API errors are stored in logs, the message `Status` could
-//     be used directly after any stripping needed for security/privacy reasons.
+// You can find out more about this error model and how to work with it in the
+// [API Design Guide](https://cloud.google.com/apis/design/errors).
 type Status struct {
-	// The status code, which should be an enum value of
-	// [google.rpc.Code][google.rpc.Code].
+	state         protoimpl.MessageState
+	sizeCache     protoimpl.SizeCache
+	unknownFields protoimpl.UnknownFields
+
+	// The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
 	Code int32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
 	// A developer-facing error message, which should be in English. Any
 	// user-facing error message should be localized and sent in the
-	// [google.rpc.Status.details][google.rpc.Status.details] field, or localized
-	// by the client.
+	// [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
 	Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
 	// A list of messages that carry the error details.  There is a common set of
 	// message types for APIs to use.
-	Details              []*any.Any `protobuf:"bytes,3,rep,name=details,proto3" json:"details,omitempty"`
-	XXX_NoUnkeyedLiteral struct{}   `json:"-"`
-	XXX_unrecognized     []byte     `json:"-"`
-	XXX_sizecache        int32      `json:"-"`
+	Details []*any.Any `protobuf:"bytes,3,rep,name=details,proto3" json:"details,omitempty"`
 }
 
-func (m *Status) Reset()         { *m = Status{} }
-func (m *Status) String() string { return proto.CompactTextString(m) }
-func (*Status) ProtoMessage()    {}
+func (x *Status) Reset() {
+	*x = Status{}
+	if protoimpl.UnsafeEnabled {
+		mi := &file_google_rpc_status_proto_msgTypes[0]
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		ms.StoreMessageInfo(mi)
+	}
+}
+
+func (x *Status) String() string {
+	return protoimpl.X.MessageStringOf(x)
+}
+
+func (*Status) ProtoMessage() {}
+
+func (x *Status) ProtoReflect() protoreflect.Message {
+	mi := &file_google_rpc_status_proto_msgTypes[0]
+	if protoimpl.UnsafeEnabled && x != nil {
+		ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+		if ms.LoadMessageInfo() == nil {
+			ms.StoreMessageInfo(mi)
+		}
+		return ms
+	}
+	return mi.MessageOf(x)
+}
+
+// Deprecated: Use Status.ProtoReflect.Descriptor instead.
 func (*Status) Descriptor() ([]byte, []int) {
-	return fileDescriptor_24d244abaf643bfe, []int{0}
+	return file_google_rpc_status_proto_rawDescGZIP(), []int{0}
 }
 
-func (m *Status) XXX_Unmarshal(b []byte) error {
-	return xxx_messageInfo_Status.Unmarshal(m, b)
-}
-func (m *Status) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
-	return xxx_messageInfo_Status.Marshal(b, m, deterministic)
-}
-func (m *Status) XXX_Merge(src proto.Message) {
-	xxx_messageInfo_Status.Merge(m, src)
-}
-func (m *Status) XXX_Size() int {
-	return xxx_messageInfo_Status.Size(m)
-}
-func (m *Status) XXX_DiscardUnknown() {
-	xxx_messageInfo_Status.DiscardUnknown(m)
-}
-
-var xxx_messageInfo_Status proto.InternalMessageInfo
-
-func (m *Status) GetCode() int32 {
-	if m != nil {
-		return m.Code
+func (x *Status) GetCode() int32 {
+	if x != nil {
+		return x.Code
 	}
 	return 0
 }
 
-func (m *Status) GetMessage() string {
-	if m != nil {
-		return m.Message
+func (x *Status) GetMessage() string {
+	if x != nil {
+		return x.Message
 	}
 	return ""
 }
 
-func (m *Status) GetDetails() []*any.Any {
-	if m != nil {
-		return m.Details
+func (x *Status) GetDetails() []*any.Any {
+	if x != nil {
+		return x.Details
 	}
 	return nil
 }
 
-func init() {
-	proto.RegisterType((*Status)(nil), "google.rpc.Status")
+var File_google_rpc_status_proto protoreflect.FileDescriptor
+
+var file_google_rpc_status_proto_rawDesc = []byte{
+	0x0a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x73, 0x74, 0x61,
+	0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0a, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x72, 0x70, 0x63, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+	0x22, 0x66, 0x0a, 0x06, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f,
+	0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x18,
+	0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x2e, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61,
+	0x69, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
+	0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52,
+	0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x42, 0x61, 0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e,
+	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, 0x63, 0x42, 0x0b, 0x53, 0x74, 0x61, 0x74,
+	0x75, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x37, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
+	0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73,
+	0x2f, 0x72, 0x70, 0x63, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x3b, 0x73, 0x74, 0x61, 0x74,
+	0x75, 0x73, 0xf8, 0x01, 0x01, 0xa2, 0x02, 0x03, 0x52, 0x50, 0x43, 0x62, 0x06, 0x70, 0x72, 0x6f,
+	0x74, 0x6f, 0x33,
 }
 
-func init() { proto.RegisterFile("google/rpc/status.proto", fileDescriptor_24d244abaf643bfe) }
+var (
+	file_google_rpc_status_proto_rawDescOnce sync.Once
+	file_google_rpc_status_proto_rawDescData = file_google_rpc_status_proto_rawDesc
+)
 
-var fileDescriptor_24d244abaf643bfe = []byte{
-	// 209 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x4f, 0xcf, 0xcf, 0x4f,
-	0xcf, 0x49, 0xd5, 0x2f, 0x2a, 0x48, 0xd6, 0x2f, 0x2e, 0x49, 0x2c, 0x29, 0x2d, 0xd6, 0x2b, 0x28,
-	0xca, 0x2f, 0xc9, 0x17, 0xe2, 0x82, 0x48, 0xe8, 0x15, 0x15, 0x24, 0x4b, 0x49, 0x42, 0x15, 0x81,
-	0x65, 0x92, 0x4a, 0xd3, 0xf4, 0x13, 0xf3, 0x2a, 0x21, 0xca, 0x94, 0xd2, 0xb8, 0xd8, 0x82, 0xc1,
-	0xda, 0x84, 0x84, 0xb8, 0x58, 0x92, 0xf3, 0x53, 0x52, 0x25, 0x18, 0x15, 0x18, 0x35, 0x58, 0x83,
-	0xc0, 0x6c, 0x21, 0x09, 0x2e, 0xf6, 0xdc, 0xd4, 0xe2, 0xe2, 0xc4, 0xf4, 0x54, 0x09, 0x26, 0x05,
-	0x46, 0x0d, 0xce, 0x20, 0x18, 0x57, 0x48, 0x8f, 0x8b, 0x3d, 0x25, 0xb5, 0x24, 0x31, 0x33, 0xa7,
-	0x58, 0x82, 0x59, 0x81, 0x59, 0x83, 0xdb, 0x48, 0x44, 0x0f, 0x6a, 0x21, 0xcc, 0x12, 0x3d, 0xc7,
-	0xbc, 0xca, 0x20, 0x98, 0x22, 0xa7, 0x38, 0x2e, 0xbe, 0xe4, 0xfc, 0x5c, 0x3d, 0x84, 0xa3, 0x9c,
-	0xb8, 0x21, 0xf6, 0x06, 0x80, 0x94, 0x07, 0x30, 0x46, 0x99, 0x43, 0xa5, 0xd2, 0xf3, 0x73, 0x12,
-	0xf3, 0xd2, 0xf5, 0xf2, 0x8b, 0xd2, 0xf5, 0xd3, 0x53, 0xf3, 0xc0, 0x86, 0xe9, 0x43, 0xa4, 0x12,
-	0x0b, 0x32, 0x8b, 0x91, 0xfc, 0x69, 0x0d, 0xa1, 0x16, 0x31, 0x31, 0x07, 0x05, 0x38, 0x27, 0xb1,
-	0x81, 0x55, 0x1a, 0x03, 0x02, 0x00, 0x00, 0xff, 0xff, 0xa4, 0x53, 0xf0, 0x7c, 0x10, 0x01, 0x00,
-	0x00,
+func file_google_rpc_status_proto_rawDescGZIP() []byte {
+	file_google_rpc_status_proto_rawDescOnce.Do(func() {
+		file_google_rpc_status_proto_rawDescData = protoimpl.X.CompressGZIP(file_google_rpc_status_proto_rawDescData)
+	})
+	return file_google_rpc_status_proto_rawDescData
+}
+
+var file_google_rpc_status_proto_msgTypes = make([]protoimpl.MessageInfo, 1)
+var file_google_rpc_status_proto_goTypes = []interface{}{
+	(*Status)(nil),  // 0: google.rpc.Status
+	(*any.Any)(nil), // 1: google.protobuf.Any
+}
+var file_google_rpc_status_proto_depIdxs = []int32{
+	1, // 0: google.rpc.Status.details:type_name -> google.protobuf.Any
+	1, // [1:1] is the sub-list for method output_type
+	1, // [1:1] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
+}
+
+func init() { file_google_rpc_status_proto_init() }
+func file_google_rpc_status_proto_init() {
+	if File_google_rpc_status_proto != nil {
+		return
+	}
+	if !protoimpl.UnsafeEnabled {
+		file_google_rpc_status_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
+			switch v := v.(*Status); i {
+			case 0:
+				return &v.state
+			case 1:
+				return &v.sizeCache
+			case 2:
+				return &v.unknownFields
+			default:
+				return nil
+			}
+		}
+	}
+	type x struct{}
+	out := protoimpl.TypeBuilder{
+		File: protoimpl.DescBuilder{
+			GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+			RawDescriptor: file_google_rpc_status_proto_rawDesc,
+			NumEnums:      0,
+			NumMessages:   1,
+			NumExtensions: 0,
+			NumServices:   0,
+		},
+		GoTypes:           file_google_rpc_status_proto_goTypes,
+		DependencyIndexes: file_google_rpc_status_proto_depIdxs,
+		MessageInfos:      file_google_rpc_status_proto_msgTypes,
+	}.Build()
+	File_google_rpc_status_proto = out.File
+	file_google_rpc_status_proto_rawDesc = nil
+	file_google_rpc_status_proto_goTypes = nil
+	file_google_rpc_status_proto_depIdxs = nil
 }
diff --git a/vendor/google.golang.org/grpc/connectivity/connectivity.go b/vendor/google.golang.org/grpc/connectivity/connectivity.go
deleted file mode 100644
index 34ec36fb..00000000
--- a/vendor/google.golang.org/grpc/connectivity/connectivity.go
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- *
- * Copyright 2017 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-// Package connectivity defines connectivity semantics.
-// For details, see https://github.com/grpc/grpc/blob/master/doc/connectivity-semantics-and-api.md.
-// All APIs in this package are experimental.
-package connectivity
-
-import (
-	"context"
-
-	"google.golang.org/grpc/grpclog"
-)
-
-// State indicates the state of connectivity.
-// It can be the state of a ClientConn or SubConn.
-type State int
-
-func (s State) String() string {
-	switch s {
-	case Idle:
-		return "IDLE"
-	case Connecting:
-		return "CONNECTING"
-	case Ready:
-		return "READY"
-	case TransientFailure:
-		return "TRANSIENT_FAILURE"
-	case Shutdown:
-		return "SHUTDOWN"
-	default:
-		grpclog.Errorf("unknown connectivity state: %d", s)
-		return "Invalid-State"
-	}
-}
-
-const (
-	// Idle indicates the ClientConn is idle.
-	Idle State = iota
-	// Connecting indicates the ClientConn is connecting.
-	Connecting
-	// Ready indicates the ClientConn is ready for work.
-	Ready
-	// TransientFailure indicates the ClientConn has seen a failure but expects to recover.
-	TransientFailure
-	// Shutdown indicates the ClientConn has started shutting down.
-	Shutdown
-)
-
-// Reporter reports the connectivity states.
-type Reporter interface {
-	// CurrentState returns the current state of the reporter.
-	CurrentState() State
-	// WaitForStateChange blocks until the reporter's state is different from the given state,
-	// and returns true.
-	// It returns false if <-ctx.Done() can proceed (ctx got timeout or got canceled).
-	WaitForStateChange(context.Context, State) bool
-}
diff --git a/vendor/google.golang.org/grpc/grpclog/grpclog.go b/vendor/google.golang.org/grpc/grpclog/grpclog.go
deleted file mode 100644
index 874ea6d9..00000000
--- a/vendor/google.golang.org/grpc/grpclog/grpclog.go
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- *
- * Copyright 2017 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-// Package grpclog defines logging for grpc.
-//
-// All logs in transport and grpclb packages only go to verbose level 2.
-// All logs in other packages in grpc are logged in spite of the verbosity level.
-//
-// In the default logger,
-// severity level can be set by environment variable GRPC_GO_LOG_SEVERITY_LEVEL,
-// verbosity level can be set by GRPC_GO_LOG_VERBOSITY_LEVEL.
-package grpclog // import "google.golang.org/grpc/grpclog"
-
-import "os"
-
-var logger = newLoggerV2()
-
-// V reports whether verbosity level l is at least the requested verbose level.
-func V(l int) bool {
-	return logger.V(l)
-}
-
-// Info logs to the INFO log.
-func Info(args ...interface{}) {
-	logger.Info(args...)
-}
-
-// Infof logs to the INFO log. Arguments are handled in the manner of fmt.Printf.
-func Infof(format string, args ...interface{}) {
-	logger.Infof(format, args...)
-}
-
-// Infoln logs to the INFO log. Arguments are handled in the manner of fmt.Println.
-func Infoln(args ...interface{}) {
-	logger.Infoln(args...)
-}
-
-// Warning logs to the WARNING log.
-func Warning(args ...interface{}) {
-	logger.Warning(args...)
-}
-
-// Warningf logs to the WARNING log. Arguments are handled in the manner of fmt.Printf.
-func Warningf(format string, args ...interface{}) {
-	logger.Warningf(format, args...)
-}
-
-// Warningln logs to the WARNING log. Arguments are handled in the manner of fmt.Println.
-func Warningln(args ...interface{}) {
-	logger.Warningln(args...)
-}
-
-// Error logs to the ERROR log.
-func Error(args ...interface{}) {
-	logger.Error(args...)
-}
-
-// Errorf logs to the ERROR log. Arguments are handled in the manner of fmt.Printf.
-func Errorf(format string, args ...interface{}) {
-	logger.Errorf(format, args...)
-}
-
-// Errorln logs to the ERROR log. Arguments are handled in the manner of fmt.Println.
-func Errorln(args ...interface{}) {
-	logger.Errorln(args...)
-}
-
-// Fatal logs to the FATAL log. Arguments are handled in the manner of fmt.Print.
-// It calls os.Exit() with exit code 1.
-func Fatal(args ...interface{}) {
-	logger.Fatal(args...)
-	// Make sure fatal logs will exit.
-	os.Exit(1)
-}
-
-// Fatalf logs to the FATAL log. Arguments are handled in the manner of fmt.Printf.
-// It calls os.Exit() with exit code 1.
-func Fatalf(format string, args ...interface{}) {
-	logger.Fatalf(format, args...)
-	// Make sure fatal logs will exit.
-	os.Exit(1)
-}
-
-// Fatalln logs to the FATAL log. Arguments are handled in the manner of fmt.Println.
-// It calle os.Exit()) with exit code 1.
-func Fatalln(args ...interface{}) {
-	logger.Fatalln(args...)
-	// Make sure fatal logs will exit.
-	os.Exit(1)
-}
-
-// Print prints to the logger. Arguments are handled in the manner of fmt.Print.
-//
-// Deprecated: use Info.
-func Print(args ...interface{}) {
-	logger.Info(args...)
-}
-
-// Printf prints to the logger. Arguments are handled in the manner of fmt.Printf.
-//
-// Deprecated: use Infof.
-func Printf(format string, args ...interface{}) {
-	logger.Infof(format, args...)
-}
-
-// Println prints to the logger. Arguments are handled in the manner of fmt.Println.
-//
-// Deprecated: use Infoln.
-func Println(args ...interface{}) {
-	logger.Infoln(args...)
-}
diff --git a/vendor/google.golang.org/grpc/grpclog/logger.go b/vendor/google.golang.org/grpc/grpclog/logger.go
deleted file mode 100644
index 097494f7..00000000
--- a/vendor/google.golang.org/grpc/grpclog/logger.go
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- *
- * Copyright 2015 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package grpclog
-
-// Logger mimics golang's standard Logger as an interface.
-//
-// Deprecated: use LoggerV2.
-type Logger interface {
-	Fatal(args ...interface{})
-	Fatalf(format string, args ...interface{})
-	Fatalln(args ...interface{})
-	Print(args ...interface{})
-	Printf(format string, args ...interface{})
-	Println(args ...interface{})
-}
-
-// SetLogger sets the logger that is used in grpc. Call only from
-// init() functions.
-//
-// Deprecated: use SetLoggerV2.
-func SetLogger(l Logger) {
-	logger = &loggerWrapper{Logger: l}
-}
-
-// loggerWrapper wraps Logger into a LoggerV2.
-type loggerWrapper struct {
-	Logger
-}
-
-func (g *loggerWrapper) Info(args ...interface{}) {
-	g.Logger.Print(args...)
-}
-
-func (g *loggerWrapper) Infoln(args ...interface{}) {
-	g.Logger.Println(args...)
-}
-
-func (g *loggerWrapper) Infof(format string, args ...interface{}) {
-	g.Logger.Printf(format, args...)
-}
-
-func (g *loggerWrapper) Warning(args ...interface{}) {
-	g.Logger.Print(args...)
-}
-
-func (g *loggerWrapper) Warningln(args ...interface{}) {
-	g.Logger.Println(args...)
-}
-
-func (g *loggerWrapper) Warningf(format string, args ...interface{}) {
-	g.Logger.Printf(format, args...)
-}
-
-func (g *loggerWrapper) Error(args ...interface{}) {
-	g.Logger.Print(args...)
-}
-
-func (g *loggerWrapper) Errorln(args ...interface{}) {
-	g.Logger.Println(args...)
-}
-
-func (g *loggerWrapper) Errorf(format string, args ...interface{}) {
-	g.Logger.Printf(format, args...)
-}
-
-func (g *loggerWrapper) V(l int) bool {
-	// Returns true for all verbose level.
-	return true
-}
diff --git a/vendor/google.golang.org/grpc/grpclog/loggerv2.go b/vendor/google.golang.org/grpc/grpclog/loggerv2.go
deleted file mode 100644
index d4932577..00000000
--- a/vendor/google.golang.org/grpc/grpclog/loggerv2.go
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- *
- * Copyright 2017 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-package grpclog
-
-import (
-	"io"
-	"io/ioutil"
-	"log"
-	"os"
-	"strconv"
-)
-
-// LoggerV2 does underlying logging work for grpclog.
-type LoggerV2 interface {
-	// Info logs to INFO log. Arguments are handled in the manner of fmt.Print.
-	Info(args ...interface{})
-	// Infoln logs to INFO log. Arguments are handled in the manner of fmt.Println.
-	Infoln(args ...interface{})
-	// Infof logs to INFO log. Arguments are handled in the manner of fmt.Printf.
-	Infof(format string, args ...interface{})
-	// Warning logs to WARNING log. Arguments are handled in the manner of fmt.Print.
-	Warning(args ...interface{})
-	// Warningln logs to WARNING log. Arguments are handled in the manner of fmt.Println.
-	Warningln(args ...interface{})
-	// Warningf logs to WARNING log. Arguments are handled in the manner of fmt.Printf.
-	Warningf(format string, args ...interface{})
-	// Error logs to ERROR log. Arguments are handled in the manner of fmt.Print.
-	Error(args ...interface{})
-	// Errorln logs to ERROR log. Arguments are handled in the manner of fmt.Println.
-	Errorln(args ...interface{})
-	// Errorf logs to ERROR log. Arguments are handled in the manner of fmt.Printf.
-	Errorf(format string, args ...interface{})
-	// Fatal logs to ERROR log. Arguments are handled in the manner of fmt.Print.
-	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
-	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatal(args ...interface{})
-	// Fatalln logs to ERROR log. Arguments are handled in the manner of fmt.Println.
-	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
-	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatalln(args ...interface{})
-	// Fatalf logs to ERROR log. Arguments are handled in the manner of fmt.Printf.
-	// gRPC ensures that all Fatal logs will exit with os.Exit(1).
-	// Implementations may also call os.Exit() with a non-zero exit code.
-	Fatalf(format string, args ...interface{})
-	// V reports whether verbosity level l is at least the requested verbose level.
-	V(l int) bool
-}
-
-// SetLoggerV2 sets logger that is used in grpc to a V2 logger.
-// Not mutex-protected, should be called before any gRPC functions.
-func SetLoggerV2(l LoggerV2) {
-	logger = l
-}
-
-const (
-	// infoLog indicates Info severity.
-	infoLog int = iota
-	// warningLog indicates Warning severity.
-	warningLog
-	// errorLog indicates Error severity.
-	errorLog
-	// fatalLog indicates Fatal severity.
-	fatalLog
-)
-
-// severityName contains the string representation of each severity.
-var severityName = []string{
-	infoLog:    "INFO",
-	warningLog: "WARNING",
-	errorLog:   "ERROR",
-	fatalLog:   "FATAL",
-}
-
-// loggerT is the default logger used by grpclog.
-type loggerT struct {
-	m []*log.Logger
-	v int
-}
-
-// NewLoggerV2 creates a loggerV2 with the provided writers.
-// Fatal logs will be written to errorW, warningW, infoW, followed by exit(1).
-// Error logs will be written to errorW, warningW and infoW.
-// Warning logs will be written to warningW and infoW.
-// Info logs will be written to infoW.
-func NewLoggerV2(infoW, warningW, errorW io.Writer) LoggerV2 {
-	return NewLoggerV2WithVerbosity(infoW, warningW, errorW, 0)
-}
-
-// NewLoggerV2WithVerbosity creates a loggerV2 with the provided writers and
-// verbosity level.
-func NewLoggerV2WithVerbosity(infoW, warningW, errorW io.Writer, v int) LoggerV2 {
-	var m []*log.Logger
-	m = append(m, log.New(infoW, severityName[infoLog]+": ", log.LstdFlags))
-	m = append(m, log.New(io.MultiWriter(infoW, warningW), severityName[warningLog]+": ", log.LstdFlags))
-	ew := io.MultiWriter(infoW, warningW, errorW) // ew will be used for error and fatal.
-	m = append(m, log.New(ew, severityName[errorLog]+": ", log.LstdFlags))
-	m = append(m, log.New(ew, severityName[fatalLog]+": ", log.LstdFlags))
-	return &loggerT{m: m, v: v}
-}
-
-// newLoggerV2 creates a loggerV2 to be used as default logger.
-// All logs are written to stderr.
-func newLoggerV2() LoggerV2 {
-	errorW := ioutil.Discard
-	warningW := ioutil.Discard
-	infoW := ioutil.Discard
-
-	logLevel := os.Getenv("GRPC_GO_LOG_SEVERITY_LEVEL")
-	switch logLevel {
-	case "", "ERROR", "error": // If env is unset, set level to ERROR.
-		errorW = os.Stderr
-	case "WARNING", "warning":
-		warningW = os.Stderr
-	case "INFO", "info":
-		infoW = os.Stderr
-	}
-
-	var v int
-	vLevel := os.Getenv("GRPC_GO_LOG_VERBOSITY_LEVEL")
-	if vl, err := strconv.Atoi(vLevel); err == nil {
-		v = vl
-	}
-	return NewLoggerV2WithVerbosity(infoW, warningW, errorW, v)
-}
-
-func (g *loggerT) Info(args ...interface{}) {
-	g.m[infoLog].Print(args...)
-}
-
-func (g *loggerT) Infoln(args ...interface{}) {
-	g.m[infoLog].Println(args...)
-}
-
-func (g *loggerT) Infof(format string, args ...interface{}) {
-	g.m[infoLog].Printf(format, args...)
-}
-
-func (g *loggerT) Warning(args ...interface{}) {
-	g.m[warningLog].Print(args...)
-}
-
-func (g *loggerT) Warningln(args ...interface{}) {
-	g.m[warningLog].Println(args...)
-}
-
-func (g *loggerT) Warningf(format string, args ...interface{}) {
-	g.m[warningLog].Printf(format, args...)
-}
-
-func (g *loggerT) Error(args ...interface{}) {
-	g.m[errorLog].Print(args...)
-}
-
-func (g *loggerT) Errorln(args ...interface{}) {
-	g.m[errorLog].Println(args...)
-}
-
-func (g *loggerT) Errorf(format string, args ...interface{}) {
-	g.m[errorLog].Printf(format, args...)
-}
-
-func (g *loggerT) Fatal(args ...interface{}) {
-	g.m[fatalLog].Fatal(args...)
-	// No need to call os.Exit() again because log.Logger.Fatal() calls os.Exit().
-}
-
-func (g *loggerT) Fatalln(args ...interface{}) {
-	g.m[fatalLog].Fatalln(args...)
-	// No need to call os.Exit() again because log.Logger.Fatal() calls os.Exit().
-}
-
-func (g *loggerT) Fatalf(format string, args ...interface{}) {
-	g.m[fatalLog].Fatalf(format, args...)
-	// No need to call os.Exit() again because log.Logger.Fatal() calls os.Exit().
-}
-
-func (g *loggerT) V(l int) bool {
-	return l <= g.v
-}
diff --git a/vendor/google.golang.org/grpc/internal/internal.go b/vendor/google.golang.org/grpc/internal/internal.go
deleted file mode 100644
index 0912f0bf..00000000
--- a/vendor/google.golang.org/grpc/internal/internal.go
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Copyright 2016 gRPC authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-// Package internal contains gRPC-internal code, to avoid polluting
-// the godoc of the top-level grpc package.  It must not import any grpc
-// symbols to avoid circular dependencies.
-package internal
-
-import (
-	"context"
-	"time"
-
-	"google.golang.org/grpc/connectivity"
-)
-
-var (
-	// WithHealthCheckFunc is set by dialoptions.go
-	WithHealthCheckFunc interface{} // func (HealthChecker) DialOption
-	// HealthCheckFunc is used to provide client-side LB channel health checking
-	HealthCheckFunc HealthChecker
-	// BalancerUnregister is exported by package balancer to unregister a balancer.
-	BalancerUnregister func(name string)
-	// KeepaliveMinPingTime is the minimum ping interval.  This must be 10s by
-	// default, but tests may wish to set it lower for convenience.
-	KeepaliveMinPingTime = 10 * time.Second
-	// StatusRawProto is exported by status/status.go. This func returns a
-	// pointer to the wrapped Status proto for a given status.Status without a
-	// call to proto.Clone(). The returned Status proto should not be mutated by
-	// the caller.
-	StatusRawProto interface{} // func (*status.Status) *spb.Status
-	// NewRequestInfoContext creates a new context based on the argument context attaching
-	// the passed in RequestInfo to the new context.
-	NewRequestInfoContext interface{} // func(context.Context, credentials.RequestInfo) context.Context
-	// ParseServiceConfigForTesting is for creating a fake
-	// ClientConn for resolver testing only
-	ParseServiceConfigForTesting interface{} // func(string) *serviceconfig.ParseResult
-)
-
-// HealthChecker defines the signature of the client-side LB channel health checking function.
-//
-// The implementation is expected to create a health checking RPC stream by
-// calling newStream(), watch for the health status of serviceName, and report
-// it's health back by calling setConnectivityState().
-//
-// The health checking protocol is defined at:
-// https://github.com/grpc/grpc/blob/master/doc/health-checking.md
-type HealthChecker func(ctx context.Context, newStream func(string) (interface{}, error), setConnectivityState func(connectivity.State, error), serviceName string) error
-
-const (
-	// CredsBundleModeFallback switches GoogleDefaultCreds to fallback mode.
-	CredsBundleModeFallback = "fallback"
-	// CredsBundleModeBalancer switches GoogleDefaultCreds to grpclb balancer
-	// mode.
-	CredsBundleModeBalancer = "balancer"
-	// CredsBundleModeBackendFromBalancer switches GoogleDefaultCreds to mode
-	// that supports backend returned by grpclb balancer.
-	CredsBundleModeBackendFromBalancer = "backend-from-balancer"
-)
diff --git a/vendor/google.golang.org/grpc/internal/status/status.go b/vendor/google.golang.org/grpc/internal/status/status.go
new file mode 100644
index 00000000..68126069
--- /dev/null
+++ b/vendor/google.golang.org/grpc/internal/status/status.go
@@ -0,0 +1,161 @@
+/*
+ *
+ * Copyright 2020 gRPC authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+// Package status implements errors returned by gRPC.  These errors are
+// serialized and transmitted on the wire between server and client, and allow
+// for additional data to be transmitted via the Details field in the status
+// proto.  gRPC service handlers should return an error created by this
+// package, and gRPC clients should expect a corresponding error to be
+// returned from the RPC call.
+//
+// This package upholds the invariants that a non-nil error may not
+// contain an OK code, and an OK code must result in a nil error.
+package status
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/golang/protobuf/proto"
+	"github.com/golang/protobuf/ptypes"
+	spb "google.golang.org/genproto/googleapis/rpc/status"
+	"google.golang.org/grpc/codes"
+)
+
+// Status represents an RPC status code, message, and details.  It is immutable
+// and should be created with New, Newf, or FromProto.
+type Status struct {
+	s *spb.Status
+}
+
+// New returns a Status representing c and msg.
+func New(c codes.Code, msg string) *Status {
+	return &Status{s: &spb.Status{Code: int32(c), Message: msg}}
+}
+
+// Newf returns New(c, fmt.Sprintf(format, a...)).
+func Newf(c codes.Code, format string, a ...interface{}) *Status {
+	return New(c, fmt.Sprintf(format, a...))
+}
+
+// FromProto returns a Status representing s.
+func FromProto(s *spb.Status) *Status {
+	return &Status{s: proto.Clone(s).(*spb.Status)}
+}
+
+// Err returns an error representing c and msg.  If c is OK, returns nil.
+func Err(c codes.Code, msg string) error {
+	return New(c, msg).Err()
+}
+
+// Errorf returns Error(c, fmt.Sprintf(format, a...)).
+func Errorf(c codes.Code, format string, a ...interface{}) error {
+	return Err(c, fmt.Sprintf(format, a...))
+}
+
+// Code returns the status code contained in s.
+func (s *Status) Code() codes.Code {
+	if s == nil || s.s == nil {
+		return codes.OK
+	}
+	return codes.Code(s.s.Code)
+}
+
+// Message returns the message contained in s.
+func (s *Status) Message() string {
+	if s == nil || s.s == nil {
+		return ""
+	}
+	return s.s.Message
+}
+
+// Proto returns s's status as an spb.Status proto message.
+func (s *Status) Proto() *spb.Status {
+	if s == nil {
+		return nil
+	}
+	return proto.Clone(s.s).(*spb.Status)
+}
+
+// Err returns an immutable error representing s; returns nil if s.Code() is OK.
+func (s *Status) Err() error {
+	if s.Code() == codes.OK {
+		return nil
+	}
+	return (*Error)(s.Proto())
+}
+
+// WithDetails returns a new status with the provided details messages appended to the status.
+// If any errors are encountered, it returns nil and the first error encountered.
+func (s *Status) WithDetails(details ...proto.Message) (*Status, error) {
+	if s.Code() == codes.OK {
+		return nil, errors.New("no error details for status with code OK")
+	}
+	// s.Code() != OK implies that s.Proto() != nil.
+	p := s.Proto()
+	for _, detail := range details {
+		any, err := ptypes.MarshalAny(detail)
+		if err != nil {
+			return nil, err
+		}
+		p.Details = append(p.Details, any)
+	}
+	return &Status{s: p}, nil
+}
+
+// Details returns a slice of details messages attached to the status.
+// If a detail cannot be decoded, the error is returned in place of the detail.
+func (s *Status) Details() []interface{} {
+	if s == nil || s.s == nil {
+		return nil
+	}
+	details := make([]interface{}, 0, len(s.s.Details))
+	for _, any := range s.s.Details {
+		detail := &ptypes.DynamicAny{}
+		if err := ptypes.UnmarshalAny(any, detail); err != nil {
+			details = append(details, err)
+			continue
+		}
+		details = append(details, detail.Message)
+	}
+	return details
+}
+
+// Error is an alias of a status proto. It implements error and Status,
+// and a nil Error should never be returned by this package.
+type Error spb.Status
+
+func (se *Error) Error() string {
+	p := (*spb.Status)(se)
+	return fmt.Sprintf("rpc error: code = %s desc = %s", codes.Code(p.GetCode()), p.GetMessage())
+}
+
+// GRPCStatus returns the Status represented by se.
+func (se *Error) GRPCStatus() *Status {
+	return FromProto((*spb.Status)(se))
+}
+
+// Is implements future error.Is functionality.
+// A Error is equivalent if the code and message are identical.
+func (se *Error) Is(target error) bool {
+	tse, ok := target.(*Error)
+	if !ok {
+		return false
+	}
+	return proto.Equal((*spb.Status)(se), (*spb.Status)(tse))
+}
diff --git a/vendor/google.golang.org/grpc/status/status.go b/vendor/google.golang.org/grpc/status/status.go
index a1348e9b..01e182c3 100644
--- a/vendor/google.golang.org/grpc/status/status.go
+++ b/vendor/google.golang.org/grpc/status/status.go
@@ -29,88 +29,23 @@ package status
 
 import (
 	"context"
-	"errors"
 	"fmt"
 
-	"github.com/golang/protobuf/proto"
-	"github.com/golang/protobuf/ptypes"
 	spb "google.golang.org/genproto/googleapis/rpc/status"
+
 	"google.golang.org/grpc/codes"
-	"google.golang.org/grpc/internal"
+	"google.golang.org/grpc/internal/status"
 )
 
-func init() {
-	internal.StatusRawProto = statusRawProto
-}
-
-func statusRawProto(s *Status) *spb.Status { return s.s }
-
-// statusError is an alias of a status proto.  It implements error and Status,
-// and a nil statusError should never be returned by this package.
-type statusError spb.Status
-
-func (se *statusError) Error() string {
-	p := (*spb.Status)(se)
-	return fmt.Sprintf("rpc error: code = %s desc = %s", codes.Code(p.GetCode()), p.GetMessage())
-}
-
-func (se *statusError) GRPCStatus() *Status {
-	return &Status{s: (*spb.Status)(se)}
-}
-
-// Is implements future error.Is functionality.
-// A statusError is equivalent if the code and message are identical.
-func (se *statusError) Is(target error) bool {
-	tse, ok := target.(*statusError)
-	if !ok {
-		return false
-	}
-
-	return proto.Equal((*spb.Status)(se), (*spb.Status)(tse))
-}
-
-// Status represents an RPC status code, message, and details.  It is immutable
-// and should be created with New, Newf, or FromProto.
-type Status struct {
-	s *spb.Status
-}
-
-// Code returns the status code contained in s.
-func (s *Status) Code() codes.Code {
-	if s == nil || s.s == nil {
-		return codes.OK
-	}
-	return codes.Code(s.s.Code)
-}
-
-// Message returns the message contained in s.
-func (s *Status) Message() string {
-	if s == nil || s.s == nil {
-		return ""
-	}
-	return s.s.Message
-}
-
-// Proto returns s's status as an spb.Status proto message.
-func (s *Status) Proto() *spb.Status {
-	if s == nil {
-		return nil
-	}
-	return proto.Clone(s.s).(*spb.Status)
-}
-
-// Err returns an immutable error representing s; returns nil if s.Code() is
-// OK.
-func (s *Status) Err() error {
-	if s.Code() == codes.OK {
-		return nil
-	}
-	return (*statusError)(s.s)
-}
+// Status references google.golang.org/grpc/internal/status. It represents an
+// RPC status code, message, and details.  It is immutable and should be
+// created with New, Newf, or FromProto.
+// https://godoc.org/google.golang.org/grpc/internal/status
+type Status = status.Status
 
 // New returns a Status representing c and msg.
 func New(c codes.Code, msg string) *Status {
-	return &Status{s: &spb.Status{Code: int32(c), Message: msg}}
+	return status.New(c, msg)
 }
 
 // Newf returns New(c, fmt.Sprintf(format, a...)).
@@ -135,7 +70,7 @@ func ErrorProto(s *spb.Status) error {
 
 // FromProto returns a Status representing s.
 func FromProto(s *spb.Status) *Status {
-	return &Status{s: proto.Clone(s).(*spb.Status)}
+	return status.FromProto(s)
 }
 
 // FromError returns a Status representing err if it was produced from this
@@ -160,42 +95,6 @@ func Convert(err error) *Status {
 	return s
 }
 
-// WithDetails returns a new status with the provided details messages appended to the status.
-// If any errors are encountered, it returns nil and the first error encountered.
-func (s *Status) WithDetails(details ...proto.Message) (*Status, error) {
-	if s.Code() == codes.OK {
-		return nil, errors.New("no error details for status with code OK")
-	}
-	// s.Code() != OK implies that s.Proto() != nil.
-	p := s.Proto()
-	for _, detail := range details {
-		any, err := ptypes.MarshalAny(detail)
-		if err != nil {
-			return nil, err
-		}
-		p.Details = append(p.Details, any)
-	}
-	return &Status{s: p}, nil
-}
-
-// Details returns a slice of details messages attached to the status.
-// If a detail cannot be decoded, the error is returned in place of the detail.
-func (s *Status) Details() []interface{} {
-	if s == nil || s.s == nil {
-		return nil
-	}
-	details := make([]interface{}, 0, len(s.s.Details))
-	for _, any := range s.s.Details {
-		detail := &ptypes.DynamicAny{}
-		if err := ptypes.UnmarshalAny(any, detail); err != nil {
-			details = append(details, err)
-			continue
-		}
-		details = append(details, detail.Message)
-	}
-	return details
-}
-
 // Code returns the Code of the error if it is a Status error, codes.OK if err
 // is nil, or codes.Unknown otherwise.
 func Code(err error) codes.Code {
diff --git a/vendor/google.golang.org/protobuf/encoding/prototext/decode.go b/vendor/google.golang.org/protobuf/encoding/prototext/decode.go
index 77dbe1b5..c2f8f28f 100644
--- a/vendor/google.golang.org/protobuf/encoding/prototext/decode.go
+++ b/vendor/google.golang.org/protobuf/encoding/prototext/decode.go
@@ -54,6 +54,13 @@ type UnmarshalOptions struct {
 // Unmarshal reads the given []byte and populates the given proto.Message using options in
 // UnmarshalOptions object.
 func (o UnmarshalOptions) Unmarshal(b []byte, m proto.Message) error {
+	return o.unmarshal(b, m)
+}
+
+// unmarshal is a centralized function that all unmarshal operations go through.
+// For profiling purposes, avoid changing the name of this function or
+// introducing other code paths for unmarshal that do not go through this.
+func (o UnmarshalOptions) unmarshal(b []byte, m proto.Message) error {
 	proto.Reset(m)
 
 	if o.Resolver == nil {
diff --git a/vendor/google.golang.org/protobuf/encoding/prototext/encode.go b/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
index dece2297..41e5c773 100644
--- a/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
+++ b/vendor/google.golang.org/protobuf/encoding/prototext/encode.go
@@ -102,6 +102,13 @@ func (o MarshalOptions) Format(m proto.Message) string {
 // MarshalOptions object. Do not depend on the output being stable. It may
 // change over time across different versions of the program.
 func (o MarshalOptions) Marshal(m proto.Message) ([]byte, error) {
+	return o.marshal(m)
+}
+
+// marshal is a centralized function that all marshal operations go through.
+// For profiling purposes, avoid changing the name of this function or
+// introducing other code paths for marshal that do not go through this.
+func (o MarshalOptions) marshal(m proto.Message) ([]byte, error) {
 	var delims = [2]byte{'{', '}'}
 
 	if o.Multiline && o.Indent == "" {
diff --git a/vendor/google.golang.org/protobuf/internal/version/version.go b/vendor/google.golang.org/protobuf/internal/version/version.go
index 4088e59c..6b3001c6 100644
--- a/vendor/google.golang.org/protobuf/internal/version/version.go
+++ b/vendor/google.golang.org/protobuf/internal/version/version.go
@@ -52,7 +52,7 @@ import (
 //	10. Send out the CL for review and submit it.
 const (
 	Major      = 1
-	Minor      = 23
+	Minor      = 24
 	Patch      = 0
 	PreRelease = ""
 )
diff --git a/vendor/google.golang.org/protobuf/proto/decode.go b/vendor/google.golang.org/protobuf/proto/decode.go
index 12821476..4974b16d 100644
--- a/vendor/google.golang.org/protobuf/proto/decode.go
+++ b/vendor/google.golang.org/protobuf/proto/decode.go
@@ -63,12 +63,15 @@ func (o UnmarshalOptions) UnmarshalState(in protoiface.UnmarshalInput) (protoifa
 	return o.unmarshal(in.Buf, in.Message)
 }
 
+// unmarshal is a centralized function that all unmarshal operations go through.
+// For profiling purposes, avoid changing the name of this function or
+// introducing other code paths for unmarshal that do not go through this.
 func (o UnmarshalOptions) unmarshal(b []byte, m protoreflect.Message) (out protoiface.UnmarshalOutput, err error) {
 	if o.Resolver == nil {
 		o.Resolver = protoregistry.GlobalTypes
 	}
 	if !o.Merge {
-		Reset(m.Interface()) // TODO
+		Reset(m.Interface())
 	}
 	allowPartial := o.AllowPartial
 	o.Merge = true
@@ -105,7 +108,7 @@ func (o UnmarshalOptions) unmarshalMessage(b []byte, m protoreflect.Message) err
 func (o UnmarshalOptions) unmarshalMessageSlow(b []byte, m protoreflect.Message) error {
 	md := m.Descriptor()
 	if messageset.IsMessageSet(md) {
-		return unmarshalMessageSet(b, m, o)
+		return o.unmarshalMessageSet(b, m)
 	}
 	fields := md.Fields()
 	for len(b) > 0 {
diff --git a/vendor/google.golang.org/protobuf/proto/encode.go b/vendor/google.golang.org/protobuf/proto/encode.go
index 456bfda4..7b47a118 100644
--- a/vendor/google.golang.org/protobuf/proto/encode.go
+++ b/vendor/google.golang.org/protobuf/proto/encode.go
@@ -134,6 +134,9 @@ func (o MarshalOptions) MarshalState(in protoiface.MarshalInput) (protoiface.Mar
 	return o.marshal(in.Buf, in.Message)
 }
 
+// marshal is a centralized function that all marshal operations go through.
+// For profiling purposes, avoid changing the name of this function or
+// introducing other code paths for marshal that do not go through this.
 func (o MarshalOptions) marshal(b []byte, m protoreflect.Message) (out protoiface.MarshalOutput, err error) {
 	allowPartial := o.AllowPartial
 	o.AllowPartial = true
@@ -206,7 +209,7 @@ func growcap(oldcap, wantcap int) (newcap int) {
 
 func (o MarshalOptions) marshalMessageSlow(b []byte, m protoreflect.Message) ([]byte, error) {
 	if messageset.IsMessageSet(m.Descriptor()) {
-		return marshalMessageSet(b, m, o)
+		return o.marshalMessageSet(b, m)
 	}
 	// There are many choices for what order we visit fields in. The default one here
 	// is chosen for reasonable efficiency and simplicity given the protoreflect API.
diff --git a/vendor/google.golang.org/protobuf/proto/messageset.go b/vendor/google.golang.org/protobuf/proto/messageset.go
index b6b3de59..1d692c3a 100644
--- a/vendor/google.golang.org/protobuf/proto/messageset.go
+++ b/vendor/google.golang.org/protobuf/proto/messageset.go
@@ -13,24 +13,24 @@ import (
 	"google.golang.org/protobuf/reflect/protoregistry"
 )
 
-func sizeMessageSet(m protoreflect.Message) (size int) {
+func (o MarshalOptions) sizeMessageSet(m protoreflect.Message) (size int) {
 	m.Range(func(fd protoreflect.FieldDescriptor, v protoreflect.Value) bool {
 		size += messageset.SizeField(fd.Number())
 		size += protowire.SizeTag(messageset.FieldMessage)
-		size += protowire.SizeBytes(sizeMessage(v.Message()))
+		size += protowire.SizeBytes(o.size(v.Message()))
 		return true
 	})
 	size += messageset.SizeUnknown(m.GetUnknown())
 	return size
 }
 
-func marshalMessageSet(b []byte, m protoreflect.Message, o MarshalOptions) ([]byte, error) {
+func (o MarshalOptions) marshalMessageSet(b []byte, m protoreflect.Message) ([]byte, error) {
 	if !flags.ProtoLegacy {
 		return b, errors.New("no support for message_set_wire_format")
 	}
 	var err error
 	o.rangeFields(m, func(fd protoreflect.FieldDescriptor, v protoreflect.Value) bool {
-		b, err = marshalMessageSetField(b, fd, v, o)
+		b, err = o.marshalMessageSetField(b, fd, v)
 		return err == nil
 	})
 	if err != nil {
@@ -39,7 +39,7 @@ func marshalMessageSet(b []byte, m protoreflect.Message, o MarshalOptions) ([]by
 	return messageset.AppendUnknown(b, m.GetUnknown())
 }
 
-func marshalMessageSetField(b []byte, fd protoreflect.FieldDescriptor, value protoreflect.Value, o MarshalOptions) ([]byte, error) {
+func (o MarshalOptions) marshalMessageSetField(b []byte, fd protoreflect.FieldDescriptor, value protoreflect.Value) ([]byte, error) {
 	b = messageset.AppendFieldStart(b, fd.Number())
 	b = protowire.AppendTag(b, messageset.FieldMessage, protowire.BytesType)
 	b = protowire.AppendVarint(b, uint64(o.Size(value.Message().Interface())))
@@ -51,12 +51,12 @@ func marshalMessageSetField(b []byte, fd protoreflect.FieldDescriptor, value pro
 	return b, nil
 }
 
-func unmarshalMessageSet(b []byte, m protoreflect.Message, o UnmarshalOptions) error {
+func (o UnmarshalOptions) unmarshalMessageSet(b []byte, m protoreflect.Message) error {
 	if !flags.ProtoLegacy {
 		return errors.New("no support for message_set_wire_format")
 	}
 	return messageset.Unmarshal(b, false, func(num protowire.Number, v []byte) error {
-		err := unmarshalMessageSetField(m, num, v, o)
+		err := o.unmarshalMessageSetField(m, num, v)
 		if err == errUnknown {
 			unknown := m.GetUnknown()
 			unknown = protowire.AppendTag(unknown, num, protowire.BytesType)
@@ -68,7 +68,7 @@ func unmarshalMessageSet(b []byte, m protoreflect.Message, o UnmarshalOptions) e
 	})
 }
 
-func unmarshalMessageSetField(m protoreflect.Message, num protowire.Number, v []byte, o UnmarshalOptions) error {
+func (o UnmarshalOptions) unmarshalMessageSetField(m protoreflect.Message, num protowire.Number, v []byte) error {
 	md := m.Descriptor()
 	if !md.ExtensionRanges().Has(num) {
 		return errUnknown
diff --git a/vendor/google.golang.org/protobuf/proto/size.go b/vendor/google.golang.org/protobuf/proto/size.go
index 11ba8414..554b9c6c 100644
--- a/vendor/google.golang.org/protobuf/proto/size.go
+++ b/vendor/google.golang.org/protobuf/proto/size.go
@@ -23,10 +23,13 @@ func (o MarshalOptions) Size(m Message) int {
 		return 0
 	}
 
-	return sizeMessage(m.ProtoReflect())
+	return o.size(m.ProtoReflect())
 }
 
-func sizeMessage(m protoreflect.Message) (size int) {
+// size is a centralized function that all size operations go through.
+// For profiling purposes, avoid changing the name of this function or
+// introducing other code paths for size that do not go through this.
+func (o MarshalOptions) size(m protoreflect.Message) (size int) {
 	methods := protoMethods(m)
 	if methods != nil && methods.Size != nil {
 		out := methods.Size(protoiface.SizeInput{
@@ -42,52 +45,52 @@ func sizeMessage(m protoreflect.Message) (size int) {
 		})
 		return len(out.Buf)
 	}
-	return sizeMessageSlow(m)
+	return o.sizeMessageSlow(m)
 }
 
-func sizeMessageSlow(m protoreflect.Message) (size int) {
+func (o MarshalOptions) sizeMessageSlow(m protoreflect.Message) (size int) {
 	if messageset.IsMessageSet(m.Descriptor()) {
-		return sizeMessageSet(m)
+		return o.sizeMessageSet(m)
 	}
 	m.Range(func(fd protoreflect.FieldDescriptor, v protoreflect.Value) bool {
-		size += sizeField(fd, v)
+		size += o.sizeField(fd, v)
 		return true
 	})
 	size += len(m.GetUnknown())
 	return size
 }
 
-func sizeField(fd protoreflect.FieldDescriptor, value protoreflect.Value) (size int) {
+func (o MarshalOptions) sizeField(fd protoreflect.FieldDescriptor, value protoreflect.Value) (size int) {
 	num := fd.Number()
 	switch {
 	case fd.IsList():
-		return sizeList(num, fd, value.List())
+		return o.sizeList(num, fd, value.List())
 	case fd.IsMap():
-		return sizeMap(num, fd, value.Map())
+		return o.sizeMap(num, fd, value.Map())
 	default:
-		return protowire.SizeTag(num) + sizeSingular(num, fd.Kind(), value)
+		return protowire.SizeTag(num) + o.sizeSingular(num, fd.Kind(), value)
 	}
 }
 
-func sizeList(num protowire.Number, fd protoreflect.FieldDescriptor, list protoreflect.List) (size int) {
+func (o MarshalOptions) sizeList(num protowire.Number, fd protoreflect.FieldDescriptor, list protoreflect.List) (size int) {
 	if fd.IsPacked() && list.Len() > 0 {
 		content := 0
 		for i, llen := 0, list.Len(); i < llen; i++ {
-			content += sizeSingular(num, fd.Kind(), list.Get(i))
+			content += o.sizeSingular(num, fd.Kind(), list.Get(i))
 		}
 		return protowire.SizeTag(num) + protowire.SizeBytes(content)
 	}
 
 	for i, llen := 0, list.Len(); i < llen; i++ {
-		size += protowire.SizeTag(num) + sizeSingular(num, fd.Kind(), list.Get(i))
+		size += protowire.SizeTag(num) + o.sizeSingular(num, fd.Kind(), list.Get(i))
 	}
 	return size
 }
 
-func sizeMap(num protowire.Number, fd protoreflect.FieldDescriptor, mapv protoreflect.Map) (size int) {
+func (o MarshalOptions) sizeMap(num protowire.Number, fd protoreflect.FieldDescriptor, mapv protoreflect.Map) (size int) {
 	mapv.Range(func(key protoreflect.MapKey, value protoreflect.Value) bool {
 		size += protowire.SizeTag(num)
-		size += protowire.SizeBytes(sizeField(fd.MapKey(), key.Value()) + sizeField(fd.MapValue(), value))
+		size += protowire.SizeBytes(o.sizeField(fd.MapKey(), key.Value()) + o.sizeField(fd.MapValue(), value))
 		return true
 	})
 	return size
diff --git a/vendor/google.golang.org/protobuf/proto/size_gen.go b/vendor/google.golang.org/protobuf/proto/size_gen.go
index 1118460f..3cf61a82 100644
--- a/vendor/google.golang.org/protobuf/proto/size_gen.go
+++ b/vendor/google.golang.org/protobuf/proto/size_gen.go
@@ -11,7 +11,7 @@ import (
 	"google.golang.org/protobuf/reflect/protoreflect"
 )
 
-func sizeSingular(num protowire.Number, kind protoreflect.Kind, v protoreflect.Value) int {
+func (o MarshalOptions) sizeSingular(num protowire.Number, kind protoreflect.Kind, v protoreflect.Value) int {
 	switch kind {
 	case protoreflect.BoolKind:
 		return protowire.SizeVarint(protowire.EncodeBool(v.Bool()))
@@ -46,9 +46,9 @@ func sizeSingular(num protowire.Number, kind protoreflect.Kind, v protoreflect.V
 	case protoreflect.BytesKind:
 		return protowire.SizeBytes(len(v.Bytes()))
 	case protoreflect.MessageKind:
-		return protowire.SizeBytes(sizeMessage(v.Message()))
+		return protowire.SizeBytes(o.size(v.Message()))
 	case protoreflect.GroupKind:
-		return protowire.SizeGroup(num, sizeMessage(v.Message()))
+		return protowire.SizeGroup(num, o.size(v.Message()))
 	default:
 		return 0
 	}
diff --git a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go
index f334f71b..5a341472 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoreflect/value_union.go
@@ -85,6 +85,8 @@ func ValueOf(v interface{}) Value {
 		return ValueOfEnum(v)
 	case Message, List, Map:
 		return valueOfIface(v)
+	case ProtoMessage:
+		panic(fmt.Sprintf("invalid proto.Message(%T) type, expected a protoreflect.Message type", v))
 	default:
 		panic(fmt.Sprintf("invalid type: %T", v))
 	}
diff --git a/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go b/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go
index 43f16c61..5e5f9671 100644
--- a/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go
+++ b/vendor/google.golang.org/protobuf/reflect/protoregistry/registry.go
@@ -96,6 +96,38 @@ func (r *Files) RegisterFile(file protoreflect.FileDescriptor) error {
 	}
 	path := file.Path()
 	if prev := r.filesByPath[path]; prev != nil {
+		// TODO: Remove this after some soak-in period after moving these types.
+		var prevPath string
+		const prevModule = "google.golang.org/genproto"
+		const prevVersion = "cb27e3aa (May 26th, 2020)"
+		switch path {
+		case "google/protobuf/field_mask.proto":
+			prevPath = prevModule + "/protobuf/field_mask"
+		case "google/protobuf/api.proto":
+			prevPath = prevModule + "/protobuf/api"
+		case "google/protobuf/type.proto":
+			prevPath = prevModule + "/protobuf/ptype"
+		case "google/protobuf/source_context.proto":
+			prevPath = prevModule + "/protobuf/source_context"
+		}
+		if r == GlobalFiles && prevPath != "" {
+			pkgName := strings.TrimSuffix(strings.TrimPrefix(path, "google/protobuf/"), ".proto")
+			pkgName = strings.Replace(pkgName, "_", "", -1) + "pb"
+			currPath := "google.golang.org/protobuf/types/known/" + pkgName
+			panic(fmt.Sprintf(""+
+				"duplicate registration of %q\n"+
+				"\n"+
+				"The generated definition for this file has moved:\n"+
+				"\tfrom: %q\n"+
+				"\tto:   %q\n"+
+				"A dependency on the %q module must\n"+
+				"be at version %v or higher.\n"+
+				"\n"+
+				"Upgrade the dependency by running:\n"+
+				"\tgo get -u %v\n",
+				path, prevPath, currPath, prevModule, prevVersion, prevPath))
+		}
+
 		err := errors.New("file %q is already registered", file.Path())
 		err = amendErrorWithCaller(err, prev, file)
 		if r == GlobalFiles && ignoreConflict(file, err) {
diff --git a/vendor/honnef.co/go/tools/LICENSE-THIRD-PARTY b/vendor/honnef.co/go/tools/LICENSE-THIRD-PARTY
index 7c241b71..623d85e8 100644
--- a/vendor/honnef.co/go/tools/LICENSE-THIRD-PARTY
+++ b/vendor/honnef.co/go/tools/LICENSE-THIRD-PARTY
@@ -75,7 +75,7 @@ resulting binaries. These projects are:
     limitations under the License.
 
 
-* github.com/kisielk/gotool – https://github.com/kisielk/gotool
+* github.com/kisielk/gotool - https://github.com/kisielk/gotool
 
     Copyright (c) 2013 Kamil Kisiel <kamil@kamilkisiel.net>
 
@@ -224,3 +224,61 @@ resulting binaries. These projects are:
     (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
+* gogrep - https://github.com/mvdan/gogrep
+
+    Copyright (c) 2017, Daniel Martí. All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are
+    met:
+
+       * Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+       * Redistributions in binary form must reproduce the above
+    copyright notice, this list of conditions and the following disclaimer
+    in the documentation and/or other materials provided with the
+    distribution.
+       * Neither the name of the copyright holder nor the names of its
+    contributors may be used to endorse or promote products derived from
+    this software without specific prior written permission.
+
+    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+    A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+    OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+    SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+    LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+    THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+    OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+* gosmith - https://github.com/dvyukov/gosmith
+
+    Copyright (c) 2014 Dmitry Vyukov. All rights reserved.
+
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are
+    met:
+
+       * Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+       * Redistributions in binary form must reproduce the above
+    copyright notice, this list of conditions and the following disclaimer
+    in the documentation and/or other materials provided with the
+    distribution.
+       * The name of Dmitry Vyukov may be used to endorse or promote
+    products derived from this software without specific prior written permission.
+
+    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+    A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+    OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+    SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+    LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+    DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+    THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+    (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+    OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/honnef.co/go/tools/code/code.go b/vendor/honnef.co/go/tools/code/code.go
new file mode 100644
index 00000000..6f4df8b9
--- /dev/null
+++ b/vendor/honnef.co/go/tools/code/code.go
@@ -0,0 +1,481 @@
+// Package code answers structural and type questions about Go code.
+package code
+
+import (
+	"flag"
+	"fmt"
+	"go/ast"
+	"go/constant"
+	"go/token"
+	"go/types"
+	"strings"
+
+	"golang.org/x/tools/go/analysis"
+	"golang.org/x/tools/go/analysis/passes/inspect"
+	"golang.org/x/tools/go/ast/astutil"
+	"golang.org/x/tools/go/ast/inspector"
+	"honnef.co/go/tools/facts"
+	"honnef.co/go/tools/go/types/typeutil"
+	"honnef.co/go/tools/ir"
+	"honnef.co/go/tools/lint"
+)
+
+type Positioner interface {
+	Pos() token.Pos
+}
+
+func CallName(call *ir.CallCommon) string {
+	if call.IsInvoke() {
+		return ""
+	}
+	switch v := call.Value.(type) {
+	case *ir.Function:
+		fn, ok := v.Object().(*types.Func)
+		if !ok {
+			return ""
+		}
+		return lint.FuncName(fn)
+	case *ir.Builtin:
+		return v.Name()
+	}
+	return ""
+}
+
+func IsCallTo(call *ir.CallCommon, name string) bool { return CallName(call) == name }
+
+func IsCallToAny(call *ir.CallCommon, names ...string) bool {
+	q := CallName(call)
+	for _, name := range names {
+		if q == name {
+			return true
+		}
+	}
+	return false
+}
+
+func IsType(T types.Type, name string) bool { return types.TypeString(T, nil) == name }
+
+func FilterDebug(instr []ir.Instruction) []ir.Instruction {
+	var out []ir.Instruction
+	for _, ins := range instr {
+		if _, ok := ins.(*ir.DebugRef); !ok {
+			out = append(out, ins)
+		}
+	}
+	return out
+}
+
+func IsExample(fn *ir.Function) bool {
+	if !strings.HasPrefix(fn.Name(), "Example") {
+		return false
+	}
+	f := fn.Prog.Fset.File(fn.Pos())
+	if f == nil {
+		return false
+	}
+	return strings.HasSuffix(f.Name(), "_test.go")
+}
+
+func IsPointerLike(T types.Type) bool {
+	switch T := T.Underlying().(type) {
+	case *types.Interface, *types.Chan, *types.Map, *types.Signature, *types.Pointer:
+		return true
+	case *types.Basic:
+		return T.Kind() == types.UnsafePointer
+	}
+	return false
+}
+
+func IsIdent(expr ast.Expr, ident string) bool {
+	id, ok := expr.(*ast.Ident)
+	return ok && id.Name == ident
+}
+
+// isBlank returns whether id is the blank identifier "_".
+// If id == nil, the answer is false.
+func IsBlank(id ast.Expr) bool {
+	ident, _ := id.(*ast.Ident)
+	return ident != nil && ident.Name == "_"
+}
+
+func IsIntLiteral(expr ast.Expr, literal string) bool {
+	lit, ok := expr.(*ast.BasicLit)
+	return ok && lit.Kind == token.INT && lit.Value == literal
+}
+
+// Deprecated: use IsIntLiteral instead
+func IsZero(expr ast.Expr) bool {
+	return IsIntLiteral(expr, "0")
+}
+
+func IsOfType(pass *analysis.Pass, expr ast.Expr, name string) bool {
+	return IsType(pass.TypesInfo.TypeOf(expr), name)
+}
+
+func IsInTest(pass *analysis.Pass, node Positioner) bool {
+	// FIXME(dh): this doesn't work for global variables with
+	// initializers
+	f := pass.Fset.File(node.Pos())
+	return f != nil && strings.HasSuffix(f.Name(), "_test.go")
+}
+
+// IsMain reports whether the package being processed is a package
+// main.
+func IsMain(pass *analysis.Pass) bool {
+	return pass.Pkg.Name() == "main"
+}
+
+// IsMainLike reports whether the package being processed is a
+// main-like package. A main-like package is a package that is
+// package main, or that is intended to be used by a tool framework
+// such as cobra to implement a command.
+//
+// Note that this function errs on the side of false positives; it may
+// return true for packages that aren't main-like. IsMainLike is
+// intended for analyses that wish to suppress diagnostics for
+// main-like packages to avoid false positives.
+func IsMainLike(pass *analysis.Pass) bool {
+	if pass.Pkg.Name() == "main" {
+		return true
+	}
+	for _, imp := range pass.Pkg.Imports() {
+		if imp.Path() == "github.com/spf13/cobra" {
+			return true
+		}
+	}
+	return false
+}
+
+func SelectorName(pass *analysis.Pass, expr *ast.SelectorExpr) string {
+	info := pass.TypesInfo
+	sel := info.Selections[expr]
+	if sel == nil {
+		if x, ok := expr.X.(*ast.Ident); ok {
+			pkg, ok := info.ObjectOf(x).(*types.PkgName)
+			if !ok {
+				// This shouldn't happen
+				return fmt.Sprintf("%s.%s", x.Name, expr.Sel.Name)
+			}
+			return fmt.Sprintf("%s.%s", pkg.Imported().Path(), expr.Sel.Name)
+		}
+		panic(fmt.Sprintf("unsupported selector: %v", expr))
+	}
+	return fmt.Sprintf("(%s).%s", sel.Recv(), sel.Obj().Name())
+}
+
+func IsNil(pass *analysis.Pass, expr ast.Expr) bool {
+	return pass.TypesInfo.Types[expr].IsNil()
+}
+
+func BoolConst(pass *analysis.Pass, expr ast.Expr) bool {
+	val := pass.TypesInfo.ObjectOf(expr.(*ast.Ident)).(*types.Const).Val()
+	return constant.BoolVal(val)
+}
+
+func IsBoolConst(pass *analysis.Pass, expr ast.Expr) bool {
+	// We explicitly don't support typed bools because more often than
+	// not, custom bool types are used as binary enums and the
+	// explicit comparison is desired.
+
+	ident, ok := expr.(*ast.Ident)
+	if !ok {
+		return false
+	}
+	obj := pass.TypesInfo.ObjectOf(ident)
+	c, ok := obj.(*types.Const)
+	if !ok {
+		return false
+	}
+	basic, ok := c.Type().(*types.Basic)
+	if !ok {
+		return false
+	}
+	if basic.Kind() != types.UntypedBool && basic.Kind() != types.Bool {
+		return false
+	}
+	return true
+}
+
+func ExprToInt(pass *analysis.Pass, expr ast.Expr) (int64, bool) {
+	tv := pass.TypesInfo.Types[expr]
+	if tv.Value == nil {
+		return 0, false
+	}
+	if tv.Value.Kind() != constant.Int {
+		return 0, false
+	}
+	return constant.Int64Val(tv.Value)
+}
+
+func ExprToString(pass *analysis.Pass, expr ast.Expr) (string, bool) {
+	val := pass.TypesInfo.Types[expr].Value
+	if val == nil {
+		return "", false
+	}
+	if val.Kind() != constant.String {
+		return "", false
+	}
+	return constant.StringVal(val), true
+}
+
+// Dereference returns a pointer's element type; otherwise it returns
+// T.
+func Dereference(T types.Type) types.Type {
+	if p, ok := T.Underlying().(*types.Pointer); ok {
+		return p.Elem()
+	}
+	return T
+}
+
+// DereferenceR returns a pointer's element type; otherwise it returns
+// T. If the element type is itself a pointer, DereferenceR will be
+// applied recursively.
+func DereferenceR(T types.Type) types.Type {
+	if p, ok := T.Underlying().(*types.Pointer); ok {
+		return DereferenceR(p.Elem())
+	}
+	return T
+}
+
+func CallNameAST(pass *analysis.Pass, call *ast.CallExpr) string {
+	switch fun := astutil.Unparen(call.Fun).(type) {
+	case *ast.SelectorExpr:
+		fn, ok := pass.TypesInfo.ObjectOf(fun.Sel).(*types.Func)
+		if !ok {
+			return ""
+		}
+		return lint.FuncName(fn)
+	case *ast.Ident:
+		obj := pass.TypesInfo.ObjectOf(fun)
+		switch obj := obj.(type) {
+		case *types.Func:
+			return lint.FuncName(obj)
+		case *types.Builtin:
+			return obj.Name()
+		default:
+			return ""
+		}
+	default:
+		return ""
+	}
+}
+
+func IsCallToAST(pass *analysis.Pass, node ast.Node, name string) bool {
+	call, ok := node.(*ast.CallExpr)
+	if !ok {
+		return false
+	}
+	return CallNameAST(pass, call) == name
+}
+
+func IsCallToAnyAST(pass *analysis.Pass, node ast.Node, names ...string) bool {
+	call, ok := node.(*ast.CallExpr)
+	if !ok {
+		return false
+	}
+	q := CallNameAST(pass, call)
+	for _, name := range names {
+		if q == name {
+			return true
+		}
+	}
+	return false
+}
+
+func Preamble(f *ast.File) string {
+	cutoff := f.Package
+	if f.Doc != nil {
+		cutoff = f.Doc.Pos()
+	}
+	var out []string
+	for _, cmt := range f.Comments {
+		if cmt.Pos() >= cutoff {
+			break
+		}
+		out = append(out, cmt.Text())
+	}
+	return strings.Join(out, "\n")
+}
+
+func GroupSpecs(fset *token.FileSet, specs []ast.Spec) [][]ast.Spec {
+	if len(specs) == 0 {
+		return nil
+	}
+	groups := make([][]ast.Spec, 1)
+	groups[0] = append(groups[0], specs[0])
+
+	for _, spec := range specs[1:] {
+		g := groups[len(groups)-1]
+		if fset.PositionFor(spec.Pos(), false).Line-1 !=
+			fset.PositionFor(g[len(g)-1].End(), false).Line {
+
+			groups = append(groups, nil)
+		}
+
+		groups[len(groups)-1] = append(groups[len(groups)-1], spec)
+	}
+
+	return groups
+}
+
+func IsObject(obj types.Object, name string) bool {
+	var path string
+	if pkg := obj.Pkg(); pkg != nil {
+		path = pkg.Path() + "."
+	}
+	return path+obj.Name() == name
+}
+
+type Field struct {
+	Var  *types.Var
+	Tag  string
+	Path []int
+}
+
+// FlattenFields recursively flattens T and embedded structs,
+// returning a list of fields. If multiple fields with the same name
+// exist, all will be returned.
+func FlattenFields(T *types.Struct) []Field {
+	return flattenFields(T, nil, nil)
+}
+
+func flattenFields(T *types.Struct, path []int, seen map[types.Type]bool) []Field {
+	if seen == nil {
+		seen = map[types.Type]bool{}
+	}
+	if seen[T] {
+		return nil
+	}
+	seen[T] = true
+	var out []Field
+	for i := 0; i < T.NumFields(); i++ {
+		field := T.Field(i)
+		tag := T.Tag(i)
+		np := append(path[:len(path):len(path)], i)
+		if field.Anonymous() {
+			if s, ok := Dereference(field.Type()).Underlying().(*types.Struct); ok {
+				out = append(out, flattenFields(s, np, seen)...)
+			}
+		} else {
+			out = append(out, Field{field, tag, np})
+		}
+	}
+	return out
+}
+
+func File(pass *analysis.Pass, node Positioner) *ast.File {
+	m := pass.ResultOf[facts.TokenFile].(map[*token.File]*ast.File)
+	return m[pass.Fset.File(node.Pos())]
+}
+
+// IsGenerated reports whether pos is in a generated file, It ignores
+// //line directives.
+func IsGenerated(pass *analysis.Pass, pos token.Pos) bool {
+	_, ok := Generator(pass, pos)
+	return ok
+}
+
+// Generator returns the generator that generated the file containing
+// pos. It ignores //line directives.
+func Generator(pass *analysis.Pass, pos token.Pos) (facts.Generator, bool) {
+	file := pass.Fset.PositionFor(pos, false).Filename
+	m := pass.ResultOf[facts.Generated].(map[string]facts.Generator)
+	g, ok := m[file]
+	return g, ok
+}
+
+// MayHaveSideEffects reports whether expr may have side effects. If
+// the purity argument is nil, this function implements a purely
+// syntactic check, meaning that any function call may have side
+// effects, regardless of the called function's body. Otherwise,
+// purity will be consulted to determine the purity of function calls.
+func MayHaveSideEffects(pass *analysis.Pass, expr ast.Expr, purity facts.PurityResult) bool {
+	switch expr := expr.(type) {
+	case *ast.BadExpr:
+		return true
+	case *ast.Ellipsis:
+		return MayHaveSideEffects(pass, expr.Elt, purity)
+	case *ast.FuncLit:
+		// the literal itself cannot have side ffects, only calling it
+		// might, which is handled by CallExpr.
+		return false
+	case *ast.ArrayType, *ast.StructType, *ast.FuncType, *ast.InterfaceType, *ast.MapType, *ast.ChanType:
+		// types cannot have side effects
+		return false
+	case *ast.BasicLit:
+		return false
+	case *ast.BinaryExpr:
+		return MayHaveSideEffects(pass, expr.X, purity) || MayHaveSideEffects(pass, expr.Y, purity)
+	case *ast.CallExpr:
+		if purity == nil {
+			return true
+		}
+		switch obj := typeutil.Callee(pass.TypesInfo, expr).(type) {
+		case *types.Func:
+			if _, ok := purity[obj]; !ok {
+				return true
+			}
+		case *types.Builtin:
+			switch obj.Name() {
+			case "len", "cap":
+			default:
+				return true
+			}
+		default:
+			return true
+		}
+		for _, arg := range expr.Args {
+			if MayHaveSideEffects(pass, arg, purity) {
+				return true
+			}
+		}
+		return false
+	case *ast.CompositeLit:
+		if MayHaveSideEffects(pass, expr.Type, purity) {
+			return true
+		}
+		for _, elt := range expr.Elts {
+			if MayHaveSideEffects(pass, elt, purity) {
+				return true
+			}
+		}
+		return false
+	case *ast.Ident:
+		return false
+	case *ast.IndexExpr:
+		return MayHaveSideEffects(pass, expr.X, purity) || MayHaveSideEffects(pass, expr.Index, purity)
+	case *ast.KeyValueExpr:
+		return MayHaveSideEffects(pass, expr.Key, purity) || MayHaveSideEffects(pass, expr.Value, purity)
+	case *ast.SelectorExpr:
+		return MayHaveSideEffects(pass, expr.X, purity)
+	case *ast.SliceExpr:
+		return MayHaveSideEffects(pass, expr.X, purity) ||
+			MayHaveSideEffects(pass, expr.Low, purity) ||
+			MayHaveSideEffects(pass, expr.High, purity) ||
+			MayHaveSideEffects(pass, expr.Max, purity)
+	case *ast.StarExpr:
+		return MayHaveSideEffects(pass, expr.X, purity)
+	case *ast.TypeAssertExpr:
+		return MayHaveSideEffects(pass, expr.X, purity)
+	case *ast.UnaryExpr:
+		if MayHaveSideEffects(pass, expr.X, purity) {
+			return true
+		}
+		return expr.Op == token.ARROW
+	case *ast.ParenExpr:
+		return MayHaveSideEffects(pass, expr.X, purity)
+	case nil:
+		return false
+	default:
+		panic(fmt.Sprintf("internal error: unhandled type %T", expr))
+	}
+}
+
+func IsGoVersion(pass *analysis.Pass, minor int) bool {
+	version := pass.Analyzer.Flags.Lookup("go").Value.(flag.Getter).Get().(int)
+	return version >= minor
+}
+
+func Preorder(pass *analysis.Pass, fn func(ast.Node), types ...ast.Node) {
+	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder(types, fn)
+}
diff --git a/vendor/honnef.co/go/tools/config/config.go b/vendor/honnef.co/go/tools/config/config.go
index c22093a6..55115371 100644
--- a/vendor/honnef.co/go/tools/config/config.go
+++ b/vendor/honnef.co/go/tools/config/config.go
@@ -3,6 +3,8 @@ package config
 import (
 	"bytes"
 	"fmt"
+	"go/ast"
+	"go/token"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -12,38 +14,57 @@ import (
 	"golang.org/x/tools/go/analysis"
 )
 
+// Dir looks at a list of absolute file names, which should make up a
+// single package, and returns the path of the directory that may
+// contain a staticcheck.conf file. It returns the empty string if no
+// such directory could be determined, for example because all files
+// were located in Go's build cache.
+func Dir(files []string) string {
+	if len(files) == 0 {
+		return ""
+	}
+	cache, err := os.UserCacheDir()
+	if err != nil {
+		cache = ""
+	}
+	var path string
+	for _, p := range files {
+		// FIXME(dh): using strings.HasPrefix isn't technically
+		// correct, but it should be good enough for now.
+		if cache != "" && strings.HasPrefix(p, cache) {
+			// File in the build cache of the standard Go build system
+			continue
+		}
+		path = p
+		break
+	}
+
+	if path == "" {
+		// The package only consists of generated files.
+		return ""
+	}
+
+	dir := filepath.Dir(path)
+	return dir
+}
+
+func dirAST(files []*ast.File, fset *token.FileSet) string {
+	names := make([]string, len(files))
+	for i, f := range files {
+		names[i] = fset.PositionFor(f.Pos(), true).Filename
+	}
+	return Dir(names)
+}
+
 var Analyzer = &analysis.Analyzer{
 	Name: "config",
 	Doc:  "loads configuration for the current package tree",
 	Run: func(pass *analysis.Pass) (interface{}, error) {
-		if len(pass.Files) == 0 {
+		dir := dirAST(pass.Files, pass.Fset)
+		if dir == "" {
 			cfg := DefaultConfig
 			return &cfg, nil
 		}
-		cache, err := os.UserCacheDir()
-		if err != nil {
-			cache = ""
-		}
-		var path string
-		for _, f := range pass.Files {
-			p := pass.Fset.PositionFor(f.Pos(), true).Filename
-			// FIXME(dh): using strings.HasPrefix isn't technically
-			// correct, but it should be good enough for now.
-			if cache != "" && strings.HasPrefix(p, cache) {
-				// File in the build cache of the standard Go build system
-				continue
-			}
-			path = p
-			break
-		}
-
-		if path == "" {
-			// The package only consists of generated files.
-			cfg := DefaultConfig
-			return &cfg, nil
-		}
-
-		dir := filepath.Dir(path)
 		cfg, err := Load(dir)
 		if err != nil {
 			return nil, fmt.Errorf("error loading staticcheck.conf: %s", err)
@@ -136,7 +157,7 @@ func (c Config) String() string {
 }
 
 var DefaultConfig = Config{
-	Checks: []string{"all", "-ST1000", "-ST1003", "-ST1016"},
+	Checks: []string{"all", "-ST1000", "-ST1003", "-ST1016", "-ST1020", "-ST1021", "-ST1022"},
 	Initialisms: []string{
 		"ACL", "API", "ASCII", "CPU", "CSS", "DNS",
 		"EOF", "GUID", "HTML", "HTTP", "HTTPS", "ID",
@@ -144,20 +165,20 @@ var DefaultConfig = Config{
 		"SMTP", "SQL", "SSH", "TCP", "TLS", "TTL",
 		"UDP", "UI", "GID", "UID", "UUID", "URI",
 		"URL", "UTF8", "VM", "XML", "XMPP", "XSRF",
-		"XSS", "SIP", "RTP",
+		"XSS", "SIP", "RTP", "AMQP", "DB", "TS",
 	},
 	DotImportWhitelist:      []string{},
 	HTTPStatusCodeWhitelist: []string{"200", "400", "404", "500"},
 }
 
-const configName = "staticcheck.conf"
+const ConfigName = "staticcheck.conf"
 
 func parseConfigs(dir string) ([]Config, error) {
 	var out []Config
 
 	// TODO(dh): consider stopping at the GOPATH/module boundary
 	for dir != "" {
-		f, err := os.Open(filepath.Join(dir, configName))
+		f, err := os.Open(filepath.Join(dir, ConfigName))
 		if os.IsNotExist(err) {
 			ndir := filepath.Dir(dir)
 			if ndir == dir {
diff --git a/vendor/honnef.co/go/tools/deprecated/stdlib.go b/vendor/honnef.co/go/tools/deprecated/stdlib.go
index 5d8ce186..cabb8500 100644
--- a/vendor/honnef.co/go/tools/deprecated/stdlib.go
+++ b/vendor/honnef.co/go/tools/deprecated/stdlib.go
@@ -6,7 +6,6 @@ type Deprecation struct {
 }
 
 var Stdlib = map[string]Deprecation{
-	"image/jpeg.Reader": {4, 0},
 	// FIXME(dh): AllowBinary isn't being detected as deprecated
 	// because the comment has a newline right after "Deprecated:"
 	"go/build.AllowBinary":                        {7, 7},
@@ -73,40 +72,48 @@ var Stdlib = map[string]Deprecation{
 	// This function has no alternative, but also no purpose.
 	"(*crypto/rc4.Cipher).Reset":                     {12, 0},
 	"(net/http/httptest.ResponseRecorder).HeaderMap": {11, 7},
+	"image.ZP":                                    {13, 0},
+	"image.ZR":                                    {13, 0},
+	"(*debug/gosym.LineTable).LineToPC":           {2, 2},
+	"(*debug/gosym.LineTable).PCToLine":           {2, 2},
+	"crypto/tls.VersionSSL30":                     {13, 0},
+	"(crypto/tls.Config).NameToCertificate":       {14, 14},
+	"(*crypto/tls.Config).BuildNameToCertificate": {14, 14},
+	"image/jpeg.Reader":                           {4, 0},
 
 	// All of these have been deprecated in favour of external libraries
-	"syscall.AttachLsf":             {7, 0},
-	"syscall.DetachLsf":             {7, 0},
-	"syscall.LsfSocket":             {7, 0},
-	"syscall.SetLsfPromisc":         {7, 0},
-	"syscall.LsfJump":               {7, 0},
-	"syscall.LsfStmt":               {7, 0},
-	"syscall.BpfStmt":               {7, 0},
-	"syscall.BpfJump":               {7, 0},
-	"syscall.BpfBuflen":             {7, 0},
-	"syscall.SetBpfBuflen":          {7, 0},
-	"syscall.BpfDatalink":           {7, 0},
-	"syscall.SetBpfDatalink":        {7, 0},
-	"syscall.SetBpfPromisc":         {7, 0},
-	"syscall.FlushBpf":              {7, 0},
-	"syscall.BpfInterface":          {7, 0},
-	"syscall.SetBpfInterface":       {7, 0},
-	"syscall.BpfTimeout":            {7, 0},
-	"syscall.SetBpfTimeout":         {7, 0},
-	"syscall.BpfStats":              {7, 0},
-	"syscall.SetBpfImmediate":       {7, 0},
-	"syscall.SetBpf":                {7, 0},
-	"syscall.CheckBpfVersion":       {7, 0},
-	"syscall.BpfHeadercmpl":         {7, 0},
-	"syscall.SetBpfHeadercmpl":      {7, 0},
-	"syscall.RouteRIB":              {8, 0},
-	"syscall.RoutingMessage":        {8, 0},
-	"syscall.RouteMessage":          {8, 0},
-	"syscall.InterfaceMessage":      {8, 0},
-	"syscall.InterfaceAddrMessage":  {8, 0},
-	"syscall.ParseRoutingMessage":   {8, 0},
-	"syscall.ParseRoutingSockaddr":  {8, 0},
-	"InterfaceAnnounceMessage":      {7, 0},
-	"InterfaceMulticastAddrMessage": {7, 0},
-	"syscall.FormatMessage":         {5, 0},
+	"syscall.AttachLsf":                     {7, 0},
+	"syscall.DetachLsf":                     {7, 0},
+	"syscall.LsfSocket":                     {7, 0},
+	"syscall.SetLsfPromisc":                 {7, 0},
+	"syscall.LsfJump":                       {7, 0},
+	"syscall.LsfStmt":                       {7, 0},
+	"syscall.BpfStmt":                       {7, 0},
+	"syscall.BpfJump":                       {7, 0},
+	"syscall.BpfBuflen":                     {7, 0},
+	"syscall.SetBpfBuflen":                  {7, 0},
+	"syscall.BpfDatalink":                   {7, 0},
+	"syscall.SetBpfDatalink":                {7, 0},
+	"syscall.SetBpfPromisc":                 {7, 0},
+	"syscall.FlushBpf":                      {7, 0},
+	"syscall.BpfInterface":                  {7, 0},
+	"syscall.SetBpfInterface":               {7, 0},
+	"syscall.BpfTimeout":                    {7, 0},
+	"syscall.SetBpfTimeout":                 {7, 0},
+	"syscall.BpfStats":                      {7, 0},
+	"syscall.SetBpfImmediate":               {7, 0},
+	"syscall.SetBpf":                        {7, 0},
+	"syscall.CheckBpfVersion":               {7, 0},
+	"syscall.BpfHeadercmpl":                 {7, 0},
+	"syscall.SetBpfHeadercmpl":              {7, 0},
+	"syscall.RouteRIB":                      {8, 0},
+	"syscall.RoutingMessage":                {8, 0},
+	"syscall.RouteMessage":                  {8, 0},
+	"syscall.InterfaceMessage":              {8, 0},
+	"syscall.InterfaceAddrMessage":          {8, 0},
+	"syscall.ParseRoutingMessage":           {8, 0},
+	"syscall.ParseRoutingSockaddr":          {8, 0},
+	"syscall.InterfaceAnnounceMessage":      {7, 0},
+	"syscall.InterfaceMulticastAddrMessage": {7, 0},
+	"syscall.FormatMessage":                 {5, 0},
 }
diff --git a/vendor/honnef.co/go/tools/edit/edit.go b/vendor/honnef.co/go/tools/edit/edit.go
new file mode 100644
index 00000000..f4cfba23
--- /dev/null
+++ b/vendor/honnef.co/go/tools/edit/edit.go
@@ -0,0 +1,67 @@
+package edit
+
+import (
+	"bytes"
+	"go/ast"
+	"go/format"
+	"go/token"
+
+	"golang.org/x/tools/go/analysis"
+	"honnef.co/go/tools/pattern"
+)
+
+type Ranger interface {
+	Pos() token.Pos
+	End() token.Pos
+}
+
+type Range [2]token.Pos
+
+func (r Range) Pos() token.Pos { return r[0] }
+func (r Range) End() token.Pos { return r[1] }
+
+func ReplaceWithString(fset *token.FileSet, old Ranger, new string) analysis.TextEdit {
+	return analysis.TextEdit{
+		Pos:     old.Pos(),
+		End:     old.End(),
+		NewText: []byte(new),
+	}
+}
+
+func ReplaceWithNode(fset *token.FileSet, old Ranger, new ast.Node) analysis.TextEdit {
+	buf := &bytes.Buffer{}
+	if err := format.Node(buf, fset, new); err != nil {
+		panic("internal error: " + err.Error())
+	}
+	return analysis.TextEdit{
+		Pos:     old.Pos(),
+		End:     old.End(),
+		NewText: buf.Bytes(),
+	}
+}
+
+func ReplaceWithPattern(pass *analysis.Pass, after pattern.Pattern, state pattern.State, node Ranger) analysis.TextEdit {
+	r := pattern.NodeToAST(after.Root, state)
+	buf := &bytes.Buffer{}
+	format.Node(buf, pass.Fset, r)
+	return analysis.TextEdit{
+		Pos:     node.Pos(),
+		End:     node.End(),
+		NewText: buf.Bytes(),
+	}
+}
+
+func Delete(old Ranger) analysis.TextEdit {
+	return analysis.TextEdit{
+		Pos:     old.Pos(),
+		End:     old.End(),
+		NewText: nil,
+	}
+}
+
+func Fix(msg string, edits ...analysis.TextEdit) analysis.SuggestedFix {
+	return analysis.SuggestedFix{
+		Message:   msg,
+		TextEdits: edits,
+	}
+}
diff --git a/vendor/honnef.co/go/tools/facts/generated.go b/vendor/honnef.co/go/tools/facts/generated.go
index 1ed9563a..3e7aef11 100644
--- a/vendor/honnef.co/go/tools/facts/generated.go
+++ b/vendor/honnef.co/go/tools/facts/generated.go
@@ -55,6 +55,10 @@ func isGenerated(path string) (Generator, bool) {
 			if strings.HasPrefix(text, `by "stringer `) {
 				return Stringer, true
 			}
+			if strings.HasPrefix(text, `by goyacc `) {
+				return Goyacc, true
+			}
+
 			return Unknown, true
 		}
 		if bytes.Equal(s, oldCgo) {
diff --git a/vendor/honnef.co/go/tools/facts/purity.go b/vendor/honnef.co/go/tools/facts/purity.go
index 861ca411..099ee23e 100644
--- a/vendor/honnef.co/go/tools/facts/purity.go
+++ b/vendor/honnef.co/go/tools/facts/purity.go
@@ -1,14 +1,13 @@
 package facts
 
 import (
-	"go/token"
 	"go/types"
 	"reflect"
 
 	"golang.org/x/tools/go/analysis"
 	"honnef.co/go/tools/functions"
-	"honnef.co/go/tools/internal/passes/buildssa"
-	"honnef.co/go/tools/ssa"
+	"honnef.co/go/tools/internal/passes/buildir"
+	"honnef.co/go/tools/ir"
 )
 
 type IsPure struct{}
@@ -22,7 +21,7 @@ var Purity = &analysis.Analyzer{
 	Name:       "fact_purity",
 	Doc:        "Mark pure functions",
 	Run:        purity,
-	Requires:   []*analysis.Analyzer{buildssa.Analyzer},
+	Requires:   []*analysis.Analyzer{buildir.Analyzer},
 	FactTypes:  []analysis.Fact{(*IsPure)(nil)},
 	ResultType: reflect.TypeOf(PurityResult{}),
 }
@@ -56,65 +55,68 @@ var pureStdlib = map[string]struct{}{
 }
 
 func purity(pass *analysis.Pass) (interface{}, error) {
-	seen := map[*ssa.Function]struct{}{}
-	ssapkg := pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).Pkg
-	var check func(ssafn *ssa.Function) (ret bool)
-	check = func(ssafn *ssa.Function) (ret bool) {
-		if ssafn.Object() == nil {
+	seen := map[*ir.Function]struct{}{}
+	irpkg := pass.ResultOf[buildir.Analyzer].(*buildir.IR).Pkg
+	var check func(fn *ir.Function) (ret bool)
+	check = func(fn *ir.Function) (ret bool) {
+		if fn.Object() == nil {
 			// TODO(dh): support closures
 			return false
 		}
-		if pass.ImportObjectFact(ssafn.Object(), new(IsPure)) {
+		if pass.ImportObjectFact(fn.Object(), new(IsPure)) {
 			return true
 		}
-		if ssafn.Pkg != ssapkg {
+		if fn.Pkg != irpkg {
 			// Function is in another package but wasn't marked as
 			// pure, ergo it isn't pure
 			return false
 		}
 		// Break recursion
-		if _, ok := seen[ssafn]; ok {
+		if _, ok := seen[fn]; ok {
 			return false
 		}
 
-		seen[ssafn] = struct{}{}
+		seen[fn] = struct{}{}
 		defer func() {
 			if ret {
-				pass.ExportObjectFact(ssafn.Object(), &IsPure{})
+				pass.ExportObjectFact(fn.Object(), &IsPure{})
 			}
 		}()
 
-		if functions.IsStub(ssafn) {
+		if functions.IsStub(fn) {
 			return false
 		}
 
-		if _, ok := pureStdlib[ssafn.Object().(*types.Func).FullName()]; ok {
+		if _, ok := pureStdlib[fn.Object().(*types.Func).FullName()]; ok {
 			return true
 		}
 
-		if ssafn.Signature.Results().Len() == 0 {
+		if fn.Signature.Results().Len() == 0 {
 			// A function with no return values is empty or is doing some
 			// work we cannot see (for example because of build tags);
 			// don't consider it pure.
 			return false
 		}
 
-		for _, param := range ssafn.Params {
+		for _, param := range fn.Params {
+			// TODO(dh): this may not be strictly correct. pure code
+			// can, to an extent, operate on non-basic types.
 			if _, ok := param.Type().Underlying().(*types.Basic); !ok {
 				return false
 			}
 		}
 
-		if ssafn.Blocks == nil {
+		// Don't consider external functions pure.
+		if fn.Blocks == nil {
 			return false
 		}
-		checkCall := func(common *ssa.CallCommon) bool {
+		checkCall := func(common *ir.CallCommon) bool {
 			if common.IsInvoke() {
 				return false
 			}
-			builtin, ok := common.Value.(*ssa.Builtin)
+			builtin, ok := common.Value.(*ir.Builtin)
 			if !ok {
-				if common.StaticCallee() != ssafn {
+				if common.StaticCallee() != fn {
 					if common.StaticCallee() == nil {
 						return false
 					}
@@ -124,47 +126,47 @@ func purity(pass *analysis.Pass) (interface{}, error) {
 				}
 			} else {
 				switch builtin.Name() {
-				case "len", "cap", "make", "new":
+				case "len", "cap":
 				default:
 					return false
 				}
 			}
 			return true
 		}
-		for _, b := range ssafn.Blocks {
+		for _, b := range fn.Blocks {
 			for _, ins := range b.Instrs {
 				switch ins := ins.(type) {
-				case *ssa.Call:
+				case *ir.Call:
 					if !checkCall(ins.Common()) {
 						return false
 					}
-				case *ssa.Defer:
+				case *ir.Defer:
 					if !checkCall(&ins.Call) {
 						return false
 					}
-				case *ssa.Select:
+				case *ir.Select:
 					return false
-				case *ssa.Send:
+				case *ir.Send:
 					return false
-				case *ssa.Go:
+				case *ir.Go:
 					return false
-				case *ssa.Panic:
+				case *ir.Panic:
 					return false
-				case *ssa.Store:
+				case *ir.Store:
 					return false
-				case *ssa.FieldAddr:
+				case *ir.FieldAddr:
+					return false
+				case *ir.Alloc:
+					return false
+				case *ir.Load:
 					return false
-				case *ssa.UnOp:
-					if ins.Op == token.MUL || ins.Op == token.AND {
-						return false
-					}
 				}
 			}
 		}
 		return true
 	}
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		check(ssafn)
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		check(fn)
 	}
 
 	out := PurityResult{}
diff --git a/vendor/honnef.co/go/tools/functions/loops.go b/vendor/honnef.co/go/tools/functions/loops.go
index 15877a2f..a8af7010 100644
--- a/vendor/honnef.co/go/tools/functions/loops.go
+++ b/vendor/honnef.co/go/tools/functions/loops.go
@@ -1,10 +1,10 @@
 package functions
 
-import "honnef.co/go/tools/ssa"
+import "honnef.co/go/tools/ir"
 
-type Loop struct{ ssa.BlockSet }
+type Loop struct{ *ir.BlockSet }
 
-func FindLoops(fn *ssa.Function) []Loop {
+func FindLoops(fn *ir.Function) []Loop {
 	if fn.Blocks == nil {
 		return nil
 	}
@@ -18,12 +18,12 @@ func FindLoops(fn *ssa.Function) []Loop {
 			// n is a back-edge to h
 			// h is the loop header
 			if n == h {
-				set := Loop{}
+				set := Loop{ir.NewBlockSet(len(fn.Blocks))}
 				set.Add(n)
 				sets = append(sets, set)
 				continue
 			}
-			set := Loop{}
+			set := Loop{ir.NewBlockSet(len(fn.Blocks))}
 			set.Add(h)
 			set.Add(n)
 			for _, b := range allPredsBut(n, h, nil) {
@@ -35,7 +35,7 @@ func FindLoops(fn *ssa.Function) []Loop {
 	return sets
 }
 
-func allPredsBut(b, but *ssa.BasicBlock, list []*ssa.BasicBlock) []*ssa.BasicBlock {
+func allPredsBut(b, but *ir.BasicBlock, list []*ir.BasicBlock) []*ir.BasicBlock {
 outer:
 	for _, pred := range b.Preds {
 		if pred == but {
diff --git a/vendor/honnef.co/go/tools/functions/pure.go b/vendor/honnef.co/go/tools/functions/pure.go
deleted file mode 100644
index 8bc55877..00000000
--- a/vendor/honnef.co/go/tools/functions/pure.go
+++ /dev/null
@@ -1,46 +0,0 @@
-package functions
-
-import (
-	"honnef.co/go/tools/ssa"
-)
-
-func filterDebug(instr []ssa.Instruction) []ssa.Instruction {
-	var out []ssa.Instruction
-	for _, ins := range instr {
-		if _, ok := ins.(*ssa.DebugRef); !ok {
-			out = append(out, ins)
-		}
-	}
-	return out
-}
-
-// IsStub reports whether a function is a stub. A function is
-// considered a stub if it has no instructions or exactly one
-// instruction, which must be either returning only constant values or
-// a panic.
-func IsStub(fn *ssa.Function) bool {
-	if len(fn.Blocks) == 0 {
-		return true
-	}
-	if len(fn.Blocks) > 1 {
-		return false
-	}
-	instrs := filterDebug(fn.Blocks[0].Instrs)
-	if len(instrs) != 1 {
-		return false
-	}
-
-	switch instrs[0].(type) {
-	case *ssa.Return:
-		// Since this is the only instruction, the return value must
-		// be a constant. We consider all constants as stubs, not just
-		// the zero value. This does not, unfortunately, cover zero
-		// initialised structs, as these cause additional
-		// instructions.
-		return true
-	case *ssa.Panic:
-		return true
-	default:
-		return false
-	}
-}
diff --git a/vendor/honnef.co/go/tools/functions/stub.go b/vendor/honnef.co/go/tools/functions/stub.go
new file mode 100644
index 00000000..4d5de10b
--- /dev/null
+++ b/vendor/honnef.co/go/tools/functions/stub.go
@@ -0,0 +1,32 @@
+package functions
+
+import (
+	"honnef.co/go/tools/ir"
+)
+
+// IsStub reports whether a function is a stub. A function is
+// considered a stub if it has no instructions or if all it does is
+// return a constant value.
+func IsStub(fn *ir.Function) bool {
+	for _, b := range fn.Blocks {
+		for _, instr := range b.Instrs {
+			switch instr.(type) {
+			case *ir.Const:
+				// const naturally has no side-effects
+			case *ir.Panic:
+				// panic is a stub if it only uses constants
+			case *ir.Return:
+				// return is a stub if it only uses constants
+			case *ir.DebugRef:
+			case *ir.Jump:
+				// if there are no disallowed instructions, then we're
+				// only jumping to the exit block (or possibly
+				// somewhere else that's stubby?)
+			default:
+				// all other instructions are assumed to do actual work
+				return false
+			}
+		}
+	}
+	return true
+}
diff --git a/vendor/honnef.co/go/tools/functions/terminates.go b/vendor/honnef.co/go/tools/functions/terminates.go
index 3e9c3a23..c4984673 100644
--- a/vendor/honnef.co/go/tools/functions/terminates.go
+++ b/vendor/honnef.co/go/tools/functions/terminates.go
@@ -1,11 +1,15 @@
 package functions
 
-import "honnef.co/go/tools/ssa"
+import (
+	"go/types"
+
+	"honnef.co/go/tools/ir"
+)
 
 // Terminates reports whether fn is supposed to return, that is if it
 // has at least one theoretic path that returns from the function.
 // Explicit panics do not count as terminating.
-func Terminates(fn *ssa.Function) bool {
+func Terminates(fn *ir.Function) bool {
 	if fn.Blocks == nil {
 		// assuming that a function terminates is the conservative
 		// choice
@@ -13,11 +17,53 @@ func Terminates(fn *ssa.Function) bool {
 	}
 
 	for _, block := range fn.Blocks {
-		if len(block.Instrs) == 0 {
-			continue
-		}
-		if _, ok := block.Instrs[len(block.Instrs)-1].(*ssa.Return); ok {
-			return true
+		if _, ok := block.Control().(*ir.Return); ok {
+			if len(block.Preds) == 0 {
+				return true
+			}
+			for _, pred := range block.Preds {
+				switch ctrl := pred.Control().(type) {
+				case *ir.Panic:
+					// explicit panics do not count as terminating
+				case *ir.If:
+					// Check if we got here by receiving from a closed
+					// time.Tick channel – this cannot happen at
+					// runtime and thus doesn't constitute termination
+					iff := ctrl
+					if !ok {
+						return true
+					}
+					ex, ok := iff.Cond.(*ir.Extract)
+					if !ok {
+						return true
+					}
+					if ex.Index != 1 {
+						return true
+					}
+					recv, ok := ex.Tuple.(*ir.Recv)
+					if !ok {
+						return true
+					}
+					call, ok := recv.Chan.(*ir.Call)
+					if !ok {
+						return true
+					}
+					fn, ok := call.Common().Value.(*ir.Function)
+					if !ok {
+						return true
+					}
+					fn2, ok := fn.Object().(*types.Func)
+					if !ok {
+						return true
+					}
+					if fn2.FullName() != "time.Tick" {
+						return true
+					}
+				default:
+					// we've reached the exit block
+					return true
+				}
+			}
 		}
 	}
 	return false
diff --git a/vendor/honnef.co/go/tools/internal/cache/cache.go b/vendor/honnef.co/go/tools/internal/cache/cache.go
index 2b33ca10..6b41811c 100644
--- a/vendor/honnef.co/go/tools/internal/cache/cache.go
+++ b/vendor/honnef.co/go/tools/internal/cache/cache.go
@@ -177,7 +177,7 @@ func (c *Cache) get(id ActionID) (Entry, error) {
 		i++
 	}
 	tm, err := strconv.ParseInt(string(etime[i:]), 10, 64)
-	if err != nil || size < 0 {
+	if err != nil || tm < 0 {
 		return missing()
 	}
 
@@ -265,7 +265,7 @@ func (c *Cache) Trim() {
 	// We maintain in dir/trim.txt the time of the last completed cache trim.
 	// If the cache has been trimmed recently enough, do nothing.
 	// This is the common case.
-	data, _ := ioutil.ReadFile(filepath.Join(c.dir, "trim.txt"))
+	data, _ := renameio.ReadFile(filepath.Join(c.dir, "trim.txt"))
 	t, err := strconv.ParseInt(strings.TrimSpace(string(data)), 10, 64)
 	if err == nil && now.Sub(time.Unix(t, 0)) < trimInterval {
 		return
@@ -282,7 +282,7 @@ func (c *Cache) Trim() {
 
 	// Ignore errors from here: if we don't write the complete timestamp, the
 	// cache will appear older than it is, and we'll trim it again next time.
-	renameio.WriteFile(filepath.Join(c.dir, "trim.txt"), []byte(fmt.Sprintf("%d", now.Unix())))
+	renameio.WriteFile(filepath.Join(c.dir, "trim.txt"), []byte(fmt.Sprintf("%d", now.Unix())), 0666)
 }
 
 // trimSubdir trims a single cache subdirectory.
@@ -326,7 +326,8 @@ func (c *Cache) putIndexEntry(id ActionID, out OutputID, size int64, allowVerify
 	// in verify mode we are double-checking that the cache entries
 	// are entirely reproducible. As just noted, this may be unrealistic
 	// in some cases but the check is also useful for shaking out real bugs.
-	entry := []byte(fmt.Sprintf("v1 %x %x %20d %20d\n", id, out, size, time.Now().UnixNano()))
+	entry := fmt.Sprintf("v1 %x %x %20d %20d\n", id, out, size, time.Now().UnixNano())
+
 	if verify && allowVerify {
 		old, err := c.get(id)
 		if err == nil && (old.OutputID != out || old.Size != size) {
@@ -336,7 +337,28 @@ func (c *Cache) putIndexEntry(id ActionID, out OutputID, size int64, allowVerify
 		}
 	}
 	file := c.fileName(id, "a")
-	if err := ioutil.WriteFile(file, entry, 0666); err != nil {
+
+	// Copy file to cache directory.
+	mode := os.O_WRONLY | os.O_CREATE
+	f, err := os.OpenFile(file, mode, 0666)
+	if err != nil {
+		return err
+	}
+	_, err = f.WriteString(entry)
+	if err == nil {
+		// Truncate the file only *after* writing it.
+		// (This should be a no-op, but truncate just in case of previous corruption.)
+		//
+		// This differs from ioutil.WriteFile, which truncates to 0 *before* writing
+		// via os.O_TRUNC. Truncating only after writing ensures that a second write
+		// of the same content to the same file is idempotent, and does not — even
+		// temporarily! — undo the effect of the first write.
+		err = f.Truncate(int64(len(entry)))
+	}
+	if closeErr := f.Close(); err == nil {
+		err = closeErr
+	}
+	if err != nil {
 		// TODO(bcmills): This Remove potentially races with another go command writing to file.
 		// Can we eliminate it?
 		os.Remove(file)
diff --git a/vendor/honnef.co/go/tools/internal/passes/buildir/buildir.go b/vendor/honnef.co/go/tools/internal/passes/buildir/buildir.go
new file mode 100644
index 00000000..39469770
--- /dev/null
+++ b/vendor/honnef.co/go/tools/internal/passes/buildir/buildir.go
@@ -0,0 +1,113 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package buildir defines an Analyzer that constructs the IR
+// of an error-free package and returns the set of all
+// functions within it. It does not report any diagnostics itself but
+// may be used as an input to other analyzers.
+//
+// THIS INTERFACE IS EXPERIMENTAL AND MAY BE SUBJECT TO INCOMPATIBLE CHANGE.
+package buildir
+
+import (
+	"go/ast"
+	"go/types"
+	"reflect"
+
+	"golang.org/x/tools/go/analysis"
+	"honnef.co/go/tools/ir"
+)
+
+type willExit struct{}
+type willUnwind struct{}
+
+func (*willExit) AFact()   {}
+func (*willUnwind) AFact() {}
+
+var Analyzer = &analysis.Analyzer{
+	Name:       "buildir",
+	Doc:        "build IR for later passes",
+	Run:        run,
+	ResultType: reflect.TypeOf(new(IR)),
+	FactTypes:  []analysis.Fact{new(willExit), new(willUnwind)},
+}
+
+// IR provides intermediate representation for all the
+// non-blank source functions in the current package.
+type IR struct {
+	Pkg      *ir.Package
+	SrcFuncs []*ir.Function
+}
+
+func run(pass *analysis.Pass) (interface{}, error) {
+	// Plundered from ssautil.BuildPackage.
+
+	// We must create a new Program for each Package because the
+	// analysis API provides no place to hang a Program shared by
+	// all Packages. Consequently, IR Packages and Functions do not
+	// have a canonical representation across an analysis session of
+	// multiple packages. This is unlikely to be a problem in
+	// practice because the analysis API essentially forces all
+	// packages to be analysed independently, so any given call to
+	// Analysis.Run on a package will see only IR objects belonging
+	// to a single Program.
+
+	mode := ir.GlobalDebug
+
+	prog := ir.NewProgram(pass.Fset, mode)
+
+	// Create IR packages for all imports.
+	// Order is not significant.
+	created := make(map[*types.Package]bool)
+	var createAll func(pkgs []*types.Package)
+	createAll = func(pkgs []*types.Package) {
+		for _, p := range pkgs {
+			if !created[p] {
+				created[p] = true
+				irpkg := prog.CreatePackage(p, nil, nil, true)
+				for _, fn := range irpkg.Functions {
+					if ast.IsExported(fn.Name()) {
+						var exit willExit
+						var unwind willUnwind
+						if pass.ImportObjectFact(fn.Object(), &exit) {
+							fn.WillExit = true
+						}
+						if pass.ImportObjectFact(fn.Object(), &unwind) {
+							fn.WillUnwind = true
+						}
+					}
+				}
+				createAll(p.Imports())
+			}
+		}
+	}
+	createAll(pass.Pkg.Imports())
+
+	// Create and build the primary package.
+	irpkg := prog.CreatePackage(pass.Pkg, pass.Files, pass.TypesInfo, false)
+	irpkg.Build()
+
+	// Compute list of source functions, including literals,
+	// in source order.
+	var addAnons func(f *ir.Function)
+	funcs := make([]*ir.Function, len(irpkg.Functions))
+	copy(funcs, irpkg.Functions)
+	addAnons = func(f *ir.Function) {
+		for _, anon := range f.AnonFuncs {
+			funcs = append(funcs, anon)
+			addAnons(anon)
+		}
+	}
+	for _, fn := range irpkg.Functions {
+		addAnons(fn)
+		if fn.WillExit {
+			pass.ExportObjectFact(fn.Object(), new(willExit))
+		}
+		if fn.WillUnwind {
+			pass.ExportObjectFact(fn.Object(), new(willUnwind))
+		}
+	}
+
+	return &IR{Pkg: irpkg, SrcFuncs: funcs}, nil
+}
diff --git a/vendor/honnef.co/go/tools/internal/passes/buildssa/buildssa.go b/vendor/honnef.co/go/tools/internal/passes/buildssa/buildssa.go
deleted file mode 100644
index fde918d1..00000000
--- a/vendor/honnef.co/go/tools/internal/passes/buildssa/buildssa.go
+++ /dev/null
@@ -1,116 +0,0 @@
-// Copyright 2018 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-// Package buildssa defines an Analyzer that constructs the SSA
-// representation of an error-free package and returns the set of all
-// functions within it. It does not report any diagnostics itself but
-// may be used as an input to other analyzers.
-//
-// THIS INTERFACE IS EXPERIMENTAL AND MAY BE SUBJECT TO INCOMPATIBLE CHANGE.
-package buildssa
-
-import (
-	"go/ast"
-	"go/types"
-	"reflect"
-
-	"golang.org/x/tools/go/analysis"
-	"honnef.co/go/tools/ssa"
-)
-
-var Analyzer = &analysis.Analyzer{
-	Name:       "buildssa",
-	Doc:        "build SSA-form IR for later passes",
-	Run:        run,
-	ResultType: reflect.TypeOf(new(SSA)),
-}
-
-// SSA provides SSA-form intermediate representation for all the
-// non-blank source functions in the current package.
-type SSA struct {
-	Pkg      *ssa.Package
-	SrcFuncs []*ssa.Function
-}
-
-func run(pass *analysis.Pass) (interface{}, error) {
-	// Plundered from ssautil.BuildPackage.
-
-	// We must create a new Program for each Package because the
-	// analysis API provides no place to hang a Program shared by
-	// all Packages. Consequently, SSA Packages and Functions do not
-	// have a canonical representation across an analysis session of
-	// multiple packages. This is unlikely to be a problem in
-	// practice because the analysis API essentially forces all
-	// packages to be analysed independently, so any given call to
-	// Analysis.Run on a package will see only SSA objects belonging
-	// to a single Program.
-
-	mode := ssa.GlobalDebug
-
-	prog := ssa.NewProgram(pass.Fset, mode)
-
-	// Create SSA packages for all imports.
-	// Order is not significant.
-	created := make(map[*types.Package]bool)
-	var createAll func(pkgs []*types.Package)
-	createAll = func(pkgs []*types.Package) {
-		for _, p := range pkgs {
-			if !created[p] {
-				created[p] = true
-				prog.CreatePackage(p, nil, nil, true)
-				createAll(p.Imports())
-			}
-		}
-	}
-	createAll(pass.Pkg.Imports())
-
-	// Create and build the primary package.
-	ssapkg := prog.CreatePackage(pass.Pkg, pass.Files, pass.TypesInfo, false)
-	ssapkg.Build()
-
-	// Compute list of source functions, including literals,
-	// in source order.
-	var funcs []*ssa.Function
-	var addAnons func(f *ssa.Function)
-	addAnons = func(f *ssa.Function) {
-		funcs = append(funcs, f)
-		for _, anon := range f.AnonFuncs {
-			addAnons(anon)
-		}
-	}
-	addAnons(ssapkg.Members["init"].(*ssa.Function))
-	for _, f := range pass.Files {
-		for _, decl := range f.Decls {
-			if fdecl, ok := decl.(*ast.FuncDecl); ok {
-
-				// SSA will not build a Function
-				// for a FuncDecl named blank.
-				// That's arguably too strict but
-				// relaxing it would break uniqueness of
-				// names of package members.
-				if fdecl.Name.Name == "_" {
-					continue
-				}
-
-				// (init functions have distinct Func
-				// objects named "init" and distinct
-				// ssa.Functions named "init#1", ...)
-
-				fn := pass.TypesInfo.Defs[fdecl.Name].(*types.Func)
-				if fn == nil {
-					panic(fn)
-				}
-
-				f := ssapkg.Prog.FuncValue(fn)
-				if f == nil {
-					panic(fn)
-				}
-
-				addAnons(f)
-			}
-		}
-	}
-
-	return &SSA{Pkg: ssapkg, SrcFuncs: funcs}, nil
-}
diff --git a/vendor/honnef.co/go/tools/internal/renameio/renameio.go b/vendor/honnef.co/go/tools/internal/renameio/renameio.go
index 3f3f1708..a279d1a1 100644
--- a/vendor/honnef.co/go/tools/internal/renameio/renameio.go
+++ b/vendor/honnef.co/go/tools/internal/renameio/renameio.go
@@ -8,15 +8,15 @@ package renameio
 import (
 	"bytes"
 	"io"
-	"io/ioutil"
+	"math/rand"
 	"os"
 	"path/filepath"
-	"runtime"
-	"strings"
-	"time"
+	"strconv"
+
+	"honnef.co/go/tools/internal/robustio"
 )
 
-const patternSuffix = "*.tmp"
+const patternSuffix = ".tmp"
 
 // Pattern returns a glob pattern that matches the unrenamed temporary files
 // created when writing to filename.
@@ -29,14 +29,14 @@ func Pattern(filename string) string {
 // final name.
 //
 // That ensures that the final location, if it exists, is always a complete file.
-func WriteFile(filename string, data []byte) (err error) {
-	return WriteToFile(filename, bytes.NewReader(data))
+func WriteFile(filename string, data []byte, perm os.FileMode) (err error) {
+	return WriteToFile(filename, bytes.NewReader(data), perm)
 }
 
 // WriteToFile is a variant of WriteFile that accepts the data as an io.Reader
 // instead of a slice.
-func WriteToFile(filename string, data io.Reader) (err error) {
-	f, err := ioutil.TempFile(filepath.Dir(filename), filepath.Base(filename)+patternSuffix)
+func WriteToFile(filename string, data io.Reader, perm os.FileMode) (err error) {
+	f, err := tempFile(filepath.Dir(filename), filepath.Base(filename), perm)
 	if err != nil {
 		return err
 	}
@@ -63,21 +63,31 @@ func WriteToFile(filename string, data io.Reader) (err error) {
 		return err
 	}
 
-	var start time.Time
-	for {
-		err := os.Rename(f.Name(), filename)
-		if err == nil || runtime.GOOS != "windows" || !strings.HasSuffix(err.Error(), "Access is denied.") {
-			return err
-		}
-
-		// Windows seems to occasionally trigger spurious "Access is denied" errors
-		// here (see golang.org/issue/31247). We're not sure why. It's probably
-		// worth a little extra latency to avoid propagating the spurious errors.
-		if start.IsZero() {
-			start = time.Now()
-		} else if time.Since(start) >= 500*time.Millisecond {
-			return err
-		}
-		time.Sleep(5 * time.Millisecond)
-	}
+	return robustio.Rename(f.Name(), filename)
+}
+
+// tempFile creates a new temporary file with given permission bits.
+func tempFile(dir, prefix string, perm os.FileMode) (f *os.File, err error) {
+	for i := 0; i < 10000; i++ {
+		name := filepath.Join(dir, prefix+strconv.Itoa(rand.Intn(1000000000))+patternSuffix)
+		f, err = os.OpenFile(name, os.O_RDWR|os.O_CREATE|os.O_EXCL, perm)
+		if os.IsExist(err) {
+			continue
+		}
+		break
+	}
+	return
+}
+
+// ReadFile is like ioutil.ReadFile, but on Windows retries spurious errors that
+// may occur if the file is concurrently replaced.
+//
+// Errors are classified heuristically and retries are bounded, so even this
+// function may occasionally return a spurious error on Windows.
+// If so, the error will likely wrap one of:
+//     - syscall.ERROR_ACCESS_DENIED
+//     - syscall.ERROR_FILE_NOT_FOUND
+//     - internal/syscall/windows.ERROR_SHARING_VIOLATION
+func ReadFile(filename string) ([]byte, error) {
+	return robustio.ReadFile(filename)
 }
diff --git a/vendor/honnef.co/go/tools/internal/robustio/robustio.go b/vendor/honnef.co/go/tools/internal/robustio/robustio.go
new file mode 100644
index 00000000..76e47ad1
--- /dev/null
+++ b/vendor/honnef.co/go/tools/internal/robustio/robustio.go
@@ -0,0 +1,53 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package robustio wraps I/O functions that are prone to failure on Windows,
+// transparently retrying errors up to an arbitrary timeout.
+//
+// Errors are classified heuristically and retries are bounded, so the functions
+// in this package do not completely eliminate spurious errors. However, they do
+// significantly reduce the rate of failure in practice.
+//
+// If so, the error will likely wrap one of:
+// The functions in this package do not completely eliminate spurious errors,
+// but substantially reduce their rate of occurrence in practice.
+package robustio
+
+// Rename is like os.Rename, but on Windows retries errors that may occur if the
+// file is concurrently read or overwritten.
+//
+// (See golang.org/issue/31247 and golang.org/issue/32188.)
+func Rename(oldpath, newpath string) error {
+	return rename(oldpath, newpath)
+}
+
+// ReadFile is like ioutil.ReadFile, but on Windows retries errors that may
+// occur if the file is concurrently replaced.
+//
+// (See golang.org/issue/31247 and golang.org/issue/32188.)
+func ReadFile(filename string) ([]byte, error) {
+	return readFile(filename)
+}
+
+// RemoveAll is like os.RemoveAll, but on Windows retries errors that may occur
+// if an executable file in the directory has recently been executed.
+//
+// (See golang.org/issue/19491.)
+func RemoveAll(path string) error {
+	return removeAll(path)
+}
+
+// IsEphemeralError reports whether err is one of the errors that the functions
+// in this package attempt to mitigate.
+//
+// Errors considered ephemeral include:
+// 	- syscall.ERROR_ACCESS_DENIED
+// 	- syscall.ERROR_FILE_NOT_FOUND
+// 	- internal/syscall/windows.ERROR_SHARING_VIOLATION
+//
+// This set may be expanded in the future; programs must not rely on the
+// non-ephemerality of any given error.
+func IsEphemeralError(err error) bool {
+	return isEphemeralError(err)
+}
diff --git a/vendor/honnef.co/go/tools/internal/robustio/robustio_darwin.go b/vendor/honnef.co/go/tools/internal/robustio/robustio_darwin.go
new file mode 100644
index 00000000..1ac0d10d
--- /dev/null
+++ b/vendor/honnef.co/go/tools/internal/robustio/robustio_darwin.go
@@ -0,0 +1,29 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package robustio
+
+import (
+	"os"
+	"syscall"
+)
+
+const errFileNotFound = syscall.ENOENT
+
+// isEphemeralError returns true if err may be resolved by waiting.
+func isEphemeralError(err error) bool {
+	switch werr := err.(type) {
+	case *os.PathError:
+		err = werr.Err
+	case *os.LinkError:
+		err = werr.Err
+	case *os.SyscallError:
+		err = werr.Err
+
+	}
+	if errno, ok := err.(syscall.Errno); ok {
+		return errno == errFileNotFound
+	}
+	return false
+}
diff --git a/vendor/honnef.co/go/tools/internal/robustio/robustio_flaky.go b/vendor/honnef.co/go/tools/internal/robustio/robustio_flaky.go
new file mode 100644
index 00000000..e0bf5b9b
--- /dev/null
+++ b/vendor/honnef.co/go/tools/internal/robustio/robustio_flaky.go
@@ -0,0 +1,93 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// +build windows darwin
+
+package robustio
+
+import (
+	"io/ioutil"
+	"math/rand"
+	"os"
+	"syscall"
+	"time"
+)
+
+const arbitraryTimeout = 500 * time.Millisecond
+
+const ERROR_SHARING_VIOLATION = 32
+
+// retry retries ephemeral errors from f up to an arbitrary timeout
+// to work around filesystem flakiness on Windows and Darwin.
+func retry(f func() (err error, mayRetry bool)) error {
+	var (
+		bestErr     error
+		lowestErrno syscall.Errno
+		start       time.Time
+		nextSleep   time.Duration = 1 * time.Millisecond
+	)
+	for {
+		err, mayRetry := f()
+		if err == nil || !mayRetry {
+			return err
+		}
+
+		if errno, ok := err.(syscall.Errno); ok && (lowestErrno == 0 || errno < lowestErrno) {
+			bestErr = err
+			lowestErrno = errno
+		} else if bestErr == nil {
+			bestErr = err
+		}
+
+		if start.IsZero() {
+			start = time.Now()
+		} else if d := time.Since(start) + nextSleep; d >= arbitraryTimeout {
+			break
+		}
+		time.Sleep(nextSleep)
+		nextSleep += time.Duration(rand.Int63n(int64(nextSleep)))
+	}
+
+	return bestErr
+}
+
+// rename is like os.Rename, but retries ephemeral errors.
+//
+// On windows it wraps os.Rename, which (as of 2019-06-04) uses MoveFileEx with
+// MOVEFILE_REPLACE_EXISTING.
+//
+// Windows also provides a different system call, ReplaceFile,
+// that provides similar semantics, but perhaps preserves more metadata. (The
+// documentation on the differences between the two is very sparse.)
+//
+// Empirical error rates with MoveFileEx are lower under modest concurrency, so
+// for now we're sticking with what the os package already provides.
+func rename(oldpath, newpath string) (err error) {
+	return retry(func() (err error, mayRetry bool) {
+		err = os.Rename(oldpath, newpath)
+		return err, isEphemeralError(err)
+	})
+}
+
+// readFile is like ioutil.ReadFile, but retries ephemeral errors.
+func readFile(filename string) ([]byte, error) {
+	var b []byte
+	err := retry(func() (err error, mayRetry bool) {
+		b, err = ioutil.ReadFile(filename)
+
+		// Unlike in rename, we do not retry errFileNotFound here: it can occur
+		// as a spurious error, but the file may also genuinely not exist, so the
+		// increase in robustness is probably not worth the extra latency.
+
+		return err, isEphemeralError(err) && err != errFileNotFound
+	})
+	return b, err
+}
+
+func removeAll(path string) error {
+	return retry(func() (err error, mayRetry bool) {
+		err = os.RemoveAll(path)
+		return err, isEphemeralError(err)
+	})
+}
diff --git a/vendor/honnef.co/go/tools/internal/robustio/robustio_other.go b/vendor/honnef.co/go/tools/internal/robustio/robustio_other.go
new file mode 100644
index 00000000..a2428856
--- /dev/null
+++ b/vendor/honnef.co/go/tools/internal/robustio/robustio_other.go
@@ -0,0 +1,28 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//+build !windows,!darwin
+
+package robustio
+
+import (
+	"io/ioutil"
+	"os"
+)
+
+func rename(oldpath, newpath string) error {
+	return os.Rename(oldpath, newpath)
+}
+
+func readFile(filename string) ([]byte, error) {
+	return ioutil.ReadFile(filename)
+}
+
+func removeAll(path string) error {
+	return os.RemoveAll(path)
+}
+
+func isEphemeralError(err error) bool {
+	return false
+}
diff --git a/vendor/honnef.co/go/tools/internal/robustio/robustio_windows.go b/vendor/honnef.co/go/tools/internal/robustio/robustio_windows.go
new file mode 100644
index 00000000..a35237d4
--- /dev/null
+++ b/vendor/honnef.co/go/tools/internal/robustio/robustio_windows.go
@@ -0,0 +1,33 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package robustio
+
+import (
+	"os"
+	"syscall"
+)
+
+const errFileNotFound = syscall.ERROR_FILE_NOT_FOUND
+
+// isEphemeralError returns true if err may be resolved by waiting.
+func isEphemeralError(err error) bool {
+	switch werr := err.(type) {
+	case *os.PathError:
+		err = werr.Err
+	case *os.LinkError:
+		err = werr.Err
+	case *os.SyscallError:
+		err = werr.Err
+	}
+	if errno, ok := err.(syscall.Errno); ok {
+		switch errno {
+		case syscall.ERROR_ACCESS_DENIED,
+			syscall.ERROR_FILE_NOT_FOUND,
+			ERROR_SHARING_VIOLATION:
+			return true
+		}
+	}
+	return false
+}
diff --git a/vendor/honnef.co/go/tools/internal/sharedcheck/lint.go b/vendor/honnef.co/go/tools/internal/sharedcheck/lint.go
index affee660..e9abf0d8 100644
--- a/vendor/honnef.co/go/tools/internal/sharedcheck/lint.go
+++ b/vendor/honnef.co/go/tools/internal/sharedcheck/lint.go
@@ -5,23 +5,24 @@ import (
 	"go/types"
 
 	"golang.org/x/tools/go/analysis"
-	"honnef.co/go/tools/internal/passes/buildssa"
+	"honnef.co/go/tools/code"
+	"honnef.co/go/tools/internal/passes/buildir"
+	"honnef.co/go/tools/ir"
 	. "honnef.co/go/tools/lint/lintdsl"
-	"honnef.co/go/tools/ssa"
 )
 
 func CheckRangeStringRunes(pass *analysis.Pass) (interface{}, error) {
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		fn := func(node ast.Node) bool {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		cb := func(node ast.Node) bool {
 			rng, ok := node.(*ast.RangeStmt)
-			if !ok || !IsBlank(rng.Key) {
+			if !ok || !code.IsBlank(rng.Key) {
 				return true
 			}
 
-			v, _ := ssafn.ValueForExpr(rng.X)
+			v, _ := fn.ValueForExpr(rng.X)
 
 			// Check that we're converting from string to []rune
-			val, _ := v.(*ssa.Convert)
+			val, _ := v.(*ir.Convert)
 			if val == nil {
 				return true
 			}
@@ -47,13 +48,13 @@ func CheckRangeStringRunes(pass *analysis.Pass) (interface{}, error) {
 
 			// Expect two refs: one for obtaining the length of the slice,
 			// one for accessing the elements
-			if len(FilterDebug(*refs)) != 2 {
+			if len(code.FilterDebug(*refs)) != 2 {
 				// TODO(dh): right now, we check that only one place
 				// refers to our slice. This will miss cases such as
 				// ranging over the slice twice. Ideally, we'd ensure that
 				// the slice is only used for ranging over (without
 				// accessing the key), but that is harder to do because in
-				// SSA form, ranging over a slice looks like an ordinary
+				// IR form, ranging over a slice looks like an ordinary
 				// loop with index increments and slice accesses. We'd
 				// have to look at the associated AST node to check that
 				// it's a range statement.
@@ -64,7 +65,7 @@ func CheckRangeStringRunes(pass *analysis.Pass) (interface{}, error) {
 
 			return true
 		}
-		Inspect(ssafn.Syntax(), fn)
+		Inspect(fn.Source(), cb)
 	}
 	return nil, nil
 }
diff --git a/vendor/honnef.co/go/tools/ssa/LICENSE b/vendor/honnef.co/go/tools/ir/LICENSE
similarity index 100%
rename from vendor/honnef.co/go/tools/ssa/LICENSE
rename to vendor/honnef.co/go/tools/ir/LICENSE
diff --git a/vendor/honnef.co/go/tools/ssa/blockopt.go b/vendor/honnef.co/go/tools/ir/blockopt.go
similarity index 83%
rename from vendor/honnef.co/go/tools/ssa/blockopt.go
rename to vendor/honnef.co/go/tools/ir/blockopt.go
index 22c9a4c0..d7a0e356 100644
--- a/vendor/honnef.co/go/tools/ssa/blockopt.go
+++ b/vendor/honnef.co/go/tools/ir/blockopt.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ssa
+package ir
 
 // Simple block optimizations to simplify the control flow graph.
 
@@ -21,35 +21,34 @@ const debugBlockOpt = false
 
 // markReachable sets Index=-1 for all blocks reachable from b.
 func markReachable(b *BasicBlock) {
-	b.Index = -1
+	b.gaps = -1
 	for _, succ := range b.Succs {
-		if succ.Index == 0 {
+		if succ.gaps == 0 {
 			markReachable(succ)
 		}
 	}
 }
 
-func DeleteUnreachableBlocks(f *Function) {
-	deleteUnreachableBlocks(f)
-}
-
 // deleteUnreachableBlocks marks all reachable blocks of f and
 // eliminates (nils) all others, including possibly cyclic subgraphs.
 //
 func deleteUnreachableBlocks(f *Function) {
 	const white, black = 0, -1
-	// We borrow b.Index temporarily as the mark bit.
+	// We borrow b.gaps temporarily as the mark bit.
 	for _, b := range f.Blocks {
-		b.Index = white
+		b.gaps = white
 	}
 	markReachable(f.Blocks[0])
-	if f.Recover != nil {
-		markReachable(f.Recover)
-	}
+	// In SSI form, we need the exit to be reachable for correct
+	// post-dominance information. In original form, however, we
+	// cannot unconditionally mark it reachable because we won't
+	// be adding fake edges, and this breaks the calculation of
+	// dominance information.
+	markReachable(f.Exit)
 	for i, b := range f.Blocks {
-		if b.Index == white {
+		if b.gaps == white {
 			for _, c := range b.Succs {
-				if c.Index == black {
+				if c.gaps == black {
 					c.removePred(b) // delete white->black edge
 				}
 			}
@@ -73,6 +72,13 @@ func jumpThreading(f *Function, b *BasicBlock) bool {
 	if b.Instrs == nil {
 		return false
 	}
+	for _, pred := range b.Preds {
+		switch pred.Control().(type) {
+		case *ConstantSwitch:
+			// don't optimize away the head blocks of switch statements
+			return false
+		}
+	}
 	if _, ok := b.Instrs[0].(*Jump); !ok {
 		return false // not just a jump
 	}
@@ -117,10 +123,17 @@ func fuseBlocks(f *Function, a *BasicBlock) bool {
 	if len(a.Succs) != 1 {
 		return false
 	}
+	if a.Succs[0] == f.Exit {
+		return false
+	}
 	b := a.Succs[0]
 	if len(b.Preds) != 1 {
 		return false
 	}
+	if _, ok := a.Instrs[len(a.Instrs)-1].(*Panic); ok {
+		// panics aren't simple jumps, they have side effects.
+		return false
+	}
 
 	// Degenerate &&/|| ops may result in a straight-line CFG
 	// containing φ-nodes. (Ideally we'd replace such them with
@@ -151,15 +164,16 @@ func fuseBlocks(f *Function, a *BasicBlock) bool {
 	return true
 }
 
-func OptimizeBlocks(f *Function) {
-	optimizeBlocks(f)
-}
-
 // optimizeBlocks() performs some simple block optimizations on a
 // completed function: dead block elimination, block fusion, jump
 // threading.
 //
 func optimizeBlocks(f *Function) {
+	if debugBlockOpt {
+		f.WriteTo(os.Stderr)
+		mustSanityCheck(f, nil)
+	}
+
 	deleteUnreachableBlocks(f)
 
 	// Loop until no further progress.
diff --git a/vendor/honnef.co/go/tools/ssa/builder.go b/vendor/honnef.co/go/tools/ir/builder.go
similarity index 71%
rename from vendor/honnef.co/go/tools/ssa/builder.go
rename to vendor/honnef.co/go/tools/ir/builder.go
index 317ac061..fdf4cb1a 100644
--- a/vendor/honnef.co/go/tools/ssa/builder.go
+++ b/vendor/honnef.co/go/tools/ir/builder.go
@@ -2,27 +2,22 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ssa
+package ir
 
-// This file implements the BUILD phase of SSA construction.
+// This file implements the BUILD phase of IR construction.
 //
-// SSA construction has two phases, CREATE and BUILD.  In the CREATE phase
+// IR construction has two phases, CREATE and BUILD.  In the CREATE phase
 // (create.go), all packages are constructed and type-checked and
 // definitions of all package members are created, method-sets are
 // computed, and wrapper methods are synthesized.
-// ssa.Packages are created in arbitrary order.
+// ir.Packages are created in arbitrary order.
 //
 // In the BUILD phase (builder.go), the builder traverses the AST of
-// each Go source function and generates SSA instructions for the
+// each Go source function and generates IR instructions for the
 // function body.  Initializer expressions for package-level variables
 // are emitted to the package's init() function in the order specified
 // by go/types.Info.InitOrder, then code for each function in the
 // package is generated in lexical order.
-// The BUILD phases for distinct packages are independent and are
-// executed in parallel.
-//
-// TODO(adonovan): indeed, building functions is now embarrassingly parallel.
-// Audit for concurrency then benchmark using more goroutines.
 //
 // The builder's and Program's indices (maps) are populated and
 // mutated during the CREATE phase, but during the BUILD phase they
@@ -36,7 +31,6 @@ import (
 	"go/token"
 	"go/types"
 	"os"
-	"sync"
 )
 
 type opaqueType struct {
@@ -59,27 +53,25 @@ var (
 	tUntypedNil = types.Typ[types.UntypedNil]
 	tRangeIter  = &opaqueType{nil, "iter"} // the type of all "range" iterators
 	tEface      = types.NewInterfaceType(nil, nil).Complete()
-
-	// SSA Value constants.
-	vZero = intConst(0)
-	vOne  = intConst(1)
-	vTrue = NewConst(constant.MakeBool(true), tBool)
 )
 
 // builder holds state associated with the package currently being built.
-// Its methods contain all the logic for AST-to-SSA conversion.
-type builder struct{}
+// Its methods contain all the logic for AST-to-IR conversion.
+type builder struct {
+	printFunc string
+
+	blocksets [5]BlockSet
+}
 
 // cond emits to fn code to evaluate boolean condition e and jump
 // to t or f depending on its value, performing various simplifications.
 //
 // Postcondition: fn.currentBlock is nil.
 //
-func (b *builder) cond(fn *Function, e ast.Expr, t, f *BasicBlock) {
+func (b *builder) cond(fn *Function, e ast.Expr, t, f *BasicBlock) *If {
 	switch e := e.(type) {
 	case *ast.ParenExpr:
-		b.cond(fn, e.X, t, f)
-		return
+		return b.cond(fn, e.X, t, f)
 
 	case *ast.BinaryExpr:
 		switch e.Op {
@@ -87,21 +79,18 @@ func (b *builder) cond(fn *Function, e ast.Expr, t, f *BasicBlock) {
 			ltrue := fn.newBasicBlock("cond.true")
 			b.cond(fn, e.X, ltrue, f)
 			fn.currentBlock = ltrue
-			b.cond(fn, e.Y, t, f)
-			return
+			return b.cond(fn, e.Y, t, f)
 
 		case token.LOR:
 			lfalse := fn.newBasicBlock("cond.false")
 			b.cond(fn, e.X, t, lfalse)
 			fn.currentBlock = lfalse
-			b.cond(fn, e.Y, t, f)
-			return
+			return b.cond(fn, e.Y, t, f)
 		}
 
 	case *ast.UnaryExpr:
 		if e.Op == token.NOT {
-			b.cond(fn, e.X, f, t)
-			return
+			return b.cond(fn, e.X, f, t)
 		}
 	}
 
@@ -111,7 +100,7 @@ func (b *builder) cond(fn *Function, e ast.Expr, t, f *BasicBlock) {
 	// The value of a constant condition may be platform-specific,
 	// and may cause blocks that are reachable in some configuration
 	// to be hidden from subsequent analyses such as bug-finding tools.
-	emitIf(fn, b.expr(fn, e), t, f)
+	return emitIf(fn, b.expr(fn, e), t, f, e)
 }
 
 // logicalBinop emits code to fn to evaluate e, a &&- or
@@ -131,11 +120,11 @@ func (b *builder) logicalBinop(fn *Function, e *ast.BinaryExpr) Value {
 	switch e.Op {
 	case token.LAND:
 		b.cond(fn, e.X, rhs, done)
-		short = NewConst(constant.MakeBool(false), t)
+		short = emitConst(fn, NewConst(constant.MakeBool(false), t))
 
 	case token.LOR:
 		b.cond(fn, e.X, done, rhs)
-		short = NewConst(constant.MakeBool(true), t)
+		short = emitConst(fn, NewConst(constant.MakeBool(true), t))
 	}
 
 	// Is rhs unreachable?
@@ -161,23 +150,21 @@ func (b *builder) logicalBinop(fn *Function, e *ast.BinaryExpr) Value {
 	// The edge from e.Y to done carries the value of e.Y.
 	fn.currentBlock = rhs
 	edges = append(edges, b.expr(fn, e.Y))
-	emitJump(fn, done)
+	emitJump(fn, done, e)
 	fn.currentBlock = done
 
-	phi := &Phi{Edges: edges, Comment: e.Op.String()}
-	phi.pos = e.OpPos
+	phi := &Phi{Edges: edges}
 	phi.typ = t
-	return done.emit(phi)
+	return done.emit(phi, e)
 }
 
-// exprN lowers a multi-result expression e to SSA form, emitting code
+// exprN lowers a multi-result expression e to IR form, emitting code
 // to fn and returning a single Value whose type is a *types.Tuple.
 // The caller must access the components via Extract.
 //
 // Multi-result expressions include CallExprs in a multi-value
 // assignment or return statement, and "value,ok" uses of
-// TypeAssertExpr, IndexExpr (when X is a map), and UnaryExpr (when Op
-// is token.ARROW).
+// TypeAssertExpr, IndexExpr (when X is a map), and Recv.
 //
 func (b *builder) exprN(fn *Function, e ast.Expr) Value {
 	typ := fn.Pkg.typeOf(e).(*types.Tuple)
@@ -192,36 +179,28 @@ func (b *builder) exprN(fn *Function, e ast.Expr) Value {
 		var c Call
 		b.setCall(fn, e, &c.Call)
 		c.typ = typ
-		return fn.emit(&c)
+		return fn.emit(&c, e)
 
 	case *ast.IndexExpr:
 		mapt := fn.Pkg.typeOf(e.X).Underlying().(*types.Map)
-		lookup := &Lookup{
+		lookup := &MapLookup{
 			X:       b.expr(fn, e.X),
-			Index:   emitConv(fn, b.expr(fn, e.Index), mapt.Key()),
+			Index:   emitConv(fn, b.expr(fn, e.Index), mapt.Key(), e),
 			CommaOk: true,
 		}
 		lookup.setType(typ)
-		lookup.setPos(e.Lbrack)
-		return fn.emit(lookup)
+		return fn.emit(lookup, e)
 
 	case *ast.TypeAssertExpr:
-		return emitTypeTest(fn, b.expr(fn, e.X), typ.At(0).Type(), e.Lparen)
+		return emitTypeTest(fn, b.expr(fn, e.X), typ.At(0).Type(), e)
 
 	case *ast.UnaryExpr: // must be receive <-
-		unop := &UnOp{
-			Op:      token.ARROW,
-			X:       b.expr(fn, e.X),
-			CommaOk: true,
-		}
-		unop.setType(typ)
-		unop.setPos(e.OpPos)
-		return fn.emit(unop)
+		return emitRecv(fn, b.expr(fn, e.X), true, typ, e)
 	}
 	panic(fmt.Sprintf("exprN(%T) in %s", e, fn))
 }
 
-// builtin emits to fn SSA instructions to implement a call to the
+// builtin emits to fn IR instructions to implement a call to the
 // built-in function obj with the specified arguments
 // and return type.  It returns the value defined by the result.
 //
@@ -229,7 +208,7 @@ func (b *builder) exprN(fn *Function, e ast.Expr) Value {
 // the caller should treat this like an ordinary library function
 // call.
 //
-func (b *builder) builtin(fn *Function, obj *types.Builtin, args []ast.Expr, typ types.Type, pos token.Pos) Value {
+func (b *builder) builtin(fn *Function, obj *types.Builtin, args []ast.Expr, typ types.Type, source ast.Node) Value {
 	switch obj.Name() {
 	case "make":
 		switch typ.Underlying().(type) {
@@ -243,23 +222,20 @@ func (b *builder) builtin(fn *Function, obj *types.Builtin, args []ast.Expr, typ
 				// treat make([]T, n, m) as new([m]T)[:n]
 				cap := m.Int64()
 				at := types.NewArray(typ.Underlying().(*types.Slice).Elem(), cap)
-				alloc := emitNew(fn, at, pos)
-				alloc.Comment = "makeslice"
+				alloc := emitNew(fn, at, source)
 				v := &Slice{
 					X:    alloc,
 					High: n,
 				}
-				v.setPos(pos)
 				v.setType(typ)
-				return fn.emit(v)
+				return fn.emit(v, source)
 			}
 			v := &MakeSlice{
 				Len: n,
 				Cap: m,
 			}
-			v.setPos(pos)
 			v.setType(typ)
-			return fn.emit(v)
+			return fn.emit(v, source)
 
 		case *types.Map:
 			var res Value
@@ -267,24 +243,21 @@ func (b *builder) builtin(fn *Function, obj *types.Builtin, args []ast.Expr, typ
 				res = b.expr(fn, args[1])
 			}
 			v := &MakeMap{Reserve: res}
-			v.setPos(pos)
 			v.setType(typ)
-			return fn.emit(v)
+			return fn.emit(v, source)
 
 		case *types.Chan:
-			var sz Value = vZero
+			var sz Value = emitConst(fn, intConst(0))
 			if len(args) == 2 {
 				sz = b.expr(fn, args[1])
 			}
 			v := &MakeChan{Size: sz}
-			v.setPos(pos)
 			v.setType(typ)
-			return fn.emit(v)
+			return fn.emit(v, source)
 		}
 
 	case "new":
-		alloc := emitNew(fn, deref(typ), pos)
-		alloc.Comment = "new"
+		alloc := emitNew(fn, deref(typ), source)
 		return alloc
 
 	case "len", "cap":
@@ -296,22 +269,22 @@ func (b *builder) builtin(fn *Function, obj *types.Builtin, args []ast.Expr, typ
 		t := deref(fn.Pkg.typeOf(args[0])).Underlying()
 		if at, ok := t.(*types.Array); ok {
 			b.expr(fn, args[0]) // for effects only
-			return intConst(at.Len())
+			return emitConst(fn, intConst(at.Len()))
 		}
 		// Otherwise treat as normal.
 
 	case "panic":
 		fn.emit(&Panic{
-			X:   emitConv(fn, b.expr(fn, args[0]), tEface),
-			pos: pos,
-		})
+			X: emitConv(fn, b.expr(fn, args[0]), tEface, source),
+		}, source)
+		addEdge(fn.currentBlock, fn.Exit)
 		fn.currentBlock = fn.newBasicBlock("unreachable")
-		return vTrue // any non-nil Value will do
+		return emitConst(fn, NewConst(constant.MakeBool(true), tBool)) // any non-nil Value will do
 	}
 	return nil // treat all others as a regular function call
 }
 
-// addr lowers a single-result addressable expression e to SSA form,
+// addr lowers a single-result addressable expression e to IR form,
 // emitting code to fn and returning the location (an lvalue) defined
 // by the expression.
 //
@@ -345,21 +318,20 @@ func (b *builder) addr(fn *Function, e ast.Expr, escaping bool) lvalue {
 		if v == nil {
 			v = fn.lookup(obj, escaping)
 		}
-		return &address{addr: v, pos: e.Pos(), expr: e}
+		return &address{addr: v, expr: e}
 
 	case *ast.CompositeLit:
 		t := deref(fn.Pkg.typeOf(e))
 		var v *Alloc
 		if escaping {
-			v = emitNew(fn, t, e.Lbrace)
+			v = emitNew(fn, t, e)
 		} else {
-			v = fn.addLocal(t, e.Lbrace)
+			v = fn.addLocal(t, e)
 		}
-		v.Comment = "complit"
 		var sb storebuf
 		b.compLit(fn, v, e, true, &sb)
 		sb.emit(fn)
-		return &address{addr: v, pos: e.Lbrace, expr: e}
+		return &address{addr: v, expr: e}
 
 	case *ast.ParenExpr:
 		return b.addr(fn, e.X, escaping)
@@ -374,11 +346,10 @@ func (b *builder) addr(fn *Function, e ast.Expr, escaping bool) lvalue {
 			panic(sel)
 		}
 		wantAddr := true
-		v := b.receiver(fn, e.X, wantAddr, escaping, sel)
+		v := b.receiver(fn, e.X, wantAddr, escaping, sel, e)
 		last := len(sel.Index()) - 1
 		return &address{
 			addr: emitFieldSelection(fn, v, sel.Index()[last], true, e.Sel),
-			pos:  e.Sel.Pos(),
 			expr: e.Sel,
 		}
 
@@ -397,43 +368,42 @@ func (b *builder) addr(fn *Function, e ast.Expr, escaping bool) lvalue {
 			et = types.NewPointer(t.Elem())
 		case *types.Map:
 			return &element{
-				m:   b.expr(fn, e.X),
-				k:   emitConv(fn, b.expr(fn, e.Index), t.Key()),
-				t:   t.Elem(),
-				pos: e.Lbrack,
+				m: b.expr(fn, e.X),
+				k: emitConv(fn, b.expr(fn, e.Index), t.Key(), e.Index),
+				t: t.Elem(),
 			}
 		default:
 			panic("unexpected container type in IndexExpr: " + t.String())
 		}
 		v := &IndexAddr{
 			X:     x,
-			Index: emitConv(fn, b.expr(fn, e.Index), tInt),
+			Index: emitConv(fn, b.expr(fn, e.Index), tInt, e.Index),
 		}
-		v.setPos(e.Lbrack)
 		v.setType(et)
-		return &address{addr: fn.emit(v), pos: e.Lbrack, expr: e}
+		return &address{addr: fn.emit(v, e), expr: e}
 
 	case *ast.StarExpr:
-		return &address{addr: b.expr(fn, e.X), pos: e.Star, expr: e}
+		return &address{addr: b.expr(fn, e.X), expr: e}
 	}
 
 	panic(fmt.Sprintf("unexpected address expression: %T", e))
 }
 
 type store struct {
-	lhs lvalue
-	rhs Value
+	lhs    lvalue
+	rhs    Value
+	source ast.Node
 }
 
 type storebuf struct{ stores []store }
 
-func (sb *storebuf) store(lhs lvalue, rhs Value) {
-	sb.stores = append(sb.stores, store{lhs, rhs})
+func (sb *storebuf) store(lhs lvalue, rhs Value, source ast.Node) {
+	sb.stores = append(sb.stores, store{lhs, rhs, source})
 }
 
 func (sb *storebuf) emit(fn *Function) {
 	for _, s := range sb.stores {
-		s.lhs.store(fn, s.rhs)
+		s.lhs.store(fn, s.rhs, s.source)
 	}
 }
 
@@ -451,7 +421,7 @@ func (sb *storebuf) emit(fn *Function) {
 // in-place update of existing variables when the RHS is a composite
 // literal that may reference parts of the LHS.
 //
-func (b *builder) assign(fn *Function, loc lvalue, e ast.Expr, isZero bool, sb *storebuf) {
+func (b *builder) assign(fn *Function, loc lvalue, e ast.Expr, isZero bool, sb *storebuf, source ast.Node) {
 	// Can we initialize it in place?
 	if e, ok := unparen(e).(*ast.CompositeLit); ok {
 		// A CompositeLit never evaluates to a pointer,
@@ -462,9 +432,9 @@ func (b *builder) assign(fn *Function, loc lvalue, e ast.Expr, isZero bool, sb *
 				ptr := b.addr(fn, e, true).address(fn)
 				// copy address
 				if sb != nil {
-					sb.store(loc, ptr)
+					sb.store(loc, ptr, source)
 				} else {
-					loc.store(fn, ptr)
+					loc.store(fn, ptr, source)
 				}
 				return
 			}
@@ -501,13 +471,13 @@ func (b *builder) assign(fn *Function, loc lvalue, e ast.Expr, isZero bool, sb *
 	// simple case: just copy
 	rhs := b.expr(fn, e)
 	if sb != nil {
-		sb.store(loc, rhs)
+		sb.store(loc, rhs, source)
 	} else {
-		loc.store(fn, rhs)
+		loc.store(fn, rhs, source)
 	}
 }
 
-// expr lowers a single-result expression e to SSA form, emitting code
+// expr lowers a single-result expression e to IR form, emitting code
 // to fn and returning the Value defined by the expression.
 //
 func (b *builder) expr(fn *Function, e ast.Expr) Value {
@@ -517,7 +487,7 @@ func (b *builder) expr(fn *Function, e ast.Expr) Value {
 
 	// Is expression a constant?
 	if tv.Value != nil {
-		return NewConst(tv.Value, tv.Type)
+		return emitConst(fn, NewConst(tv.Value, tv.Type))
 	}
 
 	var v Value
@@ -525,7 +495,7 @@ func (b *builder) expr(fn *Function, e ast.Expr) Value {
 		// Prefer pointer arithmetic ({Index,Field}Addr) followed
 		// by Load over subelement extraction (e.g. Index, Field),
 		// to avoid large copies.
-		v = b.addr(fn, e, false).load(fn)
+		v = b.addr(fn, e, false).load(fn, e)
 	} else {
 		v = b.expr0(fn, e, tv)
 	}
@@ -542,15 +512,16 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 
 	case *ast.FuncLit:
 		fn2 := &Function{
-			name:      fmt.Sprintf("%s$%d", fn.Name(), 1+len(fn.AnonFuncs)),
-			Signature: fn.Pkg.typeOf(e.Type).Underlying().(*types.Signature),
-			pos:       e.Type.Func,
-			parent:    fn,
-			Pkg:       fn.Pkg,
-			Prog:      fn.Prog,
-			syntax:    e,
+			name:         fmt.Sprintf("%s$%d", fn.Name(), 1+len(fn.AnonFuncs)),
+			Signature:    fn.Pkg.typeOf(e.Type).Underlying().(*types.Signature),
+			parent:       fn,
+			Pkg:          fn.Pkg,
+			Prog:         fn.Prog,
+			functionBody: new(functionBody),
 		}
+		fn2.source = e
 		fn.AnonFuncs = append(fn.AnonFuncs, fn2)
+		fn2.initHTML(b.printFunc)
 		b.buildFunction(fn2)
 		if fn2.FreeVars == nil {
 			return fn2
@@ -561,32 +532,22 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 			v.Bindings = append(v.Bindings, fv.outer)
 			fv.outer = nil
 		}
-		return fn.emit(v)
+		return fn.emit(v, e)
 
 	case *ast.TypeAssertExpr: // single-result form only
-		return emitTypeAssert(fn, b.expr(fn, e.X), tv.Type, e.Lparen)
+		return emitTypeAssert(fn, b.expr(fn, e.X), tv.Type, e)
 
 	case *ast.CallExpr:
 		if fn.Pkg.info.Types[e.Fun].IsType() {
 			// Explicit type conversion, e.g. string(x) or big.Int(x)
 			x := b.expr(fn, e.Args[0])
-			y := emitConv(fn, x, tv.Type)
-			if y != x {
-				switch y := y.(type) {
-				case *Convert:
-					y.pos = e.Lparen
-				case *ChangeType:
-					y.pos = e.Lparen
-				case *MakeInterface:
-					y.pos = e.Lparen
-				}
-			}
+			y := emitConv(fn, x, tv.Type, e)
 			return y
 		}
 		// Call to "intrinsic" built-ins, e.g. new, make, panic.
 		if id, ok := unparen(e.Fun).(*ast.Ident); ok {
 			if obj, ok := fn.Pkg.info.Uses[id].(*types.Builtin); ok {
-				if v := b.builtin(fn, obj, e.Args, tv.Type, e.Lparen); v != nil {
+				if v := b.builtin(fn, obj, e.Args, tv.Type, e); v != nil {
 					return v
 				}
 			}
@@ -595,7 +556,7 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 		var v Call
 		b.setCall(fn, e, &v.Call)
 		v.setType(tv.Type)
-		return fn.emit(&v)
+		return fn.emit(&v, e)
 
 	case *ast.UnaryExpr:
 		switch e.Op {
@@ -606,19 +567,20 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 				// For simplicity, we'll just (suboptimally) rely
 				// on the side effects of a load.
 				// TODO(adonovan): emit dedicated nilcheck.
-				addr.load(fn)
+				addr.load(fn, e)
 			}
 			return addr.address(fn)
 		case token.ADD:
 			return b.expr(fn, e.X)
-		case token.NOT, token.ARROW, token.SUB, token.XOR: // ! <- - ^
+		case token.NOT, token.SUB, token.XOR: // ! <- - ^
 			v := &UnOp{
 				Op: e.Op,
 				X:  b.expr(fn, e.X),
 			}
-			v.setPos(e.OpPos)
 			v.setType(tv.Type)
-			return fn.emit(v)
+			return fn.emit(v, e)
+		case token.ARROW:
+			return emitRecv(fn, b.expr(fn, e.X), false, tv.Type, e)
 		default:
 			panic(e.Op)
 		}
@@ -630,12 +592,12 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 		case token.SHL, token.SHR:
 			fallthrough
 		case token.ADD, token.SUB, token.MUL, token.QUO, token.REM, token.AND, token.OR, token.XOR, token.AND_NOT:
-			return emitArith(fn, e.Op, b.expr(fn, e.X), b.expr(fn, e.Y), tv.Type, e.OpPos)
+			return emitArith(fn, e.Op, b.expr(fn, e.X), b.expr(fn, e.Y), tv.Type, e)
 
 		case token.EQL, token.NEQ, token.GTR, token.LSS, token.LEQ, token.GEQ:
-			cmp := emitCompare(fn, e.Op, b.expr(fn, e.X), b.expr(fn, e.Y), e.OpPos)
+			cmp := emitCompare(fn, e.Op, b.expr(fn, e.X), b.expr(fn, e.Y), e)
 			// The type of x==y may be UntypedBool.
-			return emitConv(fn, cmp, DefaultType(tv.Type))
+			return emitConv(fn, cmp, types.Default(tv.Type), e)
 		default:
 			panic("illegal op in BinaryExpr: " + e.Op.String())
 		}
@@ -667,9 +629,8 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 			High: high,
 			Max:  max,
 		}
-		v.setPos(e.Lbrack)
 		v.setType(tv.Type)
-		return fn.emit(v)
+		return fn.emit(v, e)
 
 	case *ast.Ident:
 		obj := fn.Pkg.info.Uses[e]
@@ -678,17 +639,17 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 		case *types.Builtin:
 			return &Builtin{name: obj.Name(), sig: tv.Type.(*types.Signature)}
 		case *types.Nil:
-			return nilConst(tv.Type)
+			return emitConst(fn, nilConst(tv.Type))
 		}
 		// Package-level func or var?
 		if v := fn.Prog.packageLevelValue(obj); v != nil {
 			if _, ok := obj.(*types.Var); ok {
-				return emitLoad(fn, v) // var (address)
+				return emitLoad(fn, v, e) // var (address)
 			}
 			return v // (func)
 		}
 		// Local var.
-		return emitLoad(fn, fn.lookup(obj, false)) // var (address)
+		return emitLoad(fn, fn.lookup(obj, false), e) // var (address)
 
 	case *ast.SelectorExpr:
 		sel, ok := fn.Pkg.info.Selections[e]
@@ -700,7 +661,7 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 		case types.MethodExpr:
 			// (*T).f or T.f, the method f from the method-set of type T.
 			// The result is a "thunk".
-			return emitConv(fn, makeThunk(fn.Prog, sel), tv.Type)
+			return emitConv(fn, makeThunk(fn.Prog, sel), tv.Type, e)
 
 		case types.MethodVal:
 			// e.f where e is an expression and f is a method.
@@ -709,26 +670,26 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 			rt := recvType(obj)
 			wantAddr := isPointer(rt)
 			escaping := true
-			v := b.receiver(fn, e.X, wantAddr, escaping, sel)
+			v := b.receiver(fn, e.X, wantAddr, escaping, sel, e)
 			if isInterface(rt) {
 				// If v has interface type I,
 				// we must emit a check that v is non-nil.
 				// We use: typeassert v.(I).
-				emitTypeAssert(fn, v, rt, token.NoPos)
+				emitTypeAssert(fn, v, rt, e)
 			}
 			c := &MakeClosure{
 				Fn:       makeBound(fn.Prog, obj),
 				Bindings: []Value{v},
 			}
-			c.setPos(e.Sel.Pos())
+			c.source = e.Sel
 			c.setType(tv.Type)
-			return fn.emit(c)
+			return fn.emit(c, e)
 
 		case types.FieldVal:
 			indices := sel.Index()
 			last := len(indices) - 1
 			v := b.expr(fn, e.X)
-			v = emitImplicitSelections(fn, v, indices[:last])
+			v = emitImplicitSelections(fn, v, indices[:last], e)
 			v = emitFieldSelection(fn, v, indices[last], false, e.Sel)
 			return v
 		}
@@ -741,36 +702,33 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 			// Non-addressable array (in a register).
 			v := &Index{
 				X:     b.expr(fn, e.X),
-				Index: emitConv(fn, b.expr(fn, e.Index), tInt),
+				Index: emitConv(fn, b.expr(fn, e.Index), tInt, e.Index),
 			}
-			v.setPos(e.Lbrack)
 			v.setType(t.Elem())
-			return fn.emit(v)
+			return fn.emit(v, e)
 
 		case *types.Map:
 			// Maps are not addressable.
 			mapt := fn.Pkg.typeOf(e.X).Underlying().(*types.Map)
-			v := &Lookup{
+			v := &MapLookup{
 				X:     b.expr(fn, e.X),
-				Index: emitConv(fn, b.expr(fn, e.Index), mapt.Key()),
+				Index: emitConv(fn, b.expr(fn, e.Index), mapt.Key(), e.Index),
 			}
-			v.setPos(e.Lbrack)
 			v.setType(mapt.Elem())
-			return fn.emit(v)
+			return fn.emit(v, e)
 
 		case *types.Basic: // => string
 			// Strings are not addressable.
-			v := &Lookup{
+			v := &StringLookup{
 				X:     b.expr(fn, e.X),
 				Index: b.expr(fn, e.Index),
 			}
-			v.setPos(e.Lbrack)
 			v.setType(tByte)
-			return fn.emit(v)
+			return fn.emit(v, e)
 
 		case *types.Slice, *types.Pointer: // *array
 			// Addressable slice/array; use IndexAddr and Load.
-			return b.addr(fn, e, false).load(fn)
+			return b.addr(fn, e, false).load(fn, e)
 
 		default:
 			panic("unexpected container type in IndexExpr: " + t.String())
@@ -778,7 +736,7 @@ func (b *builder) expr0(fn *Function, e ast.Expr, tv types.TypeAndValue) Value {
 
 	case *ast.CompositeLit, *ast.StarExpr:
 		// Addressable types (lvalues)
-		return b.addr(fn, e, false).load(fn)
+		return b.addr(fn, e, false).load(fn, e)
 	}
 
 	panic(fmt.Sprintf("unexpected expr: %T", e))
@@ -802,7 +760,7 @@ func (b *builder) stmtList(fn *Function, list []ast.Stmt) {
 //
 // escaping is defined as per builder.addr().
 //
-func (b *builder) receiver(fn *Function, e ast.Expr, wantAddr, escaping bool, sel *types.Selection) Value {
+func (b *builder) receiver(fn *Function, e ast.Expr, wantAddr, escaping bool, sel *types.Selection, source ast.Node) Value {
 	var v Value
 	if wantAddr && !sel.Indirect() && !isPointer(fn.Pkg.typeOf(e)) {
 		v = b.addr(fn, e, escaping).address(fn)
@@ -811,9 +769,9 @@ func (b *builder) receiver(fn *Function, e ast.Expr, wantAddr, escaping bool, se
 	}
 
 	last := len(sel.Index()) - 1
-	v = emitImplicitSelections(fn, v, sel.Index()[:last])
+	v = emitImplicitSelections(fn, v, sel.Index()[:last], source)
 	if !wantAddr && isPointer(v.Type()) {
-		v = emitLoad(fn, v)
+		v = emitLoad(fn, v, e)
 	}
 	return v
 }
@@ -823,8 +781,6 @@ func (b *builder) receiver(fn *Function, e ast.Expr, wantAddr, escaping bool, se
 // occurring in e.
 //
 func (b *builder) setCallFunc(fn *Function, e *ast.CallExpr, c *CallCommon) {
-	c.pos = e.Lparen
-
 	// Is this a method call?
 	if selector, ok := unparen(e.Fun).(*ast.SelectorExpr); ok {
 		sel, ok := fn.Pkg.info.Selections[selector]
@@ -833,7 +789,7 @@ func (b *builder) setCallFunc(fn *Function, e *ast.CallExpr, c *CallCommon) {
 			recv := recvType(obj)
 			wantAddr := isPointer(recv)
 			escaping := true
-			v := b.receiver(fn, selector.X, wantAddr, escaping, sel)
+			v := b.receiver(fn, selector.X, wantAddr, escaping, sel, selector)
 			if isInterface(recv) {
 				// Invoke-mode call.
 				c.Value = v
@@ -889,7 +845,7 @@ func (b *builder) emitCallArgs(fn *Function, sig *types.Signature, e *ast.CallEx
 	// f(x, y, z...): pass slice z straight through.
 	if e.Ellipsis != 0 {
 		for i, arg := range e.Args {
-			v := emitConv(fn, b.expr(fn, arg), sig.Params().At(i).Type())
+			v := emitConv(fn, b.expr(fn, arg), sig.Params().At(i).Type(), arg)
 			args = append(args, v)
 		}
 		return args
@@ -906,7 +862,7 @@ func (b *builder) emitCallArgs(fn *Function, sig *types.Signature, e *ast.CallEx
 		v := b.expr(fn, arg)
 		if ttuple, ok := v.Type().(*types.Tuple); ok { // MRV chain
 			for i, n := 0, ttuple.Len(); i < n; i++ {
-				args = append(args, emitExtract(fn, v, i))
+				args = append(args, emitExtract(fn, v, i, arg))
 			}
 		} else {
 			args = append(args, v)
@@ -919,7 +875,7 @@ func (b *builder) emitCallArgs(fn *Function, sig *types.Signature, e *ast.CallEx
 		np--
 	}
 	for i := 0; i < np; i++ {
-		args[offset+i] = emitConv(fn, args[offset+i], sig.Params().At(i).Type())
+		args[offset+i] = emitConv(fn, args[offset+i], sig.Params().At(i).Type(), args[offset+i].Source())
 	}
 
 	// Actual->formal assignability conversions for variadic parameter,
@@ -929,25 +885,24 @@ func (b *builder) emitCallArgs(fn *Function, sig *types.Signature, e *ast.CallEx
 		st := sig.Params().At(np).Type().(*types.Slice)
 		vt := st.Elem()
 		if len(varargs) == 0 {
-			args = append(args, nilConst(st))
+			args = append(args, emitConst(fn, nilConst(st)))
 		} else {
 			// Replace a suffix of args with a slice containing it.
 			at := types.NewArray(vt, int64(len(varargs)))
-			a := emitNew(fn, at, token.NoPos)
-			a.setPos(e.Rparen)
-			a.Comment = "varargs"
+			a := emitNew(fn, at, e)
+			a.source = e
 			for i, arg := range varargs {
 				iaddr := &IndexAddr{
 					X:     a,
-					Index: intConst(int64(i)),
+					Index: emitConst(fn, intConst(int64(i))),
 				}
 				iaddr.setType(types.NewPointer(vt))
-				fn.emit(iaddr)
-				emitStore(fn, iaddr, arg, arg.Pos())
+				fn.emit(iaddr, e)
+				emitStore(fn, iaddr, arg, arg.Source())
 			}
 			s := &Slice{X: a}
 			s.setType(st)
-			args[offset+np] = fn.emit(s)
+			args[offset+np] = fn.emit(s, args[offset+np].Source())
 			args = args[:offset+np+1]
 		}
 	}
@@ -970,9 +925,9 @@ func (b *builder) setCall(fn *Function, e *ast.CallExpr, c *CallCommon) {
 }
 
 // assignOp emits to fn code to perform loc <op>= val.
-func (b *builder) assignOp(fn *Function, loc lvalue, val Value, op token.Token, pos token.Pos) {
-	oldv := loc.load(fn)
-	loc.store(fn, emitArith(fn, op, oldv, emitConv(fn, val, oldv.Type()), loc.typ(), pos))
+func (b *builder) assignOp(fn *Function, loc lvalue, val Value, op token.Token, source ast.Node) {
+	oldv := loc.load(fn, source)
+	loc.store(fn, emitArith(fn, op, oldv, emitConv(fn, val, oldv.Type(), source), loc.typ(), source), source)
 }
 
 // localValueSpec emits to fn code to define all of the vars in the
@@ -988,7 +943,7 @@ func (b *builder) localValueSpec(fn *Function, spec *ast.ValueSpec) {
 				fn.addLocalForIdent(id)
 			}
 			lval := b.addr(fn, id, false) // non-escaping
-			b.assign(fn, lval, spec.Values[i], true, nil)
+			b.assign(fn, lval, spec.Values[i], true, nil, spec)
 		}
 
 	case len(spec.Values) == 0:
@@ -1010,7 +965,7 @@ func (b *builder) localValueSpec(fn *Function, spec *ast.ValueSpec) {
 			if !isBlankIdent(id) {
 				fn.addLocalForIdent(id)
 				lhs := b.addr(fn, id, false) // non-escaping
-				lhs.store(fn, emitExtract(fn, tuple, i))
+				lhs.store(fn, emitExtract(fn, tuple, i, id), id)
 			}
 		}
 	}
@@ -1021,7 +976,7 @@ func (b *builder) localValueSpec(fn *Function, spec *ast.ValueSpec) {
 //
 // Note the similarity with localValueSpec.
 //
-func (b *builder) assignStmt(fn *Function, lhss, rhss []ast.Expr, isDef bool) {
+func (b *builder) assignStmt(fn *Function, lhss, rhss []ast.Expr, isDef bool, source ast.Node) {
 	// Side effects of all LHSs and RHSs must occur in left-to-right order.
 	lvals := make([]lvalue, len(lhss))
 	isZero := make([]bool, len(lhss))
@@ -1030,7 +985,7 @@ func (b *builder) assignStmt(fn *Function, lhss, rhss []ast.Expr, isDef bool) {
 		if !isBlankIdent(lhs) {
 			if isDef {
 				if obj := fn.Pkg.info.Defs[lhs.(*ast.Ident)]; obj != nil {
-					fn.addNamedLocal(obj)
+					fn.addNamedLocal(obj, lhs)
 					isZero[i] = true
 				}
 			}
@@ -1047,7 +1002,7 @@ func (b *builder) assignStmt(fn *Function, lhss, rhss []ast.Expr, isDef bool) {
 		// so we need a storebuf.
 		var sb storebuf
 		for i := range rhss {
-			b.assign(fn, lvals[i], rhss[i], isZero[i], &sb)
+			b.assign(fn, lvals[i], rhss[i], isZero[i], &sb, source)
 		}
 		sb.emit(fn)
 	} else {
@@ -1055,7 +1010,7 @@ func (b *builder) assignStmt(fn *Function, lhss, rhss []ast.Expr, isDef bool) {
 		tuple := b.exprN(fn, rhss[0])
 		emitDebugRef(fn, rhss[0], tuple, false)
 		for i, lval := range lvals {
-			lval.store(fn, emitExtract(fn, tuple, i))
+			lval.store(fn, emitExtract(fn, tuple, i, source), source)
 		}
 	}
 }
@@ -1102,20 +1057,17 @@ func (b *builder) compLit(fn *Function, addr Value, e *ast.CompositeLit, isZero
 	case *types.Struct:
 		if !isZero && len(e.Elts) != t.NumFields() {
 			// memclear
-			sb.store(&address{addr, e.Lbrace, nil},
-				zeroValue(fn, deref(addr.Type())))
+			sb.store(&address{addr, nil}, zeroValue(fn, deref(addr.Type()), e), e)
 			isZero = true
 		}
 		for i, e := range e.Elts {
 			fieldIndex := i
-			pos := e.Pos()
 			if kv, ok := e.(*ast.KeyValueExpr); ok {
 				fname := kv.Key.(*ast.Ident).Name
 				for i, n := 0, t.NumFields(); i < n; i++ {
 					sf := t.Field(i)
 					if sf.Name() == fname {
 						fieldIndex = i
-						pos = kv.Colon
 						e = kv.Value
 						break
 					}
@@ -1127,8 +1079,8 @@ func (b *builder) compLit(fn *Function, addr Value, e *ast.CompositeLit, isZero
 				Field: fieldIndex,
 			}
 			faddr.setType(types.NewPointer(sf.Type()))
-			fn.emit(faddr)
-			b.assign(fn, &address{addr: faddr, pos: pos, expr: e}, e, isZero, sb)
+			fn.emit(faddr, e)
+			b.assign(fn, &address{addr: faddr, expr: e}, e, isZero, sb, e)
 		}
 
 	case *types.Array, *types.Slice:
@@ -1137,8 +1089,7 @@ func (b *builder) compLit(fn *Function, addr Value, e *ast.CompositeLit, isZero
 		switch t := t.(type) {
 		case *types.Slice:
 			at = types.NewArray(t.Elem(), b.arrayLen(fn, e.Elts))
-			alloc := emitNew(fn, at, e.Lbrace)
-			alloc.Comment = "slicelit"
+			alloc := emitNew(fn, at, e)
 			array = alloc
 		case *types.Array:
 			at = t
@@ -1146,51 +1097,46 @@ func (b *builder) compLit(fn *Function, addr Value, e *ast.CompositeLit, isZero
 
 			if !isZero && int64(len(e.Elts)) != at.Len() {
 				// memclear
-				sb.store(&address{array, e.Lbrace, nil},
-					zeroValue(fn, deref(array.Type())))
+				sb.store(&address{array, nil}, zeroValue(fn, deref(array.Type()), e), e)
 			}
 		}
 
 		var idx *Const
 		for _, e := range e.Elts {
-			pos := e.Pos()
 			if kv, ok := e.(*ast.KeyValueExpr); ok {
 				idx = b.expr(fn, kv.Key).(*Const)
-				pos = kv.Colon
 				e = kv.Value
 			} else {
 				var idxval int64
 				if idx != nil {
 					idxval = idx.Int64() + 1
 				}
-				idx = intConst(idxval)
+				idx = emitConst(fn, intConst(idxval))
 			}
 			iaddr := &IndexAddr{
 				X:     array,
 				Index: idx,
 			}
 			iaddr.setType(types.NewPointer(at.Elem()))
-			fn.emit(iaddr)
+			fn.emit(iaddr, e)
 			if t != at { // slice
 				// backing array is unaliased => storebuf not needed.
-				b.assign(fn, &address{addr: iaddr, pos: pos, expr: e}, e, true, nil)
+				b.assign(fn, &address{addr: iaddr, expr: e}, e, true, nil, e)
 			} else {
-				b.assign(fn, &address{addr: iaddr, pos: pos, expr: e}, e, true, sb)
+				b.assign(fn, &address{addr: iaddr, expr: e}, e, true, sb, e)
 			}
 		}
 
 		if t != at { // slice
 			s := &Slice{X: array}
-			s.setPos(e.Lbrace)
 			s.setType(typ)
-			sb.store(&address{addr: addr, pos: e.Lbrace, expr: e}, fn.emit(s))
+			sb.store(&address{addr: addr, expr: e}, fn.emit(s, e), e)
 		}
 
 	case *types.Map:
-		m := &MakeMap{Reserve: intConst(int64(len(e.Elts)))}
-		m.setPos(e.Lbrace)
+		m := &MakeMap{Reserve: emitConst(fn, intConst(int64(len(e.Elts))))}
 		m.setType(typ)
-		fn.emit(m)
+		fn.emit(m, e)
 		for _, e := range e.Elts {
 			e := e.(*ast.KeyValueExpr)
 
@@ -1211,10 +1157,9 @@ func (b *builder) compLit(fn *Function, addr Value, e *ast.CompositeLit, isZero
 			}
 
 			loc := element{
-				m:   m,
-				k:   emitConv(fn, key, t.Key()),
-				t:   t.Elem(),
-				pos: e.Colon,
+				m: m,
+				k: emitConv(fn, key, t.Key(), e),
+				t: t.Elem(),
 			}
 
 			// We call assign() only because it takes care
@@ -1223,29 +1168,142 @@ func (b *builder) compLit(fn *Function, addr Value, e *ast.CompositeLit, isZero
 			// map[int]*struct{}{0: {}} implies &struct{}{}.
 			// In-place update is of course impossible,
 			// and no storebuf is needed.
-			b.assign(fn, &loc, e.Value, true, nil)
+			b.assign(fn, &loc, e.Value, true, nil, e)
 		}
-		sb.store(&address{addr: addr, pos: e.Lbrace, expr: e}, m)
+		sb.store(&address{addr: addr, expr: e}, m, e)
 
 	default:
 		panic("unexpected CompositeLit type: " + t.String())
 	}
 }
 
+func (b *builder) switchStmt(fn *Function, s *ast.SwitchStmt, label *lblock) {
+	if s.Tag == nil {
+		b.switchStmtDynamic(fn, s, label)
+		return
+	}
+	dynamic := false
+	for _, iclause := range s.Body.List {
+		clause := iclause.(*ast.CaseClause)
+		for _, cond := range clause.List {
+			if fn.Pkg.info.Types[unparen(cond)].Value == nil {
+				dynamic = true
+				break
+			}
+		}
+	}
+
+	if dynamic {
+		b.switchStmtDynamic(fn, s, label)
+		return
+	}
+
+	if s.Init != nil {
+		b.stmt(fn, s.Init)
+	}
+
+	entry := fn.currentBlock
+	tag := b.expr(fn, s.Tag)
+
+	heads := make([]*BasicBlock, 0, len(s.Body.List))
+	bodies := make([]*BasicBlock, len(s.Body.List))
+	conds := make([]Value, 0, len(s.Body.List))
+
+	hasDefault := false
+	done := fn.newBasicBlock(fmt.Sprintf("switch.done"))
+	if label != nil {
+		label._break = done
+	}
+	for i, stmt := range s.Body.List {
+		body := fn.newBasicBlock(fmt.Sprintf("switch.body.%d", i))
+		bodies[i] = body
+		cas := stmt.(*ast.CaseClause)
+		if cas.List == nil {
+			// default branch
+			hasDefault = true
+			head := fn.newBasicBlock(fmt.Sprintf("switch.head.%d", i))
+			conds = append(conds, nil)
+			heads = append(heads, head)
+			fn.currentBlock = head
+			emitJump(fn, body, cas)
+		}
+		for j, cond := range stmt.(*ast.CaseClause).List {
+			fn.currentBlock = entry
+			head := fn.newBasicBlock(fmt.Sprintf("switch.head.%d.%d", i, j))
+			conds = append(conds, b.expr(fn, cond))
+			heads = append(heads, head)
+			fn.currentBlock = head
+			emitJump(fn, body, cond)
+		}
+	}
+
+	for i, stmt := range s.Body.List {
+		clause := stmt.(*ast.CaseClause)
+		body := bodies[i]
+		fn.currentBlock = body
+		fallthru := done
+		if i+1 < len(bodies) {
+			fallthru = bodies[i+1]
+		}
+		fn.targets = &targets{
+			tail:         fn.targets,
+			_break:       done,
+			_fallthrough: fallthru,
+		}
+		b.stmtList(fn, clause.Body)
+		fn.targets = fn.targets.tail
+		emitJump(fn, done, stmt)
+	}
+
+	if !hasDefault {
+		head := fn.newBasicBlock(fmt.Sprintf("switch.head.implicit-default"))
+		body := fn.newBasicBlock("switch.body.implicit-default")
+		fn.currentBlock = head
+		emitJump(fn, body, s)
+		fn.currentBlock = body
+		emitJump(fn, done, s)
+		heads = append(heads, head)
+		conds = append(conds, nil)
+	}
+
+	if len(heads) != len(conds) {
+		panic(fmt.Sprintf("internal error: %d heads for %d conds", len(heads), len(conds)))
+	}
+	for _, head := range heads {
+		addEdge(entry, head)
+	}
+	fn.currentBlock = entry
+	entry.emit(&ConstantSwitch{
+		Tag:   tag,
+		Conds: conds,
+	}, s)
+	fn.currentBlock = done
+}
+
 // switchStmt emits to fn code for the switch statement s, optionally
 // labelled by label.
 //
-func (b *builder) switchStmt(fn *Function, s *ast.SwitchStmt, label *lblock) {
+func (b *builder) switchStmtDynamic(fn *Function, s *ast.SwitchStmt, label *lblock) {
 	// We treat SwitchStmt like a sequential if-else chain.
-	// Multiway dispatch can be recovered later by ssautil.Switches()
+	// Multiway dispatch can be recovered later by irutil.Switches()
 	// to those cases that are free of side effects.
 	if s.Init != nil {
 		b.stmt(fn, s.Init)
 	}
-	var tag Value = vTrue
+	kTrue := emitConst(fn, NewConst(constant.MakeBool(true), tBool))
+
+	var tagv Value = kTrue
+	var tagSource ast.Node = s
 	if s.Tag != nil {
-		tag = b.expr(fn, s.Tag)
+		tagv = b.expr(fn, s.Tag)
+		tagSource = s.Tag
 	}
+	// lifting only considers loads and stores, but we want different
+	// sigma nodes for the different comparisons. use a temporary and
+	// load it in every branch.
+	tag := fn.addLocal(tagv.Type(), tagSource)
+	emitStore(fn, tag, tagv, tagSource)
+
 	done := fn.newBasicBlock("switch.done")
 	if label != nil {
 		label._break = done
@@ -1283,13 +1341,23 @@ func (b *builder) switchStmt(fn *Function, s *ast.SwitchStmt, label *lblock) {
 		var nextCond *BasicBlock
 		for _, cond := range cc.List {
 			nextCond = fn.newBasicBlock("switch.next")
-			// TODO(adonovan): opt: when tag==vTrue, we'd
-			// get better code if we use b.cond(cond)
-			// instead of BinOp(EQL, tag, b.expr(cond))
-			// followed by If.  Don't forget conversions
-			// though.
-			cond := emitCompare(fn, token.EQL, tag, b.expr(fn, cond), cond.Pos())
-			emitIf(fn, cond, body, nextCond)
+			if tagv == kTrue {
+				// emit a proper if/else chain instead of a comparison
+				// of a value against true.
+				//
+				// NOTE(dh): adonovan had a todo saying "don't forget
+				// conversions though". As far as I can tell, there
+				// aren't any conversions that we need to take care of
+				// here. `case bool(a) && bool(b)` as well as `case
+				// bool(a && b)` are being taken care of by b.cond,
+				// and `case a` where a is not of type bool is
+				// invalid.
+				b.cond(fn, cond, body, nextCond)
+			} else {
+				cond := emitCompare(fn, token.EQL, emitLoad(fn, tag, cond), b.expr(fn, cond), cond)
+				emitIf(fn, cond, body, nextCond, cond.Source())
+			}
+
 			fn.currentBlock = nextCond
 		}
 		fn.currentBlock = body
@@ -1300,11 +1368,14 @@ func (b *builder) switchStmt(fn *Function, s *ast.SwitchStmt, label *lblock) {
 		}
 		b.stmtList(fn, cc.Body)
 		fn.targets = fn.targets.tail
-		emitJump(fn, done)
+		emitJump(fn, done, s)
 		fn.currentBlock = nextCond
 	}
 	if dfltBlock != nil {
-		emitJump(fn, dfltBlock)
+		// The lack of a Source for the jump doesn't matter, block
+		// fusing will get rid of the jump later.
+
+		emitJump(fn, dfltBlock, s)
 		fn.currentBlock = dfltBlock
 		fn.targets = &targets{
 			tail:         fn.targets,
@@ -1314,138 +1385,175 @@ func (b *builder) switchStmt(fn *Function, s *ast.SwitchStmt, label *lblock) {
 		b.stmtList(fn, *dfltBody)
 		fn.targets = fn.targets.tail
 	}
-	emitJump(fn, done)
+	emitJump(fn, done, s)
 	fn.currentBlock = done
 }
 
-// typeSwitchStmt emits to fn code for the type switch statement s, optionally
-// labelled by label.
-//
 func (b *builder) typeSwitchStmt(fn *Function, s *ast.TypeSwitchStmt, label *lblock) {
-	// We treat TypeSwitchStmt like a sequential if-else chain.
-	// Multiway dispatch can be recovered later by ssautil.Switches().
-
-	// Typeswitch lowering:
-	//
-	// var x X
-	// switch y := x.(type) {
-	// case T1, T2: S1                  // >1 	(y := x)
-	// case nil:    SN                  // nil 	(y := x)
-	// default:     SD                  // 0 types 	(y := x)
-	// case T3:     S3                  // 1 type 	(y := x.(T3))
-	// }
-	//
-	//      ...s.Init...
-	// 	x := eval x
-	// .caseT1:
-	// 	t1, ok1 := typeswitch,ok x <T1>
-	// 	if ok1 then goto S1 else goto .caseT2
-	// .caseT2:
-	// 	t2, ok2 := typeswitch,ok x <T2>
-	// 	if ok2 then goto S1 else goto .caseNil
-	// .S1:
-	//      y := x
-	// 	...S1...
-	// 	goto done
-	// .caseNil:
-	// 	if t2, ok2 := typeswitch,ok x <T2>
-	// 	if x == nil then goto SN else goto .caseT3
-	// .SN:
-	//      y := x
-	// 	...SN...
-	// 	goto done
-	// .caseT3:
-	// 	t3, ok3 := typeswitch,ok x <T3>
-	// 	if ok3 then goto S3 else goto default
-	// .S3:
-	//      y := t3
-	// 	...S3...
-	// 	goto done
-	// .default:
-	//      y := x
-	// 	...SD...
-	// 	goto done
-	// .done:
-
 	if s.Init != nil {
 		b.stmt(fn, s.Init)
 	}
 
-	var x Value
-	switch ass := s.Assign.(type) {
+	var tag Value
+	switch e := s.Assign.(type) {
 	case *ast.ExprStmt: // x.(type)
-		x = b.expr(fn, unparen(ass.X).(*ast.TypeAssertExpr).X)
+		tag = b.expr(fn, unparen(e.X).(*ast.TypeAssertExpr).X)
 	case *ast.AssignStmt: // y := x.(type)
-		x = b.expr(fn, unparen(ass.Rhs[0]).(*ast.TypeAssertExpr).X)
+		tag = b.expr(fn, unparen(e.Rhs[0]).(*ast.TypeAssertExpr).X)
+	default:
+		panic("unreachable")
 	}
+	tagPtr := fn.addLocal(tag.Type(), tag.Source())
+	emitStore(fn, tagPtr, tag, tag.Source())
 
-	done := fn.newBasicBlock("typeswitch.done")
+	// +1 in case there's no explicit default case
+	heads := make([]*BasicBlock, 0, len(s.Body.List)+1)
+
+	entry := fn.currentBlock
+	done := fn.newBasicBlock("done")
 	if label != nil {
 		label._break = done
 	}
+
+	// set up type switch and constant switch, populate their conditions
+	tswtch := &TypeSwitch{
+		Tag:   emitLoad(fn, tagPtr, tag.Source()),
+		Conds: make([]types.Type, 0, len(s.Body.List)+1),
+	}
+	cswtch := &ConstantSwitch{
+		Conds: make([]Value, 0, len(s.Body.List)+1),
+	}
+
+	rets := make([]types.Type, 0, len(s.Body.List)+1)
+	index := 0
 	var default_ *ast.CaseClause
 	for _, clause := range s.Body.List {
 		cc := clause.(*ast.CaseClause)
+		if obj := fn.Pkg.info.Implicits[cc]; obj != nil {
+			fn.addNamedLocal(obj, cc)
+		}
 		if cc.List == nil {
+			// default case
 			default_ = cc
+		} else {
+			for _, expr := range cc.List {
+				tswtch.Conds = append(tswtch.Conds, fn.Pkg.typeOf(expr))
+				cswtch.Conds = append(cswtch.Conds, emitConst(fn, intConst(int64(index))))
+				index++
+			}
+			if len(cc.List) == 1 {
+				rets = append(rets, fn.Pkg.typeOf(cc.List[0]))
+			} else {
+				for range cc.List {
+					rets = append(rets, tag.Type())
+				}
+			}
+		}
+	}
+
+	// default branch
+	rets = append(rets, tag.Type())
+
+	var vars []*types.Var
+	vars = append(vars, varIndex)
+	for _, typ := range rets {
+		vars = append(vars, anonVar(typ))
+	}
+	tswtch.setType(types.NewTuple(vars...))
+	// default branch
+	fn.currentBlock = entry
+	fn.emit(tswtch, s)
+	cswtch.Conds = append(cswtch.Conds, emitConst(fn, intConst(int64(-1))))
+	// in theory we should add a local and stores/loads for tswtch, to
+	// generate sigma nodes in the branches. however, there isn't any
+	// useful information we could possibly attach to it.
+	cswtch.Tag = emitExtract(fn, tswtch, 0, s)
+	fn.emit(cswtch, s)
+
+	// build heads and bodies
+	index = 0
+	for _, clause := range s.Body.List {
+		cc := clause.(*ast.CaseClause)
+		if cc.List == nil {
 			continue
 		}
+
 		body := fn.newBasicBlock("typeswitch.body")
-		var next *BasicBlock
-		var casetype types.Type
-		var ti Value // ti, ok := typeassert,ok x <Ti>
-		for _, cond := range cc.List {
-			next = fn.newBasicBlock("typeswitch.next")
-			casetype = fn.Pkg.typeOf(cond)
-			var condv Value
-			if casetype == tUntypedNil {
-				condv = emitCompare(fn, token.EQL, x, nilConst(x.Type()), token.NoPos)
-				ti = x
-			} else {
-				yok := emitTypeTest(fn, x, casetype, cc.Case)
-				ti = emitExtract(fn, yok, 0)
-				condv = emitExtract(fn, yok, 1)
+		for _, expr := range cc.List {
+			head := fn.newBasicBlock("typeswitch.head")
+			heads = append(heads, head)
+			fn.currentBlock = head
+
+			if obj := fn.Pkg.info.Implicits[cc]; obj != nil {
+				// In a switch y := x.(type), each case clause
+				// implicitly declares a distinct object y.
+				// In a single-type case, y has that type.
+				// In multi-type cases, 'case nil' and default,
+				// y has the same type as the interface operand.
+
+				l := fn.objects[obj]
+				if rets[index] == tUntypedNil {
+					emitStore(fn, l, emitConst(fn, nilConst(tswtch.Tag.Type())), s.Assign)
+				} else {
+					x := emitExtract(fn, tswtch, index+1, s.Assign)
+					emitStore(fn, l, x, nil)
+				}
 			}
-			emitIf(fn, condv, body, next)
-			fn.currentBlock = next
-		}
-		if len(cc.List) != 1 {
-			ti = x
+
+			emitJump(fn, body, expr)
+			index++
 		}
 		fn.currentBlock = body
-		b.typeCaseBody(fn, cc, ti, done)
-		fn.currentBlock = next
+		fn.targets = &targets{
+			tail:   fn.targets,
+			_break: done,
+		}
+		b.stmtList(fn, cc.Body)
+		fn.targets = fn.targets.tail
+		emitJump(fn, done, clause)
 	}
-	if default_ != nil {
-		b.typeCaseBody(fn, default_, x, done)
+
+	if default_ == nil {
+		// implicit default
+		heads = append(heads, done)
 	} else {
-		emitJump(fn, done)
+		body := fn.newBasicBlock("typeswitch.default")
+		heads = append(heads, body)
+		fn.currentBlock = body
+		fn.targets = &targets{
+			tail:   fn.targets,
+			_break: done,
+		}
+		if obj := fn.Pkg.info.Implicits[default_]; obj != nil {
+			l := fn.objects[obj]
+			x := emitExtract(fn, tswtch, index+1, s.Assign)
+			emitStore(fn, l, x, s)
+		}
+		b.stmtList(fn, default_.Body)
+		fn.targets = fn.targets.tail
+		emitJump(fn, done, s)
+	}
+
+	fn.currentBlock = entry
+	for _, head := range heads {
+		addEdge(entry, head)
 	}
 	fn.currentBlock = done
 }
 
-func (b *builder) typeCaseBody(fn *Function, cc *ast.CaseClause, x Value, done *BasicBlock) {
-	if obj := fn.Pkg.info.Implicits[cc]; obj != nil {
-		// In a switch y := x.(type), each case clause
-		// implicitly declares a distinct object y.
-		// In a single-type case, y has that type.
-		// In multi-type cases, 'case nil' and default,
-		// y has the same type as the interface operand.
-		emitStore(fn, fn.addNamedLocal(obj), x, obj.Pos())
-	}
-	fn.targets = &targets{
-		tail:   fn.targets,
-		_break: done,
-	}
-	b.stmtList(fn, cc.Body)
-	fn.targets = fn.targets.tail
-	emitJump(fn, done)
-}
-
 // selectStmt emits to fn code for the select statement s, optionally
 // labelled by label.
 //
-func (b *builder) selectStmt(fn *Function, s *ast.SelectStmt, label *lblock) {
+func (b *builder) selectStmt(fn *Function, s *ast.SelectStmt, label *lblock) (noreturn bool) {
+	if len(s.Body.List) == 0 {
+		instr := &Select{Blocking: true}
+		instr.setType(types.NewTuple(varIndex, varOk))
+		fn.emit(instr, s)
+		fn.emit(new(Unreachable), s)
+		addEdge(fn.currentBlock, fn.Exit)
+		return true
+	}
+
 	// A blocking select of a single case degenerates to a
 	// simple send or receive.
 	// TODO(adonovan): opt: is this optimization worth its weight?
@@ -1463,9 +1571,9 @@ func (b *builder) selectStmt(fn *Function, s *ast.SelectStmt, label *lblock) {
 			}
 			b.stmtList(fn, clause.Body)
 			fn.targets = fn.targets.tail
-			emitJump(fn, done)
+			emitJump(fn, done, clause)
 			fn.currentBlock = done
-			return
+			return false
 		}
 	}
 
@@ -1487,7 +1595,7 @@ func (b *builder) selectStmt(fn *Function, s *ast.SelectStmt, label *lblock) {
 				Dir:  types.SendOnly,
 				Chan: ch,
 				Send: emitConv(fn, b.expr(fn, comm.Value),
-					ch.Type().Underlying().(*types.Chan).Elem()),
+					ch.Type().Underlying().(*types.Chan).Elem(), comm),
 				Pos: comm.Arrow,
 			}
 			if debugInfo {
@@ -1520,22 +1628,12 @@ func (b *builder) selectStmt(fn *Function, s *ast.SelectStmt, label *lblock) {
 	}
 
 	// We dispatch on the (fair) result of Select using a
-	// sequential if-else chain, in effect:
-	//
-	// idx, recvOk, r0...r_n-1 := select(...)
-	// if idx == 0 {  // receive on channel 0  (first receive => r0)
-	//     x, ok := r0, recvOk
-	//     ...state0...
-	// } else if v == 1 {   // send on channel 1
-	//     ...state1...
-	// } else {
-	//     ...default...
-	// }
+	// switch on the returned index.
 	sel := &Select{
 		States:   states,
 		Blocking: blocking,
 	}
-	sel.setPos(s.Select)
+	sel.source = s
 	var vars []*types.Var
 	vars = append(vars, varIndex, varOk)
 	for _, st := range states {
@@ -1545,28 +1643,45 @@ func (b *builder) selectStmt(fn *Function, s *ast.SelectStmt, label *lblock) {
 		}
 	}
 	sel.setType(types.NewTuple(vars...))
-
-	fn.emit(sel)
-	idx := emitExtract(fn, sel, 0)
+	fn.emit(sel, s)
+	idx := emitExtract(fn, sel, 0, s)
 
 	done := fn.newBasicBlock("select.done")
 	if label != nil {
 		label._break = done
 	}
 
-	var defaultBody *[]ast.Stmt
+	entry := fn.currentBlock
+	swtch := &ConstantSwitch{
+		Tag: idx,
+		// one condition per case
+		Conds: make([]Value, 0, len(s.Body.List)+1),
+	}
+	// note that we don't need heads; a select case can only have a single condition
+	var bodies []*BasicBlock
+
 	state := 0
 	r := 2 // index in 'sel' tuple of value; increments if st.Dir==RECV
 	for _, cc := range s.Body.List {
 		clause := cc.(*ast.CommClause)
 		if clause.Comm == nil {
-			defaultBody = &clause.Body
+			body := fn.newBasicBlock("select.default")
+			fn.currentBlock = body
+			bodies = append(bodies, body)
+			fn.targets = &targets{
+				tail:   fn.targets,
+				_break: done,
+			}
+			b.stmtList(fn, clause.Body)
+			emitJump(fn, done, s)
+			fn.targets = fn.targets.tail
+			swtch.Conds = append(swtch.Conds, emitConst(fn, intConst(-1)))
 			continue
 		}
+		swtch.Conds = append(swtch.Conds, emitConst(fn, intConst(int64(state))))
 		body := fn.newBasicBlock("select.body")
-		next := fn.newBasicBlock("select.next")
-		emitIf(fn, emitCompare(fn, token.EQL, idx, intConst(int64(state)), token.NoPos), body, next)
 		fn.currentBlock = body
+		bodies = append(bodies, body)
 		fn.targets = &targets{
 			tail:   fn.targets,
 			_break: done,
@@ -1574,7 +1689,7 @@ func (b *builder) selectStmt(fn *Function, s *ast.SelectStmt, label *lblock) {
 		switch comm := clause.Comm.(type) {
 		case *ast.ExprStmt: // <-ch
 			if debugInfo {
-				v := emitExtract(fn, sel, r)
+				v := emitExtract(fn, sel, r, comm)
 				emitDebugRef(fn, states[state].DebugNode.(ast.Expr), v, false)
 			}
 			r++
@@ -1584,44 +1699,33 @@ func (b *builder) selectStmt(fn *Function, s *ast.SelectStmt, label *lblock) {
 				fn.addLocalForIdent(comm.Lhs[0].(*ast.Ident))
 			}
 			x := b.addr(fn, comm.Lhs[0], false) // non-escaping
-			v := emitExtract(fn, sel, r)
+			v := emitExtract(fn, sel, r, comm)
 			if debugInfo {
 				emitDebugRef(fn, states[state].DebugNode.(ast.Expr), v, false)
 			}
-			x.store(fn, v)
+			x.store(fn, v, comm)
 
 			if len(comm.Lhs) == 2 { // x, ok := ...
 				if comm.Tok == token.DEFINE {
 					fn.addLocalForIdent(comm.Lhs[1].(*ast.Ident))
 				}
 				ok := b.addr(fn, comm.Lhs[1], false) // non-escaping
-				ok.store(fn, emitExtract(fn, sel, 1))
+				ok.store(fn, emitExtract(fn, sel, 1, comm), comm)
 			}
 			r++
 		}
 		b.stmtList(fn, clause.Body)
 		fn.targets = fn.targets.tail
-		emitJump(fn, done)
-		fn.currentBlock = next
+		emitJump(fn, done, s)
 		state++
 	}
-	if defaultBody != nil {
-		fn.targets = &targets{
-			tail:   fn.targets,
-			_break: done,
-		}
-		b.stmtList(fn, *defaultBody)
-		fn.targets = fn.targets.tail
-	} else {
-		// A blocking select must match some case.
-		// (This should really be a runtime.errorString, not a string.)
-		fn.emit(&Panic{
-			X: emitConv(fn, stringConst("blocking select matched no case"), tEface),
-		})
-		fn.currentBlock = fn.newBasicBlock("unreachable")
+	fn.currentBlock = entry
+	fn.emit(swtch, s)
+	for _, body := range bodies {
+		addEdge(entry, body)
 	}
-	emitJump(fn, done)
 	fn.currentBlock = done
+	return false
 }
 
 // forStmt emits to fn code for the for statement s, optionally
@@ -1656,7 +1760,7 @@ func (b *builder) forStmt(fn *Function, s *ast.ForStmt, label *lblock) {
 		label._break = done
 		label._continue = cont
 	}
-	emitJump(fn, loop)
+	emitJump(fn, loop, s)
 	fn.currentBlock = loop
 	if loop != body {
 		b.cond(fn, s.Cond, body, done)
@@ -1669,12 +1773,12 @@ func (b *builder) forStmt(fn *Function, s *ast.ForStmt, label *lblock) {
 	}
 	b.stmt(fn, s.Body)
 	fn.targets = fn.targets.tail
-	emitJump(fn, cont)
+	emitJump(fn, cont, s)
 
 	if s.Post != nil {
 		fn.currentBlock = cont
 		b.stmt(fn, s.Post)
-		emitJump(fn, loop) // back-edge
+		emitJump(fn, loop, s) // back-edge
 	}
 	fn.currentBlock = done
 }
@@ -1684,7 +1788,7 @@ func (b *builder) forStmt(fn *Function, s *ast.ForStmt, label *lblock) {
 // The v result is defined only if tv is non-nil.
 // forPos is the position of the "for" token.
 //
-func (b *builder) rangeIndexed(fn *Function, x Value, tv types.Type, pos token.Pos) (k, v Value, loop, done *BasicBlock) {
+func (b *builder) rangeIndexed(fn *Function, x Value, tv types.Type, source ast.Node) (k, v Value, loop, done *BasicBlock) {
 	//
 	//      length = len(x)
 	//      index = -1
@@ -1707,37 +1811,37 @@ func (b *builder) rangeIndexed(fn *Function, x Value, tv types.Type, pos token.P
 		// elimination if x is pure, static unrolling, etc.
 		// Ranging over a nil *array may have >0 iterations.
 		// We still generate code for x, in case it has effects.
-		length = intConst(arr.Len())
+		length = emitConst(fn, intConst(arr.Len()))
 	} else {
 		// length = len(x).
 		var c Call
 		c.Call.Value = makeLen(x.Type())
 		c.Call.Args = []Value{x}
 		c.setType(tInt)
-		length = fn.emit(&c)
+		length = fn.emit(&c, source)
 	}
 
-	index := fn.addLocal(tInt, token.NoPos)
-	emitStore(fn, index, intConst(-1), pos)
+	index := fn.addLocal(tInt, source)
+	emitStore(fn, index, emitConst(fn, intConst(-1)), source)
 
 	loop = fn.newBasicBlock("rangeindex.loop")
-	emitJump(fn, loop)
+	emitJump(fn, loop, source)
 	fn.currentBlock = loop
 
 	incr := &BinOp{
 		Op: token.ADD,
-		X:  emitLoad(fn, index),
-		Y:  vOne,
+		X:  emitLoad(fn, index, source),
+		Y:  emitConst(fn, intConst(1)),
 	}
 	incr.setType(tInt)
-	emitStore(fn, index, fn.emit(incr), pos)
+	emitStore(fn, index, fn.emit(incr, source), source)
 
 	body := fn.newBasicBlock("rangeindex.body")
 	done = fn.newBasicBlock("rangeindex.done")
-	emitIf(fn, emitCompare(fn, token.LSS, incr, length, token.NoPos), body, done)
+	emitIf(fn, emitCompare(fn, token.LSS, incr, length, source), body, done, source)
 	fn.currentBlock = body
 
-	k = emitLoad(fn, index)
+	k = emitLoad(fn, index, source)
 	if tv != nil {
 		switch t := x.Type().Underlying().(type) {
 		case *types.Array:
@@ -1746,7 +1850,7 @@ func (b *builder) rangeIndexed(fn *Function, x Value, tv types.Type, pos token.P
 				Index: k,
 			}
 			instr.setType(t.Elem())
-			v = fn.emit(instr)
+			v = fn.emit(instr, source)
 
 		case *types.Pointer: // *array
 			instr := &IndexAddr{
@@ -1754,7 +1858,7 @@ func (b *builder) rangeIndexed(fn *Function, x Value, tv types.Type, pos token.P
 				Index: k,
 			}
 			instr.setType(types.NewPointer(t.Elem().Underlying().(*types.Array).Elem()))
-			v = emitLoad(fn, fn.emit(instr))
+			v = emitLoad(fn, fn.emit(instr, source), source)
 
 		case *types.Slice:
 			instr := &IndexAddr{
@@ -1762,7 +1866,7 @@ func (b *builder) rangeIndexed(fn *Function, x Value, tv types.Type, pos token.P
 				Index: k,
 			}
 			instr.setType(types.NewPointer(t.Elem()))
-			v = emitLoad(fn, fn.emit(instr))
+			v = emitLoad(fn, fn.emit(instr, source), source)
 
 		default:
 			panic("rangeIndexed x:" + t.String())
@@ -1776,7 +1880,7 @@ func (b *builder) rangeIndexed(fn *Function, x Value, tv types.Type, pos token.P
 // tk and tv are the types of the key/value results k and v, or nil
 // if the respective component is not wanted.
 //
-func (b *builder) rangeIter(fn *Function, x Value, tk, tv types.Type, pos token.Pos) (k, v Value, loop, done *BasicBlock) {
+func (b *builder) rangeIter(fn *Function, x Value, tk, tv types.Type, source ast.Node) (k, v Value, loop, done *BasicBlock) {
 	//
 	//	it = range x
 	// loop:                                   (target of continue)
@@ -1799,12 +1903,11 @@ func (b *builder) rangeIter(fn *Function, x Value, tk, tv types.Type, pos token.
 	}
 
 	rng := &Range{X: x}
-	rng.setPos(pos)
 	rng.setType(tRangeIter)
-	it := fn.emit(rng)
+	it := fn.emit(rng, source)
 
 	loop = fn.newBasicBlock("rangeiter.loop")
-	emitJump(fn, loop)
+	emitJump(fn, loop, source)
 	fn.currentBlock = loop
 
 	_, isString := x.Type().Underlying().(*types.Basic)
@@ -1818,18 +1921,18 @@ func (b *builder) rangeIter(fn *Function, x Value, tk, tv types.Type, pos token.
 		newVar("k", tk),
 		newVar("v", tv),
 	))
-	fn.emit(okv)
+	fn.emit(okv, source)
 
 	body := fn.newBasicBlock("rangeiter.body")
 	done = fn.newBasicBlock("rangeiter.done")
-	emitIf(fn, emitExtract(fn, okv, 0), body, done)
+	emitIf(fn, emitExtract(fn, okv, 0, source), body, done, source)
 	fn.currentBlock = body
 
 	if tk != tInvalid {
-		k = emitExtract(fn, okv, 1)
+		k = emitExtract(fn, okv, 1, source)
 	}
 	if tv != tInvalid {
-		v = emitExtract(fn, okv, 2)
+		v = emitExtract(fn, okv, 2, source)
 	}
 	return
 }
@@ -1840,7 +1943,7 @@ func (b *builder) rangeIter(fn *Function, x Value, tk, tv types.Type, pos token.
 // not wanted
 // pos is the position of the '=' or ':=' token.
 //
-func (b *builder) rangeChan(fn *Function, x Value, tk types.Type, pos token.Pos) (k Value, loop, done *BasicBlock) {
+func (b *builder) rangeChan(fn *Function, x Value, tk types.Type, source ast.Node) (k Value, loop, done *BasicBlock) {
 	//
 	// loop:                                   (target of continue)
 	//      ko = <-x                           (key, ok)
@@ -1853,25 +1956,15 @@ func (b *builder) rangeChan(fn *Function, x Value, tk types.Type, pos token.Pos)
 	// done:                                   (target of break)
 
 	loop = fn.newBasicBlock("rangechan.loop")
-	emitJump(fn, loop)
+	emitJump(fn, loop, source)
 	fn.currentBlock = loop
-	recv := &UnOp{
-		Op:      token.ARROW,
-		X:       x,
-		CommaOk: true,
-	}
-	recv.setPos(pos)
-	recv.setType(types.NewTuple(
-		newVar("k", x.Type().Underlying().(*types.Chan).Elem()),
-		varOk,
-	))
-	ko := fn.emit(recv)
+	retv := emitRecv(fn, x, true, types.NewTuple(newVar("k", x.Type().Underlying().(*types.Chan).Elem()), varOk), source)
 	body := fn.newBasicBlock("rangechan.body")
 	done = fn.newBasicBlock("rangechan.done")
-	emitIf(fn, emitExtract(fn, ko, 1), body, done)
+	emitIf(fn, emitExtract(fn, retv, 1, source), body, done, source)
 	fn.currentBlock = body
 	if tk != nil {
-		k = emitExtract(fn, ko, 0)
+		k = emitExtract(fn, retv, 0, source)
 	}
 	return
 }
@@ -1879,7 +1972,7 @@ func (b *builder) rangeChan(fn *Function, x Value, tk types.Type, pos token.Pos)
 // rangeStmt emits to fn code for the range statement s, optionally
 // labelled by label.
 //
-func (b *builder) rangeStmt(fn *Function, s *ast.RangeStmt, label *lblock) {
+func (b *builder) rangeStmt(fn *Function, s *ast.RangeStmt, label *lblock, source ast.Node) {
 	var tk, tv types.Type
 	if s.Key != nil && !isBlankIdent(s.Key) {
 		tk = fn.Pkg.typeOf(s.Key)
@@ -1909,13 +2002,13 @@ func (b *builder) rangeStmt(fn *Function, s *ast.RangeStmt, label *lblock) {
 	var loop, done *BasicBlock
 	switch rt := x.Type().Underlying().(type) {
 	case *types.Slice, *types.Array, *types.Pointer: // *array
-		k, v, loop, done = b.rangeIndexed(fn, x, tv, s.For)
+		k, v, loop, done = b.rangeIndexed(fn, x, tv, source)
 
 	case *types.Chan:
-		k, loop, done = b.rangeChan(fn, x, tk, s.For)
+		k, loop, done = b.rangeChan(fn, x, tk, source)
 
 	case *types.Map, *types.Basic: // string
-		k, v, loop, done = b.rangeIter(fn, x, tk, tv, s.For)
+		k, v, loop, done = b.rangeIter(fn, x, tk, tv, source)
 
 	default:
 		panic("Cannot range over: " + rt.String())
@@ -1930,10 +2023,10 @@ func (b *builder) rangeStmt(fn *Function, s *ast.RangeStmt, label *lblock) {
 		vl = b.addr(fn, s.Value, false) // non-escaping
 	}
 	if tk != nil {
-		kl.store(fn, k)
+		kl.store(fn, k, s)
 	}
 	if tv != nil {
-		vl.store(fn, v)
+		vl.store(fn, v, s)
 	}
 
 	if label != nil {
@@ -1948,11 +2041,11 @@ func (b *builder) rangeStmt(fn *Function, s *ast.RangeStmt, label *lblock) {
 	}
 	b.stmt(fn, s.Body)
 	fn.targets = fn.targets.tail
-	emitJump(fn, loop) // back-edge
+	emitJump(fn, loop, source) // back-edge
 	fn.currentBlock = done
 }
 
-// stmt lowers statement s to SSA form, emitting code to fn.
+// stmt lowers statement s to IR form, emitting code to fn.
 func (b *builder) stmt(fn *Function, _s ast.Stmt) {
 	// The label of the current statement.  If non-nil, its _goto
 	// target is always set; its _break and _continue are set only
@@ -1976,7 +2069,7 @@ start:
 
 	case *ast.LabeledStmt:
 		label = fn.labelledBlock(s.Label)
-		emitJump(fn, label._goto)
+		emitJump(fn, label._goto, s)
 		fn.currentBlock = label._goto
 		_s = s.Stmt
 		goto start // effectively: tailcall stmt(fn, s.Stmt, label)
@@ -1985,12 +2078,12 @@ start:
 		b.expr(fn, s.X)
 
 	case *ast.SendStmt:
-		fn.emit(&Send{
+		instr := &Send{
 			Chan: b.expr(fn, s.Chan),
 			X: emitConv(fn, b.expr(fn, s.Value),
-				fn.Pkg.typeOf(s.Chan).Underlying().(*types.Chan).Elem()),
-			pos: s.Arrow,
-		})
+				fn.Pkg.typeOf(s.Chan).Underlying().(*types.Chan).Elem(), s),
+		}
+		fn.emit(instr, s)
 
 	case *ast.IncDecStmt:
 		op := token.ADD
@@ -1998,37 +2091,37 @@ start:
 			op = token.SUB
 		}
 		loc := b.addr(fn, s.X, false)
-		b.assignOp(fn, loc, NewConst(constant.MakeInt64(1), loc.typ()), op, s.Pos())
+		b.assignOp(fn, loc, emitConst(fn, NewConst(constant.MakeInt64(1), loc.typ())), op, s)
 
 	case *ast.AssignStmt:
 		switch s.Tok {
 		case token.ASSIGN, token.DEFINE:
-			b.assignStmt(fn, s.Lhs, s.Rhs, s.Tok == token.DEFINE)
+			b.assignStmt(fn, s.Lhs, s.Rhs, s.Tok == token.DEFINE, _s)
 
 		default: // +=, etc.
 			op := s.Tok + token.ADD - token.ADD_ASSIGN
-			b.assignOp(fn, b.addr(fn, s.Lhs[0], false), b.expr(fn, s.Rhs[0]), op, s.Pos())
+			b.assignOp(fn, b.addr(fn, s.Lhs[0], false), b.expr(fn, s.Rhs[0]), op, s)
 		}
 
 	case *ast.GoStmt:
 		// The "intrinsics" new/make/len/cap are forbidden here.
 		// panic is treated like an ordinary function call.
-		v := Go{pos: s.Go}
+		v := Go{}
 		b.setCall(fn, s.Call, &v.Call)
-		fn.emit(&v)
+		fn.emit(&v, s)
 
 	case *ast.DeferStmt:
 		// The "intrinsics" new/make/len/cap are forbidden here.
 		// panic is treated like an ordinary function call.
-		v := Defer{pos: s.Defer}
+		v := Defer{}
 		b.setCall(fn, s.Call, &v.Call)
-		fn.emit(&v)
-
-		// A deferred call can cause recovery from panic,
-		// and control resumes at the Recover block.
-		createRecoverBlock(fn)
+		fn.hasDefer = true
+		fn.emit(&v, s)
 
 	case *ast.ReturnStmt:
+		// TODO(dh): we could emit tigher position information by
+		// using the ith returned expression
+
 		var results []Value
 		if len(s.Results) == 1 && fn.Signature.Results().Len() > 1 {
 			// Return of one expression in a multi-valued function.
@@ -2036,34 +2129,23 @@ start:
 			ttuple := tuple.Type().(*types.Tuple)
 			for i, n := 0, ttuple.Len(); i < n; i++ {
 				results = append(results,
-					emitConv(fn, emitExtract(fn, tuple, i),
-						fn.Signature.Results().At(i).Type()))
+					emitConv(fn, emitExtract(fn, tuple, i, s),
+						fn.Signature.Results().At(i).Type(), s))
 			}
 		} else {
 			// 1:1 return, or no-arg return in non-void function.
 			for i, r := range s.Results {
-				v := emitConv(fn, b.expr(fn, r), fn.Signature.Results().At(i).Type())
+				v := emitConv(fn, b.expr(fn, r), fn.Signature.Results().At(i).Type(), s)
 				results = append(results, v)
 			}
 		}
-		if fn.namedResults != nil {
-			// Function has named result parameters (NRPs).
-			// Perform parallel assignment of return operands to NRPs.
-			for i, r := range results {
-				emitStore(fn, fn.namedResults[i], r, s.Return)
-			}
+
+		ret := fn.results()
+		for i, r := range results {
+			emitStore(fn, ret[i], r, s)
 		}
-		// Run function calls deferred in this
-		// function when explicitly returning from it.
-		fn.emit(new(RunDefers))
-		if fn.namedResults != nil {
-			// Reload NRPs to form the result tuple.
-			results = results[:0]
-			for _, r := range fn.namedResults {
-				results = append(results, emitLoad(fn, r))
-			}
-		}
-		fn.emit(&Return{Results: results, pos: s.Return})
+
+		emitJump(fn, fn.Exit, s)
 		fn.currentBlock = fn.newBasicBlock("unreachable")
 
 	case *ast.BranchStmt:
@@ -2095,7 +2177,8 @@ start:
 		case token.GOTO:
 			block = fn.labelledBlock(s.Label)._goto
 		}
-		emitJump(fn, block)
+		j := emitJump(fn, block, s)
+		j.Comment = s.Tok.String()
 		fn.currentBlock = fn.newBasicBlock("unreachable")
 
 	case *ast.BlockStmt:
@@ -2111,15 +2194,16 @@ start:
 		if s.Else != nil {
 			els = fn.newBasicBlock("if.else")
 		}
-		b.cond(fn, s.Cond, then, els)
+		instr := b.cond(fn, s.Cond, then, els)
+		instr.source = s
 		fn.currentBlock = then
 		b.stmt(fn, s.Body)
-		emitJump(fn, done)
+		emitJump(fn, done, s)
 
 		if s.Else != nil {
 			fn.currentBlock = els
 			b.stmt(fn, s.Else)
-			emitJump(fn, done)
+			emitJump(fn, done, s)
 		}
 
 		fn.currentBlock = done
@@ -2131,20 +2215,23 @@ start:
 		b.typeSwitchStmt(fn, s, label)
 
 	case *ast.SelectStmt:
-		b.selectStmt(fn, s, label)
+		if b.selectStmt(fn, s, label) {
+			// the select has no cases, it blocks forever
+			fn.currentBlock = fn.newBasicBlock("unreachable")
+		}
 
 	case *ast.ForStmt:
 		b.forStmt(fn, s, label)
 
 	case *ast.RangeStmt:
-		b.rangeStmt(fn, s, label)
+		b.rangeStmt(fn, s, label, s)
 
 	default:
 		panic(fmt.Sprintf("unexpected statement kind: %T", s))
 	}
 }
 
-// buildFunction builds SSA code for the body of function fn.  Idempotent.
+// buildFunction builds IR code for the body of function fn.  Idempotent.
 func (b *builder) buildFunction(fn *Function) {
 	if fn.Blocks != nil {
 		return // building already started
@@ -2153,7 +2240,7 @@ func (b *builder) buildFunction(fn *Function) {
 	var recvField *ast.FieldList
 	var body *ast.BlockStmt
 	var functype *ast.FuncType
-	switch n := fn.syntax.(type) {
+	switch n := fn.source.(type) {
 	case nil:
 		return // not a Go source function.  (Synthetic, or from object file.)
 	case *ast.FuncDecl:
@@ -2167,6 +2254,16 @@ func (b *builder) buildFunction(fn *Function) {
 		panic(n)
 	}
 
+	if fn.Package().Pkg.Path() == "syscall" && fn.Name() == "Exit" {
+		// syscall.Exit is a stub and the way os.Exit terminates the
+		// process. Note that there are other functions in the runtime
+		// that also terminate or unwind that we cannot analyze.
+		// However, they aren't stubs, so buildExits ends up getting
+		// called on them, so that's where we handle those special
+		// cases.
+		fn.WillExit = true
+	}
+
 	if body == nil {
 		// External function.
 		if fn.Params == nil {
@@ -2178,22 +2275,26 @@ func (b *builder) buildFunction(fn *Function) {
 			// We set Function.Params even though there is no body
 			// code to reference them.  This simplifies clients.
 			if recv := fn.Signature.Recv(); recv != nil {
-				fn.addParamObj(recv)
+				// XXX synthesize an ast.Node
+				fn.addParamObj(recv, nil)
 			}
 			params := fn.Signature.Params()
 			for i, n := 0, params.Len(); i < n; i++ {
-				fn.addParamObj(params.At(i))
+				// XXX synthesize an ast.Node
+				fn.addParamObj(params.At(i), nil)
 			}
 		}
 		return
 	}
 	if fn.Prog.mode&LogSource != 0 {
-		defer logStack("build function %s @ %s", fn, fn.Prog.Fset.Position(fn.pos))()
+		defer logStack("build function %s @ %s", fn, fn.Prog.Fset.Position(fn.Pos()))()
 	}
+	fn.blocksets = b.blocksets
 	fn.startBody()
 	fn.createSyntacticParams(recvField, functype)
+	fn.exitBlock()
 	b.stmt(fn, body)
-	if cb := fn.currentBlock; cb != nil && (cb == fn.Blocks[0] || cb == fn.Recover || cb.Preds != nil) {
+	if cb := fn.currentBlock; cb != nil && (cb == fn.Blocks[0] || cb.Preds != nil) {
 		// Control fell off the end of the function's body block.
 		//
 		// Block optimizations eliminate the current block, if
@@ -2201,13 +2302,20 @@ func (b *builder) buildFunction(fn *Function) {
 		// if this no-arg return is ill-typed for
 		// fn.Signature.Results, this block must be
 		// unreachable.  The sanity checker checks this.
-		fn.emit(new(RunDefers))
-		fn.emit(new(Return))
+		// fn.emit(new(RunDefers))
+		// fn.emit(new(Return))
+		emitJump(fn, fn.Exit, nil)
 	}
+	optimizeBlocks(fn)
+	buildFakeExits(fn)
+	b.buildExits(fn)
+	b.addUnreachables(fn)
 	fn.finishBody()
+	b.blocksets = fn.blocksets
+	fn.functionBody = nil
 }
 
-// buildFuncDecl builds SSA code for the function or method declared
+// buildFuncDecl builds IR code for the function or method declared
 // by decl in package pkg.
 //
 func (b *builder) buildFuncDecl(pkg *Package, decl *ast.FuncDecl) {
@@ -2220,13 +2328,13 @@ func (b *builder) buildFuncDecl(pkg *Package, decl *ast.FuncDecl) {
 		var v Call
 		v.Call.Value = fn
 		v.setType(types.NewTuple())
-		pkg.init.emit(&v)
+		pkg.init.emit(&v, decl)
 	}
+	fn.source = decl
 	b.buildFunction(fn)
 }
 
 // Build calls Package.Build for each package in prog.
-// Building occurs in parallel unless the BuildSerially mode flag was set.
 //
 // Build is intended for whole-program analysis; a typical compiler
 // need only build a single package.
@@ -2234,22 +2342,12 @@ func (b *builder) buildFuncDecl(pkg *Package, decl *ast.FuncDecl) {
 // Build is idempotent and thread-safe.
 //
 func (prog *Program) Build() {
-	var wg sync.WaitGroup
 	for _, p := range prog.packages {
-		if prog.mode&BuildSerially != 0 {
-			p.Build()
-		} else {
-			wg.Add(1)
-			go func(p *Package) {
-				p.Build()
-				wg.Done()
-			}(p)
-		}
+		p.Build()
 	}
-	wg.Wait()
 }
 
-// Build builds SSA code for all functions and vars in package p.
+// Build builds IR code for all functions and vars in package p.
 //
 // Precondition: CreatePackage must have been called for all of p's
 // direct imports (and hence its direct imports must have been
@@ -2277,33 +2375,33 @@ func (p *Package) build() {
 	}
 	init := p.init
 	init.startBody()
+	init.exitBlock()
 
 	var done *BasicBlock
 
-	if p.Prog.mode&BareInits == 0 {
-		// Make init() skip if package is already initialized.
-		initguard := p.Var("init$guard")
-		doinit := init.newBasicBlock("init.start")
-		done = init.newBasicBlock("init.done")
-		emitIf(init, emitLoad(init, initguard), done, doinit)
-		init.currentBlock = doinit
-		emitStore(init, initguard, vTrue, token.NoPos)
+	// Make init() skip if package is already initialized.
+	initguard := p.Var("init$guard")
+	doinit := init.newBasicBlock("init.start")
+	done = init.Exit
+	emitIf(init, emitLoad(init, initguard, nil), done, doinit, nil)
+	init.currentBlock = doinit
+	emitStore(init, initguard, emitConst(init, NewConst(constant.MakeBool(true), tBool)), nil)
 
-		// Call the init() function of each package we import.
-		for _, pkg := range p.Pkg.Imports() {
-			prereq := p.Prog.packages[pkg]
-			if prereq == nil {
-				panic(fmt.Sprintf("Package(%q).Build(): unsatisfied import: Program.CreatePackage(%q) was not called", p.Pkg.Path(), pkg.Path()))
-			}
-			var v Call
-			v.Call.Value = prereq.init
-			v.Call.pos = init.pos
-			v.setType(types.NewTuple())
-			init.emit(&v)
+	// Call the init() function of each package we import.
+	for _, pkg := range p.Pkg.Imports() {
+		prereq := p.Prog.packages[pkg]
+		if prereq == nil {
+			panic(fmt.Sprintf("Package(%q).Build(): unsatisfied import: Program.CreatePackage(%q) was not called", p.Pkg.Path(), pkg.Path()))
 		}
+		var v Call
+		v.Call.Value = prereq.init
+		v.setType(types.NewTuple())
+		init.emit(&v, nil)
 	}
 
-	var b builder
+	b := builder{
+		printFunc: p.printFunc,
+	}
 
 	// Initialize package-level vars in correct order.
 	for _, varinit := range p.info.InitOrder {
@@ -2315,11 +2413,12 @@ func (p *Package) build() {
 			// 1:1 initialization: var x, y = a(), b()
 			var lval lvalue
 			if v := varinit.Lhs[0]; v.Name() != "_" {
-				lval = &address{addr: p.values[v].(*Global), pos: v.Pos()}
+				lval = &address{addr: p.values[v].(*Global)}
 			} else {
 				lval = blank{}
 			}
-			b.assign(init, lval, varinit.Rhs, true, nil)
+			// TODO(dh): do emit position information
+			b.assign(init, lval, varinit.Rhs, true, nil, nil)
 		} else {
 			// n:1 initialization: var x, y :=  f()
 			tuple := b.exprN(init, varinit.Rhs)
@@ -2327,7 +2426,7 @@ func (p *Package) build() {
 				if v.Name() == "_" {
 					continue
 				}
-				emitStore(init, p.values[v].(*Global), emitExtract(init, tuple, i), v.Pos())
+				emitStore(init, p.values[v].(*Global), emitExtract(init, tuple, i, nil), nil)
 			}
 		}
 	}
@@ -2344,11 +2443,7 @@ func (p *Package) build() {
 	}
 
 	// Finish up init().
-	if p.Prog.mode&BareInits == 0 {
-		emitJump(init, done)
-		init.currentBlock = done
-	}
-	init.emit(new(Return))
+	emitJump(init, done, nil)
 	init.finishBody()
 
 	p.info = nil // We no longer need ASTs or go/types deductions.
diff --git a/vendor/honnef.co/go/tools/ssa/const.go b/vendor/honnef.co/go/tools/ir/const.go
similarity index 85%
rename from vendor/honnef.co/go/tools/ssa/const.go
rename to vendor/honnef.co/go/tools/ir/const.go
index f95d9e11..7cdf006e 100644
--- a/vendor/honnef.co/go/tools/ssa/const.go
+++ b/vendor/honnef.co/go/tools/ir/const.go
@@ -2,14 +2,13 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ssa
+package ir
 
 // This file defines the Const SSA value type.
 
 import (
 	"fmt"
 	"go/constant"
-	"go/token"
 	"go/types"
 	"strconv"
 )
@@ -18,7 +17,12 @@ import (
 // val must be valid according to the specification of Const.Value.
 //
 func NewConst(val constant.Value, typ types.Type) *Const {
-	return &Const{typ, val}
+	return &Const{
+		register: register{
+			typ: typ,
+		},
+		Value: val,
+	}
 }
 
 // intConst returns an 'int' constant that evaluates to i.
@@ -71,43 +75,25 @@ func zeroConst(t types.Type) *Const {
 }
 
 func (c *Const) RelString(from *types.Package) string {
-	var s string
+	var p string
 	if c.Value == nil {
-		s = "nil"
+		p = "nil"
 	} else if c.Value.Kind() == constant.String {
-		s = constant.StringVal(c.Value)
+		v := constant.StringVal(c.Value)
 		const max = 20
 		// TODO(adonovan): don't cut a rune in half.
-		if len(s) > max {
-			s = s[:max-3] + "..." // abbreviate
+		if len(v) > max {
+			v = v[:max-3] + "..." // abbreviate
 		}
-		s = strconv.Quote(s)
+		p = strconv.Quote(v)
 	} else {
-		s = c.Value.String()
+		p = c.Value.String()
 	}
-	return s + ":" + relType(c.Type(), from)
-}
-
-func (c *Const) Name() string {
-	return c.RelString(nil)
+	return fmt.Sprintf("Const <%s> {%s}", relType(c.Type(), from), p)
 }
 
 func (c *Const) String() string {
-	return c.Name()
-}
-
-func (c *Const) Type() types.Type {
-	return c.typ
-}
-
-func (c *Const) Referrers() *[]Instruction {
-	return nil
-}
-
-func (c *Const) Parent() *Function { return nil }
-
-func (c *Const) Pos() token.Pos {
-	return token.NoPos
+	return c.RelString(c.Parent().pkg())
 }
 
 // IsNil returns true if this constant represents a typed or untyped nil value.
@@ -115,8 +101,6 @@ func (c *Const) IsNil() bool {
 	return c.Value == nil
 }
 
-// TODO(adonovan): move everything below into honnef.co/go/tools/ssa/interp.
-
 // Int64 returns the numeric value of this constant truncated to fit
 // a signed 64-bit integer.
 //
diff --git a/vendor/honnef.co/go/tools/ssa/create.go b/vendor/honnef.co/go/tools/ir/create.go
similarity index 82%
rename from vendor/honnef.co/go/tools/ssa/create.go
rename to vendor/honnef.co/go/tools/ir/create.go
index 85163a0c..ff81a244 100644
--- a/vendor/honnef.co/go/tools/ssa/create.go
+++ b/vendor/honnef.co/go/tools/ir/create.go
@@ -2,9 +2,9 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ssa
+package ir
 
-// This file implements the CREATE phase of SSA construction.
+// This file implements the CREATE phase of IR construction.
 // See builder.go for explanation.
 
 import (
@@ -18,9 +18,9 @@ import (
 	"golang.org/x/tools/go/types/typeutil"
 )
 
-// NewProgram returns a new SSA Program.
+// NewProgram returns a new IR Program.
 //
-// mode controls diagnostics and checking during SSA construction.
+// mode controls diagnostics and checking during IR construction.
 //
 func NewProgram(fset *token.FileSet, mode BuilderMode) *Program {
 	prog := &Program{
@@ -75,7 +75,6 @@ func memberFromObject(pkg *Package, obj types.Object, syntax ast.Node) {
 			name:   name,
 			object: obj,
 			typ:    types.NewPointer(obj.Type()), // address
-			pos:    obj.Pos(),
 		}
 		pkg.values[obj] = g
 		pkg.Members[name] = g
@@ -90,16 +89,20 @@ func memberFromObject(pkg *Package, obj types.Object, syntax ast.Node) {
 			name:      name,
 			object:    obj,
 			Signature: sig,
-			syntax:    syntax,
-			pos:       obj.Pos(),
 			Pkg:       pkg,
 			Prog:      pkg.Prog,
 		}
+
+		fn.source = syntax
+		fn.initHTML(pkg.printFunc)
 		if syntax == nil {
 			fn.Synthetic = "loaded from gc object file"
+		} else {
+			fn.functionBody = new(functionBody)
 		}
 
 		pkg.values[obj] = fn
+		pkg.Functions = append(pkg.Functions, fn)
 		if sig.Recv() == nil {
 			pkg.Members[name] = fn // package-level function
 		}
@@ -152,35 +155,39 @@ func membersFromDecl(pkg *Package, decl ast.Decl) {
 	}
 }
 
-// CreatePackage constructs and returns an SSA Package from the
+// CreatePackage constructs and returns an IR Package from the
 // specified type-checked, error-free file ASTs, and populates its
 // Members mapping.
 //
 // importable determines whether this package should be returned by a
 // subsequent call to ImportedPackage(pkg.Path()).
 //
-// The real work of building SSA form for each function is not done
+// The real work of building IR form for each function is not done
 // until a subsequent call to Package.Build().
 //
 func (prog *Program) CreatePackage(pkg *types.Package, files []*ast.File, info *types.Info, importable bool) *Package {
 	p := &Package{
-		Prog:    prog,
-		Members: make(map[string]Member),
-		values:  make(map[types.Object]Value),
-		Pkg:     pkg,
-		info:    info,  // transient (CREATE and BUILD phases)
-		files:   files, // transient (CREATE and BUILD phases)
+		Prog:      prog,
+		Members:   make(map[string]Member),
+		values:    make(map[types.Object]Value),
+		Pkg:       pkg,
+		info:      info,  // transient (CREATE and BUILD phases)
+		files:     files, // transient (CREATE and BUILD phases)
+		printFunc: prog.PrintFunc,
 	}
 
 	// Add init() function.
 	p.init = &Function{
-		name:      "init",
-		Signature: new(types.Signature),
-		Synthetic: "package initializer",
-		Pkg:       p,
-		Prog:      prog,
+		name:         "init",
+		Signature:    new(types.Signature),
+		Synthetic:    "package initializer",
+		Pkg:          p,
+		Prog:         prog,
+		functionBody: new(functionBody),
 	}
+	p.init.initHTML(prog.PrintFunc)
 	p.Members[p.init.name] = p.init
+	p.Functions = append(p.Functions, p.init)
 
 	// CREATE phase.
 	// Allocate all package members: vars, funcs, consts and types.
@@ -209,15 +216,13 @@ func (prog *Program) CreatePackage(pkg *types.Package, files []*ast.File, info *
 		}
 	}
 
-	if prog.mode&BareInits == 0 {
-		// Add initializer guard variable.
-		initguard := &Global{
-			Pkg:  p,
-			name: "init$guard",
-			typ:  types.NewPointer(tBool),
-		}
-		p.Members[initguard.Name()] = initguard
+	// Add initializer guard variable.
+	initguard := &Global{
+		Pkg:  p,
+		name: "init$guard",
+		typ:  types.NewPointer(tBool),
 	}
+	p.Members[initguard.Name()] = initguard
 
 	if prog.mode&GlobalDebug != 0 {
 		p.SetDebugMode(true)
@@ -260,10 +265,10 @@ func (prog *Program) AllPackages() []*Package {
 //
 // TODO(adonovan): rethink this function and the "importable" concept;
 // most packages are importable. This function assumes that all
-// types.Package.Path values are unique within the ssa.Program, which is
+// types.Package.Path values are unique within the ir.Program, which is
 // false---yet this function remains very convenient.
 // Clients should use (*Program).Package instead where possible.
-// SSA doesn't really need a string-keyed map of packages.
+// IR doesn't really need a string-keyed map of packages.
 //
 func (prog *Program) ImportedPackage(path string) *Package {
 	return prog.imported[path]
diff --git a/vendor/honnef.co/go/tools/ssa/doc.go b/vendor/honnef.co/go/tools/ir/doc.go
similarity index 74%
rename from vendor/honnef.co/go/tools/ssa/doc.go
rename to vendor/honnef.co/go/tools/ir/doc.go
index 0f71fda0..a5f42e4f 100644
--- a/vendor/honnef.co/go/tools/ssa/doc.go
+++ b/vendor/honnef.co/go/tools/ir/doc.go
@@ -2,36 +2,34 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-// Package ssa defines a representation of the elements of Go programs
+// Package ir defines a representation of the elements of Go programs
 // (packages, types, functions, variables and constants) using a
-// static single-assignment (SSA) form intermediate representation
+// static single-information (SSI) form intermediate representation
 // (IR) for the bodies of functions.
 //
 // THIS INTERFACE IS EXPERIMENTAL AND IS LIKELY TO CHANGE.
 //
-// For an introduction to SSA form, see
+// For an introduction to SSA form, upon which SSI builds, see
 // http://en.wikipedia.org/wiki/Static_single_assignment_form.
 // This page provides a broader reading list:
 // http://www.dcs.gla.ac.uk/~jsinger/ssa.html.
 //
-// The level of abstraction of the SSA form is intentionally close to
+// For an introduction to SSI form, see The static single information
+// form by C. Scott Ananian.
+//
+// The level of abstraction of the IR form is intentionally close to
 // the source language to facilitate construction of source analysis
 // tools.  It is not intended for machine code generation.
 //
-// All looping, branching and switching constructs are replaced with
-// unstructured control flow.  Higher-level control flow constructs
-// such as multi-way branch can be reconstructed as needed; see
-// ssautil.Switches() for an example.
-//
-// The simplest way to create the SSA representation of a package is
+// The simplest way to create the IR of a package is
 // to load typed syntax trees using golang.org/x/tools/go/packages, then
-// invoke the ssautil.Packages helper function. See ExampleLoadPackages
+// invoke the irutil.Packages helper function. See ExampleLoadPackages
 // and ExampleWholeProgram for examples.
-// The resulting ssa.Program contains all the packages and their
-// members, but SSA code is not created for function bodies until a
+// The resulting ir.Program contains all the packages and their
+// members, but IR code is not created for function bodies until a
 // subsequent call to (*Package).Build or (*Program).Build.
 //
-// The builder initially builds a naive SSA form in which all local
+// The builder initially builds a naive IR form in which all local
 // variables are addresses of stack locations with explicit loads and
 // stores.  Registerisation of eligible locals and φ-node insertion
 // using dominance and dataflow are then performed as a second pass
@@ -44,7 +42,7 @@
 //    - Member: a named member of a Go package.
 //    - Value: an expression that yields a value.
 //    - Instruction: a statement that consumes values and performs computation.
-//    - Node: a Value or Instruction (emphasizing its membership in the SSA value graph)
+//    - Node: a Value or Instruction (emphasizing its membership in the IR value graph)
 //
 // A computation that yields a result implements both the Value and
 // Instruction interfaces.  The following table shows for each
@@ -53,47 +51,53 @@
 //                      Value?          Instruction?    Member?
 //   *Alloc             ✔               ✔
 //   *BinOp             ✔               ✔
+//   *BlankStore                        ✔
 //   *Builtin           ✔
 //   *Call              ✔               ✔
 //   *ChangeInterface   ✔               ✔
 //   *ChangeType        ✔               ✔
-//   *Const             ✔
+//   *Const             ✔               ✔
 //   *Convert           ✔               ✔
 //   *DebugRef                          ✔
-//   *Defer                             ✔
+//   *Defer             ✔               ✔
 //   *Extract           ✔               ✔
 //   *Field             ✔               ✔
 //   *FieldAddr         ✔               ✔
 //   *FreeVar           ✔
 //   *Function          ✔                               ✔ (func)
 //   *Global            ✔                               ✔ (var)
-//   *Go                                ✔
+//   *Go                ✔               ✔
 //   *If                                ✔
 //   *Index             ✔               ✔
 //   *IndexAddr         ✔               ✔
 //   *Jump                              ✔
-//   *Lookup            ✔               ✔
+//   *Load              ✔               ✔
 //   *MakeChan          ✔               ✔
 //   *MakeClosure       ✔               ✔
 //   *MakeInterface     ✔               ✔
 //   *MakeMap           ✔               ✔
 //   *MakeSlice         ✔               ✔
-//   *MapUpdate                         ✔
+//   *MapLookup         ✔               ✔
+//   *MapUpdate         ✔               ✔
 //   *NamedConst                                        ✔ (const)
 //   *Next              ✔               ✔
 //   *Panic                             ✔
-//   *Parameter         ✔
+//   *Parameter         ✔               ✔
 //   *Phi               ✔               ✔
 //   *Range             ✔               ✔
+//   *Recv              ✔               ✔
 //   *Return                            ✔
 //   *RunDefers                         ✔
 //   *Select            ✔               ✔
-//   *Send                              ✔
+//   *Send              ✔               ✔
+//   *Sigma             ✔               ✔
 //   *Slice             ✔               ✔
-//   *Store                             ✔
+//   *Store             ✔               ✔
+//   *StringLookup      ✔               ✔
 //   *Type                                              ✔ (type)
 //   *TypeAssert        ✔               ✔
 //   *UnOp              ✔               ✔
+//   *Unreachable                       ✔
 //
 // Other key types in this package include: Program, Package, Function
 // and BasicBlock.
@@ -102,7 +106,7 @@
 // resolved internally, i.e. it does not rely on the names of Values,
 // Packages, Functions, Types or BasicBlocks for the correct
 // interpretation of the program.  Only the identities of objects and
-// the topology of the SSA and type graphs are semantically
+// the topology of the IR and type graphs are semantically
 // significant.  (There is one exception: Ids, used to identify field
 // and method names, contain strings.)  Avoidance of name-based
 // operations simplifies the implementation of subsequent passes and
@@ -111,7 +115,7 @@
 // either accurate or unambiguous.  The public API exposes a number of
 // name-based maps for client convenience.
 //
-// The ssa/ssautil package provides various utilities that depend only
+// The ir/irutil package provides various utilities that depend only
 // on the public API of this package.
 //
 // TODO(adonovan): Consider the exceptional control-flow implications
@@ -120,6 +124,6 @@
 // TODO(adonovan): write a how-to document for all the various cases
 // of trying to determine corresponding elements across the four
 // domains of source locations, ast.Nodes, types.Objects,
-// ssa.Values/Instructions.
+// ir.Values/Instructions.
 //
-package ssa // import "honnef.co/go/tools/ssa"
+package ir // import "honnef.co/go/tools/ir"
diff --git a/vendor/honnef.co/go/tools/ssa/dom.go b/vendor/honnef.co/go/tools/ir/dom.go
similarity index 51%
rename from vendor/honnef.co/go/tools/ssa/dom.go
rename to vendor/honnef.co/go/tools/ir/dom.go
index a036be87..08c147df 100644
--- a/vendor/honnef.co/go/tools/ssa/dom.go
+++ b/vendor/honnef.co/go/tools/ir/dom.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ssa
+package ir
 
 // This file defines algorithms related to dominance.
 
@@ -20,6 +20,7 @@ package ssa
 import (
 	"bytes"
 	"fmt"
+	"io"
 	"math/big"
 	"os"
 	"sort"
@@ -27,8 +28,7 @@ import (
 
 // Idom returns the block that immediately dominates b:
 // its parent in the dominator tree, if any.
-// Neither the entry node (b.Index==0) nor recover node
-// (b==b.Parent().Recover()) have a parent.
+// The entry node (b.Index==0) does not have a parent.
 //
 func (b *BasicBlock) Idom() *BasicBlock { return b.dom.idom }
 
@@ -66,144 +66,211 @@ type domInfo struct {
 	pre, post int32         // pre- and post-order numbering within domtree
 }
 
-// ltState holds the working state for Lengauer-Tarjan algorithm
-// (during which domInfo.pre is repurposed for CFG DFS preorder number).
-type ltState struct {
-	// Each slice is indexed by b.Index.
-	sdom     []*BasicBlock // b's semidominator
-	parent   []*BasicBlock // b's parent in DFS traversal of CFG
-	ancestor []*BasicBlock // b's ancestor with least sdom
-}
-
-// dfs implements the depth-first search part of the LT algorithm.
-func (lt *ltState) dfs(v *BasicBlock, i int32, preorder []*BasicBlock) int32 {
-	preorder[i] = v
-	v.dom.pre = i // For now: DFS preorder of spanning tree of CFG
-	i++
-	lt.sdom[v.Index] = v
-	lt.link(nil, v)
-	for _, w := range v.Succs {
-		if lt.sdom[w.Index] == nil {
-			lt.parent[w.Index] = v
-			i = lt.dfs(w, i, preorder)
-		}
-	}
-	return i
-}
-
-// eval implements the EVAL part of the LT algorithm.
-func (lt *ltState) eval(v *BasicBlock) *BasicBlock {
-	// TODO(adonovan): opt: do path compression per simple LT.
-	u := v
-	for ; lt.ancestor[v.Index] != nil; v = lt.ancestor[v.Index] {
-		if lt.sdom[v.Index].dom.pre < lt.sdom[u.Index].dom.pre {
-			u = v
-		}
-	}
-	return u
-}
-
-// link implements the LINK part of the LT algorithm.
-func (lt *ltState) link(v, w *BasicBlock) {
-	lt.ancestor[w.Index] = v
-}
-
 // buildDomTree computes the dominator tree of f using the LT algorithm.
 // Precondition: all blocks are reachable (e.g. optimizeBlocks has been run).
 //
-func buildDomTree(f *Function) {
+func buildDomTree(fn *Function) {
 	// The step numbers refer to the original LT paper; the
 	// reordering is due to Georgiadis.
 
 	// Clear any previous domInfo.
-	for _, b := range f.Blocks {
+	for _, b := range fn.Blocks {
 		b.dom = domInfo{}
 	}
 
-	n := len(f.Blocks)
-	// Allocate space for 5 contiguous [n]*BasicBlock arrays:
-	// sdom, parent, ancestor, preorder, buckets.
-	space := make([]*BasicBlock, 5*n)
-	lt := ltState{
-		sdom:     space[0:n],
-		parent:   space[n : 2*n],
-		ancestor: space[2*n : 3*n],
+	idoms := make([]*BasicBlock, len(fn.Blocks))
+
+	order := make([]*BasicBlock, 0, len(fn.Blocks))
+	seen := fn.blockset(0)
+	var dfs func(b *BasicBlock)
+	dfs = func(b *BasicBlock) {
+		if !seen.Add(b) {
+			return
+		}
+		for _, succ := range b.Succs {
+			dfs(succ)
+		}
+		if fn.fakeExits.Has(b) {
+			dfs(fn.Exit)
+		}
+		order = append(order, b)
+		b.post = len(order) - 1
+	}
+	dfs(fn.Blocks[0])
+
+	for i := 0; i < len(order)/2; i++ {
+		o := len(order) - i - 1
+		order[i], order[o] = order[o], order[i]
 	}
 
-	// Step 1.  Number vertices by depth-first preorder.
-	preorder := space[3*n : 4*n]
-	root := f.Blocks[0]
-	prenum := lt.dfs(root, 0, preorder)
-	recover := f.Recover
-	if recover != nil {
-		lt.dfs(recover, prenum, preorder)
-	}
+	idoms[fn.Blocks[0].Index] = fn.Blocks[0]
+	changed := true
+	for changed {
+		changed = false
+		// iterate over all nodes in reverse postorder, except for the
+		// entry node
+		for _, b := range order[1:] {
+			var newIdom *BasicBlock
+			do := func(p *BasicBlock) {
+				if idoms[p.Index] == nil {
+					return
+				}
+				if newIdom == nil {
+					newIdom = p
+				} else {
+					finger1 := p
+					finger2 := newIdom
+					for finger1 != finger2 {
+						for finger1.post < finger2.post {
+							finger1 = idoms[finger1.Index]
+						}
+						for finger2.post < finger1.post {
+							finger2 = idoms[finger2.Index]
+						}
+					}
+					newIdom = finger1
+				}
+			}
+			for _, p := range b.Preds {
+				do(p)
+			}
+			if b == fn.Exit {
+				for _, p := range fn.Blocks {
+					if fn.fakeExits.Has(p) {
+						do(p)
+					}
+				}
+			}
 
-	buckets := space[4*n : 5*n]
-	copy(buckets, preorder)
-
-	// In reverse preorder...
-	for i := int32(n) - 1; i > 0; i-- {
-		w := preorder[i]
-
-		// Step 3. Implicitly define the immediate dominator of each node.
-		for v := buckets[i]; v != w; v = buckets[v.dom.pre] {
-			u := lt.eval(v)
-			if lt.sdom[u.Index].dom.pre < i {
-				v.dom.idom = u
-			} else {
-				v.dom.idom = w
+			if idoms[b.Index] != newIdom {
+				idoms[b.Index] = newIdom
+				changed = true
 			}
 		}
+	}
 
-		// Step 2. Compute the semidominators of all nodes.
-		lt.sdom[w.Index] = lt.parent[w.Index]
-		for _, v := range w.Preds {
-			u := lt.eval(v)
-			if lt.sdom[u.Index].dom.pre < lt.sdom[w.Index].dom.pre {
-				lt.sdom[w.Index] = lt.sdom[u.Index]
-			}
+	for i, b := range idoms {
+		fn.Blocks[i].dom.idom = b
+		if b == nil {
+			// malformed CFG
+			continue
 		}
-
-		lt.link(lt.parent[w.Index], w)
-
-		if lt.parent[w.Index] == lt.sdom[w.Index] {
-			w.dom.idom = lt.parent[w.Index]
-		} else {
-			buckets[i] = buckets[lt.sdom[w.Index].dom.pre]
-			buckets[lt.sdom[w.Index].dom.pre] = w
+		if i == b.Index {
+			continue
 		}
+		b.dom.children = append(b.dom.children, fn.Blocks[i])
 	}
 
-	// The final 'Step 3' is now outside the loop.
-	for v := buckets[0]; v != root; v = buckets[v.dom.pre] {
-		v.dom.idom = root
-	}
+	numberDomTree(fn.Blocks[0], 0, 0)
 
-	// Step 4. Explicitly define the immediate dominator of each
-	// node, in preorder.
-	for _, w := range preorder[1:] {
-		if w == root || w == recover {
-			w.dom.idom = nil
-		} else {
-			if w.dom.idom != lt.sdom[w.Index] {
-				w.dom.idom = w.dom.idom.dom.idom
-			}
-			// Calculate Children relation as inverse of Idom.
-			w.dom.idom.dom.children = append(w.dom.idom.dom.children, w)
-		}
-	}
-
-	pre, post := numberDomTree(root, 0, 0)
-	if recover != nil {
-		numberDomTree(recover, pre, post)
-	}
-
-	// printDomTreeDot(os.Stderr, f)        // debugging
+	// printDomTreeDot(os.Stderr, fn) // debugging
 	// printDomTreeText(os.Stderr, root, 0) // debugging
 
-	if f.Prog.mode&SanityCheckFunctions != 0 {
-		sanityCheckDomTree(f)
+	if fn.Prog.mode&SanityCheckFunctions != 0 {
+		sanityCheckDomTree(fn)
+	}
+}
+
+// buildPostDomTree is like buildDomTree, but builds the post-dominator tree instead.
+func buildPostDomTree(fn *Function) {
+	// The step numbers refer to the original LT paper; the
+	// reordering is due to Georgiadis.
+
+	// Clear any previous domInfo.
+	for _, b := range fn.Blocks {
+		b.pdom = domInfo{}
+	}
+
+	idoms := make([]*BasicBlock, len(fn.Blocks))
+
+	order := make([]*BasicBlock, 0, len(fn.Blocks))
+	seen := fn.blockset(0)
+	var dfs func(b *BasicBlock)
+	dfs = func(b *BasicBlock) {
+		if !seen.Add(b) {
+			return
+		}
+		for _, pred := range b.Preds {
+			dfs(pred)
+		}
+		if b == fn.Exit {
+			for _, p := range fn.Blocks {
+				if fn.fakeExits.Has(p) {
+					dfs(p)
+				}
+			}
+		}
+		order = append(order, b)
+		b.post = len(order) - 1
+	}
+	dfs(fn.Exit)
+
+	for i := 0; i < len(order)/2; i++ {
+		o := len(order) - i - 1
+		order[i], order[o] = order[o], order[i]
+	}
+
+	idoms[fn.Exit.Index] = fn.Exit
+	changed := true
+	for changed {
+		changed = false
+		// iterate over all nodes in reverse postorder, except for the
+		// exit node
+		for _, b := range order[1:] {
+			var newIdom *BasicBlock
+			do := func(p *BasicBlock) {
+				if idoms[p.Index] == nil {
+					return
+				}
+				if newIdom == nil {
+					newIdom = p
+				} else {
+					finger1 := p
+					finger2 := newIdom
+					for finger1 != finger2 {
+						for finger1.post < finger2.post {
+							finger1 = idoms[finger1.Index]
+						}
+						for finger2.post < finger1.post {
+							finger2 = idoms[finger2.Index]
+						}
+					}
+					newIdom = finger1
+				}
+			}
+			for _, p := range b.Succs {
+				do(p)
+			}
+			if fn.fakeExits.Has(b) {
+				do(fn.Exit)
+			}
+
+			if idoms[b.Index] != newIdom {
+				idoms[b.Index] = newIdom
+				changed = true
+			}
+		}
+	}
+
+	for i, b := range idoms {
+		fn.Blocks[i].pdom.idom = b
+		if b == nil {
+			// malformed CFG
+			continue
+		}
+		if i == b.Index {
+			continue
+		}
+		b.pdom.children = append(b.pdom.children, fn.Blocks[i])
+	}
+
+	numberPostDomTree(fn.Exit, 0, 0)
+
+	// printPostDomTreeDot(os.Stderr, fn) // debugging
+	// printPostDomTreeText(os.Stderr, fn.Exit, 0) // debugging
+
+	if fn.Prog.mode&SanityCheckFunctions != 0 { // XXX
+		sanityCheckDomTree(fn) // XXX
 	}
 }
 
@@ -222,6 +289,21 @@ func numberDomTree(v *BasicBlock, pre, post int32) (int32, int32) {
 	return pre, post
 }
 
+// numberPostDomTree sets the pre- and post-order numbers of a depth-first
+// traversal of the post-dominator tree rooted at v.  These are used to
+// answer post-dominance queries in constant time.
+//
+func numberPostDomTree(v *BasicBlock, pre, post int32) (int32, int32) {
+	v.pdom.pre = pre
+	pre++
+	for _, child := range v.pdom.children {
+		pre, post = numberPostDomTree(child, pre, post)
+	}
+	v.pdom.post = post
+	post++
+	return pre, post
+}
+
 // Testing utilities ----------------------------------------
 
 // sanityCheckDomTree checks the correctness of the dominator tree
@@ -243,8 +325,8 @@ func sanityCheckDomTree(f *Function) {
 	all.Set(one).Lsh(&all, uint(n)).Sub(&all, one)
 
 	// Initialization.
-	for i, b := range f.Blocks {
-		if i == 0 || b == f.Recover {
+	for i := range f.Blocks {
+		if i == 0 {
 			// A root is dominated only by itself.
 			D[i].SetBit(&D[0], 0, 1)
 		} else {
@@ -258,7 +340,7 @@ func sanityCheckDomTree(f *Function) {
 	for changed := true; changed; {
 		changed = false
 		for i, b := range f.Blocks {
-			if i == 0 || b == f.Recover {
+			if i == 0 {
 				continue
 			}
 			// Compute intersection across predecessors.
@@ -267,6 +349,13 @@ func sanityCheckDomTree(f *Function) {
 			for _, pred := range b.Preds {
 				x.And(&x, &D[pred.Index])
 			}
+			if b == f.Exit {
+				for _, p := range f.Blocks {
+					if f.fakeExits.Has(p) {
+						x.And(&x, &D[p.Index])
+					}
+				}
+			}
 			x.SetBit(&x, i, 1) // a block always dominates itself.
 			if D[i].Cmp(&x) != 0 {
 				D[i].Set(&x)
@@ -276,14 +365,10 @@ func sanityCheckDomTree(f *Function) {
 	}
 
 	// Check the entire relation.  O(n^2).
-	// The Recover block (if any) must be treated specially so we skip it.
 	ok := true
 	for i := 0; i < n; i++ {
 		for j := 0; j < n; j++ {
 			b, c := f.Blocks[i], f.Blocks[j]
-			if c == f.Recover {
-				continue
-			}
 			actual := b.Dominates(c)
 			expected := D[j].Bit(i) == 1
 			if actual != expected {
@@ -321,7 +406,7 @@ func printDomTreeText(buf *bytes.Buffer, v *BasicBlock, indent int) {
 // printDomTreeDot prints the dominator tree of f in AT&T GraphViz
 // (.dot) format.
 //lint:ignore U1000 used during debugging
-func printDomTreeDot(buf *bytes.Buffer, f *Function) {
+func printDomTreeDot(buf io.Writer, f *Function) {
 	fmt.Fprintln(buf, "//", f)
 	fmt.Fprintln(buf, "digraph domtree {")
 	for i, b := range f.Blocks {
@@ -341,3 +426,36 @@ func printDomTreeDot(buf *bytes.Buffer, f *Function) {
 	}
 	fmt.Fprintln(buf, "}")
 }
+
+// printDomTree prints the dominator tree as text, using indentation.
+//lint:ignore U1000 used during debugging
+func printPostDomTreeText(buf io.Writer, v *BasicBlock, indent int) {
+	fmt.Fprintf(buf, "%*s%s\n", 4*indent, "", v)
+	for _, child := range v.pdom.children {
+		printPostDomTreeText(buf, child, indent+1)
+	}
+}
+
+// printDomTreeDot prints the dominator tree of f in AT&T GraphViz
+// (.dot) format.
+//lint:ignore U1000 used during debugging
+func printPostDomTreeDot(buf io.Writer, f *Function) {
+	fmt.Fprintln(buf, "//", f)
+	fmt.Fprintln(buf, "digraph pdomtree {")
+	for _, b := range f.Blocks {
+		v := b.pdom
+		fmt.Fprintf(buf, "\tn%d [label=\"%s (%d, %d)\",shape=\"rectangle\"];\n", v.pre, b, v.pre, v.post)
+		// TODO(adonovan): improve appearance of edges
+		// belonging to both dominator tree and CFG.
+
+		// Dominator tree edge.
+		if b != f.Exit {
+			fmt.Fprintf(buf, "\tn%d -> n%d [style=\"solid\",weight=100];\n", v.idom.pdom.pre, v.pre)
+		}
+		// CFG edges.
+		for _, pred := range b.Preds {
+			fmt.Fprintf(buf, "\tn%d -> n%d [style=\"dotted\",weight=0];\n", pred.pdom.pre, v.pre)
+		}
+	}
+	fmt.Fprintln(buf, "}")
+}
diff --git a/vendor/honnef.co/go/tools/ssa/emit.go b/vendor/honnef.co/go/tools/ir/emit.go
similarity index 75%
rename from vendor/honnef.co/go/tools/ssa/emit.go
rename to vendor/honnef.co/go/tools/ir/emit.go
index 6bf9ec32..5fa137af 100644
--- a/vendor/honnef.co/go/tools/ssa/emit.go
+++ b/vendor/honnef.co/go/tools/ir/emit.go
@@ -2,13 +2,14 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ssa
+package ir
 
-// Helpers for emitting SSA instructions.
+// Helpers for emitting IR instructions.
 
 import (
 	"fmt"
 	"go/ast"
+	"go/constant"
 	"go/token"
 	"go/types"
 )
@@ -16,24 +17,32 @@ import (
 // emitNew emits to f a new (heap Alloc) instruction allocating an
 // object of type typ.  pos is the optional source location.
 //
-func emitNew(f *Function, typ types.Type, pos token.Pos) *Alloc {
+func emitNew(f *Function, typ types.Type, source ast.Node) *Alloc {
 	v := &Alloc{Heap: true}
 	v.setType(types.NewPointer(typ))
-	v.setPos(pos)
-	f.emit(v)
+	f.emit(v, source)
 	return v
 }
 
 // emitLoad emits to f an instruction to load the address addr into a
 // new temporary, and returns the value so defined.
 //
-func emitLoad(f *Function, addr Value) *UnOp {
-	v := &UnOp{Op: token.MUL, X: addr}
+func emitLoad(f *Function, addr Value, source ast.Node) *Load {
+	v := &Load{X: addr}
 	v.setType(deref(addr.Type()))
-	f.emit(v)
+	f.emit(v, source)
 	return v
 }
 
+func emitRecv(f *Function, ch Value, commaOk bool, typ types.Type, source ast.Node) Value {
+	recv := &Recv{
+		Chan:    ch,
+		CommaOk: commaOk,
+	}
+	recv.setType(typ)
+	return f.emit(recv, source)
+}
+
 // emitDebugRef emits to f a DebugRef pseudo-instruction associating
 // expression e with value v.
 //
@@ -61,7 +70,7 @@ func emitDebugRef(f *Function, e ast.Expr, v Value, isAddr bool) {
 		Expr:   e,
 		IsAddr: isAddr,
 		object: obj,
-	})
+	}, nil)
 }
 
 // emitArith emits to f code to compute the binary operation op(x, y)
@@ -69,19 +78,19 @@ func emitDebugRef(f *Function, e ast.Expr, v Value, isAddr bool) {
 // (Use emitCompare() for comparisons and Builder.logicalBinop() for
 // non-eager operations.)
 //
-func emitArith(f *Function, op token.Token, x, y Value, t types.Type, pos token.Pos) Value {
+func emitArith(f *Function, op token.Token, x, y Value, t types.Type, source ast.Node) Value {
 	switch op {
 	case token.SHL, token.SHR:
-		x = emitConv(f, x, t)
+		x = emitConv(f, x, t, source)
 		// y may be signed or an 'untyped' constant.
 		// TODO(adonovan): whence signed values?
 		if b, ok := y.Type().Underlying().(*types.Basic); ok && b.Info()&types.IsUnsigned == 0 {
-			y = emitConv(f, y, types.Typ[types.Uint64])
+			y = emitConv(f, y, types.Typ[types.Uint64], source)
 		}
 
 	case token.ADD, token.SUB, token.MUL, token.QUO, token.REM, token.AND, token.OR, token.XOR, token.AND_NOT:
-		x = emitConv(f, x, t)
-		y = emitConv(f, y, t)
+		x = emitConv(f, x, t, source)
+		y = emitConv(f, y, t, source)
 
 	default:
 		panic("illegal op in emitArith: " + op.String())
@@ -92,15 +101,14 @@ func emitArith(f *Function, op token.Token, x, y Value, t types.Type, pos token.
 		X:  x,
 		Y:  y,
 	}
-	v.setPos(pos)
 	v.setType(t)
-	return f.emit(v)
+	return f.emit(v, source)
 }
 
 // emitCompare emits to f code compute the boolean result of
 // comparison comparison 'x op y'.
 //
-func emitCompare(f *Function, op token.Token, x, y Value, pos token.Pos) Value {
+func emitCompare(f *Function, op token.Token, x, y Value, source ast.Node) Value {
 	xt := x.Type().Underlying()
 	yt := y.Type().Underlying()
 
@@ -111,7 +119,7 @@ func emitCompare(f *Function, op token.Token, x, y Value, pos token.Pos) Value {
 	//   if e==true { ... }
 	// even in the case when e's type is an interface.
 	// TODO(adonovan): opt: generalise to x==true, false!=y, etc.
-	if x == vTrue && op == token.EQL {
+	if x, ok := x.(*Const); ok && op == token.EQL && x.Value != nil && x.Value.Kind() == constant.Bool && constant.BoolVal(x.Value) {
 		if yt, ok := yt.(*types.Basic); ok && yt.Info()&types.IsBoolean != 0 {
 			return y
 		}
@@ -120,13 +128,13 @@ func emitCompare(f *Function, op token.Token, x, y Value, pos token.Pos) Value {
 	if types.Identical(xt, yt) {
 		// no conversion necessary
 	} else if _, ok := xt.(*types.Interface); ok {
-		y = emitConv(f, y, x.Type())
+		y = emitConv(f, y, x.Type(), source)
 	} else if _, ok := yt.(*types.Interface); ok {
-		x = emitConv(f, x, y.Type())
+		x = emitConv(f, x, y.Type(), source)
 	} else if _, ok := x.(*Const); ok {
-		x = emitConv(f, x, y.Type())
+		x = emitConv(f, x, y.Type(), source)
 	} else if _, ok := y.(*Const); ok {
-		y = emitConv(f, y, x.Type())
+		y = emitConv(f, y, x.Type(), source)
 		//lint:ignore SA9003 no-op
 	} else {
 		// other cases, e.g. channels.  No-op.
@@ -137,9 +145,8 @@ func emitCompare(f *Function, op token.Token, x, y Value, pos token.Pos) Value {
 		X:  x,
 		Y:  y,
 	}
-	v.setPos(pos)
 	v.setType(tBool)
-	return f.emit(v)
+	return f.emit(v, source)
 }
 
 // isValuePreserving returns true if a conversion from ut_src to
@@ -171,7 +178,7 @@ func isValuePreserving(ut_src, ut_dst types.Type) bool {
 // by language assignability rules in assignments, parameter passing,
 // etc.  Conversions cannot fail dynamically.
 //
-func emitConv(f *Function, val Value, typ types.Type) Value {
+func emitConv(f *Function, val Value, typ types.Type, source ast.Node) Value {
 	t_src := val.Type()
 
 	// Identical types?  Conversion is a no-op.
@@ -186,7 +193,7 @@ func emitConv(f *Function, val Value, typ types.Type) Value {
 	if isValuePreserving(ut_src, ut_dst) {
 		c := &ChangeType{X: val}
 		c.setType(typ)
-		return f.emit(c)
+		return f.emit(c, source)
 	}
 
 	// Conversion to, or construction of a value of, an interface type?
@@ -195,23 +202,23 @@ func emitConv(f *Function, val Value, typ types.Type) Value {
 		if _, ok := ut_src.(*types.Interface); ok {
 			c := &ChangeInterface{X: val}
 			c.setType(typ)
-			return f.emit(c)
+			return f.emit(c, source)
 		}
 
 		// Untyped nil constant?  Return interface-typed nil constant.
 		if ut_src == tUntypedNil {
-			return nilConst(typ)
+			return emitConst(f, nilConst(typ))
 		}
 
 		// Convert (non-nil) "untyped" literals to their default type.
 		if t, ok := ut_src.(*types.Basic); ok && t.Info()&types.IsUntyped != 0 {
-			val = emitConv(f, val, DefaultType(ut_src))
+			val = emitConv(f, val, types.Default(ut_src), source)
 		}
 
 		f.Pkg.Prog.needMethodsOf(val.Type())
 		mi := &MakeInterface{X: val}
 		mi.setType(typ)
-		return f.emit(mi)
+		return f.emit(mi, source)
 	}
 
 	// Conversion of a compile-time constant value?
@@ -222,7 +229,7 @@ func emitConv(f *Function, val Value, typ types.Type) Value {
 			// constant of the destination type and
 			// (initially) the same abstract value.
 			// We don't truncate the value yet.
-			return NewConst(c.Value, typ)
+			return emitConst(f, NewConst(c.Value, typ))
 		}
 
 		// We're converting from constant to non-constant type,
@@ -237,7 +244,7 @@ func emitConv(f *Function, val Value, typ types.Type) Value {
 	if ok1 || ok2 {
 		c := &Convert{X: val}
 		c.setType(typ)
-		return f.emit(c)
+		return f.emit(c, source)
 	}
 
 	panic(fmt.Sprintf("in %s: cannot convert %s (%s) to %s", f, val, val.Type(), typ))
@@ -246,72 +253,75 @@ func emitConv(f *Function, val Value, typ types.Type) Value {
 // emitStore emits to f an instruction to store value val at location
 // addr, applying implicit conversions as required by assignability rules.
 //
-func emitStore(f *Function, addr, val Value, pos token.Pos) *Store {
+func emitStore(f *Function, addr, val Value, source ast.Node) *Store {
 	s := &Store{
 		Addr: addr,
-		Val:  emitConv(f, val, deref(addr.Type())),
-		pos:  pos,
+		Val:  emitConv(f, val, deref(addr.Type()), source),
 	}
-	f.emit(s)
+	// make sure we call getMem after the call to emitConv, which may
+	// itself update the memory state
+	f.emit(s, source)
 	return s
 }
 
 // emitJump emits to f a jump to target, and updates the control-flow graph.
 // Postcondition: f.currentBlock is nil.
 //
-func emitJump(f *Function, target *BasicBlock) {
+func emitJump(f *Function, target *BasicBlock, source ast.Node) *Jump {
 	b := f.currentBlock
-	b.emit(new(Jump))
+	j := new(Jump)
+	b.emit(j, source)
 	addEdge(b, target)
 	f.currentBlock = nil
+	return j
 }
 
 // emitIf emits to f a conditional jump to tblock or fblock based on
 // cond, and updates the control-flow graph.
 // Postcondition: f.currentBlock is nil.
 //
-func emitIf(f *Function, cond Value, tblock, fblock *BasicBlock) {
+func emitIf(f *Function, cond Value, tblock, fblock *BasicBlock, source ast.Node) *If {
 	b := f.currentBlock
-	b.emit(&If{Cond: cond})
+	stmt := &If{Cond: cond}
+	b.emit(stmt, source)
 	addEdge(b, tblock)
 	addEdge(b, fblock)
 	f.currentBlock = nil
+	return stmt
 }
 
 // emitExtract emits to f an instruction to extract the index'th
 // component of tuple.  It returns the extracted value.
 //
-func emitExtract(f *Function, tuple Value, index int) Value {
+func emitExtract(f *Function, tuple Value, index int, source ast.Node) Value {
 	e := &Extract{Tuple: tuple, Index: index}
 	e.setType(tuple.Type().(*types.Tuple).At(index).Type())
-	return f.emit(e)
+	return f.emit(e, source)
 }
 
 // emitTypeAssert emits to f a type assertion value := x.(t) and
 // returns the value.  x.Type() must be an interface.
 //
-func emitTypeAssert(f *Function, x Value, t types.Type, pos token.Pos) Value {
+func emitTypeAssert(f *Function, x Value, t types.Type, source ast.Node) Value {
 	a := &TypeAssert{X: x, AssertedType: t}
-	a.setPos(pos)
 	a.setType(t)
-	return f.emit(a)
+	return f.emit(a, source)
 }
 
 // emitTypeTest emits to f a type test value,ok := x.(t) and returns
 // a (value, ok) tuple.  x.Type() must be an interface.
 //
-func emitTypeTest(f *Function, x Value, t types.Type, pos token.Pos) Value {
+func emitTypeTest(f *Function, x Value, t types.Type, source ast.Node) Value {
 	a := &TypeAssert{
 		X:            x,
 		AssertedType: t,
 		CommaOk:      true,
 	}
-	a.setPos(pos)
 	a.setType(types.NewTuple(
 		newVar("value", t),
 		varOk,
 	))
-	return f.emit(a)
+	return f.emit(a, source)
 }
 
 // emitTailCall emits to f a function call in tail position.  The
@@ -320,7 +330,7 @@ func emitTypeTest(f *Function, x Value, t types.Type, pos token.Pos) Value {
 // Precondition: f does/will not use deferred procedure calls.
 // Postcondition: f.currentBlock is nil.
 //
-func emitTailCall(f *Function, call *Call) {
+func emitTailCall(f *Function, call *Call, source ast.Node) {
 	tresults := f.Signature.Results()
 	nr := tresults.Len()
 	if nr == 1 {
@@ -328,7 +338,7 @@ func emitTailCall(f *Function, call *Call) {
 	} else {
 		call.typ = tresults
 	}
-	tuple := f.emit(call)
+	tuple := f.emit(call, source)
 	var ret Return
 	switch nr {
 	case 0:
@@ -337,7 +347,7 @@ func emitTailCall(f *Function, call *Call) {
 		ret.Results = []Value{tuple}
 	default:
 		for i := 0; i < nr; i++ {
-			v := emitExtract(f, tuple, i)
+			v := emitExtract(f, tuple, i, source)
 			// TODO(adonovan): in principle, this is required:
 			//   v = emitConv(f, o.Type, f.Signature.Results[i].Type)
 			// but in practice emitTailCall is only used when
@@ -345,7 +355,11 @@ func emitTailCall(f *Function, call *Call) {
 			ret.Results = append(ret.Results, v)
 		}
 	}
-	f.emit(&ret)
+
+	f.Exit = f.newBasicBlock("exit")
+	emitJump(f, f.Exit, source)
+	f.currentBlock = f.Exit
+	f.emit(&ret, source)
 	f.currentBlock = nil
 }
 
@@ -357,7 +371,7 @@ func emitTailCall(f *Function, call *Call) {
 // a field; if it is the value of a struct, the result will be the
 // value of a field.
 //
-func emitImplicitSelections(f *Function, v Value, indices []int) Value {
+func emitImplicitSelections(f *Function, v Value, indices []int, source ast.Node) Value {
 	for _, index := range indices {
 		fld := deref(v.Type()).Underlying().(*types.Struct).Field(index)
 
@@ -367,10 +381,10 @@ func emitImplicitSelections(f *Function, v Value, indices []int) Value {
 				Field: index,
 			}
 			instr.setType(types.NewPointer(fld.Type()))
-			v = f.emit(instr)
+			v = f.emit(instr, source)
 			// Load the field's value iff indirectly embedded.
 			if isPointer(fld.Type()) {
-				v = emitLoad(f, v)
+				v = emitLoad(f, v, source)
 			}
 		} else {
 			instr := &Field{
@@ -378,7 +392,7 @@ func emitImplicitSelections(f *Function, v Value, indices []int) Value {
 				Field: index,
 			}
 			instr.setType(fld.Type())
-			v = f.emit(instr)
+			v = f.emit(instr, source)
 		}
 	}
 	return v
@@ -398,21 +412,21 @@ func emitFieldSelection(f *Function, v Value, index int, wantAddr bool, id *ast.
 			X:     v,
 			Field: index,
 		}
-		instr.setPos(id.Pos())
+		instr.setSource(id)
 		instr.setType(types.NewPointer(fld.Type()))
-		v = f.emit(instr)
+		v = f.emit(instr, id)
 		// Load the field's value iff we don't want its address.
 		if !wantAddr {
-			v = emitLoad(f, v)
+			v = emitLoad(f, v, id)
 		}
 	} else {
 		instr := &Field{
 			X:     v,
 			Field: index,
 		}
-		instr.setPos(id.Pos())
+		instr.setSource(id)
 		instr.setType(fld.Type())
-		v = f.emit(instr)
+		v = f.emit(instr, id)
 	}
 	emitDebugRef(f, id, v, wantAddr)
 	return v
@@ -421,49 +435,16 @@ func emitFieldSelection(f *Function, v Value, index int, wantAddr bool, id *ast.
 // zeroValue emits to f code to produce a zero value of type t,
 // and returns it.
 //
-func zeroValue(f *Function, t types.Type) Value {
+func zeroValue(f *Function, t types.Type, source ast.Node) Value {
 	switch t.Underlying().(type) {
 	case *types.Struct, *types.Array:
-		return emitLoad(f, f.addLocal(t, token.NoPos))
+		return emitLoad(f, f.addLocal(t, source), source)
 	default:
-		return zeroConst(t)
+		return emitConst(f, zeroConst(t))
 	}
 }
 
-// createRecoverBlock emits to f a block of code to return after a
-// recovered panic, and sets f.Recover to it.
-//
-// If f's result parameters are named, the code loads and returns
-// their current values, otherwise it returns the zero values of their
-// type.
-//
-// Idempotent.
-//
-func createRecoverBlock(f *Function) {
-	if f.Recover != nil {
-		return // already created
-	}
-	saved := f.currentBlock
-
-	f.Recover = f.newBasicBlock("recover")
-	f.currentBlock = f.Recover
-
-	var results []Value
-	if f.namedResults != nil {
-		// Reload NRPs to form value tuple.
-		for _, r := range f.namedResults {
-			results = append(results, emitLoad(f, r))
-		}
-	} else {
-		R := f.Signature.Results()
-		for i, n := 0, R.Len(); i < n; i++ {
-			T := R.At(i).Type()
-
-			// Return zero value of each result type.
-			results = append(results, zeroValue(f, T))
-		}
-	}
-	f.emit(&Return{Results: results})
-
-	f.currentBlock = saved
+func emitConst(f *Function, c *Const) *Const {
+	f.consts = append(f.consts, c)
+	return c
 }
diff --git a/vendor/honnef.co/go/tools/ir/exits.go b/vendor/honnef.co/go/tools/ir/exits.go
new file mode 100644
index 00000000..10cda7bb
--- /dev/null
+++ b/vendor/honnef.co/go/tools/ir/exits.go
@@ -0,0 +1,271 @@
+package ir
+
+import (
+	"go/types"
+)
+
+func (b *builder) buildExits(fn *Function) {
+	if obj := fn.Object(); obj != nil {
+		switch obj.Pkg().Path() {
+		case "runtime":
+			switch obj.Name() {
+			case "exit":
+				fn.WillExit = true
+				return
+			case "throw":
+				fn.WillExit = true
+				return
+			case "Goexit":
+				fn.WillUnwind = true
+				return
+			}
+		case "github.com/sirupsen/logrus":
+			switch obj.(*types.Func).FullName() {
+			case "(*github.com/sirupsen/logrus.Logger).Exit":
+				// Technically, this method does not unconditionally exit
+				// the process. It dynamically calls a function stored in
+				// the logger. If the function is nil, it defaults to
+				// os.Exit.
+				//
+				// The main intent of this method is to terminate the
+				// process, and that's what the vast majority of people
+				// will use it for. We'll happily accept some false
+				// negatives to avoid a lot of false positives.
+				fn.WillExit = true
+				return
+			case "(*github.com/sirupsen/logrus.Logger).Panic",
+				"(*github.com/sirupsen/logrus.Logger).Panicf",
+				"(*github.com/sirupsen/logrus.Logger).Panicln":
+
+				// These methods will always panic, but that's not
+				// statically known from the code alone, because they
+				// take a detour through the generic Log methods.
+				fn.WillUnwind = true
+				return
+			case "(*github.com/sirupsen/logrus.Entry).Panicf",
+				"(*github.com/sirupsen/logrus.Entry).Panicln":
+
+				// Entry.Panic has an explicit panic, but Panicf and
+				// Panicln do not, relying fully on the generic Log
+				// method.
+				fn.WillUnwind = true
+				return
+			case "(*github.com/sirupsen/logrus.Logger).Log",
+				"(*github.com/sirupsen/logrus.Logger).Logf",
+				"(*github.com/sirupsen/logrus.Logger).Logln":
+				// TODO(dh): we cannot handle these case. Whether they
+				// exit or unwind depends on the level, which is set
+				// via the first argument. We don't currently support
+				// call-site-specific exit information.
+			}
+		}
+	}
+
+	buildDomTree(fn)
+
+	isRecoverCall := func(instr Instruction) bool {
+		if instr, ok := instr.(*Call); ok {
+			if builtin, ok := instr.Call.Value.(*Builtin); ok {
+				if builtin.Name() == "recover" {
+					return true
+				}
+			}
+		}
+		return false
+	}
+
+	// All panics branch to the exit block, which means that if every
+	// possible path through the function panics, then all
+	// predecessors of the exit block must panic.
+	willPanic := true
+	for _, pred := range fn.Exit.Preds {
+		if _, ok := pred.Control().(*Panic); !ok {
+			willPanic = false
+		}
+	}
+	if willPanic {
+		recovers := false
+	recoverLoop:
+		for _, u := range fn.Blocks {
+			for _, instr := range u.Instrs {
+				if instr, ok := instr.(*Defer); ok {
+					call := instr.Call.StaticCallee()
+					if call == nil {
+						// not a static call, so we can't be sure the
+						// deferred call isn't calling recover
+						recovers = true
+						break recoverLoop
+					}
+					if len(call.Blocks) == 0 {
+						// external function, we don't know what's
+						// happening inside it
+						//
+						// TODO(dh): this includes functions from
+						// imported packages, due to how go/analysis
+						// works. We could introduce another fact,
+						// like we've done for exiting and unwinding,
+						// but it doesn't seem worth it. Virtually all
+						// uses of recover will be in closures.
+						recovers = true
+						break recoverLoop
+					}
+					for _, y := range call.Blocks {
+						for _, instr2 := range y.Instrs {
+							if isRecoverCall(instr2) {
+								recovers = true
+								break recoverLoop
+							}
+						}
+					}
+				}
+			}
+		}
+		if !recovers {
+			fn.WillUnwind = true
+			return
+		}
+	}
+
+	// TODO(dh): don't check that any specific call dominates the exit
+	// block. instead, check that all calls combined cover every
+	// possible path through the function.
+	exits := NewBlockSet(len(fn.Blocks))
+	unwinds := NewBlockSet(len(fn.Blocks))
+	for _, u := range fn.Blocks {
+		for _, instr := range u.Instrs {
+			if instr, ok := instr.(CallInstruction); ok {
+				switch instr.(type) {
+				case *Defer, *Call:
+				default:
+					continue
+				}
+				if instr.Common().IsInvoke() {
+					// give up
+					return
+				}
+				var call *Function
+				switch instr.Common().Value.(type) {
+				case *Function, *MakeClosure:
+					call = instr.Common().StaticCallee()
+				case *Builtin:
+					// the only builtins that affect control flow are
+					// panic and recover, and we've already handled
+					// those
+					continue
+				default:
+					// dynamic dispatch
+					return
+				}
+				// buildFunction is idempotent. if we're part of a
+				// (mutually) recursive call chain, then buildFunction
+				// will immediately return, and fn.WillExit will be false.
+				if call.Package() == fn.Package() {
+					b.buildFunction(call)
+				}
+				dom := u.Dominates(fn.Exit)
+				if call.WillExit {
+					if dom {
+						fn.WillExit = true
+						return
+					}
+					exits.Add(u)
+				} else if call.WillUnwind {
+					if dom {
+						fn.WillUnwind = true
+						return
+					}
+					unwinds.Add(u)
+				}
+			}
+		}
+	}
+
+	// depth-first search trying to find a path to the exit block that
+	// doesn't cross any of the blacklisted blocks
+	seen := NewBlockSet(len(fn.Blocks))
+	var findPath func(root *BasicBlock, bl *BlockSet) bool
+	findPath = func(root *BasicBlock, bl *BlockSet) bool {
+		if root == fn.Exit {
+			return true
+		}
+		if seen.Has(root) {
+			return false
+		}
+		if bl.Has(root) {
+			return false
+		}
+		seen.Add(root)
+		for _, succ := range root.Succs {
+			if findPath(succ, bl) {
+				return true
+			}
+		}
+		return false
+	}
+
+	if exits.Num() > 0 {
+		if !findPath(fn.Blocks[0], exits) {
+			fn.WillExit = true
+			return
+		}
+	}
+	if unwinds.Num() > 0 {
+		seen.Clear()
+		if !findPath(fn.Blocks[0], unwinds) {
+			fn.WillUnwind = true
+			return
+		}
+	}
+}
+
+func (b *builder) addUnreachables(fn *Function) {
+	for _, bb := range fn.Blocks {
+		for i, instr := range bb.Instrs {
+			if instr, ok := instr.(*Call); ok {
+				var call *Function
+				switch v := instr.Common().Value.(type) {
+				case *Function:
+					call = v
+				case *MakeClosure:
+					call = v.Fn.(*Function)
+				}
+				if call == nil {
+					continue
+				}
+				if call.Package() == fn.Package() {
+					// make sure we have information on all functions in this package
+					b.buildFunction(call)
+				}
+				if call.WillExit {
+					// This call will cause the process to terminate.
+					// Remove remaining instructions in the block and
+					// replace any control flow with Unreachable.
+					for _, succ := range bb.Succs {
+						succ.removePred(bb)
+					}
+					bb.Succs = bb.Succs[:0]
+
+					bb.Instrs = bb.Instrs[:i+1]
+					bb.emit(new(Unreachable), instr.Source())
+					addEdge(bb, fn.Exit)
+					break
+				} else if call.WillUnwind {
+					// This call will cause the goroutine to terminate
+					// and defers to run (i.e. a panic or
+					// runtime.Goexit). Remove remaining instructions
+					// in the block and replace any control flow with
+					// an unconditional jump to the exit block.
+					for _, succ := range bb.Succs {
+						succ.removePred(bb)
+					}
+					bb.Succs = bb.Succs[:0]
+
+					bb.Instrs = bb.Instrs[:i+1]
+					bb.emit(new(Jump), instr.Source())
+					addEdge(bb, fn.Exit)
+					break
+				}
+			}
+		}
+	}
+}
diff --git a/vendor/honnef.co/go/tools/ssa/func.go b/vendor/honnef.co/go/tools/ir/func.go
similarity index 65%
rename from vendor/honnef.co/go/tools/ssa/func.go
rename to vendor/honnef.co/go/tools/ir/func.go
index 222eea64..386d82b6 100644
--- a/vendor/honnef.co/go/tools/ssa/func.go
+++ b/vendor/honnef.co/go/tools/ir/func.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ssa
+package ir
 
 // This file implements the Function and BasicBlock types.
 
@@ -10,6 +10,8 @@ import (
 	"bytes"
 	"fmt"
 	"go/ast"
+	"go/constant"
+	"go/format"
 	"go/token"
 	"go/types"
 	"io"
@@ -23,6 +25,29 @@ func addEdge(from, to *BasicBlock) {
 	to.Preds = append(to.Preds, from)
 }
 
+// Control returns the last instruction in the block.
+func (b *BasicBlock) Control() Instruction {
+	if len(b.Instrs) == 0 {
+		return nil
+	}
+	return b.Instrs[len(b.Instrs)-1]
+}
+
+// SIgmaFor returns the sigma node for v coming from pred.
+func (b *BasicBlock) SigmaFor(v Value, pred *BasicBlock) *Sigma {
+	for _, instr := range b.Instrs {
+		sigma, ok := instr.(*Sigma)
+		if !ok {
+			// no more sigmas
+			return nil
+		}
+		if sigma.From == pred && sigma.X == v {
+			return sigma
+		}
+	}
+	return nil
+}
+
 // Parent returns the function that contains block b.
 func (b *BasicBlock) Parent() *Function { return b.parent }
 
@@ -36,7 +61,8 @@ func (b *BasicBlock) String() string {
 // emit appends an instruction to the current basic block.
 // If the instruction defines a Value, it is returned.
 //
-func (b *BasicBlock) emit(i Instruction) Value {
+func (b *BasicBlock) emit(i Instruction, source ast.Node) Value {
+	i.setSource(source)
 	i.setBlock(b)
 	b.Instrs = append(b.Instrs, i)
 	v, _ := i.(Value)
@@ -54,6 +80,16 @@ func (b *BasicBlock) predIndex(c *BasicBlock) int {
 	panic(fmt.Sprintf("no edge %s -> %s", c, b))
 }
 
+// succIndex returns the i such that b.Succs[i] == c or -1 if there is none.
+func (b *BasicBlock) succIndex(c *BasicBlock) int {
+	for i, succ := range b.Succs {
+		if succ == c {
+			return i
+		}
+	}
+	return -1
+}
+
 // hasPhi returns true if b.Instrs contains φ-nodes.
 func (b *BasicBlock) hasPhi() bool {
 	_, ok := b.Instrs[0].(*Phi)
@@ -96,10 +132,6 @@ func (b *BasicBlock) replaceSucc(p, q *BasicBlock) {
 	}
 }
 
-func (b *BasicBlock) RemovePred(p *BasicBlock) {
-	b.removePred(p)
-}
-
 // removePred removes all occurrences of p in b's
 // predecessor list and φ-nodes.
 // Ordinarily there should be at most one.
@@ -173,23 +205,33 @@ func (f *Function) labelledBlock(label *ast.Ident) *lblock {
 // addParam adds a (non-escaping) parameter to f.Params of the
 // specified name, type and source position.
 //
-func (f *Function) addParam(name string, typ types.Type, pos token.Pos) *Parameter {
-	v := &Parameter{
-		name:   name,
-		typ:    typ,
-		pos:    pos,
-		parent: f,
+func (f *Function) addParam(name string, typ types.Type, source ast.Node) *Parameter {
+	var b *BasicBlock
+	if len(f.Blocks) > 0 {
+		b = f.Blocks[0]
 	}
+	v := &Parameter{
+		name: name,
+	}
+	v.setBlock(b)
+	v.setType(typ)
+	v.setSource(source)
 	f.Params = append(f.Params, v)
+	if b != nil {
+		// There may be no blocks if this function has no body. We
+		// still create params, but aren't interested in the
+		// instruction.
+		f.Blocks[0].Instrs = append(f.Blocks[0].Instrs, v)
+	}
 	return v
 }
 
-func (f *Function) addParamObj(obj types.Object) *Parameter {
+func (f *Function) addParamObj(obj types.Object, source ast.Node) *Parameter {
 	name := obj.Name()
 	if name == "" {
 		name = fmt.Sprintf("arg%d", len(f.Params))
 	}
-	param := f.addParam(name, obj.Type(), obj.Pos())
+	param := f.addParam(name, obj.Type(), source)
 	param.object = obj
 	return param
 }
@@ -198,25 +240,61 @@ func (f *Function) addParamObj(obj types.Object) *Parameter {
 // stack; the function body will load/store the spilled location.
 // Subsequent lifting will eliminate spills where possible.
 //
-func (f *Function) addSpilledParam(obj types.Object) {
-	param := f.addParamObj(obj)
-	spill := &Alloc{Comment: obj.Name()}
+func (f *Function) addSpilledParam(obj types.Object, source ast.Node) {
+	param := f.addParamObj(obj, source)
+	spill := &Alloc{}
 	spill.setType(types.NewPointer(obj.Type()))
-	spill.setPos(obj.Pos())
+	spill.source = source
 	f.objects[obj] = spill
 	f.Locals = append(f.Locals, spill)
-	f.emit(spill)
-	f.emit(&Store{Addr: spill, Val: param})
+	f.emit(spill, source)
+	emitStore(f, spill, param, source)
+	// f.emit(&Store{Addr: spill, Val: param})
 }
 
-// startBody initializes the function prior to generating SSA code for its body.
+// startBody initializes the function prior to generating IR code for its body.
 // Precondition: f.Type() already set.
 //
 func (f *Function) startBody() {
-	f.currentBlock = f.newBasicBlock("entry")
+	entry := f.newBasicBlock("entry")
+	f.currentBlock = entry
 	f.objects = make(map[types.Object]Value) // needed for some synthetics, e.g. init
 }
 
+func (f *Function) blockset(i int) *BlockSet {
+	bs := &f.blocksets[i]
+	if len(bs.values) != len(f.Blocks) {
+		if cap(bs.values) >= len(f.Blocks) {
+			bs.values = bs.values[:len(f.Blocks)]
+			bs.Clear()
+		} else {
+			bs.values = make([]bool, len(f.Blocks))
+		}
+	} else {
+		bs.Clear()
+	}
+	return bs
+}
+
+func (f *Function) exitBlock() {
+	old := f.currentBlock
+
+	f.Exit = f.newBasicBlock("exit")
+	f.currentBlock = f.Exit
+
+	ret := f.results()
+	results := make([]Value, len(ret))
+	// Run function calls deferred in this
+	// function when explicitly returning from it.
+	f.emit(new(RunDefers), nil)
+	for i, r := range ret {
+		results[i] = emitLoad(f, r, nil)
+	}
+
+	f.emit(&Return{Results: results}, nil)
+	f.currentBlock = old
+}
+
 // createSyntacticParams populates f.Params and generates code (spills
 // and named result locals) for all the parameters declared in the
 // syntax.  In addition it populates the f.objects mapping.
@@ -231,11 +309,11 @@ func (f *Function) createSyntacticParams(recv *ast.FieldList, functype *ast.Func
 	if recv != nil {
 		for _, field := range recv.List {
 			for _, n := range field.Names {
-				f.addSpilledParam(f.Pkg.info.Defs[n])
+				f.addSpilledParam(f.Pkg.info.Defs[n], n)
 			}
 			// Anonymous receiver?  No need to spill.
 			if field.Names == nil {
-				f.addParamObj(f.Signature.Recv())
+				f.addParamObj(f.Signature.Recv(), field)
 			}
 		}
 	}
@@ -245,11 +323,11 @@ func (f *Function) createSyntacticParams(recv *ast.FieldList, functype *ast.Func
 		n := len(f.Params) // 1 if has recv, 0 otherwise
 		for _, field := range functype.Params.List {
 			for _, n := range field.Names {
-				f.addSpilledParam(f.Pkg.info.Defs[n])
+				f.addSpilledParam(f.Pkg.info.Defs[n], n)
 			}
 			// Anonymous parameter?  No need to spill.
 			if field.Names == nil {
-				f.addParamObj(f.Signature.Params().At(len(f.Params) - n))
+				f.addParamObj(f.Signature.Params().At(len(f.Params)-n), field)
 			}
 		}
 	}
@@ -262,24 +340,27 @@ func (f *Function) createSyntacticParams(recv *ast.FieldList, functype *ast.Func
 				f.namedResults = append(f.namedResults, f.addLocalForIdent(n))
 			}
 		}
+
+		if len(f.namedResults) == 0 {
+			sig := f.Signature.Results()
+			for i := 0; i < sig.Len(); i++ {
+				// XXX position information
+				v := f.addLocal(sig.At(i).Type(), nil)
+				f.implicitResults = append(f.implicitResults, v)
+			}
+		}
 	}
 }
 
-// numberRegisters assigns numbers to all SSA registers
-// (value-defining Instructions) in f, to aid debugging.
-// (Non-Instruction Values are named at construction.)
-//
-func numberRegisters(f *Function) {
-	v := 0
+func numberNodes(f *Function) {
+	var base ID
 	for _, b := range f.Blocks {
 		for _, instr := range b.Instrs {
-			switch instr.(type) {
-			case Value:
-				instr.(interface {
-					setNum(int)
-				}).setNum(v)
-				v++
+			if instr == nil {
+				continue
 			}
+			base++
+			instr.setID(base)
 		}
 	}
 }
@@ -303,17 +384,164 @@ func buildReferrers(f *Function) {
 	}
 }
 
-// finishBody() finalizes the function after SSA code generation of its body.
+func (f *Function) emitConsts() {
+	if len(f.Blocks) == 0 {
+		f.consts = nil
+		return
+	}
+
+	// TODO(dh): our deduplication only works on booleans and
+	// integers. other constants are represented as pointers to
+	// things.
+	if len(f.consts) == 0 {
+		return
+	} else if len(f.consts) <= 32 {
+		f.emitConstsFew()
+	} else {
+		f.emitConstsMany()
+	}
+}
+
+func (f *Function) emitConstsFew() {
+	dedup := make([]*Const, 0, 32)
+	for _, c := range f.consts {
+		if len(*c.Referrers()) == 0 {
+			continue
+		}
+		found := false
+		for _, d := range dedup {
+			if c.typ == d.typ && c.Value == d.Value {
+				replaceAll(c, d)
+				found = true
+				break
+			}
+		}
+		if !found {
+			dedup = append(dedup, c)
+		}
+	}
+
+	instrs := make([]Instruction, len(f.Blocks[0].Instrs)+len(dedup))
+	for i, c := range dedup {
+		instrs[i] = c
+		c.setBlock(f.Blocks[0])
+	}
+	copy(instrs[len(dedup):], f.Blocks[0].Instrs)
+	f.Blocks[0].Instrs = instrs
+	f.consts = nil
+}
+
+func (f *Function) emitConstsMany() {
+	type constKey struct {
+		typ   types.Type
+		value constant.Value
+	}
+
+	m := make(map[constKey]Value, len(f.consts))
+	areNil := 0
+	for i, c := range f.consts {
+		if len(*c.Referrers()) == 0 {
+			f.consts[i] = nil
+			areNil++
+			continue
+		}
+
+		k := constKey{
+			typ:   c.typ,
+			value: c.Value,
+		}
+		if dup, ok := m[k]; !ok {
+			m[k] = c
+		} else {
+			f.consts[i] = nil
+			areNil++
+			replaceAll(c, dup)
+		}
+	}
+
+	instrs := make([]Instruction, len(f.Blocks[0].Instrs)+len(f.consts)-areNil)
+	i := 0
+	for _, c := range f.consts {
+		if c != nil {
+			instrs[i] = c
+			c.setBlock(f.Blocks[0])
+			i++
+		}
+	}
+	copy(instrs[i:], f.Blocks[0].Instrs)
+	f.Blocks[0].Instrs = instrs
+	f.consts = nil
+}
+
+// buildFakeExits ensures that every block in the function is
+// reachable in reverse from the Exit block. This is required to build
+// a full post-dominator tree, and to ensure the exit block's
+// inclusion in the dominator tree.
+func buildFakeExits(fn *Function) {
+	// Find back-edges via forward DFS
+	fn.fakeExits = BlockSet{values: make([]bool, len(fn.Blocks))}
+	seen := fn.blockset(0)
+	backEdges := fn.blockset(1)
+
+	var dfs func(b *BasicBlock)
+	dfs = func(b *BasicBlock) {
+		if !seen.Add(b) {
+			backEdges.Add(b)
+			return
+		}
+		for _, pred := range b.Succs {
+			dfs(pred)
+		}
+	}
+	dfs(fn.Blocks[0])
+buildLoop:
+	for {
+		seen := fn.blockset(2)
+		var dfs func(b *BasicBlock)
+		dfs = func(b *BasicBlock) {
+			if !seen.Add(b) {
+				return
+			}
+			for _, pred := range b.Preds {
+				dfs(pred)
+			}
+			if b == fn.Exit {
+				for _, b := range fn.Blocks {
+					if fn.fakeExits.Has(b) {
+						dfs(b)
+					}
+				}
+			}
+		}
+		dfs(fn.Exit)
+
+		for _, b := range fn.Blocks {
+			if !seen.Has(b) && backEdges.Has(b) {
+				// Block b is not reachable from the exit block. Add a
+				// fake jump from b to exit, then try again. Note that we
+				// only add one fake edge at a time, as it may make
+				// multiple blocks reachable.
+				//
+				// We only consider those blocks that have back edges.
+				// Any unreachable block that doesn't have a back edge
+				// must flow into a loop, which by definition has a
+				// back edge. Thus, by looking for loops, we should
+				// need fewer fake edges overall.
+				fn.fakeExits.Add(b)
+				continue buildLoop
+			}
+		}
+
+		break
+	}
+}
+
+// finishBody() finalizes the function after IR code generation of its body.
 func (f *Function) finishBody() {
 	f.objects = nil
 	f.currentBlock = nil
 	f.lblocks = nil
 
-	// Don't pin the AST in memory (except in debug mode).
-	if n := f.syntax; n != nil && !f.debugInfo() {
-		f.syntax = extentNode{n.Pos(), n.End()}
-	}
-
 	// Remove from f.Locals any Allocs that escape to the heap.
 	j := 0
 	for _, l := range f.Locals {
@@ -328,86 +556,25 @@ func (f *Function) finishBody() {
 	}
 	f.Locals = f.Locals[:j]
 
-	// comma-ok receiving from a time.Tick channel will never return
-	// ok == false, so any branching on the value of ok can be
-	// replaced with an unconditional jump. This will primarily match
-	// `for range time.Tick(x)` loops, but it can also match
-	// user-written code.
-	for _, block := range f.Blocks {
-		if len(block.Instrs) < 3 {
-			continue
-		}
-		if len(block.Succs) != 2 {
-			continue
-		}
-		var instrs []*Instruction
-		for i, ins := range block.Instrs {
-			if _, ok := ins.(*DebugRef); ok {
-				continue
-			}
-			instrs = append(instrs, &block.Instrs[i])
-		}
-
-		for i, ins := range instrs {
-			unop, ok := (*ins).(*UnOp)
-			if !ok || unop.Op != token.ARROW {
-				continue
-			}
-			call, ok := unop.X.(*Call)
-			if !ok {
-				continue
-			}
-			if call.Common().IsInvoke() {
-				continue
-			}
-
-			// OPT(dh): surely there is a more efficient way of doing
-			// this, than using FullName. We should already have
-			// resolved time.Tick somewhere?
-			v, ok := call.Common().Value.(*Function)
-			if !ok {
-				continue
-			}
-			t, ok := v.Object().(*types.Func)
-			if !ok {
-				continue
-			}
-			if t.FullName() != "time.Tick" {
-				continue
-			}
-			ex, ok := (*instrs[i+1]).(*Extract)
-			if !ok || ex.Tuple != unop || ex.Index != 1 {
-				continue
-			}
-
-			ifstmt, ok := (*instrs[i+2]).(*If)
-			if !ok || ifstmt.Cond != ex {
-				continue
-			}
-
-			*instrs[i+2] = NewJump(block)
-			succ := block.Succs[1]
-			block.Succs = block.Succs[0:1]
-			succ.RemovePred(block)
-		}
-	}
-
 	optimizeBlocks(f)
-
 	buildReferrers(f)
-
 	buildDomTree(f)
+	buildPostDomTree(f)
 
 	if f.Prog.mode&NaiveForm == 0 {
-		// For debugging pre-state of lifting pass:
-		// numberRegisters(f)
-		// f.WriteTo(os.Stderr)
 		lift(f)
 	}
 
-	f.namedResults = nil // (used by lifting)
+	// emit constants after lifting, because lifting may produce new constants.
+	f.emitConsts()
 
-	numberRegisters(f)
+	f.namedResults = nil // (used by lifting)
+	f.implicitResults = nil
+
+	numberNodes(f)
+
+	defer f.wr.Close()
+	f.wr.WriteFunc("start", "start", f)
 
 	if f.Prog.mode&PrintFunctions != 0 {
 		printMu.Lock()
@@ -420,6 +587,29 @@ func (f *Function) finishBody() {
 	}
 }
 
+func isUselessPhi(phi *Phi) (Value, bool) {
+	var v0 Value
+	for _, e := range phi.Edges {
+		if e == phi {
+			continue
+		}
+		if v0 == nil {
+			v0 = e
+		}
+		if v0 != e {
+			if v0, ok := v0.(*Const); ok {
+				if e, ok := e.(*Const); ok {
+					if v0.typ == e.typ && v0.Value == e.Value {
+						continue
+					}
+				}
+			}
+			return nil, false
+		}
+	}
+	return v0, true
+}
+
 func (f *Function) RemoveNilBlocks() {
 	f.removeNilBlocks()
 }
@@ -462,26 +652,24 @@ func (f *Function) debugInfo() bool {
 // returns it.  Its name and type are taken from obj.  Subsequent
 // calls to f.lookup(obj) will return the same local.
 //
-func (f *Function) addNamedLocal(obj types.Object) *Alloc {
-	l := f.addLocal(obj.Type(), obj.Pos())
-	l.Comment = obj.Name()
+func (f *Function) addNamedLocal(obj types.Object, source ast.Node) *Alloc {
+	l := f.addLocal(obj.Type(), source)
 	f.objects[obj] = l
 	return l
 }
 
 func (f *Function) addLocalForIdent(id *ast.Ident) *Alloc {
-	return f.addNamedLocal(f.Pkg.info.Defs[id])
+	return f.addNamedLocal(f.Pkg.info.Defs[id], id)
 }
 
 // addLocal creates an anonymous local variable of type typ, adds it
 // to function f and returns it.  pos is the optional source location.
 //
-func (f *Function) addLocal(typ types.Type, pos token.Pos) *Alloc {
+func (f *Function) addLocal(typ types.Type, source ast.Node) *Alloc {
 	v := &Alloc{}
 	v.setType(types.NewPointer(typ))
-	v.setPos(pos)
 	f.Locals = append(f.Locals, v)
-	f.emit(v)
+	f.emit(v, source)
 	return v
 }
 
@@ -501,13 +689,12 @@ func (f *Function) lookup(obj types.Object, escaping bool) Value {
 	// Definition must be in an enclosing function;
 	// plumb it through intervening closures.
 	if f.parent == nil {
-		panic("no ssa.Value for " + obj.String())
+		panic("no ir.Value for " + obj.String())
 	}
 	outer := f.parent.lookup(obj, true) // escaping
 	v := &FreeVar{
 		name:   obj.Name(),
 		typ:    outer.Type(),
-		pos:    outer.Pos(),
 		outer:  outer,
 		parent: f,
 	}
@@ -517,8 +704,8 @@ func (f *Function) lookup(obj types.Object, escaping bool) Value {
 }
 
 // emit emits the specified instruction to function f.
-func (f *Function) emit(instr Instruction) Value {
-	return f.currentBlock.emit(instr)
+func (f *Function) emit(instr Instruction, source ast.Node) Value {
+	return f.currentBlock.emit(instr, source)
 }
 
 // RelString returns the full name of this function, qualified by
@@ -637,10 +824,6 @@ func WriteFunction(buf *bytes.Buffer, f *Function) {
 		fmt.Fprintf(buf, "# Parent: %s\n", f.parent.Name())
 	}
 
-	if f.Recover != nil {
-		fmt.Fprintf(buf, "# Recover: %s\n", f.Recover)
-	}
-
 	from := f.pkg()
 
 	if f.FreeVars != nil {
@@ -663,45 +846,38 @@ func WriteFunction(buf *bytes.Buffer, f *Function) {
 		buf.WriteString("\t(external)\n")
 	}
 
-	// NB. column calculations are confused by non-ASCII
-	// characters and assume 8-space tabs.
-	const punchcard = 80 // for old time's sake.
-	const tabwidth = 8
 	for _, b := range f.Blocks {
 		if b == nil {
 			// Corrupt CFG.
 			fmt.Fprintf(buf, ".nil:\n")
 			continue
 		}
-		n, _ := fmt.Fprintf(buf, "%d:", b.Index)
-		bmsg := fmt.Sprintf("%s P:%d S:%d", b.Comment, len(b.Preds), len(b.Succs))
-		fmt.Fprintf(buf, "%*s%s\n", punchcard-1-n-len(bmsg), "", bmsg)
+		fmt.Fprintf(buf, "b%d:", b.Index)
+		if len(b.Preds) > 0 {
+			fmt.Fprint(buf, " ←")
+			for _, pred := range b.Preds {
+				fmt.Fprintf(buf, " b%d", pred.Index)
+			}
+		}
+		if b.Comment != "" {
+			fmt.Fprintf(buf, " # %s", b.Comment)
+		}
+		buf.WriteByte('\n')
 
 		if false { // CFG debugging
 			fmt.Fprintf(buf, "\t# CFG: %s --> %s --> %s\n", b.Preds, b, b.Succs)
 		}
+
+		buf2 := &bytes.Buffer{}
 		for _, instr := range b.Instrs {
 			buf.WriteString("\t")
 			switch v := instr.(type) {
 			case Value:
-				l := punchcard - tabwidth
 				// Left-align the instruction.
 				if name := v.Name(); name != "" {
-					n, _ := fmt.Fprintf(buf, "%s = ", name)
-					l -= n
-				}
-				n, _ := buf.WriteString(instr.String())
-				l -= n
-				// Right-align the type if there's space.
-				if t := v.Type(); t != nil {
-					buf.WriteByte(' ')
-					ts := relType(t, from)
-					l -= len(ts) + len("  ") // (spaces before and after type)
-					if l > 0 {
-						fmt.Fprintf(buf, "%*s", l, "")
-					}
-					buf.WriteString(ts)
+					fmt.Fprintf(buf, "%s = ", name)
 				}
+				buf.WriteString(instr.String())
 			case nil:
 				// Be robust against bad transforms.
 				buf.WriteString("<deleted>")
@@ -709,9 +885,30 @@ func WriteFunction(buf *bytes.Buffer, f *Function) {
 				buf.WriteString(instr.String())
 			}
 			buf.WriteString("\n")
+
+			if f.Prog.mode&PrintSource != 0 {
+				if s := instr.Source(); s != nil {
+					buf2.Reset()
+					format.Node(buf2, f.Prog.Fset, s)
+					for {
+						line, err := buf2.ReadString('\n')
+						if len(line) == 0 {
+							break
+						}
+						buf.WriteString("\t\t> ")
+						buf.WriteString(line)
+						if line[len(line)-1] != '\n' {
+							buf.WriteString("\n")
+						}
+						if err != nil {
+							break
+						}
+					}
+				}
+			}
 		}
+		buf.WriteString("\n")
 	}
-	fmt.Fprintf(buf, "\n")
 }
 
 // newBasicBlock adds to f a new basic block and returns it.  It does
@@ -736,7 +933,7 @@ func (f *Function) newBasicBlock(comment string) *BasicBlock {
 // the function object, e.g. Pkg, Params, Blocks.
 //
 // It is practically impossible for clients to construct well-formed
-// SSA functions/packages/programs directly, so we assume this is the
+// IR functions/packages/programs directly, so we assume this is the
 // job of the Builder alone.  NewFunction exists to provide clients a
 // little flexibility.  For example, analysis tools may wish to
 // construct fake Functions for the root of the callgraph, a fake
@@ -748,18 +945,17 @@ func (prog *Program) NewFunction(name string, sig *types.Signature, provenance s
 	return &Function{Prog: prog, name: name, Signature: sig, Synthetic: provenance}
 }
 
+//lint:ignore U1000 we may make use of this for functions loaded from export data
 type extentNode [2]token.Pos
 
 func (n extentNode) Pos() token.Pos { return n[0] }
 func (n extentNode) End() token.Pos { return n[1] }
 
-// Syntax returns an ast.Node whose Pos/End methods provide the
-// lexical extent of the function if it was defined by Go source code
-// (f.Synthetic==""), or nil otherwise.
-//
-// If f was built with debug information (see Package.SetDebugRef),
-// the result is the *ast.FuncDecl or *ast.FuncLit that declared the
-// function.  Otherwise, it is an opaque Node providing only position
-// information; this avoids pinning the AST in memory.
-//
-func (f *Function) Syntax() ast.Node { return f.syntax }
+func (f *Function) initHTML(name string) {
+	if name == "" {
+		return
+	}
+	if rel := f.RelString(nil); rel == name {
+		f.wr = NewHTMLWriter("ir.html", rel, "")
+	}
+}
diff --git a/vendor/honnef.co/go/tools/ir/html.go b/vendor/honnef.co/go/tools/ir/html.go
new file mode 100644
index 00000000..c1837533
--- /dev/null
+++ b/vendor/honnef.co/go/tools/ir/html.go
@@ -0,0 +1,1124 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Copyright 2019 Dominik Honnef. All rights reserved.
+
+package ir
+
+import (
+	"bytes"
+	"fmt"
+	"go/types"
+	"html"
+	"io"
+	"log"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"reflect"
+	"sort"
+	"strings"
+)
+
+func live(f *Function) []bool {
+	max := 0
+	var ops []*Value
+
+	for _, b := range f.Blocks {
+		for _, instr := range b.Instrs {
+			if int(instr.ID()) > max {
+				max = int(instr.ID())
+			}
+		}
+	}
+
+	out := make([]bool, max+1)
+	var q []Node
+	for _, b := range f.Blocks {
+		for _, instr := range b.Instrs {
+			switch instr.(type) {
+			case *BlankStore, *Call, *ConstantSwitch, *Defer, *Go, *If, *Jump, *MapUpdate, *Next, *Panic, *Recv, *Return, *RunDefers, *Send, *Store, *Unreachable:
+				out[instr.ID()] = true
+				q = append(q, instr)
+			}
+		}
+	}
+
+	for len(q) > 0 {
+		v := q[len(q)-1]
+		q = q[:len(q)-1]
+		for _, op := range v.Operands(ops) {
+			if *op == nil {
+				continue
+			}
+			if !out[(*op).ID()] {
+				out[(*op).ID()] = true
+				q = append(q, *op)
+			}
+		}
+	}
+
+	return out
+}
+
+type funcPrinter interface {
+	startBlock(b *BasicBlock, reachable bool)
+	endBlock(b *BasicBlock)
+	value(v Node, live bool)
+	startDepCycle()
+	endDepCycle()
+	named(n string, vals []Value)
+}
+
+func namedValues(f *Function) map[types.Object][]Value {
+	names := map[types.Object][]Value{}
+	for _, b := range f.Blocks {
+		for _, instr := range b.Instrs {
+			if instr, ok := instr.(*DebugRef); ok {
+				if obj := instr.object; obj != nil {
+					names[obj] = append(names[obj], instr.X)
+				}
+			}
+		}
+	}
+	// XXX deduplicate values
+	return names
+}
+
+func fprintFunc(p funcPrinter, f *Function) {
+	// XXX does our IR form preserve unreachable blocks?
+	// reachable, live := findlive(f)
+
+	l := live(f)
+	for _, b := range f.Blocks {
+		// XXX
+		// p.startBlock(b, reachable[b.Index])
+		p.startBlock(b, true)
+
+		end := len(b.Instrs) - 1
+		if end < 0 {
+			end = 0
+		}
+		for _, v := range b.Instrs[:end] {
+			if _, ok := v.(*DebugRef); !ok {
+				p.value(v, l[v.ID()])
+			}
+		}
+		p.endBlock(b)
+	}
+
+	names := namedValues(f)
+	keys := make([]types.Object, 0, len(names))
+	for key := range names {
+		keys = append(keys, key)
+	}
+	sort.Slice(keys, func(i, j int) bool {
+		return keys[i].Pos() < keys[j].Pos()
+	})
+	for _, key := range keys {
+		p.named(key.Name(), names[key])
+	}
+}
+
+func opName(v Node) string {
+	switch v := v.(type) {
+	case *Call:
+		if v.Common().IsInvoke() {
+			return "Invoke"
+		}
+		return "Call"
+	case *Alloc:
+		if v.Heap {
+			return "HeapAlloc"
+		}
+		return "StackAlloc"
+	case *Select:
+		if v.Blocking {
+			return "SelectBlocking"
+		}
+		return "SelectNonBlocking"
+	default:
+		return reflect.ValueOf(v).Type().Elem().Name()
+	}
+}
+
+type HTMLWriter struct {
+	w    io.WriteCloser
+	path string
+	dot  *dotWriter
+}
+
+func NewHTMLWriter(path string, funcname, cfgMask string) *HTMLWriter {
+	out, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644)
+	if err != nil {
+		log.Fatalf("%v", err)
+	}
+	pwd, err := os.Getwd()
+	if err != nil {
+		log.Fatalf("%v", err)
+	}
+	html := HTMLWriter{w: out, path: filepath.Join(pwd, path)}
+	html.dot = newDotWriter()
+	html.start(funcname)
+	return &html
+}
+
+func (w *HTMLWriter) start(name string) {
+	if w == nil {
+		return
+	}
+	w.WriteString("<html>")
+	w.WriteString(`<head>
+<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
+<style>
+
+body {
+    font-size: 14px;
+    font-family: Arial, sans-serif;
+}
+
+h1 {
+    font-size: 18px;
+    display: inline-block;
+    margin: 0 1em .5em 0;
+}
+
+#helplink {
+    display: inline-block;
+}
+
+#help {
+    display: none;
+}
+
+.stats {
+    font-size: 60%;
+}
+
+table {
+    border: 1px solid black;
+    table-layout: fixed;
+    width: 300px;
+}
+
+th, td {
+    border: 1px solid black;
+    overflow: hidden;
+    width: 400px;
+    vertical-align: top;
+    padding: 5px;
+}
+
+td > h2 {
+    cursor: pointer;
+    font-size: 120%;
+}
+
+td.collapsed {
+    font-size: 12px;
+    width: 12px;
+    border: 0px;
+    padding: 0;
+    cursor: pointer;
+    background: #fafafa;
+}
+
+td.collapsed  div {
+     -moz-transform: rotate(-90.0deg);  /* FF3.5+ */
+       -o-transform: rotate(-90.0deg);  /* Opera 10.5 */
+  -webkit-transform: rotate(-90.0deg);  /* Saf3.1+, Chrome */
+             filter:  progid:DXImageTransform.Microsoft.BasicImage(rotation=0.083);  /* IE6,IE7 */
+         -ms-filter: "progid:DXImageTransform.Microsoft.BasicImage(rotation=0.083)"; /* IE8 */
+         margin-top: 10.3em;
+         margin-left: -10em;
+         margin-right: -10em;
+         text-align: right;
+}
+
+code, pre, .lines, .ast {
+    font-family: Menlo, monospace;
+    font-size: 12px;
+}
+
+pre {
+    -moz-tab-size: 4;
+    -o-tab-size:   4;
+    tab-size:      4;
+}
+
+.allow-x-scroll {
+    overflow-x: scroll;
+}
+
+.lines {
+    float: left;
+    overflow: hidden;
+    text-align: right;
+}
+
+.lines div {
+    padding-right: 10px;
+    color: gray;
+}
+
+div.line-number {
+    font-size: 12px;
+}
+
+.ast {
+    white-space: nowrap;
+}
+
+td.ssa-prog {
+    width: 600px;
+    word-wrap: break-word;
+}
+
+li {
+    list-style-type: none;
+}
+
+li.ssa-long-value {
+    text-indent: -2em;  /* indent wrapped lines */
+}
+
+li.ssa-value-list {
+    display: inline;
+}
+
+li.ssa-start-block {
+    padding: 0;
+    margin: 0;
+}
+
+li.ssa-end-block {
+    padding: 0;
+    margin: 0;
+}
+
+ul.ssa-print-func {
+    padding-left: 0;
+}
+
+li.ssa-start-block button {
+    padding: 0 1em;
+    margin: 0;
+    border: none;
+    display: inline;
+    font-size: 14px;
+    float: right;
+}
+
+button:hover {
+    background-color: #eee;
+    cursor: pointer;
+}
+
+dl.ssa-gen {
+    padding-left: 0;
+}
+
+dt.ssa-prog-src {
+    padding: 0;
+    margin: 0;
+    float: left;
+    width: 4em;
+}
+
+dd.ssa-prog {
+    padding: 0;
+    margin-right: 0;
+    margin-left: 4em;
+}
+
+.dead-value {
+    color: gray;
+}
+
+.dead-block {
+    opacity: 0.5;
+}
+
+.depcycle {
+    font-style: italic;
+}
+
+.line-number {
+    font-size: 11px;
+}
+
+.no-line-number {
+    font-size: 11px;
+    color: gray;
+}
+
+.zoom {
+	position: absolute;
+	float: left;
+	white-space: nowrap;
+	background-color: #eee;
+}
+
+.zoom a:link, .zoom a:visited  {
+    text-decoration: none;
+    color: blue;
+    font-size: 16px;
+    padding: 4px 2px;
+}
+
+svg {
+    cursor: default;
+    outline: 1px solid #eee;
+}
+
+.highlight-aquamarine     { background-color: aquamarine; }
+.highlight-coral          { background-color: coral; }
+.highlight-lightpink      { background-color: lightpink; }
+.highlight-lightsteelblue { background-color: lightsteelblue; }
+.highlight-palegreen      { background-color: palegreen; }
+.highlight-skyblue        { background-color: skyblue; }
+.highlight-lightgray      { background-color: lightgray; }
+.highlight-yellow         { background-color: yellow; }
+.highlight-lime           { background-color: lime; }
+.highlight-khaki          { background-color: khaki; }
+.highlight-aqua           { background-color: aqua; }
+.highlight-salmon         { background-color: salmon; }
+
+.outline-blue           { outline: blue solid 2px; }
+.outline-red            { outline: red solid 2px; }
+.outline-blueviolet     { outline: blueviolet solid 2px; }
+.outline-darkolivegreen { outline: darkolivegreen solid 2px; }
+.outline-fuchsia        { outline: fuchsia solid 2px; }
+.outline-sienna         { outline: sienna solid 2px; }
+.outline-gold           { outline: gold solid 2px; }
+.outline-orangered      { outline: orangered solid 2px; }
+.outline-teal           { outline: teal solid 2px; }
+.outline-maroon         { outline: maroon solid 2px; }
+.outline-black          { outline: black solid 2px; }
+
+ellipse.outline-blue           { stroke-width: 2px; stroke: blue; }
+ellipse.outline-red            { stroke-width: 2px; stroke: red; }
+ellipse.outline-blueviolet     { stroke-width: 2px; stroke: blueviolet; }
+ellipse.outline-darkolivegreen { stroke-width: 2px; stroke: darkolivegreen; }
+ellipse.outline-fuchsia        { stroke-width: 2px; stroke: fuchsia; }
+ellipse.outline-sienna         { stroke-width: 2px; stroke: sienna; }
+ellipse.outline-gold           { stroke-width: 2px; stroke: gold; }
+ellipse.outline-orangered      { stroke-width: 2px; stroke: orangered; }
+ellipse.outline-teal           { stroke-width: 2px; stroke: teal; }
+ellipse.outline-maroon         { stroke-width: 2px; stroke: maroon; }
+ellipse.outline-black          { stroke-width: 2px; stroke: black; }
+
+</style>
+
+<script type="text/javascript">
+// ordered list of all available highlight colors
+var highlights = [
+    "highlight-aquamarine",
+    "highlight-coral",
+    "highlight-lightpink",
+    "highlight-lightsteelblue",
+    "highlight-palegreen",
+    "highlight-skyblue",
+    "highlight-lightgray",
+    "highlight-yellow",
+    "highlight-lime",
+    "highlight-khaki",
+    "highlight-aqua",
+    "highlight-salmon"
+];
+
+// state: which value is highlighted this color?
+var highlighted = {};
+for (var i = 0; i < highlights.length; i++) {
+    highlighted[highlights[i]] = "";
+}
+
+// ordered list of all available outline colors
+var outlines = [
+    "outline-blue",
+    "outline-red",
+    "outline-blueviolet",
+    "outline-darkolivegreen",
+    "outline-fuchsia",
+    "outline-sienna",
+    "outline-gold",
+    "outline-orangered",
+    "outline-teal",
+    "outline-maroon",
+    "outline-black"
+];
+
+// state: which value is outlined this color?
+var outlined = {};
+for (var i = 0; i < outlines.length; i++) {
+    outlined[outlines[i]] = "";
+}
+
+window.onload = function() {
+    var ssaElemClicked = function(elem, event, selections, selected) {
+        event.stopPropagation();
+
+        // TODO: pushState with updated state and read it on page load,
+        // so that state can survive across reloads
+
+        // find all values with the same name
+        var c = elem.classList.item(0);
+        var x = document.getElementsByClassName(c);
+
+        // if selected, remove selections from all of them
+        // otherwise, attempt to add
+
+        var remove = "";
+        for (var i = 0; i < selections.length; i++) {
+            var color = selections[i];
+            if (selected[color] == c) {
+                remove = color;
+                break;
+            }
+        }
+
+        if (remove != "") {
+            for (var i = 0; i < x.length; i++) {
+                x[i].classList.remove(remove);
+            }
+            selected[remove] = "";
+            return;
+        }
+
+        // we're adding a selection
+        // find first available color
+        var avail = "";
+        for (var i = 0; i < selections.length; i++) {
+            var color = selections[i];
+            if (selected[color] == "") {
+                avail = color;
+                break;
+            }
+        }
+        if (avail == "") {
+            alert("out of selection colors; go add more");
+            return;
+        }
+
+        // set that as the selection
+        for (var i = 0; i < x.length; i++) {
+            x[i].classList.add(avail);
+        }
+        selected[avail] = c;
+    };
+
+    var ssaValueClicked = function(event) {
+        ssaElemClicked(this, event, highlights, highlighted);
+    };
+
+    var ssaBlockClicked = function(event) {
+        ssaElemClicked(this, event, outlines, outlined);
+    };
+
+    var ssavalues = document.getElementsByClassName("ssa-value");
+    for (var i = 0; i < ssavalues.length; i++) {
+        ssavalues[i].addEventListener('click', ssaValueClicked);
+    }
+
+    var ssalongvalues = document.getElementsByClassName("ssa-long-value");
+    for (var i = 0; i < ssalongvalues.length; i++) {
+        // don't attach listeners to li nodes, just the spans they contain
+        if (ssalongvalues[i].nodeName == "SPAN") {
+            ssalongvalues[i].addEventListener('click', ssaValueClicked);
+        }
+    }
+
+    var ssablocks = document.getElementsByClassName("ssa-block");
+    for (var i = 0; i < ssablocks.length; i++) {
+        ssablocks[i].addEventListener('click', ssaBlockClicked);
+    }
+
+    var lines = document.getElementsByClassName("line-number");
+    for (var i = 0; i < lines.length; i++) {
+        lines[i].addEventListener('click', ssaValueClicked);
+    }
+
+    // Contains phase names which are expanded by default. Other columns are collapsed.
+    var expandedDefault = [
+        "start",
+        "deadcode",
+        "opt",
+        "lower",
+        "late deadcode",
+        "regalloc",
+        "genssa",
+    ];
+
+    function toggler(phase) {
+        return function() {
+            toggle_cell(phase+'-col');
+            toggle_cell(phase+'-exp');
+        };
+    }
+
+    function toggle_cell(id) {
+        var e = document.getElementById(id);
+        if (e.style.display == 'table-cell') {
+            e.style.display = 'none';
+        } else {
+            e.style.display = 'table-cell';
+        }
+    }
+
+    // Go through all columns and collapse needed phases.
+    var td = document.getElementsByTagName("td");
+    for (var i = 0; i < td.length; i++) {
+        var id = td[i].id;
+        var phase = id.substr(0, id.length-4);
+        var show = expandedDefault.indexOf(phase) !== -1
+        if (id.endsWith("-exp")) {
+            var h2 = td[i].getElementsByTagName("h2");
+            if (h2 && h2[0]) {
+                h2[0].addEventListener('click', toggler(phase));
+            }
+        } else {
+            td[i].addEventListener('click', toggler(phase));
+        }
+        if (id.endsWith("-col") && show || id.endsWith("-exp") && !show) {
+            td[i].style.display = 'none';
+            continue;
+        }
+        td[i].style.display = 'table-cell';
+    }
+
+    // find all svg block nodes, add their block classes
+    var nodes = document.querySelectorAll('*[id^="graph_node_"]');
+    for (var i = 0; i < nodes.length; i++) {
+    	var node = nodes[i];
+    	var name = node.id.toString();
+    	var block = name.substring(name.lastIndexOf("_")+1);
+    	node.classList.remove("node");
+    	node.classList.add(block);
+        node.addEventListener('click', ssaBlockClicked);
+        var ellipse = node.getElementsByTagName('ellipse')[0];
+        ellipse.classList.add(block);
+        ellipse.addEventListener('click', ssaBlockClicked);
+    }
+
+    // make big graphs smaller
+    var targetScale = 0.5;
+    var nodes = document.querySelectorAll('*[id^="svg_graph_"]');
+    // TODO: Implement smarter auto-zoom using the viewBox attribute
+    // and in case of big graphs set the width and height of the svg graph to
+    // maximum allowed.
+    for (var i = 0; i < nodes.length; i++) {
+    	var node = nodes[i];
+    	var name = node.id.toString();
+    	var phase = name.substring(name.lastIndexOf("_")+1);
+    	var gNode = document.getElementById("g_graph_"+phase);
+    	var scale = gNode.transform.baseVal.getItem(0).matrix.a;
+    	if (scale > targetScale) {
+    		node.width.baseVal.value *= targetScale / scale;
+    		node.height.baseVal.value *= targetScale / scale;
+    	}
+    }
+};
+
+function toggle_visibility(id) {
+    var e = document.getElementById(id);
+    if (e.style.display == 'block') {
+        e.style.display = 'none';
+    } else {
+        e.style.display = 'block';
+    }
+}
+
+function hideBlock(el) {
+    var es = el.parentNode.parentNode.getElementsByClassName("ssa-value-list");
+    if (es.length===0)
+        return;
+    var e = es[0];
+    if (e.style.display === 'block' || e.style.display === '') {
+        e.style.display = 'none';
+        el.innerHTML = '+';
+    } else {
+        e.style.display = 'block';
+        el.innerHTML = '-';
+    }
+}
+
+// TODO: scale the graph with the viewBox attribute.
+function graphReduce(id) {
+    var node = document.getElementById(id);
+    if (node) {
+    		node.width.baseVal.value *= 0.9;
+    		node.height.baseVal.value *= 0.9;
+    }
+    return false;
+}
+
+function graphEnlarge(id) {
+    var node = document.getElementById(id);
+    if (node) {
+    		node.width.baseVal.value *= 1.1;
+    		node.height.baseVal.value *= 1.1;
+    }
+    return false;
+}
+
+function makeDraggable(event) {
+    var svg = event.target;
+    if (window.PointerEvent) {
+        svg.addEventListener('pointerdown', startDrag);
+        svg.addEventListener('pointermove', drag);
+        svg.addEventListener('pointerup', endDrag);
+        svg.addEventListener('pointerleave', endDrag);
+    } else {
+        svg.addEventListener('mousedown', startDrag);
+        svg.addEventListener('mousemove', drag);
+        svg.addEventListener('mouseup', endDrag);
+        svg.addEventListener('mouseleave', endDrag);
+    }
+
+    var point = svg.createSVGPoint();
+    var isPointerDown = false;
+    var pointerOrigin;
+    var viewBox = svg.viewBox.baseVal;
+
+    function getPointFromEvent (event) {
+        point.x = event.clientX;
+        point.y = event.clientY;
+
+        // We get the current transformation matrix of the SVG and we inverse it
+        var invertedSVGMatrix = svg.getScreenCTM().inverse();
+        return point.matrixTransform(invertedSVGMatrix);
+    }
+
+    function startDrag(event) {
+        isPointerDown = true;
+        pointerOrigin = getPointFromEvent(event);
+    }
+
+    function drag(event) {
+        if (!isPointerDown) {
+            return;
+        }
+        event.preventDefault();
+
+        var pointerPosition = getPointFromEvent(event);
+        viewBox.x -= (pointerPosition.x - pointerOrigin.x);
+        viewBox.y -= (pointerPosition.y - pointerOrigin.y);
+    }
+
+    function endDrag(event) {
+        isPointerDown = false;
+    }
+}</script>
+
+</head>`)
+	w.WriteString("<body>")
+	w.WriteString("<h1>")
+	w.WriteString(html.EscapeString(name))
+	w.WriteString("</h1>")
+	w.WriteString(`
+<a href="#" onclick="toggle_visibility('help');return false;" id="helplink">help</a>
+<div id="help">
+
+<p>
+Click on a value or block to toggle highlighting of that value/block
+and its uses.  (Values and blocks are highlighted by ID, and IDs of
+dead items may be reused, so not all highlights necessarily correspond
+to the clicked item.)
+</p>
+
+<p>
+Faded out values and blocks are dead code that has not been eliminated.
+</p>
+
+<p>
+Values printed in italics have a dependency cycle.
+</p>
+
+<p>
+<b>CFG</b>: Dashed edge is for unlikely branches. Blue color is for backward edges.
+Edge with a dot means that this edge follows the order in which blocks were laidout.
+</p>
+
+</div>
+`)
+	w.WriteString("<table>")
+	w.WriteString("<tr>")
+}
+
+func (w *HTMLWriter) Close() {
+	if w == nil {
+		return
+	}
+	io.WriteString(w.w, "</tr>")
+	io.WriteString(w.w, "</table>")
+	io.WriteString(w.w, "</body>")
+	io.WriteString(w.w, "</html>")
+	w.w.Close()
+	fmt.Printf("dumped IR to %v\n", w.path)
+}
+
+// WriteFunc writes f in a column headed by title.
+// phase is used for collapsing columns and should be unique across the table.
+func (w *HTMLWriter) WriteFunc(phase, title string, f *Function) {
+	if w == nil {
+		return
+	}
+	w.WriteColumn(phase, title, "", funcHTML(f, phase, w.dot))
+}
+
+// WriteColumn writes raw HTML in a column headed by title.
+// It is intended for pre- and post-compilation log output.
+func (w *HTMLWriter) WriteColumn(phase, title, class, html string) {
+	if w == nil {
+		return
+	}
+	id := strings.Replace(phase, " ", "-", -1)
+	// collapsed column
+	w.Printf("<td id=\"%v-col\" class=\"collapsed\"><div>%v</div></td>", id, phase)
+
+	if class == "" {
+		w.Printf("<td id=\"%v-exp\">", id)
+	} else {
+		w.Printf("<td id=\"%v-exp\" class=\"%v\">", id, class)
+	}
+	w.WriteString("<h2>" + title + "</h2>")
+	w.WriteString(html)
+	w.WriteString("</td>")
+}
+
+func (w *HTMLWriter) Printf(msg string, v ...interface{}) {
+	if _, err := fmt.Fprintf(w.w, msg, v...); err != nil {
+		log.Fatalf("%v", err)
+	}
+}
+
+func (w *HTMLWriter) WriteString(s string) {
+	if _, err := io.WriteString(w.w, s); err != nil {
+		log.Fatalf("%v", err)
+	}
+}
+
+func valueHTML(v Node) string {
+	if v == nil {
+		return "&lt;nil&gt;"
+	}
+	// TODO: Using the value ID as the class ignores the fact
+	// that value IDs get recycled and that some values
+	// are transmuted into other values.
+	class := fmt.Sprintf("t%d", v.ID())
+	var label string
+	switch v := v.(type) {
+	case *Function:
+		label = v.RelString(nil)
+	case *Builtin:
+		label = v.Name()
+	default:
+		label = class
+	}
+	return fmt.Sprintf("<span class=\"%s ssa-value\">%s</span>", class, label)
+}
+
+func valueLongHTML(v Node) string {
+	// TODO: Any intra-value formatting?
+	// I'm wary of adding too much visual noise,
+	// but a little bit might be valuable.
+	// We already have visual noise in the form of punctuation
+	// maybe we could replace some of that with formatting.
+	s := fmt.Sprintf("<span class=\"t%d ssa-long-value\">", v.ID())
+
+	linenumber := "<span class=\"no-line-number\">(?)</span>"
+	if v.Pos().IsValid() {
+		line := v.Parent().Prog.Fset.Position(v.Pos()).Line
+		linenumber = fmt.Sprintf("<span class=\"l%v line-number\">(%d)</span>", line, line)
+	}
+
+	s += fmt.Sprintf("%s %s = %s", valueHTML(v), linenumber, opName(v))
+
+	if v, ok := v.(Value); ok {
+		s += " &lt;" + html.EscapeString(v.Type().String()) + "&gt;"
+	}
+
+	switch v := v.(type) {
+	case *Parameter:
+		s += fmt.Sprintf(" {%s}", html.EscapeString(v.name))
+	case *BinOp:
+		s += fmt.Sprintf(" {%s}", html.EscapeString(v.Op.String()))
+	case *UnOp:
+		s += fmt.Sprintf(" {%s}", html.EscapeString(v.Op.String()))
+	case *Extract:
+		name := v.Tuple.Type().(*types.Tuple).At(v.Index).Name()
+		s += fmt.Sprintf(" [%d] (%s)", v.Index, name)
+	case *Field:
+		st := v.X.Type().Underlying().(*types.Struct)
+		// Be robust against a bad index.
+		name := "?"
+		if 0 <= v.Field && v.Field < st.NumFields() {
+			name = st.Field(v.Field).Name()
+		}
+		s += fmt.Sprintf(" [%d] (%s)", v.Field, name)
+	case *FieldAddr:
+		st := deref(v.X.Type()).Underlying().(*types.Struct)
+		// Be robust against a bad index.
+		name := "?"
+		if 0 <= v.Field && v.Field < st.NumFields() {
+			name = st.Field(v.Field).Name()
+		}
+
+		s += fmt.Sprintf(" [%d] (%s)", v.Field, name)
+	case *Recv:
+		s += fmt.Sprintf(" {%t}", v.CommaOk)
+	case *Call:
+		if v.Common().IsInvoke() {
+			s += fmt.Sprintf(" {%s}", html.EscapeString(v.Common().Method.FullName()))
+		}
+	case *Const:
+		if v.Value == nil {
+			s += " {&lt;nil&gt;}"
+		} else {
+			s += fmt.Sprintf(" {%s}", html.EscapeString(v.Value.String()))
+		}
+	case *Sigma:
+		s += fmt.Sprintf(" [#%s]", v.From)
+	}
+	for _, a := range v.Operands(nil) {
+		s += fmt.Sprintf(" %s", valueHTML(*a))
+	}
+
+	// OPT(dh): we're calling namedValues many times on the same function.
+	allNames := namedValues(v.Parent())
+	var names []string
+	for name, values := range allNames {
+		for _, value := range values {
+			if v == value {
+				names = append(names, name.Name())
+				break
+			}
+		}
+	}
+	if len(names) != 0 {
+		s += " (" + strings.Join(names, ", ") + ")"
+	}
+
+	s += "</span>"
+	return s
+}
+
+func blockHTML(b *BasicBlock) string {
+	// TODO: Using the value ID as the class ignores the fact
+	// that value IDs get recycled and that some values
+	// are transmuted into other values.
+	s := html.EscapeString(b.String())
+	return fmt.Sprintf("<span class=\"%s ssa-block\">%s</span>", s, s)
+}
+
+func blockLongHTML(b *BasicBlock) string {
+	var kind string
+	var term Instruction
+	if len(b.Instrs) > 0 {
+		term = b.Control()
+		kind = opName(term)
+	}
+	// TODO: improve this for HTML?
+	s := fmt.Sprintf("<span class=\"b%d ssa-block\">%s</span>", b.Index, kind)
+
+	if term != nil {
+		ops := term.Operands(nil)
+		if len(ops) > 0 {
+			var ss []string
+			for _, op := range ops {
+				ss = append(ss, valueHTML(*op))
+			}
+			s += " " + strings.Join(ss, ", ")
+		}
+	}
+	if len(b.Succs) > 0 {
+		s += " &#8594;" // right arrow
+		for _, c := range b.Succs {
+			s += " " + blockHTML(c)
+		}
+	}
+	return s
+}
+
+func funcHTML(f *Function, phase string, dot *dotWriter) string {
+	buf := new(bytes.Buffer)
+	if dot != nil {
+		dot.writeFuncSVG(buf, phase, f)
+	}
+	fmt.Fprint(buf, "<code>")
+	p := htmlFuncPrinter{w: buf}
+	fprintFunc(p, f)
+
+	// fprintFunc(&buf, f) // TODO: HTML, not text, <br /> for line breaks, etc.
+	fmt.Fprint(buf, "</code>")
+	return buf.String()
+}
+
+type htmlFuncPrinter struct {
+	w io.Writer
+}
+
+func (p htmlFuncPrinter) startBlock(b *BasicBlock, reachable bool) {
+	var dead string
+	if !reachable {
+		dead = "dead-block"
+	}
+	fmt.Fprintf(p.w, "<ul class=\"%s ssa-print-func %s\">", b, dead)
+	fmt.Fprintf(p.w, "<li class=\"ssa-start-block\">%s:", blockHTML(b))
+	if len(b.Preds) > 0 {
+		io.WriteString(p.w, " &#8592;") // left arrow
+		for _, pred := range b.Preds {
+			fmt.Fprintf(p.w, " %s", blockHTML(pred))
+		}
+	}
+	if len(b.Instrs) > 0 {
+		io.WriteString(p.w, `<button onclick="hideBlock(this)">-</button>`)
+	}
+	io.WriteString(p.w, "</li>")
+	if len(b.Instrs) > 0 { // start list of values
+		io.WriteString(p.w, "<li class=\"ssa-value-list\">")
+		io.WriteString(p.w, "<ul>")
+	}
+}
+
+func (p htmlFuncPrinter) endBlock(b *BasicBlock) {
+	if len(b.Instrs) > 0 { // end list of values
+		io.WriteString(p.w, "</ul>")
+		io.WriteString(p.w, "</li>")
+	}
+	io.WriteString(p.w, "<li class=\"ssa-end-block\">")
+	fmt.Fprint(p.w, blockLongHTML(b))
+	io.WriteString(p.w, "</li>")
+	io.WriteString(p.w, "</ul>")
+}
+
+func (p htmlFuncPrinter) value(v Node, live bool) {
+	var dead string
+	if !live {
+		dead = "dead-value"
+	}
+	fmt.Fprintf(p.w, "<li class=\"ssa-long-value %s\">", dead)
+	fmt.Fprint(p.w, valueLongHTML(v))
+	io.WriteString(p.w, "</li>")
+}
+
+func (p htmlFuncPrinter) startDepCycle() {
+	fmt.Fprintln(p.w, "<span class=\"depcycle\">")
+}
+
+func (p htmlFuncPrinter) endDepCycle() {
+	fmt.Fprintln(p.w, "</span>")
+}
+
+func (p htmlFuncPrinter) named(n string, vals []Value) {
+	fmt.Fprintf(p.w, "<li>name %s: ", n)
+	for _, val := range vals {
+		fmt.Fprintf(p.w, "%s ", valueHTML(val))
+	}
+	fmt.Fprintf(p.w, "</li>")
+}
+
+type dotWriter struct {
+	path   string
+	broken bool
+}
+
+// newDotWriter returns non-nil value when mask is valid.
+// dotWriter will generate SVGs only for the phases specified in the mask.
+// mask can contain following patterns and combinations of them:
+// *   - all of them;
+// x-y - x through y, inclusive;
+// x,y - x and y, but not the passes between.
+func newDotWriter() *dotWriter {
+	path, err := exec.LookPath("dot")
+	if err != nil {
+		fmt.Println(err)
+		return nil
+	}
+	return &dotWriter{path: path}
+}
+
+func (d *dotWriter) writeFuncSVG(w io.Writer, phase string, f *Function) {
+	if d.broken {
+		return
+	}
+	cmd := exec.Command(d.path, "-Tsvg")
+	pipe, err := cmd.StdinPipe()
+	if err != nil {
+		d.broken = true
+		fmt.Println(err)
+		return
+	}
+	buf := new(bytes.Buffer)
+	cmd.Stdout = buf
+	bufErr := new(bytes.Buffer)
+	cmd.Stderr = bufErr
+	err = cmd.Start()
+	if err != nil {
+		d.broken = true
+		fmt.Println(err)
+		return
+	}
+	fmt.Fprint(pipe, `digraph "" { margin=0; size="4,40"; ranksep=.2; `)
+	id := strings.Replace(phase, " ", "-", -1)
+	fmt.Fprintf(pipe, `id="g_graph_%s";`, id)
+	fmt.Fprintf(pipe, `node [style=filled,fillcolor=white,fontsize=16,fontname="Menlo,Times,serif",margin="0.01,0.03"];`)
+	fmt.Fprintf(pipe, `edge [fontsize=16,fontname="Menlo,Times,serif"];`)
+	for _, b := range f.Blocks {
+		layout := ""
+		fmt.Fprintf(pipe, `%v [label="%v%s\n%v",id="graph_node_%v_%v"];`, b, b, layout, b.Control().String(), id, b)
+	}
+	indexOf := make([]int, len(f.Blocks))
+	for i, b := range f.Blocks {
+		indexOf[b.Index] = i
+	}
+
+	// XXX
+	/*
+		ponums := make([]int32, len(f.Blocks))
+		_ = postorderWithNumbering(f, ponums)
+		isBackEdge := func(from, to int) bool {
+			return ponums[from] <= ponums[to]
+		}
+	*/
+	isBackEdge := func(from, to int) bool { return false }
+
+	for _, b := range f.Blocks {
+		for i, s := range b.Succs {
+			style := "solid"
+			color := "black"
+			arrow := "vee"
+			if isBackEdge(b.Index, s.Index) {
+				color = "blue"
+			}
+			fmt.Fprintf(pipe, `%v -> %v [label=" %d ",style="%s",color="%s",arrowhead="%s"];`, b, s, i, style, color, arrow)
+		}
+	}
+	fmt.Fprint(pipe, "}")
+	pipe.Close()
+	err = cmd.Wait()
+	if err != nil {
+		d.broken = true
+		fmt.Printf("dot: %v\n%v\n", err, bufErr.String())
+		return
+	}
+
+	svgID := "svg_graph_" + id
+	fmt.Fprintf(w, `<div class="zoom"><button onclick="return graphReduce('%s');">-</button> <button onclick="return graphEnlarge('%s');">+</button></div>`, svgID, svgID)
+	// For now, an awful hack: edit the html as it passes through
+	// our fingers, finding '<svg ' and injecting needed attributes after it.
+	err = d.copyUntil(w, buf, `<svg `)
+	if err != nil {
+		fmt.Printf("injecting attributes: %v\n", err)
+		return
+	}
+	fmt.Fprintf(w, ` id="%s" onload="makeDraggable(evt)" width="100%%" `, svgID)
+	io.Copy(w, buf)
+}
+
+func (d *dotWriter) copyUntil(w io.Writer, buf *bytes.Buffer, sep string) error {
+	i := bytes.Index(buf.Bytes(), []byte(sep))
+	if i == -1 {
+		return fmt.Errorf("couldn't find dot sep %q", sep)
+	}
+	_, err := io.CopyN(w, buf, int64(i+len(sep)))
+	return err
+}
diff --git a/vendor/honnef.co/go/tools/ssa/identical.go b/vendor/honnef.co/go/tools/ir/identical.go
similarity index 88%
rename from vendor/honnef.co/go/tools/ssa/identical.go
rename to vendor/honnef.co/go/tools/ir/identical.go
index 53cbee10..4dbe4471 100644
--- a/vendor/honnef.co/go/tools/ssa/identical.go
+++ b/vendor/honnef.co/go/tools/ir/identical.go
@@ -1,6 +1,6 @@
 // +build go1.8
 
-package ssa
+package ir
 
 import "go/types"
 
diff --git a/vendor/honnef.co/go/tools/ssa/identical_17.go b/vendor/honnef.co/go/tools/ir/identical_17.go
similarity index 87%
rename from vendor/honnef.co/go/tools/ssa/identical_17.go
rename to vendor/honnef.co/go/tools/ir/identical_17.go
index da89d333..3968fa78 100644
--- a/vendor/honnef.co/go/tools/ssa/identical_17.go
+++ b/vendor/honnef.co/go/tools/ir/identical_17.go
@@ -1,6 +1,6 @@
 // +build !go1.8
 
-package ssa
+package ir
 
 import "go/types"
 
diff --git a/vendor/honnef.co/go/tools/ir/irutil/load.go b/vendor/honnef.co/go/tools/ir/irutil/load.go
new file mode 100644
index 00000000..a62df49e
--- /dev/null
+++ b/vendor/honnef.co/go/tools/ir/irutil/load.go
@@ -0,0 +1,183 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package irutil
+
+// This file defines utility functions for constructing programs in IR form.
+
+import (
+	"go/ast"
+	"go/token"
+	"go/types"
+
+	"golang.org/x/tools/go/loader"
+	"golang.org/x/tools/go/packages"
+	"honnef.co/go/tools/ir"
+)
+
+type Options struct {
+	// Which function, if any, to print in HTML form
+	PrintFunc string
+}
+
+// Packages creates an IR program for a set of packages.
+//
+// The packages must have been loaded from source syntax using the
+// golang.org/x/tools/go/packages.Load function in LoadSyntax or
+// LoadAllSyntax mode.
+//
+// Packages creates an IR package for each well-typed package in the
+// initial list, plus all their dependencies. The resulting list of
+// packages corresponds to the list of initial packages, and may contain
+// a nil if IR code could not be constructed for the corresponding initial
+// package due to type errors.
+//
+// Code for bodies of functions is not built until Build is called on
+// the resulting Program. IR code is constructed only for the initial
+// packages with well-typed syntax trees.
+//
+// The mode parameter controls diagnostics and checking during IR construction.
+//
+func Packages(initial []*packages.Package, mode ir.BuilderMode, opts *Options) (*ir.Program, []*ir.Package) {
+	return doPackages(initial, mode, false, opts)
+}
+
+// AllPackages creates an IR program for a set of packages plus all
+// their dependencies.
+//
+// The packages must have been loaded from source syntax using the
+// golang.org/x/tools/go/packages.Load function in LoadAllSyntax mode.
+//
+// AllPackages creates an IR package for each well-typed package in the
+// initial list, plus all their dependencies. The resulting list of
+// packages corresponds to the list of initial packages, and may contain
+// a nil if IR code could not be constructed for the corresponding
+// initial package due to type errors.
+//
+// Code for bodies of functions is not built until Build is called on
+// the resulting Program. IR code is constructed for all packages with
+// well-typed syntax trees.
+//
+// The mode parameter controls diagnostics and checking during IR construction.
+//
+func AllPackages(initial []*packages.Package, mode ir.BuilderMode, opts *Options) (*ir.Program, []*ir.Package) {
+	return doPackages(initial, mode, true, opts)
+}
+
+func doPackages(initial []*packages.Package, mode ir.BuilderMode, deps bool, opts *Options) (*ir.Program, []*ir.Package) {
+
+	var fset *token.FileSet
+	if len(initial) > 0 {
+		fset = initial[0].Fset
+	}
+
+	prog := ir.NewProgram(fset, mode)
+	if opts != nil {
+		prog.PrintFunc = opts.PrintFunc
+	}
+
+	isInitial := make(map[*packages.Package]bool, len(initial))
+	for _, p := range initial {
+		isInitial[p] = true
+	}
+
+	irmap := make(map[*packages.Package]*ir.Package)
+	packages.Visit(initial, nil, func(p *packages.Package) {
+		if p.Types != nil && !p.IllTyped {
+			var files []*ast.File
+			if deps || isInitial[p] {
+				files = p.Syntax
+			}
+			irmap[p] = prog.CreatePackage(p.Types, files, p.TypesInfo, true)
+		}
+	})
+
+	var irpkgs []*ir.Package
+	for _, p := range initial {
+		irpkgs = append(irpkgs, irmap[p]) // may be nil
+	}
+	return prog, irpkgs
+}
+
+// CreateProgram returns a new program in IR form, given a program
+// loaded from source.  An IR package is created for each transitively
+// error-free package of lprog.
+//
+// Code for bodies of functions is not built until Build is called
+// on the result.
+//
+// The mode parameter controls diagnostics and checking during IR construction.
+//
+// Deprecated: use golang.org/x/tools/go/packages and the Packages
+// function instead; see ir.ExampleLoadPackages.
+//
+func CreateProgram(lprog *loader.Program, mode ir.BuilderMode) *ir.Program {
+	prog := ir.NewProgram(lprog.Fset, mode)
+
+	for _, info := range lprog.AllPackages {
+		if info.TransitivelyErrorFree {
+			prog.CreatePackage(info.Pkg, info.Files, &info.Info, info.Importable)
+		}
+	}
+
+	return prog
+}
+
+// BuildPackage builds an IR program with IR for a single package.
+//
+// It populates pkg by type-checking the specified file ASTs.  All
+// dependencies are loaded using the importer specified by tc, which
+// typically loads compiler export data; IR code cannot be built for
+// those packages.  BuildPackage then constructs an ir.Program with all
+// dependency packages created, and builds and returns the IR package
+// corresponding to pkg.
+//
+// The caller must have set pkg.Path() to the import path.
+//
+// The operation fails if there were any type-checking or import errors.
+//
+// See ../ir/example_test.go for an example.
+//
+func BuildPackage(tc *types.Config, fset *token.FileSet, pkg *types.Package, files []*ast.File, mode ir.BuilderMode) (*ir.Package, *types.Info, error) {
+	if fset == nil {
+		panic("no token.FileSet")
+	}
+	if pkg.Path() == "" {
+		panic("package has no import path")
+	}
+
+	info := &types.Info{
+		Types:      make(map[ast.Expr]types.TypeAndValue),
+		Defs:       make(map[*ast.Ident]types.Object),
+		Uses:       make(map[*ast.Ident]types.Object),
+		Implicits:  make(map[ast.Node]types.Object),
+		Scopes:     make(map[ast.Node]*types.Scope),
+		Selections: make(map[*ast.SelectorExpr]*types.Selection),
+	}
+	if err := types.NewChecker(tc, fset, pkg, info).Files(files); err != nil {
+		return nil, nil, err
+	}
+
+	prog := ir.NewProgram(fset, mode)
+
+	// Create IR packages for all imports.
+	// Order is not significant.
+	created := make(map[*types.Package]bool)
+	var createAll func(pkgs []*types.Package)
+	createAll = func(pkgs []*types.Package) {
+		for _, p := range pkgs {
+			if !created[p] {
+				created[p] = true
+				prog.CreatePackage(p, nil, nil, true)
+				createAll(p.Imports())
+			}
+		}
+	}
+	createAll(pkg.Imports())
+
+	// Create and build the primary package.
+	irpkg := prog.CreatePackage(pkg, files, info, false)
+	irpkg.Build()
+	return irpkg, info, nil
+}
diff --git a/vendor/honnef.co/go/tools/ir/irutil/switch.go b/vendor/honnef.co/go/tools/ir/irutil/switch.go
new file mode 100644
index 00000000..f44cbca9
--- /dev/null
+++ b/vendor/honnef.co/go/tools/ir/irutil/switch.go
@@ -0,0 +1,264 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package irutil
+
+// This file implements discovery of switch and type-switch constructs
+// from low-level control flow.
+//
+// Many techniques exist for compiling a high-level switch with
+// constant cases to efficient machine code.  The optimal choice will
+// depend on the data type, the specific case values, the code in the
+// body of each case, and the hardware.
+// Some examples:
+// - a lookup table (for a switch that maps constants to constants)
+// - a computed goto
+// - a binary tree
+// - a perfect hash
+// - a two-level switch (to partition constant strings by their first byte).
+
+import (
+	"bytes"
+	"fmt"
+	"go/token"
+	"go/types"
+
+	"honnef.co/go/tools/ir"
+)
+
+// A ConstCase represents a single constant comparison.
+// It is part of a Switch.
+type ConstCase struct {
+	Block *ir.BasicBlock // block performing the comparison
+	Body  *ir.BasicBlock // body of the case
+	Value *ir.Const      // case comparand
+}
+
+// A TypeCase represents a single type assertion.
+// It is part of a Switch.
+type TypeCase struct {
+	Block   *ir.BasicBlock // block performing the type assert
+	Body    *ir.BasicBlock // body of the case
+	Type    types.Type     // case type
+	Binding ir.Value       // value bound by this case
+}
+
+// A Switch is a logical high-level control flow operation
+// (a multiway branch) discovered by analysis of a CFG containing
+// only if/else chains.  It is not part of the ir.Instruction set.
+//
+// One of ConstCases and TypeCases has length >= 2;
+// the other is nil.
+//
+// In a value switch, the list of cases may contain duplicate constants.
+// A type switch may contain duplicate types, or types assignable
+// to an interface type also in the list.
+// TODO(adonovan): eliminate such duplicates.
+//
+type Switch struct {
+	Start      *ir.BasicBlock // block containing start of if/else chain
+	X          ir.Value       // the switch operand
+	ConstCases []ConstCase    // ordered list of constant comparisons
+	TypeCases  []TypeCase     // ordered list of type assertions
+	Default    *ir.BasicBlock // successor if all comparisons fail
+}
+
+func (sw *Switch) String() string {
+	// We represent each block by the String() of its
+	// first Instruction, e.g. "print(42:int)".
+	var buf bytes.Buffer
+	if sw.ConstCases != nil {
+		fmt.Fprintf(&buf, "switch %s {\n", sw.X.Name())
+		for _, c := range sw.ConstCases {
+			fmt.Fprintf(&buf, "case %s: %s\n", c.Value.Name(), c.Body.Instrs[0])
+		}
+	} else {
+		fmt.Fprintf(&buf, "switch %s.(type) {\n", sw.X.Name())
+		for _, c := range sw.TypeCases {
+			fmt.Fprintf(&buf, "case %s %s: %s\n",
+				c.Binding.Name(), c.Type, c.Body.Instrs[0])
+		}
+	}
+	if sw.Default != nil {
+		fmt.Fprintf(&buf, "default: %s\n", sw.Default.Instrs[0])
+	}
+	fmt.Fprintf(&buf, "}")
+	return buf.String()
+}
+
+// Switches examines the control-flow graph of fn and returns the
+// set of inferred value and type switches.  A value switch tests an
+// ir.Value for equality against two or more compile-time constant
+// values.  Switches involving link-time constants (addresses) are
+// ignored.  A type switch type-asserts an ir.Value against two or
+// more types.
+//
+// The switches are returned in dominance order.
+//
+// The resulting switches do not necessarily correspond to uses of the
+// 'switch' keyword in the source: for example, a single source-level
+// switch statement with non-constant cases may result in zero, one or
+// many Switches, one per plural sequence of constant cases.
+// Switches may even be inferred from if/else- or goto-based control flow.
+// (In general, the control flow constructs of the source program
+// cannot be faithfully reproduced from the IR.)
+//
+func Switches(fn *ir.Function) []Switch {
+	// Traverse the CFG in dominance order, so we don't
+	// enter an if/else-chain in the middle.
+	var switches []Switch
+	seen := make(map[*ir.BasicBlock]bool) // TODO(adonovan): opt: use ir.blockSet
+	for _, b := range fn.DomPreorder() {
+		if x, k := isComparisonBlock(b); x != nil {
+			// Block b starts a switch.
+			sw := Switch{Start: b, X: x}
+			valueSwitch(&sw, k, seen)
+			if len(sw.ConstCases) > 1 {
+				switches = append(switches, sw)
+			}
+		}
+
+		if y, x, T := isTypeAssertBlock(b); y != nil {
+			// Block b starts a type switch.
+			sw := Switch{Start: b, X: x}
+			typeSwitch(&sw, y, T, seen)
+			if len(sw.TypeCases) > 1 {
+				switches = append(switches, sw)
+			}
+		}
+	}
+	return switches
+}
+
+func isSameX(x1 ir.Value, x2 ir.Value) bool {
+	if x1 == x2 {
+		return true
+	}
+	if x2, ok := x2.(*ir.Sigma); ok {
+		return isSameX(x1, x2.X)
+	}
+	return false
+}
+
+func valueSwitch(sw *Switch, k *ir.Const, seen map[*ir.BasicBlock]bool) {
+	b := sw.Start
+	x := sw.X
+	for isSameX(sw.X, x) {
+		if seen[b] {
+			break
+		}
+		seen[b] = true
+
+		sw.ConstCases = append(sw.ConstCases, ConstCase{
+			Block: b,
+			Body:  b.Succs[0],
+			Value: k,
+		})
+		b = b.Succs[1]
+		n := 0
+		for _, instr := range b.Instrs {
+			switch instr.(type) {
+			case *ir.If, *ir.BinOp:
+				n++
+			case *ir.Sigma, *ir.Phi, *ir.DebugRef:
+			default:
+				n += 1000
+			}
+		}
+		if n != 2 {
+			// Block b contains not just 'if x == k' and σ/ϕ nodes,
+			// so it may have side effects that
+			// make it unsafe to elide.
+			break
+		}
+		if len(b.Preds) != 1 {
+			// Block b has multiple predecessors,
+			// so it cannot be treated as a case.
+			break
+		}
+		x, k = isComparisonBlock(b)
+	}
+	sw.Default = b
+}
+
+func typeSwitch(sw *Switch, y ir.Value, T types.Type, seen map[*ir.BasicBlock]bool) {
+	b := sw.Start
+	x := sw.X
+	for isSameX(sw.X, x) {
+		if seen[b] {
+			break
+		}
+		seen[b] = true
+
+		sw.TypeCases = append(sw.TypeCases, TypeCase{
+			Block:   b,
+			Body:    b.Succs[0],
+			Type:    T,
+			Binding: y,
+		})
+		b = b.Succs[1]
+		n := 0
+		for _, instr := range b.Instrs {
+			switch instr.(type) {
+			case *ir.TypeAssert, *ir.Extract, *ir.If:
+				n++
+			case *ir.Sigma, *ir.Phi:
+			default:
+				n += 1000
+			}
+		}
+		if n != 4 {
+			// Block b contains not just
+			//  {TypeAssert; Extract #0; Extract #1; If}
+			// so it may have side effects that
+			// make it unsafe to elide.
+			break
+		}
+		if len(b.Preds) != 1 {
+			// Block b has multiple predecessors,
+			// so it cannot be treated as a case.
+			break
+		}
+		y, x, T = isTypeAssertBlock(b)
+	}
+	sw.Default = b
+}
+
+// isComparisonBlock returns the operands (v, k) if a block ends with
+// a comparison v==k, where k is a compile-time constant.
+//
+func isComparisonBlock(b *ir.BasicBlock) (v ir.Value, k *ir.Const) {
+	if n := len(b.Instrs); n >= 2 {
+		if i, ok := b.Instrs[n-1].(*ir.If); ok {
+			if binop, ok := i.Cond.(*ir.BinOp); ok && binop.Block() == b && binop.Op == token.EQL {
+				if k, ok := binop.Y.(*ir.Const); ok {
+					return binop.X, k
+				}
+				if k, ok := binop.X.(*ir.Const); ok {
+					return binop.Y, k
+				}
+			}
+		}
+	}
+	return
+}
+
+// isTypeAssertBlock returns the operands (y, x, T) if a block ends with
+// a type assertion "if y, ok := x.(T); ok {".
+//
+func isTypeAssertBlock(b *ir.BasicBlock) (y, x ir.Value, T types.Type) {
+	if n := len(b.Instrs); n >= 4 {
+		if i, ok := b.Instrs[n-1].(*ir.If); ok {
+			if ext1, ok := i.Cond.(*ir.Extract); ok && ext1.Block() == b && ext1.Index == 1 {
+				if ta, ok := ext1.Tuple.(*ir.TypeAssert); ok && ta.Block() == b {
+					// hack: relies upon instruction ordering.
+					if ext0, ok := b.Instrs[n-3].(*ir.Extract); ok {
+						return ext0, ta.X, ta.AssertedType
+					}
+				}
+			}
+		}
+	}
+	return
+}
diff --git a/vendor/honnef.co/go/tools/ir/irutil/util.go b/vendor/honnef.co/go/tools/ir/irutil/util.go
new file mode 100644
index 00000000..04b25f5f
--- /dev/null
+++ b/vendor/honnef.co/go/tools/ir/irutil/util.go
@@ -0,0 +1,70 @@
+package irutil
+
+import (
+	"honnef.co/go/tools/ir"
+)
+
+func Reachable(from, to *ir.BasicBlock) bool {
+	if from == to {
+		return true
+	}
+	if from.Dominates(to) {
+		return true
+	}
+
+	found := false
+	Walk(from, func(b *ir.BasicBlock) bool {
+		if b == to {
+			found = true
+			return false
+		}
+		return true
+	})
+	return found
+}
+
+func Walk(b *ir.BasicBlock, fn func(*ir.BasicBlock) bool) {
+	seen := map[*ir.BasicBlock]bool{}
+	wl := []*ir.BasicBlock{b}
+	for len(wl) > 0 {
+		b := wl[len(wl)-1]
+		wl = wl[:len(wl)-1]
+		if seen[b] {
+			continue
+		}
+		seen[b] = true
+		if !fn(b) {
+			continue
+		}
+		wl = append(wl, b.Succs...)
+	}
+}
+
+func Vararg(x *ir.Slice) ([]ir.Value, bool) {
+	var out []ir.Value
+	slice, ok := x.X.(*ir.Alloc)
+	if !ok {
+		return nil, false
+	}
+	for _, ref := range *slice.Referrers() {
+		if ref == x {
+			continue
+		}
+		if ref.Block() != x.Block() {
+			return nil, false
+		}
+		idx, ok := ref.(*ir.IndexAddr)
+		if !ok {
+			return nil, false
+		}
+		if len(*idx.Referrers()) != 1 {
+			return nil, false
+		}
+		store, ok := (*idx.Referrers())[0].(*ir.Store)
+		if !ok {
+			return nil, false
+		}
+		out = append(out, store.Val)
+	}
+	return out, true
+}
diff --git a/vendor/honnef.co/go/tools/ir/irutil/visit.go b/vendor/honnef.co/go/tools/ir/irutil/visit.go
new file mode 100644
index 00000000..657c9cde
--- /dev/null
+++ b/vendor/honnef.co/go/tools/ir/irutil/visit.go
@@ -0,0 +1,79 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package irutil // import "honnef.co/go/tools/ir/irutil"
+
+import "honnef.co/go/tools/ir"
+
+// This file defines utilities for visiting the IR of
+// a Program.
+//
+// TODO(adonovan): test coverage.
+
+// AllFunctions finds and returns the set of functions potentially
+// needed by program prog, as determined by a simple linker-style
+// reachability algorithm starting from the members and method-sets of
+// each package.  The result may include anonymous functions and
+// synthetic wrappers.
+//
+// Precondition: all packages are built.
+//
+func AllFunctions(prog *ir.Program) map[*ir.Function]bool {
+	visit := visitor{
+		prog: prog,
+		seen: make(map[*ir.Function]bool),
+	}
+	visit.program()
+	return visit.seen
+}
+
+type visitor struct {
+	prog *ir.Program
+	seen map[*ir.Function]bool
+}
+
+func (visit *visitor) program() {
+	for _, pkg := range visit.prog.AllPackages() {
+		for _, mem := range pkg.Members {
+			if fn, ok := mem.(*ir.Function); ok {
+				visit.function(fn)
+			}
+		}
+	}
+	for _, T := range visit.prog.RuntimeTypes() {
+		mset := visit.prog.MethodSets.MethodSet(T)
+		for i, n := 0, mset.Len(); i < n; i++ {
+			visit.function(visit.prog.MethodValue(mset.At(i)))
+		}
+	}
+}
+
+func (visit *visitor) function(fn *ir.Function) {
+	if !visit.seen[fn] {
+		visit.seen[fn] = true
+		var buf [10]*ir.Value // avoid alloc in common case
+		for _, b := range fn.Blocks {
+			for _, instr := range b.Instrs {
+				for _, op := range instr.Operands(buf[:0]) {
+					if fn, ok := (*op).(*ir.Function); ok {
+						visit.function(fn)
+					}
+				}
+			}
+		}
+	}
+}
+
+// MainPackages returns the subset of the specified packages
+// named "main" that define a main function.
+// The result may include synthetic "testmain" packages.
+func MainPackages(pkgs []*ir.Package) []*ir.Package {
+	var mains []*ir.Package
+	for _, pkg := range pkgs {
+		if pkg.Pkg.Name() == "main" && pkg.Func("main") != nil {
+			mains = append(mains, pkg)
+		}
+	}
+	return mains
+}
diff --git a/vendor/honnef.co/go/tools/ir/lift.go b/vendor/honnef.co/go/tools/ir/lift.go
new file mode 100644
index 00000000..71d5c8cb
--- /dev/null
+++ b/vendor/honnef.co/go/tools/ir/lift.go
@@ -0,0 +1,1063 @@
+// Copyright 2013 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package ir
+
+// This file defines the lifting pass which tries to "lift" Alloc
+// cells (new/local variables) into SSA registers, replacing loads
+// with the dominating stored value, eliminating loads and stores, and
+// inserting φ- and σ-nodes as needed.
+
+// Cited papers and resources:
+//
+// Ron Cytron et al. 1991. Efficiently computing SSA form...
+// http://doi.acm.org/10.1145/115372.115320
+//
+// Cooper, Harvey, Kennedy.  2001.  A Simple, Fast Dominance Algorithm.
+// Software Practice and Experience 2001, 4:1-10.
+// http://www.hipersoft.rice.edu/grads/publications/dom14.pdf
+//
+// Daniel Berlin, llvmdev mailing list, 2012.
+// http://lists.cs.uiuc.edu/pipermail/llvmdev/2012-January/046638.html
+// (Be sure to expand the whole thread.)
+//
+// C. Scott Ananian. 1997. The static single information form.
+//
+// Jeremy Singer. 2006. Static program analysis based on virtual register renaming.
+
+// TODO(adonovan): opt: there are many optimizations worth evaluating, and
+// the conventional wisdom for SSA construction is that a simple
+// algorithm well engineered often beats those of better asymptotic
+// complexity on all but the most egregious inputs.
+//
+// Danny Berlin suggests that the Cooper et al. algorithm for
+// computing the dominance frontier is superior to Cytron et al.
+// Furthermore he recommends that rather than computing the DF for the
+// whole function then renaming all alloc cells, it may be cheaper to
+// compute the DF for each alloc cell separately and throw it away.
+//
+// Consider exploiting liveness information to avoid creating dead
+// φ-nodes which we then immediately remove.
+//
+// Also see many other "TODO: opt" suggestions in the code.
+
+import (
+	"fmt"
+	"go/types"
+	"os"
+)
+
+// If true, show diagnostic information at each step of lifting.
+// Very verbose.
+const debugLifting = false
+
+// domFrontier maps each block to the set of blocks in its dominance
+// frontier.  The outer slice is conceptually a map keyed by
+// Block.Index.  The inner slice is conceptually a set, possibly
+// containing duplicates.
+//
+// TODO(adonovan): opt: measure impact of dups; consider a packed bit
+// representation, e.g. big.Int, and bitwise parallel operations for
+// the union step in the Children loop.
+//
+// domFrontier's methods mutate the slice's elements but not its
+// length, so their receivers needn't be pointers.
+//
+type domFrontier [][]*BasicBlock
+
+func (df domFrontier) add(u, v *BasicBlock) {
+	df[u.Index] = append(df[u.Index], v)
+}
+
+// build builds the dominance frontier df for the dominator tree of
+// fn, using the algorithm found in A Simple, Fast Dominance
+// Algorithm, Figure 5.
+//
+// TODO(adonovan): opt: consider Berlin approach, computing pruned SSA
+// by pruning the entire IDF computation, rather than merely pruning
+// the DF -> IDF step.
+func (df domFrontier) build(fn *Function) {
+	for _, b := range fn.Blocks {
+		if len(b.Preds) >= 2 {
+			for _, p := range b.Preds {
+				runner := p
+				for runner != b.dom.idom {
+					df.add(runner, b)
+					runner = runner.dom.idom
+				}
+			}
+		}
+	}
+}
+
+func buildDomFrontier(fn *Function) domFrontier {
+	df := make(domFrontier, len(fn.Blocks))
+	df.build(fn)
+	return df
+}
+
+type postDomFrontier [][]*BasicBlock
+
+func (rdf postDomFrontier) add(u, v *BasicBlock) {
+	rdf[u.Index] = append(rdf[u.Index], v)
+}
+
+func (rdf postDomFrontier) build(fn *Function) {
+	for _, b := range fn.Blocks {
+		if len(b.Succs) >= 2 {
+			for _, s := range b.Succs {
+				runner := s
+				for runner != b.pdom.idom {
+					rdf.add(runner, b)
+					runner = runner.pdom.idom
+				}
+			}
+		}
+	}
+}
+
+func buildPostDomFrontier(fn *Function) postDomFrontier {
+	rdf := make(postDomFrontier, len(fn.Blocks))
+	rdf.build(fn)
+	return rdf
+}
+
+func removeInstr(refs []Instruction, instr Instruction) []Instruction {
+	i := 0
+	for _, ref := range refs {
+		if ref == instr {
+			continue
+		}
+		refs[i] = ref
+		i++
+	}
+	for j := i; j != len(refs); j++ {
+		refs[j] = nil // aid GC
+	}
+	return refs[:i]
+}
+
+func clearInstrs(instrs []Instruction) {
+	for i := range instrs {
+		instrs[i] = nil
+	}
+}
+
+// lift replaces local and new Allocs accessed only with
+// load/store by IR registers, inserting φ- and σ-nodes where necessary.
+// The result is a program in pruned SSI form.
+//
+// Preconditions:
+// - fn has no dead blocks (blockopt has run).
+// - Def/use info (Operands and Referrers) is up-to-date.
+// - The dominator tree is up-to-date.
+//
+func lift(fn *Function) {
+	// TODO(adonovan): opt: lots of little optimizations may be
+	// worthwhile here, especially if they cause us to avoid
+	// buildDomFrontier.  For example:
+	//
+	// - Alloc never loaded?  Eliminate.
+	// - Alloc never stored?  Replace all loads with a zero constant.
+	// - Alloc stored once?  Replace loads with dominating store;
+	//   don't forget that an Alloc is itself an effective store
+	//   of zero.
+	// - Alloc used only within a single block?
+	//   Use degenerate algorithm avoiding φ-nodes.
+	// - Consider synergy with scalar replacement of aggregates (SRA).
+	//   e.g. *(&x.f) where x is an Alloc.
+	//   Perhaps we'd get better results if we generated this as x.f
+	//   i.e. Field(x, .f) instead of Load(FieldIndex(x, .f)).
+	//   Unclear.
+	//
+	// But we will start with the simplest correct code.
+	var df domFrontier
+	var rdf postDomFrontier
+	var closure *closure
+	var newPhis newPhiMap
+	var newSigmas newSigmaMap
+
+	// During this pass we will replace some BasicBlock.Instrs
+	// (allocs, loads and stores) with nil, keeping a count in
+	// BasicBlock.gaps.  At the end we will reset Instrs to the
+	// concatenation of all non-dead newPhis and non-nil Instrs
+	// for the block, reusing the original array if space permits.
+
+	// While we're here, we also eliminate 'rundefers'
+	// instructions in functions that contain no 'defer'
+	// instructions.
+	usesDefer := false
+
+	// Determine which allocs we can lift and number them densely.
+	// The renaming phase uses this numbering for compact maps.
+	numAllocs := 0
+	for _, b := range fn.Blocks {
+		b.gaps = 0
+		b.rundefers = 0
+		for _, instr := range b.Instrs {
+			switch instr := instr.(type) {
+			case *Alloc:
+				if !liftable(instr) {
+					instr.index = -1
+					continue
+				}
+				index := -1
+				if numAllocs == 0 {
+					df = buildDomFrontier(fn)
+					rdf = buildPostDomFrontier(fn)
+					if len(fn.Blocks) > 2 {
+						closure = transitiveClosure(fn)
+					}
+					newPhis = make(newPhiMap, len(fn.Blocks))
+					newSigmas = make(newSigmaMap, len(fn.Blocks))
+
+					if debugLifting {
+						title := false
+						for i, blocks := range df {
+							if blocks != nil {
+								if !title {
+									fmt.Fprintf(os.Stderr, "Dominance frontier of %s:\n", fn)
+									title = true
+								}
+								fmt.Fprintf(os.Stderr, "\t%s: %s\n", fn.Blocks[i], blocks)
+							}
+						}
+					}
+				}
+				liftAlloc(closure, df, rdf, instr, newPhis, newSigmas)
+				index = numAllocs
+				numAllocs++
+				instr.index = index
+			case *Defer:
+				usesDefer = true
+			case *RunDefers:
+				b.rundefers++
+			}
+		}
+	}
+
+	if numAllocs > 0 {
+		// renaming maps an alloc (keyed by index) to its replacement
+		// value.  Initially the renaming contains nil, signifying the
+		// zero constant of the appropriate type; we construct the
+		// Const lazily at most once on each path through the domtree.
+		// TODO(adonovan): opt: cache per-function not per subtree.
+		renaming := make([]Value, numAllocs)
+
+		// Renaming.
+		rename(fn.Blocks[0], renaming, newPhis, newSigmas)
+
+		simplifyPhis(newPhis)
+
+		// Eliminate dead φ- and σ-nodes.
+		markLiveNodes(fn.Blocks, newPhis, newSigmas)
+	}
+
+	// Prepend remaining live φ-nodes to each block and possibly kill rundefers.
+	for _, b := range fn.Blocks {
+		var head []Instruction
+		if numAllocs > 0 {
+			nps := newPhis[b.Index]
+			head = make([]Instruction, 0, len(nps))
+			for _, pred := range b.Preds {
+				nss := newSigmas[pred.Index]
+				idx := pred.succIndex(b)
+				for _, newSigma := range nss {
+					if sigma := newSigma.sigmas[idx]; sigma != nil && sigma.live {
+						head = append(head, sigma)
+
+						// we didn't populate referrers before, as most
+						// sigma nodes will be killed
+						if refs := sigma.X.Referrers(); refs != nil {
+							*refs = append(*refs, sigma)
+						}
+					} else if sigma != nil {
+						sigma.block = nil
+					}
+				}
+			}
+			for _, np := range nps {
+				if np.phi.live {
+					head = append(head, np.phi)
+				} else {
+					for _, edge := range np.phi.Edges {
+						if refs := edge.Referrers(); refs != nil {
+							*refs = removeInstr(*refs, np.phi)
+						}
+					}
+					np.phi.block = nil
+				}
+			}
+		}
+
+		rundefersToKill := b.rundefers
+		if usesDefer {
+			rundefersToKill = 0
+		}
+
+		j := len(head)
+		if j+b.gaps+rundefersToKill == 0 {
+			continue // fast path: no new phis or gaps
+		}
+
+		// We could do straight copies instead of element-wise copies
+		// when both b.gaps and rundefersToKill are zero. However,
+		// that seems to only be the case ~1% of the time, which
+		// doesn't seem worth the extra branch.
+
+		// Remove dead instructions, add phis and sigmas
+		ns := len(b.Instrs) + j - b.gaps - rundefersToKill
+		if ns <= cap(b.Instrs) {
+			// b.Instrs has enough capacity to store all instructions
+
+			// OPT(dh): check cap vs the actually required space; if
+			// there is a big enough difference, it may be worth
+			// allocating a new slice, to avoid pinning memory.
+			dst := b.Instrs[:cap(b.Instrs)]
+			i := len(dst) - 1
+			for n := len(b.Instrs) - 1; n >= 0; n-- {
+				instr := dst[n]
+				if instr == nil {
+					continue
+				}
+				if !usesDefer {
+					if _, ok := instr.(*RunDefers); ok {
+						continue
+					}
+				}
+				dst[i] = instr
+				i--
+			}
+			off := i + 1 - len(head)
+			// aid GC
+			clearInstrs(dst[:off])
+			dst = dst[off:]
+			copy(dst, head)
+			b.Instrs = dst
+		} else {
+			// not enough space, so allocate a new slice and copy
+			// over.
+			dst := make([]Instruction, ns)
+			copy(dst, head)
+
+			for _, instr := range b.Instrs {
+				if instr == nil {
+					continue
+				}
+				if !usesDefer {
+					if _, ok := instr.(*RunDefers); ok {
+						continue
+					}
+				}
+				dst[j] = instr
+				j++
+			}
+			b.Instrs = dst
+		}
+	}
+
+	// Remove any fn.Locals that were lifted.
+	j := 0
+	for _, l := range fn.Locals {
+		if l.index < 0 {
+			fn.Locals[j] = l
+			j++
+		}
+	}
+	// Nil out fn.Locals[j:] to aid GC.
+	for i := j; i < len(fn.Locals); i++ {
+		fn.Locals[i] = nil
+	}
+	fn.Locals = fn.Locals[:j]
+}
+
+func hasDirectReferrer(instr Instruction) bool {
+	for _, instr := range *instr.Referrers() {
+		switch instr.(type) {
+		case *Phi, *Sigma:
+			// ignore
+		default:
+			return true
+		}
+	}
+	return false
+}
+
+func markLiveNodes(blocks []*BasicBlock, newPhis newPhiMap, newSigmas newSigmaMap) {
+	// Phi and sigma nodes are considered live if a non-phi, non-sigma
+	// node uses them. Once we find a node that is live, we mark all
+	// of its operands as used, too.
+	for _, npList := range newPhis {
+		for _, np := range npList {
+			phi := np.phi
+			if !phi.live && hasDirectReferrer(phi) {
+				markLivePhi(phi)
+			}
+		}
+	}
+	for _, npList := range newSigmas {
+		for _, np := range npList {
+			for _, sigma := range np.sigmas {
+				if sigma != nil && !sigma.live && hasDirectReferrer(sigma) {
+					markLiveSigma(sigma)
+				}
+			}
+		}
+	}
+	// Existing φ-nodes due to && and || operators
+	// are all considered live (see Go issue 19622).
+	for _, b := range blocks {
+		for _, phi := range b.phis() {
+			markLivePhi(phi.(*Phi))
+		}
+	}
+}
+
+func markLivePhi(phi *Phi) {
+	phi.live = true
+	for _, rand := range phi.Edges {
+		switch rand := rand.(type) {
+		case *Phi:
+			if !rand.live {
+				markLivePhi(rand)
+			}
+		case *Sigma:
+			if !rand.live {
+				markLiveSigma(rand)
+			}
+		}
+	}
+}
+
+func markLiveSigma(sigma *Sigma) {
+	sigma.live = true
+	switch rand := sigma.X.(type) {
+	case *Phi:
+		if !rand.live {
+			markLivePhi(rand)
+		}
+	case *Sigma:
+		if !rand.live {
+			markLiveSigma(rand)
+		}
+	}
+}
+
+// simplifyPhis replaces trivial phis with non-phi alternatives. Phi
+// nodes where all edges are identical, or consist of only the phi
+// itself and one other value, may be replaced with the value.
+func simplifyPhis(newPhis newPhiMap) {
+	// find all phis that are trivial and can be replaced with a
+	// non-phi value. run until we reach a fixpoint, because replacing
+	// a phi may make other phis trivial.
+	for changed := true; changed; {
+		changed = false
+		for _, npList := range newPhis {
+			for _, np := range npList {
+				if np.phi.live {
+					// we're reusing 'live' to mean 'dead' in the context of simplifyPhis
+					continue
+				}
+				if r, ok := isUselessPhi(np.phi); ok {
+					// useless phi, replace its uses with the
+					// replacement value. the dead phi pass will clean
+					// up the phi afterwards.
+					replaceAll(np.phi, r)
+					np.phi.live = true
+					changed = true
+				}
+			}
+		}
+	}
+
+	for _, npList := range newPhis {
+		for _, np := range npList {
+			np.phi.live = false
+		}
+	}
+}
+
+type BlockSet struct {
+	idx    int
+	values []bool
+	count  int
+}
+
+func NewBlockSet(size int) *BlockSet {
+	return &BlockSet{values: make([]bool, size)}
+}
+
+func (s *BlockSet) Set(s2 *BlockSet) {
+	copy(s.values, s2.values)
+	s.count = 0
+	for _, v := range s.values {
+		if v {
+			s.count++
+		}
+	}
+}
+
+func (s *BlockSet) Num() int {
+	return s.count
+}
+
+func (s *BlockSet) Has(b *BasicBlock) bool {
+	if b.Index >= len(s.values) {
+		return false
+	}
+	return s.values[b.Index]
+}
+
+// add adds b to the set and returns true if the set changed.
+func (s *BlockSet) Add(b *BasicBlock) bool {
+	if s.values[b.Index] {
+		return false
+	}
+	s.count++
+	s.values[b.Index] = true
+	s.idx = b.Index
+
+	return true
+}
+
+func (s *BlockSet) Clear() {
+	for j := range s.values {
+		s.values[j] = false
+	}
+	s.count = 0
+}
+
+// take removes an arbitrary element from a set s and
+// returns its index, or returns -1 if empty.
+func (s *BlockSet) Take() int {
+	// [i, end]
+	for i := s.idx; i < len(s.values); i++ {
+		if s.values[i] {
+			s.values[i] = false
+			s.idx = i
+			s.count--
+			return i
+		}
+	}
+
+	// [start, i)
+	for i := 0; i < s.idx; i++ {
+		if s.values[i] {
+			s.values[i] = false
+			s.idx = i
+			s.count--
+			return i
+		}
+	}
+
+	return -1
+}
+
+type closure struct {
+	span       []uint32
+	reachables []interval
+}
+
+type interval uint32
+
+const (
+	flagMask   = 1 << 31
+	numBits    = 20
+	lengthBits = 32 - numBits - 1
+	lengthMask = (1<<lengthBits - 1) << numBits
+	numMask    = 1<<numBits - 1
+)
+
+func (c closure) has(s, v *BasicBlock) bool {
+	idx := uint32(v.Index)
+	if idx == 1 || s.Dominates(v) {
+		return true
+	}
+	r := c.reachable(s.Index)
+	for i := 0; i < len(r); i++ {
+		inv := r[i]
+		var start, end uint32
+		if inv&flagMask == 0 {
+			// small interval
+			start = uint32(inv & numMask)
+			end = start + uint32(inv&lengthMask)>>numBits
+		} else {
+			// large interval
+			i++
+			start = uint32(inv & numMask)
+			end = uint32(r[i])
+		}
+		if idx >= start && idx <= end {
+			return true
+		}
+	}
+	return false
+}
+
+func (c closure) reachable(id int) []interval {
+	return c.reachables[c.span[id]:c.span[id+1]]
+}
+
+func (c closure) walk(current *BasicBlock, b *BasicBlock, visited []bool) {
+	visited[b.Index] = true
+	for _, succ := range b.Succs {
+		if visited[succ.Index] {
+			continue
+		}
+		visited[succ.Index] = true
+		c.walk(current, succ, visited)
+	}
+}
+
+func transitiveClosure(fn *Function) *closure {
+	reachable := make([]bool, len(fn.Blocks))
+	c := &closure{}
+	c.span = make([]uint32, len(fn.Blocks)+1)
+
+	addInterval := func(start, end uint32) {
+		if l := end - start; l <= 1<<lengthBits-1 {
+			n := interval(l<<numBits | start)
+			c.reachables = append(c.reachables, n)
+		} else {
+			n1 := interval(1<<31 | start)
+			n2 := interval(end)
+			c.reachables = append(c.reachables, n1, n2)
+		}
+	}
+
+	for i, b := range fn.Blocks[1:] {
+		for i := range reachable {
+			reachable[i] = false
+		}
+
+		c.walk(b, b, reachable)
+		start := ^uint32(0)
+		for id, isReachable := range reachable {
+			if !isReachable {
+				if start != ^uint32(0) {
+					end := uint32(id) - 1
+					addInterval(start, end)
+					start = ^uint32(0)
+				}
+				continue
+			} else if start == ^uint32(0) {
+				start = uint32(id)
+			}
+		}
+		if start != ^uint32(0) {
+			addInterval(start, uint32(len(reachable))-1)
+		}
+
+		c.span[i+2] = uint32(len(c.reachables))
+	}
+
+	return c
+}
+
+// newPhi is a pair of a newly introduced φ-node and the lifted Alloc
+// it replaces.
+type newPhi struct {
+	phi   *Phi
+	alloc *Alloc
+}
+
+type newSigma struct {
+	alloc  *Alloc
+	sigmas []*Sigma
+}
+
+// newPhiMap records for each basic block, the set of newPhis that
+// must be prepended to the block.
+type newPhiMap [][]newPhi
+type newSigmaMap [][]newSigma
+
+func liftable(alloc *Alloc) bool {
+	// Don't lift aggregates into registers, because we don't have
+	// a way to express their zero-constants.
+	switch deref(alloc.Type()).Underlying().(type) {
+	case *types.Array, *types.Struct:
+		return false
+	}
+
+	fn := alloc.Parent()
+	// Don't lift named return values in functions that defer
+	// calls that may recover from panic.
+	if fn.hasDefer {
+		for _, nr := range fn.namedResults {
+			if nr == alloc {
+				return false
+			}
+		}
+	}
+
+	for _, instr := range *alloc.Referrers() {
+		switch instr := instr.(type) {
+		case *Store:
+			if instr.Val == alloc {
+				return false // address used as value
+			}
+			if instr.Addr != alloc {
+				panic("Alloc.Referrers is inconsistent")
+			}
+		case *Load:
+			if instr.X != alloc {
+				panic("Alloc.Referrers is inconsistent")
+			}
+
+		case *DebugRef:
+			// ok
+		default:
+			return false
+		}
+	}
+
+	return true
+}
+
+// liftAlloc determines whether alloc can be lifted into registers,
+// and if so, it populates newPhis with all the φ-nodes it may require
+// and returns true.
+func liftAlloc(closure *closure, df domFrontier, rdf postDomFrontier, alloc *Alloc, newPhis newPhiMap, newSigmas newSigmaMap) {
+	fn := alloc.Parent()
+
+	defblocks := fn.blockset(0)
+	useblocks := fn.blockset(1)
+	Aphi := fn.blockset(2)
+	Asigma := fn.blockset(3)
+	W := fn.blockset(4)
+
+	// Compute defblocks, the set of blocks containing a
+	// definition of the alloc cell.
+	for _, instr := range *alloc.Referrers() {
+		// Bail out if we discover the alloc is not liftable;
+		// the only operations permitted to use the alloc are
+		// loads/stores into the cell, and DebugRef.
+		switch instr := instr.(type) {
+		case *Store:
+			defblocks.Add(instr.Block())
+		case *Load:
+			useblocks.Add(instr.Block())
+			for _, ref := range *instr.Referrers() {
+				useblocks.Add(ref.Block())
+			}
+		}
+	}
+	// The Alloc itself counts as a (zero) definition of the cell.
+	defblocks.Add(alloc.Block())
+
+	if debugLifting {
+		fmt.Fprintln(os.Stderr, "\tlifting ", alloc, alloc.Name())
+	}
+
+	// Φ-insertion.
+	//
+	// What follows is the body of the main loop of the insert-φ
+	// function described by Cytron et al, but instead of using
+	// counter tricks, we just reset the 'hasAlready' and 'work'
+	// sets each iteration.  These are bitmaps so it's pretty cheap.
+
+	// Initialize W and work to defblocks.
+
+	for change := true; change; {
+		change = false
+		{
+			// Traverse iterated dominance frontier, inserting φ-nodes.
+			W.Set(defblocks)
+
+			for i := W.Take(); i != -1; i = W.Take() {
+				n := fn.Blocks[i]
+				for _, y := range df[n.Index] {
+					if Aphi.Add(y) {
+						if len(*alloc.Referrers()) == 0 {
+							continue
+						}
+						live := false
+						if closure == nil {
+							live = true
+						} else {
+							for _, ref := range *alloc.Referrers() {
+								if _, ok := ref.(*Load); ok {
+									if closure.has(y, ref.Block()) {
+										live = true
+										break
+									}
+								}
+							}
+						}
+						if !live {
+							continue
+						}
+
+						// Create φ-node.
+						// It will be prepended to v.Instrs later, if needed.
+						phi := &Phi{
+							Edges: make([]Value, len(y.Preds)),
+						}
+
+						phi.source = alloc.source
+						phi.setType(deref(alloc.Type()))
+						phi.block = y
+						if debugLifting {
+							fmt.Fprintf(os.Stderr, "\tplace %s = %s at block %s\n", phi.Name(), phi, y)
+						}
+						newPhis[y.Index] = append(newPhis[y.Index], newPhi{phi, alloc})
+
+						for _, p := range y.Preds {
+							useblocks.Add(p)
+						}
+						change = true
+						if defblocks.Add(y) {
+							W.Add(y)
+						}
+					}
+				}
+			}
+		}
+
+		{
+			W.Set(useblocks)
+			for i := W.Take(); i != -1; i = W.Take() {
+				n := fn.Blocks[i]
+				for _, y := range rdf[n.Index] {
+					if Asigma.Add(y) {
+						sigmas := make([]*Sigma, 0, len(y.Succs))
+						anyLive := false
+						for _, succ := range y.Succs {
+							live := false
+							for _, ref := range *alloc.Referrers() {
+								if closure == nil || closure.has(succ, ref.Block()) {
+									live = true
+									anyLive = true
+									break
+								}
+							}
+							if live {
+								sigma := &Sigma{
+									From: y,
+									X:    alloc,
+								}
+								sigma.source = alloc.source
+								sigma.setType(deref(alloc.Type()))
+								sigma.block = succ
+								sigmas = append(sigmas, sigma)
+							} else {
+								sigmas = append(sigmas, nil)
+							}
+						}
+
+						if anyLive {
+							newSigmas[y.Index] = append(newSigmas[y.Index], newSigma{alloc, sigmas})
+							for _, s := range y.Succs {
+								defblocks.Add(s)
+							}
+							change = true
+							if useblocks.Add(y) {
+								W.Add(y)
+							}
+						}
+					}
+				}
+			}
+		}
+	}
+}
+
+// replaceAll replaces all intraprocedural uses of x with y,
+// updating x.Referrers and y.Referrers.
+// Precondition: x.Referrers() != nil, i.e. x must be local to some function.
+//
+func replaceAll(x, y Value) {
+	var rands []*Value
+	pxrefs := x.Referrers()
+	pyrefs := y.Referrers()
+	for _, instr := range *pxrefs {
+		rands = instr.Operands(rands[:0]) // recycle storage
+		for _, rand := range rands {
+			if *rand != nil {
+				if *rand == x {
+					*rand = y
+				}
+			}
+		}
+		if pyrefs != nil {
+			*pyrefs = append(*pyrefs, instr) // dups ok
+		}
+	}
+	*pxrefs = nil // x is now unreferenced
+}
+
+// renamed returns the value to which alloc is being renamed,
+// constructing it lazily if it's the implicit zero initialization.
+//
+func renamed(fn *Function, renaming []Value, alloc *Alloc) Value {
+	v := renaming[alloc.index]
+	if v == nil {
+		v = emitConst(fn, zeroConst(deref(alloc.Type())))
+		renaming[alloc.index] = v
+	}
+	return v
+}
+
+// rename implements the Cytron et al-based SSI renaming algorithm, a
+// preorder traversal of the dominator tree replacing all loads of
+// Alloc cells with the value stored to that cell by the dominating
+// store instruction.
+//
+// renaming is a map from *Alloc (keyed by index number) to its
+// dominating stored value; newPhis[x] is the set of new φ-nodes to be
+// prepended to block x.
+//
+func rename(u *BasicBlock, renaming []Value, newPhis newPhiMap, newSigmas newSigmaMap) {
+	// Each φ-node becomes the new name for its associated Alloc.
+	for _, np := range newPhis[u.Index] {
+		phi := np.phi
+		alloc := np.alloc
+		renaming[alloc.index] = phi
+	}
+
+	// Rename loads and stores of allocs.
+	for i, instr := range u.Instrs {
+		switch instr := instr.(type) {
+		case *Alloc:
+			if instr.index >= 0 { // store of zero to Alloc cell
+				// Replace dominated loads by the zero value.
+				renaming[instr.index] = nil
+				if debugLifting {
+					fmt.Fprintf(os.Stderr, "\tkill alloc %s\n", instr)
+				}
+				// Delete the Alloc.
+				u.Instrs[i] = nil
+				u.gaps++
+			}
+
+		case *Store:
+			if alloc, ok := instr.Addr.(*Alloc); ok && alloc.index >= 0 { // store to Alloc cell
+				// Replace dominated loads by the stored value.
+				renaming[alloc.index] = instr.Val
+				if debugLifting {
+					fmt.Fprintf(os.Stderr, "\tkill store %s; new value: %s\n",
+						instr, instr.Val.Name())
+				}
+				if refs := instr.Addr.Referrers(); refs != nil {
+					*refs = removeInstr(*refs, instr)
+				}
+				if refs := instr.Val.Referrers(); refs != nil {
+					*refs = removeInstr(*refs, instr)
+				}
+				// Delete the Store.
+				u.Instrs[i] = nil
+				u.gaps++
+			}
+
+		case *Load:
+			if alloc, ok := instr.X.(*Alloc); ok && alloc.index >= 0 { // load of Alloc cell
+				// In theory, we wouldn't be able to replace loads
+				// directly, because a loaded value could be used in
+				// different branches, in which case it should be
+				// replaced with different sigma nodes. But we can't
+				// simply defer replacement, either, because then
+				// later stores might incorrectly affect this load.
+				//
+				// To avoid doing renaming on _all_ values (instead of
+				// just loads and stores like we're doing), we make
+				// sure during code generation that each load is only
+				// used in one block. For example, in constant switch
+				// statements, where the tag is only evaluated once,
+				// we store it in a temporary and load it for each
+				// comparison, so that we have individual loads to
+				// replace.
+				newval := renamed(u.Parent(), renaming, alloc)
+				if debugLifting {
+					fmt.Fprintf(os.Stderr, "\tupdate load %s = %s with %s\n",
+						instr.Name(), instr, newval)
+				}
+				replaceAll(instr, newval)
+				u.Instrs[i] = nil
+				u.gaps++
+			}
+
+		case *DebugRef:
+			if x, ok := instr.X.(*Alloc); ok && x.index >= 0 {
+				if instr.IsAddr {
+					instr.X = renamed(u.Parent(), renaming, x)
+					instr.IsAddr = false
+
+					// Add DebugRef to instr.X's referrers.
+					if refs := instr.X.Referrers(); refs != nil {
+						*refs = append(*refs, instr)
+					}
+				} else {
+					// A source expression denotes the address
+					// of an Alloc that was optimized away.
+					instr.X = nil
+
+					// Delete the DebugRef.
+					u.Instrs[i] = nil
+					u.gaps++
+				}
+			}
+		}
+	}
+
+	// update all outgoing sigma nodes with the dominating store
+	for _, sigmas := range newSigmas[u.Index] {
+		for _, sigma := range sigmas.sigmas {
+			if sigma == nil {
+				continue
+			}
+			sigma.X = renamed(u.Parent(), renaming, sigmas.alloc)
+		}
+	}
+
+	// For each φ-node in a CFG successor, rename the edge.
+	for succi, v := range u.Succs {
+		phis := newPhis[v.Index]
+		if len(phis) == 0 {
+			continue
+		}
+		i := v.predIndex(u)
+		for _, np := range phis {
+			phi := np.phi
+			alloc := np.alloc
+			// if there's a sigma node, use it, else use the dominating value
+			var newval Value
+			for _, sigmas := range newSigmas[u.Index] {
+				if sigmas.alloc == alloc && sigmas.sigmas[succi] != nil {
+					newval = sigmas.sigmas[succi]
+					break
+				}
+			}
+			if newval == nil {
+				newval = renamed(u.Parent(), renaming, alloc)
+			}
+			if debugLifting {
+				fmt.Fprintf(os.Stderr, "\tsetphi %s edge %s -> %s (#%d) (alloc=%s) := %s\n",
+					phi.Name(), u, v, i, alloc.Name(), newval.Name())
+			}
+			phi.Edges[i] = newval
+			if prefs := newval.Referrers(); prefs != nil {
+				*prefs = append(*prefs, phi)
+			}
+		}
+	}
+
+	// Continue depth-first recursion over domtree, pushing a
+	// fresh copy of the renaming map for each subtree.
+	r := make([]Value, len(renaming))
+	for _, v := range u.dom.children {
+		// XXX add debugging
+		copy(r, renaming)
+
+		// on entry to a block, the incoming sigma nodes become the new values for their alloc
+		if idx := u.succIndex(v); idx != -1 {
+			for _, sigma := range newSigmas[u.Index] {
+				if sigma.sigmas[idx] != nil {
+					r[sigma.alloc.index] = sigma.sigmas[idx]
+				}
+			}
+		}
+		rename(v, r, newPhis, newSigmas)
+	}
+
+}
diff --git a/vendor/honnef.co/go/tools/ssa/lvalue.go b/vendor/honnef.co/go/tools/ir/lvalue.go
similarity index 59%
rename from vendor/honnef.co/go/tools/ssa/lvalue.go
rename to vendor/honnef.co/go/tools/ir/lvalue.go
index eb5d71e1..f676a1f7 100644
--- a/vendor/honnef.co/go/tools/ssa/lvalue.go
+++ b/vendor/honnef.co/go/tools/ir/lvalue.go
@@ -2,14 +2,13 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ssa
+package ir
 
 // lvalues are the union of addressable expressions and map-index
 // expressions.
 
 import (
 	"go/ast"
-	"go/token"
 	"go/types"
 )
 
@@ -18,27 +17,24 @@ import (
 // pointer to permit updates to elements of maps.
 //
 type lvalue interface {
-	store(fn *Function, v Value) // stores v into the location
-	load(fn *Function) Value     // loads the contents of the location
-	address(fn *Function) Value  // address of the location
-	typ() types.Type             // returns the type of the location
+	store(fn *Function, v Value, source ast.Node) // stores v into the location
+	load(fn *Function, source ast.Node) Value     // loads the contents of the location
+	address(fn *Function) Value                   // address of the location
+	typ() types.Type                              // returns the type of the location
 }
 
 // An address is an lvalue represented by a true pointer.
 type address struct {
 	addr Value
-	pos  token.Pos // source position
-	expr ast.Expr  // source syntax of the value (not address) [debug mode]
+	expr ast.Expr // source syntax of the value (not address) [debug mode]
 }
 
-func (a *address) load(fn *Function) Value {
-	load := emitLoad(fn, a.addr)
-	load.pos = a.pos
-	return load
+func (a *address) load(fn *Function, source ast.Node) Value {
+	return emitLoad(fn, a.addr, source)
 }
 
-func (a *address) store(fn *Function, v Value) {
-	store := emitStore(fn, a.addr, v, a.pos)
+func (a *address) store(fn *Function, v Value, source ast.Node) {
+	store := emitStore(fn, a.addr, v, source)
 	if a.expr != nil {
 		// store.Val is v, converted for assignability.
 		emitDebugRef(fn, a.expr, store.Val, false)
@@ -57,38 +53,35 @@ func (a *address) typ() types.Type {
 }
 
 // An element is an lvalue represented by m[k], the location of an
-// element of a map or string.  These locations are not addressable
+// element of a map.  These locations are not addressable
 // since pointers cannot be formed from them, but they do support
-// load(), and in the case of maps, store().
+// load() and store().
 //
 type element struct {
-	m, k Value      // map or string
-	t    types.Type // map element type or string byte type
-	pos  token.Pos  // source position of colon ({k:v}) or lbrack (m[k]=v)
+	m, k Value      // map
+	t    types.Type // map element type
 }
 
-func (e *element) load(fn *Function) Value {
-	l := &Lookup{
+func (e *element) load(fn *Function, source ast.Node) Value {
+	l := &MapLookup{
 		X:     e.m,
 		Index: e.k,
 	}
-	l.setPos(e.pos)
 	l.setType(e.t)
-	return fn.emit(l)
+	return fn.emit(l, source)
 }
 
-func (e *element) store(fn *Function, v Value) {
+func (e *element) store(fn *Function, v Value, source ast.Node) {
 	up := &MapUpdate{
 		Map:   e.m,
 		Key:   e.k,
-		Value: emitConv(fn, v, e.t),
+		Value: emitConv(fn, v, e.t, source),
 	}
-	up.pos = e.pos
-	fn.emit(up)
+	fn.emit(up, source)
 }
 
 func (e *element) address(fn *Function) Value {
-	panic("map/string elements are not addressable")
+	panic("map elements are not addressable")
 }
 
 func (e *element) typ() types.Type {
@@ -100,15 +93,15 @@ func (e *element) typ() types.Type {
 //
 type blank struct{}
 
-func (bl blank) load(fn *Function) Value {
+func (bl blank) load(fn *Function, source ast.Node) Value {
 	panic("blank.load is illegal")
 }
 
-func (bl blank) store(fn *Function, v Value) {
+func (bl blank) store(fn *Function, v Value, source ast.Node) {
 	s := &BlankStore{
 		Val: v,
 	}
-	fn.emit(s)
+	fn.emit(s, source)
 }
 
 func (bl blank) address(fn *Function) Value {
diff --git a/vendor/honnef.co/go/tools/ssa/methods.go b/vendor/honnef.co/go/tools/ir/methods.go
similarity index 99%
rename from vendor/honnef.co/go/tools/ssa/methods.go
rename to vendor/honnef.co/go/tools/ir/methods.go
index 9cf38391..517f448b 100644
--- a/vendor/honnef.co/go/tools/ssa/methods.go
+++ b/vendor/honnef.co/go/tools/ir/methods.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ssa
+package ir
 
 // This file defines utilities for population of method sets.
 
diff --git a/vendor/honnef.co/go/tools/ssa/mode.go b/vendor/honnef.co/go/tools/ir/mode.go
similarity index 65%
rename from vendor/honnef.co/go/tools/ssa/mode.go
rename to vendor/honnef.co/go/tools/ir/mode.go
index d2a26989..da548fdb 100644
--- a/vendor/honnef.co/go/tools/ssa/mode.go
+++ b/vendor/honnef.co/go/tools/ir/mode.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ssa
+package ir
 
 // This file defines the BuilderMode type and its command-line flag.
 
@@ -15,32 +15,30 @@ import (
 //
 // *BuilderMode satisfies the flag.Value interface.  Example:
 //
-// 	var mode = ssa.BuilderMode(0)
-// 	func init() { flag.Var(&mode, "build", ssa.BuilderModeDoc) }
+// 	var mode = ir.BuilderMode(0)
+// 	func init() { flag.Var(&mode, "build", ir.BuilderModeDoc) }
 //
 type BuilderMode uint
 
 const (
 	PrintPackages        BuilderMode = 1 << iota // Print package inventory to stdout
-	PrintFunctions                               // Print function SSA code to stdout
-	LogSource                                    // Log source locations as SSA builder progresses
+	PrintFunctions                               // Print function IR code to stdout
+	PrintSource                                  // Print source code when printing function IR
+	LogSource                                    // Log source locations as IR builder progresses
 	SanityCheckFunctions                         // Perform sanity checking of function bodies
-	NaiveForm                                    // Build naïve SSA form: don't replace local loads/stores with registers
-	BuildSerially                                // Build packages serially, not in parallel.
+	NaiveForm                                    // Build naïve IR form: don't replace local loads/stores with registers
 	GlobalDebug                                  // Enable debug info for all packages
-	BareInits                                    // Build init functions without guards or calls to dependent inits
 )
 
-const BuilderModeDoc = `Options controlling the SSA builder.
+const BuilderModeDoc = `Options controlling the IR builder.
 The value is a sequence of zero or more of these letters:
-C	perform sanity [C]hecking of the SSA form.
+C	perform sanity [C]hecking of the IR form.
 D	include [D]ebug info for every function.
 P	print [P]ackage inventory.
-F	print [F]unction SSA code.
-S	log [S]ource locations as SSA builder progresses.
-L	build distinct packages seria[L]ly instead of in parallel.
-N	build [N]aive SSA form: don't replace local loads/stores with registers.
-I	build bare [I]nit functions: no init guards or calls to dependent inits.
+F	print [F]unction IR code.
+A	print [A]ST nodes responsible for IR instructions
+S	log [S]ource locations as IR builder progresses.
+N	build [N]aive IR form: don't replace local loads/stores with registers.
 `
 
 func (m BuilderMode) String() string {
@@ -54,6 +52,9 @@ func (m BuilderMode) String() string {
 	if m&PrintFunctions != 0 {
 		buf.WriteByte('F')
 	}
+	if m&PrintSource != 0 {
+		buf.WriteByte('A')
+	}
 	if m&LogSource != 0 {
 		buf.WriteByte('S')
 	}
@@ -63,9 +64,6 @@ func (m BuilderMode) String() string {
 	if m&NaiveForm != 0 {
 		buf.WriteByte('N')
 	}
-	if m&BuildSerially != 0 {
-		buf.WriteByte('L')
-	}
 	return buf.String()
 }
 
@@ -80,14 +78,14 @@ func (m *BuilderMode) Set(s string) error {
 			mode |= PrintPackages
 		case 'F':
 			mode |= PrintFunctions
+		case 'A':
+			mode |= PrintSource
 		case 'S':
-			mode |= LogSource | BuildSerially
+			mode |= LogSource
 		case 'C':
 			mode |= SanityCheckFunctions
 		case 'N':
 			mode |= NaiveForm
-		case 'L':
-			mode |= BuildSerially
 		default:
 			return fmt.Errorf("unknown BuilderMode option: %q", c)
 		}
diff --git a/vendor/honnef.co/go/tools/ssa/print.go b/vendor/honnef.co/go/tools/ir/print.go
similarity index 54%
rename from vendor/honnef.co/go/tools/ssa/print.go
rename to vendor/honnef.co/go/tools/ir/print.go
index 6fd27727..c16c08ef 100644
--- a/vendor/honnef.co/go/tools/ssa/print.go
+++ b/vendor/honnef.co/go/tools/ir/print.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ssa
+package ir
 
 // This file implements the String() methods for all Value and
 // Instruction types.
@@ -25,6 +25,9 @@ import (
 // references are package-qualified.
 //
 func relName(v Value, i Instruction) string {
+	if v == nil {
+		return "<nil>"
+	}
 	var from *types.Package
 	if i != nil {
 		from = i.Parent().pkg()
@@ -32,8 +35,6 @@ func relName(v Value, i Instruction) string {
 	switch v := v.(type) {
 	case Member: // *Function or *Global
 		return v.RelString(from)
-	case *Const:
-		return v.RelString(from)
 	}
 	return v.Name()
 }
@@ -58,36 +59,40 @@ func relString(m Member, from *types.Package) string {
 
 func (v *Parameter) String() string {
 	from := v.Parent().pkg()
-	return fmt.Sprintf("parameter %s : %s", v.Name(), relType(v.Type(), from))
+	return fmt.Sprintf("Parameter <%s> {%s}", relType(v.Type(), from), v.name)
 }
 
 func (v *FreeVar) String() string {
 	from := v.Parent().pkg()
-	return fmt.Sprintf("freevar %s : %s", v.Name(), relType(v.Type(), from))
+	return fmt.Sprintf("FreeVar <%s> %s", relType(v.Type(), from), v.Name())
 }
 
 func (v *Builtin) String() string {
-	return fmt.Sprintf("builtin %s", v.Name())
+	return fmt.Sprintf("Builtin %s", v.Name())
 }
 
 // Instruction.String()
 
 func (v *Alloc) String() string {
-	op := "local"
-	if v.Heap {
-		op = "new"
-	}
 	from := v.Parent().pkg()
-	return fmt.Sprintf("%s %s (%s)", op, relType(deref(v.Type()), from), v.Comment)
+	storage := "Stack"
+	if v.Heap {
+		storage = "Heap"
+	}
+	return fmt.Sprintf("%sAlloc <%s>", storage, relType(v.Type(), from))
+}
+
+func (v *Sigma) String() string {
+	from := v.Parent().pkg()
+	s := fmt.Sprintf("Sigma <%s> [b%d] %s", relType(v.Type(), from), v.From.Index, v.X.Name())
+	return s
 }
 
 func (v *Phi) String() string {
 	var b bytes.Buffer
-	b.WriteString("phi [")
+	fmt.Fprintf(&b, "Phi <%s>", v.Type())
 	for i, edge := range v.Edges {
-		if i > 0 {
-			b.WriteString(", ")
-		}
+		b.WriteString(" ")
 		// Be robust against malformed CFG.
 		if v.block == nil {
 			b.WriteString("??")
@@ -97,40 +102,35 @@ func (v *Phi) String() string {
 		if i < len(v.block.Preds) {
 			block = v.block.Preds[i].Index
 		}
-		fmt.Fprintf(&b, "%d: ", block)
+		fmt.Fprintf(&b, "%d:", block)
 		edgeVal := "<nil>" // be robust
 		if edge != nil {
 			edgeVal = relName(edge, v)
 		}
 		b.WriteString(edgeVal)
 	}
-	b.WriteString("]")
-	if v.Comment != "" {
-		b.WriteString(" #")
-		b.WriteString(v.Comment)
-	}
 	return b.String()
 }
 
 func printCall(v *CallCommon, prefix string, instr Instruction) string {
 	var b bytes.Buffer
-	b.WriteString(prefix)
 	if !v.IsInvoke() {
-		b.WriteString(relName(v.Value, instr))
-	} else {
-		fmt.Fprintf(&b, "invoke %s.%s", relName(v.Value, instr), v.Method.Name())
-	}
-	b.WriteString("(")
-	for i, arg := range v.Args {
-		if i > 0 {
-			b.WriteString(", ")
+		if value, ok := instr.(Value); ok {
+			fmt.Fprintf(&b, "%s <%s> %s", prefix, relType(value.Type(), instr.Parent().pkg()), relName(v.Value, instr))
+		} else {
+			fmt.Fprintf(&b, "%s %s", prefix, relName(v.Value, instr))
 		}
+	} else {
+		if value, ok := instr.(Value); ok {
+			fmt.Fprintf(&b, "%sInvoke <%s> %s.%s", prefix, relType(value.Type(), instr.Parent().pkg()), relName(v.Value, instr), v.Method.Name())
+		} else {
+			fmt.Fprintf(&b, "%sInvoke %s.%s", prefix, relName(v.Value, instr), v.Method.Name())
+		}
+	}
+	for _, arg := range v.Args {
+		b.WriteString(" ")
 		b.WriteString(relName(arg, instr))
 	}
-	if v.Signature().Variadic() {
-		b.WriteString("...")
-	}
-	b.WriteString(")")
 	return b.String()
 }
 
@@ -139,73 +139,59 @@ func (c *CallCommon) String() string {
 }
 
 func (v *Call) String() string {
-	return printCall(&v.Call, "", v)
+	return printCall(&v.Call, "Call", v)
 }
 
 func (v *BinOp) String() string {
-	return fmt.Sprintf("%s %s %s", relName(v.X, v), v.Op.String(), relName(v.Y, v))
+	return fmt.Sprintf("BinOp <%s> {%s} %s %s", relType(v.Type(), v.Parent().pkg()), v.Op.String(), relName(v.X, v), relName(v.Y, v))
 }
 
 func (v *UnOp) String() string {
-	return fmt.Sprintf("%s%s%s", v.Op, relName(v.X, v), commaOk(v.CommaOk))
+	return fmt.Sprintf("UnOp <%s> {%s} %s", relType(v.Type(), v.Parent().pkg()), v.Op.String(), relName(v.X, v))
+}
+
+func (v *Load) String() string {
+	return fmt.Sprintf("Load <%s> %s", relType(v.Type(), v.Parent().pkg()), relName(v.X, v))
 }
 
 func printConv(prefix string, v, x Value) string {
 	from := v.Parent().pkg()
-	return fmt.Sprintf("%s %s <- %s (%s)",
+	return fmt.Sprintf("%s <%s> %s",
 		prefix,
 		relType(v.Type(), from),
-		relType(x.Type(), from),
 		relName(x, v.(Instruction)))
 }
 
-func (v *ChangeType) String() string      { return printConv("changetype", v, v.X) }
-func (v *Convert) String() string         { return printConv("convert", v, v.X) }
-func (v *ChangeInterface) String() string { return printConv("change interface", v, v.X) }
-func (v *MakeInterface) String() string   { return printConv("make", v, v.X) }
+func (v *ChangeType) String() string      { return printConv("ChangeType", v, v.X) }
+func (v *Convert) String() string         { return printConv("Convert", v, v.X) }
+func (v *ChangeInterface) String() string { return printConv("ChangeInterface", v, v.X) }
+func (v *MakeInterface) String() string   { return printConv("MakeInterface", v, v.X) }
 
 func (v *MakeClosure) String() string {
+	from := v.Parent().pkg()
 	var b bytes.Buffer
-	fmt.Fprintf(&b, "make closure %s", relName(v.Fn, v))
+	fmt.Fprintf(&b, "MakeClosure <%s> %s", relType(v.Type(), from), relName(v.Fn, v))
 	if v.Bindings != nil {
-		b.WriteString(" [")
-		for i, c := range v.Bindings {
-			if i > 0 {
-				b.WriteString(", ")
-			}
+		for _, c := range v.Bindings {
+			b.WriteString(" ")
 			b.WriteString(relName(c, v))
 		}
-		b.WriteString("]")
 	}
 	return b.String()
 }
 
 func (v *MakeSlice) String() string {
 	from := v.Parent().pkg()
-	return fmt.Sprintf("make %s %s %s",
+	return fmt.Sprintf("MakeSlice <%s> %s %s",
 		relType(v.Type(), from),
 		relName(v.Len, v),
 		relName(v.Cap, v))
 }
 
 func (v *Slice) String() string {
-	var b bytes.Buffer
-	b.WriteString("slice ")
-	b.WriteString(relName(v.X, v))
-	b.WriteString("[")
-	if v.Low != nil {
-		b.WriteString(relName(v.Low, v))
-	}
-	b.WriteString(":")
-	if v.High != nil {
-		b.WriteString(relName(v.High, v))
-	}
-	if v.Max != nil {
-		b.WriteString(":")
-		b.WriteString(relName(v.Max, v))
-	}
-	b.WriteString("]")
-	return b.String()
+	from := v.Parent().pkg()
+	return fmt.Sprintf("Slice <%s> %s %s %s %s",
+		relType(v.Type(), from), relName(v.X, v), relName(v.Low, v), relName(v.High, v), relName(v.Max, v))
 }
 
 func (v *MakeMap) String() string {
@@ -214,22 +200,23 @@ func (v *MakeMap) String() string {
 		res = relName(v.Reserve, v)
 	}
 	from := v.Parent().pkg()
-	return fmt.Sprintf("make %s %s", relType(v.Type(), from), res)
+	return fmt.Sprintf("MakeMap <%s> %s", relType(v.Type(), from), res)
 }
 
 func (v *MakeChan) String() string {
 	from := v.Parent().pkg()
-	return fmt.Sprintf("make %s %s", relType(v.Type(), from), relName(v.Size, v))
+	return fmt.Sprintf("MakeChan <%s> %s", relType(v.Type(), from), relName(v.Size, v))
 }
 
 func (v *FieldAddr) String() string {
+	from := v.Parent().pkg()
 	st := deref(v.X.Type()).Underlying().(*types.Struct)
 	// Be robust against a bad index.
 	name := "?"
 	if 0 <= v.Field && v.Field < st.NumFields() {
 		name = st.Field(v.Field).Name()
 	}
-	return fmt.Sprintf("&%s.%s [#%d]", relName(v.X, v), name, v.Field)
+	return fmt.Sprintf("FieldAddr <%s> [%d] (%s) %s", relType(v.Type(), from), v.Field, name, relName(v.X, v))
 }
 
 func (v *Field) String() string {
@@ -239,36 +226,49 @@ func (v *Field) String() string {
 	if 0 <= v.Field && v.Field < st.NumFields() {
 		name = st.Field(v.Field).Name()
 	}
-	return fmt.Sprintf("%s.%s [#%d]", relName(v.X, v), name, v.Field)
+	from := v.Parent().pkg()
+	return fmt.Sprintf("Field <%s> [%d] (%s) %s", relType(v.Type(), from), v.Field, name, relName(v.X, v))
 }
 
 func (v *IndexAddr) String() string {
-	return fmt.Sprintf("&%s[%s]", relName(v.X, v), relName(v.Index, v))
+	from := v.Parent().pkg()
+	return fmt.Sprintf("IndexAddr <%s> %s %s", relType(v.Type(), from), relName(v.X, v), relName(v.Index, v))
 }
 
 func (v *Index) String() string {
-	return fmt.Sprintf("%s[%s]", relName(v.X, v), relName(v.Index, v))
+	from := v.Parent().pkg()
+	return fmt.Sprintf("Index <%s> %s %s", relType(v.Type(), from), relName(v.X, v), relName(v.Index, v))
 }
 
-func (v *Lookup) String() string {
-	return fmt.Sprintf("%s[%s]%s", relName(v.X, v), relName(v.Index, v), commaOk(v.CommaOk))
+func (v *MapLookup) String() string {
+	from := v.Parent().pkg()
+	return fmt.Sprintf("MapLookup <%s> %s %s", relType(v.Type(), from), relName(v.X, v), relName(v.Index, v))
+}
+
+func (v *StringLookup) String() string {
+	from := v.Parent().pkg()
+	return fmt.Sprintf("StringLookup <%s> %s %s", relType(v.Type(), from), relName(v.X, v), relName(v.Index, v))
 }
 
 func (v *Range) String() string {
-	return "range " + relName(v.X, v)
+	from := v.Parent().pkg()
+	return fmt.Sprintf("Range <%s> %s", relType(v.Type(), from), relName(v.X, v))
 }
 
 func (v *Next) String() string {
-	return "next " + relName(v.Iter, v)
+	from := v.Parent().pkg()
+	return fmt.Sprintf("Next <%s> %s", relType(v.Type(), from), relName(v.Iter, v))
 }
 
 func (v *TypeAssert) String() string {
 	from := v.Parent().pkg()
-	return fmt.Sprintf("typeassert%s %s.(%s)", commaOk(v.CommaOk), relName(v.X, v), relType(v.AssertedType, from))
+	return fmt.Sprintf("TypeAssert <%s> %s", relType(v.Type(), from), relName(v.X, v))
 }
 
 func (v *Extract) String() string {
-	return fmt.Sprintf("extract %s #%d", relName(v.Tuple, v), v.Index)
+	from := v.Parent().pkg()
+	name := v.Tuple.Type().(*types.Tuple).At(v.Index).Name()
+	return fmt.Sprintf("Extract <%s> [%d] (%s) %s", relType(v.Type(), from), v.Index, name, relName(v.Tuple, v))
 }
 
 func (s *Jump) String() string {
@@ -277,7 +277,20 @@ func (s *Jump) String() string {
 	if s.block != nil && len(s.block.Succs) == 1 {
 		block = s.block.Succs[0].Index
 	}
-	return fmt.Sprintf("jump %d", block)
+	str := fmt.Sprintf("Jump → b%d", block)
+	if s.Comment != "" {
+		str = fmt.Sprintf("%s # %s", str, s.Comment)
+	}
+	return str
+}
+
+func (s *Unreachable) String() string {
+	// Be robust against malformed CFG.
+	block := -1
+	if s.block != nil && len(s.block.Succs) == 1 {
+		block = s.block.Succs[0].Index
+	}
+	return fmt.Sprintf("Unreachable → b%d", block)
 }
 
 func (s *If) String() string {
@@ -287,41 +300,70 @@ func (s *If) String() string {
 		tblock = s.block.Succs[0].Index
 		fblock = s.block.Succs[1].Index
 	}
-	return fmt.Sprintf("if %s goto %d else %d", relName(s.Cond, s), tblock, fblock)
+	return fmt.Sprintf("If %s → b%d b%d", relName(s.Cond, s), tblock, fblock)
+}
+
+func (s *ConstantSwitch) String() string {
+	var b bytes.Buffer
+	fmt.Fprintf(&b, "ConstantSwitch %s", relName(s.Tag, s))
+	for _, cond := range s.Conds {
+		fmt.Fprintf(&b, " %s", relName(cond, s))
+	}
+	fmt.Fprint(&b, " →")
+	for _, succ := range s.block.Succs {
+		fmt.Fprintf(&b, " b%d", succ.Index)
+	}
+	return b.String()
+}
+
+func (s *TypeSwitch) String() string {
+	from := s.Parent().pkg()
+	var b bytes.Buffer
+	fmt.Fprintf(&b, "TypeSwitch <%s> %s", relType(s.typ, from), relName(s.Tag, s))
+	for _, cond := range s.Conds {
+		fmt.Fprintf(&b, " %q", relType(cond, s.block.parent.pkg()))
+	}
+	return b.String()
 }
 
 func (s *Go) String() string {
-	return printCall(&s.Call, "go ", s)
+	return printCall(&s.Call, "Go", s)
 }
 
 func (s *Panic) String() string {
-	return "panic " + relName(s.X, s)
+	// Be robust against malformed CFG.
+	block := -1
+	if s.block != nil && len(s.block.Succs) == 1 {
+		block = s.block.Succs[0].Index
+	}
+	return fmt.Sprintf("Panic %s → b%d", relName(s.X, s), block)
 }
 
 func (s *Return) String() string {
 	var b bytes.Buffer
-	b.WriteString("return")
-	for i, r := range s.Results {
-		if i == 0 {
-			b.WriteString(" ")
-		} else {
-			b.WriteString(", ")
-		}
+	b.WriteString("Return")
+	for _, r := range s.Results {
+		b.WriteString(" ")
 		b.WriteString(relName(r, s))
 	}
 	return b.String()
 }
 
 func (*RunDefers) String() string {
-	return "rundefers"
+	return "RunDefers"
 }
 
 func (s *Send) String() string {
-	return fmt.Sprintf("send %s <- %s", relName(s.Chan, s), relName(s.X, s))
+	return fmt.Sprintf("Send %s %s", relName(s.Chan, s), relName(s.X, s))
+}
+
+func (recv *Recv) String() string {
+	from := recv.Parent().pkg()
+	return fmt.Sprintf("Recv <%s> %s", relType(recv.Type(), from), relName(recv.Chan, recv))
 }
 
 func (s *Defer) String() string {
-	return printCall(&s.Call, "defer ", s)
+	return printCall(&s.Call, "Defer", s)
 }
 
 func (s *Select) String() string {
@@ -341,21 +383,23 @@ func (s *Select) String() string {
 	}
 	non := ""
 	if !s.Blocking {
-		non = "non"
+		non = "Non"
 	}
-	return fmt.Sprintf("select %sblocking [%s]", non, b.String())
+	from := s.Parent().pkg()
+	return fmt.Sprintf("Select%sBlocking <%s> [%s]", non, relType(s.Type(), from), b.String())
 }
 
 func (s *Store) String() string {
-	return fmt.Sprintf("*%s = %s", relName(s.Addr, s), relName(s.Val, s))
+	return fmt.Sprintf("Store {%s} %s %s",
+		s.Val.Type(), relName(s.Addr, s), relName(s.Val, s))
 }
 
 func (s *BlankStore) String() string {
-	return fmt.Sprintf("_ = %s", relName(s.Val, s))
+	return fmt.Sprintf("BlankStore %s", relName(s.Val, s))
 }
 
 func (s *MapUpdate) String() string {
-	return fmt.Sprintf("%s[%s] = %s", relName(s.Map, s), relName(s.Key, s), relName(s.Value, s))
+	return fmt.Sprintf("MapUpdate %s %s %s", relName(s.Map, s), relName(s.Key, s), relName(s.Value, s))
 }
 
 func (s *DebugRef) String() string {
@@ -426,10 +470,3 @@ func WritePackage(buf *bytes.Buffer, p *Package) {
 
 	fmt.Fprintf(buf, "\n")
 }
-
-func commaOk(x bool) string {
-	if x {
-		return ",ok"
-	}
-	return ""
-}
diff --git a/vendor/honnef.co/go/tools/ssa/sanity.go b/vendor/honnef.co/go/tools/ir/sanity.go
similarity index 89%
rename from vendor/honnef.co/go/tools/ssa/sanity.go
rename to vendor/honnef.co/go/tools/ir/sanity.go
index 1d29b66b..ff9edbc6 100644
--- a/vendor/honnef.co/go/tools/ssa/sanity.go
+++ b/vendor/honnef.co/go/tools/ir/sanity.go
@@ -2,9 +2,9 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ssa
+package ir
 
-// An optional pass for sanity-checking invariants of the SSA representation.
+// An optional pass for sanity-checking invariants of the IR representation.
 // Currently it checks CFG invariants but little at the instruction level.
 
 import (
@@ -23,7 +23,7 @@ type sanity struct {
 	insane   bool
 }
 
-// sanityCheck performs integrity checking of the SSA representation
+// sanityCheck performs integrity checking of the IR representation
 // of the function fn and returns true if it was valid.  Diagnostics
 // are written to reporter if non-nil, os.Stderr otherwise.  Some
 // diagnostics are only warnings and do not imply a negative result.
@@ -89,8 +89,15 @@ func findDuplicate(blocks []*BasicBlock) *BasicBlock {
 
 func (s *sanity) checkInstr(idx int, instr Instruction) {
 	switch instr := instr.(type) {
-	case *If, *Jump, *Return, *Panic:
+	case *If, *Jump, *Return, *Panic, *Unreachable, *ConstantSwitch:
 		s.errorf("control flow instruction not at end of block")
+	case *Sigma:
+		if idx > 0 {
+			prev := s.block.Instrs[idx-1]
+			if _, ok := prev.(*Sigma); !ok {
+				s.errorf("Sigma instruction follows a non-Sigma: %T", prev)
+			}
+		}
 	case *Phi:
 		if idx == 0 {
 			// It suffices to apply this check to just the first phi node.
@@ -99,8 +106,10 @@ func (s *sanity) checkInstr(idx int, instr Instruction) {
 			}
 		} else {
 			prev := s.block.Instrs[idx-1]
-			if _, ok := prev.(*Phi); !ok {
-				s.errorf("Phi instruction follows a non-Phi: %T", prev)
+			switch prev.(type) {
+			case *Phi, *Sigma:
+			default:
+				s.errorf("Phi instruction follows a non-Phi, non-Sigma: %T", prev)
 			}
 		}
 		if ne, np := len(instr.Edges), len(s.block.Preds); ne != np {
@@ -109,7 +118,7 @@ func (s *sanity) checkInstr(idx int, instr Instruction) {
 		} else {
 			for i, e := range instr.Edges {
 				if e == nil {
-					s.errorf("phi node '%s' has no value for edge #%d from %s", instr.Comment, i, s.block.Preds[i])
+					s.errorf("phi node '%v' has no value for edge #%d from %s", instr, i, s.block.Preds[i])
 				}
 			}
 		}
@@ -146,7 +155,8 @@ func (s *sanity) checkInstr(idx int, instr Instruction) {
 	case *Go:
 	case *Index:
 	case *IndexAddr:
-	case *Lookup:
+	case *MapLookup:
+	case *StringLookup:
 	case *MakeChan:
 	case *MakeClosure:
 		numFree := len(instr.Fn.(*Function).FreeVars)
@@ -175,8 +185,11 @@ func (s *sanity) checkInstr(idx int, instr Instruction) {
 	case *UnOp:
 	case *DebugRef:
 	case *BlankStore:
-	case *Sigma:
-		// TODO(adonovan): implement checks.
+	case *Load:
+	case *Parameter:
+	case *Const:
+	case *Recv:
+	case *TypeSwitch:
 	default:
 		panic(fmt.Sprintf("Unknown instruction type: %T", instr))
 	}
@@ -196,7 +209,9 @@ func (s *sanity) checkInstr(idx int, instr Instruction) {
 		} else if t == tRangeIter {
 			// not a proper type; ignore.
 		} else if b, ok := t.Underlying().(*types.Basic); ok && b.Info()&types.IsUntyped != 0 {
-			s.errorf("instruction has 'untyped' result: %s = %s : %s", v.Name(), v, t)
+			if _, ok := v.(*Const); !ok {
+				s.errorf("instruction has 'untyped' result: %s = %s : %s", v.Name(), v, t)
+			}
 		}
 		s.checkReferrerList(v)
 	}
@@ -239,11 +254,19 @@ func (s *sanity) checkFinalInstr(instr Instruction) {
 		}
 
 	case *Panic:
-		if nsuccs := len(s.block.Succs); nsuccs != 0 {
-			s.errorf("Panic-terminated block has %d successors; expected none", nsuccs)
+		if nsuccs := len(s.block.Succs); nsuccs != 1 {
+			s.errorf("Panic-terminated block has %d successors; expected one", nsuccs)
 			return
 		}
 
+	case *Unreachable:
+		if nsuccs := len(s.block.Succs); nsuccs != 1 {
+			s.errorf("Unreachable-terminated block has %d successors; expected one", nsuccs)
+			return
+		}
+
+	case *ConstantSwitch:
+
 	default:
 		s.errorf("non-control flow instruction at end of block")
 	}
@@ -260,9 +283,8 @@ func (s *sanity) checkBlock(b *BasicBlock, index int) {
 	}
 
 	// Check all blocks are reachable.
-	// (The entry block is always implicitly reachable,
-	// as is the Recover block, if any.)
-	if (index > 0 && b != b.parent.Recover) && len(b.Preds) == 0 {
+	// (The entry block is always implicitly reachable, the exit block may be unreachable.)
+	if index > 1 && len(b.Preds) == 0 {
 		s.warnf("unreachable block")
 		if b.Instrs == nil {
 			// Since this block is about to be pruned,
@@ -395,7 +417,11 @@ func (s *sanity) checkReferrerList(v Value) {
 	}
 	for i, ref := range *refs {
 		if _, ok := s.instrs[ref]; !ok {
-			s.errorf("%s.Referrers()[%d] = %s is not an instruction belonging to this function", v.Name(), i, ref)
+			if val, ok := ref.(Value); ok {
+				s.errorf("%s.Referrers()[%d] = %s = %s is not an instruction belonging to this function", v.Name(), i, val.Name(), val)
+			} else {
+				s.errorf("%s.Referrers()[%d] = %s is not an instruction belonging to this function", v.Name(), i, ref)
+			}
 		}
 	}
 }
@@ -426,7 +452,7 @@ func (s *sanity) checkFunction(fn *Function) bool {
 			s.errorf("nil Pkg")
 		}
 	}
-	if src, syn := fn.Synthetic == "", fn.Syntax() != nil; src != syn {
+	if src, syn := fn.Synthetic == "", fn.source != nil; src != syn {
 		s.errorf("got fromSource=%t, hasSyntax=%t; want same values", src, syn)
 	}
 	for i, l := range fn.Locals {
@@ -481,9 +507,6 @@ func (s *sanity) checkFunction(fn *Function) bool {
 		}
 		s.checkBlock(b, i)
 	}
-	if fn.Recover != nil && fn.Blocks[fn.Recover.Index] != fn.Recover {
-		s.errorf("Recover block is not in Blocks slice")
-	}
 
 	s.block = nil
 	for i, anon := range fn.AnonFuncs {
@@ -522,14 +545,11 @@ func sanityCheckPackage(pkg *Package) {
 		if obj.Name() != name {
 			if obj.Name() == "init" && strings.HasPrefix(mem.Name(), "init#") {
 				// Ok.  The name of a declared init function varies between
-				// its types.Func ("init") and its ssa.Function ("init#%d").
+				// its types.Func ("init") and its ir.Function ("init#%d").
 			} else {
 				panic(fmt.Sprintf("%s: %T.Object().Name() = %s, want %s",
 					pkg.Pkg.Path(), mem, obj.Name(), name))
 			}
 		}
-		if obj.Pos() != mem.Pos() {
-			panic(fmt.Sprintf("%s Pos=%d obj.Pos=%d", mem, mem.Pos(), obj.Pos()))
-		}
 	}
 }
diff --git a/vendor/honnef.co/go/tools/ssa/source.go b/vendor/honnef.co/go/tools/ir/source.go
similarity index 80%
rename from vendor/honnef.co/go/tools/ssa/source.go
rename to vendor/honnef.co/go/tools/ir/source.go
index 8d9cca17..93d1ccbd 100644
--- a/vendor/honnef.co/go/tools/ssa/source.go
+++ b/vendor/honnef.co/go/tools/ir/source.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ssa
+package ir
 
 // This file defines utilities for working with source positions
 // or source-level named entities ("objects").
@@ -25,7 +25,7 @@ import (
 // Returns nil if not found; reasons might include:
 //    - the node is not enclosed by any function.
 //    - the node is within an anonymous function (FuncLit) and
-//      its SSA function has not been created yet
+//      its IR function has not been created yet
 //      (pkg.Build() has not yet been called).
 //
 func EnclosingFunction(pkg *Package, path []ast.Node) *Function {
@@ -46,7 +46,7 @@ outer:
 					continue outer
 				}
 			}
-			// SSA function not found:
+			// IR function not found:
 			// - package not yet built, or maybe
 			// - builder skipped FuncLit in dead block
 			//   (in principle; but currently the Builder
@@ -62,9 +62,9 @@ outer:
 // package-level variable.
 //
 // Unlike EnclosingFunction, the behaviour of this function does not
-// depend on whether SSA code for pkg has been built, so it can be
+// depend on whether IR code for pkg has been built, so it can be
 // used to quickly reject check inputs that will cause
-// EnclosingFunction to fail, prior to SSA building.
+// EnclosingFunction to fail, prior to IR building.
 //
 func HasEnclosingFunction(pkg *Package, path []ast.Node) bool {
 	return findEnclosingPackageLevelFunction(pkg, path) != nil
@@ -83,23 +83,14 @@ func findEnclosingPackageLevelFunction(pkg *Package, path []ast.Node) *Function
 			}
 
 		case *ast.FuncDecl:
-			if decl.Recv == nil && decl.Name.Name == "init" {
-				// Explicit init() function.
-				for _, b := range pkg.init.Blocks {
-					for _, instr := range b.Instrs {
-						if instr, ok := instr.(*Call); ok {
-							if callee, ok := instr.Call.Value.(*Function); ok && callee.Pkg == pkg && callee.Pos() == decl.Name.NamePos {
-								return callee
-							}
-						}
-					}
-				}
-				// Hack: return non-nil when SSA is not yet
+			// Declared function/method.
+			fn := findNamedFunc(pkg, decl.Pos())
+			if fn == nil && decl.Recv == nil && decl.Name.Name == "init" {
+				// Hack: return non-nil when IR is not yet
 				// built so that HasEnclosingFunction works.
 				return pkg.init
 			}
-			// Declared function/method.
-			return findNamedFunc(pkg, decl.Name.NamePos)
+			return fn
 		}
 	}
 	return nil // not in any function
@@ -109,29 +100,15 @@ func findEnclosingPackageLevelFunction(pkg *Package, path []ast.Node) *Function
 // position pos.
 //
 func findNamedFunc(pkg *Package, pos token.Pos) *Function {
-	// Look at all package members and method sets of named types.
-	// Not very efficient.
-	for _, mem := range pkg.Members {
-		switch mem := mem.(type) {
-		case *Function:
-			if mem.Pos() == pos {
-				return mem
-			}
-		case *Type:
-			mset := pkg.Prog.MethodSets.MethodSet(types.NewPointer(mem.Type()))
-			for i, n := 0, mset.Len(); i < n; i++ {
-				// Don't call Program.Method: avoid creating wrappers.
-				obj := mset.At(i).Obj().(*types.Func)
-				if obj.Pos() == pos {
-					return pkg.values[obj].(*Function)
-				}
-			}
+	for _, fn := range pkg.Functions {
+		if fn.Pos() == pos {
+			return fn
 		}
 	}
 	return nil
 }
 
-// ValueForExpr returns the SSA Value that corresponds to non-constant
+// ValueForExpr returns the IR Value that corresponds to non-constant
 // expression e.
 //
 // It returns nil if no value was found, e.g.
@@ -149,10 +126,10 @@ func findNamedFunc(pkg *Package, pos token.Pos) *Function {
 // The types of e (or &e, if isAddr) and the result are equal
 // (modulo "untyped" bools resulting from comparisons).
 //
-// (Tip: to find the ssa.Value given a source position, use
+// (Tip: to find the ir.Value given a source position, use
 // astutil.PathEnclosingInterval to locate the ast.Node, then
 // EnclosingFunction to locate the Function, then ValueForExpr to find
-// the ssa.Value.)
+// the ir.Value.)
 //
 func (f *Function) ValueForExpr(e ast.Expr) (value Value, isAddr bool) {
 	if f.debugInfo() { // (opt)
@@ -172,9 +149,9 @@ func (f *Function) ValueForExpr(e ast.Expr) (value Value, isAddr bool) {
 
 // --- Lookup functions for source-level named entities (types.Objects) ---
 
-// Package returns the SSA Package corresponding to the specified
+// Package returns the IR Package corresponding to the specified
 // type-checker package object.
-// It returns nil if no such SSA package has been created.
+// It returns nil if no such IR package has been created.
 //
 func (prog *Program) Package(obj *types.Package) *Package {
 	return prog.packages[obj]
@@ -203,7 +180,7 @@ func (prog *Program) FuncValue(obj *types.Func) *Function {
 	return fn
 }
 
-// ConstValue returns the SSA Value denoted by the source-level named
+// ConstValue returns the IR Value denoted by the source-level named
 // constant obj.
 //
 func (prog *Program) ConstValue(obj *types.Const) *Const {
@@ -221,12 +198,12 @@ func (prog *Program) ConstValue(obj *types.Const) *Const {
 	return NewConst(obj.Val(), obj.Type())
 }
 
-// VarValue returns the SSA Value that corresponds to a specific
+// VarValue returns the IR Value that corresponds to a specific
 // identifier denoting the source-level named variable obj.
 //
 // VarValue returns nil if a local variable was not found, perhaps
 // because its package was not built, the debug information was not
-// requested during SSA construction, or the value was optimized away.
+// requested during IR construction, or the value was optimized away.
 //
 // ref is the path to an ast.Ident (e.g. from PathEnclosingInterval),
 // and that ident must resolve to obj.
@@ -252,14 +229,14 @@ func (prog *Program) ConstValue(obj *types.Const) *Const {
 //
 // It is not specified whether the value or the address is returned in
 // any particular case, as it may depend upon optimizations performed
-// during SSA code generation, such as registerization, constant
+// during IR code generation, such as registerization, constant
 // folding, avoidance of materialization of subexpressions, etc.
 //
 func (prog *Program) VarValue(obj *types.Var, pkg *Package, ref []ast.Node) (value Value, isAddr bool) {
 	// All references to a var are local to some function, possibly init.
 	fn := EnclosingFunction(pkg, ref)
 	if fn == nil {
-		return // e.g. def of struct field; SSA not built?
+		return // e.g. def of struct field; IR not built?
 	}
 
 	id := ref[0].(*ast.Ident)
diff --git a/vendor/honnef.co/go/tools/ssa/ssa.go b/vendor/honnef.co/go/tools/ir/ssa.go
similarity index 78%
rename from vendor/honnef.co/go/tools/ssa/ssa.go
rename to vendor/honnef.co/go/tools/ir/ssa.go
index aeddd65e..49693045 100644
--- a/vendor/honnef.co/go/tools/ssa/ssa.go
+++ b/vendor/honnef.co/go/tools/ir/ssa.go
@@ -2,10 +2,10 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ssa
+package ir
 
 // This package defines a high-level intermediate representation for
-// Go programs using static single-assignment (SSA) form.
+// Go programs using static single-information (SSI) form.
 
 import (
 	"fmt"
@@ -18,12 +18,15 @@ import (
 	"golang.org/x/tools/go/types/typeutil"
 )
 
-// A Program is a partial or complete Go program converted to SSA form.
+type ID int
+
+// A Program is a partial or complete Go program converted to IR form.
 type Program struct {
 	Fset       *token.FileSet              // position information for the files of this Program
+	PrintFunc  string                      // create ir.html for function specified in PrintFunc
 	imported   map[string]*Package         // all importable Packages, keyed by import path
 	packages   map[*types.Package]*Package // all loaded Packages, keyed by object
-	mode       BuilderMode                 // set of mode bits for SSA construction
+	mode       BuilderMode                 // set of mode bits for IR construction
 	MethodSets typeutil.MethodSetCache     // cache of type-checker's method-sets
 
 	methodsMu    sync.Mutex                 // guards the following maps:
@@ -44,12 +47,14 @@ type Program struct {
 // and unspecified other things too.
 //
 type Package struct {
-	Prog    *Program               // the owning program
-	Pkg     *types.Package         // the corresponding go/types.Package
-	Members map[string]Member      // all package members keyed by name (incl. init and init#%d)
-	values  map[types.Object]Value // package members (incl. types and methods), keyed by object
-	init    *Function              // Func("init"); the package's init function
-	debug   bool                   // include full debug info in this package
+	Prog      *Program               // the owning program
+	Pkg       *types.Package         // the corresponding go/types.Package
+	Members   map[string]Member      // all package members keyed by name (incl. init and init#%d)
+	Functions []*Function            // all functions, excluding anonymous ones
+	values    map[types.Object]Value // package members (incl. types and methods), keyed by object
+	init      *Function              // Func("init"); the package's init function
+	debug     bool                   // include full debug info in this package
+	printFunc string                 // which function to print in HTML form
 
 	// The following fields are set transiently, then cleared
 	// after building.
@@ -68,7 +73,6 @@ type Member interface {
 	String() string                  // package-qualified name of the package member
 	RelString(*types.Package) string // like String, but relative refs are unqualified
 	Object() types.Object            // typechecker's object for this member, if any
-	Pos() token.Pos                  // position of member's declaration, if known
 	Type() types.Type                // type of the package member
 	Token() token.Token              // token.{VAR,FUNC,CONST,TYPE}
 	Package() *Package               // the containing package
@@ -95,8 +99,10 @@ type NamedConst struct {
 	pkg    *Package
 }
 
-// A Value is an SSA value that can be referenced by an instruction.
+// A Value is an IR value that can be referenced by an instruction.
 type Value interface {
+	setID(ID)
+
 	// Name returns the name of this value, and determines how
 	// this Value appears when used as an operand of an
 	// Instruction.
@@ -107,10 +113,21 @@ type Value interface {
 	// and type.  For all other Values this is the name of the
 	// virtual register defined by the instruction.
 	//
-	// The name of an SSA Value is not semantically significant,
+	// The name of an IR Value is not semantically significant,
 	// and may not even be unique within a function.
 	Name() string
 
+	// ID returns the ID of this value. IDs are unique within a single
+	// function and are densely numbered, but may contain gaps.
+	// Values and other Instructions share the same ID space.
+	// Globally, values are identified by their addresses. However,
+	// IDs exist to facilitate efficient storage of mappings between
+	// values and data when analysing functions.
+	//
+	// NB: IDs are allocated late in the IR construction process and
+	// are not available to early stages of said process.
+	ID() ID
+
 	// If this value is an Instruction, String returns its
 	// disassembled form; otherwise it returns unspecified
 	// human-readable information about the Value, such as its
@@ -123,7 +140,7 @@ type Value interface {
 	Type() types.Type
 
 	// Parent returns the function to which this Value belongs.
-	// It returns nil for named Functions, Builtin, Const and Global.
+	// It returns nil for named Functions, Builtin and Global.
 	Parent() *Function
 
 	// Referrers returns the list of instructions that have this
@@ -136,29 +153,27 @@ type Value interface {
 	// Referrers is currently only defined if Parent()!=nil,
 	// i.e. for the function-local values FreeVar, Parameter,
 	// Functions (iff anonymous) and all value-defining instructions.
-	// It returns nil for named Functions, Builtin, Const and Global.
+	// It returns nil for named Functions, Builtin and Global.
 	//
 	// Instruction.Operands contains the inverse of this relation.
 	Referrers() *[]Instruction
 
-	// Pos returns the location of the AST token most closely
-	// associated with the operation that gave rise to this value,
-	// or token.NoPos if it was not explicit in the source.
+	Operands(rands []*Value) []*Value // nil for non-Instructions
+
+	// Source returns the AST node responsible for creating this
+	// value. A single AST node may be responsible for more than one
+	// value, and not all values have an associated AST node.
 	//
-	// For each ast.Node type, a particular token is designated as
-	// the closest location for the expression, e.g. the Lparen
-	// for an *ast.CallExpr.  This permits a compact but
-	// approximate mapping from Values to source positions for use
-	// in diagnostic messages, for example.
-	//
-	// (Do not use this position to determine which Value
-	// corresponds to an ast.Expr; use Function.ValueForExpr
-	// instead.  NB: it requires that the function was built with
-	// debug information.)
+	// Do not use this method to find a Value given an ast.Expr; use
+	// ValueForExpr instead.
+	Source() ast.Node
+
+	// Pos returns Source().Pos() if Source is not nil, else it
+	// returns token.NoPos.
 	Pos() token.Pos
 }
 
-// An Instruction is an SSA instruction that computes a new Value or
+// An Instruction is an IR instruction that computes a new Value or
 // has some effect.
 //
 // An Instruction that defines a value (e.g. BinOp) also implements
@@ -166,23 +181,36 @@ type Value interface {
 // does not.
 //
 type Instruction interface {
+	setSource(ast.Node)
+	setID(ID)
+
 	// String returns the disassembled form of this value.
 	//
 	// Examples of Instructions that are Values:
-	//       "x + y"     (BinOp)
-	//       "len([])"   (Call)
+	//       "BinOp <int> {+} t1 t2"  (BinOp)
+	//       "Call <int> len t1"      (Call)
 	// Note that the name of the Value is not printed.
 	//
 	// Examples of Instructions that are not Values:
-	//       "return x"  (Return)
-	//       "*y = x"    (Store)
+	//       "Return t1"              (Return)
+	//       "Store {int} t2 t1"      (Store)
 	//
-	// (The separation Value.Name() from Value.String() is useful
+	// (The separation of Value.Name() from Value.String() is useful
 	// for some analyses which distinguish the operation from the
 	// value it defines, e.g., 'y = local int' is both an allocation
 	// of memory 'local int' and a definition of a pointer y.)
 	String() string
 
+	// ID returns the ID of this instruction. IDs are unique within a single
+	// function and are densely numbered, but may contain gaps.
+	// Globally, instructions are identified by their addresses. However,
+	// IDs exist to facilitate efficient storage of mappings between
+	// instructions and data when analysing functions.
+	//
+	// NB: IDs are allocated late in the IR construction process and
+	// are not available to early stages of said process.
+	ID() ID
+
 	// Parent returns the function to which this instruction
 	// belongs.
 	Parent() *Function
@@ -212,39 +240,37 @@ type Instruction interface {
 	// Values.)
 	Operands(rands []*Value) []*Value
 
-	// Pos returns the location of the AST token most closely
-	// associated with the operation that gave rise to this
-	// instruction, or token.NoPos if it was not explicit in the
-	// source.
-	//
-	// For each ast.Node type, a particular token is designated as
-	// the closest location for the expression, e.g. the Go token
-	// for an *ast.GoStmt.  This permits a compact but approximate
-	// mapping from Instructions to source positions for use in
-	// diagnostic messages, for example.
-	//
-	// (Do not use this position to determine which Instruction
-	// corresponds to an ast.Expr; see the notes for Value.Pos.
-	// This position may be used to determine which non-Value
-	// Instruction corresponds to some ast.Stmts, but not all: If
-	// and Jump instructions have no Pos(), for example.)
+	Referrers() *[]Instruction // nil for non-Values
+
+	// Source returns the AST node responsible for creating this
+	// instruction. A single AST node may be responsible for more than
+	// one instruction, and not all instructions have an associated
+	// AST node.
+	Source() ast.Node
+
+	// Pos returns Source().Pos() if Source is not nil, else it
+	// returns token.NoPos.
 	Pos() token.Pos
 }
 
-// A Node is a node in the SSA value graph.  Every concrete type that
+// A Node is a node in the IR value graph.  Every concrete type that
 // implements Node is also either a Value, an Instruction, or both.
 //
 // Node contains the methods common to Value and Instruction, plus the
 // Operands and Referrers methods generalized to return nil for
 // non-Instructions and non-Values, respectively.
 //
-// Node is provided to simplify SSA graph algorithms.  Clients should
+// Node is provided to simplify IR graph algorithms.  Clients should
 // use the more specific and informative Value or Instruction
 // interfaces where appropriate.
 //
 type Node interface {
+	setID(ID)
+
 	// Common methods:
+	ID() ID
 	String() string
+	Source() ast.Node
 	Pos() token.Pos
 	Parent() *Function
 
@@ -267,11 +293,6 @@ type Node interface {
 // the disassembly.
 // To iterate over the blocks in dominance order, use DomPreorder().
 //
-// Recover is an optional second entry point to which control resumes
-// after a recovered panic.  The Recover block may contain only a return
-// statement, preceded by a load of the function's named return
-// parameters, if any.
-//
 // A nested function (Parent()!=nil) that refers to one or more
 // lexically enclosing local variables ("free variables") has FreeVars.
 // Such functions cannot be called directly but require a
@@ -294,44 +315,63 @@ type Node interface {
 // Type() returns the function's Signature.
 //
 type Function struct {
+	node
+
 	name      string
 	object    types.Object     // a declared *types.Func or one of its wrappers
 	method    *types.Selection // info about provenance of synthetic methods
 	Signature *types.Signature
-	pos       token.Pos
 
-	Synthetic string        // provenance of synthetic function; "" for true source functions
-	syntax    ast.Node      // *ast.Func{Decl,Lit}; replaced with simple ast.Node after build, unless debug mode
-	parent    *Function     // enclosing function if anon; nil if global
-	Pkg       *Package      // enclosing package; nil for shared funcs (wrappers and error.Error)
-	Prog      *Program      // enclosing program
-	Params    []*Parameter  // function parameters; for methods, includes receiver
-	FreeVars  []*FreeVar    // free variables whose values must be supplied by closure
-	Locals    []*Alloc      // local variables of this function
-	Blocks    []*BasicBlock // basic blocks of the function; nil => external
-	Recover   *BasicBlock   // optional; control transfers here after recovered panic
-	AnonFuncs []*Function   // anonymous functions directly beneath this one
-	referrers []Instruction // referring instructions (iff Parent() != nil)
+	Synthetic  string        // provenance of synthetic function; "" for true source functions
+	parent     *Function     // enclosing function if anon; nil if global
+	Pkg        *Package      // enclosing package; nil for shared funcs (wrappers and error.Error)
+	Prog       *Program      // enclosing program
+	Params     []*Parameter  // function parameters; for methods, includes receiver
+	FreeVars   []*FreeVar    // free variables whose values must be supplied by closure
+	Locals     []*Alloc      // local variables of this function
+	Blocks     []*BasicBlock // basic blocks of the function; nil => external
+	Exit       *BasicBlock   // The function's exit block
+	AnonFuncs  []*Function   // anonymous functions directly beneath this one
+	referrers  []Instruction // referring instructions (iff Parent() != nil)
+	WillExit   bool          // Calling this function will always terminate the process
+	WillUnwind bool          // Calling this function will always unwind (it will call runtime.Goexit or panic)
 
-	// The following fields are set transiently during building,
-	// then cleared.
-	currentBlock *BasicBlock             // where to emit code
-	objects      map[types.Object]Value  // addresses of local variables
-	namedResults []*Alloc                // tuple of named results
-	targets      *targets                // linked stack of branch targets
-	lblocks      map[*ast.Object]*lblock // labelled blocks
+	*functionBody
 }
 
-// BasicBlock represents an SSA basic block.
+type functionBody struct {
+	// The following fields are set transiently during building,
+	// then cleared.
+	currentBlock    *BasicBlock             // where to emit code
+	objects         map[types.Object]Value  // addresses of local variables
+	namedResults    []*Alloc                // tuple of named results
+	implicitResults []*Alloc                // tuple of results
+	targets         *targets                // linked stack of branch targets
+	lblocks         map[*ast.Object]*lblock // labelled blocks
+	consts          []*Const
+	wr              *HTMLWriter
+	fakeExits       BlockSet
+	blocksets       [5]BlockSet
+	hasDefer        bool
+}
+
+func (fn *Function) results() []*Alloc {
+	if len(fn.namedResults) > 0 {
+		return fn.namedResults
+	}
+	return fn.implicitResults
+}
+
+// BasicBlock represents an IR basic block.
 //
 // The final element of Instrs is always an explicit transfer of
-// control (If, Jump, Return, or Panic).
+// control (If, Jump, Return, Panic, or Unreachable).
 //
 // A block may contain no Instructions only if it is unreachable,
 // i.e., Preds is nil.  Empty blocks are typically pruned.
 //
 // BasicBlocks and their Preds/Succs relation form a (possibly cyclic)
-// graph independent of the SSA Value graph: the control-flow graph or
+// graph independent of the IR Value graph: the control-flow graph or
 // CFG.  It is illegal for multiple edges to exist between the same
 // pair of blocks.
 //
@@ -350,8 +390,10 @@ type BasicBlock struct {
 	Preds, Succs []*BasicBlock  // predecessors and successors
 	succs2       [2]*BasicBlock // initial space for Succs
 	dom          domInfo        // dominator tree info
-	gaps         int            // number of nil Instrs (transient)
-	rundefers    int            // number of rundefers (transient)
+	pdom         domInfo        // post-dominator tree info
+	post         int
+	gaps         int // number of nil Instrs (transient)
+	rundefers    int // number of rundefers (transient)
 }
 
 // Pure values ----------------------------------------
@@ -373,9 +415,10 @@ type BasicBlock struct {
 // belongs to an enclosing function.
 //
 type FreeVar struct {
+	node
+
 	name      string
 	typ       types.Type
-	pos       token.Pos
 	parent    *Function
 	referrers []Instruction
 
@@ -386,12 +429,10 @@ type FreeVar struct {
 // A Parameter represents an input parameter of a function.
 //
 type Parameter struct {
-	name      string
-	object    types.Object // a *types.Var; nil for non-source locals
-	typ       types.Type
-	pos       token.Pos
-	parent    *Function
-	referrers []Instruction
+	register
+
+	name   string
+	object types.Object // a *types.Var; nil for non-source locals
 }
 
 // A Const represents the value of a constant expression.
@@ -411,12 +452,13 @@ type Parameter struct {
 // Pos() returns token.NoPos.
 //
 // Example printed form:
-// 	42:int
-//	"hello":untyped string
-//	3+4i:MyComplex
+// 	Const <int> {42}
+// 	Const <untyped string> {"test"}
+// 	Const <MyComplex> {(3 + 4i)}
 //
 type Const struct {
-	typ   types.Type
+	register
+
 	Value constant.Value
 }
 
@@ -427,10 +469,11 @@ type Const struct {
 // identifier.
 //
 type Global struct {
+	node
+
 	name   string
 	object types.Object // a *types.Var; may be nil for synthetics e.g. init$guard
 	typ    types.Type
-	pos    token.Pos
 
 	Pkg *Package
 }
@@ -441,12 +484,12 @@ type Global struct {
 // Builtins can only appear in CallCommon.Func.
 //
 // Name() indicates the function: one of the built-in functions from the
-// Go spec (excluding "make" and "new") or one of these ssa-defined
+// Go spec (excluding "make" and "new") or one of these ir-defined
 // intrinsics:
 //
 //   // wrapnilchk returns ptr if non-nil, panics otherwise.
 //   // (For use in indirection wrappers.)
-//   func ssa:wrapnilchk(ptr *T, recvType, methodName string) *T
+//   func ir:wrapnilchk(ptr *T, recvType, methodName string) *T
 //
 // Object() returns a *types.Builtin for built-ins defined by the spec,
 // nil for others.
@@ -455,6 +498,8 @@ type Global struct {
 // signature of the built-in for this call.
 //
 type Builtin struct {
+	node
+
 	name string
 	sig  *types.Signature
 }
@@ -470,12 +515,12 @@ type Builtin struct {
 //
 // If Heap is false, Alloc allocates space in the function's
 // activation record (frame); we refer to an Alloc(Heap=false) as a
-// "local" alloc.  Each local Alloc returns the same address each time
+// "stack" alloc.  Each stack Alloc returns the same address each time
 // it is executed within the same activation; the space is
 // re-initialized to zero.
 //
 // If Heap is true, Alloc allocates space in the heap; we
-// refer to an Alloc(Heap=true) as a "new" alloc.  Each new Alloc
+// refer to an Alloc(Heap=true) as a "heap" alloc.  Each heap Alloc
 // returns a different address each time it is executed.
 //
 // When Alloc is applied to a channel, map or slice type, it returns
@@ -488,44 +533,43 @@ type Builtin struct {
 // allocates a varargs slice.
 //
 // Example printed form:
-// 	t0 = local int
-// 	t1 = new int
+// 	t1 = StackAlloc <*int>
+// 	t2 = HeapAlloc <*int> (new)
 //
 type Alloc struct {
 	register
-	Comment string
-	Heap    bool
-	index   int // dense numbering; for lifting
+	Heap  bool
+	index int // dense numbering; for lifting
 }
 
 var _ Instruction = (*Sigma)(nil)
 var _ Value = (*Sigma)(nil)
 
+// The Sigma instruction represents an SSI σ-node, which splits values
+// at branches in the control flow.
+//
+// Conceptually, σ-nodes exist at the end of blocks that branch and
+// constitute parallel assignments to one value per destination block.
+// However, such a representation would be awkward to work with, so
+// instead we place σ-nodes at the beginning of branch targets. The
+// From field denotes to which incoming edge the node applies.
+//
+// Within a block, all σ-nodes must appear before all non-σ nodes.
+//
+// Example printed form:
+// 	t2 = Sigma <int> [#0] t1 (x)
+//
 type Sigma struct {
 	register
-	X      Value
-	Branch bool
-}
+	From *BasicBlock
+	X    Value
 
-func (p *Sigma) Value() Value {
-	v := p.X
-	for {
-		sigma, ok := v.(*Sigma)
-		if !ok {
-			break
-		}
-		v = sigma
-	}
-	return v
-}
-
-func (p *Sigma) String() string {
-	return fmt.Sprintf("σ [%s.%t]", relName(p.X, p), p.Branch)
+	live bool // used during lifting
 }
 
 // The Phi instruction represents an SSA φ-node, which combines values
 // that differ across incoming control-flow edges and yields a new
-// value.  Within a block, all φ-nodes must appear before all non-φ
+// value.  Within a block, all φ-nodes must appear before all non-φ, non-σ
 // nodes.
 //
 // Pos() returns the position of the && or || for short-circuit
@@ -533,12 +577,13 @@ func (p *Sigma) String() string {
 // during SSA renaming.
 //
 // Example printed form:
-// 	t2 = phi [0: t0, 1: t1]
+// 	t3 = Phi <int> 2:t1 4:t2 (x)
 //
 type Phi struct {
 	register
-	Comment string  // a hint as to its purpose
-	Edges   []Value // Edges[i] is value for Block().Preds[i]
+	Edges []Value // Edges[i] is value for Block().Preds[i]
+
+	live bool // used during lifting
 }
 
 // The Call instruction represents a function or method call.
@@ -552,9 +597,9 @@ type Phi struct {
 // Pos() returns the ast.CallExpr.Lparen, if explicit in the source.
 //
 // Example printed form:
-// 	t2 = println(t0, t1)
-// 	t4 = t3()
-// 	t7 = invoke t5.Println(...t6)
+// 	t3 = Call <()> println t1 t2
+// 	t4 = Call <()> foo$1
+// 	t6 = Invoke <string> t5.String
 //
 type Call struct {
 	register
@@ -566,7 +611,7 @@ type Call struct {
 // Pos() returns the ast.BinaryExpr.OpPos, if explicit in the source.
 //
 // Example printed form:
-// 	t1 = t0 + 1:int
+// 	t3 = BinOp <int> {+} t2 t1
 //
 type BinOp struct {
 	register
@@ -579,32 +624,32 @@ type BinOp struct {
 }
 
 // The UnOp instruction yields the result of Op X.
-// ARROW is channel receive.
-// MUL is pointer indirection (load).
 // XOR is bitwise complement.
 // SUB is negation.
 // NOT is logical negation.
 //
-// If CommaOk and Op=ARROW, the result is a 2-tuple of the value above
-// and a boolean indicating the success of the receive.  The
-// components of the tuple are accessed using Extract.
 //
-// Pos() returns the ast.UnaryExpr.OpPos, if explicit in the source.
-// For receive operations (ARROW) implicit in ranging over a channel,
-// Pos() returns the ast.RangeStmt.For.
-// For implicit memory loads (STAR), Pos() returns the position of the
+// Example printed form:
+// 	t2 = UnOp <int> {^} t1
+//
+type UnOp struct {
+	register
+	Op token.Token // One of: NOT SUB XOR ! - ^
+	X  Value
+}
+
+// The Load instruction loads a value from a memory address.
+//
+// For implicit memory loads, Pos() returns the position of the
 // most closely associated source-level construct; the details are not
 // specified.
 //
 // Example printed form:
-// 	t0 = *x
-// 	t2 = <-t1,ok
+// 	t2 = Load <int> t1
 //
-type UnOp struct {
+type Load struct {
 	register
-	Op      token.Token // One of: NOT SUB ARROW MUL XOR ! - <- * ^
-	X       Value
-	CommaOk bool
+	X Value
 }
 
 // The ChangeType instruction applies to X a value-preserving type
@@ -623,7 +668,7 @@ type UnOp struct {
 // from an explicit conversion in the source.
 //
 // Example printed form:
-// 	t1 = changetype *int <- IntPtr (t0)
+// 	t2 = ChangeType <*T> t1
 //
 type ChangeType struct {
 	register
@@ -646,13 +691,13 @@ type ChangeType struct {
 // This operation cannot fail dynamically.
 //
 // Conversions of untyped string/number/bool constants to a specific
-// representation are eliminated during SSA construction.
+// representation are eliminated during IR construction.
 //
 // Pos() returns the ast.CallExpr.Lparen, if the instruction arose
 // from an explicit conversion in the source.
 //
 // Example printed form:
-// 	t1 = convert []byte <- string (t0)
+// 	t2 = Convert <[]byte> t1
 //
 type Convert struct {
 	register
@@ -669,7 +714,7 @@ type Convert struct {
 // otherwise.
 //
 // Example printed form:
-// 	t1 = change interface interface{} <- I (t0)
+// 	t2 = ChangeInterface <I1> t1
 //
 type ChangeInterface struct {
 	register
@@ -689,8 +734,7 @@ type ChangeInterface struct {
 // from an explicit conversion in the source.
 //
 // Example printed form:
-// 	t1 = make interface{} <- int (42:int)
-// 	t2 = make Stringer <- t0
+// 	t2 = MakeInterface <interface{}> t1
 //
 type MakeInterface struct {
 	register
@@ -706,8 +750,8 @@ type MakeInterface struct {
 // closure or the ast.SelectorExpr.Sel for a bound method closure.
 //
 // Example printed form:
-// 	t0 = make closure anon@1.2 [x y z]
-// 	t1 = make closure bound$(main.I).add [i]
+// 	t1 = MakeClosure <func()> foo$1 t1 t2
+// 	t5 = MakeClosure <func(int)> (T).foo$bound t4
 //
 type MakeClosure struct {
 	register
@@ -724,8 +768,8 @@ type MakeClosure struct {
 // the ast.CompositeLit.Lbrack if created by a literal.
 //
 // Example printed form:
-// 	t1 = make map[string]int t0
-// 	t1 = make StringIntMap t0
+// 	t1 = MakeMap <map[string]int>
+// 	t2 = MakeMap <StringIntMap> t1
 //
 type MakeMap struct {
 	register
@@ -741,8 +785,8 @@ type MakeMap struct {
 // created it.
 //
 // Example printed form:
-// 	t0 = make chan int 0
-// 	t0 = make IntChan 0
+// 	t3 = MakeChan <chan int> t1
+// 	t4 = MakeChan <chan IntChan> t2
 //
 type MakeChan struct {
 	register
@@ -763,8 +807,8 @@ type MakeChan struct {
 // created it.
 //
 // Example printed form:
-// 	t1 = make []string 1:int t0
-// 	t1 = make StringSlice 1:int t0
+// 	t3 = MakeSlice <[]string> t1 t2
+// 	t4 = MakeSlice <StringSlice> t1 t2
 //
 type MakeSlice struct {
 	register
@@ -786,7 +830,7 @@ type MakeSlice struct {
 // NoPos if not explicit in the source (e.g. a variadic argument slice).
 //
 // Example printed form:
-// 	t1 = slice t0[1:]
+// 	t4 = Slice <[]int> t3 t2 t1 <nil>
 //
 type Slice struct {
 	register
@@ -808,7 +852,7 @@ type Slice struct {
 // field, if explicit in the source.
 //
 // Example printed form:
-// 	t1 = &t0.name [#1]
+// 	t2 = FieldAddr <*int> [0] (X) t1
 //
 type FieldAddr struct {
 	register
@@ -826,7 +870,7 @@ type FieldAddr struct {
 // field, if explicit in the source.
 //
 // Example printed form:
-// 	t1 = t0.name [#1]
+// 	t2 = FieldAddr <int> [0] (X) t1
 //
 type Field struct {
 	register
@@ -837,7 +881,7 @@ type Field struct {
 // The IndexAddr instruction yields the address of the element at
 // index Index of collection X.  Index is an integer expression.
 //
-// The elements of maps and strings are not addressable; use Lookup or
+// The elements of maps and strings are not addressable; use StringLookup, MapLookup or
 // MapUpdate instead.
 //
 // Dynamically, this instruction panics if X evaluates to a nil *array
@@ -849,7 +893,7 @@ type Field struct {
 // explicit in the source.
 //
 // Example printed form:
-// 	t2 = &t0[t1]
+// 	t3 = IndexAddr <*int> t2 t1
 //
 type IndexAddr struct {
 	register
@@ -863,7 +907,7 @@ type IndexAddr struct {
 // explicit in the source.
 //
 // Example printed form:
-// 	t2 = t0[t1]
+// 	t3 = Index <int> t2 t1
 //
 type Index struct {
 	register
@@ -871,9 +915,7 @@ type Index struct {
 	Index Value // integer index
 }
 
-// The Lookup instruction yields element Index of collection X, a map
-// or string.  Index is an integer expression if X is a string or the
-// appropriate key type if X is a map.
+// The MapLookup instruction yields element Index of collection X, a map.
 //
 // If CommaOk, the result is a 2-tuple of the value above and a
 // boolean indicating the result of a map membership test for the key.
@@ -882,16 +924,30 @@ type Index struct {
 // Pos() returns the ast.IndexExpr.Lbrack, if explicit in the source.
 //
 // Example printed form:
-// 	t2 = t0[t1]
-// 	t5 = t3[t4],ok
+// 	t4 = MapLookup <string> t3 t1
+// 	t6 = MapLookup <(string, bool)> t3 t2
 //
-type Lookup struct {
+type MapLookup struct {
 	register
-	X       Value // string or map
-	Index   Value // numeric or key-typed index
+	X       Value // map
+	Index   Value // key-typed index
 	CommaOk bool  // return a value,ok pair
 }
 
+// The StringLookup instruction yields element Index of collection X, a string.
+// Index is an integer expression.
+//
+// Pos() returns the ast.IndexExpr.Lbrack, if explicit in the source.
+//
+// Example printed form:
+// 	t3 = StringLookup <uint8> t2 t1
+//
+type StringLookup struct {
+	register
+	X     Value // string
+	Index Value // numeric index
+}
+
 // SelectState is a helper for Select.
 // It represents one goal state and its corresponding communication.
 //
@@ -906,10 +962,10 @@ type SelectState struct {
 // The Select instruction tests whether (or blocks until) one
 // of the specified sent or received states is entered.
 //
-// Let n be the number of States for which Dir==RECV and T_i (0<=i<n)
+// Let n be the number of States for which Dir==RECV and Tᵢ (0 ≤ i < n)
 // be the element type of each such state's Chan.
 // Select returns an n+2-tuple
-//    (index int, recvOk bool, r_0 T_0, ... r_n-1 T_n-1)
+//    (index int, recvOk bool, r₀ T₀, ... rₙ-1 Tₙ-1)
 // The tuple's components, described below, must be accessed via the
 // Extract instruction.
 //
@@ -922,9 +978,9 @@ type SelectState struct {
 // If !Blocking, select doesn't block if no states hold; instead it
 // returns immediately with index equal to -1.
 //
-// If the chosen channel was used for a receive, the r_i component is
+// If the chosen channel was used for a receive, the rᵢ component is
 // set to the received value, where i is the index of that state among
-// all n receive states; otherwise r_i has the zero value of type T_i.
+// all n receive states; otherwise rᵢ has the zero value of type Tᵢ.
 // Note that the receive index i is not the same as the state
 // index index.
 //
@@ -935,8 +991,8 @@ type SelectState struct {
 // Pos() returns the ast.SelectStmt.Select.
 //
 // Example printed form:
-// 	t3 = select nonblocking [<-t0, t1<-t2]
-// 	t4 = select blocking []
+// 	t6 = SelectNonBlocking <(index int, ok bool, int)> [<-t4, t5<-t1]
+// 	t11 = SelectBlocking <(index int, ok bool)> []
 //
 type Select struct {
 	register
@@ -954,7 +1010,7 @@ type Select struct {
 // Pos() returns the ast.RangeStmt.For.
 //
 // Example printed form:
-// 	t0 = range "hello":string
+// 	t2 = Range <iter> t1
 //
 type Range struct {
 	register
@@ -977,7 +1033,8 @@ type Range struct {
 // The types of k and/or v may be types.Invalid.
 //
 // Example printed form:
-// 	t1 = next t0
+// 	t5 = Next <(ok bool, k int, v rune)> t2
+// 	t5 = Next <(ok bool, k invalid type, v invalid type)> t2
 //
 type Next struct {
 	register
@@ -1017,8 +1074,8 @@ type Next struct {
 // type-switch statement.
 //
 // Example printed form:
-// 	t1 = typeassert t0.(int)
-// 	t3 = typeassert,ok t2.(T)
+// 	t2 = TypeAssert <int> t1
+// 	t4 = TypeAssert <(value fmt.Stringer, ok bool)> t1
 //
 type TypeAssert struct {
 	register
@@ -1030,11 +1087,11 @@ type TypeAssert struct {
 // The Extract instruction yields component Index of Tuple.
 //
 // This is used to access the results of instructions with multiple
-// return values, such as Call, TypeAssert, Next, UnOp(ARROW) and
-// IndexExpr(Map).
+// return values, such as Call, TypeAssert, Next, Recv,
+// MapLookup and others.
 //
 // Example printed form:
-// 	t1 = extract t0 #1
+// 	t7 = Extract <bool> [1] (ok) t4
 //
 type Extract struct {
 	register
@@ -1052,10 +1109,28 @@ type Extract struct {
 // Pos() returns NoPos.
 //
 // Example printed form:
-// 	jump done
+// 	Jump → b1
 //
 type Jump struct {
 	anInstruction
+	Comment string
+}
+
+// The Unreachable pseudo-instruction signals that execution cannot
+// continue after the preceding function call because it terminates
+// the process.
+//
+// The instruction acts as a control instruction, jumping to the exit
+// block. However, this jump will never execute.
+//
+// An Unreachable instruction must be the last instruction of its
+// containing BasicBlock.
+//
+// Example printed form:
+// 	Unreachable → b1
+//
+type Unreachable struct {
+	anInstruction
 }
 
 // The If instruction transfers control to one of the two successors
@@ -1065,16 +1140,30 @@ type Jump struct {
 // An If instruction must be the last instruction of its containing
 // BasicBlock.
 //
-// Pos() returns NoPos.
+// Pos() returns the *ast.IfStmt, if explicit in the source.
 //
 // Example printed form:
-// 	if t0 goto done else body
+// 	If t2 → b1 b2
 //
 type If struct {
 	anInstruction
 	Cond Value
 }
 
+type ConstantSwitch struct {
+	anInstruction
+	Tag Value
+	// Constant branch conditions. A nil Value denotes the (implicit
+	// or explicit) default branch.
+	Conds []Value
+}
+
+type TypeSwitch struct {
+	register
+	Tag   Value
+	Conds []types.Type
+}
+
 // The Return instruction returns values and control back to the calling
 // function.
 //
@@ -1085,7 +1174,7 @@ type If struct {
 // components which the caller must access using Extract instructions.
 //
 // There is no instruction to return a ready-made tuple like those
-// returned by a "value,ok"-mode TypeAssert, Lookup or UnOp(ARROW) or
+// returned by a "value,ok"-mode TypeAssert, MapLookup or Recv or
 // a tail-call to a function with multiple result parameters.
 //
 // Return must be the last instruction of its containing BasicBlock.
@@ -1094,13 +1183,12 @@ type If struct {
 // Pos() returns the ast.ReturnStmt.Return, if explicit in the source.
 //
 // Example printed form:
-// 	return
-// 	return nil:I, 2:int
+// 	Return
+// 	Return t1 t2
 //
 type Return struct {
 	anInstruction
 	Results []Value
-	pos     token.Pos
 }
 
 // The RunDefers instruction pops and invokes the entire stack of
@@ -1113,7 +1201,7 @@ type Return struct {
 // Pos() returns NoPos.
 //
 // Example printed form:
-//	rundefers
+// 	RunDefers
 //
 type RunDefers struct {
 	anInstruction
@@ -1122,7 +1210,7 @@ type RunDefers struct {
 // The Panic instruction initiates a panic with value X.
 //
 // A Panic instruction must be the last instruction of its containing
-// BasicBlock, which must have no successors.
+// BasicBlock, which must have one successor, the exit block.
 //
 // NB: 'go panic(x)' and 'defer panic(x)' do not use this instruction;
 // they are treated as calls to a built-in function.
@@ -1131,12 +1219,11 @@ type RunDefers struct {
 // in the source.
 //
 // Example printed form:
-// 	panic t0
+// 	Panic t1
 //
 type Panic struct {
 	anInstruction
-	X   Value // an interface{}
-	pos token.Pos
+	X Value // an interface{}
 }
 
 // The Go instruction creates a new goroutine and calls the specified
@@ -1147,14 +1234,13 @@ type Panic struct {
 // Pos() returns the ast.GoStmt.Go.
 //
 // Example printed form:
-// 	go println(t0, t1)
-// 	go t3()
-// 	go invoke t5.Println(...t6)
+// 	Go println t1
+// 	Go t3
+// 	GoInvoke t4.Bar t2
 //
 type Go struct {
 	anInstruction
 	Call CallCommon
-	pos  token.Pos
 }
 
 // The Defer instruction pushes the specified call onto a stack of
@@ -1165,14 +1251,13 @@ type Go struct {
 // Pos() returns the ast.DeferStmt.Defer.
 //
 // Example printed form:
-// 	defer println(t0, t1)
-// 	defer t3()
-// 	defer invoke t5.Println(...t6)
+// 	Defer println t1
+// 	Defer t3
+// 	DeferInvoke t4.Bar t2
 //
 type Defer struct {
 	anInstruction
 	Call CallCommon
-	pos  token.Pos
 }
 
 // The Send instruction sends X on channel Chan.
@@ -1180,12 +1265,30 @@ type Defer struct {
 // Pos() returns the ast.SendStmt.Arrow, if explicit in the source.
 //
 // Example printed form:
-// 	send t0 <- t1
+// 	Send t2 t1
 //
 type Send struct {
 	anInstruction
 	Chan, X Value
-	pos     token.Pos
+}
+
+// The Recv instruction receives from channel Chan.
+//
+// If CommaOk, the result is a 2-tuple of the value above
+// and a boolean indicating the success of the receive.  The
+// components of the tuple are accessed using Extract.
+//
+// Pos() returns the ast.UnaryExpr.OpPos, if explicit in the source.
+// For receive operations implicit in ranging over a channel,
+// Pos() returns the ast.RangeStmt.For.
+//
+// Example printed form:
+// 	t2 = Recv <int> t1
+// 	t3 = Recv <(int, bool)> t1
+type Recv struct {
+	register
+	Chan    Value
+	CommaOk bool
 }
 
 // The Store instruction stores Val at address Addr.
@@ -1197,13 +1300,12 @@ type Send struct {
 // implementation choices, the details are not specified.
 //
 // Example printed form:
-// 	*x = y
+// 	Store {int} t2 t1
 //
 type Store struct {
 	anInstruction
 	Addr Value
 	Val  Value
-	pos  token.Pos
 }
 
 // The BlankStore instruction is emitted for assignments to the blank
@@ -1214,7 +1316,7 @@ type Store struct {
 // Pos() returns NoPos.
 //
 // Example printed form:
-//	_ = t0
+// 	BlankStore t1
 //
 type BlankStore struct {
 	anInstruction
@@ -1228,18 +1330,17 @@ type BlankStore struct {
 // if explicit in the source.
 //
 // Example printed form:
-//	t0[t1] = t2
+// 	MapUpdate t3 t1 t2
 //
 type MapUpdate struct {
 	anInstruction
 	Map   Value
 	Key   Value
 	Value Value
-	pos   token.Pos
 }
 
 // A DebugRef instruction maps a source-level expression Expr to the
-// SSA value X that represents the value (!IsAddr) or address (IsAddr)
+// IR value X that represents the value (!IsAddr) or address (IsAddr)
 // of that expression.
 //
 // DebugRef is a pseudo-instruction: it has no dynamic effect.
@@ -1249,11 +1350,6 @@ type MapUpdate struct {
 // documented at Value.Pos(). e.g. CallExpr.Pos() does not return the
 // position of the ("designated") Lparen token.
 //
-// If Expr is an *ast.Ident denoting a var or func, Object() returns
-// the object; though this information can be obtained from the type
-// checker, including it here greatly facilitates debugging.
-// For non-Ident expressions, Object() returns nil.
-//
 // DebugRefs are generated only for functions built with debugging
 // enabled; see Package.SetDebugMode() and the GlobalDebug builder
 // mode flag.
@@ -1281,30 +1377,42 @@ type DebugRef struct {
 
 // Embeddable mix-ins and helpers for common parts of other structs. -----------
 
-// register is a mix-in embedded by all SSA values that are also
+// register is a mix-in embedded by all IR values that are also
 // instructions, i.e. virtual registers, and provides a uniform
 // implementation of most of the Value interface: Value.Name() is a
 // numbered register (e.g. "t0"); the other methods are field accessors.
 //
 // Temporary names are automatically assigned to each register on
-// completion of building a function in SSA form.
-//
-// Clients must not assume that the 'id' value (and the Name() derived
-// from it) is unique within a function.  As always in this API,
-// semantics are determined only by identity; names exist only to
-// facilitate debugging.
+// completion of building a function in IR form.
 //
 type register struct {
 	anInstruction
-	num       int        // "name" of virtual register, e.g. "t0".  Not guaranteed unique.
 	typ       types.Type // type of virtual register
-	pos       token.Pos  // position of source expression, or NoPos
 	referrers []Instruction
 }
 
+type node struct {
+	source ast.Node
+	id     ID
+}
+
+func (n *node) setID(id ID) { n.id = id }
+func (n node) ID() ID       { return n.id }
+
+func (n *node) setSource(source ast.Node) { n.source = source }
+func (n *node) Source() ast.Node          { return n.source }
+
+func (n *node) Pos() token.Pos {
+	if n.source != nil {
+		return n.source.Pos()
+	}
+	return token.NoPos
+}
+
 // anInstruction is a mix-in embedded by all Instructions.
 // It provides the implementations of the Block and setBlock methods.
 type anInstruction struct {
+	node
 	block *BasicBlock // the basic block of this instruction
 }
 
@@ -1336,9 +1444,9 @@ type anInstruction struct {
 // Args[0] contains the receiver parameter.
 //
 // Example printed form:
-// 	t2 = println(t0, t1)
-// 	go t3()
-//	defer t5(...t6)
+// 	t3 = Call <()> println t1 t2
+// 	Go t3
+// 	Defer t3
 //
 // 2. "invoke" mode: when Method is non-nil (IsInvoke), a CallCommon
 // represents a dynamically dispatched call to an interface method.
@@ -1352,18 +1460,18 @@ type anInstruction struct {
 // receiver but the first true argument.
 //
 // Example printed form:
-// 	t1 = invoke t0.String()
-// 	go invoke t3.Run(t2)
-// 	defer invoke t4.Handle(...t5)
+// 	t6 = Invoke <string> t5.String
+// 	GoInvoke t4.Bar t2
+// 	DeferInvoke t4.Bar t2
 //
 // For all calls to variadic functions (Signature().Variadic()),
 // the last element of Args is a slice.
 //
 type CallCommon struct {
-	Value  Value       // receiver (invoke mode) or func value (call mode)
-	Method *types.Func // abstract method (invoke mode)
-	Args   []Value     // actual parameters (in static method call, includes receiver)
-	pos    token.Pos   // position of CallExpr.Lparen, iff explicit in source
+	Value   Value       // receiver (invoke mode) or func value (call mode)
+	Method  *types.Func // abstract method (invoke mode)
+	Args    []Value     // actual parameters (in static method call, includes receiver)
+	Results Value
 }
 
 // IsInvoke returns true if this call has "invoke" (not "call") mode.
@@ -1371,8 +1479,6 @@ func (c *CallCommon) IsInvoke() bool {
 	return c.Method != nil
 }
 
-func (c *CallCommon) Pos() token.Pos { return c.pos }
-
 // Signature returns the signature of the called function.
 //
 // For an "invoke"-mode call, the signature of the interface method is
@@ -1427,7 +1533,7 @@ func (c *CallCommon) Description() string {
 type CallInstruction interface {
 	Instruction
 	Common() *CallCommon // returns the common parts of the call
-	Value() *Call        // returns the result value of the call (*Call) or nil (*Go, *Defer)
+	Value() *Call
 }
 
 func (s *Call) Common() *CallCommon  { return &s.Call }
@@ -1448,13 +1554,11 @@ func (v *Builtin) Parent() *Function       { return nil }
 func (v *FreeVar) Type() types.Type          { return v.typ }
 func (v *FreeVar) Name() string              { return v.name }
 func (v *FreeVar) Referrers() *[]Instruction { return &v.referrers }
-func (v *FreeVar) Pos() token.Pos            { return v.pos }
 func (v *FreeVar) Parent() *Function         { return v.parent }
 
 func (v *Global) Type() types.Type                     { return v.typ }
 func (v *Global) Name() string                         { return v.name }
 func (v *Global) Parent() *Function                    { return nil }
-func (v *Global) Pos() token.Pos                       { return v.pos }
 func (v *Global) Referrers() *[]Instruction            { return nil }
 func (v *Global) Token() token.Token                   { return token.VAR }
 func (v *Global) Object() types.Object                 { return v.object }
@@ -1464,7 +1568,6 @@ func (v *Global) RelString(from *types.Package) string { return relString(v, fro
 
 func (v *Function) Name() string         { return v.name }
 func (v *Function) Type() types.Type     { return v.Signature }
-func (v *Function) Pos() token.Pos       { return v.pos }
 func (v *Function) Token() token.Token   { return token.FUNC }
 func (v *Function) Object() types.Object { return v.object }
 func (v *Function) String() string       { return v.RelString(nil) }
@@ -1477,24 +1580,15 @@ func (v *Function) Referrers() *[]Instruction {
 	return nil
 }
 
-func (v *Parameter) Type() types.Type          { return v.typ }
-func (v *Parameter) Name() string              { return v.name }
-func (v *Parameter) Object() types.Object      { return v.object }
-func (v *Parameter) Referrers() *[]Instruction { return &v.referrers }
-func (v *Parameter) Pos() token.Pos            { return v.pos }
-func (v *Parameter) Parent() *Function         { return v.parent }
+func (v *Parameter) Object() types.Object { return v.object }
 
 func (v *Alloc) Type() types.Type          { return v.typ }
 func (v *Alloc) Referrers() *[]Instruction { return &v.referrers }
-func (v *Alloc) Pos() token.Pos            { return v.pos }
 
 func (v *register) Type() types.Type          { return v.typ }
 func (v *register) setType(typ types.Type)    { v.typ = typ }
-func (v *register) Name() string              { return fmt.Sprintf("t%d", v.num) }
-func (v *register) setNum(num int)            { v.num = num }
+func (v *register) Name() string              { return fmt.Sprintf("t%d", v.id) }
 func (v *register) Referrers() *[]Instruction { return &v.referrers }
-func (v *register) Pos() token.Pos            { return v.pos }
-func (v *register) setPos(pos token.Pos)      { v.pos = pos }
 
 func (v *anInstruction) Parent() *Function          { return v.block.parent }
 func (v *anInstruction) Block() *BasicBlock         { return v.block }
@@ -1551,19 +1645,7 @@ func (p *Package) Type(name string) (t *Type) {
 	return
 }
 
-func (v *Call) Pos() token.Pos       { return v.Call.pos }
-func (s *Defer) Pos() token.Pos      { return s.pos }
-func (s *Go) Pos() token.Pos         { return s.pos }
-func (s *MapUpdate) Pos() token.Pos  { return s.pos }
-func (s *Panic) Pos() token.Pos      { return s.pos }
-func (s *Return) Pos() token.Pos     { return s.pos }
-func (s *Send) Pos() token.Pos       { return s.pos }
-func (s *Store) Pos() token.Pos      { return s.pos }
-func (s *BlankStore) Pos() token.Pos { return token.NoPos }
-func (s *If) Pos() token.Pos         { return token.NoPos }
-func (s *Jump) Pos() token.Pos       { return token.NoPos }
-func (s *RunDefers) Pos() token.Pos  { return token.NoPos }
-func (s *DebugRef) Pos() token.Pos   { return s.Expr.Pos() }
+func (s *DebugRef) Pos() token.Pos { return s.Expr.Pos() }
 
 // Operands.
 
@@ -1627,6 +1709,19 @@ func (s *If) Operands(rands []*Value) []*Value {
 	return append(rands, &s.Cond)
 }
 
+func (s *ConstantSwitch) Operands(rands []*Value) []*Value {
+	rands = append(rands, &s.Tag)
+	for i := range s.Conds {
+		rands = append(rands, &s.Conds[i])
+	}
+	return rands
+}
+
+func (s *TypeSwitch) Operands(rands []*Value) []*Value {
+	rands = append(rands, &s.Tag)
+	return rands
+}
+
 func (v *Index) Operands(rands []*Value) []*Value {
 	return append(rands, &v.X, &v.Index)
 }
@@ -1639,7 +1734,15 @@ func (*Jump) Operands(rands []*Value) []*Value {
 	return rands
 }
 
-func (v *Lookup) Operands(rands []*Value) []*Value {
+func (*Unreachable) Operands(rands []*Value) []*Value {
+	return rands
+}
+
+func (v *MapLookup) Operands(rands []*Value) []*Value {
+	return append(rands, &v.X, &v.Index)
+}
+
+func (v *StringLookup) Operands(rands []*Value) []*Value {
 	return append(rands, &v.X, &v.Index)
 }
 
@@ -1716,6 +1819,10 @@ func (s *Send) Operands(rands []*Value) []*Value {
 	return append(rands, &s.Chan, &s.X)
 }
 
+func (recv *Recv) Operands(rands []*Value) []*Value {
+	return append(rands, &recv.Chan)
+}
+
 func (v *Slice) Operands(rands []*Value) []*Value {
 	return append(rands, &v.X, &v.Low, &v.High, &v.Max)
 }
@@ -1736,6 +1843,10 @@ func (v *UnOp) Operands(rands []*Value) []*Value {
 	return append(rands, &v.X)
 }
 
+func (v *Load) Operands(rands []*Value) []*Value {
+	return append(rands, &v.X)
+}
+
 // Non-Instruction Values:
 func (v *Builtin) Operands(rands []*Value) []*Value   { return rands }
 func (v *FreeVar) Operands(rands []*Value) []*Value   { return rands }
diff --git a/vendor/honnef.co/go/tools/ssa/staticcheck.conf b/vendor/honnef.co/go/tools/ir/staticcheck.conf
similarity index 100%
rename from vendor/honnef.co/go/tools/ssa/staticcheck.conf
rename to vendor/honnef.co/go/tools/ir/staticcheck.conf
diff --git a/vendor/honnef.co/go/tools/ssa/util.go b/vendor/honnef.co/go/tools/ir/util.go
similarity index 76%
rename from vendor/honnef.co/go/tools/ssa/util.go
rename to vendor/honnef.co/go/tools/ir/util.go
index ddb11846..df0f8bf9 100644
--- a/vendor/honnef.co/go/tools/ssa/util.go
+++ b/vendor/honnef.co/go/tools/ir/util.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ssa
+package ir
 
 // This file defines a number of miscellaneous utility functions.
 
@@ -52,36 +52,6 @@ func recvType(obj *types.Func) types.Type {
 	return obj.Type().(*types.Signature).Recv().Type()
 }
 
-// DefaultType returns the default "typed" type for an "untyped" type;
-// it returns the incoming type for all other types.  The default type
-// for untyped nil is untyped nil.
-//
-// Exported to ssa/interp.
-//
-// TODO(adonovan): use go/types.DefaultType after 1.8.
-//
-func DefaultType(typ types.Type) types.Type {
-	if t, ok := typ.(*types.Basic); ok {
-		k := t.Kind()
-		switch k {
-		case types.UntypedBool:
-			k = types.Bool
-		case types.UntypedInt:
-			k = types.Int
-		case types.UntypedRune:
-			k = types.Rune
-		case types.UntypedFloat:
-			k = types.Float64
-		case types.UntypedComplex:
-			k = types.Complex128
-		case types.UntypedString:
-			k = types.String
-		}
-		typ = types.Typ[k]
-	}
-	return typ
-}
-
 // logStack prints the formatted "start" message to stderr and
 // returns a closure that prints the corresponding "end" message.
 // Call using 'defer logStack(...)()' to show builder stack on panic.
diff --git a/vendor/honnef.co/go/tools/ssa/wrappers.go b/vendor/honnef.co/go/tools/ir/wrappers.go
similarity index 89%
rename from vendor/honnef.co/go/tools/ssa/wrappers.go
rename to vendor/honnef.co/go/tools/ir/wrappers.go
index a4ae71d8..7dd33474 100644
--- a/vendor/honnef.co/go/tools/ssa/wrappers.go
+++ b/vendor/honnef.co/go/tools/ir/wrappers.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 
-package ssa
+package ir
 
 // This file defines synthesis of Functions that delegate to declared
 // methods; they come in three kinds:
@@ -65,41 +65,42 @@ func makeWrapper(prog *Program, sel *types.Selection) *Function {
 		defer logStack("make %s to (%s)", description, recv.Type())()
 	}
 	fn := &Function{
-		name:      name,
-		method:    sel,
-		object:    obj,
-		Signature: sig,
-		Synthetic: description,
-		Prog:      prog,
-		pos:       obj.Pos(),
+		name:         name,
+		method:       sel,
+		object:       obj,
+		Signature:    sig,
+		Synthetic:    description,
+		Prog:         prog,
+		functionBody: new(functionBody),
 	}
+	fn.initHTML(prog.PrintFunc)
 	fn.startBody()
-	fn.addSpilledParam(recv)
+	fn.addSpilledParam(recv, nil)
 	createParams(fn, start)
 
 	indices := sel.Index()
 
 	var v Value = fn.Locals[0] // spilled receiver
 	if isPointer(sel.Recv()) {
-		v = emitLoad(fn, v)
+		v = emitLoad(fn, v, nil)
 
 		// For simple indirection wrappers, perform an informative nil-check:
 		// "value method (T).f called using nil *T pointer"
 		if len(indices) == 1 && !isPointer(recvType(obj)) {
 			var c Call
 			c.Call.Value = &Builtin{
-				name: "ssa:wrapnilchk",
+				name: "ir:wrapnilchk",
 				sig: types.NewSignature(nil,
 					types.NewTuple(anonVar(sel.Recv()), anonVar(tString), anonVar(tString)),
 					types.NewTuple(anonVar(sel.Recv())), false),
 			}
 			c.Call.Args = []Value{
 				v,
-				stringConst(deref(sel.Recv()).String()),
-				stringConst(sel.Obj().Name()),
+				emitConst(fn, stringConst(deref(sel.Recv()).String())),
+				emitConst(fn, stringConst(sel.Obj().Name())),
 			}
 			c.setType(v.Type())
-			v = fn.emit(&c)
+			v = fn.emit(&c, nil)
 		}
 	}
 
@@ -111,7 +112,7 @@ func makeWrapper(prog *Program, sel *types.Selection) *Function {
 	// Load) in preference to value extraction (Field possibly
 	// preceded by Load).
 
-	v = emitImplicitSelections(fn, v, indices[:len(indices)-1])
+	v = emitImplicitSelections(fn, v, indices[:len(indices)-1], nil)
 
 	// Invariant: v is a pointer, either
 	//   value of implicit *C field, or
@@ -120,18 +121,18 @@ func makeWrapper(prog *Program, sel *types.Selection) *Function {
 	var c Call
 	if r := recvType(obj); !isInterface(r) { // concrete method
 		if !isPointer(r) {
-			v = emitLoad(fn, v)
+			v = emitLoad(fn, v, nil)
 		}
 		c.Call.Value = prog.declaredFunc(obj)
 		c.Call.Args = append(c.Call.Args, v)
 	} else {
 		c.Call.Method = obj
-		c.Call.Value = emitLoad(fn, v)
+		c.Call.Value = emitLoad(fn, v, nil)
 	}
 	for _, arg := range fn.Params[1:] {
 		c.Call.Args = append(c.Call.Args, arg)
 	}
-	emitTailCall(fn, &c)
+	emitTailCall(fn, &c, nil)
 	fn.finishBody()
 	return fn
 }
@@ -143,7 +144,7 @@ func makeWrapper(prog *Program, sel *types.Selection) *Function {
 func createParams(fn *Function, start int) {
 	tparams := fn.Signature.Params()
 	for i, n := start, tparams.Len(); i < n; i++ {
-		fn.addParamObj(tparams.At(i))
+		fn.addParamObj(tparams.At(i), nil)
 	}
 }
 
@@ -184,13 +185,14 @@ func makeBound(prog *Program, obj *types.Func) *Function {
 			defer logStack("%s", description)()
 		}
 		fn = &Function{
-			name:      obj.Name() + "$bound",
-			object:    obj,
-			Signature: changeRecv(obj.Type().(*types.Signature), nil), // drop receiver
-			Synthetic: description,
-			Prog:      prog,
-			pos:       obj.Pos(),
+			name:         obj.Name() + "$bound",
+			object:       obj,
+			Signature:    changeRecv(obj.Type().(*types.Signature), nil), // drop receiver
+			Synthetic:    description,
+			Prog:         prog,
+			functionBody: new(functionBody),
 		}
+		fn.initHTML(prog.PrintFunc)
 
 		fv := &FreeVar{name: "recv", typ: recvType(obj), parent: fn}
 		fn.FreeVars = []*FreeVar{fv}
@@ -208,7 +210,7 @@ func makeBound(prog *Program, obj *types.Func) *Function {
 		for _, arg := range fn.Params {
 			c.Call.Args = append(c.Call.Args, arg)
 		}
-		emitTailCall(fn, &c)
+		emitTailCall(fn, &c, nil)
 		fn.finishBody()
 
 		prog.bounds[obj] = fn
diff --git a/vendor/honnef.co/go/tools/ir/write.go b/vendor/honnef.co/go/tools/ir/write.go
new file mode 100644
index 00000000..b936bc98
--- /dev/null
+++ b/vendor/honnef.co/go/tools/ir/write.go
@@ -0,0 +1,5 @@
+package ir
+
+func NewJump(parent *BasicBlock) *Jump {
+	return &Jump{anInstruction{block: parent}, ""}
+}
diff --git a/vendor/honnef.co/go/tools/lint/lint.go b/vendor/honnef.co/go/tools/lint/lint.go
index de5a8f12..1a70e0c2 100644
--- a/vendor/honnef.co/go/tools/lint/lint.go
+++ b/vendor/honnef.co/go/tools/lint/lint.go
@@ -3,6 +3,7 @@ package lint // import "honnef.co/go/tools/lint"
 
 import (
 	"bytes"
+	"encoding/gob"
 	"fmt"
 	"go/scanner"
 	"go/token"
@@ -17,6 +18,7 @@ import (
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/packages"
 	"honnef.co/go/tools/config"
+	"honnef.co/go/tools/internal/cache"
 )
 
 type Documentation struct {
@@ -62,7 +64,7 @@ type LineIgnore struct {
 	Line    int
 	Checks  []string
 	Matched bool
-	Pos     token.Pos
+	Pos     token.Position
 }
 
 func (li *LineIgnore) Match(p Problem) bool {
@@ -119,6 +121,21 @@ type Problem struct {
 	Message  string
 	Check    string
 	Severity Severity
+	Related  []Related
+}
+
+type Related struct {
+	Pos     token.Position
+	End     token.Position
+	Message string
+}
+
+func (p Problem) Equal(o Problem) bool {
+	return p.Pos == o.Pos &&
+		p.End == o.End &&
+		p.Message == o.Message &&
+		p.Check == o.Check &&
+		p.Severity == o.Severity
 }
 
 func (p *Problem) String() string {
@@ -132,6 +149,7 @@ type Linter struct {
 	GoVersion          int
 	Config             config.Config
 	Stats              Stats
+	RepeatAnalyzers    uint
 }
 
 type CumulativeChecker interface {
@@ -184,6 +202,7 @@ func (l *Linter) Lint(cfg *packages.Config, patterns []string) ([]Problem, error
 		return nil, err
 	}
 	r.goVersion = l.GoVersion
+	r.repeatAnalyzers = l.RepeatAnalyzers
 
 	pkgs, err := r.Run(cfg, patterns, allowedAnalyzers, hasCumulative)
 	if err != nil {
@@ -264,10 +283,12 @@ func (l *Linter) Lint(cfg *packages.Config, patterns []string) ([]Problem, error
 	}
 
 	atomic.StoreUint32(&r.stats.State, StateCumulative)
-	var problems []Problem
 	for _, cum := range l.CumulativeCheckers {
 		for _, res := range cum.Result() {
 			pkg := tpkgToPkg[res.Pkg()]
+			if pkg == nil {
+				panic(fmt.Sprintf("analyzer %s flagged object %s in package %s, a package that we aren't tracking", cum.Analyzer(), res, res.Pkg()))
+			}
 			allowedChecks := FilterChecks(allowedAnalyzers, pkg.cfg.Merge(l.Config).Checks)
 			if allowedChecks[cum.Analyzer().Name] {
 				pos := DisplayPosition(pkg.Fset, res.Pos())
@@ -278,21 +299,51 @@ func (l *Linter) Lint(cfg *packages.Config, patterns []string) ([]Problem, error
 					continue
 				}
 				p := cum.ProblemObject(pkg.Fset, res)
-				problems = append(problems, p)
+				pkg.problems = append(pkg.problems, p)
 			}
 		}
 	}
 
+	for _, pkg := range pkgs {
+		if !pkg.fromSource {
+			// Don't cache packages that we loaded from the cache
+			continue
+		}
+		cpkg := cachedPackage{
+			Problems: pkg.problems,
+			Ignores:  pkg.ignores,
+			Config:   pkg.cfg,
+		}
+		buf := &bytes.Buffer{}
+		if err := gob.NewEncoder(buf).Encode(cpkg); err != nil {
+			return nil, err
+		}
+		id := cache.Subkey(pkg.actionID, "data "+r.problemsCacheKey)
+		if err := r.cache.PutBytes(id, buf.Bytes()); err != nil {
+			return nil, err
+		}
+	}
+
+	var problems []Problem
+	// Deduplicate line ignores. When U1000 processes a package and
+	// its test variant, it will only emit a single problem for an
+	// unused object, not two problems. We will, however, have two
+	// line ignores, one per package. Without deduplication, one line
+	// ignore will be marked as matched, while the other one won't,
+	// subsequently reporting a "this linter directive didn't match
+	// anything" error.
+	ignores := map[token.Position]Ignore{}
 	for _, pkg := range pkgs {
 		for _, ig := range pkg.ignores {
-			for i := range pkg.problems {
-				p := &pkg.problems[i]
-				if ig.Match(*p) {
-					p.Severity = Ignored
+			if lig, ok := ig.(*LineIgnore); ok {
+				ig = ignores[lig.Pos]
+				if ig == nil {
+					ignores[lig.Pos] = lig
+					ig = lig
 				}
 			}
-			for i := range problems {
-				p := &problems[i]
+			for i := range pkg.problems {
+				p := &pkg.problems[i]
 				if ig.Match(*p) {
 					p.Severity = Ignored
 				}
@@ -318,6 +369,7 @@ func (l *Linter) Lint(cfg *packages.Config, patterns []string) ([]Problem, error
 			if !ok {
 				continue
 			}
+			ig = ignores[ig.Pos].(*LineIgnore)
 			if ig.Matched {
 				continue
 			}
@@ -338,7 +390,7 @@ func (l *Linter) Lint(cfg *packages.Config, patterns []string) ([]Problem, error
 				continue
 			}
 			p := Problem{
-				Pos:     DisplayPosition(pkg.Fset, ig.Pos),
+				Pos:     ig.Pos,
 				Message: "this linter directive didn't match anything; should it be removed?",
 				Check:   "",
 			}
@@ -372,7 +424,7 @@ func (l *Linter) Lint(cfg *packages.Config, patterns []string) ([]Problem, error
 	for i, p := range problems[1:] {
 		// We may encounter duplicate problems because one file
 		// can be part of many packages.
-		if problems[i] != p {
+		if !problems[i].Equal(p) {
 			out = append(out, p)
 		}
 	}
@@ -422,10 +474,6 @@ func FilterChecks(allChecks []*analysis.Analyzer, checks []string) map[string]bo
 	return allowedChecks
 }
 
-type Positioner interface {
-	Pos() token.Pos
-}
-
 func DisplayPosition(fset *token.FileSet, p token.Pos) token.Position {
 	if p == token.NoPos {
 		return token.Position{}
diff --git a/vendor/honnef.co/go/tools/lint/lintdsl/lintdsl.go b/vendor/honnef.co/go/tools/lint/lintdsl/lintdsl.go
index 3b939e95..4408aff2 100644
--- a/vendor/honnef.co/go/tools/lint/lintdsl/lintdsl.go
+++ b/vendor/honnef.co/go/tools/lint/lintdsl/lintdsl.go
@@ -4,283 +4,14 @@ package lintdsl
 
 import (
 	"bytes"
-	"flag"
 	"fmt"
 	"go/ast"
-	"go/constant"
-	"go/printer"
-	"go/token"
-	"go/types"
-	"strings"
+	"go/format"
 
 	"golang.org/x/tools/go/analysis"
-	"honnef.co/go/tools/facts"
-	"honnef.co/go/tools/lint"
-	"honnef.co/go/tools/ssa"
+	"honnef.co/go/tools/pattern"
 )
 
-type packager interface {
-	Package() *ssa.Package
-}
-
-func CallName(call *ssa.CallCommon) string {
-	if call.IsInvoke() {
-		return ""
-	}
-	switch v := call.Value.(type) {
-	case *ssa.Function:
-		fn, ok := v.Object().(*types.Func)
-		if !ok {
-			return ""
-		}
-		return lint.FuncName(fn)
-	case *ssa.Builtin:
-		return v.Name()
-	}
-	return ""
-}
-
-func IsCallTo(call *ssa.CallCommon, name string) bool { return CallName(call) == name }
-func IsType(T types.Type, name string) bool           { return types.TypeString(T, nil) == name }
-
-func FilterDebug(instr []ssa.Instruction) []ssa.Instruction {
-	var out []ssa.Instruction
-	for _, ins := range instr {
-		if _, ok := ins.(*ssa.DebugRef); !ok {
-			out = append(out, ins)
-		}
-	}
-	return out
-}
-
-func IsExample(fn *ssa.Function) bool {
-	if !strings.HasPrefix(fn.Name(), "Example") {
-		return false
-	}
-	f := fn.Prog.Fset.File(fn.Pos())
-	if f == nil {
-		return false
-	}
-	return strings.HasSuffix(f.Name(), "_test.go")
-}
-
-func IsPointerLike(T types.Type) bool {
-	switch T := T.Underlying().(type) {
-	case *types.Interface, *types.Chan, *types.Map, *types.Signature, *types.Pointer:
-		return true
-	case *types.Basic:
-		return T.Kind() == types.UnsafePointer
-	}
-	return false
-}
-
-func IsIdent(expr ast.Expr, ident string) bool {
-	id, ok := expr.(*ast.Ident)
-	return ok && id.Name == ident
-}
-
-// isBlank returns whether id is the blank identifier "_".
-// If id == nil, the answer is false.
-func IsBlank(id ast.Expr) bool {
-	ident, _ := id.(*ast.Ident)
-	return ident != nil && ident.Name == "_"
-}
-
-func IsIntLiteral(expr ast.Expr, literal string) bool {
-	lit, ok := expr.(*ast.BasicLit)
-	return ok && lit.Kind == token.INT && lit.Value == literal
-}
-
-// Deprecated: use IsIntLiteral instead
-func IsZero(expr ast.Expr) bool {
-	return IsIntLiteral(expr, "0")
-}
-
-func IsOfType(pass *analysis.Pass, expr ast.Expr, name string) bool {
-	return IsType(pass.TypesInfo.TypeOf(expr), name)
-}
-
-func IsInTest(pass *analysis.Pass, node lint.Positioner) bool {
-	// FIXME(dh): this doesn't work for global variables with
-	// initializers
-	f := pass.Fset.File(node.Pos())
-	return f != nil && strings.HasSuffix(f.Name(), "_test.go")
-}
-
-func IsInMain(pass *analysis.Pass, node lint.Positioner) bool {
-	if node, ok := node.(packager); ok {
-		return node.Package().Pkg.Name() == "main"
-	}
-	return pass.Pkg.Name() == "main"
-}
-
-func SelectorName(pass *analysis.Pass, expr *ast.SelectorExpr) string {
-	info := pass.TypesInfo
-	sel := info.Selections[expr]
-	if sel == nil {
-		if x, ok := expr.X.(*ast.Ident); ok {
-			pkg, ok := info.ObjectOf(x).(*types.PkgName)
-			if !ok {
-				// This shouldn't happen
-				return fmt.Sprintf("%s.%s", x.Name, expr.Sel.Name)
-			}
-			return fmt.Sprintf("%s.%s", pkg.Imported().Path(), expr.Sel.Name)
-		}
-		panic(fmt.Sprintf("unsupported selector: %v", expr))
-	}
-	return fmt.Sprintf("(%s).%s", sel.Recv(), sel.Obj().Name())
-}
-
-func IsNil(pass *analysis.Pass, expr ast.Expr) bool {
-	return pass.TypesInfo.Types[expr].IsNil()
-}
-
-func BoolConst(pass *analysis.Pass, expr ast.Expr) bool {
-	val := pass.TypesInfo.ObjectOf(expr.(*ast.Ident)).(*types.Const).Val()
-	return constant.BoolVal(val)
-}
-
-func IsBoolConst(pass *analysis.Pass, expr ast.Expr) bool {
-	// We explicitly don't support typed bools because more often than
-	// not, custom bool types are used as binary enums and the
-	// explicit comparison is desired.
-
-	ident, ok := expr.(*ast.Ident)
-	if !ok {
-		return false
-	}
-	obj := pass.TypesInfo.ObjectOf(ident)
-	c, ok := obj.(*types.Const)
-	if !ok {
-		return false
-	}
-	basic, ok := c.Type().(*types.Basic)
-	if !ok {
-		return false
-	}
-	if basic.Kind() != types.UntypedBool && basic.Kind() != types.Bool {
-		return false
-	}
-	return true
-}
-
-func ExprToInt(pass *analysis.Pass, expr ast.Expr) (int64, bool) {
-	tv := pass.TypesInfo.Types[expr]
-	if tv.Value == nil {
-		return 0, false
-	}
-	if tv.Value.Kind() != constant.Int {
-		return 0, false
-	}
-	return constant.Int64Val(tv.Value)
-}
-
-func ExprToString(pass *analysis.Pass, expr ast.Expr) (string, bool) {
-	val := pass.TypesInfo.Types[expr].Value
-	if val == nil {
-		return "", false
-	}
-	if val.Kind() != constant.String {
-		return "", false
-	}
-	return constant.StringVal(val), true
-}
-
-// Dereference returns a pointer's element type; otherwise it returns
-// T.
-func Dereference(T types.Type) types.Type {
-	if p, ok := T.Underlying().(*types.Pointer); ok {
-		return p.Elem()
-	}
-	return T
-}
-
-// DereferenceR returns a pointer's element type; otherwise it returns
-// T. If the element type is itself a pointer, DereferenceR will be
-// applied recursively.
-func DereferenceR(T types.Type) types.Type {
-	if p, ok := T.Underlying().(*types.Pointer); ok {
-		return DereferenceR(p.Elem())
-	}
-	return T
-}
-
-func IsGoVersion(pass *analysis.Pass, minor int) bool {
-	version := pass.Analyzer.Flags.Lookup("go").Value.(flag.Getter).Get().(int)
-	return version >= minor
-}
-
-func CallNameAST(pass *analysis.Pass, call *ast.CallExpr) string {
-	switch fun := call.Fun.(type) {
-	case *ast.SelectorExpr:
-		fn, ok := pass.TypesInfo.ObjectOf(fun.Sel).(*types.Func)
-		if !ok {
-			return ""
-		}
-		return lint.FuncName(fn)
-	case *ast.Ident:
-		obj := pass.TypesInfo.ObjectOf(fun)
-		switch obj := obj.(type) {
-		case *types.Func:
-			return lint.FuncName(obj)
-		case *types.Builtin:
-			return obj.Name()
-		default:
-			return ""
-		}
-	default:
-		return ""
-	}
-}
-
-func IsCallToAST(pass *analysis.Pass, node ast.Node, name string) bool {
-	call, ok := node.(*ast.CallExpr)
-	if !ok {
-		return false
-	}
-	return CallNameAST(pass, call) == name
-}
-
-func IsCallToAnyAST(pass *analysis.Pass, node ast.Node, names ...string) bool {
-	for _, name := range names {
-		if IsCallToAST(pass, node, name) {
-			return true
-		}
-	}
-	return false
-}
-
-func Render(pass *analysis.Pass, x interface{}) string {
-	var buf bytes.Buffer
-	if err := printer.Fprint(&buf, pass.Fset, x); err != nil {
-		panic(err)
-	}
-	return buf.String()
-}
-
-func RenderArgs(pass *analysis.Pass, args []ast.Expr) string {
-	var ss []string
-	for _, arg := range args {
-		ss = append(ss, Render(pass, arg))
-	}
-	return strings.Join(ss, ", ")
-}
-
-func Preamble(f *ast.File) string {
-	cutoff := f.Package
-	if f.Doc != nil {
-		cutoff = f.Doc.Pos()
-	}
-	var out []string
-	for _, cmt := range f.Comments {
-		if cmt.Pos() >= cutoff {
-			break
-		}
-		out = append(out, cmt.Text())
-	}
-	return strings.Join(out, "\n")
-}
-
 func Inspect(node ast.Node, fn func(node ast.Node) bool) {
 	if node == nil {
 		return
@@ -288,113 +19,40 @@ func Inspect(node ast.Node, fn func(node ast.Node) bool) {
 	ast.Inspect(node, fn)
 }
 
-func GroupSpecs(fset *token.FileSet, specs []ast.Spec) [][]ast.Spec {
-	if len(specs) == 0 {
-		return nil
+func Match(pass *analysis.Pass, q pattern.Pattern, node ast.Node) (*pattern.Matcher, bool) {
+	// Note that we ignore q.Relevant – callers of Match usually use
+	// AST inspectors that already filter on nodes we're interested
+	// in.
+	m := &pattern.Matcher{TypesInfo: pass.TypesInfo}
+	ok := m.Match(q.Root, node)
+	return m, ok
+}
+
+func MatchAndEdit(pass *analysis.Pass, before, after pattern.Pattern, node ast.Node) (*pattern.Matcher, []analysis.TextEdit, bool) {
+	m, ok := Match(pass, before, node)
+	if !ok {
+		return m, nil, false
 	}
-	groups := make([][]ast.Spec, 1)
-	groups[0] = append(groups[0], specs[0])
+	r := pattern.NodeToAST(after.Root, m.State)
+	buf := &bytes.Buffer{}
+	format.Node(buf, pass.Fset, r)
+	edit := []analysis.TextEdit{{
+		Pos:     node.Pos(),
+		End:     node.End(),
+		NewText: buf.Bytes(),
+	}}
+	return m, edit, true
+}
 
-	for _, spec := range specs[1:] {
-		g := groups[len(groups)-1]
-		if fset.PositionFor(spec.Pos(), false).Line-1 !=
-			fset.PositionFor(g[len(g)-1].End(), false).Line {
-
-			groups = append(groups, nil)
-		}
-
-		groups[len(groups)-1] = append(groups[len(groups)-1], spec)
+func Selector(x, sel string) *ast.SelectorExpr {
+	return &ast.SelectorExpr{
+		X:   &ast.Ident{Name: x},
+		Sel: &ast.Ident{Name: sel},
 	}
-
-	return groups
 }
 
-func IsObject(obj types.Object, name string) bool {
-	var path string
-	if pkg := obj.Pkg(); pkg != nil {
-		path = pkg.Path() + "."
-	}
-	return path+obj.Name() == name
-}
-
-type Field struct {
-	Var  *types.Var
-	Tag  string
-	Path []int
-}
-
-// FlattenFields recursively flattens T and embedded structs,
-// returning a list of fields. If multiple fields with the same name
-// exist, all will be returned.
-func FlattenFields(T *types.Struct) []Field {
-	return flattenFields(T, nil, nil)
-}
-
-func flattenFields(T *types.Struct, path []int, seen map[types.Type]bool) []Field {
-	if seen == nil {
-		seen = map[types.Type]bool{}
-	}
-	if seen[T] {
-		return nil
-	}
-	seen[T] = true
-	var out []Field
-	for i := 0; i < T.NumFields(); i++ {
-		field := T.Field(i)
-		tag := T.Tag(i)
-		np := append(path[:len(path):len(path)], i)
-		if field.Anonymous() {
-			if s, ok := Dereference(field.Type()).Underlying().(*types.Struct); ok {
-				out = append(out, flattenFields(s, np, seen)...)
-			}
-		} else {
-			out = append(out, Field{field, tag, np})
-		}
-	}
-	return out
-}
-
-func File(pass *analysis.Pass, node lint.Positioner) *ast.File {
-	pass.Fset.PositionFor(node.Pos(), true)
-	m := pass.ResultOf[facts.TokenFile].(map[*token.File]*ast.File)
-	return m[pass.Fset.File(node.Pos())]
-}
-
-// IsGenerated reports whether pos is in a generated file, It ignores
-// //line directives.
-func IsGenerated(pass *analysis.Pass, pos token.Pos) bool {
-	_, ok := Generator(pass, pos)
-	return ok
-}
-
-// Generator returns the generator that generated the file containing
-// pos. It ignores //line directives.
-func Generator(pass *analysis.Pass, pos token.Pos) (facts.Generator, bool) {
-	file := pass.Fset.PositionFor(pos, false).Filename
-	m := pass.ResultOf[facts.Generated].(map[string]facts.Generator)
-	g, ok := m[file]
-	return g, ok
-}
-
-func ReportfFG(pass *analysis.Pass, pos token.Pos, f string, args ...interface{}) {
-	file := lint.DisplayPosition(pass.Fset, pos).Filename
-	m := pass.ResultOf[facts.Generated].(map[string]facts.Generator)
-	if _, ok := m[file]; ok {
-		return
-	}
-	pass.Reportf(pos, f, args...)
-}
-
-func ReportNodef(pass *analysis.Pass, node ast.Node, format string, args ...interface{}) {
-	msg := fmt.Sprintf(format, args...)
-	pass.Report(analysis.Diagnostic{Pos: node.Pos(), End: node.End(), Message: msg})
-}
-
-func ReportNodefFG(pass *analysis.Pass, node ast.Node, format string, args ...interface{}) {
-	file := lint.DisplayPosition(pass.Fset, node.Pos()).Filename
-	m := pass.ResultOf[facts.Generated].(map[string]facts.Generator)
-	if _, ok := m[file]; ok {
-		return
-	}
-	ReportNodef(pass, node, format, args...)
+// ExhaustiveTypeSwitch panics when called. It can be used to ensure
+// that type switches are exhaustive.
+func ExhaustiveTypeSwitch(v interface{}) {
+	panic(fmt.Sprintf("internal error: unhandled case %T", v))
 }
diff --git a/vendor/honnef.co/go/tools/lint/lintutil/format/format.go b/vendor/honnef.co/go/tools/lint/lintutil/format/format.go
index 9385431f..b28f8885 100644
--- a/vendor/honnef.co/go/tools/lint/lintutil/format/format.go
+++ b/vendor/honnef.co/go/tools/lint/lintutil/format/format.go
@@ -39,7 +39,7 @@ func relativePositionString(pos token.Position) string {
 }
 
 type Statter interface {
-	Stats(total, errors, warnings int)
+	Stats(total, errors, warnings, ignored int)
 }
 
 type Formatter interface {
@@ -51,7 +51,10 @@ type Text struct {
 }
 
 func (o Text) Format(p lint.Problem) {
-	fmt.Fprintf(o.W, "%v: %s\n", relativePositionString(p.Pos), p.String())
+	fmt.Fprintf(o.W, "%s: %s\n", relativePositionString(p.Pos), p.String())
+	for _, r := range p.Related {
+		fmt.Fprintf(o.W, "\t%s: %s\n", relativePositionString(r.Pos), r.Message)
+	}
 }
 
 type JSON struct {
@@ -76,12 +79,18 @@ func (o JSON) Format(p lint.Problem) {
 		Line   int    `json:"line"`
 		Column int    `json:"column"`
 	}
-	jp := struct {
-		Code     string   `json:"code"`
-		Severity string   `json:"severity,omitempty"`
+	type related struct {
 		Location location `json:"location"`
 		End      location `json:"end"`
 		Message  string   `json:"message"`
+	}
+	jp := struct {
+		Code     string    `json:"code"`
+		Severity string    `json:"severity,omitempty"`
+		Location location  `json:"location"`
+		End      location  `json:"end"`
+		Message  string    `json:"message"`
+		Related  []related `json:"related,omitempty"`
 	}{
 		Code:     p.Check,
 		Severity: severity(p.Severity),
@@ -97,6 +106,21 @@ func (o JSON) Format(p lint.Problem) {
 		},
 		Message: p.Message,
 	}
+	for _, r := range p.Related {
+		jp.Related = append(jp.Related, related{
+			Location: location{
+				File:   r.Pos.Filename,
+				Line:   r.Pos.Line,
+				Column: r.Pos.Column,
+			},
+			End: location{
+				File:   r.End.Filename,
+				Line:   r.End.Line,
+				Column: r.End.Column,
+			},
+			Message: r.Message,
+		})
+	}
 	_ = json.NewEncoder(o.W).Encode(jp)
 }
 
@@ -123,13 +147,16 @@ func (o *Stylish) Format(p lint.Problem) {
 		o.tw = tabwriter.NewWriter(o.W, 0, 4, 2, ' ', 0)
 	}
 	fmt.Fprintf(o.tw, "  (%d, %d)\t%s\t%s\n", pos.Line, pos.Column, p.Check, p.Message)
+	for _, r := range p.Related {
+		fmt.Fprintf(o.tw, "    (%d, %d)\t\t  %s\n", r.Pos.Line, r.Pos.Column, r.Message)
+	}
 }
 
-func (o *Stylish) Stats(total, errors, warnings int) {
+func (o *Stylish) Stats(total, errors, warnings, ignored int) {
 	if o.tw != nil {
 		o.tw.Flush()
 		fmt.Fprintln(o.W)
 	}
-	fmt.Fprintf(o.W, " ✖ %d problems (%d errors, %d warnings)\n",
-		total, errors, warnings)
+	fmt.Fprintf(o.W, " ✖ %d problems (%d errors, %d warnings, %d ignored)\n",
+		total, errors, warnings, ignored)
 }
diff --git a/vendor/honnef.co/go/tools/lint/lintutil/util.go b/vendor/honnef.co/go/tools/lint/lintutil/util.go
index fe0279f9..7c3dbdec 100644
--- a/vendor/honnef.co/go/tools/lint/lintutil/util.go
+++ b/vendor/honnef.co/go/tools/lint/lintutil/util.go
@@ -23,7 +23,9 @@ import (
 	"runtime/pprof"
 	"strconv"
 	"strings"
+	"sync"
 	"sync/atomic"
+	"time"
 
 	"honnef.co/go/tools/config"
 	"honnef.co/go/tools/internal/cache"
@@ -114,6 +116,8 @@ func FlagSet(name string) *flag.FlagSet {
 	flags.String("debug.memprofile", "", "Write memory profile to `file`")
 	flags.Bool("debug.version", false, "Print detailed version information about this program")
 	flags.Bool("debug.no-compile-errors", false, "Don't print compile errors")
+	flags.String("debug.measure-analyzers", "", "Write analysis measurements to `file`. `file` will be opened for appending if it already exists.")
+	flags.Uint("debug.repeat-analyzers", 0, "Run analyzers `num` times")
 
 	checks := list{"inherit"}
 	fail := list{"all"}
@@ -153,6 +157,24 @@ func ProcessFlagSet(cs []*analysis.Analyzer, cums []lint.CumulativeChecker, fs *
 	memProfile := fs.Lookup("debug.memprofile").Value.(flag.Getter).Get().(string)
 	debugVersion := fs.Lookup("debug.version").Value.(flag.Getter).Get().(bool)
 	debugNoCompile := fs.Lookup("debug.no-compile-errors").Value.(flag.Getter).Get().(bool)
+	debugRepeat := fs.Lookup("debug.repeat-analyzers").Value.(flag.Getter).Get().(uint)
+
+	var measureAnalyzers func(analysis *analysis.Analyzer, pkg *lint.Package, d time.Duration)
+	if path := fs.Lookup("debug.measure-analyzers").Value.(flag.Getter).Get().(string); path != "" {
+		f, err := os.OpenFile(path, os.O_CREATE|os.O_APPEND|os.O_WRONLY, 0600)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		mu := &sync.Mutex{}
+		measureAnalyzers = func(analysis *analysis.Analyzer, pkg *lint.Package, d time.Duration) {
+			mu.Lock()
+			defer mu.Unlock()
+			if _, err := fmt.Fprintf(f, "%s\t%s\t%d\n", analysis.Name, pkg.ID, d.Nanoseconds()); err != nil {
+				log.Println("error writing analysis measurements:", err)
+			}
+		}
+	}
 
 	cfg := config.Config{}
 	cfg.Checks = *fs.Lookup("checks").Value.(*list)
@@ -218,10 +240,12 @@ func ProcessFlagSet(cs []*analysis.Analyzer, cums []lint.CumulativeChecker, fs *
 	}
 
 	ps, err := Lint(cs, cums, fs.Args(), &Options{
-		Tags:      tags,
-		LintTests: tests,
-		GoVersion: goVersion,
-		Config:    cfg,
+		Tags:                     tags,
+		LintTests:                tests,
+		GoVersion:                goVersion,
+		Config:                   cfg,
+		PrintAnalyzerMeasurement: measureAnalyzers,
+		RepeatAnalyzers:          debugRepeat,
 	})
 	if err != nil {
 		fmt.Fprintln(os.Stderr, err)
@@ -245,6 +269,7 @@ func ProcessFlagSet(cs []*analysis.Analyzer, cums []lint.CumulativeChecker, fs *
 		total    int
 		errors   int
 		warnings int
+		ignored  int
 	)
 
 	fail := *fs.Lookup("fail").Value.(*list)
@@ -262,6 +287,7 @@ func ProcessFlagSet(cs []*analysis.Analyzer, cums []lint.CumulativeChecker, fs *
 			continue
 		}
 		if p.Severity == lint.Ignored && !showIgnored {
+			ignored++
 			continue
 		}
 		if shouldExit[p.Check] {
@@ -273,7 +299,7 @@ func ProcessFlagSet(cs []*analysis.Analyzer, cums []lint.CumulativeChecker, fs *
 		f.Format(p)
 	}
 	if f, ok := f.(format.Statter); ok {
-		f.Stats(total, errors, warnings)
+		f.Stats(total, errors, warnings, ignored)
 	}
 	if errors > 0 {
 		exit(1)
@@ -284,9 +310,11 @@ func ProcessFlagSet(cs []*analysis.Analyzer, cums []lint.CumulativeChecker, fs *
 type Options struct {
 	Config config.Config
 
-	Tags      string
-	LintTests bool
-	GoVersion int
+	Tags                     string
+	LintTests                bool
+	GoVersion                int
+	PrintAnalyzerMeasurement func(analysis *analysis.Analyzer, pkg *lint.Package, d time.Duration)
+	RepeatAnalyzers          uint
 }
 
 func computeSalt() ([]byte, error) {
@@ -325,7 +353,9 @@ func Lint(cs []*analysis.Analyzer, cums []lint.CumulativeChecker, paths []string
 		CumulativeCheckers: cums,
 		GoVersion:          opt.GoVersion,
 		Config:             opt.Config,
+		RepeatAnalyzers:    opt.RepeatAnalyzers,
 	}
+	l.Stats.PrintAnalyzerMeasurement = opt.PrintAnalyzerMeasurement
 	cfg := &packages.Config{}
 	if opt.LintTests {
 		cfg.Tests = true
@@ -368,7 +398,8 @@ func Lint(cs []*analysis.Analyzer, cums []lint.CumulativeChecker, paths []string
 		}()
 	}
 
-	return l.Lint(cfg, paths)
+	ps, err := l.Lint(cfg, paths)
+	return ps, err
 }
 
 var posRe = regexp.MustCompile(`^(.+?):(\d+)(?::(\d+)?)?$`)
@@ -390,3 +421,24 @@ func parsePos(pos string) token.Position {
 		Column:   col,
 	}
 }
+
+func InitializeAnalyzers(docs map[string]*lint.Documentation, analyzers map[string]*analysis.Analyzer) map[string]*analysis.Analyzer {
+	out := make(map[string]*analysis.Analyzer, len(analyzers))
+	for k, v := range analyzers {
+		vc := *v
+		out[k] = &vc
+
+		vc.Name = k
+		doc, ok := docs[k]
+		if !ok {
+			panic(fmt.Sprintf("missing documentation for check %s", k))
+		}
+		vc.Doc = doc.String()
+		if vc.Flags.Usage == nil {
+			fs := flag.NewFlagSet("", flag.PanicOnError)
+			fs.Var(NewVersionFlag(), "go", "Target Go version")
+			vc.Flags = *fs
+		}
+	}
+	return out
+}
diff --git a/vendor/honnef.co/go/tools/lint/runner.go b/vendor/honnef.co/go/tools/lint/runner.go
index 3b22a63f..74106ced 100644
--- a/vendor/honnef.co/go/tools/lint/runner.go
+++ b/vendor/honnef.co/go/tools/lint/runner.go
@@ -1,6 +1,30 @@
 package lint
 
 /*
+Package loading
+
+Conceptually, package loading in the runner can be imagined as a
+graph-shaped work list. We iteratively pop off leaf nodes (packages
+that have no unloaded dependencies) and load data from export data,
+our cache, or source.
+
+Specifically, non-initial packages are loaded from export data and the
+fact cache if possible, otherwise from source. Initial packages are
+loaded from export data, the fact cache and the (problems, ignores,
+config) cache if possible, otherwise from source.
+
+The appeal of this approach is that it is both simple to implement and
+easily parallelizable. Each leaf node can be processed independently,
+and new leaf nodes appear as their dependencies are being processed.
+
+The downside of this approach, however, is that we're doing more work
+than necessary. Imagine an initial package A, which has the following
+dependency chain: A->B->C->D – in the current implementation, we will
+load all 4 packages. However, if package A can be loaded fully from
+cached information, then none of its dependencies are necessary, and
+we could avoid loading them.
+
+
 Parallelism
 
 Runner implements parallel processing of packages by spawning one
@@ -19,6 +43,34 @@ all execute in parallel, while not wasting resources for long linear
 chains or trying to process more subgraphs in parallel than the system
 can handle.
 
+
+Caching
+
+We make use of several caches. These caches are Go's export data, our
+facts cache, and our (problems, ignores, config) cache.
+
+Initial packages will either be loaded from a combination of all three
+caches, or from source. Non-initial packages will either be loaded
+from a combination of export data and facts cache, or from source.
+
+The facts cache is separate from the (problems, ignores, config) cache
+because when we process non-initial packages, we generate facts, but
+we discard problems and ignores.
+
+The facts cache is keyed by (package, analyzer), whereas the
+(problems, ignores, config) cache is keyed by (package, list of
+analyzes). The difference between the two exists because there are
+only a handful of analyses that produce facts, but hundreds of
+analyses that don't. Creating one cache entry per fact-generating
+analysis is feasible, creating one cache entry per normal analysis has
+significant performance and storage overheads.
+
+The downside of keying by the list of analyzes is, naturally, that a
+change in list of analyzes changes the cache key. `staticcheck -checks
+A` and `staticcheck -checks A,B` will therefore need their own cache
+entries and not reuse each other's work. This problem does not affect
+the facts cache.
+
 */
 
 import (
@@ -37,6 +89,7 @@ import (
 	"strings"
 	"sync"
 	"sync/atomic"
+	"time"
 
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/packages"
@@ -47,6 +100,11 @@ import (
 	"honnef.co/go/tools/loader"
 )
 
+func init() {
+	gob.Register(&FileIgnore{})
+	gob.Register(&LineIgnore{})
+}
+
 // If enabled, abuse of the go/analysis API will lead to panics
 const sanityCheck = true
 
@@ -58,21 +116,43 @@ const sanityCheck = true
 // This may change unused's behavior, however, as it may observe fewer
 // interfaces from transitive dependencies.
 
+// OPT(dh): every single package will have the same value for
+// canClearTypes. We could move the Package.decUse method to runner to
+// eliminate this field. This is probably not worth it, though. There
+// are only thousands of packages, so the field only takes up
+// kilobytes of memory.
+
+// OPT(dh): do we really need the Package.gen field? it's based
+// trivially on pkg.results and merely caches the result of a type
+// assertion. How often do we actually use the field?
+
 type Package struct {
+	// dependents is initially set to 1 plus the number of packages
+	// that directly import this package. It is atomically decreased
+	// by 1 every time a dependent has been processed or when the
+	// package itself has been processed. Once the value reaches zero,
+	// the package is no longer needed.
 	dependents uint64
 
 	*packages.Package
-	Imports    []*Package
-	initial    bool
+	Imports []*Package
+	initial bool
+	// fromSource is set to true for packages that have been loaded
+	// from source. This is the case for initial packages, packages
+	// with missing export data, and packages with no cached facts.
 	fromSource bool
-	hash       string
-	done       chan struct{}
+	// hash stores the package hash, as computed by packageHash
+	hash     string
+	actionID cache.ActionID
+	done     chan struct{}
 
 	resultsMu sync.Mutex
-	// results maps analyzer IDs to analyzer results
+	// results maps analyzer IDs to analyzer results. it is
+	// implemented as a deduplicating concurrent cache.
 	results []*result
 
-	cfg      *config.Config
+	cfg *config.Config
+	// gen maps file names to the code generator that created them
 	gen      map[string]facts.Generator
 	problems []Problem
 	ignores  []Ignore
@@ -82,12 +162,22 @@ type Package struct {
 	facts    []map[types.Object][]analysis.Fact
 	pkgFacts [][]analysis.Fact
 
+	// canClearTypes is set to true if we can discard type
+	// information after the package and its dependents have been
+	// processed. This is the case when no cumulative checkers are
+	// being run.
 	canClearTypes bool
 }
 
+type cachedPackage struct {
+	Problems []Problem
+	Ignores  []Ignore
+	Config   *config.Config
+}
+
 func (pkg *Package) decUse() {
-	atomic.AddUint64(&pkg.dependents, ^uint64(0))
-	if atomic.LoadUint64(&pkg.dependents) == 0 {
+	ret := atomic.AddUint64(&pkg.dependents, ^uint64(0))
+	if ret == 0 {
 		// nobody depends on this package anymore
 		if pkg.canClearTypes {
 			pkg.Types = nil
@@ -108,16 +198,16 @@ type result struct {
 }
 
 type Runner struct {
-	ld    loader.Loader
-	cache *cache.Cache
+	cache           *cache.Cache
+	goVersion       int
+	stats           *Stats
+	repeatAnalyzers uint
 
-	analyzerIDs analyzerIDs
+	analyzerIDs      analyzerIDs
+	problemsCacheKey string
 
 	// limits parallelism of loading packages
 	loadSem chan struct{}
-
-	goVersion int
-	stats     *Stats
 }
 
 type analyzerIDs struct {
@@ -225,6 +315,13 @@ func (ac *analysisAction) report(pass *analysis.Pass, d analysis.Diagnostic) {
 		Message: d.Message,
 		Check:   pass.Analyzer.Name,
 	}
+	for _, r := range d.Related {
+		p.Related = append(p.Related, Related{
+			Pos:     DisplayPosition(pass.Fset, r.Pos),
+			End:     DisplayPosition(pass.Fset, r.End),
+			Message: r.Message,
+		})
+	}
 	ac.problems = append(ac.problems, p)
 }
 
@@ -278,6 +375,21 @@ func (r *Runner) runAnalysis(ac *analysisAction) (ret interface{}, err error) {
 	}
 }
 
+func (r *Runner) loadCachedPackage(pkg *Package, analyzers []*analysis.Analyzer) (cachedPackage, bool) {
+	// OPT(dh): we can cache this computation, it'll be the same for all packages
+	id := cache.Subkey(pkg.actionID, "data "+r.problemsCacheKey)
+
+	b, _, err := r.cache.GetBytes(id)
+	if err != nil {
+		return cachedPackage{}, false
+	}
+	var cpkg cachedPackage
+	if err := gob.NewDecoder(bytes.NewReader(b)).Decode(&cpkg); err != nil {
+		return cachedPackage{}, false
+	}
+	return cpkg, true
+}
+
 func (r *Runner) loadCachedFacts(a *analysis.Analyzer, pkg *Package) ([]Fact, bool) {
 	if len(a.FactTypes) == 0 {
 		return nil, true
@@ -285,10 +397,7 @@ func (r *Runner) loadCachedFacts(a *analysis.Analyzer, pkg *Package) ([]Fact, bo
 
 	var facts []Fact
 	// Look in the cache for facts
-	aID, err := passActionID(pkg, a)
-	if err != nil {
-		return nil, false
-	}
+	aID := passActionID(pkg, a)
 	aID = cache.Subkey(aID, "facts")
 	b, _, err := r.cache.GetBytes(aID)
 	if err != nil {
@@ -378,9 +487,15 @@ func (r *Runner) runAnalysisUser(pass *analysis.Pass, ac *analysisAction) (inter
 	}
 
 	// Then with this analyzer
-	ret, err := ac.analyzer.Run(pass)
-	if err != nil {
-		return nil, err
+	var ret interface{}
+	for i := uint(0); i < r.repeatAnalyzers+1; i++ {
+		var err error
+		t := time.Now()
+		ret, err = ac.analyzer.Run(pass)
+		r.stats.MeasureAnalyzer(ac.analyzer, ac.pkg, time.Since(t))
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	if len(ac.analyzer.FactTypes) > 0 {
@@ -404,16 +519,7 @@ func (r *Runner) runAnalysisUser(pass *analysis.Pass, ac *analysisAction) (inter
 			}
 		}
 
-		buf := &bytes.Buffer{}
-		if err := gob.NewEncoder(buf).Encode(facts); err != nil {
-			return nil, err
-		}
-		aID, err := passActionID(ac.pkg, ac.analyzer)
-		if err != nil {
-			return nil, err
-		}
-		aID = cache.Subkey(aID, "facts")
-		if err := r.cache.PutBytes(aID, buf.Bytes()); err != nil {
+		if err := r.cacheData(facts, ac.pkg, ac.analyzer, "facts"); err != nil {
 			return nil, err
 		}
 	}
@@ -421,6 +527,19 @@ func (r *Runner) runAnalysisUser(pass *analysis.Pass, ac *analysisAction) (inter
 	return ret, nil
 }
 
+func (r *Runner) cacheData(v interface{}, pkg *Package, a *analysis.Analyzer, subkey string) error {
+	buf := &bytes.Buffer{}
+	if err := gob.NewEncoder(buf).Encode(v); err != nil {
+		return err
+	}
+	aID := passActionID(pkg, a)
+	aID = cache.Subkey(aID, subkey)
+	if err := r.cache.PutBytes(aID, buf.Bytes()); err != nil {
+		return err
+	}
+	return nil
+}
+
 func NewRunner(stats *Stats) (*Runner, error) {
 	cache, err := cache.Default()
 	if err != nil {
@@ -438,9 +557,17 @@ func NewRunner(stats *Stats) (*Runner, error) {
 // diagnostics as well as extracted ignore directives.
 //
 // Note that diagnostics have not been filtered at this point yet, to
-// accomodate cumulative analyzes that require additional steps to
+// accommodate cumulative analyzes that require additional steps to
 // produce diagnostics.
 func (r *Runner) Run(cfg *packages.Config, patterns []string, analyzers []*analysis.Analyzer, hasCumulative bool) ([]*Package, error) {
+	checkerNames := make([]string, len(analyzers))
+	for i, a := range analyzers {
+		checkerNames[i] = a.Name
+	}
+	sort.Strings(checkerNames)
+	r.problemsCacheKey = strings.Join(checkerNames, " ")
+
+	var allAnalyzers []*analysis.Analyzer
 	r.analyzerIDs = analyzerIDs{m: map[*analysis.Analyzer]int{}}
 	id := 0
 	seen := map[*analysis.Analyzer]struct{}{}
@@ -450,6 +577,7 @@ func (r *Runner) Run(cfg *packages.Config, patterns []string, analyzers []*analy
 			return
 		}
 		seen[a] = struct{}{}
+		allAnalyzers = append(allAnalyzers, a)
 		r.analyzerIDs.m[a] = id
 		id++
 		for _, f := range a.FactTypes {
@@ -468,6 +596,11 @@ func (r *Runner) Run(cfg *packages.Config, patterns []string, analyzers []*analy
 	for _, a := range injectedAnalyses {
 		dfs(a)
 	}
+	// Run all analyzers on all packages (subject to further
+	// restrictions enforced later). This guarantees that if analyzer
+	// A1 depends on A2, and A2 has facts, that A2 will run on the
+	// dependencies of user-provided packages, even though A1 won't.
+	analyzers = allAnalyzers
 
 	var dcfg packages.Config
 	if cfg != nil {
@@ -475,11 +608,10 @@ func (r *Runner) Run(cfg *packages.Config, patterns []string, analyzers []*analy
 	}
 
 	atomic.StoreUint32(&r.stats.State, StateGraph)
-	initialPkgs, err := r.ld.Graph(dcfg, patterns...)
+	initialPkgs, err := loader.Graph(dcfg, patterns...)
 	if err != nil {
 		return nil, err
 	}
-
 	defer r.cache.Trim()
 
 	var allPkgs []*Package
@@ -507,7 +639,8 @@ func (r *Runner) Run(cfg *packages.Config, patterns []string, analyzers []*analy
 			m[l].Imports = append(m[l].Imports, m[v])
 		}
 
-		m[l].hash, err = packageHash(m[l])
+		m[l].hash, err = r.packageHash(m[l])
+		m[l].actionID = packageActionID(m[l])
 		if err != nil {
 			m[l].errs = append(m[l].errs, err)
 		}
@@ -564,27 +697,36 @@ func parsePos(pos string) (token.Position, int, error) {
 	}, len(parts[0]), nil
 }
 
-// loadPkg loads a Go package. If the package is in the set of initial
-// packages, it will be loaded from source, otherwise it will be
-// loaded from export data. In the case that the package was loaded
-// from export data, cached facts will also be loaded.
-//
-// Currently, only cached facts for this package will be loaded, not
-// for any of its dependencies.
+// loadPkg loads a Go package. It may be loaded from a combination of
+// caches, or from source.
 func (r *Runner) loadPkg(pkg *Package, analyzers []*analysis.Analyzer) error {
 	if pkg.Types != nil {
 		panic(fmt.Sprintf("internal error: %s has already been loaded", pkg.Package))
 	}
 
-	// Load type information
 	if pkg.initial {
-		// Load package from source
-		pkg.fromSource = true
-		return r.ld.LoadFromSource(pkg.Package)
+		// Try to load cached package
+		cpkg, ok := r.loadCachedPackage(pkg, analyzers)
+		if ok {
+			pkg.problems = cpkg.Problems
+			pkg.ignores = cpkg.Ignores
+			pkg.cfg = cpkg.Config
+		} else {
+			pkg.fromSource = true
+			return loader.LoadFromSource(pkg.Package)
+		}
 	}
 
+	// At this point we're either working with a non-initial package,
+	// or we managed to load cached problems for the package. We still
+	// need export data and facts.
+
+	// OPT(dh): we don't need type information for this package if no
+	// other package depends on it. this may be the case for initial
+	// packages.
+
 	// Load package from export data
-	if err := r.ld.LoadFromExport(pkg.Package); err != nil {
+	if err := loader.LoadFromExport(pkg.Package); err != nil {
 		// We asked Go to give us up to date export data, yet
 		// we can't load it. There must be something wrong.
 		//
@@ -597,7 +739,7 @@ func (r *Runner) loadPkg(pkg *Package, analyzers []*analysis.Analyzer) error {
 		// FIXME(dh): we no longer reload from export data, so
 		// theoretically we should be able to continue
 		pkg.fromSource = true
-		if err := r.ld.LoadFromSource(pkg.Package); err != nil {
+		if err := loader.LoadFromSource(pkg.Package); err != nil {
 			return err
 		}
 		// Make sure this package can't be imported successfully
@@ -658,13 +800,14 @@ func (r *Runner) loadPkg(pkg *Package, analyzers []*analysis.Analyzer) error {
 		dfs(a)
 	}
 
-	if failed {
-		pkg.fromSource = true
-		// XXX we added facts to the maps, we need to get rid of those
-		return r.ld.LoadFromSource(pkg.Package)
+	if !failed {
+		return nil
 	}
 
-	return nil
+	// We failed to load some cached facts
+	pkg.fromSource = true
+	// XXX we added facts to the maps, we need to get rid of those
+	return loader.LoadFromSource(pkg.Package)
 }
 
 type analysisError struct {
@@ -695,7 +838,7 @@ func (r *Runner) processPkg(pkg *Package, analyzers []*analysis.Analyzer) {
 	}()
 
 	// Ensure all packages have the generated map and config. This is
-	// required by interna of the runner. Analyses that themselves
+	// required by internals of the runner. Analyses that themselves
 	// make use of either have an explicit dependency so that other
 	// runners work correctly, too.
 	analyzers = append(analyzers[0:len(analyzers):len(analyzers)], injectedAnalyses...)
@@ -766,7 +909,7 @@ func (r *Runner) processPkg(pkg *Package, analyzers []*analysis.Analyzer) {
 			defer wg.Done()
 			// Only initial packages and packages with missing
 			// facts will have been loaded from source.
-			if pkg.initial || r.hasFacts(a) {
+			if pkg.initial || len(a.FactTypes) > 0 {
 				if _, err := r.runAnalysis(ac); err != nil {
 					errs[i] = analysisError{a, pkg, err}
 					return
@@ -800,6 +943,8 @@ func (r *Runner) processPkg(pkg *Package, analyzers []*analysis.Analyzer) {
 
 	// We can't process ignores at this point because `unused` needs
 	// to see more than one package to make its decision.
+	//
+	// OPT(dh): can't we guard this block of code by pkg.initial?
 	ignores, problems := parseDirectives(pkg.Package)
 	pkg.ignores = append(pkg.ignores, ignores...)
 	pkg.problems = append(pkg.problems, problems...)
@@ -824,32 +969,6 @@ func (r *Runner) processPkg(pkg *Package, analyzers []*analysis.Analyzer) {
 	// from processPkg.
 }
 
-// hasFacts reports whether an analysis exports any facts. An analysis
-// that has a transitive dependency that exports facts is considered
-// to be exporting facts.
-func (r *Runner) hasFacts(a *analysis.Analyzer) bool {
-	ret := false
-	seen := make([]bool, len(r.analyzerIDs.m))
-	var dfs func(*analysis.Analyzer)
-	dfs = func(a *analysis.Analyzer) {
-		if seen[r.analyzerIDs.get(a)] {
-			return
-		}
-		seen[r.analyzerIDs.get(a)] = true
-		if len(a.FactTypes) > 0 {
-			ret = true
-		}
-		for _, req := range a.Requires {
-			if ret {
-				break
-			}
-			dfs(req)
-		}
-	}
-	dfs(a)
-	return ret
-}
-
 func parseDirective(s string) (cmd string, args []string) {
 	if !strings.HasPrefix(s, "//lint:") {
 		return "", nil
@@ -912,7 +1031,7 @@ func parseDirectives(pkg *packages.Package) ([]Ignore, []Problem) {
 							File:   pos.Filename,
 							Line:   pos.Line,
 							Checks: checks,
-							Pos:    c.Pos(),
+							Pos:    DisplayPosition(pkg.Fset, c.Pos()),
 						}
 					case "file-ignore":
 						ig = &FileIgnore{
@@ -932,9 +1051,10 @@ func parseDirectives(pkg *packages.Package) ([]Ignore, []Problem) {
 // packageHash computes a package's hash. The hash is based on all Go
 // files that make up the package, as well as the hashes of imported
 // packages.
-func packageHash(pkg *Package) (string, error) {
+func (r *Runner) packageHash(pkg *Package) (string, error) {
 	key := cache.NewHash("package hash")
 	fmt.Fprintf(key, "pkgpath %s\n", pkg.PkgPath)
+	fmt.Fprintf(key, "go %d\n", r.goVersion)
 	for _, f := range pkg.CompiledGoFiles {
 		h, err := cache.FileHash(f)
 		if err != nil {
@@ -943,6 +1063,28 @@ func packageHash(pkg *Package) (string, error) {
 		fmt.Fprintf(key, "file %s %x\n", f, h)
 	}
 
+	// Actually load the configuration to calculate its hash. This
+	// will take into consideration inheritance of configuration
+	// files, as well as the default configuration.
+	//
+	// OPT(dh): doing this means we'll load the config twice: once for
+	// computing the hash, and once when analyzing the package from
+	// source.
+	cdir := config.Dir(pkg.GoFiles)
+	if cdir == "" {
+		fmt.Fprintf(key, "file %s %x\n", config.ConfigName, [cache.HashSize]byte{})
+	} else {
+		cfg, err := config.Load(cdir)
+		if err != nil {
+			return "", err
+		}
+		h := cache.NewHash(config.ConfigName)
+		if _, err := h.Write([]byte(cfg.String())); err != nil {
+			return "", err
+		}
+		fmt.Fprintf(key, "file %s %x\n", config.ConfigName, h.Sum())
+	}
+
 	imps := make([]*Package, len(pkg.Imports))
 	copy(imps, pkg.Imports)
 	sort.Slice(imps, func(i, j int) bool {
@@ -959,12 +1101,14 @@ func packageHash(pkg *Package) (string, error) {
 	return hex.EncodeToString(h[:]), nil
 }
 
-// passActionID computes an ActionID for an analysis pass.
-func passActionID(pkg *Package, analyzer *analysis.Analyzer) (cache.ActionID, error) {
-	key := cache.NewHash("action ID")
+func packageActionID(pkg *Package) cache.ActionID {
+	key := cache.NewHash("package ID")
 	fmt.Fprintf(key, "pkgpath %s\n", pkg.PkgPath)
 	fmt.Fprintf(key, "pkghash %s\n", pkg.hash)
-	fmt.Fprintf(key, "analyzer %s\n", analyzer.Name)
-
-	return key.Sum(), nil
+	return key.Sum()
+}
+
+// passActionID computes an ActionID for an analysis pass.
+func passActionID(pkg *Package, analyzer *analysis.Analyzer) cache.ActionID {
+	return cache.Subkey(pkg.actionID, fmt.Sprintf("analyzer %s", analyzer.Name))
 }
diff --git a/vendor/honnef.co/go/tools/lint/stats.go b/vendor/honnef.co/go/tools/lint/stats.go
index 2f650855..85eb9784 100644
--- a/vendor/honnef.co/go/tools/lint/stats.go
+++ b/vendor/honnef.co/go/tools/lint/stats.go
@@ -1,5 +1,11 @@
 package lint
 
+import (
+	"time"
+
+	"golang.org/x/tools/go/analysis"
+)
+
 const (
 	StateInitializing = 0
 	StateGraph        = 1
@@ -17,4 +23,16 @@ type Stats struct {
 	Problems                 uint32
 	ActiveWorkers            uint32
 	TotalWorkers             uint32
+	PrintAnalyzerMeasurement func(*analysis.Analyzer, *Package, time.Duration)
+}
+
+type AnalysisMeasurementKey struct {
+	Analysis string
+	Pkg      string
+}
+
+func (s *Stats) MeasureAnalyzer(analysis *analysis.Analyzer, pkg *Package, d time.Duration) {
+	if s.PrintAnalyzerMeasurement != nil {
+		s.PrintAnalyzerMeasurement(analysis, pkg, d)
+	}
 }
diff --git a/vendor/honnef.co/go/tools/loader/loader.go b/vendor/honnef.co/go/tools/loader/loader.go
index 9c6885d4..a14f274d 100644
--- a/vendor/honnef.co/go/tools/loader/loader.go
+++ b/vendor/honnef.co/go/tools/loader/loader.go
@@ -1,6 +1,7 @@
 package loader
 
 import (
+	"errors"
 	"fmt"
 	"go/ast"
 	"go/parser"
@@ -9,22 +10,17 @@ import (
 	"go/types"
 	"log"
 	"os"
-	"sync"
 
 	"golang.org/x/tools/go/gcexportdata"
 	"golang.org/x/tools/go/packages"
 )
 
-type Loader struct {
-	exportMu sync.RWMutex
-}
-
 // Graph resolves patterns and returns packages with all the
 // information required to later load type information, and optionally
 // syntax trees.
 //
 // The provided config can set any setting with the exception of Mode.
-func (ld *Loader) Graph(cfg packages.Config, patterns ...string) ([]*packages.Package, error) {
+func Graph(cfg packages.Config, patterns ...string) ([]*packages.Package, error) {
 	cfg.Mode = packages.NeedName | packages.NeedImports | packages.NeedDeps | packages.NeedExportsFile | packages.NeedFiles | packages.NeedCompiledGoFiles | packages.NeedTypesSizes
 	pkgs, err := packages.Load(&cfg, patterns...)
 	if err != nil {
@@ -34,15 +30,29 @@ func (ld *Loader) Graph(cfg packages.Config, patterns ...string) ([]*packages.Pa
 	packages.Visit(pkgs, nil, func(pkg *packages.Package) {
 		pkg.Fset = fset
 	})
-	return pkgs, nil
+
+	n := 0
+	for _, pkg := range pkgs {
+		if len(pkg.CompiledGoFiles) == 0 && len(pkg.Errors) == 0 && pkg.PkgPath != "unsafe" {
+			// If a package consists only of test files, then
+			// go/packages incorrectly(?) returns an empty package for
+			// the non-test variant. Get rid of those packages. See
+			// #646.
+			//
+			// Do not, however, skip packages that have errors. Those,
+			// too, may have no files, but we want to print the
+			// errors.
+			continue
+		}
+		pkgs[n] = pkg
+		n++
+	}
+	return pkgs[:n], nil
 }
 
 // LoadFromExport loads a package from export data. All of its
 // dependencies must have been loaded already.
-func (ld *Loader) LoadFromExport(pkg *packages.Package) error {
-	ld.exportMu.Lock()
-	defer ld.exportMu.Unlock()
-
+func LoadFromExport(pkg *packages.Package) error {
 	pkg.IllTyped = true
 	for path, pkg := range pkg.Imports {
 		if pkg.Types == nil {
@@ -87,10 +97,7 @@ func (ld *Loader) LoadFromExport(pkg *packages.Package) error {
 
 // LoadFromSource loads a package from source. All of its dependencies
 // must have been loaded already.
-func (ld *Loader) LoadFromSource(pkg *packages.Package) error {
-	ld.exportMu.RLock()
-	defer ld.exportMu.RUnlock()
-
+func LoadFromSource(pkg *packages.Package) error {
 	pkg.IllTyped = true
 	pkg.Types = types.NewPackage(pkg.PkgPath, pkg.Name)
 
@@ -121,6 +128,12 @@ func (ld *Loader) LoadFromSource(pkg *packages.Package) error {
 		if path == "unsafe" {
 			return types.Unsafe, nil
 		}
+		if path == "C" {
+			// go/packages doesn't tell us that cgo preprocessing
+			// failed. When we subsequently try to parse the package,
+			// we'll encounter the raw C import.
+			return nil, errors.New("cgo preprocessing failed")
+		}
 		imp := pkg.Imports[path]
 		if imp == nil {
 			return nil, nil
diff --git a/vendor/honnef.co/go/tools/pattern/convert.go b/vendor/honnef.co/go/tools/pattern/convert.go
new file mode 100644
index 00000000..dfcd1560
--- /dev/null
+++ b/vendor/honnef.co/go/tools/pattern/convert.go
@@ -0,0 +1,242 @@
+package pattern
+
+import (
+	"fmt"
+	"go/ast"
+	"go/token"
+	"go/types"
+	"reflect"
+)
+
+var astTypes = map[string]reflect.Type{
+	"Ellipsis":       reflect.TypeOf(ast.Ellipsis{}),
+	"RangeStmt":      reflect.TypeOf(ast.RangeStmt{}),
+	"AssignStmt":     reflect.TypeOf(ast.AssignStmt{}),
+	"IndexExpr":      reflect.TypeOf(ast.IndexExpr{}),
+	"Ident":          reflect.TypeOf(ast.Ident{}),
+	"ValueSpec":      reflect.TypeOf(ast.ValueSpec{}),
+	"GenDecl":        reflect.TypeOf(ast.GenDecl{}),
+	"BinaryExpr":     reflect.TypeOf(ast.BinaryExpr{}),
+	"ForStmt":        reflect.TypeOf(ast.ForStmt{}),
+	"ArrayType":      reflect.TypeOf(ast.ArrayType{}),
+	"DeferStmt":      reflect.TypeOf(ast.DeferStmt{}),
+	"MapType":        reflect.TypeOf(ast.MapType{}),
+	"ReturnStmt":     reflect.TypeOf(ast.ReturnStmt{}),
+	"SliceExpr":      reflect.TypeOf(ast.SliceExpr{}),
+	"StarExpr":       reflect.TypeOf(ast.StarExpr{}),
+	"UnaryExpr":      reflect.TypeOf(ast.UnaryExpr{}),
+	"SendStmt":       reflect.TypeOf(ast.SendStmt{}),
+	"SelectStmt":     reflect.TypeOf(ast.SelectStmt{}),
+	"ImportSpec":     reflect.TypeOf(ast.ImportSpec{}),
+	"IfStmt":         reflect.TypeOf(ast.IfStmt{}),
+	"GoStmt":         reflect.TypeOf(ast.GoStmt{}),
+	"Field":          reflect.TypeOf(ast.Field{}),
+	"SelectorExpr":   reflect.TypeOf(ast.SelectorExpr{}),
+	"StructType":     reflect.TypeOf(ast.StructType{}),
+	"KeyValueExpr":   reflect.TypeOf(ast.KeyValueExpr{}),
+	"FuncType":       reflect.TypeOf(ast.FuncType{}),
+	"FuncLit":        reflect.TypeOf(ast.FuncLit{}),
+	"FuncDecl":       reflect.TypeOf(ast.FuncDecl{}),
+	"ChanType":       reflect.TypeOf(ast.ChanType{}),
+	"CallExpr":       reflect.TypeOf(ast.CallExpr{}),
+	"CaseClause":     reflect.TypeOf(ast.CaseClause{}),
+	"CommClause":     reflect.TypeOf(ast.CommClause{}),
+	"CompositeLit":   reflect.TypeOf(ast.CompositeLit{}),
+	"EmptyStmt":      reflect.TypeOf(ast.EmptyStmt{}),
+	"SwitchStmt":     reflect.TypeOf(ast.SwitchStmt{}),
+	"TypeSwitchStmt": reflect.TypeOf(ast.TypeSwitchStmt{}),
+	"TypeAssertExpr": reflect.TypeOf(ast.TypeAssertExpr{}),
+	"TypeSpec":       reflect.TypeOf(ast.TypeSpec{}),
+	"InterfaceType":  reflect.TypeOf(ast.InterfaceType{}),
+	"BranchStmt":     reflect.TypeOf(ast.BranchStmt{}),
+	"IncDecStmt":     reflect.TypeOf(ast.IncDecStmt{}),
+	"BasicLit":       reflect.TypeOf(ast.BasicLit{}),
+}
+
+func ASTToNode(node interface{}) Node {
+	switch node := node.(type) {
+	case *ast.File:
+		panic("cannot convert *ast.File to Node")
+	case nil:
+		return Nil{}
+	case string:
+		return String(node)
+	case token.Token:
+		return Token(node)
+	case *ast.ExprStmt:
+		return ASTToNode(node.X)
+	case *ast.BlockStmt:
+		if node == nil {
+			return Nil{}
+		}
+		return ASTToNode(node.List)
+	case *ast.FieldList:
+		if node == nil {
+			return Nil{}
+		}
+		return ASTToNode(node.List)
+	case *ast.BasicLit:
+		if node == nil {
+			return Nil{}
+		}
+	case *ast.ParenExpr:
+		return ASTToNode(node.X)
+	}
+
+	if node, ok := node.(ast.Node); ok {
+		name := reflect.TypeOf(node).Elem().Name()
+		T, ok := structNodes[name]
+		if !ok {
+			panic(fmt.Sprintf("internal error: unhandled type %T", node))
+		}
+
+		if reflect.ValueOf(node).IsNil() {
+			return Nil{}
+		}
+		v := reflect.ValueOf(node).Elem()
+		objs := make([]Node, T.NumField())
+		for i := 0; i < T.NumField(); i++ {
+			f := v.FieldByName(T.Field(i).Name)
+			objs[i] = ASTToNode(f.Interface())
+		}
+
+		n, err := populateNode(name, objs, false)
+		if err != nil {
+			panic(fmt.Sprintf("internal error: %s", err))
+		}
+		return n
+	}
+
+	s := reflect.ValueOf(node)
+	if s.Kind() == reflect.Slice {
+		if s.Len() == 0 {
+			return List{}
+		}
+		if s.Len() == 1 {
+			return ASTToNode(s.Index(0).Interface())
+		}
+
+		tail := List{}
+		for i := s.Len() - 1; i >= 0; i-- {
+			head := ASTToNode(s.Index(i).Interface())
+			l := List{
+				Head: head,
+				Tail: tail,
+			}
+			tail = l
+		}
+		return tail
+	}
+
+	panic(fmt.Sprintf("internal error: unhandled type %T", node))
+}
+
+func NodeToAST(node Node, state State) interface{} {
+	switch node := node.(type) {
+	case Binding:
+		v, ok := state[node.Name]
+		if !ok {
+			// really we want to return an error here
+			panic("XXX")
+		}
+		switch v := v.(type) {
+		case types.Object:
+			return &ast.Ident{Name: v.Name()}
+		default:
+			return v
+		}
+	case Builtin, Any, Object, Function, Not, Or:
+		panic("XXX")
+	case List:
+		if (node == List{}) {
+			return []ast.Node{}
+		}
+		x := []ast.Node{NodeToAST(node.Head, state).(ast.Node)}
+		x = append(x, NodeToAST(node.Tail, state).([]ast.Node)...)
+		return x
+	case Token:
+		return token.Token(node)
+	case String:
+		return string(node)
+	case Nil:
+		return nil
+	}
+
+	name := reflect.TypeOf(node).Name()
+	T, ok := astTypes[name]
+	if !ok {
+		panic(fmt.Sprintf("internal error: unhandled type %T", node))
+	}
+	v := reflect.ValueOf(node)
+	out := reflect.New(T)
+	for i := 0; i < T.NumField(); i++ {
+		fNode := v.FieldByName(T.Field(i).Name)
+		if (fNode == reflect.Value{}) {
+			continue
+		}
+		fAST := out.Elem().FieldByName(T.Field(i).Name)
+		switch fAST.Type().Kind() {
+		case reflect.Slice:
+			c := reflect.ValueOf(NodeToAST(fNode.Interface().(Node), state))
+			if c.Kind() != reflect.Slice {
+				// it's a single node in the pattern, we have to wrap
+				// it in a slice
+				slice := reflect.MakeSlice(fAST.Type(), 1, 1)
+				slice.Index(0).Set(c)
+				c = slice
+			}
+			switch fAST.Interface().(type) {
+			case []ast.Node:
+				switch cc := c.Interface().(type) {
+				case []ast.Node:
+					fAST.Set(c)
+				case []ast.Expr:
+					var slice []ast.Node
+					for _, el := range cc {
+						slice = append(slice, el)
+					}
+					fAST.Set(reflect.ValueOf(slice))
+				default:
+					panic("XXX")
+				}
+			case []ast.Expr:
+				switch cc := c.Interface().(type) {
+				case []ast.Node:
+					var slice []ast.Expr
+					for _, el := range cc {
+						slice = append(slice, el.(ast.Expr))
+					}
+					fAST.Set(reflect.ValueOf(slice))
+				case []ast.Expr:
+					fAST.Set(c)
+				default:
+					panic("XXX")
+				}
+			default:
+				panic("XXX")
+			}
+		case reflect.Int:
+			c := reflect.ValueOf(NodeToAST(fNode.Interface().(Node), state))
+			switch c.Kind() {
+			case reflect.String:
+				tok, ok := tokensByString[c.Interface().(string)]
+				if !ok {
+					// really we want to return an error here
+					panic("XXX")
+				}
+				fAST.SetInt(int64(tok))
+			case reflect.Int:
+				fAST.Set(c)
+			default:
+				panic(fmt.Sprintf("internal error: unexpected kind %s", c.Kind()))
+			}
+		default:
+			r := NodeToAST(fNode.Interface().(Node), state)
+			if r != nil {
+				fAST.Set(reflect.ValueOf(r))
+			}
+		}
+	}
+
+	return out.Interface().(ast.Node)
+}
diff --git a/vendor/honnef.co/go/tools/pattern/doc.go b/vendor/honnef.co/go/tools/pattern/doc.go
new file mode 100644
index 00000000..05d86c25
--- /dev/null
+++ b/vendor/honnef.co/go/tools/pattern/doc.go
@@ -0,0 +1,273 @@
+/*
+Package pattern implements a simple language for pattern matching Go ASTs.
+
+Design decisions and trade-offs
+
+The language is designed specifically for the task of filtering ASTs
+to simplify the implementation of analyses in staticcheck.
+It is also intended to be trivial to parse and execute.
+
+To that end, we make certain decisions that make the language more
+suited to its task, while making certain queries infeasible.
+
+Furthermore, it is fully expected that the majority of analyses will still require ordinary Go code
+to further process the filtered AST, to make use of type information and to enforce complex invariants.
+It is not our goal to design a scripting language for writing entire checks in.
+
+The language
+
+At its core, patterns are a representation of Go ASTs, allowing for the use of placeholders to enable pattern matching.
+Their syntax is inspired by LISP and Haskell, but unlike LISP, the core unit of patterns isn't the list, but the node.
+There is a fixed set of nodes, identified by name, and with the exception of the Or node, all nodes have a fixed number of arguments.
+In addition to nodes, there are atoms, which represent basic units such as strings or the nil value.
+
+Pattern matching is implemented via bindings, represented by the Binding node.
+A Binding can match nodes and associate them with names, to later recall the nodes.
+This allows for expressing "this node must be equal to that node" constraints.
+
+To simplify writing and reading patterns, a small amount of additional syntax exists on top of nodes and atoms.
+This additional syntax doesn't add any new features of its own, it simply provides shortcuts to creating nodes and atoms.
+
+To show an example of a pattern, first consider this snippet of Go code:
+
+	if x := fn(); x != nil {
+		for _, v := range x {
+			println(v, x)
+		}
+	}
+
+The corresponding AST expressed as an idiomatic pattern would look as follows:
+
+	(IfStmt
+		(AssignStmt (Ident "x") ":=" (CallExpr (Ident "fn") []))
+		(BinaryExpr (Ident "x") "!=" (Ident "nil"))
+		(RangeStmt
+			(Ident "_") (Ident "v") ":=" (Ident "x")
+			(CallExpr (Ident "println") [(Ident "v") (Ident "x")]))
+		nil)
+
+Two things are worth noting about this representation.
+First, the [el1 el2 ...] syntax is a short-hand for creating lists.
+It is a short-hand for el1:el2:[], which itself is a short-hand for (List el1 (List el2 (List nil nil)).
+Second, note the absence of a lot of lists in places that normally accept lists.
+For example, assignment assigns a number of right-hands to a number of left-hands, yet our AssignStmt is lacking any form of list.
+This is due to the fact that a single node can match a list of exactly one element.
+Thus, the two following forms have identical matching behavior:
+
+	(AssignStmt (Ident "x") ":=" (CallExpr (Ident "fn") []))
+	(AssignStmt [(Ident "x")] ":=" [(CallExpr (Ident "fn") [])])
+
+This section serves as an overview of the language's syntax.
+More in-depth explanations of the matching behavior as well as an exhaustive list of node types follows in the coming sections.
+
+Pattern matching
+
+TODO write about pattern matching
+
+- inspired by haskell syntax, but much, much simpler and naive
+
+Node types
+
+The language contains two kinds of nodes: those that map to nodes in the AST, and those that implement additional logic.
+
+Nodes that map directly to AST nodes are named identically to the types in the go/ast package.
+What follows is an exhaustive list of these nodes:
+
+	(ArrayType len elt)
+	(AssignStmt lhs tok rhs)
+	(BasicLit kind value)
+	(BinaryExpr x op y)
+	(BranchStmt tok label)
+	(CallExpr fun args)
+	(CaseClause list body)
+	(ChanType dir value)
+	(CommClause comm body)
+	(CompositeLit type elts)
+	(DeferStmt call)
+	(Ellipsis elt)
+	(EmptyStmt)
+	(Field names type tag)
+	(ForStmt init cond post body)
+	(FuncDecl recv name type body)
+	(FuncLit type body)
+	(FuncType params results)
+	(GenDecl specs)
+	(GoStmt call)
+	(Ident name)
+	(IfStmt init cond body else)
+	(ImportSpec name path)
+	(IncDecStmt x tok)
+	(IndexExpr x index)
+	(InterfaceType methods)
+	(KeyValueExpr key value)
+	(MapType key value)
+	(RangeStmt key value tok x body)
+	(ReturnStmt results)
+	(SelectStmt body)
+	(SelectorExpr x sel)
+	(SendStmt chan value)
+	(SliceExpr x low high max)
+	(StarExpr x)
+	(StructType fields)
+	(SwitchStmt init tag body)
+	(TypeAssertExpr)
+	(TypeSpec name type)
+	(TypeSwitchStmt init assign body)
+	(UnaryExpr op x)
+	(ValueSpec names type values)
+
+Additionally, there are the String, Token and nil atoms.
+Strings are double-quoted string literals, as in (Ident "someName").
+Tokens are also represented as double-quoted string literals, but are converted to token.Token values in contexts that require tokens,
+such as in (BinaryExpr x "<" y), where "<" is transparently converted to token.LSS during matching.
+The keyword 'nil' denotes the nil value, which represents the absence of any value.
+
+We also defines the (List head tail) node, which is used to represent sequences of elements as a singly linked list.
+The head is a single element, and the tail is the remainder of the list.
+For example,
+
+	(List "foo" (List "bar" (List "baz" (List nil nil))))
+
+represents a list of three elements, "foo", "bar" and "baz". There is dedicated syntax for writing lists, which looks as follows:
+
+	["foo" "bar" "baz"]
+
+This syntax is itself syntactic sugar for the following form:
+
+	"foo":"bar":"baz":[]
+
+This form is of particular interest for pattern matching, as it allows matching on the head and tail. For example,
+
+	"foo":"bar":_
+
+would match any list with at least two elements, where the first two elements are "foo" and "bar". This is equivalent to writing
+
+	(List "foo" (List "bar" _))
+
+Note that it is not possible to match from the end of the list.
+That is, there is no way to express a query such as "a list of any length where the last element is foo".
+
+Note that unlike in LISP, nil and empty lists are distinct from one another.
+In patterns, with respect to lists, nil is akin to Go's untyped nil.
+It will match a nil ast.Node, but it will not match a nil []ast.Expr. Nil will, however, match pointers to named types such as *ast.Ident.
+Similarly, lists are akin to Go's
+slices. An empty list will match both a nil and an empty []ast.Expr, but it will not match a nil ast.Node.
+
+Due to the difference between nil and empty lists, an empty list is represented as (List nil nil), i.e. a list with no head or tail.
+Similarly, a list of one element is represented as (List el (List nil nil)). Unlike in LISP, it cannot be represented by (List el nil).
+
+Finally, there are nodes that implement special logic or matching behavior.
+
+(Any) matches any value. The underscore (_) maps to this node, making the following two forms equivalent:
+
+	(Ident _)
+	(Ident (Any))
+
+(Builtin name) matches a built-in identifier or function by name.
+This is a type-aware variant of (Ident name).
+Instead of only comparing the name, it resolves the object behind the name and makes sure it's a pre-declared identifier.
+
+For example, in the following piece of code
+
+	func fn() {
+		println(true)
+		true := false
+		println(true)
+	}
+
+the pattern
+
+	(Builtin "true")
+
+will match exactly once, on the first use of 'true' in the function.
+Subsequent occurrences of 'true' no longer refer to the pre-declared identifier.
+
+(Object name) matches an identifier by name, but yields the
+types.Object it refers to.
+
+(Function name) matches ast.Idents and ast.SelectorExprs that refer to a function with a given fully qualified name.
+For example, "net/url.PathEscape" matches the PathEscape function in the net/url package,
+and "(net/url.EscapeError).Error" refers to the Error method on the net/url.EscapeError type,
+either on an instance of the type, or on the type itself.
+
+For example, the following patterns match the following lines of code:
+
+	(CallExpr (Function "fmt.Println") _) // pattern 1
+	(CallExpr (Function "(net/url.EscapeError).Error") _) // pattern 2
+
+	fmt.Println("hello, world") // matches pattern 1
+	var x url.EscapeError
+	x.Error() // matches pattern 2
+	(url.EscapeError).Error(x) // also matches pattern 2
+
+(Binding name node) creates or uses a binding.
+Bindings work like variable assignments, allowing referring to already matched nodes.
+As an example, bindings are necessary to match self-assignment of the form "x = x",
+since we need to express that the right-hand side is identical to the left-hand side.
+
+If a binding's node is not nil, the matcher will attempt to match a node according to the pattern.
+If a binding's node is nil, the binding will either recall an existing value, or match the Any node.
+It is an error to provide a non-nil node to a binding that has already been bound.
+
+Referring back to the earlier example, the following pattern will match self-assignment of idents:
+
+	(AssignStmt (Binding "lhs" (Ident _)) "=" (Binding "lhs" nil))
+
+Because bindings are a crucial component of pattern matching, there is special syntax for creating and recalling bindings.
+Lower-case names refer to bindings. If standing on its own, the name "foo" will be equivalent to (Binding "foo" nil).
+If a name is followed by an at-sign (@) then it will create a binding for the node that follows.
+Together, this allows us to rewrite the earlier example as follows:
+
+	(AssignStmt lhs@(Ident _) "=" lhs)
+
+(Or nodes...) is a variadic node that tries matching each node until one succeeds. For example, the following pattern matches all idents of name "foo" or "bar":
+
+	(Ident (Or "foo" "bar"))
+
+We could also have written
+
+	(Or (Ident "foo") (Ident "bar"))
+
+and achieved the same result. We can also mix different kinds of nodes:
+
+	(Or (Ident "foo") (CallExpr (Ident "bar") _))
+
+When using bindings inside of nodes used inside Or, all or none of the bindings will be bound.
+That is, partially matched nodes that ultimately failed to match will not produce any bindings observable outside of the matching attempt.
+We can thus write
+
+	(Or (Ident name) (CallExpr name))
+
+and 'name' will either be a String if the first option matched, or an Ident or SelectorExpr if the second option matched.
+
+(Not node)
+
+The Not node negates a match. For example, (Not (Ident _)) will match all nodes that aren't identifiers.
+
+ChanDir(0)
+
+Automatic unnesting of AST nodes
+
+The Go AST has several types of nodes that wrap other nodes.
+To simplify matching, we automatically unwrap some of these nodes.
+
+These nodes are ExprStmt (for using expressions in a statement context),
+ParenExpr (for parenthesized expressions),
+DeclStmt (for declarations in a statement context),
+and LabeledStmt (for labeled statements).
+
+Thus, the query
+
+	(FuncLit _ [(CallExpr _ _)]
+
+will match a function literal containing a single function call,
+even though in the actual Go AST, the CallExpr is nested inside an ExprStmt,
+as function bodies are made up of sequences of statements.
+
+On the flip-side, there is no way to specifically match these wrapper nodes.
+For example, there is no way of searching for unnecessary parentheses, like in the following piece of Go code:
+
+	((x)) += 2
+
+*/
+package pattern
diff --git a/vendor/honnef.co/go/tools/pattern/fuzz.go b/vendor/honnef.co/go/tools/pattern/fuzz.go
new file mode 100644
index 00000000..52e7df97
--- /dev/null
+++ b/vendor/honnef.co/go/tools/pattern/fuzz.go
@@ -0,0 +1,50 @@
+// +build gofuzz
+
+package pattern
+
+import (
+	"go/ast"
+	goparser "go/parser"
+	"go/token"
+	"os"
+	"path/filepath"
+	"strings"
+)
+
+var files []*ast.File
+
+func init() {
+	fset := token.NewFileSet()
+	filepath.Walk("/usr/lib/go/src", func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			// XXX error handling
+			panic(err)
+		}
+		if !strings.HasSuffix(path, ".go") {
+			return nil
+		}
+		f, err := goparser.ParseFile(fset, path, nil, 0)
+		if err != nil {
+			return nil
+		}
+		files = append(files, f)
+		return nil
+	})
+}
+
+func Fuzz(data []byte) int {
+	p := &Parser{}
+	pat, err := p.Parse(string(data))
+	if err != nil {
+		if strings.Contains(err.Error(), "internal error") {
+			panic(err)
+		}
+		return 0
+	}
+	_ = pat.Root.String()
+
+	for _, f := range files {
+		Match(pat.Root, f)
+	}
+	return 1
+}
diff --git a/vendor/honnef.co/go/tools/pattern/lexer.go b/vendor/honnef.co/go/tools/pattern/lexer.go
new file mode 100644
index 00000000..fb72e392
--- /dev/null
+++ b/vendor/honnef.co/go/tools/pattern/lexer.go
@@ -0,0 +1,221 @@
+package pattern
+
+import (
+	"fmt"
+	"go/token"
+	"unicode"
+	"unicode/utf8"
+)
+
+type lexer struct {
+	f *token.File
+
+	input string
+	start int
+	pos   int
+	width int
+	items chan item
+}
+
+type itemType int
+
+const eof = -1
+
+const (
+	itemError itemType = iota
+	itemLeftParen
+	itemRightParen
+	itemLeftBracket
+	itemRightBracket
+	itemTypeName
+	itemVariable
+	itemAt
+	itemColon
+	itemBlank
+	itemString
+	itemEOF
+)
+
+func (typ itemType) String() string {
+	switch typ {
+	case itemError:
+		return "ERROR"
+	case itemLeftParen:
+		return "("
+	case itemRightParen:
+		return ")"
+	case itemLeftBracket:
+		return "["
+	case itemRightBracket:
+		return "]"
+	case itemTypeName:
+		return "TYPE"
+	case itemVariable:
+		return "VAR"
+	case itemAt:
+		return "@"
+	case itemColon:
+		return ":"
+	case itemBlank:
+		return "_"
+	case itemString:
+		return "STRING"
+	case itemEOF:
+		return "EOF"
+	default:
+		return fmt.Sprintf("itemType(%d)", typ)
+	}
+}
+
+type item struct {
+	typ itemType
+	val string
+	pos int
+}
+
+type stateFn func(*lexer) stateFn
+
+func (l *lexer) run() {
+	for state := lexStart; state != nil; {
+		state = state(l)
+	}
+	close(l.items)
+}
+
+func (l *lexer) emitValue(t itemType, value string) {
+	l.items <- item{t, value, l.start}
+	l.start = l.pos
+}
+
+func (l *lexer) emit(t itemType) {
+	l.items <- item{t, l.input[l.start:l.pos], l.start}
+	l.start = l.pos
+}
+
+func lexStart(l *lexer) stateFn {
+	switch r := l.next(); {
+	case r == eof:
+		l.emit(itemEOF)
+		return nil
+	case unicode.IsSpace(r):
+		l.ignore()
+	case r == '(':
+		l.emit(itemLeftParen)
+	case r == ')':
+		l.emit(itemRightParen)
+	case r == '[':
+		l.emit(itemLeftBracket)
+	case r == ']':
+		l.emit(itemRightBracket)
+	case r == '@':
+		l.emit(itemAt)
+	case r == ':':
+		l.emit(itemColon)
+	case r == '_':
+		l.emit(itemBlank)
+	case r == '"':
+		l.backup()
+		return lexString
+	case unicode.IsUpper(r):
+		l.backup()
+		return lexType
+	case unicode.IsLower(r):
+		l.backup()
+		return lexVariable
+	default:
+		return l.errorf("unexpected character %c", r)
+	}
+	return lexStart
+}
+
+func (l *lexer) next() (r rune) {
+	if l.pos >= len(l.input) {
+		l.width = 0
+		return eof
+	}
+	r, l.width = utf8.DecodeRuneInString(l.input[l.pos:])
+
+	if r == '\n' {
+		l.f.AddLine(l.pos)
+	}
+
+	l.pos += l.width
+
+	return r
+}
+
+func (l *lexer) ignore() {
+	l.start = l.pos
+}
+
+func (l *lexer) backup() {
+	l.pos -= l.width
+}
+
+func (l *lexer) errorf(format string, args ...interface{}) stateFn {
+	// TODO(dh): emit position information in errors
+	l.items <- item{
+		itemError,
+		fmt.Sprintf(format, args...),
+		l.start,
+	}
+	return nil
+}
+
+func isAlphaNumeric(r rune) bool {
+	return r >= '0' && r <= '9' ||
+		r >= 'a' && r <= 'z' ||
+		r >= 'A' && r <= 'Z'
+}
+
+func lexString(l *lexer) stateFn {
+	l.next() // skip quote
+	escape := false
+
+	var runes []rune
+	for {
+		switch r := l.next(); r {
+		case eof:
+			return l.errorf("unterminated string")
+		case '"':
+			if !escape {
+				l.emitValue(itemString, string(runes))
+				return lexStart
+			} else {
+				runes = append(runes, '"')
+				escape = false
+			}
+		case '\\':
+			if escape {
+				runes = append(runes, '\\')
+				escape = false
+			} else {
+				escape = true
+			}
+		default:
+			runes = append(runes, r)
+		}
+	}
+}
+
+func lexType(l *lexer) stateFn {
+	l.next()
+	for {
+		if !isAlphaNumeric(l.next()) {
+			l.backup()
+			l.emit(itemTypeName)
+			return lexStart
+		}
+	}
+}
+
+func lexVariable(l *lexer) stateFn {
+	l.next()
+	for {
+		if !isAlphaNumeric(l.next()) {
+			l.backup()
+			l.emit(itemVariable)
+			return lexStart
+		}
+	}
+}
diff --git a/vendor/honnef.co/go/tools/pattern/match.go b/vendor/honnef.co/go/tools/pattern/match.go
new file mode 100644
index 00000000..ff039baa
--- /dev/null
+++ b/vendor/honnef.co/go/tools/pattern/match.go
@@ -0,0 +1,513 @@
+package pattern
+
+import (
+	"fmt"
+	"go/ast"
+	"go/token"
+	"go/types"
+	"reflect"
+
+	"honnef.co/go/tools/lint"
+)
+
+var tokensByString = map[string]Token{
+	"INT":    Token(token.INT),
+	"FLOAT":  Token(token.FLOAT),
+	"IMAG":   Token(token.IMAG),
+	"CHAR":   Token(token.CHAR),
+	"STRING": Token(token.STRING),
+	"+":      Token(token.ADD),
+	"-":      Token(token.SUB),
+	"*":      Token(token.MUL),
+	"/":      Token(token.QUO),
+	"%":      Token(token.REM),
+	"&":      Token(token.AND),
+	"|":      Token(token.OR),
+	"^":      Token(token.XOR),
+	"<<":     Token(token.SHL),
+	">>":     Token(token.SHR),
+	"&^":     Token(token.AND_NOT),
+	"+=":     Token(token.ADD_ASSIGN),
+	"-=":     Token(token.SUB_ASSIGN),
+	"*=":     Token(token.MUL_ASSIGN),
+	"/=":     Token(token.QUO_ASSIGN),
+	"%=":     Token(token.REM_ASSIGN),
+	"&=":     Token(token.AND_ASSIGN),
+	"|=":     Token(token.OR_ASSIGN),
+	"^=":     Token(token.XOR_ASSIGN),
+	"<<=":    Token(token.SHL_ASSIGN),
+	">>=":    Token(token.SHR_ASSIGN),
+	"&^=":    Token(token.AND_NOT_ASSIGN),
+	"&&":     Token(token.LAND),
+	"||":     Token(token.LOR),
+	"<-":     Token(token.ARROW),
+	"++":     Token(token.INC),
+	"--":     Token(token.DEC),
+	"==":     Token(token.EQL),
+	"<":      Token(token.LSS),
+	">":      Token(token.GTR),
+	"=":      Token(token.ASSIGN),
+	"!":      Token(token.NOT),
+	"!=":     Token(token.NEQ),
+	"<=":     Token(token.LEQ),
+	">=":     Token(token.GEQ),
+	":=":     Token(token.DEFINE),
+	"...":    Token(token.ELLIPSIS),
+	"IMPORT": Token(token.IMPORT),
+	"VAR":    Token(token.VAR),
+	"TYPE":   Token(token.TYPE),
+	"CONST":  Token(token.CONST),
+}
+
+func maybeToken(node Node) (Node, bool) {
+	if node, ok := node.(String); ok {
+		if tok, ok := tokensByString[string(node)]; ok {
+			return tok, true
+		}
+		return node, false
+	}
+	return node, false
+}
+
+func isNil(v interface{}) bool {
+	if v == nil {
+		return true
+	}
+	if _, ok := v.(Nil); ok {
+		return true
+	}
+	return false
+}
+
+type matcher interface {
+	Match(*Matcher, interface{}) (interface{}, bool)
+}
+
+type State = map[string]interface{}
+
+type Matcher struct {
+	TypesInfo *types.Info
+	State     State
+}
+
+func (m *Matcher) fork() *Matcher {
+	state := make(State, len(m.State))
+	for k, v := range m.State {
+		state[k] = v
+	}
+	return &Matcher{
+		TypesInfo: m.TypesInfo,
+		State:     state,
+	}
+}
+
+func (m *Matcher) merge(mc *Matcher) {
+	m.State = mc.State
+}
+
+func (m *Matcher) Match(a Node, b ast.Node) bool {
+	m.State = State{}
+	_, ok := match(m, a, b)
+	return ok
+}
+
+func Match(a Node, b ast.Node) (*Matcher, bool) {
+	m := &Matcher{}
+	ret := m.Match(a, b)
+	return m, ret
+}
+
+// Match two items, which may be (Node, AST) or (AST, AST)
+func match(m *Matcher, l, r interface{}) (interface{}, bool) {
+	if _, ok := r.(Node); ok {
+		panic("Node mustn't be on right side of match")
+	}
+
+	switch l := l.(type) {
+	case *ast.ParenExpr:
+		return match(m, l.X, r)
+	case *ast.ExprStmt:
+		return match(m, l.X, r)
+	case *ast.DeclStmt:
+		return match(m, l.Decl, r)
+	case *ast.LabeledStmt:
+		return match(m, l.Stmt, r)
+	case *ast.BlockStmt:
+		return match(m, l.List, r)
+	case *ast.FieldList:
+		return match(m, l.List, r)
+	}
+
+	switch r := r.(type) {
+	case *ast.ParenExpr:
+		return match(m, l, r.X)
+	case *ast.ExprStmt:
+		return match(m, l, r.X)
+	case *ast.DeclStmt:
+		return match(m, l, r.Decl)
+	case *ast.LabeledStmt:
+		return match(m, l, r.Stmt)
+	case *ast.BlockStmt:
+		if r == nil {
+			return match(m, l, nil)
+		}
+		return match(m, l, r.List)
+	case *ast.FieldList:
+		if r == nil {
+			return match(m, l, nil)
+		}
+		return match(m, l, r.List)
+	case *ast.BasicLit:
+		if r == nil {
+			return match(m, l, nil)
+		}
+	}
+
+	if l, ok := l.(matcher); ok {
+		return l.Match(m, r)
+	}
+
+	if l, ok := l.(Node); ok {
+		// Matching of pattern with concrete value
+		return matchNodeAST(m, l, r)
+	}
+
+	if l == nil || r == nil {
+		return nil, l == r
+	}
+
+	{
+		ln, ok1 := l.(ast.Node)
+		rn, ok2 := r.(ast.Node)
+		if ok1 && ok2 {
+			return matchAST(m, ln, rn)
+		}
+	}
+
+	{
+		obj, ok := l.(types.Object)
+		if ok {
+			switch r := r.(type) {
+			case *ast.Ident:
+				return obj, obj == m.TypesInfo.ObjectOf(r)
+			case *ast.SelectorExpr:
+				return obj, obj == m.TypesInfo.ObjectOf(r.Sel)
+			default:
+				return obj, false
+			}
+		}
+	}
+
+	{
+		ln, ok1 := l.([]ast.Expr)
+		rn, ok2 := r.([]ast.Expr)
+		if ok1 || ok2 {
+			if ok1 && !ok2 {
+				rn = []ast.Expr{r.(ast.Expr)}
+			} else if !ok1 && ok2 {
+				ln = []ast.Expr{l.(ast.Expr)}
+			}
+
+			if len(ln) != len(rn) {
+				return nil, false
+			}
+			for i, ll := range ln {
+				if _, ok := match(m, ll, rn[i]); !ok {
+					return nil, false
+				}
+			}
+			return r, true
+		}
+	}
+
+	{
+		ln, ok1 := l.([]ast.Stmt)
+		rn, ok2 := r.([]ast.Stmt)
+		if ok1 || ok2 {
+			if ok1 && !ok2 {
+				rn = []ast.Stmt{r.(ast.Stmt)}
+			} else if !ok1 && ok2 {
+				ln = []ast.Stmt{l.(ast.Stmt)}
+			}
+
+			if len(ln) != len(rn) {
+				return nil, false
+			}
+			for i, ll := range ln {
+				if _, ok := match(m, ll, rn[i]); !ok {
+					return nil, false
+				}
+			}
+			return r, true
+		}
+	}
+
+	panic(fmt.Sprintf("unsupported comparison: %T and %T", l, r))
+}
+
+// Match a Node with an AST node
+func matchNodeAST(m *Matcher, a Node, b interface{}) (interface{}, bool) {
+	switch b := b.(type) {
+	case []ast.Stmt:
+		// 'a' is not a List or we'd be using its Match
+		// implementation.
+
+		if len(b) != 1 {
+			return nil, false
+		}
+		return match(m, a, b[0])
+	case []ast.Expr:
+		// 'a' is not a List or we'd be using its Match
+		// implementation.
+
+		if len(b) != 1 {
+			return nil, false
+		}
+		return match(m, a, b[0])
+	case ast.Node:
+		ra := reflect.ValueOf(a)
+		rb := reflect.ValueOf(b).Elem()
+
+		if ra.Type().Name() != rb.Type().Name() {
+			return nil, false
+		}
+
+		for i := 0; i < ra.NumField(); i++ {
+			af := ra.Field(i)
+			fieldName := ra.Type().Field(i).Name
+			bf := rb.FieldByName(fieldName)
+			if (bf == reflect.Value{}) {
+				panic(fmt.Sprintf("internal error: could not find field %s in type %t when comparing with %T", fieldName, b, a))
+			}
+			ai := af.Interface()
+			bi := bf.Interface()
+			if ai == nil {
+				return b, bi == nil
+			}
+			if _, ok := match(m, ai.(Node), bi); !ok {
+				return b, false
+			}
+		}
+		return b, true
+	case nil:
+		return nil, a == Nil{}
+	default:
+		panic(fmt.Sprintf("unhandled type %T", b))
+	}
+}
+
+// Match two AST nodes
+func matchAST(m *Matcher, a, b ast.Node) (interface{}, bool) {
+	ra := reflect.ValueOf(a)
+	rb := reflect.ValueOf(b)
+
+	if ra.Type() != rb.Type() {
+		return nil, false
+	}
+	if ra.IsNil() || rb.IsNil() {
+		return rb, ra.IsNil() == rb.IsNil()
+	}
+
+	ra = ra.Elem()
+	rb = rb.Elem()
+	for i := 0; i < ra.NumField(); i++ {
+		af := ra.Field(i)
+		bf := rb.Field(i)
+		if af.Type() == rtTokPos || af.Type() == rtObject || af.Type() == rtCommentGroup {
+			continue
+		}
+
+		switch af.Kind() {
+		case reflect.Slice:
+			if af.Len() != bf.Len() {
+				return nil, false
+			}
+			for j := 0; j < af.Len(); j++ {
+				if _, ok := match(m, af.Index(j).Interface().(ast.Node), bf.Index(j).Interface().(ast.Node)); !ok {
+					return nil, false
+				}
+			}
+		case reflect.String:
+			if af.String() != bf.String() {
+				return nil, false
+			}
+		case reflect.Int:
+			if af.Int() != bf.Int() {
+				return nil, false
+			}
+		case reflect.Bool:
+			if af.Bool() != bf.Bool() {
+				return nil, false
+			}
+		case reflect.Ptr, reflect.Interface:
+			if _, ok := match(m, af.Interface(), bf.Interface()); !ok {
+				return nil, false
+			}
+		default:
+			panic(fmt.Sprintf("internal error: unhandled kind %s (%T)", af.Kind(), af.Interface()))
+		}
+	}
+	return b, true
+}
+
+func (b Binding) Match(m *Matcher, node interface{}) (interface{}, bool) {
+	if isNil(b.Node) {
+		v, ok := m.State[b.Name]
+		if ok {
+			// Recall value
+			return match(m, v, node)
+		}
+		// Matching anything
+		b.Node = Any{}
+	}
+
+	// Store value
+	if _, ok := m.State[b.Name]; ok {
+		panic(fmt.Sprintf("binding already created: %s", b.Name))
+	}
+	new, ret := match(m, b.Node, node)
+	if ret {
+		m.State[b.Name] = new
+	}
+	return new, ret
+}
+
+func (Any) Match(m *Matcher, node interface{}) (interface{}, bool) {
+	return node, true
+}
+
+func (l List) Match(m *Matcher, node interface{}) (interface{}, bool) {
+	v := reflect.ValueOf(node)
+	if v.Kind() == reflect.Slice {
+		if isNil(l.Head) {
+			return node, v.Len() == 0
+		}
+		if v.Len() == 0 {
+			return nil, false
+		}
+		// OPT(dh): don't check the entire tail if head didn't match
+		_, ok1 := match(m, l.Head, v.Index(0).Interface())
+		_, ok2 := match(m, l.Tail, v.Slice(1, v.Len()).Interface())
+		return node, ok1 && ok2
+	}
+	// Our empty list does not equal an untyped Go nil. This way, we can
+	// tell apart an if with no else and an if with an empty else.
+	return nil, false
+}
+
+func (s String) Match(m *Matcher, node interface{}) (interface{}, bool) {
+	switch o := node.(type) {
+	case token.Token:
+		if tok, ok := maybeToken(s); ok {
+			return match(m, tok, node)
+		}
+		return nil, false
+	case string:
+		return o, string(s) == o
+	default:
+		return nil, false
+	}
+}
+
+func (tok Token) Match(m *Matcher, node interface{}) (interface{}, bool) {
+	o, ok := node.(token.Token)
+	if !ok {
+		return nil, false
+	}
+	return o, token.Token(tok) == o
+}
+
+func (Nil) Match(m *Matcher, node interface{}) (interface{}, bool) {
+	return nil, isNil(node)
+}
+
+func (builtin Builtin) Match(m *Matcher, node interface{}) (interface{}, bool) {
+	ident, ok := node.(*ast.Ident)
+	if !ok {
+		return nil, false
+	}
+	obj := m.TypesInfo.ObjectOf(ident)
+	if obj != types.Universe.Lookup(ident.Name) {
+		return nil, false
+	}
+	return match(m, builtin.Name, ident.Name)
+}
+
+func (obj Object) Match(m *Matcher, node interface{}) (interface{}, bool) {
+	ident, ok := node.(*ast.Ident)
+	if !ok {
+		return nil, false
+	}
+
+	id := m.TypesInfo.ObjectOf(ident)
+	_, ok = match(m, obj.Name, ident.Name)
+	return id, ok
+}
+
+func (fn Function) Match(m *Matcher, node interface{}) (interface{}, bool) {
+	var name string
+	var obj types.Object
+	switch node := node.(type) {
+	case *ast.Ident:
+		obj = m.TypesInfo.ObjectOf(node)
+		switch obj := obj.(type) {
+		case *types.Func:
+			name = lint.FuncName(obj)
+		case *types.Builtin:
+			name = obj.Name()
+		default:
+			return nil, false
+		}
+	case *ast.SelectorExpr:
+		var ok bool
+		obj, ok = m.TypesInfo.ObjectOf(node.Sel).(*types.Func)
+		if !ok {
+			return nil, false
+		}
+		name = lint.FuncName(obj.(*types.Func))
+	default:
+		return nil, false
+	}
+	_, ok := match(m, fn.Name, name)
+	return obj, ok
+}
+
+func (or Or) Match(m *Matcher, node interface{}) (interface{}, bool) {
+	for _, opt := range or.Nodes {
+		mc := m.fork()
+		if ret, ok := match(mc, opt, node); ok {
+			m.merge(mc)
+			return ret, true
+		}
+	}
+	return nil, false
+}
+
+func (not Not) Match(m *Matcher, node interface{}) (interface{}, bool) {
+	_, ok := match(m, not.Node, node)
+	if ok {
+		return nil, false
+	}
+	return node, true
+}
+
+var (
+	// Types of fields in go/ast structs that we want to skip
+	rtTokPos       = reflect.TypeOf(token.Pos(0))
+	rtObject       = reflect.TypeOf((*ast.Object)(nil))
+	rtCommentGroup = reflect.TypeOf((*ast.CommentGroup)(nil))
+)
+
+var (
+	_ matcher = Binding{}
+	_ matcher = Any{}
+	_ matcher = List{}
+	_ matcher = String("")
+	_ matcher = Token(0)
+	_ matcher = Nil{}
+	_ matcher = Builtin{}
+	_ matcher = Object{}
+	_ matcher = Function{}
+	_ matcher = Or{}
+	_ matcher = Not{}
+)
diff --git a/vendor/honnef.co/go/tools/pattern/parser.go b/vendor/honnef.co/go/tools/pattern/parser.go
new file mode 100644
index 00000000..009238b8
--- /dev/null
+++ b/vendor/honnef.co/go/tools/pattern/parser.go
@@ -0,0 +1,455 @@
+package pattern
+
+import (
+	"fmt"
+	"go/ast"
+	"go/token"
+	"reflect"
+)
+
+type Pattern struct {
+	Root Node
+	// Relevant contains instances of ast.Node that could potentially
+	// initiate a successful match of the pattern.
+	Relevant []reflect.Type
+}
+
+func MustParse(s string) Pattern {
+	p := &Parser{AllowTypeInfo: true}
+	pat, err := p.Parse(s)
+	if err != nil {
+		panic(err)
+	}
+	return pat
+}
+
+func roots(node Node) []reflect.Type {
+	switch node := node.(type) {
+	case Or:
+		var out []reflect.Type
+		for _, el := range node.Nodes {
+			out = append(out, roots(el)...)
+		}
+		return out
+	case Not:
+		return roots(node.Node)
+	case Binding:
+		return roots(node.Node)
+	case Nil, nil:
+		// this branch is reached via bindings
+		return allTypes
+	default:
+		Ts, ok := nodeToASTTypes[reflect.TypeOf(node)]
+		if !ok {
+			panic(fmt.Sprintf("internal error: unhandled type %T", node))
+		}
+		return Ts
+	}
+}
+
+var allTypes = []reflect.Type{
+	reflect.TypeOf((*ast.RangeStmt)(nil)),
+	reflect.TypeOf((*ast.AssignStmt)(nil)),
+	reflect.TypeOf((*ast.IndexExpr)(nil)),
+	reflect.TypeOf((*ast.Ident)(nil)),
+	reflect.TypeOf((*ast.ValueSpec)(nil)),
+	reflect.TypeOf((*ast.GenDecl)(nil)),
+	reflect.TypeOf((*ast.BinaryExpr)(nil)),
+	reflect.TypeOf((*ast.ForStmt)(nil)),
+	reflect.TypeOf((*ast.ArrayType)(nil)),
+	reflect.TypeOf((*ast.DeferStmt)(nil)),
+	reflect.TypeOf((*ast.MapType)(nil)),
+	reflect.TypeOf((*ast.ReturnStmt)(nil)),
+	reflect.TypeOf((*ast.SliceExpr)(nil)),
+	reflect.TypeOf((*ast.StarExpr)(nil)),
+	reflect.TypeOf((*ast.UnaryExpr)(nil)),
+	reflect.TypeOf((*ast.SendStmt)(nil)),
+	reflect.TypeOf((*ast.SelectStmt)(nil)),
+	reflect.TypeOf((*ast.ImportSpec)(nil)),
+	reflect.TypeOf((*ast.IfStmt)(nil)),
+	reflect.TypeOf((*ast.GoStmt)(nil)),
+	reflect.TypeOf((*ast.Field)(nil)),
+	reflect.TypeOf((*ast.SelectorExpr)(nil)),
+	reflect.TypeOf((*ast.StructType)(nil)),
+	reflect.TypeOf((*ast.KeyValueExpr)(nil)),
+	reflect.TypeOf((*ast.FuncType)(nil)),
+	reflect.TypeOf((*ast.FuncLit)(nil)),
+	reflect.TypeOf((*ast.FuncDecl)(nil)),
+	reflect.TypeOf((*ast.ChanType)(nil)),
+	reflect.TypeOf((*ast.CallExpr)(nil)),
+	reflect.TypeOf((*ast.CaseClause)(nil)),
+	reflect.TypeOf((*ast.CommClause)(nil)),
+	reflect.TypeOf((*ast.CompositeLit)(nil)),
+	reflect.TypeOf((*ast.EmptyStmt)(nil)),
+	reflect.TypeOf((*ast.SwitchStmt)(nil)),
+	reflect.TypeOf((*ast.TypeSwitchStmt)(nil)),
+	reflect.TypeOf((*ast.TypeAssertExpr)(nil)),
+	reflect.TypeOf((*ast.TypeSpec)(nil)),
+	reflect.TypeOf((*ast.InterfaceType)(nil)),
+	reflect.TypeOf((*ast.BranchStmt)(nil)),
+	reflect.TypeOf((*ast.IncDecStmt)(nil)),
+	reflect.TypeOf((*ast.BasicLit)(nil)),
+}
+
+var nodeToASTTypes = map[reflect.Type][]reflect.Type{
+	reflect.TypeOf(String("")):       nil,
+	reflect.TypeOf(Token(0)):         nil,
+	reflect.TypeOf(List{}):           {reflect.TypeOf((*ast.BlockStmt)(nil)), reflect.TypeOf((*ast.FieldList)(nil))},
+	reflect.TypeOf(Builtin{}):        {reflect.TypeOf((*ast.Ident)(nil))},
+	reflect.TypeOf(Object{}):         {reflect.TypeOf((*ast.Ident)(nil))},
+	reflect.TypeOf(Function{}):       {reflect.TypeOf((*ast.Ident)(nil)), reflect.TypeOf((*ast.SelectorExpr)(nil))},
+	reflect.TypeOf(Any{}):            allTypes,
+	reflect.TypeOf(RangeStmt{}):      {reflect.TypeOf((*ast.RangeStmt)(nil))},
+	reflect.TypeOf(AssignStmt{}):     {reflect.TypeOf((*ast.AssignStmt)(nil))},
+	reflect.TypeOf(IndexExpr{}):      {reflect.TypeOf((*ast.IndexExpr)(nil))},
+	reflect.TypeOf(Ident{}):          {reflect.TypeOf((*ast.Ident)(nil))},
+	reflect.TypeOf(ValueSpec{}):      {reflect.TypeOf((*ast.ValueSpec)(nil))},
+	reflect.TypeOf(GenDecl{}):        {reflect.TypeOf((*ast.GenDecl)(nil))},
+	reflect.TypeOf(BinaryExpr{}):     {reflect.TypeOf((*ast.BinaryExpr)(nil))},
+	reflect.TypeOf(ForStmt{}):        {reflect.TypeOf((*ast.ForStmt)(nil))},
+	reflect.TypeOf(ArrayType{}):      {reflect.TypeOf((*ast.ArrayType)(nil))},
+	reflect.TypeOf(DeferStmt{}):      {reflect.TypeOf((*ast.DeferStmt)(nil))},
+	reflect.TypeOf(MapType{}):        {reflect.TypeOf((*ast.MapType)(nil))},
+	reflect.TypeOf(ReturnStmt{}):     {reflect.TypeOf((*ast.ReturnStmt)(nil))},
+	reflect.TypeOf(SliceExpr{}):      {reflect.TypeOf((*ast.SliceExpr)(nil))},
+	reflect.TypeOf(StarExpr{}):       {reflect.TypeOf((*ast.StarExpr)(nil))},
+	reflect.TypeOf(UnaryExpr{}):      {reflect.TypeOf((*ast.UnaryExpr)(nil))},
+	reflect.TypeOf(SendStmt{}):       {reflect.TypeOf((*ast.SendStmt)(nil))},
+	reflect.TypeOf(SelectStmt{}):     {reflect.TypeOf((*ast.SelectStmt)(nil))},
+	reflect.TypeOf(ImportSpec{}):     {reflect.TypeOf((*ast.ImportSpec)(nil))},
+	reflect.TypeOf(IfStmt{}):         {reflect.TypeOf((*ast.IfStmt)(nil))},
+	reflect.TypeOf(GoStmt{}):         {reflect.TypeOf((*ast.GoStmt)(nil))},
+	reflect.TypeOf(Field{}):          {reflect.TypeOf((*ast.Field)(nil))},
+	reflect.TypeOf(SelectorExpr{}):   {reflect.TypeOf((*ast.SelectorExpr)(nil))},
+	reflect.TypeOf(StructType{}):     {reflect.TypeOf((*ast.StructType)(nil))},
+	reflect.TypeOf(KeyValueExpr{}):   {reflect.TypeOf((*ast.KeyValueExpr)(nil))},
+	reflect.TypeOf(FuncType{}):       {reflect.TypeOf((*ast.FuncType)(nil))},
+	reflect.TypeOf(FuncLit{}):        {reflect.TypeOf((*ast.FuncLit)(nil))},
+	reflect.TypeOf(FuncDecl{}):       {reflect.TypeOf((*ast.FuncDecl)(nil))},
+	reflect.TypeOf(ChanType{}):       {reflect.TypeOf((*ast.ChanType)(nil))},
+	reflect.TypeOf(CallExpr{}):       {reflect.TypeOf((*ast.CallExpr)(nil))},
+	reflect.TypeOf(CaseClause{}):     {reflect.TypeOf((*ast.CaseClause)(nil))},
+	reflect.TypeOf(CommClause{}):     {reflect.TypeOf((*ast.CommClause)(nil))},
+	reflect.TypeOf(CompositeLit{}):   {reflect.TypeOf((*ast.CompositeLit)(nil))},
+	reflect.TypeOf(EmptyStmt{}):      {reflect.TypeOf((*ast.EmptyStmt)(nil))},
+	reflect.TypeOf(SwitchStmt{}):     {reflect.TypeOf((*ast.SwitchStmt)(nil))},
+	reflect.TypeOf(TypeSwitchStmt{}): {reflect.TypeOf((*ast.TypeSwitchStmt)(nil))},
+	reflect.TypeOf(TypeAssertExpr{}): {reflect.TypeOf((*ast.TypeAssertExpr)(nil))},
+	reflect.TypeOf(TypeSpec{}):       {reflect.TypeOf((*ast.TypeSpec)(nil))},
+	reflect.TypeOf(InterfaceType{}):  {reflect.TypeOf((*ast.InterfaceType)(nil))},
+	reflect.TypeOf(BranchStmt{}):     {reflect.TypeOf((*ast.BranchStmt)(nil))},
+	reflect.TypeOf(IncDecStmt{}):     {reflect.TypeOf((*ast.IncDecStmt)(nil))},
+	reflect.TypeOf(BasicLit{}):       {reflect.TypeOf((*ast.BasicLit)(nil))},
+}
+
+var requiresTypeInfo = map[string]bool{
+	"Function": true,
+	"Builtin":  true,
+	"Object":   true,
+}
+
+type Parser struct {
+	// Allow nodes that rely on type information
+	AllowTypeInfo bool
+
+	lex   *lexer
+	cur   item
+	last  *item
+	items chan item
+}
+
+func (p *Parser) Parse(s string) (Pattern, error) {
+	p.cur = item{}
+	p.last = nil
+	p.items = nil
+
+	fset := token.NewFileSet()
+	p.lex = &lexer{
+		f:     fset.AddFile("<input>", -1, len(s)),
+		input: s,
+		items: make(chan item),
+	}
+	go p.lex.run()
+	p.items = p.lex.items
+	root, err := p.node()
+	if err != nil {
+		// drain lexer if parsing failed
+		for range p.lex.items {
+		}
+		return Pattern{}, err
+	}
+	if item := <-p.lex.items; item.typ != itemEOF {
+		return Pattern{}, fmt.Errorf("unexpected token %s after end of pattern", item.typ)
+	}
+	return Pattern{
+		Root:     root,
+		Relevant: roots(root),
+	}, nil
+}
+
+func (p *Parser) next() item {
+	if p.last != nil {
+		n := *p.last
+		p.last = nil
+		return n
+	}
+	var ok bool
+	p.cur, ok = <-p.items
+	if !ok {
+		p.cur = item{typ: eof}
+	}
+	return p.cur
+}
+
+func (p *Parser) rewind() {
+	p.last = &p.cur
+}
+
+func (p *Parser) peek() item {
+	n := p.next()
+	p.rewind()
+	return n
+}
+
+func (p *Parser) accept(typ itemType) (item, bool) {
+	n := p.next()
+	if n.typ == typ {
+		return n, true
+	}
+	p.rewind()
+	return item{}, false
+}
+
+func (p *Parser) unexpectedToken(valid string) error {
+	if p.cur.typ == itemError {
+		return fmt.Errorf("error lexing input: %s", p.cur.val)
+	}
+	var got string
+	switch p.cur.typ {
+	case itemTypeName, itemVariable, itemString:
+		got = p.cur.val
+	default:
+		got = "'" + p.cur.typ.String() + "'"
+	}
+
+	pos := p.lex.f.Position(token.Pos(p.cur.pos))
+	return fmt.Errorf("%s: expected %s, found %s", pos, valid, got)
+}
+
+func (p *Parser) node() (Node, error) {
+	if _, ok := p.accept(itemLeftParen); !ok {
+		return nil, p.unexpectedToken("'('")
+	}
+	typ, ok := p.accept(itemTypeName)
+	if !ok {
+		return nil, p.unexpectedToken("Node type")
+	}
+
+	var objs []Node
+	for {
+		if _, ok := p.accept(itemRightParen); ok {
+			break
+		} else {
+			p.rewind()
+			obj, err := p.object()
+			if err != nil {
+				return nil, err
+			}
+			objs = append(objs, obj)
+		}
+	}
+
+	return p.populateNode(typ.val, objs)
+}
+
+func populateNode(typ string, objs []Node, allowTypeInfo bool) (Node, error) {
+	T, ok := structNodes[typ]
+	if !ok {
+		return nil, fmt.Errorf("unknown node %s", typ)
+	}
+
+	if !allowTypeInfo && requiresTypeInfo[typ] {
+		return nil, fmt.Errorf("Node %s requires type information", typ)
+	}
+
+	pv := reflect.New(T)
+	v := pv.Elem()
+
+	if v.NumField() == 1 {
+		f := v.Field(0)
+		if f.Type().Kind() == reflect.Slice {
+			// Variadic node
+			f.Set(reflect.AppendSlice(f, reflect.ValueOf(objs)))
+			return v.Interface().(Node), nil
+		}
+	}
+	if len(objs) != v.NumField() {
+		return nil, fmt.Errorf("tried to initialize node %s with %d values, expected %d", typ, len(objs), v.NumField())
+	}
+	for i := 0; i < v.NumField(); i++ {
+		f := v.Field(i)
+		if f.Kind() == reflect.String {
+			if obj, ok := objs[i].(String); ok {
+				f.Set(reflect.ValueOf(string(obj)))
+			} else {
+				return nil, fmt.Errorf("first argument of (Binding name node) must be string, but got %s", objs[i])
+			}
+		} else {
+			f.Set(reflect.ValueOf(objs[i]))
+		}
+	}
+	return v.Interface().(Node), nil
+}
+
+func (p *Parser) populateNode(typ string, objs []Node) (Node, error) {
+	return populateNode(typ, objs, p.AllowTypeInfo)
+}
+
+var structNodes = map[string]reflect.Type{
+	"Any":            reflect.TypeOf(Any{}),
+	"Ellipsis":       reflect.TypeOf(Ellipsis{}),
+	"List":           reflect.TypeOf(List{}),
+	"Binding":        reflect.TypeOf(Binding{}),
+	"RangeStmt":      reflect.TypeOf(RangeStmt{}),
+	"AssignStmt":     reflect.TypeOf(AssignStmt{}),
+	"IndexExpr":      reflect.TypeOf(IndexExpr{}),
+	"Ident":          reflect.TypeOf(Ident{}),
+	"Builtin":        reflect.TypeOf(Builtin{}),
+	"ValueSpec":      reflect.TypeOf(ValueSpec{}),
+	"GenDecl":        reflect.TypeOf(GenDecl{}),
+	"BinaryExpr":     reflect.TypeOf(BinaryExpr{}),
+	"ForStmt":        reflect.TypeOf(ForStmt{}),
+	"ArrayType":      reflect.TypeOf(ArrayType{}),
+	"DeferStmt":      reflect.TypeOf(DeferStmt{}),
+	"MapType":        reflect.TypeOf(MapType{}),
+	"ReturnStmt":     reflect.TypeOf(ReturnStmt{}),
+	"SliceExpr":      reflect.TypeOf(SliceExpr{}),
+	"StarExpr":       reflect.TypeOf(StarExpr{}),
+	"UnaryExpr":      reflect.TypeOf(UnaryExpr{}),
+	"SendStmt":       reflect.TypeOf(SendStmt{}),
+	"SelectStmt":     reflect.TypeOf(SelectStmt{}),
+	"ImportSpec":     reflect.TypeOf(ImportSpec{}),
+	"IfStmt":         reflect.TypeOf(IfStmt{}),
+	"GoStmt":         reflect.TypeOf(GoStmt{}),
+	"Field":          reflect.TypeOf(Field{}),
+	"SelectorExpr":   reflect.TypeOf(SelectorExpr{}),
+	"StructType":     reflect.TypeOf(StructType{}),
+	"KeyValueExpr":   reflect.TypeOf(KeyValueExpr{}),
+	"FuncType":       reflect.TypeOf(FuncType{}),
+	"FuncLit":        reflect.TypeOf(FuncLit{}),
+	"FuncDecl":       reflect.TypeOf(FuncDecl{}),
+	"ChanType":       reflect.TypeOf(ChanType{}),
+	"CallExpr":       reflect.TypeOf(CallExpr{}),
+	"CaseClause":     reflect.TypeOf(CaseClause{}),
+	"CommClause":     reflect.TypeOf(CommClause{}),
+	"CompositeLit":   reflect.TypeOf(CompositeLit{}),
+	"EmptyStmt":      reflect.TypeOf(EmptyStmt{}),
+	"SwitchStmt":     reflect.TypeOf(SwitchStmt{}),
+	"TypeSwitchStmt": reflect.TypeOf(TypeSwitchStmt{}),
+	"TypeAssertExpr": reflect.TypeOf(TypeAssertExpr{}),
+	"TypeSpec":       reflect.TypeOf(TypeSpec{}),
+	"InterfaceType":  reflect.TypeOf(InterfaceType{}),
+	"BranchStmt":     reflect.TypeOf(BranchStmt{}),
+	"IncDecStmt":     reflect.TypeOf(IncDecStmt{}),
+	"BasicLit":       reflect.TypeOf(BasicLit{}),
+	"Object":         reflect.TypeOf(Object{}),
+	"Function":       reflect.TypeOf(Function{}),
+	"Or":             reflect.TypeOf(Or{}),
+	"Not":            reflect.TypeOf(Not{}),
+}
+
+func (p *Parser) object() (Node, error) {
+	n := p.next()
+	switch n.typ {
+	case itemLeftParen:
+		p.rewind()
+		node, err := p.node()
+		if err != nil {
+			return node, err
+		}
+		if p.peek().typ == itemColon {
+			p.next()
+			tail, err := p.object()
+			if err != nil {
+				return node, err
+			}
+			return List{Head: node, Tail: tail}, nil
+		}
+		return node, nil
+	case itemLeftBracket:
+		p.rewind()
+		return p.array()
+	case itemVariable:
+		v := n
+		if v.val == "nil" {
+			return Nil{}, nil
+		}
+		var b Binding
+		if _, ok := p.accept(itemAt); ok {
+			o, err := p.node()
+			if err != nil {
+				return nil, err
+			}
+			b = Binding{
+				Name: v.val,
+				Node: o,
+			}
+		} else {
+			p.rewind()
+			b = Binding{Name: v.val}
+		}
+		if p.peek().typ == itemColon {
+			p.next()
+			tail, err := p.object()
+			if err != nil {
+				return b, err
+			}
+			return List{Head: b, Tail: tail}, nil
+		}
+		return b, nil
+	case itemBlank:
+		return Any{}, nil
+	case itemString:
+		return String(n.val), nil
+	default:
+		return nil, p.unexpectedToken("object")
+	}
+}
+
+func (p *Parser) array() (Node, error) {
+	if _, ok := p.accept(itemLeftBracket); !ok {
+		return nil, p.unexpectedToken("'['")
+	}
+
+	var objs []Node
+	for {
+		if _, ok := p.accept(itemRightBracket); ok {
+			break
+		} else {
+			p.rewind()
+			obj, err := p.object()
+			if err != nil {
+				return nil, err
+			}
+			objs = append(objs, obj)
+		}
+	}
+
+	tail := List{}
+	for i := len(objs) - 1; i >= 0; i-- {
+		l := List{
+			Head: objs[i],
+			Tail: tail,
+		}
+		tail = l
+	}
+	return tail, nil
+}
+
+/*
+Node ::= itemLeftParen itemTypeName Object* itemRightParen
+Object ::= Node | Array | Binding | itemVariable | itemBlank | itemString
+Array := itemLeftBracket Object* itemRightBracket
+Array := Object itemColon Object
+Binding ::= itemVariable itemAt Node
+*/
diff --git a/vendor/honnef.co/go/tools/pattern/pattern.go b/vendor/honnef.co/go/tools/pattern/pattern.go
new file mode 100644
index 00000000..d7460560
--- /dev/null
+++ b/vendor/honnef.co/go/tools/pattern/pattern.go
@@ -0,0 +1,497 @@
+package pattern
+
+import (
+	"fmt"
+	"go/token"
+	"reflect"
+	"strings"
+)
+
+var (
+	_ Node = Ellipsis{}
+	_ Node = Binding{}
+	_ Node = RangeStmt{}
+	_ Node = AssignStmt{}
+	_ Node = IndexExpr{}
+	_ Node = Ident{}
+	_ Node = Builtin{}
+	_ Node = String("")
+	_ Node = Any{}
+	_ Node = ValueSpec{}
+	_ Node = List{}
+	_ Node = GenDecl{}
+	_ Node = BinaryExpr{}
+	_ Node = ForStmt{}
+	_ Node = ArrayType{}
+	_ Node = DeferStmt{}
+	_ Node = MapType{}
+	_ Node = ReturnStmt{}
+	_ Node = SliceExpr{}
+	_ Node = StarExpr{}
+	_ Node = UnaryExpr{}
+	_ Node = SendStmt{}
+	_ Node = SelectStmt{}
+	_ Node = ImportSpec{}
+	_ Node = IfStmt{}
+	_ Node = GoStmt{}
+	_ Node = Field{}
+	_ Node = SelectorExpr{}
+	_ Node = StructType{}
+	_ Node = KeyValueExpr{}
+	_ Node = FuncType{}
+	_ Node = FuncLit{}
+	_ Node = FuncDecl{}
+	_ Node = Token(0)
+	_ Node = ChanType{}
+	_ Node = CallExpr{}
+	_ Node = CaseClause{}
+	_ Node = CommClause{}
+	_ Node = CompositeLit{}
+	_ Node = EmptyStmt{}
+	_ Node = SwitchStmt{}
+	_ Node = TypeSwitchStmt{}
+	_ Node = TypeAssertExpr{}
+	_ Node = TypeSpec{}
+	_ Node = InterfaceType{}
+	_ Node = BranchStmt{}
+	_ Node = IncDecStmt{}
+	_ Node = BasicLit{}
+	_ Node = Nil{}
+	_ Node = Object{}
+	_ Node = Function{}
+	_ Node = Not{}
+	_ Node = Or{}
+)
+
+type Function struct {
+	Name Node
+}
+
+type Token token.Token
+
+type Nil struct {
+}
+
+type Ellipsis struct {
+	Elt Node
+}
+
+type IncDecStmt struct {
+	X   Node
+	Tok Node
+}
+
+type BranchStmt struct {
+	Tok   Node
+	Label Node
+}
+
+type InterfaceType struct {
+	Methods Node
+}
+
+type TypeSpec struct {
+	Name Node
+	Type Node
+}
+
+type TypeAssertExpr struct {
+	X    Node
+	Type Node
+}
+
+type TypeSwitchStmt struct {
+	Init   Node
+	Assign Node
+	Body   Node
+}
+
+type SwitchStmt struct {
+	Init Node
+	Tag  Node
+	Body Node
+}
+
+type EmptyStmt struct {
+}
+
+type CompositeLit struct {
+	Type Node
+	Elts Node
+}
+
+type CommClause struct {
+	Comm Node
+	Body Node
+}
+
+type CaseClause struct {
+	List Node
+	Body Node
+}
+
+type CallExpr struct {
+	Fun  Node
+	Args Node
+	// XXX handle ellipsis
+}
+
+// TODO(dh): add a ChanDir node, and a way of instantiating it.
+
+type ChanType struct {
+	Dir   Node
+	Value Node
+}
+
+type FuncDecl struct {
+	Recv Node
+	Name Node
+	Type Node
+	Body Node
+}
+
+type FuncLit struct {
+	Type Node
+	Body Node
+}
+
+type FuncType struct {
+	Params  Node
+	Results Node
+}
+
+type KeyValueExpr struct {
+	Key   Node
+	Value Node
+}
+
+type StructType struct {
+	Fields Node
+}
+
+type SelectorExpr struct {
+	X   Node
+	Sel Node
+}
+
+type Field struct {
+	Names Node
+	Type  Node
+	Tag   Node
+}
+
+type GoStmt struct {
+	Call Node
+}
+
+type IfStmt struct {
+	Init Node
+	Cond Node
+	Body Node
+	Else Node
+}
+
+type ImportSpec struct {
+	Name Node
+	Path Node
+}
+
+type SelectStmt struct {
+	Body Node
+}
+
+type ArrayType struct {
+	Len Node
+	Elt Node
+}
+
+type DeferStmt struct {
+	Call Node
+}
+
+type MapType struct {
+	Key   Node
+	Value Node
+}
+
+type ReturnStmt struct {
+	Results Node
+}
+
+type SliceExpr struct {
+	X    Node
+	Low  Node
+	High Node
+	Max  Node
+}
+
+type StarExpr struct {
+	X Node
+}
+
+type UnaryExpr struct {
+	Op Node
+	X  Node
+}
+
+type SendStmt struct {
+	Chan  Node
+	Value Node
+}
+
+type Binding struct {
+	Name string
+	Node Node
+}
+
+type RangeStmt struct {
+	Key   Node
+	Value Node
+	Tok   Node
+	X     Node
+	Body  Node
+}
+
+type AssignStmt struct {
+	Lhs Node
+	Tok Node
+	Rhs Node
+}
+
+type IndexExpr struct {
+	X     Node
+	Index Node
+}
+
+type Node interface {
+	String() string
+	isNode()
+}
+
+type Ident struct {
+	Name Node
+}
+
+type Object struct {
+	Name Node
+}
+
+type Builtin struct {
+	Name Node
+}
+
+type String string
+
+type Any struct{}
+
+type ValueSpec struct {
+	Names  Node
+	Type   Node
+	Values Node
+}
+
+type List struct {
+	Head Node
+	Tail Node
+}
+
+type GenDecl struct {
+	Tok   Node
+	Specs Node
+}
+
+type BasicLit struct {
+	Kind  Node
+	Value Node
+}
+
+type BinaryExpr struct {
+	X  Node
+	Op Node
+	Y  Node
+}
+
+type ForStmt struct {
+	Init Node
+	Cond Node
+	Post Node
+	Body Node
+}
+
+type Or struct {
+	Nodes []Node
+}
+
+type Not struct {
+	Node Node
+}
+
+func stringify(n Node) string {
+	v := reflect.ValueOf(n)
+	var parts []string
+	parts = append(parts, v.Type().Name())
+	for i := 0; i < v.NumField(); i++ {
+		//lint:ignore S1025 false positive in staticcheck 2019.2.3
+		parts = append(parts, fmt.Sprintf("%s", v.Field(i)))
+	}
+	return "(" + strings.Join(parts, " ") + ")"
+}
+
+func (stmt AssignStmt) String() string     { return stringify(stmt) }
+func (expr IndexExpr) String() string      { return stringify(expr) }
+func (id Ident) String() string            { return stringify(id) }
+func (spec ValueSpec) String() string      { return stringify(spec) }
+func (decl GenDecl) String() string        { return stringify(decl) }
+func (lit BasicLit) String() string        { return stringify(lit) }
+func (expr BinaryExpr) String() string     { return stringify(expr) }
+func (stmt ForStmt) String() string        { return stringify(stmt) }
+func (stmt RangeStmt) String() string      { return stringify(stmt) }
+func (typ ArrayType) String() string       { return stringify(typ) }
+func (stmt DeferStmt) String() string      { return stringify(stmt) }
+func (typ MapType) String() string         { return stringify(typ) }
+func (stmt ReturnStmt) String() string     { return stringify(stmt) }
+func (expr SliceExpr) String() string      { return stringify(expr) }
+func (expr StarExpr) String() string       { return stringify(expr) }
+func (expr UnaryExpr) String() string      { return stringify(expr) }
+func (stmt SendStmt) String() string       { return stringify(stmt) }
+func (spec ImportSpec) String() string     { return stringify(spec) }
+func (stmt SelectStmt) String() string     { return stringify(stmt) }
+func (stmt IfStmt) String() string         { return stringify(stmt) }
+func (stmt IncDecStmt) String() string     { return stringify(stmt) }
+func (stmt GoStmt) String() string         { return stringify(stmt) }
+func (field Field) String() string         { return stringify(field) }
+func (expr SelectorExpr) String() string   { return stringify(expr) }
+func (typ StructType) String() string      { return stringify(typ) }
+func (expr KeyValueExpr) String() string   { return stringify(expr) }
+func (typ FuncType) String() string        { return stringify(typ) }
+func (lit FuncLit) String() string         { return stringify(lit) }
+func (decl FuncDecl) String() string       { return stringify(decl) }
+func (stmt BranchStmt) String() string     { return stringify(stmt) }
+func (expr CallExpr) String() string       { return stringify(expr) }
+func (clause CaseClause) String() string   { return stringify(clause) }
+func (typ ChanType) String() string        { return stringify(typ) }
+func (clause CommClause) String() string   { return stringify(clause) }
+func (lit CompositeLit) String() string    { return stringify(lit) }
+func (stmt EmptyStmt) String() string      { return stringify(stmt) }
+func (typ InterfaceType) String() string   { return stringify(typ) }
+func (stmt SwitchStmt) String() string     { return stringify(stmt) }
+func (expr TypeAssertExpr) String() string { return stringify(expr) }
+func (spec TypeSpec) String() string       { return stringify(spec) }
+func (stmt TypeSwitchStmt) String() string { return stringify(stmt) }
+func (nil Nil) String() string             { return "nil" }
+func (builtin Builtin) String() string     { return stringify(builtin) }
+func (obj Object) String() string          { return stringify(obj) }
+func (fn Function) String() string         { return stringify(fn) }
+func (el Ellipsis) String() string         { return stringify(el) }
+func (not Not) String() string             { return stringify(not) }
+
+func (or Or) String() string {
+	s := "(Or"
+	for _, node := range or.Nodes {
+		s += " "
+		s += node.String()
+	}
+	s += ")"
+	return s
+}
+
+func isProperList(l List) bool {
+	if l.Head == nil && l.Tail == nil {
+		return true
+	}
+	switch tail := l.Tail.(type) {
+	case nil:
+		return false
+	case List:
+		return isProperList(tail)
+	default:
+		return false
+	}
+}
+
+func (l List) String() string {
+	if l.Head == nil && l.Tail == nil {
+		return "[]"
+	}
+
+	if isProperList(l) {
+		// pretty-print the list
+		var objs []string
+		for l.Head != nil {
+			objs = append(objs, l.Head.String())
+			l = l.Tail.(List)
+		}
+		return fmt.Sprintf("[%s]", strings.Join(objs, " "))
+	}
+
+	return fmt.Sprintf("%s:%s", l.Head, l.Tail)
+}
+
+func (bind Binding) String() string {
+	if bind.Node == nil {
+		return bind.Name
+	}
+	return fmt.Sprintf("%s@%s", bind.Name, bind.Node)
+}
+
+func (s String) String() string { return fmt.Sprintf("%q", string(s)) }
+
+func (tok Token) String() string {
+	return fmt.Sprintf("%q", strings.ToUpper(token.Token(tok).String()))
+}
+
+func (Any) String() string { return "_" }
+
+func (AssignStmt) isNode()     {}
+func (IndexExpr) isNode()      {}
+func (Ident) isNode()          {}
+func (ValueSpec) isNode()      {}
+func (GenDecl) isNode()        {}
+func (BasicLit) isNode()       {}
+func (BinaryExpr) isNode()     {}
+func (ForStmt) isNode()        {}
+func (RangeStmt) isNode()      {}
+func (ArrayType) isNode()      {}
+func (DeferStmt) isNode()      {}
+func (MapType) isNode()        {}
+func (ReturnStmt) isNode()     {}
+func (SliceExpr) isNode()      {}
+func (StarExpr) isNode()       {}
+func (UnaryExpr) isNode()      {}
+func (SendStmt) isNode()       {}
+func (ImportSpec) isNode()     {}
+func (SelectStmt) isNode()     {}
+func (IfStmt) isNode()         {}
+func (IncDecStmt) isNode()     {}
+func (GoStmt) isNode()         {}
+func (Field) isNode()          {}
+func (SelectorExpr) isNode()   {}
+func (StructType) isNode()     {}
+func (KeyValueExpr) isNode()   {}
+func (FuncType) isNode()       {}
+func (FuncLit) isNode()        {}
+func (FuncDecl) isNode()       {}
+func (BranchStmt) isNode()     {}
+func (CallExpr) isNode()       {}
+func (CaseClause) isNode()     {}
+func (ChanType) isNode()       {}
+func (CommClause) isNode()     {}
+func (CompositeLit) isNode()   {}
+func (EmptyStmt) isNode()      {}
+func (InterfaceType) isNode()  {}
+func (SwitchStmt) isNode()     {}
+func (TypeAssertExpr) isNode() {}
+func (TypeSpec) isNode()       {}
+func (TypeSwitchStmt) isNode() {}
+func (Nil) isNode()            {}
+func (Builtin) isNode()        {}
+func (Object) isNode()         {}
+func (Function) isNode()       {}
+func (Ellipsis) isNode()       {}
+func (Or) isNode()             {}
+func (List) isNode()           {}
+func (String) isNode()         {}
+func (Token) isNode()          {}
+func (Any) isNode()            {}
+func (Binding) isNode()        {}
+func (Not) isNode()            {}
diff --git a/vendor/honnef.co/go/tools/report/report.go b/vendor/honnef.co/go/tools/report/report.go
new file mode 100644
index 00000000..9b8b6ee7
--- /dev/null
+++ b/vendor/honnef.co/go/tools/report/report.go
@@ -0,0 +1,184 @@
+package report
+
+import (
+	"bytes"
+	"go/ast"
+	"go/printer"
+	"go/token"
+	"strings"
+
+	"golang.org/x/tools/go/analysis"
+	"golang.org/x/tools/go/ast/astutil"
+	"honnef.co/go/tools/facts"
+	"honnef.co/go/tools/lint"
+)
+
+type Options struct {
+	ShortRange      bool
+	FilterGenerated bool
+	Fixes           []analysis.SuggestedFix
+	Related         []analysis.RelatedInformation
+}
+
+type Option func(*Options)
+
+func ShortRange() Option {
+	return func(opts *Options) {
+		opts.ShortRange = true
+	}
+}
+
+func FilterGenerated() Option {
+	return func(opts *Options) {
+		opts.FilterGenerated = true
+	}
+}
+
+func Fixes(fixes ...analysis.SuggestedFix) Option {
+	return func(opts *Options) {
+		opts.Fixes = append(opts.Fixes, fixes...)
+	}
+}
+
+func Related(node Positioner, message string) Option {
+	return func(opts *Options) {
+		pos, end := getRange(node, opts.ShortRange)
+		r := analysis.RelatedInformation{
+			Pos:     pos,
+			End:     end,
+			Message: message,
+		}
+		opts.Related = append(opts.Related, r)
+	}
+}
+
+type Positioner interface {
+	Pos() token.Pos
+}
+
+type fullPositioner interface {
+	Pos() token.Pos
+	End() token.Pos
+}
+
+type sourcer interface {
+	Source() ast.Node
+}
+
+// shortRange returns the position and end of the main component of an
+// AST node. For nodes that have no body, the short range is identical
+// to the node's Pos and End. For nodes that do have a body, the short
+// range excludes the body.
+func shortRange(node ast.Node) (pos, end token.Pos) {
+	switch node := node.(type) {
+	case *ast.File:
+		return node.Pos(), node.Name.End()
+	case *ast.CaseClause:
+		return node.Pos(), node.Colon + 1
+	case *ast.CommClause:
+		return node.Pos(), node.Colon + 1
+	case *ast.DeferStmt:
+		return node.Pos(), node.Defer + token.Pos(len("defer"))
+	case *ast.ExprStmt:
+		return shortRange(node.X)
+	case *ast.ForStmt:
+		if node.Post != nil {
+			return node.For, node.Post.End()
+		} else if node.Cond != nil {
+			return node.For, node.Cond.End()
+		} else if node.Init != nil {
+			// +1 to catch the semicolon, for gofmt'ed code
+			return node.Pos(), node.Init.End() + 1
+		} else {
+			return node.Pos(), node.For + token.Pos(len("for"))
+		}
+	case *ast.FuncDecl:
+		return node.Pos(), node.Type.End()
+	case *ast.FuncLit:
+		return node.Pos(), node.Type.End()
+	case *ast.GoStmt:
+		if _, ok := astutil.Unparen(node.Call.Fun).(*ast.FuncLit); ok {
+			return node.Pos(), node.Go + token.Pos(len("go"))
+		} else {
+			return node.Pos(), node.End()
+		}
+	case *ast.IfStmt:
+		return node.Pos(), node.Cond.End()
+	case *ast.RangeStmt:
+		return node.Pos(), node.X.End()
+	case *ast.SelectStmt:
+		return node.Pos(), node.Pos() + token.Pos(len("select"))
+	case *ast.SwitchStmt:
+		if node.Tag != nil {
+			return node.Pos(), node.Tag.End()
+		} else if node.Init != nil {
+			// +1 to catch the semicolon, for gofmt'ed code
+			return node.Pos(), node.Init.End() + 1
+		} else {
+			return node.Pos(), node.Pos() + token.Pos(len("switch"))
+		}
+	case *ast.TypeSwitchStmt:
+		return node.Pos(), node.Assign.End()
+	default:
+		return node.Pos(), node.End()
+	}
+}
+
+func getRange(node Positioner, short bool) (pos, end token.Pos) {
+	switch node := node.(type) {
+	case sourcer:
+		s := node.Source()
+		if short {
+			return shortRange(s)
+		}
+		return s.Pos(), s.End()
+	case fullPositioner:
+		if short {
+			return shortRange(node)
+		}
+		return node.Pos(), node.End()
+	default:
+		return node.Pos(), token.NoPos
+	}
+}
+
+func Report(pass *analysis.Pass, node Positioner, message string, opts ...Option) {
+	cfg := &Options{}
+	for _, opt := range opts {
+		opt(cfg)
+	}
+
+	file := lint.DisplayPosition(pass.Fset, node.Pos()).Filename
+	if cfg.FilterGenerated {
+		m := pass.ResultOf[facts.Generated].(map[string]facts.Generator)
+		if _, ok := m[file]; ok {
+			return
+		}
+	}
+
+	pos, end := getRange(node, cfg.ShortRange)
+	d := analysis.Diagnostic{
+		Pos:            pos,
+		End:            end,
+		Message:        message,
+		SuggestedFixes: cfg.Fixes,
+		Related:        cfg.Related,
+	}
+	pass.Report(d)
+}
+
+func Render(pass *analysis.Pass, x interface{}) string {
+	var buf bytes.Buffer
+	if err := printer.Fprint(&buf, pass.Fset, x); err != nil {
+		panic(err)
+	}
+	return buf.String()
+}
+
+func RenderArgs(pass *analysis.Pass, args []ast.Expr) string {
+	var ss []string
+	for _, arg := range args {
+		ss = append(ss, Render(pass, arg))
+	}
+	return strings.Join(ss, ", ")
+}
diff --git a/vendor/honnef.co/go/tools/simple/CONTRIBUTING.md b/vendor/honnef.co/go/tools/simple/CONTRIBUTING.md
deleted file mode 100644
index c54c6c50..00000000
--- a/vendor/honnef.co/go/tools/simple/CONTRIBUTING.md
+++ /dev/null
@@ -1,15 +0,0 @@
-# Contributing to gosimple
-
-## Before filing an issue:
-
-### Are you having trouble building gosimple?
-
-Check you have the latest version of its dependencies. Run
-```
-go get -u honnef.co/go/tools/simple
-```
-If you still have problems, consider searching for existing issues before filing a new issue.
-
-## Before sending a pull request:
-
-Have you understood the purpose of gosimple? Make sure to carefully read `README`.
diff --git a/vendor/honnef.co/go/tools/simple/analysis.go b/vendor/honnef.co/go/tools/simple/analysis.go
index abb1648f..9f554c31 100644
--- a/vendor/honnef.co/go/tools/simple/analysis.go
+++ b/vendor/honnef.co/go/tools/simple/analysis.go
@@ -1,223 +1,148 @@
 package simple
 
 import (
-	"flag"
-
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/analysis/passes/inspect"
 	"honnef.co/go/tools/facts"
-	"honnef.co/go/tools/internal/passes/buildssa"
+	"honnef.co/go/tools/internal/passes/buildir"
 	"honnef.co/go/tools/lint/lintutil"
 )
 
-func newFlagSet() flag.FlagSet {
-	fs := flag.NewFlagSet("", flag.PanicOnError)
-	fs.Var(lintutil.NewVersionFlag(), "go", "Target Go version")
-	return *fs
-}
-
-var Analyzers = map[string]*analysis.Analyzer{
+var Analyzers = lintutil.InitializeAnalyzers(Docs, map[string]*analysis.Analyzer{
 	"S1000": {
-		Name:     "S1000",
-		Run:      LintSingleCaseSelect,
-		Doc:      Docs["S1000"].String(),
+		Run:      CheckSingleCaseSelect,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1001": {
-		Name:     "S1001",
-		Run:      LintLoopCopy,
-		Doc:      Docs["S1001"].String(),
+		Run:      CheckLoopCopy,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1002": {
-		Name:     "S1002",
-		Run:      LintIfBoolCmp,
-		Doc:      Docs["S1002"].String(),
+		Run:      CheckIfBoolCmp,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1003": {
-		Name:     "S1003",
-		Run:      LintStringsContains,
-		Doc:      Docs["S1003"].String(),
+		Run:      CheckStringsContains,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1004": {
-		Name:     "S1004",
-		Run:      LintBytesCompare,
-		Doc:      Docs["S1004"].String(),
+		Run:      CheckBytesCompare,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1005": {
-		Name:     "S1005",
-		Run:      LintUnnecessaryBlank,
-		Doc:      Docs["S1005"].String(),
+		Run:      CheckUnnecessaryBlank,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1006": {
-		Name:     "S1006",
-		Run:      LintForTrue,
-		Doc:      Docs["S1006"].String(),
+		Run:      CheckForTrue,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1007": {
-		Name:     "S1007",
-		Run:      LintRegexpRaw,
-		Doc:      Docs["S1007"].String(),
+		Run:      CheckRegexpRaw,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1008": {
-		Name:     "S1008",
-		Run:      LintIfReturn,
-		Doc:      Docs["S1008"].String(),
+		Run:      CheckIfReturn,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1009": {
-		Name:     "S1009",
-		Run:      LintRedundantNilCheckWithLen,
-		Doc:      Docs["S1009"].String(),
+		Run:      CheckRedundantNilCheckWithLen,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1010": {
-		Name:     "S1010",
-		Run:      LintSlicing,
-		Doc:      Docs["S1010"].String(),
+		Run:      CheckSlicing,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1011": {
-		Name:     "S1011",
-		Run:      LintLoopAppend,
-		Doc:      Docs["S1011"].String(),
+		Run:      CheckLoopAppend,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1012": {
-		Name:     "S1012",
-		Run:      LintTimeSince,
-		Doc:      Docs["S1012"].String(),
+		Run:      CheckTimeSince,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1016": {
-		Name:     "S1016",
-		Run:      LintSimplerStructConversion,
-		Doc:      Docs["S1016"].String(),
+		Run:      CheckSimplerStructConversion,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1017": {
-		Name:     "S1017",
-		Run:      LintTrim,
-		Doc:      Docs["S1017"].String(),
+		Run:      CheckTrim,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1018": {
-		Name:     "S1018",
-		Run:      LintLoopSlide,
-		Doc:      Docs["S1018"].String(),
+		Run:      CheckLoopSlide,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1019": {
-		Name:     "S1019",
-		Run:      LintMakeLenCap,
-		Doc:      Docs["S1019"].String(),
+		Run:      CheckMakeLenCap,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1020": {
-		Name:     "S1020",
-		Run:      LintAssertNotNil,
-		Doc:      Docs["S1020"].String(),
+		Run:      CheckAssertNotNil,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1021": {
-		Name:     "S1021",
-		Run:      LintDeclareAssign,
-		Doc:      Docs["S1021"].String(),
+		Run:      CheckDeclareAssign,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1023": {
-		Name:     "S1023",
-		Run:      LintRedundantBreak,
-		Doc:      Docs["S1023"].String(),
+		Run:      CheckRedundantBreak,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1024": {
-		Name:     "S1024",
-		Run:      LintTimeUntil,
-		Doc:      Docs["S1024"].String(),
+		Run:      CheckTimeUntil,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1025": {
-		Name:     "S1025",
-		Run:      LintRedundantSprintf,
-		Doc:      Docs["S1025"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
+		Run:      CheckRedundantSprintf,
+		Requires: []*analysis.Analyzer{buildir.Analyzer, inspect.Analyzer, facts.Generated},
 	},
 	"S1028": {
-		Name:     "S1028",
-		Run:      LintErrorsNewSprintf,
-		Doc:      Docs["S1028"].String(),
+		Run:      CheckErrorsNewSprintf,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1029": {
-		Name:     "S1029",
-		Run:      LintRangeStringRunes,
-		Doc:      Docs["S1029"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
+		Run:      CheckRangeStringRunes,
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
 	"S1030": {
-		Name:     "S1030",
-		Run:      LintBytesBufferConversions,
-		Doc:      Docs["S1030"].String(),
+		Run:      CheckBytesBufferConversions,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1031": {
-		Name:     "S1031",
-		Run:      LintNilCheckAroundRange,
-		Doc:      Docs["S1031"].String(),
+		Run:      CheckNilCheckAroundRange,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1032": {
-		Name:     "S1032",
-		Run:      LintSortHelpers,
-		Doc:      Docs["S1032"].String(),
+		Run:      CheckSortHelpers,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1033": {
-		Name:     "S1033",
-		Run:      LintGuardedDelete,
-		Doc:      Docs["S1033"].String(),
+		Run:      CheckGuardedDelete,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"S1034": {
-		Name:     "S1034",
-		Run:      LintSimplifyTypeSwitch,
-		Doc:      Docs["S1034"].String(),
+		Run:      CheckSimplifyTypeSwitch,
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
 	},
-}
+	"S1035": {
+		Run:      CheckRedundantCanonicalHeaderKey,
+		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
+	},
+	"S1036": {
+		Run:      CheckUnnecessaryGuard,
+		Requires: []*analysis.Analyzer{inspect.Analyzer},
+	},
+	"S1037": {
+		Run:      CheckElaborateSleep,
+		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
+	},
+	"S1038": {
+		Run:      CheckPrintSprintf,
+		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
+	},
+	"S1039": {
+		Run:      CheckSprintLiteral,
+		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated},
+	},
+})
diff --git a/vendor/honnef.co/go/tools/simple/doc.go b/vendor/honnef.co/go/tools/simple/doc.go
index eb0072de..27297bf6 100644
--- a/vendor/honnef.co/go/tools/simple/doc.go
+++ b/vendor/honnef.co/go/tools/simple/doc.go
@@ -3,7 +3,7 @@ package simple
 import "honnef.co/go/tools/lint"
 
 var Docs = map[string]*lint.Documentation{
-	"S1000": &lint.Documentation{
+	"S1000": {
 		Title: `Use plain channel send or receive instead of single-case select`,
 		Text: `Select statements with a single case can be replaced with a simple
 send or receive.
@@ -22,7 +22,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1001": &lint.Documentation{
+	"S1001": {
 		Title: `Replace for loop with call to copy`,
 		Text: `Use copy() for copying elements from one slice to another.
 
@@ -38,7 +38,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1002": &lint.Documentation{
+	"S1002": {
 		Title: `Omit comparison with boolean constant`,
 		Text: `Before:
 
@@ -50,7 +50,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1003": &lint.Documentation{
+	"S1003": {
 		Title: `Replace call to strings.Index with strings.Contains`,
 		Text: `Before:
 
@@ -62,7 +62,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1004": &lint.Documentation{
+	"S1004": {
 		Title: `Replace call to bytes.Compare with bytes.Equal`,
 		Text: `Before:
 
@@ -74,7 +74,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1005": &lint.Documentation{
+	"S1005": {
 		Title: `Drop unnecessary use of the blank identifier`,
 		Text: `In many cases, assigning to the blank identifier is unnecessary.
 
@@ -92,13 +92,13 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1006": &lint.Documentation{
+	"S1006": {
 		Title: `Use for { ... } for infinite loops`,
 		Text:  `For infinite loops, using for { ... } is the most idiomatic choice.`,
 		Since: "2017.1",
 	},
 
-	"S1007": &lint.Documentation{
+	"S1007": {
 		Title: `Simplify regular expression by using raw string literal`,
 		Text: `Raw string literals use ` + "`" + ` instead of " and do not support
 any escape sequences. This means that the backslash (\) can be used
@@ -117,7 +117,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1008": &lint.Documentation{
+	"S1008": {
 		Title: `Simplify returning boolean expression`,
 		Text: `Before:
 
@@ -132,7 +132,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1009": &lint.Documentation{
+	"S1009": {
 		Title: `Omit redundant nil check on slices`,
 		Text: `The len function is defined for all slices, even nil ones, which have
 a length of zero. It is not necessary to check if a slice is not nil
@@ -148,14 +148,14 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1010": &lint.Documentation{
+	"S1010": {
 		Title: `Omit default slice index`,
 		Text: `When slicing, the second index defaults to the length of the value,
 making s[n:len(s)] and s[n:] equivalent.`,
 		Since: "2017.1",
 	},
 
-	"S1011": &lint.Documentation{
+	"S1011": {
 		Title: `Use a single append to concatenate two slices`,
 		Text: `Before:
 
@@ -169,7 +169,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1012": &lint.Documentation{
+	"S1012": {
 		Title: `Replace time.Now().Sub(x) with time.Since(x)`,
 		Text: `The time.Since helper has the same effect as using time.Now().Sub(x)
 but is easier to read.
@@ -184,7 +184,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1016": &lint.Documentation{
+	"S1016": {
 		Title: `Use a type conversion instead of manually copying struct fields`,
 		Text: `Two struct types with identical fields can be converted between each
 other. In older versions of Go, the fields had to have identical
@@ -207,7 +207,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1017": &lint.Documentation{
+	"S1017": {
 		Title: `Replace manual trimming with strings.TrimPrefix`,
 		Text: `Instead of using strings.HasPrefix and manual slicing, use the
 strings.TrimPrefix function. If the string doesn't start with the
@@ -227,7 +227,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1018": &lint.Documentation{
+	"S1018": {
 		Title: `Use copy for sliding elements`,
 		Text: `copy() permits using the same source and destination slice, even with
 overlapping ranges. This makes it ideal for sliding elements in a
@@ -245,7 +245,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1019": &lint.Documentation{
+	"S1019": {
 		Title: `Simplify make call by omitting redundant arguments`,
 		Text: `The make function has default values for the length and capacity
 arguments. For channels and maps, the length defaults to zero.
@@ -253,7 +253,7 @@ Additionally, for slices the capacity defaults to the length.`,
 		Since: "2017.1",
 	},
 
-	"S1020": &lint.Documentation{
+	"S1020": {
 		Title: `Omit redundant nil check in type assertion`,
 		Text: `Before:
 
@@ -265,7 +265,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1021": &lint.Documentation{
+	"S1021": {
 		Title: `Merge variable declaration and assignment`,
 		Text: `Before:
 
@@ -278,7 +278,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1023": &lint.Documentation{
+	"S1023": {
 		Title: `Omit redundant control flow`,
 		Text: `Functions that have no return value do not need a return statement as
 the final statement of the function.
@@ -289,7 +289,7 @@ statement in a case block.`,
 		Since: "2017.1",
 	},
 
-	"S1024": &lint.Documentation{
+	"S1024": {
 		Title: `Replace x.Sub(time.Now()) with time.Until(x)`,
 		Text: `The time.Until helper has the same effect as using x.Sub(time.Now())
 but is easier to read.
@@ -304,7 +304,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1025": &lint.Documentation{
+	"S1025": {
 		Title: `Don't use fmt.Sprintf("%s", x) unnecessarily`,
 		Text: `In many instances, there are easier and more efficient ways of getting
 a value's string representation. Whenever a value's underlying type is
@@ -336,7 +336,7 @@ to
 		Since: "2017.1",
 	},
 
-	"S1028": &lint.Documentation{
+	"S1028": {
 		Title: `Simplify error construction with fmt.Errorf`,
 		Text: `Before:
 
@@ -348,7 +348,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1029": &lint.Documentation{
+	"S1029": {
 		Title: `Range over the string directly`,
 		Text: `Ranging over a string will yield byte offsets and runes. If the offset
 isn't used, this is functionally equivalent to converting the string
@@ -366,7 +366,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1030": &lint.Documentation{
+	"S1030": {
 		Title: `Use bytes.Buffer.String or bytes.Buffer.Bytes`,
 		Text: `bytes.Buffer has both a String and a Bytes method. It is never
 necessary to use string(buf.Bytes()) or []byte(buf.String()) – simply
@@ -374,7 +374,7 @@ use the other method.`,
 		Since: "2017.1",
 	},
 
-	"S1031": &lint.Documentation{
+	"S1031": {
 		Title: `Omit redundant nil check around loop`,
 		Text: `You can use range on nil slices and maps, the loop will simply never
 execute. This makes an additional nil check around the loop
@@ -396,7 +396,7 @@ After:
 		Since: "2017.1",
 	},
 
-	"S1032": &lint.Documentation{
+	"S1032": {
 		Title: `Use sort.Ints(x), sort.Float64s(x), and sort.Strings(x)`,
 		Text: `The sort.Ints, sort.Float64s and sort.Strings functions are easier to
 read than sort.Sort(sort.IntSlice(x)), sort.Sort(sort.Float64Slice(x))
@@ -412,14 +412,74 @@ After:
 		Since: "2019.1",
 	},
 
-	"S1033": &lint.Documentation{
+	"S1033": {
 		Title: `Unnecessary guard around call to delete`,
 		Text:  `Calling delete on a nil map is a no-op.`,
 		Since: "2019.2",
 	},
 
-	"S1034": &lint.Documentation{
+	"S1034": {
 		Title: `Use result of type assertion to simplify cases`,
 		Since: "2019.2",
 	},
+
+	"S1035": {
+		Title: `Redundant call to net/http.CanonicalHeaderKey in method call on net/http.Header`,
+		Text: `The methods on net/http.Header, namely Add, Del, Get and Set, already
+canonicalize the given header name.`,
+		Since: "2020.1",
+	},
+
+	"S1036": {
+		Title: `Unnecessary guard around map access`,
+
+		Text: `When accessing a map key that doesn't exist yet, one
+receives a zero value. Often, the zero value is a suitable value, for example when using append or doing integer math.
+
+The following
+
+    if _, ok := m["foo"]; ok {
+        m["foo"] = append(m["foo"], "bar")
+    } else {
+        m["foo"] = []string{"bar"}
+    }
+
+can be simplified to
+
+    m["foo"] = append(m["foo"], "bar")
+
+and
+
+    if _, ok := m2["k"]; ok {
+        m2["k"] += 4
+    } else {
+        m2["k"] = 4
+    }
+
+can be simplified to
+
+    m["k"] += 4
+`,
+		Since: "2020.1",
+	},
+
+	"S1037": {
+		Title: `Elaborate way of sleeping`,
+		Text: `Using a select statement with a single case receiving
+from the result of time.After is a very elaborate way of sleeping that
+can much simpler be expressed with a simple call to time.Sleep.`,
+		Since: "2020.1",
+	},
+
+	"S1038": {
+		Title: "Unnecessarily complex way of printing formatted string",
+		Text:  `Instead of using fmt.Print(fmt.Sprintf(...)), one can use fmt.Printf(...).`,
+		Since: "2020.1",
+	},
+
+	"S1039": {
+		Title: "Unnecessary use of fmt.Sprint",
+		Text:  `Calling fmt.Sprint with a single string argument is unnecessary and identical to using the string directly.`,
+		Since: "2020.1",
+	},
 }
diff --git a/vendor/honnef.co/go/tools/simple/lint.go b/vendor/honnef.co/go/tools/simple/lint.go
index c78a7bb7..91571b6e 100644
--- a/vendor/honnef.co/go/tools/simple/lint.go
+++ b/vendor/honnef.co/go/tools/simple/lint.go
@@ -7,154 +7,124 @@ import (
 	"go/constant"
 	"go/token"
 	"go/types"
+	"path/filepath"
 	"reflect"
 	"sort"
 	"strings"
 
 	"golang.org/x/tools/go/analysis"
-	"golang.org/x/tools/go/analysis/passes/inspect"
-	"golang.org/x/tools/go/ast/inspector"
 	"golang.org/x/tools/go/types/typeutil"
 	. "honnef.co/go/tools/arg"
-	"honnef.co/go/tools/internal/passes/buildssa"
+	"honnef.co/go/tools/code"
+	"honnef.co/go/tools/edit"
+	"honnef.co/go/tools/internal/passes/buildir"
 	"honnef.co/go/tools/internal/sharedcheck"
-	"honnef.co/go/tools/lint"
 	. "honnef.co/go/tools/lint/lintdsl"
+	"honnef.co/go/tools/pattern"
+	"honnef.co/go/tools/report"
 )
 
-func LintSingleCaseSelect(pass *analysis.Pass) (interface{}, error) {
-	isSingleSelect := func(node ast.Node) bool {
-		v, ok := node.(*ast.SelectStmt)
-		if !ok {
-			return false
-		}
-		return len(v.Body.List) == 1
-	}
+var (
+	checkSingleCaseSelectQ1 = pattern.MustParse(`
+		(ForStmt
+			nil nil nil
+			select@(SelectStmt
+				(CommClause
+					(Or
+						(UnaryExpr "<-" _)
+						(AssignStmt _ _ (UnaryExpr "<-" _)))
+					_)))`)
+	checkSingleCaseSelectQ2 = pattern.MustParse(`(SelectStmt (CommClause _ _))`)
+)
 
+func CheckSingleCaseSelect(pass *analysis.Pass) (interface{}, error) {
 	seen := map[ast.Node]struct{}{}
 	fn := func(node ast.Node) {
-		switch v := node.(type) {
-		case *ast.ForStmt:
-			if len(v.Body.List) != 1 {
-				return
+		if m, ok := Match(pass, checkSingleCaseSelectQ1, node); ok {
+			seen[m.State["select"].(ast.Node)] = struct{}{}
+			report.Report(pass, node, "should use for range instead of for { select {} }", report.FilterGenerated())
+		} else if _, ok := Match(pass, checkSingleCaseSelectQ2, node); ok {
+			if _, ok := seen[node]; !ok {
+				report.Report(pass, node, "should use a simple channel send/receive instead of select with a single case",
+					report.ShortRange(),
+					report.FilterGenerated())
 			}
-			if !isSingleSelect(v.Body.List[0]) {
-				return
-			}
-			if _, ok := v.Body.List[0].(*ast.SelectStmt).Body.List[0].(*ast.CommClause).Comm.(*ast.SendStmt); ok {
-				// Don't suggest using range for channel sends
-				return
-			}
-			seen[v.Body.List[0]] = struct{}{}
-			ReportNodefFG(pass, node, "should use for range instead of for { select {} }")
-		case *ast.SelectStmt:
-			if _, ok := seen[v]; ok {
-				return
-			}
-			if !isSingleSelect(v) {
-				return
-			}
-			ReportNodefFG(pass, node, "should use a simple channel send/receive instead of select with a single case")
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.ForStmt)(nil), (*ast.SelectStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.ForStmt)(nil), (*ast.SelectStmt)(nil))
 	return nil, nil
 }
 
-func LintLoopCopy(pass *analysis.Pass) (interface{}, error) {
+var (
+	checkLoopCopyQ = pattern.MustParse(`
+		(Or
+			(RangeStmt
+				key value ":=" src@(Ident _)
+				[(AssignStmt
+					(IndexExpr dst@(Ident _) key)
+					"="
+					value)])
+			(RangeStmt
+				key nil ":=" src@(Ident _)
+				[(AssignStmt
+					(IndexExpr dst@(Ident _) key)
+					"="
+					(IndexExpr src key))]))`)
+	checkLoopCopyR = pattern.MustParse(`(CallExpr (Ident "copy") [dst src])`)
+)
+
+func CheckLoopCopy(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
-		loop := node.(*ast.RangeStmt)
-
-		if loop.Key == nil {
-			return
-		}
-		if len(loop.Body.List) != 1 {
-			return
-		}
-		stmt, ok := loop.Body.List[0].(*ast.AssignStmt)
+		m, edits, ok := MatchAndEdit(pass, checkLoopCopyQ, checkLoopCopyR, node)
 		if !ok {
 			return
 		}
-		if stmt.Tok != token.ASSIGN || len(stmt.Lhs) != 1 || len(stmt.Rhs) != 1 {
+		t1 := pass.TypesInfo.TypeOf(m.State["src"].(*ast.Ident))
+		t2 := pass.TypesInfo.TypeOf(m.State["dst"].(*ast.Ident))
+		if _, ok := t1.Underlying().(*types.Slice); !ok {
 			return
 		}
-		lhs, ok := stmt.Lhs[0].(*ast.IndexExpr)
-		if !ok {
+		if !types.Identical(t1, t2) {
 			return
 		}
 
-		if _, ok := pass.TypesInfo.TypeOf(lhs.X).(*types.Slice); !ok {
-			return
-		}
-		lidx, ok := lhs.Index.(*ast.Ident)
-		if !ok {
-			return
-		}
-		key, ok := loop.Key.(*ast.Ident)
-		if !ok {
-			return
-		}
-		if pass.TypesInfo.TypeOf(lhs) == nil || pass.TypesInfo.TypeOf(stmt.Rhs[0]) == nil {
-			return
-		}
-		if pass.TypesInfo.ObjectOf(lidx) != pass.TypesInfo.ObjectOf(key) {
-			return
-		}
-		if !types.Identical(pass.TypesInfo.TypeOf(lhs), pass.TypesInfo.TypeOf(stmt.Rhs[0])) {
-			return
-		}
-		if _, ok := pass.TypesInfo.TypeOf(loop.X).(*types.Slice); !ok {
-			return
-		}
-
-		if rhs, ok := stmt.Rhs[0].(*ast.IndexExpr); ok {
-			rx, ok := rhs.X.(*ast.Ident)
-			_ = rx
-			if !ok {
-				return
-			}
-			ridx, ok := rhs.Index.(*ast.Ident)
-			if !ok {
-				return
-			}
-			if pass.TypesInfo.ObjectOf(ridx) != pass.TypesInfo.ObjectOf(key) {
-				return
-			}
-		} else if rhs, ok := stmt.Rhs[0].(*ast.Ident); ok {
-			value, ok := loop.Value.(*ast.Ident)
-			if !ok {
-				return
-			}
-			if pass.TypesInfo.ObjectOf(rhs) != pass.TypesInfo.ObjectOf(value) {
-				return
-			}
+		tv, err := types.Eval(pass.Fset, pass.Pkg, node.Pos(), "copy")
+		if err == nil && tv.IsBuiltin() {
+			report.Report(pass, node,
+				"should use copy() instead of a loop",
+				report.ShortRange(),
+				report.FilterGenerated(),
+				report.Fixes(edit.Fix("replace loop with call to copy()", edits...)))
 		} else {
-			return
+			report.Report(pass, node, "should use copy() instead of a loop", report.FilterGenerated())
 		}
-		ReportNodefFG(pass, loop, "should use copy() instead of a loop")
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.RangeStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.RangeStmt)(nil))
 	return nil, nil
 }
 
-func LintIfBoolCmp(pass *analysis.Pass) (interface{}, error) {
+func CheckIfBoolCmp(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
+		if code.IsInTest(pass, node) {
+			return
+		}
+
 		expr := node.(*ast.BinaryExpr)
 		if expr.Op != token.EQL && expr.Op != token.NEQ {
 			return
 		}
-		x := IsBoolConst(pass, expr.X)
-		y := IsBoolConst(pass, expr.Y)
+		x := code.IsBoolConst(pass, expr.X)
+		y := code.IsBoolConst(pass, expr.Y)
 		if !x && !y {
 			return
 		}
 		var other ast.Expr
 		var val bool
 		if x {
-			val = BoolConst(pass, expr.X)
+			val = code.BoolConst(pass, expr.X)
 			other = expr.Y
 		} else {
-			val = BoolConst(pass, expr.Y)
+			val = code.BoolConst(pass, expr.Y)
 			other = expr.X
 		}
 		basic, ok := pass.TypesInfo.TypeOf(other).Underlying().(*types.Basic)
@@ -165,50 +135,56 @@ func LintIfBoolCmp(pass *analysis.Pass) (interface{}, error) {
 		if (expr.Op == token.EQL && !val) || (expr.Op == token.NEQ && val) {
 			op = "!"
 		}
-		r := op + Render(pass, other)
+		r := op + report.Render(pass, other)
 		l1 := len(r)
 		r = strings.TrimLeft(r, "!")
 		if (l1-len(r))%2 == 1 {
 			r = "!" + r
 		}
-		if IsInTest(pass, node) {
-			return
-		}
-		ReportNodefFG(pass, expr, "should omit comparison to bool constant, can be simplified to %s", r)
+		report.Report(pass, expr, fmt.Sprintf("should omit comparison to bool constant, can be simplified to %s", r),
+			report.FilterGenerated(),
+			report.Fixes(edit.Fix("simplify bool comparison", edit.ReplaceWithString(pass.Fset, expr, r))))
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.BinaryExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.BinaryExpr)(nil))
 	return nil, nil
 }
 
-func LintBytesBufferConversions(pass *analysis.Pass) (interface{}, error) {
-	fn := func(node ast.Node) {
-		call := node.(*ast.CallExpr)
-		if len(call.Args) != 1 {
-			return
-		}
+var (
+	checkBytesBufferConversionsQ  = pattern.MustParse(`(CallExpr _ [(CallExpr sel@(SelectorExpr recv _) [])])`)
+	checkBytesBufferConversionsRs = pattern.MustParse(`(CallExpr (SelectorExpr recv (Ident "String")) [])`)
+	checkBytesBufferConversionsRb = pattern.MustParse(`(CallExpr (SelectorExpr recv (Ident "Bytes")) [])`)
+)
 
-		argCall, ok := call.Args[0].(*ast.CallExpr)
-		if !ok {
-			return
-		}
-		sel, ok := argCall.Fun.(*ast.SelectorExpr)
+func CheckBytesBufferConversions(pass *analysis.Pass) (interface{}, error) {
+	if pass.Pkg.Path() == "bytes" || pass.Pkg.Path() == "bytes_test" {
+		// The bytes package can use itself however it wants
+		return nil, nil
+	}
+	fn := func(node ast.Node) {
+		m, ok := Match(pass, checkBytesBufferConversionsQ, node)
 		if !ok {
 			return
 		}
+		call := node.(*ast.CallExpr)
+		sel := m.State["sel"].(*ast.SelectorExpr)
 
 		typ := pass.TypesInfo.TypeOf(call.Fun)
-		if typ == types.Universe.Lookup("string").Type() && IsCallToAST(pass, call.Args[0], "(*bytes.Buffer).Bytes") {
-			ReportNodefFG(pass, call, "should use %v.String() instead of %v", Render(pass, sel.X), Render(pass, call))
-		} else if typ, ok := typ.(*types.Slice); ok && typ.Elem() == types.Universe.Lookup("byte").Type() && IsCallToAST(pass, call.Args[0], "(*bytes.Buffer).String") {
-			ReportNodefFG(pass, call, "should use %v.Bytes() instead of %v", Render(pass, sel.X), Render(pass, call))
+		if typ == types.Universe.Lookup("string").Type() && code.IsCallToAST(pass, call.Args[0], "(*bytes.Buffer).Bytes") {
+			report.Report(pass, call, fmt.Sprintf("should use %v.String() instead of %v", report.Render(pass, sel.X), report.Render(pass, call)),
+				report.FilterGenerated(),
+				report.Fixes(edit.Fix("simplify conversion", edit.ReplaceWithPattern(pass, checkBytesBufferConversionsRs, m.State, node))))
+		} else if typ, ok := typ.(*types.Slice); ok && typ.Elem() == types.Universe.Lookup("byte").Type() && code.IsCallToAST(pass, call.Args[0], "(*bytes.Buffer).String") {
+			report.Report(pass, call, fmt.Sprintf("should use %v.Bytes() instead of %v", report.Render(pass, sel.X), report.Render(pass, call)),
+				report.FilterGenerated(),
+				report.Fixes(edit.Fix("simplify conversion", edit.ReplaceWithPattern(pass, checkBytesBufferConversionsRb, m.State, node))))
 		}
 
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CallExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
-func LintStringsContains(pass *analysis.Pass) (interface{}, error) {
+func CheckStringsContains(pass *analysis.Pass) (interface{}, error) {
 	// map of value to token to bool value
 	allowed := map[int64]map[token.Token]bool{
 		-1: {token.GTR: true, token.NEQ: true, token.EQL: false},
@@ -222,7 +198,7 @@ func LintStringsContains(pass *analysis.Pass) (interface{}, error) {
 			return
 		}
 
-		value, ok := ExprToInt(pass, expr.Y)
+		value, ok := code.ExprToInt(pass, expr.Y)
 		if !ok {
 			return
 		}
@@ -252,86 +228,112 @@ func LintStringsContains(pass *analysis.Pass) (interface{}, error) {
 		if pkgIdent.Name != "strings" && pkgIdent.Name != "bytes" {
 			return
 		}
-		newFunc := ""
+
+		var r ast.Expr
 		switch funIdent.Name {
 		case "IndexRune":
-			newFunc = "ContainsRune"
+			r = &ast.SelectorExpr{
+				X:   pkgIdent,
+				Sel: &ast.Ident{Name: "ContainsRune"},
+			}
 		case "IndexAny":
-			newFunc = "ContainsAny"
+			r = &ast.SelectorExpr{
+				X:   pkgIdent,
+				Sel: &ast.Ident{Name: "ContainsAny"},
+			}
 		case "Index":
-			newFunc = "Contains"
+			r = &ast.SelectorExpr{
+				X:   pkgIdent,
+				Sel: &ast.Ident{Name: "Contains"},
+			}
 		default:
 			return
 		}
 
-		prefix := ""
-		if !b {
-			prefix = "!"
+		r = &ast.CallExpr{
+			Fun:  r,
+			Args: call.Args,
 		}
-		ReportNodefFG(pass, node, "should use %s%s.%s(%s) instead", prefix, pkgIdent.Name, newFunc, RenderArgs(pass, call.Args))
+		if !b {
+			r = &ast.UnaryExpr{
+				Op: token.NOT,
+				X:  r,
+			}
+		}
+
+		report.Report(pass, node, fmt.Sprintf("should use %s instead", report.Render(pass, r)),
+			report.FilterGenerated(),
+			report.Fixes(edit.Fix(fmt.Sprintf("simplify use of %s", report.Render(pass, call.Fun)), edit.ReplaceWithNode(pass.Fset, node, r))))
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.BinaryExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.BinaryExpr)(nil))
 	return nil, nil
 }
 
-func LintBytesCompare(pass *analysis.Pass) (interface{}, error) {
+var (
+	checkBytesCompareQ  = pattern.MustParse(`(BinaryExpr (CallExpr (Function "bytes.Compare") args) op@(Or "==" "!=") (BasicLit "INT" "0"))`)
+	checkBytesCompareRn = pattern.MustParse(`(CallExpr (SelectorExpr (Ident "bytes") (Ident "Equal")) args)`)
+	checkBytesCompareRe = pattern.MustParse(`(UnaryExpr "!" (CallExpr (SelectorExpr (Ident "bytes") (Ident "Equal")) args))`)
+)
+
+func CheckBytesCompare(pass *analysis.Pass) (interface{}, error) {
+	if pass.Pkg.Path() == "bytes" || pass.Pkg.Path() == "bytes_test" {
+		// the bytes package is free to use bytes.Compare as it sees fit
+		return nil, nil
+	}
 	fn := func(node ast.Node) {
-		expr := node.(*ast.BinaryExpr)
-		if expr.Op != token.NEQ && expr.Op != token.EQL {
-			return
-		}
-		call, ok := expr.X.(*ast.CallExpr)
+		m, ok := Match(pass, checkBytesCompareQ, node)
 		if !ok {
 			return
 		}
-		if !IsCallToAST(pass, call, "bytes.Compare") {
-			return
-		}
-		value, ok := ExprToInt(pass, expr.Y)
-		if !ok || value != 0 {
-			return
-		}
-		args := RenderArgs(pass, call.Args)
+
+		args := report.RenderArgs(pass, m.State["args"].([]ast.Expr))
 		prefix := ""
-		if expr.Op == token.NEQ {
+		if m.State["op"].(token.Token) == token.NEQ {
 			prefix = "!"
 		}
-		ReportNodefFG(pass, node, "should use %sbytes.Equal(%s) instead", prefix, args)
+
+		var fix analysis.SuggestedFix
+		switch tok := m.State["op"].(token.Token); tok {
+		case token.EQL:
+			fix = edit.Fix("simplify use of bytes.Compare", edit.ReplaceWithPattern(pass, checkBytesCompareRe, m.State, node))
+		case token.NEQ:
+			fix = edit.Fix("simplify use of bytes.Compare", edit.ReplaceWithPattern(pass, checkBytesCompareRn, m.State, node))
+		default:
+			panic(fmt.Sprintf("unexpected token %v", tok))
+		}
+		report.Report(pass, node, fmt.Sprintf("should use %sbytes.Equal(%s) instead", prefix, args), report.FilterGenerated(), report.Fixes(fix))
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.BinaryExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.BinaryExpr)(nil))
 	return nil, nil
 }
 
-func LintForTrue(pass *analysis.Pass) (interface{}, error) {
+func CheckForTrue(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
 		loop := node.(*ast.ForStmt)
 		if loop.Init != nil || loop.Post != nil {
 			return
 		}
-		if !IsBoolConst(pass, loop.Cond) || !BoolConst(pass, loop.Cond) {
+		if !code.IsBoolConst(pass, loop.Cond) || !code.BoolConst(pass, loop.Cond) {
 			return
 		}
-		ReportNodefFG(pass, loop, "should use for {} instead of for true {}")
+		report.Report(pass, loop, "should use for {} instead of for true {}",
+			report.ShortRange(),
+			report.FilterGenerated())
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.ForStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.ForStmt)(nil))
 	return nil, nil
 }
 
-func LintRegexpRaw(pass *analysis.Pass) (interface{}, error) {
+func CheckRegexpRaw(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
 		call := node.(*ast.CallExpr)
-		if !IsCallToAST(pass, call, "regexp.MustCompile") &&
-			!IsCallToAST(pass, call, "regexp.Compile") {
+		if !code.IsCallToAnyAST(pass, call, "regexp.MustCompile", "regexp.Compile") {
 			return
 		}
 		sel, ok := call.Fun.(*ast.SelectorExpr)
 		if !ok {
 			return
 		}
-		if len(call.Args) != 1 {
-			// invalid function call
-			return
-		}
 		lit, ok := call.Args[Arg("regexp.Compile.expr")].(*ast.BasicLit)
 		if !ok {
 			// TODO(dominikh): support string concat, maybe support constants
@@ -369,13 +371,18 @@ func LintRegexpRaw(pass *analysis.Pass) (interface{}, error) {
 			}
 		}
 
-		ReportNodefFG(pass, call, "should use raw string (`...`) with regexp.%s to avoid having to escape twice", sel.Sel.Name)
+		report.Report(pass, call, fmt.Sprintf("should use raw string (`...`) with regexp.%s to avoid having to escape twice", sel.Sel.Name), report.FilterGenerated())
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CallExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
-func LintIfReturn(pass *analysis.Pass) (interface{}, error) {
+var (
+	checkIfReturnQIf  = pattern.MustParse(`(IfStmt nil cond [(ReturnStmt [ret@(Ident _)])] nil)`)
+	checkIfReturnQRet = pattern.MustParse(`(ReturnStmt [ret@(Ident _)])`)
+)
+
+func CheckIfReturn(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
 		block := node.(*ast.BlockStmt)
 		l := len(block.List)
@@ -390,61 +397,88 @@ func LintIfReturn(pass *analysis.Pass) (interface{}, error) {
 				return
 			}
 		}
-		// if statement with no init, no else, a single condition
-		// checking an identifier or function call and just a return
-		// statement in the body, that returns a boolean constant
-		ifs, ok := n1.(*ast.IfStmt)
+		m1, ok := Match(pass, checkIfReturnQIf, n1)
 		if !ok {
 			return
 		}
-		if ifs.Else != nil || ifs.Init != nil {
+		m2, ok := Match(pass, checkIfReturnQRet, n2)
+		if !ok {
 			return
 		}
-		if len(ifs.Body.List) != 1 {
-			return
-		}
-		if op, ok := ifs.Cond.(*ast.BinaryExpr); ok {
+
+		if op, ok := m1.State["cond"].(*ast.BinaryExpr); ok {
 			switch op.Op {
 			case token.EQL, token.LSS, token.GTR, token.NEQ, token.LEQ, token.GEQ:
 			default:
 				return
 			}
 		}
-		ret1, ok := ifs.Body.List[0].(*ast.ReturnStmt)
-		if !ok {
+
+		ret1 := m1.State["ret"].(*ast.Ident)
+		if !code.IsBoolConst(pass, ret1) {
 			return
 		}
-		if len(ret1.Results) != 1 {
-			return
-		}
-		if !IsBoolConst(pass, ret1.Results[0]) {
+		ret2 := m2.State["ret"].(*ast.Ident)
+		if !code.IsBoolConst(pass, ret2) {
 			return
 		}
 
-		ret2, ok := n2.(*ast.ReturnStmt)
-		if !ok {
-			return
-		}
-		if len(ret2.Results) != 1 {
-			return
-		}
-		if !IsBoolConst(pass, ret2.Results[0]) {
-			return
-		}
-
-		if ret1.Results[0].(*ast.Ident).Name == ret2.Results[0].(*ast.Ident).Name {
+		if ret1.Name == ret2.Name {
 			// we want the function to return true and false, not the
 			// same value both times.
 			return
 		}
 
-		ReportNodefFG(pass, n1, "should use 'return <expr>' instead of 'if <expr> { return <bool> }; return <bool>'")
+		cond := m1.State["cond"].(ast.Expr)
+		origCond := cond
+		if ret1.Name == "false" {
+			cond = negate(cond)
+		}
+		report.Report(pass, n1,
+			fmt.Sprintf("should use 'return %s' instead of 'if %s { return %s }; return %s'",
+				report.Render(pass, cond),
+				report.Render(pass, origCond), report.Render(pass, ret1), report.Render(pass, ret2)),
+			report.FilterGenerated())
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.BlockStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.BlockStmt)(nil))
 	return nil, nil
 }
 
-// LintRedundantNilCheckWithLen checks for the following reduntant nil-checks:
+func negate(expr ast.Expr) ast.Expr {
+	switch expr := expr.(type) {
+	case *ast.BinaryExpr:
+		out := *expr
+		switch expr.Op {
+		case token.EQL:
+			out.Op = token.NEQ
+		case token.LSS:
+			out.Op = token.GEQ
+		case token.GTR:
+			out.Op = token.LEQ
+		case token.NEQ:
+			out.Op = token.EQL
+		case token.LEQ:
+			out.Op = token.GTR
+		case token.GEQ:
+			out.Op = token.LEQ
+		}
+		return &out
+	case *ast.Ident, *ast.CallExpr, *ast.IndexExpr:
+		return &ast.UnaryExpr{
+			Op: token.NOT,
+			X:  expr,
+		}
+	default:
+		return &ast.UnaryExpr{
+			Op: token.NOT,
+			X: &ast.ParenExpr{
+				X: expr,
+			},
+		}
+	}
+}
+
+// CheckRedundantNilCheckWithLen checks for the following redundant nil-checks:
 //
 //   if x == nil || len(x) == 0 {}
 //   if x != nil && len(x) != 0 {}
@@ -452,11 +486,11 @@ func LintIfReturn(pass *analysis.Pass) (interface{}, error) {
 //   if x != nil && len(x) > N {}
 //   if x != nil && len(x) >= N {} (where N != 0)
 //
-func LintRedundantNilCheckWithLen(pass *analysis.Pass) (interface{}, error) {
+func CheckRedundantNilCheckWithLen(pass *analysis.Pass) (interface{}, error) {
 	isConstZero := func(expr ast.Expr) (isConst bool, isZero bool) {
 		_, ok := expr.(*ast.BasicLit)
 		if ok {
-			return true, IsZero(expr)
+			return true, code.IsIntLiteral(expr, "0")
 		}
 		id, ok := expr.(*ast.Ident)
 		if !ok {
@@ -492,7 +526,7 @@ func LintRedundantNilCheckWithLen(pass *analysis.Pass) (interface{}, error) {
 		if !ok {
 			return
 		}
-		if !IsNil(pass, x.Y) {
+		if !code.IsNil(pass, x.Y) {
 			return
 		}
 
@@ -520,7 +554,7 @@ func LintRedundantNilCheckWithLen(pass *analysis.Pass) (interface{}, error) {
 			return
 		}
 
-		if eqNil && !IsZero(y.Y) { // must be len(x) == *0*
+		if eqNil && !code.IsIntLiteral(y.Y, "0") { // must be len(x) == *0*
 			return
 		}
 
@@ -565,51 +599,36 @@ func LintRedundantNilCheckWithLen(pass *analysis.Pass) (interface{}, error) {
 		default:
 			return
 		}
-		ReportNodefFG(pass, expr, "should omit nil check; len() for %s is defined as zero", nilType)
+		report.Report(pass, expr, fmt.Sprintf("should omit nil check; len() for %s is defined as zero", nilType), report.FilterGenerated())
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.BinaryExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.BinaryExpr)(nil))
 	return nil, nil
 }
 
-func LintSlicing(pass *analysis.Pass) (interface{}, error) {
+var checkSlicingQ = pattern.MustParse(`(SliceExpr x@(Object _) low (CallExpr (Builtin "len") [x]) nil)`)
+
+func CheckSlicing(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
-		n := node.(*ast.SliceExpr)
-		if n.Max != nil {
-			return
+		if _, ok := Match(pass, checkSlicingQ, node); ok {
+			expr := node.(*ast.SliceExpr)
+			report.Report(pass, expr.High,
+				"should omit second index in slice, s[a:len(s)] is identical to s[a:]",
+				report.FilterGenerated(),
+				report.Fixes(edit.Fix("simplify slice expression", edit.Delete(expr.High))))
 		}
-		s, ok := n.X.(*ast.Ident)
-		if !ok || s.Obj == nil {
-			return
-		}
-		call, ok := n.High.(*ast.CallExpr)
-		if !ok || len(call.Args) != 1 || call.Ellipsis.IsValid() {
-			return
-		}
-		fun, ok := call.Fun.(*ast.Ident)
-		if !ok || fun.Name != "len" {
-			return
-		}
-		if _, ok := pass.TypesInfo.ObjectOf(fun).(*types.Builtin); !ok {
-			return
-		}
-		arg, ok := call.Args[Arg("len.v")].(*ast.Ident)
-		if !ok || arg.Obj != s.Obj {
-			return
-		}
-		ReportNodefFG(pass, n, "should omit second index in slice, s[a:len(s)] is identical to s[a:]")
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.SliceExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.SliceExpr)(nil))
 	return nil, nil
 }
 
-func refersTo(pass *analysis.Pass, expr ast.Expr, ident *ast.Ident) bool {
+func refersTo(pass *analysis.Pass, expr ast.Expr, ident types.Object) bool {
 	found := false
 	fn := func(node ast.Node) bool {
 		ident2, ok := node.(*ast.Ident)
 		if !ok {
 			return true
 		}
-		if pass.TypesInfo.ObjectOf(ident) == pass.TypesInfo.ObjectOf(ident2) {
+		if ident == pass.TypesInfo.ObjectOf(ident2) {
 			found = true
 			return false
 		}
@@ -619,183 +638,160 @@ func refersTo(pass *analysis.Pass, expr ast.Expr, ident *ast.Ident) bool {
 	return found
 }
 
-func LintLoopAppend(pass *analysis.Pass) (interface{}, error) {
+var checkLoopAppendQ = pattern.MustParse(`
+	(RangeStmt
+		(Ident "_")
+		val@(Object _)
+		_
+		x
+		[(AssignStmt [lhs] "=" [(CallExpr (Builtin "append") [lhs val])])]) `)
+
+func CheckLoopAppend(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
-		loop := node.(*ast.RangeStmt)
-		if !IsBlank(loop.Key) {
-			return
-		}
-		val, ok := loop.Value.(*ast.Ident)
+		m, ok := Match(pass, checkLoopAppendQ, node)
 		if !ok {
 			return
 		}
-		if len(loop.Body.List) != 1 {
-			return
-		}
-		stmt, ok := loop.Body.List[0].(*ast.AssignStmt)
-		if !ok {
-			return
-		}
-		if stmt.Tok != token.ASSIGN || len(stmt.Lhs) != 1 || len(stmt.Rhs) != 1 {
-			return
-		}
-		if refersTo(pass, stmt.Lhs[0], val) {
-			return
-		}
-		call, ok := stmt.Rhs[0].(*ast.CallExpr)
-		if !ok {
-			return
-		}
-		if len(call.Args) != 2 || call.Ellipsis.IsValid() {
-			return
-		}
-		fun, ok := call.Fun.(*ast.Ident)
-		if !ok {
-			return
-		}
-		obj := pass.TypesInfo.ObjectOf(fun)
-		fn, ok := obj.(*types.Builtin)
-		if !ok || fn.Name() != "append" {
-			return
-		}
 
-		src := pass.TypesInfo.TypeOf(loop.X)
-		dst := pass.TypesInfo.TypeOf(call.Args[Arg("append.slice")])
-		// TODO(dominikh) remove nil check once Go issue #15173 has
-		// been fixed
-		if src == nil {
+		val := m.State["val"].(types.Object)
+		if refersTo(pass, m.State["lhs"].(ast.Expr), val) {
 			return
 		}
+
+		src := pass.TypesInfo.TypeOf(m.State["x"].(ast.Expr))
+		dst := pass.TypesInfo.TypeOf(m.State["lhs"].(ast.Expr))
 		if !types.Identical(src, dst) {
 			return
 		}
 
-		if Render(pass, stmt.Lhs[0]) != Render(pass, call.Args[Arg("append.slice")]) {
-			return
+		r := &ast.AssignStmt{
+			Lhs: []ast.Expr{m.State["lhs"].(ast.Expr)},
+			Tok: token.ASSIGN,
+			Rhs: []ast.Expr{
+				&ast.CallExpr{
+					Fun: &ast.Ident{Name: "append"},
+					Args: []ast.Expr{
+						m.State["lhs"].(ast.Expr),
+						m.State["x"].(ast.Expr),
+					},
+					Ellipsis: 1,
+				},
+			},
 		}
 
-		el, ok := call.Args[Arg("append.elems")].(*ast.Ident)
-		if !ok {
-			return
-		}
-		if pass.TypesInfo.ObjectOf(val) != pass.TypesInfo.ObjectOf(el) {
-			return
-		}
-		ReportNodefFG(pass, loop, "should replace loop with %s = append(%s, %s...)",
-			Render(pass, stmt.Lhs[0]), Render(pass, call.Args[Arg("append.slice")]), Render(pass, loop.X))
+		report.Report(pass, node, fmt.Sprintf("should replace loop with %s", report.Render(pass, r)),
+			report.ShortRange(),
+			report.FilterGenerated(),
+			report.Fixes(edit.Fix("replace loop with call to append", edit.ReplaceWithNode(pass.Fset, node, r))))
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.RangeStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.RangeStmt)(nil))
 	return nil, nil
 }
 
-func LintTimeSince(pass *analysis.Pass) (interface{}, error) {
+var (
+	checkTimeSinceQ = pattern.MustParse(`(CallExpr (SelectorExpr (CallExpr (Function "time.Now") []) (Function "(time.Time).Sub")) [arg])`)
+	checkTimeSinceR = pattern.MustParse(`(CallExpr (SelectorExpr (Ident "time") (Ident "Since")) [arg])`)
+)
+
+func CheckTimeSince(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
-		call := node.(*ast.CallExpr)
-		sel, ok := call.Fun.(*ast.SelectorExpr)
-		if !ok {
-			return
+		if _, edits, ok := MatchAndEdit(pass, checkTimeSinceQ, checkTimeSinceR, node); ok {
+			report.Report(pass, node, "should use time.Since instead of time.Now().Sub",
+				report.FilterGenerated(),
+				report.Fixes(edit.Fix("replace with call to time.Since", edits...)))
 		}
-		if !IsCallToAST(pass, sel.X, "time.Now") {
-			return
-		}
-		if sel.Sel.Name != "Sub" {
-			return
-		}
-		ReportNodefFG(pass, call, "should use time.Since instead of time.Now().Sub")
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CallExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
-func LintTimeUntil(pass *analysis.Pass) (interface{}, error) {
-	if !IsGoVersion(pass, 8) {
+var (
+	checkTimeUntilQ = pattern.MustParse(`(CallExpr (Function "(time.Time).Sub") [(CallExpr (Function "time.Now") [])])`)
+	checkTimeUntilR = pattern.MustParse(`(CallExpr (SelectorExpr (Ident "time") (Ident "Until")) [arg])`)
+)
+
+func CheckTimeUntil(pass *analysis.Pass) (interface{}, error) {
+	if !code.IsGoVersion(pass, 8) {
 		return nil, nil
 	}
 	fn := func(node ast.Node) {
-		call := node.(*ast.CallExpr)
-		if !IsCallToAST(pass, call, "(time.Time).Sub") {
-			return
+		if _, ok := Match(pass, checkTimeUntilQ, node); ok {
+			if sel, ok := node.(*ast.CallExpr).Fun.(*ast.SelectorExpr); ok {
+				r := pattern.NodeToAST(checkTimeUntilR.Root, map[string]interface{}{"arg": sel.X}).(ast.Node)
+				report.Report(pass, node, "should use time.Until instead of t.Sub(time.Now())",
+					report.FilterGenerated(),
+					report.Fixes(edit.Fix("replace with call to time.Until", edit.ReplaceWithNode(pass.Fset, node, r))))
+			} else {
+				report.Report(pass, node, "should use time.Until instead of t.Sub(time.Now())", report.FilterGenerated())
+			}
 		}
-		if !IsCallToAST(pass, call.Args[Arg("(time.Time).Sub.u")], "time.Now") {
-			return
-		}
-		ReportNodefFG(pass, call, "should use time.Until instead of t.Sub(time.Now())")
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CallExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
-func LintUnnecessaryBlank(pass *analysis.Pass) (interface{}, error) {
-	fn1 := func(node ast.Node) {
-		assign := node.(*ast.AssignStmt)
-		if len(assign.Lhs) != 2 || len(assign.Rhs) != 1 {
-			return
-		}
-		if !IsBlank(assign.Lhs[1]) {
-			return
-		}
-		switch rhs := assign.Rhs[0].(type) {
-		case *ast.IndexExpr:
-			// The type-checker should make sure that it's a map, but
-			// let's be safe.
-			if _, ok := pass.TypesInfo.TypeOf(rhs.X).Underlying().(*types.Map); !ok {
-				return
-			}
-		case *ast.UnaryExpr:
-			if rhs.Op != token.ARROW {
-				return
-			}
-		default:
-			return
-		}
-		cp := *assign
-		cp.Lhs = cp.Lhs[0:1]
-		ReportNodefFG(pass, assign, "should write %s instead of %s", Render(pass, &cp), Render(pass, assign))
-	}
+var (
+	checkUnnecessaryBlankQ1 = pattern.MustParse(`
+		(AssignStmt
+			[_ (Ident "_")]
+			_
+			(Or
+				(IndexExpr _ _)
+				(UnaryExpr "<-" _))) `)
+	checkUnnecessaryBlankQ2 = pattern.MustParse(`
+		(AssignStmt
+			(Ident "_") _ recv@(UnaryExpr "<-" _))`)
+)
 
-	fn2 := func(node ast.Node) {
-		stmt := node.(*ast.AssignStmt)
-		if len(stmt.Lhs) != len(stmt.Rhs) {
-			return
-		}
-		for i, lh := range stmt.Lhs {
-			rh := stmt.Rhs[i]
-			if !IsBlank(lh) {
-				continue
-			}
-			expr, ok := rh.(*ast.UnaryExpr)
-			if !ok {
-				continue
-			}
-			if expr.Op != token.ARROW {
-				continue
-			}
-			ReportNodefFG(pass, lh, "'_ = <-ch' can be simplified to '<-ch'")
+func CheckUnnecessaryBlank(pass *analysis.Pass) (interface{}, error) {
+	fn1 := func(node ast.Node) {
+		if _, ok := Match(pass, checkUnnecessaryBlankQ1, node); ok {
+			r := *node.(*ast.AssignStmt)
+			r.Lhs = r.Lhs[0:1]
+			report.Report(pass, node, "unnecessary assignment to the blank identifier",
+				report.FilterGenerated(),
+				report.Fixes(edit.Fix("remove assignment to blank identifier", edit.ReplaceWithNode(pass.Fset, node, &r))))
+		} else if m, ok := Match(pass, checkUnnecessaryBlankQ2, node); ok {
+			report.Report(pass, node, "unnecessary assignment to the blank identifier",
+				report.FilterGenerated(),
+				report.Fixes(edit.Fix("simplify channel receive operation", edit.ReplaceWithNode(pass.Fset, node, m.State["recv"].(ast.Node)))))
 		}
 	}
 
 	fn3 := func(node ast.Node) {
 		rs := node.(*ast.RangeStmt)
 
-		// for x, _
-		if !IsBlank(rs.Key) && IsBlank(rs.Value) {
-			ReportNodefFG(pass, rs.Value, "should omit value from range; this loop is equivalent to `for %s %s range ...`", Render(pass, rs.Key), rs.Tok)
+		// for _
+		if rs.Value == nil && code.IsBlank(rs.Key) {
+			report.Report(pass, rs.Key, "unnecessary assignment to the blank identifier",
+				report.FilterGenerated(),
+				report.Fixes(edit.Fix("remove assignment to blank identifier", edit.Delete(edit.Range{rs.Key.Pos(), rs.TokPos + 1}))))
 		}
-		// for _, _ || for _
-		if IsBlank(rs.Key) && (IsBlank(rs.Value) || rs.Value == nil) {
-			ReportNodefFG(pass, rs.Key, "should omit values from range; this loop is equivalent to `for range ...`")
+
+		// for _, _
+		if code.IsBlank(rs.Key) && code.IsBlank(rs.Value) {
+			// FIXME we should mark both key and value
+			report.Report(pass, rs.Key, "unnecessary assignment to the blank identifier",
+				report.FilterGenerated(),
+				report.Fixes(edit.Fix("remove assignment to blank identifier", edit.Delete(edit.Range{rs.Key.Pos(), rs.TokPos + 1}))))
+		}
+
+		// for x, _
+		if !code.IsBlank(rs.Key) && code.IsBlank(rs.Value) {
+			report.Report(pass, rs.Value, "unnecessary assignment to the blank identifier",
+				report.FilterGenerated(),
+				report.Fixes(edit.Fix("remove assignment to blank identifier", edit.Delete(edit.Range{rs.Key.End(), rs.Value.End()}))))
 		}
 	}
 
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.AssignStmt)(nil)}, fn1)
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.AssignStmt)(nil)}, fn2)
-	if IsGoVersion(pass, 4) {
-		pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.RangeStmt)(nil)}, fn3)
+	code.Preorder(pass, fn1, (*ast.AssignStmt)(nil))
+	if code.IsGoVersion(pass, 4) {
+		code.Preorder(pass, fn3, (*ast.RangeStmt)(nil))
 	}
 	return nil, nil
 }
 
-func LintSimplerStructConversion(pass *analysis.Pass) (interface{}, error) {
+func CheckSimplerStructConversion(pass *analysis.Pass) (interface{}, error) {
 	var skip ast.Node
 	fn := func(node ast.Node) {
 		// Do not suggest type conversion between pointers
@@ -902,7 +898,7 @@ func LintSimplerStructConversion(pass *analysis.Pass) (interface{}, error) {
 		if typ1 == typ2 {
 			return
 		}
-		if IsGoVersion(pass, 8) {
+		if code.IsGoVersion(pass, 8) {
 			if !types.IdenticalIgnoreTags(s1, s2) {
 				return
 			}
@@ -911,14 +907,21 @@ func LintSimplerStructConversion(pass *analysis.Pass) (interface{}, error) {
 				return
 			}
 		}
-		ReportNodefFG(pass, node, "should convert %s (type %s) to %s instead of using struct literal",
-			ident.Name, typ2.Obj().Name(), typ1.Obj().Name())
+
+		r := &ast.CallExpr{
+			Fun:  lit.Type,
+			Args: []ast.Expr{ident},
+		}
+		report.Report(pass, node,
+			fmt.Sprintf("should convert %s (type %s) to %s instead of using struct literal", ident.Name, typ2.Obj().Name(), typ1.Obj().Name()),
+			report.FilterGenerated(),
+			report.Fixes(edit.Fix("use type conversion", edit.ReplaceWithNode(pass.Fset, node, r))))
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.UnaryExpr)(nil), (*ast.CompositeLit)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.UnaryExpr)(nil), (*ast.CompositeLit)(nil))
 	return nil, nil
 }
 
-func LintTrim(pass *analysis.Pass) (interface{}, error) {
+func CheckTrim(pass *analysis.Pass) (interface{}, error) {
 	sameNonDynamic := func(node1, node2 ast.Node) bool {
 		if reflect.TypeOf(node1) != reflect.TypeOf(node2) {
 			return false
@@ -928,9 +931,9 @@ func LintTrim(pass *analysis.Pass) (interface{}, error) {
 		case *ast.Ident:
 			return node1.Obj == node2.(*ast.Ident).Obj
 		case *ast.SelectorExpr:
-			return Render(pass, node1) == Render(pass, node2)
+			return report.Render(pass, node1) == report.Render(pass, node2)
 		case *ast.IndexExpr:
-			return Render(pass, node1) == Render(pass, node2)
+			return report.Render(pass, node1) == report.Render(pass, node2)
 		}
 		return false
 	}
@@ -967,23 +970,25 @@ func LintTrim(pass *analysis.Pass) (interface{}, error) {
 		if !ok {
 			return
 		}
-		switch {
-		case IsCallToAST(pass, condCall, "strings.HasPrefix"):
+
+		condCallName := code.CallNameAST(pass, condCall)
+		switch condCallName {
+		case "strings.HasPrefix":
 			pkg = "strings"
 			fun = "HasPrefix"
-		case IsCallToAST(pass, condCall, "strings.HasSuffix"):
+		case "strings.HasSuffix":
 			pkg = "strings"
 			fun = "HasSuffix"
-		case IsCallToAST(pass, condCall, "strings.Contains"):
+		case "strings.Contains":
 			pkg = "strings"
 			fun = "Contains"
-		case IsCallToAST(pass, condCall, "bytes.HasPrefix"):
+		case "bytes.HasPrefix":
 			pkg = "bytes"
 			fun = "HasPrefix"
-		case IsCallToAST(pass, condCall, "bytes.HasSuffix"):
+		case "bytes.HasSuffix":
 			pkg = "bytes"
 			fun = "HasSuffix"
-		case IsCallToAST(pass, condCall, "bytes.Contains"):
+		case "bytes.Contains":
 			pkg = "bytes"
 			fun = "Contains"
 		default:
@@ -1009,13 +1014,15 @@ func LintTrim(pass *analysis.Pass) (interface{}, error) {
 			if len(rhs.Args) < 2 || !sameNonDynamic(condCall.Args[0], rhs.Args[0]) || !sameNonDynamic(condCall.Args[1], rhs.Args[1]) {
 				return
 			}
-			if IsCallToAST(pass, condCall, "strings.HasPrefix") && IsCallToAST(pass, rhs, "strings.TrimPrefix") ||
-				IsCallToAST(pass, condCall, "strings.HasSuffix") && IsCallToAST(pass, rhs, "strings.TrimSuffix") ||
-				IsCallToAST(pass, condCall, "strings.Contains") && IsCallToAST(pass, rhs, "strings.Replace") ||
-				IsCallToAST(pass, condCall, "bytes.HasPrefix") && IsCallToAST(pass, rhs, "bytes.TrimPrefix") ||
-				IsCallToAST(pass, condCall, "bytes.HasSuffix") && IsCallToAST(pass, rhs, "bytes.TrimSuffix") ||
-				IsCallToAST(pass, condCall, "bytes.Contains") && IsCallToAST(pass, rhs, "bytes.Replace") {
-				ReportNodefFG(pass, ifstmt, "should replace this if statement with an unconditional %s", CallNameAST(pass, rhs))
+
+			rhsName := code.CallNameAST(pass, rhs)
+			if condCallName == "strings.HasPrefix" && rhsName == "strings.TrimPrefix" ||
+				condCallName == "strings.HasSuffix" && rhsName == "strings.TrimSuffix" ||
+				condCallName == "strings.Contains" && rhsName == "strings.Replace" ||
+				condCallName == "bytes.HasPrefix" && rhsName == "bytes.TrimPrefix" ||
+				condCallName == "bytes.HasSuffix" && rhsName == "bytes.TrimSuffix" ||
+				condCallName == "bytes.Contains" && rhsName == "bytes.Replace" {
+				report.Report(pass, ifstmt, fmt.Sprintf("should replace this if statement with an unconditional %s", rhsName), report.FilterGenerated())
 			}
 			return
 		case *ast.SliceExpr:
@@ -1040,7 +1047,7 @@ func LintTrim(pass *analysis.Pass) (interface{}, error) {
 				index = slice.Low
 			case "HasSuffix":
 				if slice.Low != nil {
-					n, ok := ExprToInt(pass, slice.Low)
+					n, ok := code.ExprToInt(pass, slice.Low)
 					if !ok || n != 0 {
 						return
 					}
@@ -1069,8 +1076,8 @@ func LintTrim(pass *analysis.Pass) (interface{}, error) {
 					if !ok {
 						return
 					}
-					s1, ok1 := ExprToString(pass, lit)
-					s2, ok2 := ExprToString(pass, condCall.Args[1])
+					s1, ok1 := code.ExprToString(pass, lit)
+					s2, ok2 := code.ExprToString(pass, condCall.Args[1])
 					if !ok1 || !ok2 || s1 != s2 {
 						return
 					}
@@ -1086,8 +1093,8 @@ func LintTrim(pass *analysis.Pass) (interface{}, error) {
 				if pkg != "strings" {
 					return
 				}
-				string, ok1 := ExprToString(pass, condCall.Args[1])
-				int, ok2 := ExprToInt(pass, slice.Low)
+				string, ok1 := code.ExprToString(pass, condCall.Args[1])
+				int, ok2 := code.ExprToInt(pass, slice.Low)
 				if !ok1 || !ok2 || int != int64(len(string)) {
 					return
 				}
@@ -1113,257 +1120,142 @@ func LintTrim(pass *analysis.Pass) (interface{}, error) {
 			case "HasSuffix":
 				replacement = "TrimSuffix"
 			}
-			ReportNodefFG(pass, ifstmt, "should replace this if statement with an unconditional %s.%s", pkg, replacement)
+			report.Report(pass, ifstmt, fmt.Sprintf("should replace this if statement with an unconditional %s.%s", pkg, replacement),
+				report.ShortRange(),
+				report.FilterGenerated())
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.IfStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.IfStmt)(nil))
 	return nil, nil
 }
 
-func LintLoopSlide(pass *analysis.Pass) (interface{}, error) {
+var (
+	checkLoopSlideQ = pattern.MustParse(`
+		(ForStmt
+			(AssignStmt initvar@(Ident _) _ (BasicLit "INT" "0"))
+			(BinaryExpr initvar "<" limit@(Ident _))
+			(IncDecStmt initvar "++")
+			[(AssignStmt
+				(IndexExpr slice@(Ident _) initvar)
+				"="
+				(IndexExpr slice (BinaryExpr offset@(Ident _) "+" initvar)))])`)
+	checkLoopSlideR = pattern.MustParse(`
+		(CallExpr
+			(Ident "copy")
+			[(SliceExpr slice nil limit nil)
+				(SliceExpr slice offset nil nil)])`)
+)
+
+func CheckLoopSlide(pass *analysis.Pass) (interface{}, error) {
 	// TODO(dh): detect bs[i+offset] in addition to bs[offset+i]
 	// TODO(dh): consider merging this function with LintLoopCopy
 	// TODO(dh): detect length that is an expression, not a variable name
 	// TODO(dh): support sliding to a different offset than the beginning of the slice
 
 	fn := func(node ast.Node) {
-		/*
-			for i := 0; i < n; i++ {
-				bs[i] = bs[offset+i]
-			}
-
-						↓
-
-			copy(bs[:n], bs[offset:offset+n])
-		*/
-
 		loop := node.(*ast.ForStmt)
-		if len(loop.Body.List) != 1 || loop.Init == nil || loop.Cond == nil || loop.Post == nil {
-			return
-		}
-		assign, ok := loop.Init.(*ast.AssignStmt)
-		if !ok || len(assign.Lhs) != 1 || len(assign.Rhs) != 1 || !IsZero(assign.Rhs[0]) {
-			return
-		}
-		initvar, ok := assign.Lhs[0].(*ast.Ident)
+		m, edits, ok := MatchAndEdit(pass, checkLoopSlideQ, checkLoopSlideR, loop)
 		if !ok {
 			return
 		}
-		post, ok := loop.Post.(*ast.IncDecStmt)
-		if !ok || post.Tok != token.INC {
-			return
-		}
-		postvar, ok := post.X.(*ast.Ident)
-		if !ok || pass.TypesInfo.ObjectOf(postvar) != pass.TypesInfo.ObjectOf(initvar) {
-			return
-		}
-		bin, ok := loop.Cond.(*ast.BinaryExpr)
-		if !ok || bin.Op != token.LSS {
-			return
-		}
-		binx, ok := bin.X.(*ast.Ident)
-		if !ok || pass.TypesInfo.ObjectOf(binx) != pass.TypesInfo.ObjectOf(initvar) {
-			return
-		}
-		biny, ok := bin.Y.(*ast.Ident)
-		if !ok {
+		if _, ok := pass.TypesInfo.TypeOf(m.State["slice"].(*ast.Ident)).Underlying().(*types.Slice); !ok {
 			return
 		}
 
-		assign, ok = loop.Body.List[0].(*ast.AssignStmt)
-		if !ok || len(assign.Lhs) != 1 || len(assign.Rhs) != 1 || assign.Tok != token.ASSIGN {
-			return
-		}
-		lhs, ok := assign.Lhs[0].(*ast.IndexExpr)
-		if !ok {
-			return
-		}
-		rhs, ok := assign.Rhs[0].(*ast.IndexExpr)
-		if !ok {
-			return
-		}
-
-		bs1, ok := lhs.X.(*ast.Ident)
-		if !ok {
-			return
-		}
-		bs2, ok := rhs.X.(*ast.Ident)
-		if !ok {
-			return
-		}
-		obj1 := pass.TypesInfo.ObjectOf(bs1)
-		obj2 := pass.TypesInfo.ObjectOf(bs2)
-		if obj1 != obj2 {
-			return
-		}
-		if _, ok := obj1.Type().Underlying().(*types.Slice); !ok {
-			return
-		}
-
-		index1, ok := lhs.Index.(*ast.Ident)
-		if !ok || pass.TypesInfo.ObjectOf(index1) != pass.TypesInfo.ObjectOf(initvar) {
-			return
-		}
-		index2, ok := rhs.Index.(*ast.BinaryExpr)
-		if !ok || index2.Op != token.ADD {
-			return
-		}
-		add1, ok := index2.X.(*ast.Ident)
-		if !ok {
-			return
-		}
-		add2, ok := index2.Y.(*ast.Ident)
-		if !ok || pass.TypesInfo.ObjectOf(add2) != pass.TypesInfo.ObjectOf(initvar) {
-			return
-		}
-
-		ReportNodefFG(pass, loop, "should use copy(%s[:%s], %s[%s:]) instead", Render(pass, bs1), Render(pass, biny), Render(pass, bs1), Render(pass, add1))
+		report.Report(pass, loop, "should use copy() instead of loop for sliding slice elements",
+			report.ShortRange(),
+			report.FilterGenerated(),
+			report.Fixes(edit.Fix("use copy() instead of loop", edits...)))
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.ForStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.ForStmt)(nil))
 	return nil, nil
 }
 
-func LintMakeLenCap(pass *analysis.Pass) (interface{}, error) {
+var (
+	checkMakeLenCapQ1 = pattern.MustParse(`(CallExpr (Builtin "make") [typ size@(BasicLit "INT" "0")])`)
+	checkMakeLenCapQ2 = pattern.MustParse(`(CallExpr (Builtin "make") [typ size size])`)
+)
+
+func CheckMakeLenCap(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
-		call := node.(*ast.CallExpr)
-		if fn, ok := call.Fun.(*ast.Ident); !ok || fn.Name != "make" {
-			// FIXME check whether make is indeed the built-in function
+		if pass.Pkg.Path() == "runtime_test" && filepath.Base(pass.Fset.Position(node.Pos()).Filename) == "map_test.go" {
+			// special case of runtime tests testing map creation
 			return
 		}
-		switch len(call.Args) {
-		case 2:
-			// make(T, len)
-			if _, ok := pass.TypesInfo.TypeOf(call.Args[Arg("make.t")]).Underlying().(*types.Slice); ok {
-				break
-			}
-			if IsZero(call.Args[Arg("make.size[0]")]) {
-				ReportNodefFG(pass, call.Args[Arg("make.size[0]")], "should use make(%s) instead", Render(pass, call.Args[Arg("make.t")]))
-			}
-		case 3:
-			// make(T, len, cap)
-			if Render(pass, call.Args[Arg("make.size[0]")]) == Render(pass, call.Args[Arg("make.size[1]")]) {
-				ReportNodefFG(pass, call.Args[Arg("make.size[0]")],
-					"should use make(%s, %s) instead",
-					Render(pass, call.Args[Arg("make.t")]), Render(pass, call.Args[Arg("make.size[0]")]))
+		if m, ok := Match(pass, checkMakeLenCapQ1, node); ok {
+			T := m.State["typ"].(ast.Expr)
+			size := m.State["size"].(ast.Node)
+			if _, ok := pass.TypesInfo.TypeOf(T).Underlying().(*types.Slice); ok {
+				return
 			}
+			report.Report(pass, size, fmt.Sprintf("should use make(%s) instead", report.Render(pass, T)), report.FilterGenerated())
+		} else if m, ok := Match(pass, checkMakeLenCapQ2, node); ok {
+			// TODO(dh): don't consider sizes identical if they're
+			// dynamic. for example: make(T, <-ch, <-ch).
+			T := m.State["typ"].(ast.Expr)
+			size := m.State["size"].(ast.Node)
+			report.Report(pass, size,
+				fmt.Sprintf("should use make(%s, %s) instead", report.Render(pass, T), report.Render(pass, size)),
+				report.FilterGenerated())
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CallExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
-func LintAssertNotNil(pass *analysis.Pass) (interface{}, error) {
-	isNilCheck := func(ident *ast.Ident, expr ast.Expr) bool {
-		xbinop, ok := expr.(*ast.BinaryExpr)
-		if !ok || xbinop.Op != token.NEQ {
-			return false
-		}
-		xident, ok := xbinop.X.(*ast.Ident)
-		if !ok || xident.Obj != ident.Obj {
-			return false
-		}
-		if !IsNil(pass, xbinop.Y) {
-			return false
-		}
-		return true
-	}
-	isOKCheck := func(ident *ast.Ident, expr ast.Expr) bool {
-		yident, ok := expr.(*ast.Ident)
-		if !ok || yident.Obj != ident.Obj {
-			return false
-		}
-		return true
-	}
+var (
+	checkAssertNotNilFn1Q = pattern.MustParse(`
+		(IfStmt
+			(AssignStmt [(Ident "_") ok@(Object _)] _ [(TypeAssertExpr assert@(Object _) _)])
+			(Or
+				(BinaryExpr ok "&&" (BinaryExpr assert "!=" (Builtin "nil")))
+				(BinaryExpr (BinaryExpr assert "!=" (Builtin "nil")) "&&" ok))
+			_
+			_)`)
+	checkAssertNotNilFn2Q = pattern.MustParse(`
+		(IfStmt
+			nil
+			(BinaryExpr lhs@(Object _) "!=" (Builtin "nil"))
+			[
+				ifstmt@(IfStmt
+					(AssignStmt [(Ident "_") ok@(Object _)] _ [(TypeAssertExpr lhs _)])
+					ok
+					_
+					_)
+			]
+			nil)`)
+)
+
+func CheckAssertNotNil(pass *analysis.Pass) (interface{}, error) {
 	fn1 := func(node ast.Node) {
-		ifstmt := node.(*ast.IfStmt)
-		assign, ok := ifstmt.Init.(*ast.AssignStmt)
-		if !ok || len(assign.Lhs) != 2 || len(assign.Rhs) != 1 || !IsBlank(assign.Lhs[0]) {
-			return
-		}
-		assert, ok := assign.Rhs[0].(*ast.TypeAssertExpr)
+		m, ok := Match(pass, checkAssertNotNilFn1Q, node)
 		if !ok {
 			return
 		}
-		binop, ok := ifstmt.Cond.(*ast.BinaryExpr)
-		if !ok || binop.Op != token.LAND {
-			return
-		}
-		assertIdent, ok := assert.X.(*ast.Ident)
-		if !ok {
-			return
-		}
-		assignIdent, ok := assign.Lhs[1].(*ast.Ident)
-		if !ok {
-			return
-		}
-		if !(isNilCheck(assertIdent, binop.X) && isOKCheck(assignIdent, binop.Y)) &&
-			!(isNilCheck(assertIdent, binop.Y) && isOKCheck(assignIdent, binop.X)) {
-			return
-		}
-		ReportNodefFG(pass, ifstmt, "when %s is true, %s can't be nil", Render(pass, assignIdent), Render(pass, assertIdent))
+		assert := m.State["assert"].(types.Object)
+		assign := m.State["ok"].(types.Object)
+		report.Report(pass, node, fmt.Sprintf("when %s is true, %s can't be nil", assign.Name(), assert.Name()),
+			report.ShortRange(),
+			report.FilterGenerated())
 	}
 	fn2 := func(node ast.Node) {
-		// Check that outer ifstmt is an 'if x != nil {}'
-		ifstmt := node.(*ast.IfStmt)
-		if ifstmt.Init != nil {
-			return
-		}
-		if ifstmt.Else != nil {
-			return
-		}
-		if len(ifstmt.Body.List) != 1 {
-			return
-		}
-		binop, ok := ifstmt.Cond.(*ast.BinaryExpr)
+		m, ok := Match(pass, checkAssertNotNilFn2Q, node)
 		if !ok {
 			return
 		}
-		if binop.Op != token.NEQ {
-			return
-		}
-		lhs, ok := binop.X.(*ast.Ident)
-		if !ok {
-			return
-		}
-		if !IsNil(pass, binop.Y) {
-			return
-		}
-
-		// Check that inner ifstmt is an `if _, ok := x.(T); ok {}`
-		ifstmt, ok = ifstmt.Body.List[0].(*ast.IfStmt)
-		if !ok {
-			return
-		}
-		assign, ok := ifstmt.Init.(*ast.AssignStmt)
-		if !ok || len(assign.Lhs) != 2 || len(assign.Rhs) != 1 || !IsBlank(assign.Lhs[0]) {
-			return
-		}
-		assert, ok := assign.Rhs[0].(*ast.TypeAssertExpr)
-		if !ok {
-			return
-		}
-		assertIdent, ok := assert.X.(*ast.Ident)
-		if !ok {
-			return
-		}
-		if lhs.Obj != assertIdent.Obj {
-			return
-		}
-		assignIdent, ok := assign.Lhs[1].(*ast.Ident)
-		if !ok {
-			return
-		}
-		if !isOKCheck(assignIdent, ifstmt.Cond) {
-			return
-		}
-		ReportNodefFG(pass, ifstmt, "when %s is true, %s can't be nil", Render(pass, assignIdent), Render(pass, assertIdent))
+		ifstmt := m.State["ifstmt"].(*ast.IfStmt)
+		lhs := m.State["lhs"].(types.Object)
+		assignIdent := m.State["ok"].(types.Object)
+		report.Report(pass, ifstmt, fmt.Sprintf("when %s is true, %s can't be nil", assignIdent.Name(), lhs.Name()),
+			report.ShortRange(),
+			report.FilterGenerated())
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.IfStmt)(nil)}, fn1)
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.IfStmt)(nil)}, fn2)
+	code.Preorder(pass, fn1, (*ast.IfStmt)(nil))
+	code.Preorder(pass, fn2, (*ast.IfStmt)(nil))
 	return nil, nil
 }
 
-func LintDeclareAssign(pass *analysis.Pass) (interface{}, error) {
+func CheckDeclareAssign(pass *analysis.Pass) (interface{}, error) {
 	hasMultipleAssignments := func(root ast.Node, ident *ast.Ident) bool {
 		num := 0
 		ast.Inspect(root, func(node ast.Node) bool {
@@ -1421,21 +1313,33 @@ func LintDeclareAssign(pass *analysis.Pass) (interface{}, error) {
 				continue
 			}
 
-			if refersTo(pass, assign.Rhs[0], ident) {
+			if refersTo(pass, assign.Rhs[0], pass.TypesInfo.ObjectOf(ident)) {
 				continue
 			}
 			if hasMultipleAssignments(block, ident) {
 				continue
 			}
 
-			ReportNodefFG(pass, decl, "should merge variable declaration with assignment on next line")
+			r := &ast.GenDecl{
+				Specs: []ast.Spec{
+					&ast.ValueSpec{
+						Names:  vspec.Names,
+						Values: []ast.Expr{assign.Rhs[0]},
+						Type:   vspec.Type,
+					},
+				},
+				Tok: gdecl.Tok,
+			}
+			report.Report(pass, decl, "should merge variable declaration with assignment on next line",
+				report.FilterGenerated(),
+				report.Fixes(edit.Fix("merge declaration with assignment", edit.ReplaceWithNode(pass.Fset, edit.Range{decl.Pos(), assign.End()}, r))))
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.BlockStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.BlockStmt)(nil))
 	return nil, nil
 }
 
-func LintRedundantBreak(pass *analysis.Pass) (interface{}, error) {
+func CheckRedundantBreak(pass *analysis.Pass) (interface{}, error) {
 	fn1 := func(node ast.Node) {
 		clause := node.(*ast.CaseClause)
 		if len(clause.Body) < 2 {
@@ -1445,7 +1349,7 @@ func LintRedundantBreak(pass *analysis.Pass) (interface{}, error) {
 		if !ok || branch.Tok != token.BREAK || branch.Label != nil {
 			return
 		}
-		ReportNodefFG(pass, branch, "redundant break statement")
+		report.Report(pass, branch, "redundant break statement", report.FilterGenerated())
 	}
 	fn2 := func(node ast.Node) {
 		var ret *ast.FieldList
@@ -1458,7 +1362,7 @@ func LintRedundantBreak(pass *analysis.Pass) (interface{}, error) {
 			ret = x.Type.Results
 			body = x.Body
 		default:
-			panic(fmt.Sprintf("unreachable: %T", node))
+			ExhaustiveTypeSwitch(node)
 		}
 		// if the func has results, a return can't be redundant.
 		// similarly, if there are no statements, there can be
@@ -1472,10 +1376,10 @@ func LintRedundantBreak(pass *analysis.Pass) (interface{}, error) {
 		}
 		// we don't need to check rst.Results as we already
 		// checked x.Type.Results to be nil.
-		ReportNodefFG(pass, rst, "redundant return statement")
+		report.Report(pass, rst, "redundant return statement", report.FilterGenerated())
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CaseClause)(nil)}, fn1)
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.FuncDecl)(nil), (*ast.FuncLit)(nil)}, fn2)
+	code.Preorder(pass, fn1, (*ast.CaseClause)(nil))
+	code.Preorder(pass, fn2, (*ast.FuncDecl)(nil), (*ast.FuncLit)(nil))
 	return nil, nil
 }
 
@@ -1497,97 +1401,105 @@ func isStringer(T types.Type, msCache *typeutil.MethodSetCache) bool {
 	if sig.Results().Len() != 1 {
 		return false
 	}
-	if !IsType(sig.Results().At(0).Type(), "string") {
+	if !code.IsType(sig.Results().At(0).Type(), "string") {
 		return false
 	}
 	return true
 }
 
-func LintRedundantSprintf(pass *analysis.Pass) (interface{}, error) {
+var checkRedundantSprintfQ = pattern.MustParse(`(CallExpr (Function "fmt.Sprintf") [format arg])`)
+
+func CheckRedundantSprintf(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
-		call := node.(*ast.CallExpr)
-		if !IsCallToAST(pass, call, "fmt.Sprintf") {
+		m, ok := Match(pass, checkRedundantSprintfQ, node)
+		if !ok {
 			return
 		}
-		if len(call.Args) != 2 {
+
+		format := m.State["format"].(ast.Expr)
+		arg := m.State["arg"].(ast.Expr)
+		if s, ok := code.ExprToString(pass, format); !ok || s != "%s" {
 			return
 		}
-		if s, ok := ExprToString(pass, call.Args[Arg("fmt.Sprintf.format")]); !ok || s != "%s" {
-			return
-		}
-		arg := call.Args[Arg("fmt.Sprintf.a[0]")]
 		typ := pass.TypesInfo.TypeOf(arg)
 
-		ssapkg := pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).Pkg
-		if isStringer(typ, &ssapkg.Prog.MethodSets) {
-			ReportNodef(pass, call, "should use String() instead of fmt.Sprintf")
+		irpkg := pass.ResultOf[buildir.Analyzer].(*buildir.IR).Pkg
+		if types.TypeString(typ, nil) != "reflect.Value" && isStringer(typ, &irpkg.Prog.MethodSets) {
+			replacement := &ast.CallExpr{
+				Fun: &ast.SelectorExpr{
+					X:   arg,
+					Sel: &ast.Ident{Name: "String"},
+				},
+			}
+			report.Report(pass, node, "should use String() instead of fmt.Sprintf",
+				report.Fixes(edit.Fix("replace with call to String method", edit.ReplaceWithNode(pass.Fset, node, replacement))))
 			return
 		}
 
 		if typ.Underlying() == types.Universe.Lookup("string").Type() {
 			if typ == types.Universe.Lookup("string").Type() {
-				ReportNodefFG(pass, call, "the argument is already a string, there's no need to use fmt.Sprintf")
+				report.Report(pass, node, "the argument is already a string, there's no need to use fmt.Sprintf",
+					report.FilterGenerated(),
+					report.Fixes(edit.Fix("remove unnecessary call to fmt.Sprintf", edit.ReplaceWithNode(pass.Fset, node, arg))))
 			} else {
-				ReportNodefFG(pass, call, "the argument's underlying type is a string, should use a simple conversion instead of fmt.Sprintf")
+				replacement := &ast.CallExpr{
+					Fun:  &ast.Ident{Name: "string"},
+					Args: []ast.Expr{arg},
+				}
+				report.Report(pass, node, "the argument's underlying type is a string, should use a simple conversion instead of fmt.Sprintf",
+					report.FilterGenerated(),
+					report.Fixes(edit.Fix("replace with conversion to string", edit.ReplaceWithNode(pass.Fset, node, replacement))))
 			}
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CallExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
-func LintErrorsNewSprintf(pass *analysis.Pass) (interface{}, error) {
+var (
+	checkErrorsNewSprintfQ = pattern.MustParse(`(CallExpr (Function "errors.New") [(CallExpr (Function "fmt.Sprintf") args)])`)
+	checkErrorsNewSprintfR = pattern.MustParse(`(CallExpr (SelectorExpr (Ident "fmt") (Ident "Errorf")) args)`)
+)
+
+func CheckErrorsNewSprintf(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
-		if !IsCallToAST(pass, node, "errors.New") {
-			return
+		if _, edits, ok := MatchAndEdit(pass, checkErrorsNewSprintfQ, checkErrorsNewSprintfR, node); ok {
+			// TODO(dh): the suggested fix may leave an unused import behind
+			report.Report(pass, node, "should use fmt.Errorf(...) instead of errors.New(fmt.Sprintf(...))",
+				report.FilterGenerated(),
+				report.Fixes(edit.Fix("use fmt.Errorf", edits...)))
 		}
-		call := node.(*ast.CallExpr)
-		if !IsCallToAST(pass, call.Args[Arg("errors.New.text")], "fmt.Sprintf") {
-			return
-		}
-		ReportNodefFG(pass, node, "should use fmt.Errorf(...) instead of errors.New(fmt.Sprintf(...))")
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CallExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
-func LintRangeStringRunes(pass *analysis.Pass) (interface{}, error) {
+func CheckRangeStringRunes(pass *analysis.Pass) (interface{}, error) {
 	return sharedcheck.CheckRangeStringRunes(pass)
 }
 
-func LintNilCheckAroundRange(pass *analysis.Pass) (interface{}, error) {
+var checkNilCheckAroundRangeQ = pattern.MustParse(`
+	(IfStmt
+		nil
+		(BinaryExpr x@(Object _) "!=" (Builtin "nil"))
+		[(RangeStmt _ _ _ x _)]
+		nil)`)
+
+func CheckNilCheckAroundRange(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
-		ifstmt := node.(*ast.IfStmt)
-		cond, ok := ifstmt.Cond.(*ast.BinaryExpr)
+		m, ok := Match(pass, checkNilCheckAroundRangeQ, node)
 		if !ok {
 			return
 		}
-
-		if cond.Op != token.NEQ || !IsNil(pass, cond.Y) || len(ifstmt.Body.List) != 1 {
-			return
-		}
-
-		loop, ok := ifstmt.Body.List[0].(*ast.RangeStmt)
-		if !ok {
-			return
-		}
-		ifXIdent, ok := cond.X.(*ast.Ident)
-		if !ok {
-			return
-		}
-		rangeXIdent, ok := loop.X.(*ast.Ident)
-		if !ok {
-			return
-		}
-		if ifXIdent.Obj != rangeXIdent.Obj {
-			return
-		}
-		switch pass.TypesInfo.TypeOf(rangeXIdent).(type) {
+		switch m.State["x"].(types.Object).Type().Underlying().(type) {
 		case *types.Slice, *types.Map:
-			ReportNodefFG(pass, node, "unnecessary nil check around range")
+			report.Report(pass, node, "unnecessary nil check around range",
+				report.ShortRange(),
+				report.FilterGenerated())
+
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.IfStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.IfStmt)(nil))
 	return nil, nil
 }
 
@@ -1602,7 +1514,7 @@ func isPermissibleSort(pass *analysis.Pass, node ast.Node) bool {
 	if !ok {
 		return true
 	}
-	name := SelectorName(pass, sel)
+	name := code.SelectorName(pass, sel)
 	switch name {
 	case "sort.IntSlice", "sort.Float64Slice", "sort.StringSlice":
 	default:
@@ -1612,7 +1524,7 @@ func isPermissibleSort(pass *analysis.Pass, node ast.Node) bool {
 	return false
 }
 
-func LintSortHelpers(pass *analysis.Pass) (interface{}, error) {
+func CheckSortHelpers(pass *analysis.Pass) (interface{}, error) {
 	type Error struct {
 		node ast.Node
 		msg  string
@@ -1626,7 +1538,7 @@ func LintSortHelpers(pass *analysis.Pass) (interface{}, error) {
 		case *ast.FuncDecl:
 			body = node.Body
 		default:
-			panic(fmt.Sprintf("unreachable: %T", node))
+			ExhaustiveTypeSwitch(node)
 		}
 		if body == nil {
 			return
@@ -1638,7 +1550,7 @@ func LintSortHelpers(pass *analysis.Pass) (interface{}, error) {
 			if permissible {
 				return false
 			}
-			if !IsCallToAST(pass, node, "sort.Sort") {
+			if !code.IsCallToAST(pass, node, "sort.Sort") {
 				return true
 			}
 			if isPermissibleSort(pass, node) {
@@ -1648,7 +1560,7 @@ func LintSortHelpers(pass *analysis.Pass) (interface{}, error) {
 			call := node.(*ast.CallExpr)
 			typeconv := call.Args[Arg("sort.Sort.data")].(*ast.CallExpr)
 			sel := typeconv.Fun.(*ast.SelectorExpr)
-			name := SelectorName(pass, sel)
+			name := code.SelectorName(pass, sel)
 
 			switch name {
 			case "sort.IntSlice":
@@ -1667,7 +1579,7 @@ func LintSortHelpers(pass *analysis.Pass) (interface{}, error) {
 		}
 		allErrors = append(allErrors, errors...)
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.FuncLit)(nil), (*ast.FuncDecl)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.FuncLit)(nil), (*ast.FuncDecl)(nil))
 	sort.Slice(allErrors, func(i, j int) bool {
 		return allErrors[i].node.Pos() < allErrors[j].node.Pos()
 	})
@@ -1677,100 +1589,64 @@ func LintSortHelpers(pass *analysis.Pass) (interface{}, error) {
 			continue
 		}
 		prev = err.node.Pos()
-		ReportNodefFG(pass, err.node, "%s", err.msg)
+		report.Report(pass, err.node, err.msg, report.FilterGenerated())
 	}
 	return nil, nil
 }
 
-func LintGuardedDelete(pass *analysis.Pass) (interface{}, error) {
-	isCommaOkMapIndex := func(stmt ast.Stmt) (b *ast.Ident, m ast.Expr, key ast.Expr, ok bool) {
-		// Has to be of the form `_, <b:*ast.Ident> = <m:*types.Map>[<key>]
+var checkGuardedDeleteQ = pattern.MustParse(`
+	(IfStmt
+		(AssignStmt
+			[(Ident "_") ok@(Ident _)]
+			":="
+			(IndexExpr m key))
+		ok
+		[call@(CallExpr (Builtin "delete") [m key])]
+		nil)`)
 
-		assign, ok := stmt.(*ast.AssignStmt)
-		if !ok {
-			return nil, nil, nil, false
-		}
-		if len(assign.Lhs) != 2 || len(assign.Rhs) != 1 {
-			return nil, nil, nil, false
-		}
-		if !IsBlank(assign.Lhs[0]) {
-			return nil, nil, nil, false
-		}
-		ident, ok := assign.Lhs[1].(*ast.Ident)
-		if !ok {
-			return nil, nil, nil, false
-		}
-		index, ok := assign.Rhs[0].(*ast.IndexExpr)
-		if !ok {
-			return nil, nil, nil, false
-		}
-		if _, ok := pass.TypesInfo.TypeOf(index.X).(*types.Map); !ok {
-			return nil, nil, nil, false
-		}
-		key = index.Index
-		return ident, index.X, key, true
-	}
+func CheckGuardedDelete(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
-		stmt := node.(*ast.IfStmt)
-		if len(stmt.Body.List) != 1 {
-			return
+		if m, ok := Match(pass, checkGuardedDeleteQ, node); ok {
+			report.Report(pass, node, "unnecessary guard around call to delete",
+				report.ShortRange(),
+				report.FilterGenerated(),
+				report.Fixes(edit.Fix("remove guard", edit.ReplaceWithNode(pass.Fset, node, m.State["call"].(ast.Node)))))
 		}
-		if stmt.Else != nil {
-			return
-		}
-		expr, ok := stmt.Body.List[0].(*ast.ExprStmt)
-		if !ok {
-			return
-		}
-		call, ok := expr.X.(*ast.CallExpr)
-		if !ok {
-			return
-		}
-		if !IsCallToAST(pass, call, "delete") {
-			return
-		}
-		b, m, key, ok := isCommaOkMapIndex(stmt.Init)
-		if !ok {
-			return
-		}
-		if cond, ok := stmt.Cond.(*ast.Ident); !ok || pass.TypesInfo.ObjectOf(cond) != pass.TypesInfo.ObjectOf(b) {
-			return
-		}
-		if Render(pass, call.Args[0]) != Render(pass, m) || Render(pass, call.Args[1]) != Render(pass, key) {
-			return
-		}
-		ReportNodefFG(pass, stmt, "unnecessary guard around call to delete")
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.IfStmt)(nil)}, fn)
+
+	code.Preorder(pass, fn, (*ast.IfStmt)(nil))
 	return nil, nil
 }
 
-func LintSimplifyTypeSwitch(pass *analysis.Pass) (interface{}, error) {
+var (
+	checkSimplifyTypeSwitchQ = pattern.MustParse(`
+		(TypeSwitchStmt
+			nil
+			expr@(TypeAssertExpr ident@(Ident _) _)
+			body)`)
+	checkSimplifyTypeSwitchR = pattern.MustParse(`(AssignStmt ident ":=" expr)`)
+)
+
+func CheckSimplifyTypeSwitch(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
+		m, ok := Match(pass, checkSimplifyTypeSwitchQ, node)
+		if !ok {
+			return
+		}
 		stmt := node.(*ast.TypeSwitchStmt)
-		if stmt.Init != nil {
-			// bailing out for now, can't anticipate how type switches with initializers are being used
-			return
-		}
-		expr, ok := stmt.Assign.(*ast.ExprStmt)
-		if !ok {
-			// the user is in fact assigning the result
-			return
-		}
-		assert := expr.X.(*ast.TypeAssertExpr)
-		ident, ok := assert.X.(*ast.Ident)
-		if !ok {
-			return
-		}
+		expr := m.State["expr"].(ast.Node)
+		ident := m.State["ident"].(*ast.Ident)
+
 		x := pass.TypesInfo.ObjectOf(ident)
-		var allOffenders []ast.Node
+		var allOffenders []*ast.TypeAssertExpr
+		canSuggestFix := true
 		for _, clause := range stmt.Body.List {
 			clause := clause.(*ast.CaseClause)
 			if len(clause.List) != 1 {
 				continue
 			}
 			hasUnrelatedAssertion := false
-			var offenders []ast.Node
+			var offenders []*ast.TypeAssertExpr
 			ast.Inspect(clause, func(node ast.Node) bool {
 				assert2, ok := node.(*ast.TypeAssertExpr)
 				if !ok {
@@ -1801,16 +1677,192 @@ func LintSimplifyTypeSwitch(pass *analysis.Pass) (interface{}, error) {
 				// type.
 				allOffenders = append(allOffenders, offenders...)
 			}
+			canSuggestFix = canSuggestFix && !hasUnrelatedAssertion
 		}
 		if len(allOffenders) != 0 {
-			at := ""
+			var opts []report.Option
 			for _, offender := range allOffenders {
-				pos := lint.DisplayPosition(pass.Fset, offender.Pos())
-				at += "\n\t" + pos.String()
+				opts = append(opts, report.Related(offender, "could eliminate this type assertion"))
+			}
+			opts = append(opts, report.FilterGenerated())
+
+			msg := fmt.Sprintf("assigning the result of this type assertion to a variable (switch %s := %s.(type)) could eliminate type assertions in switch cases",
+				report.Render(pass, ident), report.Render(pass, ident))
+			if canSuggestFix {
+				var edits []analysis.TextEdit
+				edits = append(edits, edit.ReplaceWithPattern(pass, checkSimplifyTypeSwitchR, m.State, expr))
+				for _, offender := range allOffenders {
+					edits = append(edits, edit.ReplaceWithNode(pass.Fset, offender, offender.X))
+				}
+				opts = append(opts, report.Fixes(edit.Fix("simplify type switch", edits...)))
+				report.Report(pass, expr, msg, opts...)
+			} else {
+				report.Report(pass, expr, msg, opts...)
 			}
-			ReportNodefFG(pass, expr, "assigning the result of this type assertion to a variable (switch %s := %s.(type)) could eliminate the following type assertions:%s", Render(pass, ident), Render(pass, ident), at)
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.TypeSwitchStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.TypeSwitchStmt)(nil))
+	return nil, nil
+}
+
+func CheckRedundantCanonicalHeaderKey(pass *analysis.Pass) (interface{}, error) {
+	fn := func(node ast.Node) {
+		call := node.(*ast.CallExpr)
+		callName := code.CallNameAST(pass, call)
+		switch callName {
+		case "(net/http.Header).Add", "(net/http.Header).Del", "(net/http.Header).Get", "(net/http.Header).Set":
+		default:
+			return
+		}
+
+		if !code.IsCallToAST(pass, call.Args[0], "net/http.CanonicalHeaderKey") {
+			return
+		}
+
+		report.Report(pass, call,
+			fmt.Sprintf("calling net/http.CanonicalHeaderKey on the 'key' argument of %s is redundant", callName),
+			report.FilterGenerated(),
+			report.Fixes(edit.Fix("remove call to CanonicalHeaderKey", edit.ReplaceWithNode(pass.Fset, call.Args[0], call.Args[0].(*ast.CallExpr).Args[0]))))
+	}
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
+	return nil, nil
+}
+
+var checkUnnecessaryGuardQ = pattern.MustParse(`
+	(Or
+		(IfStmt
+			(AssignStmt [(Ident "_") ok@(Ident _)] ":=" indexexpr@(IndexExpr _ _))
+			ok
+			set@(AssignStmt indexexpr "=" (CallExpr (Builtin "append") indexexpr:values))
+			(AssignStmt indexexpr "=" (CompositeLit _ values)))
+		(IfStmt
+			(AssignStmt [(Ident "_") ok] ":=" indexexpr@(IndexExpr _ _))
+			ok
+			set@(AssignStmt indexexpr "+=" value)
+			(AssignStmt indexexpr "=" value))
+		(IfStmt
+			(AssignStmt [(Ident "_") ok] ":=" indexexpr@(IndexExpr _ _))
+			ok
+			set@(IncDecStmt indexexpr "++")
+			(AssignStmt indexexpr "=" (BasicLit "INT" "1"))))`)
+
+func CheckUnnecessaryGuard(pass *analysis.Pass) (interface{}, error) {
+	fn := func(node ast.Node) {
+		if m, ok := Match(pass, checkUnnecessaryGuardQ, node); ok {
+			if code.MayHaveSideEffects(pass, m.State["indexexpr"].(ast.Expr), nil) {
+				return
+			}
+			report.Report(pass, node, "unnecessary guard around map access",
+				report.ShortRange(),
+				report.Fixes(edit.Fix("simplify map access", edit.ReplaceWithNode(pass.Fset, node, m.State["set"].(ast.Node)))))
+		}
+	}
+	code.Preorder(pass, fn, (*ast.IfStmt)(nil))
+	return nil, nil
+}
+
+var (
+	checkElaborateSleepQ = pattern.MustParse(`(SelectStmt (CommClause (UnaryExpr "<-" (CallExpr (Function "time.After") [arg])) body))`)
+	checkElaborateSleepR = pattern.MustParse(`(CallExpr (SelectorExpr (Ident "time") (Ident "Sleep")) [arg])`)
+)
+
+func CheckElaborateSleep(pass *analysis.Pass) (interface{}, error) {
+	fn := func(node ast.Node) {
+		if m, ok := Match(pass, checkElaborateSleepQ, node); ok {
+			if body, ok := m.State["body"].([]ast.Stmt); ok && len(body) == 0 {
+				report.Report(pass, node, "should use time.Sleep instead of elaborate way of sleeping",
+					report.ShortRange(),
+					report.FilterGenerated(),
+					report.Fixes(edit.Fix("Use time.Sleep", edit.ReplaceWithPattern(pass, checkElaborateSleepR, m.State, node))))
+			} else {
+				// TODO(dh): we could make a suggested fix if the body
+				// doesn't declare or shadow any identifiers
+				report.Report(pass, node, "should use time.Sleep instead of elaborate way of sleeping",
+					report.ShortRange(),
+					report.FilterGenerated())
+			}
+		}
+	}
+	code.Preorder(pass, fn, (*ast.SelectStmt)(nil))
+	return nil, nil
+}
+
+var checkPrintSprintQ = pattern.MustParse(`
+	(Or
+		(CallExpr
+			fn@(Or
+				(Function "fmt.Print")
+				(Function "fmt.Sprint")
+				(Function "fmt.Println")
+				(Function "fmt.Sprintln"))
+			[(CallExpr (Function "fmt.Sprintf") f:_)])
+		(CallExpr
+			fn@(Or
+				(Function "fmt.Fprint")
+				(Function "fmt.Fprintln"))
+			[_ (CallExpr (Function "fmt.Sprintf") f:_)]))`)
+
+func CheckPrintSprintf(pass *analysis.Pass) (interface{}, error) {
+	fn := func(node ast.Node) {
+		m, ok := Match(pass, checkPrintSprintQ, node)
+		if !ok {
+			return
+		}
+
+		name := m.State["fn"].(*types.Func).Name()
+		var msg string
+		switch name {
+		case "Print", "Fprint", "Sprint":
+			newname := name + "f"
+			msg = fmt.Sprintf("should use fmt.%s instead of fmt.%s(fmt.Sprintf(...))", newname, name)
+		case "Println", "Fprintln", "Sprintln":
+			if _, ok := m.State["f"].(*ast.BasicLit); !ok {
+				// This may be an instance of
+				// fmt.Println(fmt.Sprintf(arg, ...)) where arg is an
+				// externally provided format string and the caller
+				// cannot guarantee that the format string ends with a
+				// newline.
+				return
+			}
+			newname := name[:len(name)-2] + "f"
+			msg = fmt.Sprintf("should use fmt.%s instead of fmt.%s(fmt.Sprintf(...)) (but don't forget the newline)", newname, name)
+		}
+		report.Report(pass, node, msg,
+			report.FilterGenerated())
+	}
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
+	return nil, nil
+}
+
+var checkSprintLiteralQ = pattern.MustParse(`
+	(CallExpr
+		fn@(Or
+			(Function "fmt.Sprint")
+			(Function "fmt.Sprintf"))
+		[lit@(BasicLit "STRING" _)])`)
+
+func CheckSprintLiteral(pass *analysis.Pass) (interface{}, error) {
+	// We only flag calls with string literals, not expressions of
+	// type string, because some people use fmt.Sprint(s) as a pattern
+	// for copying strings, which may be useful when extracing a small
+	// substring from a large string.
+	fn := func(node ast.Node) {
+		m, ok := Match(pass, checkSprintLiteralQ, node)
+		if !ok {
+			return
+		}
+		callee := m.State["fn"].(*types.Func)
+		lit := m.State["lit"].(*ast.BasicLit)
+		if callee.Name() == "Sprintf" {
+			if strings.ContainsRune(lit.Value, '%') {
+				// This might be a format string
+				return
+			}
+		}
+		report.Report(pass, node, fmt.Sprintf("unnecessary use of fmt.%s", callee.Name()),
+			report.FilterGenerated(),
+			report.Fixes(edit.Fix("Replace with string literal", edit.ReplaceWithNode(pass.Fset, node, lit))))
+	}
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
diff --git a/vendor/honnef.co/go/tools/ssa/lift.go b/vendor/honnef.co/go/tools/ssa/lift.go
deleted file mode 100644
index 531358fa..00000000
--- a/vendor/honnef.co/go/tools/ssa/lift.go
+++ /dev/null
@@ -1,657 +0,0 @@
-// Copyright 2013 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ssa
-
-// This file defines the lifting pass which tries to "lift" Alloc
-// cells (new/local variables) into SSA registers, replacing loads
-// with the dominating stored value, eliminating loads and stores, and
-// inserting φ-nodes as needed.
-
-// Cited papers and resources:
-//
-// Ron Cytron et al. 1991. Efficiently computing SSA form...
-// http://doi.acm.org/10.1145/115372.115320
-//
-// Cooper, Harvey, Kennedy.  2001.  A Simple, Fast Dominance Algorithm.
-// Software Practice and Experience 2001, 4:1-10.
-// http://www.hipersoft.rice.edu/grads/publications/dom14.pdf
-//
-// Daniel Berlin, llvmdev mailing list, 2012.
-// http://lists.cs.uiuc.edu/pipermail/llvmdev/2012-January/046638.html
-// (Be sure to expand the whole thread.)
-
-// TODO(adonovan): opt: there are many optimizations worth evaluating, and
-// the conventional wisdom for SSA construction is that a simple
-// algorithm well engineered often beats those of better asymptotic
-// complexity on all but the most egregious inputs.
-//
-// Danny Berlin suggests that the Cooper et al. algorithm for
-// computing the dominance frontier is superior to Cytron et al.
-// Furthermore he recommends that rather than computing the DF for the
-// whole function then renaming all alloc cells, it may be cheaper to
-// compute the DF for each alloc cell separately and throw it away.
-//
-// Consider exploiting liveness information to avoid creating dead
-// φ-nodes which we then immediately remove.
-//
-// Also see many other "TODO: opt" suggestions in the code.
-
-import (
-	"fmt"
-	"go/token"
-	"go/types"
-	"math/big"
-	"os"
-)
-
-// If true, show diagnostic information at each step of lifting.
-// Very verbose.
-const debugLifting = false
-
-// domFrontier maps each block to the set of blocks in its dominance
-// frontier.  The outer slice is conceptually a map keyed by
-// Block.Index.  The inner slice is conceptually a set, possibly
-// containing duplicates.
-//
-// TODO(adonovan): opt: measure impact of dups; consider a packed bit
-// representation, e.g. big.Int, and bitwise parallel operations for
-// the union step in the Children loop.
-//
-// domFrontier's methods mutate the slice's elements but not its
-// length, so their receivers needn't be pointers.
-//
-type domFrontier [][]*BasicBlock
-
-func (df domFrontier) add(u, v *BasicBlock) {
-	p := &df[u.Index]
-	*p = append(*p, v)
-}
-
-// build builds the dominance frontier df for the dominator (sub)tree
-// rooted at u, using the Cytron et al. algorithm.
-//
-// TODO(adonovan): opt: consider Berlin approach, computing pruned SSA
-// by pruning the entire IDF computation, rather than merely pruning
-// the DF -> IDF step.
-func (df domFrontier) build(u *BasicBlock) {
-	// Encounter each node u in postorder of dom tree.
-	for _, child := range u.dom.children {
-		df.build(child)
-	}
-	for _, vb := range u.Succs {
-		if v := vb.dom; v.idom != u {
-			df.add(u, vb)
-		}
-	}
-	for _, w := range u.dom.children {
-		for _, vb := range df[w.Index] {
-			// TODO(adonovan): opt: use word-parallel bitwise union.
-			if v := vb.dom; v.idom != u {
-				df.add(u, vb)
-			}
-		}
-	}
-}
-
-func buildDomFrontier(fn *Function) domFrontier {
-	df := make(domFrontier, len(fn.Blocks))
-	df.build(fn.Blocks[0])
-	if fn.Recover != nil {
-		df.build(fn.Recover)
-	}
-	return df
-}
-
-func removeInstr(refs []Instruction, instr Instruction) []Instruction {
-	i := 0
-	for _, ref := range refs {
-		if ref == instr {
-			continue
-		}
-		refs[i] = ref
-		i++
-	}
-	for j := i; j != len(refs); j++ {
-		refs[j] = nil // aid GC
-	}
-	return refs[:i]
-}
-
-// lift replaces local and new Allocs accessed only with
-// load/store by SSA registers, inserting φ-nodes where necessary.
-// The result is a program in classical pruned SSA form.
-//
-// Preconditions:
-// - fn has no dead blocks (blockopt has run).
-// - Def/use info (Operands and Referrers) is up-to-date.
-// - The dominator tree is up-to-date.
-//
-func lift(fn *Function) {
-	// TODO(adonovan): opt: lots of little optimizations may be
-	// worthwhile here, especially if they cause us to avoid
-	// buildDomFrontier.  For example:
-	//
-	// - Alloc never loaded?  Eliminate.
-	// - Alloc never stored?  Replace all loads with a zero constant.
-	// - Alloc stored once?  Replace loads with dominating store;
-	//   don't forget that an Alloc is itself an effective store
-	//   of zero.
-	// - Alloc used only within a single block?
-	//   Use degenerate algorithm avoiding φ-nodes.
-	// - Consider synergy with scalar replacement of aggregates (SRA).
-	//   e.g. *(&x.f) where x is an Alloc.
-	//   Perhaps we'd get better results if we generated this as x.f
-	//   i.e. Field(x, .f) instead of Load(FieldIndex(x, .f)).
-	//   Unclear.
-	//
-	// But we will start with the simplest correct code.
-	df := buildDomFrontier(fn)
-
-	if debugLifting {
-		title := false
-		for i, blocks := range df {
-			if blocks != nil {
-				if !title {
-					fmt.Fprintf(os.Stderr, "Dominance frontier of %s:\n", fn)
-					title = true
-				}
-				fmt.Fprintf(os.Stderr, "\t%s: %s\n", fn.Blocks[i], blocks)
-			}
-		}
-	}
-
-	newPhis := make(newPhiMap)
-
-	// During this pass we will replace some BasicBlock.Instrs
-	// (allocs, loads and stores) with nil, keeping a count in
-	// BasicBlock.gaps.  At the end we will reset Instrs to the
-	// concatenation of all non-dead newPhis and non-nil Instrs
-	// for the block, reusing the original array if space permits.
-
-	// While we're here, we also eliminate 'rundefers'
-	// instructions in functions that contain no 'defer'
-	// instructions.
-	usesDefer := false
-
-	// A counter used to generate ~unique ids for Phi nodes, as an
-	// aid to debugging.  We use large numbers to make them highly
-	// visible.  All nodes are renumbered later.
-	fresh := 1000
-
-	// Determine which allocs we can lift and number them densely.
-	// The renaming phase uses this numbering for compact maps.
-	numAllocs := 0
-	for _, b := range fn.Blocks {
-		b.gaps = 0
-		b.rundefers = 0
-		for _, instr := range b.Instrs {
-			switch instr := instr.(type) {
-			case *Alloc:
-				index := -1
-				if liftAlloc(df, instr, newPhis, &fresh) {
-					index = numAllocs
-					numAllocs++
-				}
-				instr.index = index
-			case *Defer:
-				usesDefer = true
-			case *RunDefers:
-				b.rundefers++
-			}
-		}
-	}
-
-	// renaming maps an alloc (keyed by index) to its replacement
-	// value.  Initially the renaming contains nil, signifying the
-	// zero constant of the appropriate type; we construct the
-	// Const lazily at most once on each path through the domtree.
-	// TODO(adonovan): opt: cache per-function not per subtree.
-	renaming := make([]Value, numAllocs)
-
-	// Renaming.
-	rename(fn.Blocks[0], renaming, newPhis)
-
-	// Eliminate dead φ-nodes.
-	removeDeadPhis(fn.Blocks, newPhis)
-
-	// Prepend remaining live φ-nodes to each block.
-	for _, b := range fn.Blocks {
-		nps := newPhis[b]
-		j := len(nps)
-
-		rundefersToKill := b.rundefers
-		if usesDefer {
-			rundefersToKill = 0
-		}
-
-		if j+b.gaps+rundefersToKill == 0 {
-			continue // fast path: no new phis or gaps
-		}
-
-		// Compact nps + non-nil Instrs into a new slice.
-		// TODO(adonovan): opt: compact in situ (rightwards)
-		// if Instrs has sufficient space or slack.
-		dst := make([]Instruction, len(b.Instrs)+j-b.gaps-rundefersToKill)
-		for i, np := range nps {
-			dst[i] = np.phi
-		}
-		for _, instr := range b.Instrs {
-			if instr == nil {
-				continue
-			}
-			if !usesDefer {
-				if _, ok := instr.(*RunDefers); ok {
-					continue
-				}
-			}
-			dst[j] = instr
-			j++
-		}
-		b.Instrs = dst
-	}
-
-	// Remove any fn.Locals that were lifted.
-	j := 0
-	for _, l := range fn.Locals {
-		if l.index < 0 {
-			fn.Locals[j] = l
-			j++
-		}
-	}
-	// Nil out fn.Locals[j:] to aid GC.
-	for i := j; i < len(fn.Locals); i++ {
-		fn.Locals[i] = nil
-	}
-	fn.Locals = fn.Locals[:j]
-}
-
-// removeDeadPhis removes φ-nodes not transitively needed by a
-// non-Phi, non-DebugRef instruction.
-func removeDeadPhis(blocks []*BasicBlock, newPhis newPhiMap) {
-	// First pass: find the set of "live" φ-nodes: those reachable
-	// from some non-Phi instruction.
-	//
-	// We compute reachability in reverse, starting from each φ,
-	// rather than forwards, starting from each live non-Phi
-	// instruction, because this way visits much less of the
-	// Value graph.
-	livePhis := make(map[*Phi]bool)
-	for _, npList := range newPhis {
-		for _, np := range npList {
-			phi := np.phi
-			if !livePhis[phi] && phiHasDirectReferrer(phi) {
-				markLivePhi(livePhis, phi)
-			}
-		}
-	}
-
-	// Existing φ-nodes due to && and || operators
-	// are all considered live (see Go issue 19622).
-	for _, b := range blocks {
-		for _, phi := range b.phis() {
-			markLivePhi(livePhis, phi.(*Phi))
-		}
-	}
-
-	// Second pass: eliminate unused phis from newPhis.
-	for block, npList := range newPhis {
-		j := 0
-		for _, np := range npList {
-			if livePhis[np.phi] {
-				npList[j] = np
-				j++
-			} else {
-				// discard it, first removing it from referrers
-				for _, val := range np.phi.Edges {
-					if refs := val.Referrers(); refs != nil {
-						*refs = removeInstr(*refs, np.phi)
-					}
-				}
-				np.phi.block = nil
-			}
-		}
-		newPhis[block] = npList[:j]
-	}
-}
-
-// markLivePhi marks phi, and all φ-nodes transitively reachable via
-// its Operands, live.
-func markLivePhi(livePhis map[*Phi]bool, phi *Phi) {
-	livePhis[phi] = true
-	for _, rand := range phi.Operands(nil) {
-		if q, ok := (*rand).(*Phi); ok {
-			if !livePhis[q] {
-				markLivePhi(livePhis, q)
-			}
-		}
-	}
-}
-
-// phiHasDirectReferrer reports whether phi is directly referred to by
-// a non-Phi instruction.  Such instructions are the
-// roots of the liveness traversal.
-func phiHasDirectReferrer(phi *Phi) bool {
-	for _, instr := range *phi.Referrers() {
-		if _, ok := instr.(*Phi); !ok {
-			return true
-		}
-	}
-	return false
-}
-
-type BlockSet struct{ big.Int } // (inherit methods from Int)
-
-// add adds b to the set and returns true if the set changed.
-func (s *BlockSet) Add(b *BasicBlock) bool {
-	i := b.Index
-	if s.Bit(i) != 0 {
-		return false
-	}
-	s.SetBit(&s.Int, i, 1)
-	return true
-}
-
-func (s *BlockSet) Has(b *BasicBlock) bool {
-	return s.Bit(b.Index) == 1
-}
-
-// take removes an arbitrary element from a set s and
-// returns its index, or returns -1 if empty.
-func (s *BlockSet) Take() int {
-	l := s.BitLen()
-	for i := 0; i < l; i++ {
-		if s.Bit(i) == 1 {
-			s.SetBit(&s.Int, i, 0)
-			return i
-		}
-	}
-	return -1
-}
-
-// newPhi is a pair of a newly introduced φ-node and the lifted Alloc
-// it replaces.
-type newPhi struct {
-	phi   *Phi
-	alloc *Alloc
-}
-
-// newPhiMap records for each basic block, the set of newPhis that
-// must be prepended to the block.
-type newPhiMap map[*BasicBlock][]newPhi
-
-// liftAlloc determines whether alloc can be lifted into registers,
-// and if so, it populates newPhis with all the φ-nodes it may require
-// and returns true.
-//
-// fresh is a source of fresh ids for phi nodes.
-//
-func liftAlloc(df domFrontier, alloc *Alloc, newPhis newPhiMap, fresh *int) bool {
-	// Don't lift aggregates into registers, because we don't have
-	// a way to express their zero-constants.
-	switch deref(alloc.Type()).Underlying().(type) {
-	case *types.Array, *types.Struct:
-		return false
-	}
-
-	// Don't lift named return values in functions that defer
-	// calls that may recover from panic.
-	if fn := alloc.Parent(); fn.Recover != nil {
-		for _, nr := range fn.namedResults {
-			if nr == alloc {
-				return false
-			}
-		}
-	}
-
-	// Compute defblocks, the set of blocks containing a
-	// definition of the alloc cell.
-	var defblocks BlockSet
-	for _, instr := range *alloc.Referrers() {
-		// Bail out if we discover the alloc is not liftable;
-		// the only operations permitted to use the alloc are
-		// loads/stores into the cell, and DebugRef.
-		switch instr := instr.(type) {
-		case *Store:
-			if instr.Val == alloc {
-				return false // address used as value
-			}
-			if instr.Addr != alloc {
-				panic("Alloc.Referrers is inconsistent")
-			}
-			defblocks.Add(instr.Block())
-		case *UnOp:
-			if instr.Op != token.MUL {
-				return false // not a load
-			}
-			if instr.X != alloc {
-				panic("Alloc.Referrers is inconsistent")
-			}
-		case *DebugRef:
-			// ok
-		default:
-			return false // some other instruction
-		}
-	}
-	// The Alloc itself counts as a (zero) definition of the cell.
-	defblocks.Add(alloc.Block())
-
-	if debugLifting {
-		fmt.Fprintln(os.Stderr, "\tlifting ", alloc, alloc.Name())
-	}
-
-	fn := alloc.Parent()
-
-	// Φ-insertion.
-	//
-	// What follows is the body of the main loop of the insert-φ
-	// function described by Cytron et al, but instead of using
-	// counter tricks, we just reset the 'hasAlready' and 'work'
-	// sets each iteration.  These are bitmaps so it's pretty cheap.
-	//
-	// TODO(adonovan): opt: recycle slice storage for W,
-	// hasAlready, defBlocks across liftAlloc calls.
-	var hasAlready BlockSet
-
-	// Initialize W and work to defblocks.
-	var work BlockSet = defblocks // blocks seen
-	var W BlockSet                // blocks to do
-	W.Set(&defblocks.Int)
-
-	// Traverse iterated dominance frontier, inserting φ-nodes.
-	for i := W.Take(); i != -1; i = W.Take() {
-		u := fn.Blocks[i]
-		for _, v := range df[u.Index] {
-			if hasAlready.Add(v) {
-				// Create φ-node.
-				// It will be prepended to v.Instrs later, if needed.
-				phi := &Phi{
-					Edges:   make([]Value, len(v.Preds)),
-					Comment: alloc.Comment,
-				}
-				// This is merely a debugging aid:
-				phi.setNum(*fresh)
-				*fresh++
-
-				phi.pos = alloc.Pos()
-				phi.setType(deref(alloc.Type()))
-				phi.block = v
-				if debugLifting {
-					fmt.Fprintf(os.Stderr, "\tplace %s = %s at block %s\n", phi.Name(), phi, v)
-				}
-				newPhis[v] = append(newPhis[v], newPhi{phi, alloc})
-
-				if work.Add(v) {
-					W.Add(v)
-				}
-			}
-		}
-	}
-
-	return true
-}
-
-// replaceAll replaces all intraprocedural uses of x with y,
-// updating x.Referrers and y.Referrers.
-// Precondition: x.Referrers() != nil, i.e. x must be local to some function.
-//
-func replaceAll(x, y Value) {
-	var rands []*Value
-	pxrefs := x.Referrers()
-	pyrefs := y.Referrers()
-	for _, instr := range *pxrefs {
-		rands = instr.Operands(rands[:0]) // recycle storage
-		for _, rand := range rands {
-			if *rand != nil {
-				if *rand == x {
-					*rand = y
-				}
-			}
-		}
-		if pyrefs != nil {
-			*pyrefs = append(*pyrefs, instr) // dups ok
-		}
-	}
-	*pxrefs = nil // x is now unreferenced
-}
-
-// renamed returns the value to which alloc is being renamed,
-// constructing it lazily if it's the implicit zero initialization.
-//
-func renamed(renaming []Value, alloc *Alloc) Value {
-	v := renaming[alloc.index]
-	if v == nil {
-		v = zeroConst(deref(alloc.Type()))
-		renaming[alloc.index] = v
-	}
-	return v
-}
-
-// rename implements the (Cytron et al) SSA renaming algorithm, a
-// preorder traversal of the dominator tree replacing all loads of
-// Alloc cells with the value stored to that cell by the dominating
-// store instruction.  For lifting, we need only consider loads,
-// stores and φ-nodes.
-//
-// renaming is a map from *Alloc (keyed by index number) to its
-// dominating stored value; newPhis[x] is the set of new φ-nodes to be
-// prepended to block x.
-//
-func rename(u *BasicBlock, renaming []Value, newPhis newPhiMap) {
-	// Each φ-node becomes the new name for its associated Alloc.
-	for _, np := range newPhis[u] {
-		phi := np.phi
-		alloc := np.alloc
-		renaming[alloc.index] = phi
-	}
-
-	// Rename loads and stores of allocs.
-	for i, instr := range u.Instrs {
-		switch instr := instr.(type) {
-		case *Alloc:
-			if instr.index >= 0 { // store of zero to Alloc cell
-				// Replace dominated loads by the zero value.
-				renaming[instr.index] = nil
-				if debugLifting {
-					fmt.Fprintf(os.Stderr, "\tkill alloc %s\n", instr)
-				}
-				// Delete the Alloc.
-				u.Instrs[i] = nil
-				u.gaps++
-			}
-
-		case *Store:
-			if alloc, ok := instr.Addr.(*Alloc); ok && alloc.index >= 0 { // store to Alloc cell
-				// Replace dominated loads by the stored value.
-				renaming[alloc.index] = instr.Val
-				if debugLifting {
-					fmt.Fprintf(os.Stderr, "\tkill store %s; new value: %s\n",
-						instr, instr.Val.Name())
-				}
-				// Remove the store from the referrer list of the stored value.
-				if refs := instr.Val.Referrers(); refs != nil {
-					*refs = removeInstr(*refs, instr)
-				}
-				// Delete the Store.
-				u.Instrs[i] = nil
-				u.gaps++
-			}
-
-		case *UnOp:
-			if instr.Op == token.MUL {
-				if alloc, ok := instr.X.(*Alloc); ok && alloc.index >= 0 { // load of Alloc cell
-					newval := renamed(renaming, alloc)
-					if debugLifting {
-						fmt.Fprintf(os.Stderr, "\tupdate load %s = %s with %s\n",
-							instr.Name(), instr, newval.Name())
-					}
-					// Replace all references to
-					// the loaded value by the
-					// dominating stored value.
-					replaceAll(instr, newval)
-					// Delete the Load.
-					u.Instrs[i] = nil
-					u.gaps++
-				}
-			}
-
-		case *DebugRef:
-			if alloc, ok := instr.X.(*Alloc); ok && alloc.index >= 0 { // ref of Alloc cell
-				if instr.IsAddr {
-					instr.X = renamed(renaming, alloc)
-					instr.IsAddr = false
-
-					// Add DebugRef to instr.X's referrers.
-					if refs := instr.X.Referrers(); refs != nil {
-						*refs = append(*refs, instr)
-					}
-				} else {
-					// A source expression denotes the address
-					// of an Alloc that was optimized away.
-					instr.X = nil
-
-					// Delete the DebugRef.
-					u.Instrs[i] = nil
-					u.gaps++
-				}
-			}
-		}
-	}
-
-	// For each φ-node in a CFG successor, rename the edge.
-	for _, v := range u.Succs {
-		phis := newPhis[v]
-		if len(phis) == 0 {
-			continue
-		}
-		i := v.predIndex(u)
-		for _, np := range phis {
-			phi := np.phi
-			alloc := np.alloc
-			newval := renamed(renaming, alloc)
-			if debugLifting {
-				fmt.Fprintf(os.Stderr, "\tsetphi %s edge %s -> %s (#%d) (alloc=%s) := %s\n",
-					phi.Name(), u, v, i, alloc.Name(), newval.Name())
-			}
-			phi.Edges[i] = newval
-			if prefs := newval.Referrers(); prefs != nil {
-				*prefs = append(*prefs, phi)
-			}
-		}
-	}
-
-	// Continue depth-first recursion over domtree, pushing a
-	// fresh copy of the renaming map for each subtree.
-	for i, v := range u.dom.children {
-		r := renaming
-		if i < len(u.dom.children)-1 {
-			// On all but the final iteration, we must make
-			// a copy to avoid destructive update.
-			r = make([]Value, len(renaming))
-			copy(r, renaming)
-		}
-		rename(v, r, newPhis)
-	}
-
-}
diff --git a/vendor/honnef.co/go/tools/ssa/testmain.go b/vendor/honnef.co/go/tools/ssa/testmain.go
deleted file mode 100644
index 8ec15ba5..00000000
--- a/vendor/honnef.co/go/tools/ssa/testmain.go
+++ /dev/null
@@ -1,271 +0,0 @@
-// Copyright 2013 The Go Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-package ssa
-
-// CreateTestMainPackage synthesizes a main package that runs all the
-// tests of the supplied packages.
-// It is closely coupled to $GOROOT/src/cmd/go/test.go and $GOROOT/src/testing.
-//
-// TODO(adonovan): throws this all away now that x/tools/go/packages
-// provides access to the actual synthetic test main files.
-
-import (
-	"bytes"
-	"fmt"
-	"go/ast"
-	"go/parser"
-	"go/types"
-	"log"
-	"os"
-	"strings"
-	"text/template"
-)
-
-// FindTests returns the Test, Benchmark, and Example functions
-// (as defined by "go test") defined in the specified package,
-// and its TestMain function, if any.
-//
-// Deprecated: use x/tools/go/packages to access synthetic testmain packages.
-func FindTests(pkg *Package) (tests, benchmarks, examples []*Function, main *Function) {
-	prog := pkg.Prog
-
-	// The first two of these may be nil: if the program doesn't import "testing",
-	// it can't contain any tests, but it may yet contain Examples.
-	var testSig *types.Signature                              // func(*testing.T)
-	var benchmarkSig *types.Signature                         // func(*testing.B)
-	var exampleSig = types.NewSignature(nil, nil, nil, false) // func()
-
-	// Obtain the types from the parameters of testing.MainStart.
-	if testingPkg := prog.ImportedPackage("testing"); testingPkg != nil {
-		mainStart := testingPkg.Func("MainStart")
-		params := mainStart.Signature.Params()
-		testSig = funcField(params.At(1).Type())
-		benchmarkSig = funcField(params.At(2).Type())
-
-		// Does the package define this function?
-		//   func TestMain(*testing.M)
-		if f := pkg.Func("TestMain"); f != nil {
-			sig := f.Type().(*types.Signature)
-			starM := mainStart.Signature.Results().At(0).Type() // *testing.M
-			if sig.Results().Len() == 0 &&
-				sig.Params().Len() == 1 &&
-				types.Identical(sig.Params().At(0).Type(), starM) {
-				main = f
-			}
-		}
-	}
-
-	// TODO(adonovan): use a stable order, e.g. lexical.
-	for _, mem := range pkg.Members {
-		if f, ok := mem.(*Function); ok &&
-			ast.IsExported(f.Name()) &&
-			strings.HasSuffix(prog.Fset.Position(f.Pos()).Filename, "_test.go") {
-
-			switch {
-			case testSig != nil && isTestSig(f, "Test", testSig):
-				tests = append(tests, f)
-			case benchmarkSig != nil && isTestSig(f, "Benchmark", benchmarkSig):
-				benchmarks = append(benchmarks, f)
-			case isTestSig(f, "Example", exampleSig):
-				examples = append(examples, f)
-			default:
-				continue
-			}
-		}
-	}
-	return
-}
-
-// Like isTest, but checks the signature too.
-func isTestSig(f *Function, prefix string, sig *types.Signature) bool {
-	return isTest(f.Name(), prefix) && types.Identical(f.Signature, sig)
-}
-
-// Given the type of one of the three slice parameters of testing.Main,
-// returns the function type.
-func funcField(slice types.Type) *types.Signature {
-	return slice.(*types.Slice).Elem().Underlying().(*types.Struct).Field(1).Type().(*types.Signature)
-}
-
-// isTest tells whether name looks like a test (or benchmark, according to prefix).
-// It is a Test (say) if there is a character after Test that is not a lower-case letter.
-// We don't want TesticularCancer.
-// Plundered from $GOROOT/src/cmd/go/test.go
-func isTest(name, prefix string) bool {
-	if !strings.HasPrefix(name, prefix) {
-		return false
-	}
-	if len(name) == len(prefix) { // "Test" is ok
-		return true
-	}
-	return ast.IsExported(name[len(prefix):])
-}
-
-// CreateTestMainPackage creates and returns a synthetic "testmain"
-// package for the specified package if it defines tests, benchmarks or
-// executable examples, or nil otherwise.  The new package is named
-// "main" and provides a function named "main" that runs the tests,
-// similar to the one that would be created by the 'go test' tool.
-//
-// Subsequent calls to prog.AllPackages include the new package.
-// The package pkg must belong to the program prog.
-//
-// Deprecated: use x/tools/go/packages to access synthetic testmain packages.
-func (prog *Program) CreateTestMainPackage(pkg *Package) *Package {
-	if pkg.Prog != prog {
-		log.Fatal("Package does not belong to Program")
-	}
-
-	// Template data
-	var data struct {
-		Pkg                         *Package
-		Tests, Benchmarks, Examples []*Function
-		Main                        *Function
-		Go18                        bool
-	}
-	data.Pkg = pkg
-
-	// Enumerate tests.
-	data.Tests, data.Benchmarks, data.Examples, data.Main = FindTests(pkg)
-	if data.Main == nil &&
-		data.Tests == nil && data.Benchmarks == nil && data.Examples == nil {
-		return nil
-	}
-
-	// Synthesize source for testmain package.
-	path := pkg.Pkg.Path() + "$testmain"
-	tmpl := testmainTmpl
-	if testingPkg := prog.ImportedPackage("testing"); testingPkg != nil {
-		// In Go 1.8, testing.MainStart's first argument is an interface, not a func.
-		data.Go18 = types.IsInterface(testingPkg.Func("MainStart").Signature.Params().At(0).Type())
-	} else {
-		// The program does not import "testing", but FindTests
-		// returned non-nil, which must mean there were Examples
-		// but no Test, Benchmark, or TestMain functions.
-
-		// We'll simply call them from testmain.main; this will
-		// ensure they don't panic, but will not check any
-		// "Output:" comments.
-		// (We should not execute an Example that has no
-		// "Output:" comment, but it's impossible to tell here.)
-		tmpl = examplesOnlyTmpl
-	}
-	var buf bytes.Buffer
-	if err := tmpl.Execute(&buf, data); err != nil {
-		log.Fatalf("internal error expanding template for %s: %v", path, err)
-	}
-	if false { // debugging
-		fmt.Fprintln(os.Stderr, buf.String())
-	}
-
-	// Parse and type-check the testmain package.
-	f, err := parser.ParseFile(prog.Fset, path+".go", &buf, parser.Mode(0))
-	if err != nil {
-		log.Fatalf("internal error parsing %s: %v", path, err)
-	}
-	conf := types.Config{
-		DisableUnusedImportCheck: true,
-		Importer:                 importer{pkg},
-	}
-	files := []*ast.File{f}
-	info := &types.Info{
-		Types:      make(map[ast.Expr]types.TypeAndValue),
-		Defs:       make(map[*ast.Ident]types.Object),
-		Uses:       make(map[*ast.Ident]types.Object),
-		Implicits:  make(map[ast.Node]types.Object),
-		Scopes:     make(map[ast.Node]*types.Scope),
-		Selections: make(map[*ast.SelectorExpr]*types.Selection),
-	}
-	testmainPkg, err := conf.Check(path, prog.Fset, files, info)
-	if err != nil {
-		log.Fatalf("internal error type-checking %s: %v", path, err)
-	}
-
-	// Create and build SSA code.
-	testmain := prog.CreatePackage(testmainPkg, files, info, false)
-	testmain.SetDebugMode(false)
-	testmain.Build()
-	testmain.Func("main").Synthetic = "test main function"
-	testmain.Func("init").Synthetic = "package initializer"
-	return testmain
-}
-
-// An implementation of types.Importer for an already loaded SSA program.
-type importer struct {
-	pkg *Package // package under test; may be non-importable
-}
-
-func (imp importer) Import(path string) (*types.Package, error) {
-	if p := imp.pkg.Prog.ImportedPackage(path); p != nil {
-		return p.Pkg, nil
-	}
-	if path == imp.pkg.Pkg.Path() {
-		return imp.pkg.Pkg, nil
-	}
-	return nil, fmt.Errorf("not found") // can't happen
-}
-
-var testmainTmpl = template.Must(template.New("testmain").Parse(`
-package main
-
-import "io"
-import "os"
-import "testing"
-import p {{printf "%q" .Pkg.Pkg.Path}}
-
-{{if .Go18}}
-type deps struct{}
-
-func (deps) ImportPath() string { return "" }
-func (deps) MatchString(pat, str string) (bool, error) { return true, nil }
-func (deps) StartCPUProfile(io.Writer) error { return nil }
-func (deps) StartTestLog(io.Writer) {}
-func (deps) StopCPUProfile() {}
-func (deps) StopTestLog() error { return nil }
-func (deps) WriteHeapProfile(io.Writer) error { return nil }
-func (deps) WriteProfileTo(string, io.Writer, int) error { return nil }
-
-var match deps
-{{else}}
-func match(_, _ string) (bool, error) { return true, nil }
-{{end}}
-
-func main() {
-	tests := []testing.InternalTest{
-{{range .Tests}}
-		{ {{printf "%q" .Name}}, p.{{.Name}} },
-{{end}}
-	}
-	benchmarks := []testing.InternalBenchmark{
-{{range .Benchmarks}}
-		{ {{printf "%q" .Name}}, p.{{.Name}} },
-{{end}}
-	}
-	examples := []testing.InternalExample{
-{{range .Examples}}
-		{Name: {{printf "%q" .Name}}, F: p.{{.Name}}},
-{{end}}
-	}
-	m := testing.MainStart(match, tests, benchmarks, examples)
-{{with .Main}}
-	p.{{.Name}}(m)
-{{else}}
-	os.Exit(m.Run())
-{{end}}
-}
-
-`))
-
-var examplesOnlyTmpl = template.Must(template.New("examples").Parse(`
-package main
-
-import p {{printf "%q" .Pkg.Pkg.Path}}
-
-func main() {
-{{range .Examples}}
-	p.{{.Name}}()
-{{end}}
-}
-`))
diff --git a/vendor/honnef.co/go/tools/ssa/write.go b/vendor/honnef.co/go/tools/ssa/write.go
deleted file mode 100644
index 89761a18..00000000
--- a/vendor/honnef.co/go/tools/ssa/write.go
+++ /dev/null
@@ -1,5 +0,0 @@
-package ssa
-
-func NewJump(parent *BasicBlock) *Jump {
-	return &Jump{anInstruction{parent}}
-}
diff --git a/vendor/honnef.co/go/tools/ssautil/ssautil.go b/vendor/honnef.co/go/tools/ssautil/ssautil.go
deleted file mode 100644
index 72c3c919..00000000
--- a/vendor/honnef.co/go/tools/ssautil/ssautil.go
+++ /dev/null
@@ -1,58 +0,0 @@
-package ssautil
-
-import (
-	"honnef.co/go/tools/ssa"
-)
-
-func Reachable(from, to *ssa.BasicBlock) bool {
-	if from == to {
-		return true
-	}
-	if from.Dominates(to) {
-		return true
-	}
-
-	found := false
-	Walk(from, func(b *ssa.BasicBlock) bool {
-		if b == to {
-			found = true
-			return false
-		}
-		return true
-	})
-	return found
-}
-
-func Walk(b *ssa.BasicBlock, fn func(*ssa.BasicBlock) bool) {
-	seen := map[*ssa.BasicBlock]bool{}
-	wl := []*ssa.BasicBlock{b}
-	for len(wl) > 0 {
-		b := wl[len(wl)-1]
-		wl = wl[:len(wl)-1]
-		if seen[b] {
-			continue
-		}
-		seen[b] = true
-		if !fn(b) {
-			continue
-		}
-		wl = append(wl, b.Succs...)
-	}
-}
-
-func Vararg(x *ssa.Slice) ([]ssa.Value, bool) {
-	var out []ssa.Value
-	slice, ok := x.X.(*ssa.Alloc)
-	if !ok || slice.Comment != "varargs" {
-		return nil, false
-	}
-	for _, ref := range *slice.Referrers() {
-		idx, ok := ref.(*ssa.IndexAddr)
-		if !ok {
-			continue
-		}
-		v := (*idx.Referrers())[0].(*ssa.Store).Val
-		out = append(out, v)
-	}
-	return out, true
-}
diff --git a/vendor/honnef.co/go/tools/staticcheck/CONTRIBUTING.md b/vendor/honnef.co/go/tools/staticcheck/CONTRIBUTING.md
deleted file mode 100644
index b12c7afc..00000000
--- a/vendor/honnef.co/go/tools/staticcheck/CONTRIBUTING.md
+++ /dev/null
@@ -1,15 +0,0 @@
-# Contributing to staticcheck
-
-## Before filing an issue:
-
-### Are you having trouble building staticcheck?
-
-Check you have the latest version of its dependencies. Run
-```
-go get -u honnef.co/go/tools/staticcheck
-```
-If you still have problems, consider searching for existing issues before filing a new issue.
-
-## Before sending a pull request:
-
-Have you understood the purpose of staticcheck? Make sure to carefully read `README`.
diff --git a/vendor/honnef.co/go/tools/staticcheck/analysis.go b/vendor/honnef.co/go/tools/staticcheck/analysis.go
index 442aebe5..75df1e12 100644
--- a/vendor/honnef.co/go/tools/staticcheck/analysis.go
+++ b/vendor/honnef.co/go/tools/staticcheck/analysis.go
@@ -1,525 +1,267 @@
 package staticcheck
 
 import (
-	"flag"
-
 	"honnef.co/go/tools/facts"
-	"honnef.co/go/tools/internal/passes/buildssa"
+	"honnef.co/go/tools/internal/passes/buildir"
 	"honnef.co/go/tools/lint/lintutil"
 
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/analysis/passes/inspect"
 )
 
-func newFlagSet() flag.FlagSet {
-	fs := flag.NewFlagSet("", flag.PanicOnError)
-	fs.Var(lintutil.NewVersionFlag(), "go", "Target Go version")
-	return *fs
+func makeCallCheckerAnalyzer(rules map[string]CallCheck, extraReqs ...*analysis.Analyzer) *analysis.Analyzer {
+	reqs := []*analysis.Analyzer{buildir.Analyzer, facts.TokenFile}
+	reqs = append(reqs, extraReqs...)
+	return &analysis.Analyzer{
+		Run:      callChecker(rules),
+		Requires: reqs,
+	}
 }
 
-var Analyzers = map[string]*analysis.Analyzer{
-	"SA1000": {
-		Name:     "SA1000",
-		Run:      callChecker(checkRegexpRules),
-		Doc:      Docs["SA1000"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
-	},
+var Analyzers = lintutil.InitializeAnalyzers(Docs, map[string]*analysis.Analyzer{
+	"SA1000": makeCallCheckerAnalyzer(checkRegexpRules),
 	"SA1001": {
-		Name:     "SA1001",
 		Run:      CheckTemplate,
-		Doc:      Docs["SA1001"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
-	},
-	"SA1002": {
-		Name:     "SA1002",
-		Run:      callChecker(checkTimeParseRules),
-		Doc:      Docs["SA1002"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
-	},
-	"SA1003": {
-		Name:     "SA1003",
-		Run:      callChecker(checkEncodingBinaryRules),
-		Doc:      Docs["SA1003"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
 	},
+	"SA1002": makeCallCheckerAnalyzer(checkTimeParseRules),
+	"SA1003": makeCallCheckerAnalyzer(checkEncodingBinaryRules),
 	"SA1004": {
-		Name:     "SA1004",
 		Run:      CheckTimeSleepConstant,
-		Doc:      Docs["SA1004"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA1005": {
-		Name:     "SA1005",
 		Run:      CheckExec,
-		Doc:      Docs["SA1005"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA1006": {
-		Name:     "SA1006",
 		Run:      CheckUnsafePrintf,
-		Doc:      Docs["SA1006"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
-	},
-	"SA1007": {
-		Name:     "SA1007",
-		Run:      callChecker(checkURLsRules),
-		Doc:      Docs["SA1007"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
 	},
+	"SA1007": makeCallCheckerAnalyzer(checkURLsRules),
 	"SA1008": {
-		Name:     "SA1008",
 		Run:      CheckCanonicalHeaderKey,
-		Doc:      Docs["SA1008"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
-	},
-	"SA1010": {
-		Name:     "SA1010",
-		Run:      callChecker(checkRegexpFindAllRules),
-		Doc:      Docs["SA1010"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
-	},
-	"SA1011": {
-		Name:     "SA1011",
-		Run:      callChecker(checkUTF8CutsetRules),
-		Doc:      Docs["SA1011"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
 	},
+	"SA1010": makeCallCheckerAnalyzer(checkRegexpFindAllRules),
+	"SA1011": makeCallCheckerAnalyzer(checkUTF8CutsetRules),
 	"SA1012": {
-		Name:     "SA1012",
 		Run:      CheckNilContext,
-		Doc:      Docs["SA1012"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA1013": {
-		Name:     "SA1013",
 		Run:      CheckSeeker,
-		Doc:      Docs["SA1013"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
-	},
-	"SA1014": {
-		Name:     "SA1014",
-		Run:      callChecker(checkUnmarshalPointerRules),
-		Doc:      Docs["SA1014"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
 	},
+	"SA1014": makeCallCheckerAnalyzer(checkUnmarshalPointerRules),
 	"SA1015": {
-		Name:     "SA1015",
 		Run:      CheckLeakyTimeTick,
-		Doc:      Docs["SA1015"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
 	"SA1016": {
-		Name:     "SA1016",
 		Run:      CheckUntrappableSignal,
-		Doc:      Docs["SA1016"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
-	},
-	"SA1017": {
-		Name:     "SA1017",
-		Run:      callChecker(checkUnbufferedSignalChanRules),
-		Doc:      Docs["SA1017"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
-	},
-	"SA1018": {
-		Name:     "SA1018",
-		Run:      callChecker(checkStringsReplaceZeroRules),
-		Doc:      Docs["SA1018"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
 	},
+	"SA1017": makeCallCheckerAnalyzer(checkUnbufferedSignalChanRules),
+	"SA1018": makeCallCheckerAnalyzer(checkStringsReplaceZeroRules),
 	"SA1019": {
-		Name:     "SA1019",
 		Run:      CheckDeprecated,
-		Doc:      Docs["SA1019"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Deprecated},
-		Flags:    newFlagSet(),
-	},
-	"SA1020": {
-		Name:     "SA1020",
-		Run:      callChecker(checkListenAddressRules),
-		Doc:      Docs["SA1020"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
-	},
-	"SA1021": {
-		Name:     "SA1021",
-		Run:      callChecker(checkBytesEqualIPRules),
-		Doc:      Docs["SA1021"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
 	},
+	"SA1020": makeCallCheckerAnalyzer(checkListenAddressRules),
+	"SA1021": makeCallCheckerAnalyzer(checkBytesEqualIPRules),
 	"SA1023": {
-		Name:     "SA1023",
 		Run:      CheckWriterBufferModified,
-		Doc:      Docs["SA1023"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
-	},
-	"SA1024": {
-		Name:     "SA1024",
-		Run:      callChecker(checkUniqueCutsetRules),
-		Doc:      Docs["SA1024"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
+	"SA1024": makeCallCheckerAnalyzer(checkUniqueCutsetRules),
 	"SA1025": {
-		Name:     "SA1025",
 		Run:      CheckTimerResetReturnValue,
-		Doc:      Docs["SA1025"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
-	},
-	"SA1026": {
-		Name:     "SA1026",
-		Run:      callChecker(checkUnsupportedMarshal),
-		Doc:      Docs["SA1026"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
-	},
-	"SA1027": {
-		Name:     "SA1027",
-		Run:      callChecker(checkAtomicAlignment),
-		Doc:      Docs["SA1027"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
+	"SA1026": makeCallCheckerAnalyzer(checkUnsupportedMarshal),
+	"SA1027": makeCallCheckerAnalyzer(checkAtomicAlignment),
+	"SA1028": makeCallCheckerAnalyzer(checkSortSliceRules),
+	"SA1029": makeCallCheckerAnalyzer(checkWithValueKeyRules),
 
 	"SA2000": {
-		Name:     "SA2000",
 		Run:      CheckWaitgroupAdd,
-		Doc:      Docs["SA2000"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA2001": {
-		Name:     "SA2001",
 		Run:      CheckEmptyCriticalSection,
-		Doc:      Docs["SA2001"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA2002": {
-		Name:     "SA2002",
 		Run:      CheckConcurrentTesting,
-		Doc:      Docs["SA2002"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
 	"SA2003": {
-		Name:     "SA2003",
 		Run:      CheckDeferLock,
-		Doc:      Docs["SA2003"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
 
 	"SA3000": {
-		Name:     "SA3000",
 		Run:      CheckTestMainExit,
-		Doc:      Docs["SA3000"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA3001": {
-		Name:     "SA3001",
 		Run:      CheckBenchmarkN,
-		Doc:      Docs["SA3001"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 
 	"SA4000": {
-		Name:     "SA4000",
 		Run:      CheckLhsRhsIdentical,
-		Doc:      Docs["SA4000"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.TokenFile, facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"SA4001": {
-		Name:     "SA4001",
 		Run:      CheckIneffectiveCopy,
-		Doc:      Docs["SA4001"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
-	},
-	"SA4002": {
-		Name:     "SA4002",
-		Run:      CheckDiffSizeComparison,
-		Doc:      Docs["SA4002"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA4003": {
-		Name:     "SA4003",
 		Run:      CheckExtremeComparison,
-		Doc:      Docs["SA4003"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA4004": {
-		Name:     "SA4004",
 		Run:      CheckIneffectiveLoop,
-		Doc:      Docs["SA4004"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA4006": {
-		Name:     "SA4006",
 		Run:      CheckUnreadVariableValues,
-		Doc:      Docs["SA4006"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer, facts.Generated},
 	},
 	"SA4008": {
-		Name:     "SA4008",
 		Run:      CheckLoopCondition,
-		Doc:      Docs["SA4008"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
 	"SA4009": {
-		Name:     "SA4009",
 		Run:      CheckArgOverwritten,
-		Doc:      Docs["SA4009"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
 	"SA4010": {
-		Name:     "SA4010",
 		Run:      CheckIneffectiveAppend,
-		Doc:      Docs["SA4010"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
 	"SA4011": {
-		Name:     "SA4011",
 		Run:      CheckScopedBreak,
-		Doc:      Docs["SA4011"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA4012": {
-		Name:     "SA4012",
 		Run:      CheckNaNComparison,
-		Doc:      Docs["SA4012"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
 	"SA4013": {
-		Name:     "SA4013",
 		Run:      CheckDoubleNegation,
-		Doc:      Docs["SA4013"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA4014": {
-		Name:     "SA4014",
 		Run:      CheckRepeatedIfElse,
-		Doc:      Docs["SA4014"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
-	},
-	"SA4015": {
-		Name:     "SA4015",
-		Run:      callChecker(checkMathIntRules),
-		Doc:      Docs["SA4015"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
 	},
+	"SA4015": makeCallCheckerAnalyzer(checkMathIntRules),
 	"SA4016": {
-		Name:     "SA4016",
 		Run:      CheckSillyBitwiseOps,
-		Doc:      Docs["SA4016"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, facts.TokenFile},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.TokenFile},
 	},
 	"SA4017": {
-		Name:     "SA4017",
 		Run:      CheckPureFunctions,
-		Doc:      Docs["SA4017"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, facts.Purity},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer, facts.Purity},
 	},
 	"SA4018": {
-		Name:     "SA4018",
 		Run:      CheckSelfAssignment,
-		Doc:      Docs["SA4018"].String(),
-		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated, facts.TokenFile},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated, facts.TokenFile, facts.Purity},
 	},
 	"SA4019": {
-		Name:     "SA4019",
 		Run:      CheckDuplicateBuildConstraints,
-		Doc:      Docs["SA4019"].String(),
 		Requires: []*analysis.Analyzer{facts.Generated},
-		Flags:    newFlagSet(),
 	},
 	"SA4020": {
-		Name:     "SA4020",
 		Run:      CheckUnreachableTypeCases,
-		Doc:      Docs["SA4020"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA4021": {
-		Name:     "SA4021",
 		Run:      CheckSingleArgAppend,
-		Doc:      Docs["SA4021"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated, facts.TokenFile},
-		Flags:    newFlagSet(),
 	},
 
 	"SA5000": {
-		Name:     "SA5000",
 		Run:      CheckNilMaps,
-		Doc:      Docs["SA5000"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
 	"SA5001": {
-		Name:     "SA5001",
 		Run:      CheckEarlyDefer,
-		Doc:      Docs["SA5001"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA5002": {
-		Name:     "SA5002",
 		Run:      CheckInfiniteEmptyLoop,
-		Doc:      Docs["SA5002"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA5003": {
-		Name:     "SA5003",
 		Run:      CheckDeferInInfiniteLoop,
-		Doc:      Docs["SA5003"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA5004": {
-		Name:     "SA5004",
 		Run:      CheckLoopEmptyDefault,
-		Doc:      Docs["SA5004"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA5005": {
-		Name:     "SA5005",
 		Run:      CheckCyclicFinalizer,
-		Doc:      Docs["SA5005"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
 	"SA5007": {
-		Name:     "SA5007",
 		Run:      CheckInfiniteRecursion,
-		Doc:      Docs["SA5007"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
 	"SA5008": {
-		Name:     "SA5008",
 		Run:      CheckStructTags,
-		Doc:      Docs["SA5008"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
-	"SA5009": {
-		Name:     "SA5009",
-		Run:      callChecker(checkPrintfRules),
-		Doc:      Docs["SA5009"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
+	"SA5009": makeCallCheckerAnalyzer(checkPrintfRules),
+	"SA5010": {
+		Run:      CheckImpossibleTypeAssertion,
+		Requires: []*analysis.Analyzer{buildir.Analyzer, facts.TokenFile},
+	},
+	"SA5011": {
+		Run:      CheckMaybeNil,
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
 
-	"SA6000": {
-		Name:     "SA6000",
-		Run:      callChecker(checkRegexpMatchLoopRules),
-		Doc:      Docs["SA6000"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
-	},
+	"SA6000": makeCallCheckerAnalyzer(checkRegexpMatchLoopRules),
 	"SA6001": {
-		Name:     "SA6001",
 		Run:      CheckMapBytesKey,
-		Doc:      Docs["SA6001"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
-	},
-	"SA6002": {
-		Name:     "SA6002",
-		Run:      callChecker(checkSyncPoolValueRules),
-		Doc:      Docs["SA6002"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
+	"SA6002": makeCallCheckerAnalyzer(checkSyncPoolValueRules),
 	"SA6003": {
-		Name:     "SA6003",
 		Run:      CheckRangeStringRunes,
-		Doc:      Docs["SA6003"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
 	"SA6005": {
-		Name:     "SA6005",
 		Run:      CheckToLowerToUpperComparison,
-		Doc:      Docs["SA6005"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 
 	"SA9001": {
-		Name:     "SA9001",
 		Run:      CheckDubiousDeferInChannelRangeLoop,
-		Doc:      Docs["SA9001"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA9002": {
-		Name:     "SA9002",
 		Run:      CheckNonOctalFileMode,
-		Doc:      Docs["SA9002"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"SA9003": {
-		Name:     "SA9003",
 		Run:      CheckEmptyBranch,
-		Doc:      Docs["SA9003"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, facts.TokenFile, facts.Generated},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer, facts.TokenFile, facts.Generated},
 	},
 	"SA9004": {
-		Name:     "SA9004",
 		Run:      CheckMissingEnumTypesInDeclaration,
-		Doc:      Docs["SA9004"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	// Filtering generated code because it may include empty structs generated from data models.
-	"SA9005": {
-		Name:     "SA9005",
-		Run:      callChecker(checkNoopMarshal),
-		Doc:      Docs["SA9005"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, valueRangesAnalyzer, facts.Generated, facts.TokenFile},
-		Flags:    newFlagSet(),
+	"SA9005": makeCallCheckerAnalyzer(checkNoopMarshal, facts.Generated),
+
+	"SA4022": {
+		Run:      CheckAddressIsNil,
+		Requires: []*analysis.Analyzer{inspect.Analyzer},
 	},
-}
+})
diff --git a/vendor/honnef.co/go/tools/staticcheck/buildtag.go b/vendor/honnef.co/go/tools/staticcheck/buildtag.go
index 888d3e9d..58e1e4ae 100644
--- a/vendor/honnef.co/go/tools/staticcheck/buildtag.go
+++ b/vendor/honnef.co/go/tools/staticcheck/buildtag.go
@@ -4,12 +4,12 @@ import (
 	"go/ast"
 	"strings"
 
-	. "honnef.co/go/tools/lint/lintdsl"
+	"honnef.co/go/tools/code"
 )
 
 func buildTags(f *ast.File) [][]string {
 	var out [][]string
-	for _, line := range strings.Split(Preamble(f), "\n") {
+	for _, line := range strings.Split(code.Preamble(f), "\n") {
 		if !strings.HasPrefix(line, "+build ") {
 			continue
 		}
diff --git a/vendor/honnef.co/go/tools/staticcheck/doc.go b/vendor/honnef.co/go/tools/staticcheck/doc.go
index 4a87d4a2..17d28ad6 100644
--- a/vendor/honnef.co/go/tools/staticcheck/doc.go
+++ b/vendor/honnef.co/go/tools/staticcheck/doc.go
@@ -3,22 +3,22 @@ package staticcheck
 import "honnef.co/go/tools/lint"
 
 var Docs = map[string]*lint.Documentation{
-	"SA1000": &lint.Documentation{
+	"SA1000": {
 		Title: `Invalid regular expression`,
 		Since: "2017.1",
 	},
 
-	"SA1001": &lint.Documentation{
+	"SA1001": {
 		Title: `Invalid template`,
 		Since: "2017.1",
 	},
 
-	"SA1002": &lint.Documentation{
+	"SA1002": {
 		Title: `Invalid format in time.Parse`,
 		Since: "2017.1",
 	},
 
-	"SA1003": &lint.Documentation{
+	"SA1003": {
 		Title: `Unsupported argument to functions in encoding/binary`,
 		Text: `The encoding/binary package can only serialize types with known sizes.
 This precludes the use of the int and uint types, as their sizes
@@ -29,7 +29,7 @@ Before Go 1.8, bool wasn't supported, either.`,
 		Since: "2017.1",
 	},
 
-	"SA1004": &lint.Documentation{
+	"SA1004": {
 		Title: `Suspiciously small untyped constant in time.Sleep`,
 		Text: `The time.Sleep function takes a time.Duration as its only argument.
 Durations are expressed in nanoseconds. Thus, calling time.Sleep(1)
@@ -41,12 +41,12 @@ large durations. These can be combined with arithmetic to express
 arbitrary durations, for example '5 * time.Second' for 5 seconds.
 
 If you truly meant to sleep for a tiny amount of time, use
-'n * time.Nanosecond' to signal to staticcheck that you did mean to sleep
+'n * time.Nanosecond' to signal to Staticcheck that you did mean to sleep
 for some amount of nanoseconds.`,
 		Since: "2017.1",
 	},
 
-	"SA1005": &lint.Documentation{
+	"SA1005": {
 		Title: `Invalid first argument to exec.Command`,
 		Text: `os/exec runs programs directly (using variants of the fork and exec
 system calls on Unix systems). This shouldn't be confused with running
@@ -69,7 +69,7 @@ Windows, will have a /bin/sh program:
 		Since: "2017.1",
 	},
 
-	"SA1006": &lint.Documentation{
+	"SA1006": {
 		Title: `Printf with dynamic first argument and no further arguments`,
 		Text: `Using fmt.Printf with a dynamic first argument can lead to unexpected
 output. The first argument is a format string, where certain character
@@ -93,12 +93,12 @@ and pass the string as an argument.`,
 		Since: "2017.1",
 	},
 
-	"SA1007": &lint.Documentation{
+	"SA1007": {
 		Title: `Invalid URL in net/url.Parse`,
 		Since: "2017.1",
 	},
 
-	"SA1008": &lint.Documentation{
+	"SA1008": {
 		Title: `Non-canonical key in http.Header map`,
 		Text: `Keys in http.Header maps are canonical, meaning they follow a specific
 combination of uppercase and lowercase letters. Methods such as
@@ -123,39 +123,39 @@ http.CanonicalHeaderKey.`,
 		Since: "2017.1",
 	},
 
-	"SA1010": &lint.Documentation{
+	"SA1010": {
 		Title: `(*regexp.Regexp).FindAll called with n == 0, which will always return zero results`,
 		Text: `If n >= 0, the function returns at most n matches/submatches. To
 return all results, specify a negative number.`,
 		Since: "2017.1",
 	},
 
-	"SA1011": &lint.Documentation{
+	"SA1011": {
 		Title: `Various methods in the strings package expect valid UTF-8, but invalid input is provided`,
 		Since: "2017.1",
 	},
 
-	"SA1012": &lint.Documentation{
+	"SA1012": {
 		Title: `A nil context.Context is being passed to a function, consider using context.TODO instead`,
 		Since: "2017.1",
 	},
 
-	"SA1013": &lint.Documentation{
+	"SA1013": {
 		Title: `io.Seeker.Seek is being called with the whence constant as the first argument, but it should be the second`,
 		Since: "2017.1",
 	},
 
-	"SA1014": &lint.Documentation{
+	"SA1014": {
 		Title: `Non-pointer value passed to Unmarshal or Decode`,
 		Since: "2017.1",
 	},
 
-	"SA1015": &lint.Documentation{
+	"SA1015": {
 		Title: `Using time.Tick in a way that will leak. Consider using time.NewTicker, and only use time.Tick in tests, commands and endless functions`,
 		Since: "2017.1",
 	},
 
-	"SA1016": &lint.Documentation{
+	"SA1016": {
 		Title: `Trapping a signal that cannot be trapped`,
 		Text: `Not all signals can be intercepted by a process. Speficially, on
 UNIX-like systems, the syscall.SIGKILL and syscall.SIGSTOP signals are
@@ -164,7 +164,7 @@ kernel. It is therefore pointless to try and handle these signals.`,
 		Since: "2017.1",
 	},
 
-	"SA1017": &lint.Documentation{
+	"SA1017": {
 		Title: `Channels used with os/signal.Notify should be buffered`,
 		Text: `The os/signal package uses non-blocking channel sends when delivering
 signals. If the receiving end of the channel isn't ready and the
@@ -175,24 +175,24 @@ signal value, a buffer of size 1 is sufficient.`,
 		Since: "2017.1",
 	},
 
-	"SA1018": &lint.Documentation{
+	"SA1018": {
 		Title: `strings.Replace called with n == 0, which does nothing`,
 		Text: `With n == 0, zero instances will be replaced. To replace all
 instances, use a negative number, or use strings.ReplaceAll.`,
 		Since: "2017.1",
 	},
 
-	"SA1019": &lint.Documentation{
+	"SA1019": {
 		Title: `Using a deprecated function, variable, constant or field`,
 		Since: "2017.1",
 	},
 
-	"SA1020": &lint.Documentation{
+	"SA1020": {
 		Title: `Using an invalid host:port pair with a net.Listen-related function`,
 		Since: "2017.1",
 	},
 
-	"SA1021": &lint.Documentation{
+	"SA1021": {
 		Title: `Using bytes.Equal to compare two net.IP`,
 		Text: `A net.IP stores an IPv4 or IPv6 address as a slice of bytes. The
 length of the slice for an IPv4 address, however, can be either 4 or
@@ -202,13 +202,13 @@ be used, as it takes both representations into account.`,
 		Since: "2017.1",
 	},
 
-	"SA1023": &lint.Documentation{
+	"SA1023": {
 		Title: `Modifying the buffer in an io.Writer implementation`,
 		Text:  `Write must not modify the slice data, even temporarily.`,
 		Since: "2017.1",
 	},
 
-	"SA1024": &lint.Documentation{
+	"SA1024": {
 		Title: `A string cutset contains duplicate characters`,
 		Text: `The strings.TrimLeft and strings.TrimRight functions take cutsets, not
 prefixes. A cutset is treated as a set of characters to remove from a
@@ -223,17 +223,17 @@ In order to remove one string from another, use strings.TrimPrefix instead.`,
 		Since: "2017.1",
 	},
 
-	"SA1025": &lint.Documentation{
+	"SA1025": {
 		Title: `It is not possible to use (*time.Timer).Reset's return value correctly`,
 		Since: "2019.1",
 	},
 
-	"SA1026": &lint.Documentation{
+	"SA1026": {
 		Title: `Cannot marshal channels or functions`,
 		Since: "2019.2",
 	},
 
-	"SA1027": &lint.Documentation{
+	"SA1027": {
 		Title: `Atomic access to 64-bit variable must be 64-bit aligned`,
 		Text: `On ARM, x86-32, and 32-bit MIPS, it is the caller's responsibility to
 arrange for 64-bit alignment of 64-bit words accessed atomically. The
@@ -245,12 +245,32 @@ in a struct.`,
 		Since: "2019.2",
 	},
 
-	"SA2000": &lint.Documentation{
+	"SA1028": {
+		Title: `sort.Slice can only be used on slices`,
+		Text:  `The first argument of sort.Slice must be a slice.`,
+		Since: "2020.1",
+	},
+
+	"SA1029": {
+		Title: `Inappropriate key in call to context.WithValue`,
+		Text: `The provided key must be comparable and should not be
+of type string or any other built-in type to avoid collisions between
+packages using context. Users of WithValue should define their own
+types for keys.
+
+To avoid allocating when assigning to an interface{},
+context keys often have concrete type struct{}. Alternatively,
+exported context key variables' static type should be a pointer or
+interface.`,
+		Since: "2020.1",
+	},
+
+	"SA2000": {
 		Title: `sync.WaitGroup.Add called inside the goroutine, leading to a race condition`,
 		Since: "2017.1",
 	},
 
-	"SA2001": &lint.Documentation{
+	"SA2001": {
 		Title: `Empty critical section, did you mean to defer the unlock?`,
 		Text: `Empty critical sections of the kind
 
@@ -271,17 +291,17 @@ rare false positive.`,
 		Since: "2017.1",
 	},
 
-	"SA2002": &lint.Documentation{
+	"SA2002": {
 		Title: `Called testing.T.FailNow or SkipNow in a goroutine, which isn't allowed`,
 		Since: "2017.1",
 	},
 
-	"SA2003": &lint.Documentation{
+	"SA2003": {
 		Title: `Deferred Lock right after locking, likely meant to defer Unlock instead`,
 		Since: "2017.1",
 	},
 
-	"SA3000": &lint.Documentation{
+	"SA3000": {
 		Title: `TestMain doesn't call os.Exit, hiding test failures`,
 		Text: `Test executables (and in turn 'go test') exit with a non-zero status
 code if any tests failed. When specifying your own TestMain function,
@@ -292,7 +312,7 @@ os.Exit(m.Run()).`,
 		Since: "2017.1",
 	},
 
-	"SA3001": &lint.Documentation{
+	"SA3001": {
 		Title: `Assigning to b.N in benchmarks distorts the results`,
 		Text: `The testing package dynamically sets b.N to improve the reliability of
 benchmarks and uses it in computations to determine the duration of a
@@ -301,102 +321,102 @@ falsify results.`,
 		Since: "2017.1",
 	},
 
-	"SA4000": &lint.Documentation{
+	"SA4000": {
 		Title: `Boolean expression has identical expressions on both sides`,
 		Since: "2017.1",
 	},
 
-	"SA4001": &lint.Documentation{
+	"SA4001": {
 		Title: `&*x gets simplified to x, it does not copy x`,
 		Since: "2017.1",
 	},
 
-	"SA4002": &lint.Documentation{
+	"SA4002": {
 		Title: `Comparing strings with known different sizes has predictable results`,
 		Since: "2017.1",
 	},
 
-	"SA4003": &lint.Documentation{
+	"SA4003": {
 		Title: `Comparing unsigned values against negative values is pointless`,
 		Since: "2017.1",
 	},
 
-	"SA4004": &lint.Documentation{
+	"SA4004": {
 		Title: `The loop exits unconditionally after one iteration`,
 		Since: "2017.1",
 	},
 
-	"SA4005": &lint.Documentation{
+	"SA4005": {
 		Title: `Field assignment that will never be observed. Did you mean to use a pointer receiver?`,
 		Since: "2017.1",
 	},
 
-	"SA4006": &lint.Documentation{
+	"SA4006": {
 		Title: `A value assigned to a variable is never read before being overwritten. Forgotten error check or dead code?`,
 		Since: "2017.1",
 	},
 
-	"SA4008": &lint.Documentation{
+	"SA4008": {
 		Title: `The variable in the loop condition never changes, are you incrementing the wrong variable?`,
 		Since: "2017.1",
 	},
 
-	"SA4009": &lint.Documentation{
+	"SA4009": {
 		Title: `A function argument is overwritten before its first use`,
 		Since: "2017.1",
 	},
 
-	"SA4010": &lint.Documentation{
+	"SA4010": {
 		Title: `The result of append will never be observed anywhere`,
 		Since: "2017.1",
 	},
 
-	"SA4011": &lint.Documentation{
+	"SA4011": {
 		Title: `Break statement with no effect. Did you mean to break out of an outer loop?`,
 		Since: "2017.1",
 	},
 
-	"SA4012": &lint.Documentation{
+	"SA4012": {
 		Title: `Comparing a value against NaN even though no value is equal to NaN`,
 		Since: "2017.1",
 	},
 
-	"SA4013": &lint.Documentation{
+	"SA4013": {
 		Title: `Negating a boolean twice (!!b) is the same as writing b. This is either redundant, or a typo.`,
 		Since: "2017.1",
 	},
 
-	"SA4014": &lint.Documentation{
+	"SA4014": {
 		Title: `An if/else if chain has repeated conditions and no side-effects; if the condition didn't match the first time, it won't match the second time, either`,
 		Since: "2017.1",
 	},
 
-	"SA4015": &lint.Documentation{
+	"SA4015": {
 		Title: `Calling functions like math.Ceil on floats converted from integers doesn't do anything useful`,
 		Since: "2017.1",
 	},
 
-	"SA4016": &lint.Documentation{
+	"SA4016": {
 		Title: `Certain bitwise operations, such as x ^ 0, do not do anything useful`,
 		Since: "2017.1",
 	},
 
-	"SA4017": &lint.Documentation{
+	"SA4017": {
 		Title: `A pure function's return value is discarded, making the call pointless`,
 		Since: "2017.1",
 	},
 
-	"SA4018": &lint.Documentation{
+	"SA4018": {
 		Title: `Self-assignment of variables`,
 		Since: "2017.1",
 	},
 
-	"SA4019": &lint.Documentation{
+	"SA4019": {
 		Title: `Multiple, identical build constraints in the same file`,
 		Since: "2017.1",
 	},
 
-	"SA4020": &lint.Documentation{
+	"SA4020": {
 		Title: `Unreachable case clause in a type switch`,
 		Text: `In a type switch like the following
 
@@ -467,27 +487,33 @@ and therefore doSomething()'s return value implements both.`,
 		Since: "2019.2",
 	},
 
-	"SA4021": &lint.Documentation{
+	"SA4021": {
 		Title: `x = append(y) is equivalent to x = y`,
 		Since: "2019.2",
 	},
 
-	"SA5000": &lint.Documentation{
+	"SA4022": {
+		Title: `Comparing the address of a variable against nil`,
+		Text:  `Code such as 'if &x == nil' is meaningless, because taking the address of a variable always yields a non-nil pointer.`,
+		Since: "2020.1",
+	},
+
+	"SA5000": {
 		Title: `Assignment to nil map`,
 		Since: "2017.1",
 	},
 
-	"SA5001": &lint.Documentation{
+	"SA5001": {
 		Title: `Defering Close before checking for a possible error`,
 		Since: "2017.1",
 	},
 
-	"SA5002": &lint.Documentation{
+	"SA5002": {
 		Title: `The empty for loop (for {}) spins and can block the scheduler`,
 		Since: "2017.1",
 	},
 
-	"SA5003": &lint.Documentation{
+	"SA5003": {
 		Title: `Defers in infinite loops will never execute`,
 		Text: `Defers are scoped to the surrounding function, not the surrounding
 block. In a function that never returns, i.e. one containing an
@@ -495,12 +521,12 @@ infinite loop, defers will never execute.`,
 		Since: "2017.1",
 	},
 
-	"SA5004": &lint.Documentation{
+	"SA5004": {
 		Title: `for { select { ... with an empty default branch spins`,
 		Since: "2017.1",
 	},
 
-	"SA5005": &lint.Documentation{
+	"SA5005": {
 		Title: `The finalizer references the finalized object, preventing garbage collection`,
 		Text: `A finalizer is a function associated with an object that runs when the
 garbage collector is ready to collect said object, that is when the
@@ -516,12 +542,12 @@ to zero before the object is being passed to the finalizer.`,
 		Since: "2017.1",
 	},
 
-	"SA5006": &lint.Documentation{
+	"SA5006": {
 		Title: `Slice index out of bounds`,
 		Since: "2017.1",
 	},
 
-	"SA5007": &lint.Documentation{
+	"SA5007": {
 		Title: `Infinite recursive call`,
 		Text: `A function that calls itself recursively needs to have an exit
 condition. Otherwise it will recurse forever, until the system runs
@@ -535,22 +561,112 @@ should be used instead.`,
 		Since: "2017.1",
 	},
 
-	"SA5008": &lint.Documentation{
+	"SA5008": {
 		Title: `Invalid struct tag`,
 		Since: "2019.2",
 	},
 
-	"SA5009": &lint.Documentation{
+	"SA5009": {
 		Title: `Invalid Printf call`,
 		Since: "2019.2",
 	},
 
-	"SA6000": &lint.Documentation{
+	"SA5010": {
+		Title: `Impossible type assertion`,
+
+		Text: `Some type assertions can be statically proven to be
+impossible. This is the case when the method sets of both
+arguments of the type assertion conflict with each other, for
+example by containing the same method with different
+signatures.
+
+The Go compiler already applies this check when asserting from an
+interface value to a concrete type. If the concrete type misses
+methods from the interface, or if function signatures don't match,
+then the type assertion can never succeed.
+
+This check applies the same logic when asserting from one interface to
+another. If both interface types contain the same method but with
+different signatures, then the type assertion can never succeed,
+either.`,
+
+		Since: "2020.1",
+	},
+
+	"SA5011": {
+		Title: `Possible nil pointer dereference`,
+
+		Text: `A pointer is being dereferenced unconditionally, while
+also being checked against nil in another place. This suggests that
+the pointer may be nil and dereferencing it may panic. This is
+commonly a result of improperly ordered code or missing return
+statements. Consider the following examples:
+
+    func fn(x *int) {
+        fmt.Println(*x)
+
+        // This nil check is equally important for the previous dereference
+        if x != nil {
+            foo(*x)
+        }
+    }
+
+    func TestFoo(t *testing.T) {
+        x := compute()
+        if x == nil {
+            t.Errorf("nil pointer received")
+        }
+
+        // t.Errorf does not abort the test, so if x is nil, the next line will panic.
+        foo(*x)
+    }
+
+Staticcheck tries to deduce which functions abort control flow.
+For example, it is aware that a function will not continue
+execution after a call to panic or log.Fatal. However, sometimes
+this detection fails, in particular in the presence of
+conditionals. Consider the following example:
+
+    func Log(msg string, level int) {
+        fmt.Println(msg)
+        if level == levelFatal {
+            os.Exit(1)
+        }
+    }
+
+    func Fatal(msg string) {
+        Log(msg, levelFatal)
+    }
+
+    func fn(x *int) {
+        if x == nil {
+            Fatal("unexpected nil pointer")
+        }
+        fmt.Println(*x)
+    }
+
+Staticcheck will flag the dereference of x, even though it is perfectly
+safe. Staticcheck is not able to deduce that a call to
+Fatal will exit the program. For the time being, the easiest
+workaround is to modify the definition of Fatal like so:
+
+    func Fatal(msg string) {
+        Log(msg, levelFatal)
+        panic("unreachable")
+    }
+
+We also hard-code functions from common logging packages such as
+logrus. Please file an issue if we're missing support for a
+popular package.`,
+		Since: "2020.1",
+	},
+
+	"SA6000": {
 		Title: `Using regexp.Match or related in a loop, should use regexp.Compile`,
 		Since: "2017.1",
 	},
 
-	"SA6001": &lint.Documentation{
+	"SA6001": {
 		Title: `Missing an optimization opportunity when indexing maps by byte slices`,
 
 		Text: `Map keys must be comparable, which precludes the use of byte slices.
@@ -580,7 +696,7 @@ f5f5a8b6209f84961687d993b93ea0d397f5d5bf in the Go repository.`,
 		Since: "2017.1",
 	},
 
-	"SA6002": &lint.Documentation{
+	"SA6002": {
 		Title: `Storing non-pointer values in sync.Pool allocates memory`,
 		Text: `A sync.Pool is used to avoid unnecessary allocations and reduce the
 amount of work the garbage collector has to do.
@@ -597,7 +713,7 @@ that discuss this problem.`,
 		Since: "2017.1",
 	},
 
-	"SA6003": &lint.Documentation{
+	"SA6003": {
 		Title: `Converting a string to a slice of runes before ranging over it`,
 		Text: `You may want to loop over the runes in a string. Instead of converting
 the string to a slice of runes and looping over that, you can loop
@@ -619,7 +735,7 @@ the slice of runes.`,
 		Since: "2017.1",
 	},
 
-	"SA6005": &lint.Documentation{
+	"SA6005": {
 		Title: `Inefficient string comparison with strings.ToLower or strings.ToUpper`,
 		Text: `Converting two strings to the same case and comparing them like so
 
@@ -643,22 +759,22 @@ https://blog.digitalocean.com/how-to-efficiently-compare-strings-in-go/`,
 		Since: "2019.2",
 	},
 
-	"SA9001": &lint.Documentation{
+	"SA9001": {
 		Title: `Defers in range loops may not run when you expect them to`,
 		Since: "2017.1",
 	},
 
-	"SA9002": &lint.Documentation{
+	"SA9002": {
 		Title: `Using a non-octal os.FileMode that looks like it was meant to be in octal.`,
 		Since: "2017.1",
 	},
 
-	"SA9003": &lint.Documentation{
+	"SA9003": {
 		Title: `Empty body in an if or else branch`,
 		Since: "2017.1",
 	},
 
-	"SA9004": &lint.Documentation{
+	"SA9004": {
 		Title: `Only the first constant has an explicit type`,
 
 		Text: `In a constant declaration such as the following:
@@ -750,7 +866,7 @@ as EnumSecond has no explicit type, and thus defaults to int.`,
 		Since: "2019.1",
 	},
 
-	"SA9005": &lint.Documentation{
+	"SA9005": {
 		Title: `Trying to marshal a struct with no public fields nor custom marshaling`,
 		Text: `The encoding/json and encoding/xml packages only operate on exported
 fields in structs, not unexported ones. It is usually an error to try
diff --git a/vendor/honnef.co/go/tools/staticcheck/knowledge.go b/vendor/honnef.co/go/tools/staticcheck/knowledge.go
deleted file mode 100644
index 4c12b866..00000000
--- a/vendor/honnef.co/go/tools/staticcheck/knowledge.go
+++ /dev/null
@@ -1,25 +0,0 @@
-package staticcheck
-
-import (
-	"reflect"
-
-	"golang.org/x/tools/go/analysis"
-	"honnef.co/go/tools/internal/passes/buildssa"
-	"honnef.co/go/tools/ssa"
-	"honnef.co/go/tools/staticcheck/vrp"
-)
-
-var valueRangesAnalyzer = &analysis.Analyzer{
-	Name: "vrp",
-	Doc:  "calculate value ranges of functions",
-	Run: func(pass *analysis.Pass) (interface{}, error) {
-		m := map[*ssa.Function]vrp.Ranges{}
-		for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-			vr := vrp.BuildGraph(ssafn).Solve()
-			m[ssafn] = vr
-		}
-		return m, nil
-	},
-	Requires:   []*analysis.Analyzer{buildssa.Analyzer},
-	ResultType: reflect.TypeOf(map[*ssa.Function]vrp.Ranges{}),
-}
diff --git a/vendor/honnef.co/go/tools/staticcheck/lint.go b/vendor/honnef.co/go/tools/staticcheck/lint.go
index 1558cbf9..2ccfb9e6 100644
--- a/vendor/honnef.co/go/tools/staticcheck/lint.go
+++ b/vendor/honnef.co/go/tools/staticcheck/lint.go
@@ -19,17 +19,20 @@ import (
 	"unicode"
 
 	. "honnef.co/go/tools/arg"
+	"honnef.co/go/tools/code"
 	"honnef.co/go/tools/deprecated"
+	"honnef.co/go/tools/edit"
 	"honnef.co/go/tools/facts"
 	"honnef.co/go/tools/functions"
-	"honnef.co/go/tools/internal/passes/buildssa"
+	"honnef.co/go/tools/internal/passes/buildir"
 	"honnef.co/go/tools/internal/sharedcheck"
+	"honnef.co/go/tools/ir"
+	"honnef.co/go/tools/ir/irutil"
 	"honnef.co/go/tools/lint"
 	. "honnef.co/go/tools/lint/lintdsl"
+	"honnef.co/go/tools/pattern"
 	"honnef.co/go/tools/printf"
-	"honnef.co/go/tools/ssa"
-	"honnef.co/go/tools/ssautil"
-	"honnef.co/go/tools/staticcheck/vrp"
+	"honnef.co/go/tools/report"
 
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/analysis/passes/inspect"
@@ -38,6 +41,27 @@ import (
 	"golang.org/x/tools/go/types/typeutil"
 )
 
+func checkSortSlice(call *Call) {
+	c := call.Instr.Common().StaticCallee()
+	arg := call.Args[0]
+
+	T := arg.Value.Value.Type().Underlying()
+	switch T.(type) {
+	case *types.Interface:
+		// we don't know.
+		// TODO(dh): if the value is a phi node we can look at its edges
+		if k, ok := arg.Value.Value.(*ir.Const); ok && k.Value == nil {
+			// literal nil, e.g. sort.Sort(nil, ...)
+			arg.Invalid(fmt.Sprintf("cannot call %s on nil literal", c))
+		}
+	case *types.Slice:
+		// this is fine
+	default:
+		// this is not fine
+		arg.Invalid(fmt.Sprintf("%s must only be called on slices, was called on %s", c, T))
+	}
+}
+
 func validRegexp(call *Call) {
 	arg := call.Args[0]
 	err := ValidateRegexp(arg.Value)
@@ -76,7 +100,7 @@ func unmarshalPointer(name string, arg int) CallCheck {
 
 func pointlessIntMath(call *Call) {
 	if ConvertedFromInt(call.Args[0].Value) {
-		call.Invalid(fmt.Sprintf("calling %s on a converted integer is pointless", CallName(call.Instr.Common())))
+		call.Invalid(fmt.Sprintf("calling %s on a converted integer is pointless", code.CallName(call.Instr.Common())))
 	}
 }
 
@@ -130,7 +154,7 @@ var (
 		"(*sync.Pool).Put": func(call *Call) {
 			arg := call.Args[Arg("(*sync.Pool).Put.x")]
 			typ := arg.Value.Value.Type()
-			if !IsPointerLike(typ) {
+			if !code.IsPointerLike(typ) {
 				arg.Invalid("argument should be pointer-like to avoid allocations")
 			}
 		},
@@ -251,31 +275,42 @@ var (
 
 	// TODO(dh): detect printf wrappers
 	checkPrintfRules = map[string]CallCheck{
-		"fmt.Errorf":  func(call *Call) { checkPrintfCall(call, 0, 1) },
-		"fmt.Printf":  func(call *Call) { checkPrintfCall(call, 0, 1) },
-		"fmt.Sprintf": func(call *Call) { checkPrintfCall(call, 0, 1) },
-		"fmt.Fprintf": func(call *Call) { checkPrintfCall(call, 1, 2) },
+		"fmt.Errorf":                  func(call *Call) { checkPrintfCall(call, 0, 1) },
+		"fmt.Printf":                  func(call *Call) { checkPrintfCall(call, 0, 1) },
+		"fmt.Sprintf":                 func(call *Call) { checkPrintfCall(call, 0, 1) },
+		"fmt.Fprintf":                 func(call *Call) { checkPrintfCall(call, 1, 2) },
+		"golang.org/x/xerrors.Errorf": func(call *Call) { checkPrintfCall(call, 0, 1) },
+	}
+
+	checkSortSliceRules = map[string]CallCheck{
+		"sort.Slice":         checkSortSlice,
+		"sort.SliceIsSorted": checkSortSlice,
+		"sort.SliceStable":   checkSortSlice,
+	}
+
+	checkWithValueKeyRules = map[string]CallCheck{
+		"context.WithValue": checkWithValueKey,
 	}
 )
 
 func checkPrintfCall(call *Call, fIdx, vIdx int) {
 	f := call.Args[fIdx]
-	var args []ssa.Value
+	var args []ir.Value
 	switch v := call.Args[vIdx].Value.Value.(type) {
-	case *ssa.Slice:
+	case *ir.Slice:
 		var ok bool
-		args, ok = ssautil.Vararg(v)
+		args, ok = irutil.Vararg(v)
 		if !ok {
 			// We don't know what the actual arguments to the function are
 			return
 		}
-	case *ssa.Const:
+	case *ir.Const:
 		// nil, i.e. no arguments
 	default:
 		// We don't know what the actual arguments to the function are
 		return
 	}
-	checkPrintfCallImpl(call, f.Value.Value, args)
+	checkPrintfCallImpl(f, f.Value.Value, args)
 }
 
 type verbFlag int
@@ -286,6 +321,9 @@ const (
 	isFP
 	isString
 	isPointer
+	// Verbs that accept "pseudo pointers" will sometimes dereference
+	// non-nil pointers. For example, %x on a non-nil *struct will print the
+	// individual fields, but on a nil pointer it will print the address.
 	isPseudoPointer
 	isSlice
 	isAny
@@ -303,6 +341,7 @@ var verbs = [...]verbFlag{
 	'g': isFP,
 	'G': isFP,
 	'o': isPseudoPointer | isInt,
+	'O': isPseudoPointer | isInt,
 	'p': isSlice | isPointer | noRecurse,
 	'q': isInt | isString,
 	's': isString,
@@ -310,11 +349,11 @@ var verbs = [...]verbFlag{
 	'T': isAny,
 	'U': isInt,
 	'v': isAny,
-	'X': isPseudoPointer | isInt | isString,
-	'x': isPseudoPointer | isInt | isString,
+	'X': isPseudoPointer | isInt | isFP | isString,
+	'x': isPseudoPointer | isInt | isFP | isString,
 }
 
-func checkPrintfCallImpl(call *Call, f ssa.Value, args []ssa.Value) {
+func checkPrintfCallImpl(carg *Argument, f ir.Value, args []ir.Value) {
 	var msCache *typeutil.MethodSetCache
 	if f.Parent() != nil {
 		msCache = &f.Parent().Prog.MethodSets
@@ -329,7 +368,7 @@ func checkPrintfCallImpl(call *Call, f ssa.Value, args []ssa.Value) {
 			if verbs[verb]&isSlice != 0 {
 				return []types.Type{T}, false
 			}
-			if verbs[verb]&isString != 0 && IsType(T.Elem().Underlying(), "byte") {
+			if verbs[verb]&isString != 0 && code.IsType(T.Elem().Underlying(), "byte") {
 				return []types.Type{T}, false
 			}
 			return []types.Type{T.Elem()}, true
@@ -371,7 +410,7 @@ func checkPrintfCallImpl(call *Call, f ssa.Value, args []ssa.Value) {
 		if sig.Results().Len() != 1 {
 			return false
 		}
-		if !IsType(sig.Results().At(0).Type(), "string") {
+		if !code.IsType(sig.Results().At(0).Type(), "string") {
 			return false
 		}
 		return true
@@ -393,7 +432,7 @@ func checkPrintfCallImpl(call *Call, f ssa.Value, args []ssa.Value) {
 		if sig.Results().Len() != 1 {
 			return false
 		}
-		if !IsType(sig.Results().At(0).Type(), "string") {
+		if !code.IsType(sig.Results().At(0).Type(), "string") {
 			return false
 		}
 		return true
@@ -457,10 +496,10 @@ func checkPrintfCallImpl(call *Call, f ssa.Value, args []ssa.Value) {
 
 		T = T.Underlying()
 		if flags&(isPointer|isPseudoPointer) == 0 && top {
-			T = Dereference(T)
+			T = code.Dereference(T)
 		}
 		if flags&isPseudoPointer != 0 && top {
-			t := Dereference(T)
+			t := code.Dereference(T)
 			if _, ok := t.Underlying().(*types.Struct); ok {
 				T = t
 			}
@@ -489,11 +528,11 @@ func checkPrintfCallImpl(call *Call, f ssa.Value, args []ssa.Value) {
 			return true
 		}
 
-		if flags&isString != 0 && (IsType(T, "[]byte") || isStringer(T, ms) || isError(T, ms)) {
+		if flags&isString != 0 && (code.IsType(T, "[]byte") || isStringer(T, ms) || isError(T, ms)) {
 			return true
 		}
 
-		if flags&isPointer != 0 && IsPointerLike(T) {
+		if flags&isPointer != 0 && code.IsPointerLike(T) {
 			return true
 		}
 		if flags&isPseudoPointer != 0 {
@@ -504,10 +543,29 @@ func checkPrintfCallImpl(call *Call, f ssa.Value, args []ssa.Value) {
 				}
 
 				if _, ok := U.Elem().Underlying().(*types.Struct); !ok {
+					// TODO(dh): can this condition ever be false? For
+					// *T, if T is a struct, we'll already have
+					// dereferenced it, meaning the *types.Pointer
+					// branch couldn't have been taken. For T that
+					// aren't structs, this condition will always
+					// evaluate to true.
 					return true
 				}
 			case *types.Chan, *types.Signature:
+				// Channels and functions are always treated as
+				// pointers and never recursed into.
 				return true
+			case *types.Basic:
+				if U.Kind() == types.UnsafePointer {
+					return true
+				}
+			case *types.Interface:
+				// we will already have bailed if the type is an
+				// interface.
+				panic("unreachable")
+			default:
+				// other pointer-like types, such as maps or slices,
+				// will be printed element-wise.
 			}
 		}
 
@@ -534,13 +592,13 @@ func checkPrintfCallImpl(call *Call, f ssa.Value, args []ssa.Value) {
 		return true
 	}
 
-	k, ok := f.(*ssa.Const)
+	k, ok := f.(*ir.Const)
 	if !ok {
 		return
 	}
 	actions, err := printf.Parse(constant.StringVal(k.Value))
 	if err != nil {
-		call.Invalid("couldn't parse format string")
+		carg.Invalid("couldn't parse format string")
 		return
 	}
 
@@ -559,18 +617,18 @@ func checkPrintfCallImpl(call *Call, f ssa.Value, args []ssa.Value) {
 				ptr = star.Index + 1
 			}
 			if idx == 0 {
-				call.Invalid(fmt.Sprintf("Printf format %s reads invalid arg 0; indices are 1-based", verb.Raw))
+				carg.Invalid(fmt.Sprintf("Printf format %s reads invalid arg 0; indices are 1-based", verb.Raw))
 				return false
 			}
 			if idx > len(args) {
-				call.Invalid(
+				carg.Invalid(
 					fmt.Sprintf("Printf format %s reads arg #%d, but call has only %d args",
 						verb.Raw, idx, len(args)))
 				return false
 			}
-			if arg, ok := args[idx-1].(*ssa.MakeInterface); ok {
+			if arg, ok := args[idx-1].(*ir.MakeInterface); ok {
 				if !isInfo(arg.X.Type(), types.IsInteger) {
-					call.Invalid(fmt.Sprintf("Printf format %s reads non-int arg #%d as argument of *", verb.Raw, idx))
+					carg.Invalid(fmt.Sprintf("Printf format %s reads non-int arg #%d as argument of *", verb.Raw, idx))
 				}
 			}
 		}
@@ -596,19 +654,19 @@ func checkPrintfCallImpl(call *Call, f ssa.Value, args []ssa.Value) {
 			off = verb.Value
 		}
 		if off > len(args) {
-			call.Invalid(
+			carg.Invalid(
 				fmt.Sprintf("Printf format %s reads arg #%d, but call has only %d args",
 					verb.Raw, off, len(args)))
 			return
 		} else if verb.Value == 0 && verb.Letter != '%' {
-			call.Invalid(fmt.Sprintf("Printf format %s reads invalid arg 0; indices are 1-based", verb.Raw))
+			carg.Invalid(fmt.Sprintf("Printf format %s reads invalid arg 0; indices are 1-based", verb.Raw))
 			return
 		} else if off != 0 {
-			arg, ok := args[off-1].(*ssa.MakeInterface)
+			arg, ok := args[off-1].(*ir.MakeInterface)
 			if ok {
 				if !checkType(verb.Letter, arg.X.Type(), true) {
-					call.Invalid(fmt.Sprintf("Printf format %s has arg #%d of wrong type %s",
-						verb.Raw, ptr, args[ptr-1].(*ssa.MakeInterface).X.Type()))
+					carg.Invalid(fmt.Sprintf("Printf format %s has arg #%d of wrong type %s",
+						verb.Raw, ptr, args[ptr-1].(*ir.MakeInterface).X.Type()))
 					return
 				}
 			}
@@ -626,7 +684,7 @@ func checkPrintfCallImpl(call *Call, f ssa.Value, args []ssa.Value) {
 	}
 
 	if !hasExplicit && ptr <= len(args) {
-		call.Invalid(fmt.Sprintf("Printf call needs %d args but has %d args", ptr-1, len(args)))
+		carg.Invalid(fmt.Sprintf("Printf call needs %d args but has %d args", ptr-1, len(args)))
 	}
 }
 
@@ -636,7 +694,7 @@ func checkAtomicAlignmentImpl(call *Call) {
 		// Not running on a 32-bit platform
 		return
 	}
-	v, ok := call.Args[0].Value.Value.(*ssa.FieldAddr)
+	v, ok := call.Args[0].Value.Value.(*ir.FieldAddr)
 	if !ok {
 		// TODO(dh): also check indexing into arrays and slices
 		return
@@ -651,26 +709,26 @@ func checkAtomicAlignmentImpl(call *Call) {
 	if off%8 != 0 {
 		msg := fmt.Sprintf("address of non 64-bit aligned field %s passed to %s",
 			T.Field(v.Field).Name(),
-			CallName(call.Instr.Common()))
+			code.CallName(call.Instr.Common()))
 		call.Invalid(msg)
 	}
 }
 
 func checkNoopMarshalImpl(argN int, meths ...string) CallCheck {
 	return func(call *Call) {
-		if IsGenerated(call.Pass, call.Instr.Pos()) {
+		if code.IsGenerated(call.Pass, call.Instr.Pos()) {
 			return
 		}
 		arg := call.Args[argN]
 		T := arg.Value.Value.Type()
-		Ts, ok := Dereference(T).Underlying().(*types.Struct)
+		Ts, ok := code.Dereference(T).Underlying().(*types.Struct)
 		if !ok {
 			return
 		}
 		if Ts.NumFields() == 0 {
 			return
 		}
-		fields := FlattenFields(Ts)
+		fields := code.FlattenFields(Ts)
 		for _, field := range fields {
 			if field.Var.Exported() {
 				return
@@ -696,7 +754,7 @@ func checkUnsupportedMarshalImpl(argN int, tag string, meths ...string) CallChec
 
 		arg := call.Args[argN]
 		T := arg.Value.Value.Type()
-		Ts, ok := Dereference(T).Underlying().(*types.Struct)
+		Ts, ok := code.Dereference(T).Underlying().(*types.Struct)
 		if !ok {
 			return
 		}
@@ -708,7 +766,7 @@ func checkUnsupportedMarshalImpl(argN int, tag string, meths ...string) CallChec
 				return
 			}
 		}
-		fields := FlattenFields(Ts)
+		fields := code.FlattenFields(Ts)
 		for _, field := range fields {
 			if !(field.Var.Exported()) {
 				continue
@@ -735,14 +793,14 @@ func checkUnsupportedMarshalImpl(argN int, tag string, meths ...string) CallChec
 func fieldPath(start types.Type, indices []int) string {
 	p := start.String()
 	for _, idx := range indices {
-		field := Dereference(start).Underlying().(*types.Struct).Field(idx)
+		field := code.Dereference(start).Underlying().(*types.Struct).Field(idx)
 		start = field.Type()
 		p += "." + field.Name()
 	}
 	return p
 }
 
-func isInLoop(b *ssa.BasicBlock) bool {
+func isInLoop(b *ir.BasicBlock) bool {
 	sets := functions.FindLoops(b.Parent())
 	for _, set := range sets {
 		if set.Has(b) {
@@ -755,24 +813,70 @@ func isInLoop(b *ssa.BasicBlock) bool {
 func CheckUntrappableSignal(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
 		call := node.(*ast.CallExpr)
-		if !IsCallToAnyAST(pass, call,
+		if !code.IsCallToAnyAST(pass, call,
 			"os/signal.Ignore", "os/signal.Notify", "os/signal.Reset") {
 			return
 		}
+
+		hasSigterm := false
 		for _, arg := range call.Args {
 			if conv, ok := arg.(*ast.CallExpr); ok && isName(pass, conv.Fun, "os.Signal") {
 				arg = conv.Args[0]
 			}
 
+			if isName(pass, arg, "syscall.SIGTERM") {
+				hasSigterm = true
+				break
+			}
+
+		}
+		for i, arg := range call.Args {
+			if conv, ok := arg.(*ast.CallExpr); ok && isName(pass, conv.Fun, "os.Signal") {
+				arg = conv.Args[0]
+			}
+
 			if isName(pass, arg, "os.Kill") || isName(pass, arg, "syscall.SIGKILL") {
-				ReportNodef(pass, arg, "%s cannot be trapped (did you mean syscall.SIGTERM?)", Render(pass, arg))
+				var fixes []analysis.SuggestedFix
+				if !hasSigterm {
+					nargs := make([]ast.Expr, len(call.Args))
+					for j, a := range call.Args {
+						if i == j {
+							nargs[j] = Selector("syscall", "SIGTERM")
+						} else {
+							nargs[j] = a
+						}
+					}
+					ncall := *call
+					ncall.Args = nargs
+					fixes = append(fixes, edit.Fix(fmt.Sprintf("use syscall.SIGTERM instead of %s", report.Render(pass, arg)), edit.ReplaceWithNode(pass.Fset, call, &ncall)))
+				}
+				nargs := make([]ast.Expr, 0, len(call.Args))
+				for j, a := range call.Args {
+					if i == j {
+						continue
+					}
+					nargs = append(nargs, a)
+				}
+				ncall := *call
+				ncall.Args = nargs
+				fixes = append(fixes, edit.Fix(fmt.Sprintf("remove %s from list of arguments", report.Render(pass, arg)), edit.ReplaceWithNode(pass.Fset, call, &ncall)))
+				report.Report(pass, arg, fmt.Sprintf("%s cannot be trapped (did you mean syscall.SIGTERM?)", report.Render(pass, arg)), report.Fixes(fixes...))
 			}
 			if isName(pass, arg, "syscall.SIGSTOP") {
-				ReportNodef(pass, arg, "%s signal cannot be trapped", Render(pass, arg))
+				nargs := make([]ast.Expr, 0, len(call.Args)-1)
+				for j, a := range call.Args {
+					if i == j {
+						continue
+					}
+					nargs = append(nargs, a)
+				}
+				ncall := *call
+				ncall.Args = nargs
+				report.Report(pass, arg, "syscall.SIGSTOP cannot be trapped", report.Fixes(edit.Fix("remove syscall.SIGSTOP from list of arguments", edit.ReplaceWithNode(pass.Fset, call, &ncall))))
 			}
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CallExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
@@ -780,23 +884,23 @@ func CheckTemplate(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
 		call := node.(*ast.CallExpr)
 		var kind string
-		if IsCallToAST(pass, call, "(*text/template.Template).Parse") {
+		switch code.CallNameAST(pass, call) {
+		case "(*text/template.Template).Parse":
 			kind = "text"
-		} else if IsCallToAST(pass, call, "(*html/template.Template).Parse") {
+		case "(*html/template.Template).Parse":
 			kind = "html"
-		} else {
+		default:
 			return
 		}
 		sel := call.Fun.(*ast.SelectorExpr)
-		if !IsCallToAST(pass, sel.X, "text/template.New") &&
-			!IsCallToAST(pass, sel.X, "html/template.New") {
+		if !code.IsCallToAnyAST(pass, sel.X, "text/template.New", "html/template.New") {
 			// TODO(dh): this is a cheap workaround for templates with
 			// different delims. A better solution with less false
 			// negatives would use data flow analysis to see where the
 			// template comes from and where it has been
 			return
 		}
-		s, ok := ExprToString(pass, call.Args[Arg("(*text/template.Template).Parse.text")])
+		s, ok := code.ExprToString(pass, call.Args[Arg("(*text/template.Template).Parse.text")])
 		if !ok {
 			return
 		}
@@ -810,18 +914,23 @@ func CheckTemplate(pass *analysis.Pass) (interface{}, error) {
 		if err != nil {
 			// TODO(dominikh): whitelist other parse errors, if any
 			if strings.Contains(err.Error(), "unexpected") {
-				ReportNodef(pass, call.Args[Arg("(*text/template.Template).Parse.text")], "%s", err)
+				report.Report(pass, call.Args[Arg("(*text/template.Template).Parse.text")], err.Error())
 			}
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CallExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
+var (
+	checkTimeSleepConstantPatternRns = pattern.MustParse(`(BinaryExpr duration "*" (SelectorExpr (Ident "time") (Ident "Nanosecond")))`)
+	checkTimeSleepConstantPatternRs  = pattern.MustParse(`(BinaryExpr duration "*" (SelectorExpr (Ident "time") (Ident "Second")))`)
+)
+
 func CheckTimeSleepConstant(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
 		call := node.(*ast.CallExpr)
-		if !IsCallToAST(pass, call, "time.Sleep") {
+		if !code.IsCallToAST(pass, call, "time.Sleep") {
 			return
 		}
 		lit, ok := call.Args[Arg("time.Sleep.d")].(*ast.BasicLit)
@@ -838,37 +947,31 @@ func CheckTimeSleepConstant(pass *analysis.Pass) (interface{}, error) {
 			// because the user could've meant 2 minutes.
 			return
 		}
-		recommendation := "time.Sleep(time.Nanosecond)"
-		if n != 1 {
-			recommendation = fmt.Sprintf("time.Sleep(%d * time.Nanosecond)", n)
-		}
-		ReportNodef(pass, call.Args[Arg("time.Sleep.d")],
-			"sleeping for %d nanoseconds is probably a bug. Be explicit if it isn't: %s", n, recommendation)
+
+		report.Report(pass, lit,
+			fmt.Sprintf("sleeping for %d nanoseconds is probably a bug; be explicit if it isn't", n), report.Fixes(
+				edit.Fix("explicitly use nanoseconds", edit.ReplaceWithPattern(pass, checkTimeSleepConstantPatternRns, pattern.State{"duration": lit}, lit)),
+				edit.Fix("use seconds", edit.ReplaceWithPattern(pass, checkTimeSleepConstantPatternRs, pattern.State{"duration": lit}, lit))))
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CallExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
+var checkWaitgroupAddQ = pattern.MustParse(`
+	(GoStmt
+		(CallExpr
+			(FuncLit
+				_
+				call@(CallExpr (Function "(*sync.WaitGroup).Add") _):_) _))`)
+
 func CheckWaitgroupAdd(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
-		g := node.(*ast.GoStmt)
-		fun, ok := g.Call.Fun.(*ast.FuncLit)
-		if !ok {
-			return
-		}
-		if len(fun.Body.List) == 0 {
-			return
-		}
-		stmt, ok := fun.Body.List[0].(*ast.ExprStmt)
-		if !ok {
-			return
-		}
-		if IsCallToAST(pass, stmt.X, "(*sync.WaitGroup).Add") {
-			ReportNodef(pass, stmt, "should call %s before starting the goroutine to avoid a race",
-				Render(pass, stmt))
+		if m, ok := Match(pass, checkWaitgroupAddQ, node); ok {
+			call := m.State["call"].(ast.Node)
+			report.Report(pass, call, fmt.Sprintf("should call %s before starting the goroutine to avoid a race", report.Render(pass, call)))
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.GoStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.GoStmt)(nil))
 	return nil, nil
 }
 
@@ -897,7 +1000,7 @@ func CheckInfiniteEmptyLoop(pass *analysis.Pass) (interface{}, error) {
 		// channel receives.
 
 		if loop.Cond != nil {
-			if hasSideEffects(loop.Cond) {
+			if code.MayHaveSideEffects(pass, loop.Cond, nil) {
 				return
 			}
 			if ident, ok := loop.Cond.(*ast.Ident); ok {
@@ -908,11 +1011,11 @@ func CheckInfiniteEmptyLoop(pass *analysis.Pass) (interface{}, error) {
 					}
 				}
 			}
-			ReportNodef(pass, loop, "loop condition never changes or has a race condition")
+			report.Report(pass, loop, "loop condition never changes or has a race condition")
 		}
-		ReportNodef(pass, loop, "this loop will spin, using 100%% CPU")
+		report.Report(pass, loop, "this loop will spin, using 100%% CPU", report.ShortRange())
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.ForStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.ForStmt)(nil))
 	return nil, nil
 }
 
@@ -951,10 +1054,10 @@ func CheckDeferInInfiniteLoop(pass *analysis.Pass) (interface{}, error) {
 			return
 		}
 		for _, stmt := range defers {
-			ReportNodef(pass, stmt, "defers in this infinite loop will never run")
+			report.Report(pass, stmt, "defers in this infinite loop will never run")
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.ForStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.ForStmt)(nil))
 	return nil, nil
 }
 
@@ -969,7 +1072,7 @@ func CheckDubiousDeferInChannelRangeLoop(pass *analysis.Pass) (interface{}, erro
 		fn2 := func(node ast.Node) bool {
 			switch stmt := node.(type) {
 			case *ast.DeferStmt:
-				ReportNodef(pass, stmt, "defers in this range loop won't run unless the channel gets closed")
+				report.Report(pass, stmt, "defers in this range loop won't run unless the channel gets closed")
 			case *ast.FuncLit:
 				// Don't look into function bodies
 				return false
@@ -978,7 +1081,7 @@ func CheckDubiousDeferInChannelRangeLoop(pass *analysis.Pass) (interface{}, erro
 		}
 		ast.Inspect(loop.Body, fn2)
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.RangeStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.RangeStmt)(nil))
 	return nil, nil
 }
 
@@ -993,7 +1096,7 @@ func CheckTestMainExit(pass *analysis.Pass) (interface{}, error) {
 		if !push {
 			if fnmain != nil && node == fnmain {
 				if !callsExit && callsRun {
-					ReportNodef(pass, fnmain, "TestMain should call os.Exit to set exit code")
+					report.Report(pass, fnmain, "TestMain should call os.Exit to set exit code")
 				}
 				fnmain = nil
 				callsExit = false
@@ -1015,7 +1118,7 @@ func CheckTestMainExit(pass *analysis.Pass) (interface{}, error) {
 			arg = pass.TypesInfo.ObjectOf(node.Type.Params.List[0].Names[0])
 			return true
 		case *ast.CallExpr:
-			if IsCallToAST(pass, node, "os.Exit") {
+			if code.IsCallToAST(pass, node, "os.Exit") {
 				callsExit = true
 				return false
 			}
@@ -1036,7 +1139,7 @@ func CheckTestMainExit(pass *analysis.Pass) (interface{}, error) {
 			}
 			return true
 		default:
-			// unreachable
+			ExhaustiveTypeSwitch(node)
 			return true
 		}
 	}
@@ -1055,26 +1158,26 @@ func isTestMain(pass *analysis.Pass, decl *ast.FuncDecl) bool {
 	if len(arg.Names) != 1 {
 		return false
 	}
-	return IsOfType(pass, arg.Type, "*testing.M")
+	return code.IsOfType(pass, arg.Type, "*testing.M")
 }
 
 func CheckExec(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
 		call := node.(*ast.CallExpr)
-		if !IsCallToAST(pass, call, "os/exec.Command") {
+		if !code.IsCallToAST(pass, call, "os/exec.Command") {
 			return
 		}
-		val, ok := ExprToString(pass, call.Args[Arg("os/exec.Command.name")])
+		val, ok := code.ExprToString(pass, call.Args[Arg("os/exec.Command.name")])
 		if !ok {
 			return
 		}
 		if !strings.Contains(val, " ") || strings.Contains(val, `\`) || strings.Contains(val, "/") {
 			return
 		}
-		ReportNodef(pass, call.Args[Arg("os/exec.Command.name")],
+		report.Report(pass, call.Args[Arg("os/exec.Command.name")],
 			"first argument to exec.Command looks like a shell command, but a program name or path are expected")
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CallExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
@@ -1089,25 +1192,53 @@ func CheckLoopEmptyDefault(pass *analysis.Pass) (interface{}, error) {
 			return
 		}
 		for _, c := range sel.Body.List {
+			// FIXME this leaves behind an empty line, and possibly
+			// comments in the default branch. We can't easily fix
+			// either.
 			if comm, ok := c.(*ast.CommClause); ok && comm.Comm == nil && len(comm.Body) == 0 {
-				ReportNodef(pass, comm, "should not have an empty default case in a for+select loop. The loop will spin.")
+				report.Report(pass, comm, "should not have an empty default case in a for+select loop; the loop will spin",
+					report.Fixes(edit.Fix("remove empty default branch", edit.Delete(comm))))
+				// there can only be one default case
+				break
 			}
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.ForStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.ForStmt)(nil))
 	return nil, nil
 }
 
 func CheckLhsRhsIdentical(pass *analysis.Pass) (interface{}, error) {
+	var isFloat func(T types.Type) bool
+	isFloat = func(T types.Type) bool {
+		switch T := T.Underlying().(type) {
+		case *types.Basic:
+			kind := T.Kind()
+			return kind == types.Float32 || kind == types.Float64
+		case *types.Array:
+			return isFloat(T.Elem())
+		case *types.Struct:
+			for i := 0; i < T.NumFields(); i++ {
+				if !isFloat(T.Field(i).Type()) {
+					return false
+				}
+			}
+			return true
+		default:
+			return false
+		}
+	}
+
+	// TODO(dh): this check ignores the existence of side-effects and
+	// happily flags fn() == fn() – so far, we've had nobody complain
+	// about a false positive, and it's caught several bugs in real
+	// code.
 	fn := func(node ast.Node) {
 		op := node.(*ast.BinaryExpr)
 		switch op.Op {
 		case token.EQL, token.NEQ:
-			if basic, ok := pass.TypesInfo.TypeOf(op.X).Underlying().(*types.Basic); ok {
-				if kind := basic.Kind(); kind == types.Float32 || kind == types.Float64 {
-					// f == f and f != f might be used to check for NaN
-					return
-				}
+			if isFloat(pass.TypesInfo.TypeOf(op.X)) {
+				// f == f and f != f might be used to check for NaN
+				return
 			}
 		case token.SUB, token.QUO, token.AND, token.REM, token.OR, token.XOR, token.AND_NOT,
 			token.LAND, token.LOR, token.LSS, token.GTR, token.LEQ, token.GEQ:
@@ -1117,12 +1248,15 @@ func CheckLhsRhsIdentical(pass *analysis.Pass) (interface{}, error) {
 			return
 		}
 
-		if Render(pass, op.X) != Render(pass, op.Y) {
+		if reflect.TypeOf(op.X) != reflect.TypeOf(op.Y) {
+			return
+		}
+		if report.Render(pass, op.X) != report.Render(pass, op.Y) {
 			return
 		}
 		l1, ok1 := op.X.(*ast.BasicLit)
 		l2, ok2 := op.Y.(*ast.BasicLit)
-		if ok1 && ok2 && l1.Kind == token.INT && l2.Kind == l1.Kind && l1.Value == "0" && l2.Value == l1.Value && IsGenerated(pass, l1.Pos()) {
+		if ok1 && ok2 && l1.Kind == token.INT && l2.Kind == l1.Kind && l1.Value == "0" && l2.Value == l1.Value && code.IsGenerated(pass, l1.Pos()) {
 			// cgo generates the following function call:
 			// _cgoCheckPointer(_cgoBase0, 0 == 0) – it uses 0 == 0
 			// instead of true in case the user shadowed the
@@ -1135,9 +1269,9 @@ func CheckLhsRhsIdentical(pass *analysis.Pass) (interface{}, error) {
 			// 0 == 0 are slim.
 			return
 		}
-		ReportNodef(pass, op, "identical expressions on the left and right side of the '%s' operator", op.Op)
+		report.Report(pass, op, fmt.Sprintf("identical expressions on the left and right side of the '%s' operator", op.Op))
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.BinaryExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.BinaryExpr)(nil))
 	return nil, nil
 }
 
@@ -1150,7 +1284,7 @@ func CheckScopedBreak(pass *analysis.Pass) (interface{}, error) {
 		case *ast.RangeStmt:
 			body = node.Body
 		default:
-			panic(fmt.Sprintf("unreachable: %T", node))
+			ExhaustiveTypeSwitch(node)
 		}
 		for _, stmt := range body.List {
 			var blocks [][]ast.Stmt
@@ -1191,24 +1325,27 @@ func CheckScopedBreak(pass *analysis.Pass) (interface{}, error) {
 					if !ok || branch.Tok != token.BREAK || branch.Label != nil {
 						continue
 					}
-					ReportNodef(pass, branch, "ineffective break statement. Did you mean to break out of the outer loop?")
+					report.Report(pass, branch, "ineffective break statement. Did you mean to break out of the outer loop?")
 				}
 			}
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.ForStmt)(nil), (*ast.RangeStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.ForStmt)(nil), (*ast.RangeStmt)(nil))
 	return nil, nil
 }
 
 func CheckUnsafePrintf(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
 		call := node.(*ast.CallExpr)
+		name := code.CallNameAST(pass, call)
 		var arg int
-		if IsCallToAnyAST(pass, call, "fmt.Printf", "fmt.Sprintf", "log.Printf") {
+
+		switch name {
+		case "fmt.Printf", "fmt.Sprintf", "log.Printf":
 			arg = Arg("fmt.Printf.format")
-		} else if IsCallToAnyAST(pass, call, "fmt.Fprintf") {
+		case "fmt.Fprintf":
 			arg = Arg("fmt.Fprintf.format")
-		} else {
+		default:
 			return
 		}
 		if len(call.Args) != arg+1 {
@@ -1219,10 +1356,13 @@ func CheckUnsafePrintf(pass *analysis.Pass) (interface{}, error) {
 		default:
 			return
 		}
-		ReportNodef(pass, call.Args[arg],
-			"printf-style function with dynamic format string and no further arguments should use print-style function instead")
+
+		alt := name[:len(name)-1]
+		report.Report(pass, call,
+			"printf-style function with dynamic format string and no further arguments should use print-style function instead",
+			report.Fixes(edit.Fix(fmt.Sprintf("use %s instead of %s", alt, name), edit.ReplaceWithString(pass.Fset, call.Fun, alt))))
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CallExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
@@ -1288,10 +1428,10 @@ func CheckEarlyDefer(pass *analysis.Pass) (interface{}, error) {
 			if sel.Sel.Name != "Close" {
 				continue
 			}
-			ReportNodef(pass, def, "should check returned error before deferring %s", Render(pass, def.Call))
+			report.Report(pass, def, fmt.Sprintf("should check returned error before deferring %s", report.Render(pass, def.Call)))
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.BlockStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.BlockStmt)(nil))
 	return nil, nil
 }
 
@@ -1305,15 +1445,20 @@ func selectorX(sel *ast.SelectorExpr) ast.Node {
 }
 
 func CheckEmptyCriticalSection(pass *analysis.Pass) (interface{}, error) {
+	if pass.Pkg.Path() == "sync_test" {
+		// exception for the sync package's tests
+		return nil, nil
+	}
+
 	// Initially it might seem like this check would be easier to
-	// implement in SSA. After all, we're only checking for two
+	// implement using IR. After all, we're only checking for two
 	// consecutive method calls. In reality, however, there may be any
 	// number of other instructions between the lock and unlock, while
 	// still constituting an empty critical section. For example,
 	// given `m.x().Lock(); m.x().Unlock()`, there will be a call to
 	// x(). In the AST-based approach, this has a tiny potential for a
 	// false positive (the second call to x might be doing work that
-	// is protected by the mutex). In an SSA-based approach, however,
+	// is protected by the mutex). In an IR-based approach, however,
 	// it would miss a lot of real bugs.
 
 	mutexParams := func(s ast.Stmt) (x ast.Expr, funcName string, ok bool) {
@@ -1351,73 +1496,38 @@ func CheckEmptyCriticalSection(pass *analysis.Pass) (interface{}, error) {
 			sel1, method1, ok1 := mutexParams(block.List[i])
 			sel2, method2, ok2 := mutexParams(block.List[i+1])
 
-			if !ok1 || !ok2 || Render(pass, sel1) != Render(pass, sel2) {
+			if !ok1 || !ok2 || report.Render(pass, sel1) != report.Render(pass, sel2) {
 				continue
 			}
 			if (method1 == "Lock" && method2 == "Unlock") ||
 				(method1 == "RLock" && method2 == "RUnlock") {
-				ReportNodef(pass, block.List[i+1], "empty critical section")
+				report.Report(pass, block.List[i+1], "empty critical section")
 			}
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.BlockStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.BlockStmt)(nil))
 	return nil, nil
 }
 
-// cgo produces code like fn(&*_Cvar_kSomeCallbacks) which we don't
-// want to flag.
-var cgoIdent = regexp.MustCompile(`^_C(func|var)_.+$`)
+var (
+	// cgo produces code like fn(&*_Cvar_kSomeCallbacks) which we don't
+	// want to flag.
+	cgoIdent               = regexp.MustCompile(`^_C(func|var)_.+$`)
+	checkIneffectiveCopyQ1 = pattern.MustParse(`(UnaryExpr "&" (StarExpr obj))`)
+	checkIneffectiveCopyQ2 = pattern.MustParse(`(StarExpr (UnaryExpr "&" _))`)
+)
 
 func CheckIneffectiveCopy(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
-		if unary, ok := node.(*ast.UnaryExpr); ok {
-			if star, ok := unary.X.(*ast.StarExpr); ok && unary.Op == token.AND {
-				ident, ok := star.X.(*ast.Ident)
-				if !ok || !cgoIdent.MatchString(ident.Name) {
-					ReportNodef(pass, unary, "&*x will be simplified to x. It will not copy x.")
-				}
-			}
-		}
-
-		if star, ok := node.(*ast.StarExpr); ok {
-			if unary, ok := star.X.(*ast.UnaryExpr); ok && unary.Op == token.AND {
-				ReportNodef(pass, star, "*&x will be simplified to x. It will not copy x.")
-			}
-		}
-	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.UnaryExpr)(nil), (*ast.StarExpr)(nil)}, fn)
-	return nil, nil
-}
-
-func CheckDiffSizeComparison(pass *analysis.Pass) (interface{}, error) {
-	ranges := pass.ResultOf[valueRangesAnalyzer].(map[*ssa.Function]vrp.Ranges)
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		for _, b := range ssafn.Blocks {
-			for _, ins := range b.Instrs {
-				binop, ok := ins.(*ssa.BinOp)
-				if !ok {
-					continue
-				}
-				if binop.Op != token.EQL && binop.Op != token.NEQ {
-					continue
-				}
-				_, ok1 := binop.X.(*ssa.Slice)
-				_, ok2 := binop.Y.(*ssa.Slice)
-				if !ok1 && !ok2 {
-					continue
-				}
-				r := ranges[ssafn]
-				r1, ok1 := r.Get(binop.X).(vrp.StringInterval)
-				r2, ok2 := r.Get(binop.Y).(vrp.StringInterval)
-				if !ok1 || !ok2 {
-					continue
-				}
-				if r1.Length.Intersection(r2.Length).Empty() {
-					pass.Reportf(binop.Pos(), "comparing strings of different sizes for equality will always return false")
-				}
+		if m, ok := Match(pass, checkIneffectiveCopyQ1, node); ok {
+			if ident, ok := m.State["obj"].(*ast.Ident); !ok || !cgoIdent.MatchString(ident.Name) {
+				report.Report(pass, node, "&*x will be simplified to x. It will not copy x.")
 			}
+		} else if _, ok := Match(pass, checkIneffectiveCopyQ2, node); ok {
+			report.Report(pass, node, "*&x will be simplified to x. It will not copy x.")
 		}
 	}
+	code.Preorder(pass, fn, (*ast.UnaryExpr)(nil), (*ast.StarExpr)(nil))
 	return nil, nil
 }
 
@@ -1436,7 +1546,7 @@ func CheckCanonicalHeaderKey(pass *analysis.Pass) (interface{}, error) {
 				if !ok {
 					continue
 				}
-				if IsOfType(pass, op.X, "net/http.Header") {
+				if code.IsOfType(pass, op.X, "net/http.Header") {
 					return false
 				}
 			}
@@ -1446,17 +1556,34 @@ func CheckCanonicalHeaderKey(pass *analysis.Pass) (interface{}, error) {
 		if !ok {
 			return true
 		}
-		if !IsOfType(pass, op.X, "net/http.Header") {
+		if !code.IsOfType(pass, op.X, "net/http.Header") {
 			return true
 		}
-		s, ok := ExprToString(pass, op.Index)
+		s, ok := code.ExprToString(pass, op.Index)
 		if !ok {
 			return true
 		}
-		if s == http.CanonicalHeaderKey(s) {
+		canonical := http.CanonicalHeaderKey(s)
+		if s == canonical {
 			return true
 		}
-		ReportNodef(pass, op, "keys in http.Header are canonicalized, %q is not canonical; fix the constant or use http.CanonicalHeaderKey", s)
+		var fix analysis.SuggestedFix
+		switch op.Index.(type) {
+		case *ast.BasicLit:
+			fix = edit.Fix("canonicalize header key", edit.ReplaceWithString(pass.Fset, op.Index, strconv.Quote(canonical)))
+		case *ast.Ident:
+			call := &ast.CallExpr{
+				Fun:  Selector("http", "CanonicalHeaderKey"),
+				Args: []ast.Expr{op.Index},
+			}
+			fix = edit.Fix("wrap in http.CanonicalHeaderKey", edit.ReplaceWithNode(pass.Fset, op.Index, call))
+		}
+		msg := fmt.Sprintf("keys in http.Header are canonicalized, %q is not canonical; fix the constant or use http.CanonicalHeaderKey", s)
+		if fix.Message != "" {
+			report.Report(pass, op, msg, report.Fixes(fix))
+		} else {
+			report.Report(pass, op, msg)
+		}
 		return true
 	}
 	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Nodes([]ast.Node{(*ast.AssignStmt)(nil), (*ast.IndexExpr)(nil)}, fn)
@@ -1476,43 +1603,48 @@ func CheckBenchmarkN(pass *analysis.Pass) (interface{}, error) {
 		if sel.Sel.Name != "N" {
 			return
 		}
-		if !IsOfType(pass, sel.X, "*testing.B") {
+		if !code.IsOfType(pass, sel.X, "*testing.B") {
 			return
 		}
-		ReportNodef(pass, assign, "should not assign to %s", Render(pass, sel))
+		report.Report(pass, assign, fmt.Sprintf("should not assign to %s", report.Render(pass, sel)))
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.AssignStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.AssignStmt)(nil))
 	return nil, nil
 }
 
 func CheckUnreadVariableValues(pass *analysis.Pass) (interface{}, error) {
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		if IsExample(ssafn) {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		if code.IsExample(fn) {
 			continue
 		}
-		node := ssafn.Syntax()
+		node := fn.Source()
 		if node == nil {
 			continue
 		}
-		if gen, ok := Generator(pass, node.Pos()); ok && gen == facts.Goyacc {
+		if gen, ok := code.Generator(pass, node.Pos()); ok && gen == facts.Goyacc {
 			// Don't flag unused values in code generated by goyacc.
 			// There may be hundreds of those due to the way the state
 			// machine is constructed.
 			continue
 		}
 
-		switchTags := map[ssa.Value]struct{}{}
+		switchTags := map[ir.Value]struct{}{}
 		ast.Inspect(node, func(node ast.Node) bool {
 			s, ok := node.(*ast.SwitchStmt)
 			if !ok {
 				return true
 			}
-			v, _ := ssafn.ValueForExpr(s.Tag)
+			v, _ := fn.ValueForExpr(s.Tag)
 			switchTags[v] = struct{}{}
 			return true
 		})
 
-		hasUse := func(v ssa.Value) bool {
+		// OPT(dh): don't use a map, possibly use a bitset
+		var hasUse func(v ir.Value, seen map[ir.Value]struct{}) bool
+		hasUse = func(v ir.Value, seen map[ir.Value]struct{}) bool {
+			if _, ok := seen[v]; ok {
+				return false
+			}
 			if _, ok := switchTags[v]; ok {
 				return true
 			}
@@ -1521,7 +1653,30 @@ func CheckUnreadVariableValues(pass *analysis.Pass) (interface{}, error) {
 				// TODO investigate why refs can be nil
 				return true
 			}
-			return len(FilterDebug(*refs)) > 0
+			for _, ref := range *refs {
+				switch ref := ref.(type) {
+				case *ir.DebugRef:
+				case *ir.Sigma:
+					if seen == nil {
+						seen = map[ir.Value]struct{}{}
+					}
+					seen[v] = struct{}{}
+					if hasUse(ref, seen) {
+						return true
+					}
+				case *ir.Phi:
+					if seen == nil {
+						seen = map[ir.Value]struct{}{}
+					}
+					seen[v] = struct{}{}
+					if hasUse(ref, seen) {
+						return true
+					}
+				default:
+					return true
+				}
+			}
+			return false
 		}
 
 		ast.Inspect(node, func(node ast.Node) bool {
@@ -1533,7 +1688,7 @@ func CheckUnreadVariableValues(pass *analysis.Pass) (interface{}, error) {
 				// Either a function call with multiple return values,
 				// or a comma-ok assignment
 
-				val, _ := ssafn.ValueForExpr(assign.Rhs[0])
+				val, _ := fn.ValueForExpr(assign.Rhs[0])
 				if val == nil {
 					return true
 				}
@@ -1542,16 +1697,16 @@ func CheckUnreadVariableValues(pass *analysis.Pass) (interface{}, error) {
 					return true
 				}
 				for _, ref := range *refs {
-					ex, ok := ref.(*ssa.Extract)
+					ex, ok := ref.(*ir.Extract)
 					if !ok {
 						continue
 					}
-					if !hasUse(ex) {
+					if !hasUse(ex, nil) {
 						lhs := assign.Lhs[ex.Index]
 						if ident, ok := lhs.(*ast.Ident); !ok || ok && ident.Name == "_" {
 							continue
 						}
-						ReportNodef(pass, lhs, "this value of %s is never used", lhs)
+						report.Report(pass, assign, fmt.Sprintf("this value of %s is never used", lhs))
 					}
 				}
 				return true
@@ -1561,13 +1716,13 @@ func CheckUnreadVariableValues(pass *analysis.Pass) (interface{}, error) {
 				if ident, ok := lhs.(*ast.Ident); !ok || ok && ident.Name == "_" {
 					continue
 				}
-				val, _ := ssafn.ValueForExpr(rhs)
+				val, _ := fn.ValueForExpr(rhs)
 				if val == nil {
 					continue
 				}
 
-				if !hasUse(val) {
-					ReportNodef(pass, lhs, "this value of %s is never used", lhs)
+				if !hasUse(val, nil) {
+					report.Report(pass, assign, fmt.Sprintf("this value of %s is never used", lhs))
 				}
 			}
 			return true
@@ -1577,21 +1732,21 @@ func CheckUnreadVariableValues(pass *analysis.Pass) (interface{}, error) {
 }
 
 func CheckPredeterminedBooleanExprs(pass *analysis.Pass) (interface{}, error) {
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		for _, block := range ssafn.Blocks {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		for _, block := range fn.Blocks {
 			for _, ins := range block.Instrs {
-				ssabinop, ok := ins.(*ssa.BinOp)
+				binop, ok := ins.(*ir.BinOp)
 				if !ok {
 					continue
 				}
-				switch ssabinop.Op {
+				switch binop.Op {
 				case token.GTR, token.LSS, token.EQL, token.NEQ, token.LEQ, token.GEQ:
 				default:
 					continue
 				}
 
-				xs, ok1 := consts(ssabinop.X, nil, nil)
-				ys, ok2 := consts(ssabinop.Y, nil, nil)
+				xs, ok1 := consts(binop.X, nil, nil)
+				ys, ok2 := consts(binop.Y, nil, nil)
 				if !ok1 || !ok2 || len(xs) == 0 || len(ys) == 0 {
 					continue
 				}
@@ -1605,15 +1760,14 @@ func CheckPredeterminedBooleanExprs(pass *analysis.Pass) (interface{}, error) {
 							}
 							continue
 						}
-						if constant.Compare(x.Value, ssabinop.Op, y.Value) {
+						if constant.Compare(x.Value, binop.Op, y.Value) {
 							trues++
 						}
 					}
 				}
 				b := trues != 0
 				if trues == 0 || trues == len(xs)*len(ys) {
-					pass.Reportf(ssabinop.Pos(), "binary expression is always %t for all possible values (%s %s %s)",
-						b, xs, ssabinop.Op, ys)
+					report.Report(pass, binop, fmt.Sprintf("binary expression is always %t for all possible values (%s %s %s)", b, xs, binop.Op, ys))
 				}
 			}
 		}
@@ -1622,21 +1776,21 @@ func CheckPredeterminedBooleanExprs(pass *analysis.Pass) (interface{}, error) {
 }
 
 func CheckNilMaps(pass *analysis.Pass) (interface{}, error) {
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		for _, block := range ssafn.Blocks {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		for _, block := range fn.Blocks {
 			for _, ins := range block.Instrs {
-				mu, ok := ins.(*ssa.MapUpdate)
+				mu, ok := ins.(*ir.MapUpdate)
 				if !ok {
 					continue
 				}
-				c, ok := mu.Map.(*ssa.Const)
+				c, ok := mu.Map.(*ir.Const)
 				if !ok {
 					continue
 				}
 				if c.Value != nil {
 					continue
 				}
-				pass.Reportf(mu.Pos(), "assignment to nil map")
+				report.Report(pass, mu, "assignment to nil map")
 			}
 		}
 	}
@@ -1649,7 +1803,7 @@ func CheckExtremeComparison(pass *analysis.Pass) (interface{}, error) {
 		if !ok {
 			return false
 		}
-		return IsObject(pass.TypesInfo.ObjectOf(sel.Sel), name)
+		return code.IsObject(pass.TypesInfo.ObjectOf(sel.Sel), name)
 	}
 
 	fn := func(node ast.Node) {
@@ -1694,45 +1848,45 @@ func CheckExtremeComparison(pass *analysis.Pass) (interface{}, error) {
 
 		if (expr.Op == token.GTR || expr.Op == token.GEQ) && isobj(expr.Y, max) ||
 			(expr.Op == token.LSS || expr.Op == token.LEQ) && isobj(expr.X, max) {
-			ReportNodef(pass, expr, "no value of type %s is greater than %s", basic, max)
+			report.Report(pass, expr, fmt.Sprintf("no value of type %s is greater than %s", basic, max))
 		}
 		if expr.Op == token.LEQ && isobj(expr.Y, max) ||
 			expr.Op == token.GEQ && isobj(expr.X, max) {
-			ReportNodef(pass, expr, "every value of type %s is <= %s", basic, max)
+			report.Report(pass, expr, fmt.Sprintf("every value of type %s is <= %s", basic, max))
 		}
 
 		if (basic.Info() & types.IsUnsigned) != 0 {
-			if (expr.Op == token.LSS || expr.Op == token.LEQ) && IsIntLiteral(expr.Y, "0") ||
-				(expr.Op == token.GTR || expr.Op == token.GEQ) && IsIntLiteral(expr.X, "0") {
-				ReportNodef(pass, expr, "no value of type %s is less than 0", basic)
+			if (expr.Op == token.LSS && code.IsIntLiteral(expr.Y, "0")) ||
+				(expr.Op == token.GTR && code.IsIntLiteral(expr.X, "0")) {
+				report.Report(pass, expr, fmt.Sprintf("no value of type %s is less than 0", basic))
 			}
-			if expr.Op == token.GEQ && IsIntLiteral(expr.Y, "0") ||
-				expr.Op == token.LEQ && IsIntLiteral(expr.X, "0") {
-				ReportNodef(pass, expr, "every value of type %s is >= 0", basic)
+			if expr.Op == token.GEQ && code.IsIntLiteral(expr.Y, "0") ||
+				expr.Op == token.LEQ && code.IsIntLiteral(expr.X, "0") {
+				report.Report(pass, expr, fmt.Sprintf("every value of type %s is >= 0", basic))
 			}
 		} else {
 			if (expr.Op == token.LSS || expr.Op == token.LEQ) && isobj(expr.Y, min) ||
 				(expr.Op == token.GTR || expr.Op == token.GEQ) && isobj(expr.X, min) {
-				ReportNodef(pass, expr, "no value of type %s is less than %s", basic, min)
+				report.Report(pass, expr, fmt.Sprintf("no value of type %s is less than %s", basic, min))
 			}
 			if expr.Op == token.GEQ && isobj(expr.Y, min) ||
 				expr.Op == token.LEQ && isobj(expr.X, min) {
-				ReportNodef(pass, expr, "every value of type %s is >= %s", basic, min)
+				report.Report(pass, expr, fmt.Sprintf("every value of type %s is >= %s", basic, min))
 			}
 		}
 
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.BinaryExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.BinaryExpr)(nil))
 	return nil, nil
 }
 
-func consts(val ssa.Value, out []*ssa.Const, visitedPhis map[string]bool) ([]*ssa.Const, bool) {
+func consts(val ir.Value, out []*ir.Const, visitedPhis map[string]bool) ([]*ir.Const, bool) {
 	if visitedPhis == nil {
 		visitedPhis = map[string]bool{}
 	}
 	var ok bool
 	switch val := val.(type) {
-	case *ssa.Phi:
+	case *ir.Phi:
 		if visitedPhis[val.Name()] {
 			break
 		}
@@ -1744,9 +1898,9 @@ func consts(val ssa.Value, out []*ssa.Const, visitedPhis map[string]bool) ([]*ss
 				return nil, false
 			}
 		}
-	case *ssa.Const:
+	case *ir.Const:
 		out = append(out, val)
-	case *ssa.Convert:
+	case *ir.Convert:
 		out, ok = consts(val.X, out, visitedPhis)
 		if !ok {
 			return nil, false
@@ -1757,7 +1911,7 @@ func consts(val ssa.Value, out []*ssa.Const, visitedPhis map[string]bool) ([]*ss
 	if len(out) < 2 {
 		return out, true
 	}
-	uniq := []*ssa.Const{out[0]}
+	uniq := []*ir.Const{out[0]}
 	for _, val := range out[1:] {
 		if val.Value == uniq[len(uniq)-1].Value {
 			continue
@@ -1768,8 +1922,8 @@ func consts(val ssa.Value, out []*ssa.Const, visitedPhis map[string]bool) ([]*ss
 }
 
 func CheckLoopCondition(pass *analysis.Pass) (interface{}, error) {
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		fn := func(node ast.Node) bool {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		cb := func(node ast.Node) bool {
 			loop, ok := node.(*ast.ForStmt)
 			if !ok {
 				return true
@@ -1800,42 +1954,42 @@ func CheckLoopCondition(pass *analysis.Pass) (interface{}, error) {
 				return true
 			}
 
-			v, isAddr := ssafn.ValueForExpr(cond.X)
+			v, isAddr := fn.ValueForExpr(cond.X)
 			if v == nil || isAddr {
 				return true
 			}
 			switch v := v.(type) {
-			case *ssa.Phi:
+			case *ir.Phi:
 				ops := v.Operands(nil)
 				if len(ops) != 2 {
 					return true
 				}
-				_, ok := (*ops[0]).(*ssa.Const)
+				_, ok := (*ops[0]).(*ir.Const)
 				if !ok {
 					return true
 				}
-				sigma, ok := (*ops[1]).(*ssa.Sigma)
+				sigma, ok := (*ops[1]).(*ir.Sigma)
 				if !ok {
 					return true
 				}
 				if sigma.X != v {
 					return true
 				}
-			case *ssa.UnOp:
+			case *ir.Load:
 				return true
 			}
-			ReportNodef(pass, cond, "variable in loop condition never changes")
+			report.Report(pass, cond, "variable in loop condition never changes")
 
 			return true
 		}
-		Inspect(ssafn.Syntax(), fn)
+		Inspect(fn.Source(), cb)
 	}
 	return nil, nil
 }
 
 func CheckArgOverwritten(pass *analysis.Pass) (interface{}, error) {
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		fn := func(node ast.Node) bool {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		cb := func(node ast.Node) bool {
 			var typ *ast.FuncType
 			var body *ast.BlockStmt
 			switch fn := node.(type) {
@@ -1855,26 +2009,29 @@ func CheckArgOverwritten(pass *analysis.Pass) (interface{}, error) {
 			for _, field := range typ.Params.List {
 				for _, arg := range field.Names {
 					obj := pass.TypesInfo.ObjectOf(arg)
-					var ssaobj *ssa.Parameter
-					for _, param := range ssafn.Params {
+					var irobj *ir.Parameter
+					for _, param := range fn.Params {
 						if param.Object() == obj {
-							ssaobj = param
+							irobj = param
 							break
 						}
 					}
-					if ssaobj == nil {
+					if irobj == nil {
 						continue
 					}
-					refs := ssaobj.Referrers()
+					refs := irobj.Referrers()
 					if refs == nil {
 						continue
 					}
-					if len(FilterDebug(*refs)) != 0 {
+					if len(code.FilterDebug(*refs)) != 0 {
 						continue
 					}
 
-					assigned := false
+					var assignment ast.Node
 					ast.Inspect(body, func(node ast.Node) bool {
+						if assignment != nil {
+							return false
+						}
 						assign, ok := node.(*ast.AssignStmt)
 						if !ok {
 							return true
@@ -1885,20 +2042,21 @@ func CheckArgOverwritten(pass *analysis.Pass) (interface{}, error) {
 								continue
 							}
 							if pass.TypesInfo.ObjectOf(ident) == obj {
-								assigned = true
+								assignment = assign
 								return false
 							}
 						}
 						return true
 					})
-					if assigned {
-						ReportNodef(pass, arg, "argument %s is overwritten before first use", arg)
+					if assignment != nil {
+						report.Report(pass, arg, fmt.Sprintf("argument %s is overwritten before first use", arg),
+							report.Related(assignment, fmt.Sprintf("assignment to %s", arg)))
 					}
 				}
 			}
 			return true
 		}
-		Inspect(ssafn.Syntax(), fn)
+		Inspect(fn.Source(), cb)
 	}
 	return nil, nil
 }
@@ -1920,7 +2078,7 @@ func CheckIneffectiveLoop(pass *analysis.Pass) (interface{}, error) {
 		case *ast.FuncLit:
 			body = fn.Body
 		default:
-			panic(fmt.Sprintf("unreachable: %T", node))
+			ExhaustiveTypeSwitch(node)
 		}
 		if body == nil {
 			return
@@ -2003,136 +2161,133 @@ func CheckIneffectiveLoop(pass *analysis.Pass) (interface{}, error) {
 				return true
 			})
 			if unconditionalExit != nil {
-				ReportNodef(pass, unconditionalExit, "the surrounding loop is unconditionally terminated")
+				report.Report(pass, unconditionalExit, "the surrounding loop is unconditionally terminated")
 			}
 			return true
 		})
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.FuncDecl)(nil), (*ast.FuncLit)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.FuncDecl)(nil), (*ast.FuncLit)(nil))
 	return nil, nil
 }
 
+var checkNilContextQ = pattern.MustParse(`(CallExpr fun@(Function _) (Builtin "nil"):_)`)
+
 func CheckNilContext(pass *analysis.Pass) (interface{}, error) {
+	todo := &ast.CallExpr{
+		Fun: Selector("context", "TODO"),
+	}
+	bg := &ast.CallExpr{
+		Fun: Selector("context", "Background"),
+	}
 	fn := func(node ast.Node) {
-		call := node.(*ast.CallExpr)
-		if len(call.Args) == 0 {
-			return
-		}
-		if typ, ok := pass.TypesInfo.TypeOf(call.Args[0]).(*types.Basic); !ok || typ.Kind() != types.UntypedNil {
-			return
-		}
-		sig, ok := pass.TypesInfo.TypeOf(call.Fun).(*types.Signature)
+		m, ok := Match(pass, checkNilContextQ, node)
 		if !ok {
 			return
 		}
+
+		call := node.(*ast.CallExpr)
+		fun, ok := m.State["fun"].(*types.Func)
+		if !ok {
+			// it might also be a builtin
+			return
+		}
+		sig := fun.Type().(*types.Signature)
 		if sig.Params().Len() == 0 {
+			// Our CallExpr might've matched a method expression, like
+			// (*T).Foo(nil) – here, nil isn't the first argument of
+			// the Foo method, but the method receiver.
 			return
 		}
-		if !IsType(sig.Params().At(0).Type(), "context.Context") {
+		if !code.IsType(sig.Params().At(0).Type(), "context.Context") {
 			return
 		}
-		ReportNodef(pass, call.Args[0],
-			"do not pass a nil Context, even if a function permits it; pass context.TODO if you are unsure about which Context to use")
+		report.Report(pass, call.Args[0],
+			"do not pass a nil Context, even if a function permits it; pass context.TODO if you are unsure about which Context to use", report.Fixes(
+				edit.Fix("use context.TODO", edit.ReplaceWithNode(pass.Fset, call.Args[0], todo)),
+				edit.Fix("use context.Background", edit.ReplaceWithNode(pass.Fset, call.Args[0], bg))))
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CallExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
+var (
+	checkSeekerQ = pattern.MustParse(`(CallExpr fun@(SelectorExpr _ (Ident "Seek")) [arg1@(SelectorExpr (Ident "io") (Ident (Or "SeekStart" "SeekCurrent" "SeekEnd"))) arg2])`)
+	checkSeekerR = pattern.MustParse(`(CallExpr fun [arg2 arg1])`)
+)
+
 func CheckSeeker(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
-		call := node.(*ast.CallExpr)
-		sel, ok := call.Fun.(*ast.SelectorExpr)
-		if !ok {
-			return
+		if _, edits, ok := MatchAndEdit(pass, checkSeekerQ, checkSeekerR, node); ok {
+			report.Report(pass, node, "the first argument of io.Seeker is the offset, but an io.Seek* constant is being used instead",
+				report.Fixes(edit.Fix("swap arguments", edits...)))
 		}
-		if sel.Sel.Name != "Seek" {
-			return
-		}
-		if len(call.Args) != 2 {
-			return
-		}
-		arg0, ok := call.Args[Arg("(io.Seeker).Seek.offset")].(*ast.SelectorExpr)
-		if !ok {
-			return
-		}
-		switch arg0.Sel.Name {
-		case "SeekStart", "SeekCurrent", "SeekEnd":
-		default:
-			return
-		}
-		pkg, ok := arg0.X.(*ast.Ident)
-		if !ok {
-			return
-		}
-		if pkg.Name != "io" {
-			return
-		}
-		ReportNodef(pass, call, "the first argument of io.Seeker is the offset, but an io.Seek* constant is being used instead")
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CallExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
 func CheckIneffectiveAppend(pass *analysis.Pass) (interface{}, error) {
-	isAppend := func(ins ssa.Value) bool {
-		call, ok := ins.(*ssa.Call)
+	isAppend := func(ins ir.Value) bool {
+		call, ok := ins.(*ir.Call)
 		if !ok {
 			return false
 		}
 		if call.Call.IsInvoke() {
 			return false
 		}
-		if builtin, ok := call.Call.Value.(*ssa.Builtin); !ok || builtin.Name() != "append" {
+		if builtin, ok := call.Call.Value.(*ir.Builtin); !ok || builtin.Name() != "append" {
 			return false
 		}
 		return true
 	}
 
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		for _, block := range ssafn.Blocks {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		for _, block := range fn.Blocks {
 			for _, ins := range block.Instrs {
-				val, ok := ins.(ssa.Value)
+				val, ok := ins.(ir.Value)
 				if !ok || !isAppend(val) {
 					continue
 				}
 
 				isUsed := false
-				visited := map[ssa.Instruction]bool{}
-				var walkRefs func(refs []ssa.Instruction)
-				walkRefs = func(refs []ssa.Instruction) {
+				visited := map[ir.Instruction]bool{}
+				var walkRefs func(refs []ir.Instruction)
+				walkRefs = func(refs []ir.Instruction) {
 				loop:
 					for _, ref := range refs {
 						if visited[ref] {
 							continue
 						}
 						visited[ref] = true
-						if _, ok := ref.(*ssa.DebugRef); ok {
+						if _, ok := ref.(*ir.DebugRef); ok {
 							continue
 						}
 						switch ref := ref.(type) {
-						case *ssa.Phi:
+						case *ir.Phi:
 							walkRefs(*ref.Referrers())
-						case *ssa.Sigma:
+						case *ir.Sigma:
 							walkRefs(*ref.Referrers())
-						case ssa.Value:
+						case ir.Value:
 							if !isAppend(ref) {
 								isUsed = true
 							} else {
 								walkRefs(*ref.Referrers())
 							}
-						case ssa.Instruction:
+						case ir.Instruction:
 							isUsed = true
 							break loop
 						}
 					}
 				}
+
 				refs := val.Referrers()
 				if refs == nil {
 					continue
 				}
 				walkRefs(*refs)
+
 				if !isUsed {
-					pass.Reportf(ins.Pos(), "this result of append is never used, except maybe in other appends")
+					report.Report(pass, ins, "this result of append is never used, except maybe in other appends")
 				}
 			}
 		}
@@ -2141,19 +2296,19 @@ func CheckIneffectiveAppend(pass *analysis.Pass) (interface{}, error) {
 }
 
 func CheckConcurrentTesting(pass *analysis.Pass) (interface{}, error) {
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		for _, block := range ssafn.Blocks {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		for _, block := range fn.Blocks {
 			for _, ins := range block.Instrs {
-				gostmt, ok := ins.(*ssa.Go)
+				gostmt, ok := ins.(*ir.Go)
 				if !ok {
 					continue
 				}
-				var fn *ssa.Function
+				var fn *ir.Function
 				switch val := gostmt.Call.Value.(type) {
-				case *ssa.Function:
+				case *ir.Function:
 					fn = val
-				case *ssa.MakeClosure:
-					fn = val.Fn.(*ssa.Function)
+				case *ir.MakeClosure:
+					fn = val.Fn.(*ir.Function)
 				default:
 					continue
 				}
@@ -2162,7 +2317,7 @@ func CheckConcurrentTesting(pass *analysis.Pass) (interface{}, error) {
 				}
 				for _, block := range fn.Blocks {
 					for _, ins := range block.Instrs {
-						call, ok := ins.(*ssa.Call)
+						call, ok := ins.(*ir.Call)
 						if !ok {
 							continue
 						}
@@ -2177,7 +2332,7 @@ func CheckConcurrentTesting(pass *analysis.Pass) (interface{}, error) {
 						if recv == nil {
 							continue
 						}
-						if !IsType(recv.Type(), "*testing.common") {
+						if !code.IsType(recv.Type(), "*testing.common") {
 							continue
 						}
 						fn, ok := call.Call.StaticCallee().Object().(*types.Func)
@@ -2190,7 +2345,11 @@ func CheckConcurrentTesting(pass *analysis.Pass) (interface{}, error) {
 						default:
 							continue
 						}
-						pass.Reportf(gostmt.Pos(), "the goroutine calls T.%s, which must be called in the same goroutine as the test", name)
+						// TODO(dh): don't report multiple diagnostics
+						// for multiple calls to T.Fatal, but do
+						// collect all of them as related information
+						report.Report(pass, gostmt, fmt.Sprintf("the goroutine calls T.%s, which must be called in the same goroutine as the test", name),
+							report.Related(call, fmt.Sprintf("call to T.%s", name)))
 					}
 				}
 			}
@@ -2199,12 +2358,12 @@ func CheckConcurrentTesting(pass *analysis.Pass) (interface{}, error) {
 	return nil, nil
 }
 
-func eachCall(ssafn *ssa.Function, fn func(caller *ssa.Function, site ssa.CallInstruction, callee *ssa.Function)) {
-	for _, b := range ssafn.Blocks {
+func eachCall(fn *ir.Function, cb func(caller *ir.Function, site ir.CallInstruction, callee *ir.Function)) {
+	for _, b := range fn.Blocks {
 		for _, instr := range b.Instrs {
-			if site, ok := instr.(ssa.CallInstruction); ok {
+			if site, ok := instr.(ir.CallInstruction); ok {
 				if g := site.Common().StaticCallee(); g != nil {
-					fn(ssafn, site, g)
+					cb(fn, site, g)
 				}
 			}
 		}
@@ -2212,62 +2371,62 @@ func eachCall(ssafn *ssa.Function, fn func(caller *ssa.Function, site ssa.CallIn
 }
 
 func CheckCyclicFinalizer(pass *analysis.Pass) (interface{}, error) {
-	fn := func(caller *ssa.Function, site ssa.CallInstruction, callee *ssa.Function) {
+	cb := func(caller *ir.Function, site ir.CallInstruction, callee *ir.Function) {
 		if callee.RelString(nil) != "runtime.SetFinalizer" {
 			return
 		}
 		arg0 := site.Common().Args[Arg("runtime.SetFinalizer.obj")]
-		if iface, ok := arg0.(*ssa.MakeInterface); ok {
+		if iface, ok := arg0.(*ir.MakeInterface); ok {
 			arg0 = iface.X
 		}
-		unop, ok := arg0.(*ssa.UnOp)
+		load, ok := arg0.(*ir.Load)
 		if !ok {
 			return
 		}
-		v, ok := unop.X.(*ssa.Alloc)
+		v, ok := load.X.(*ir.Alloc)
 		if !ok {
 			return
 		}
 		arg1 := site.Common().Args[Arg("runtime.SetFinalizer.finalizer")]
-		if iface, ok := arg1.(*ssa.MakeInterface); ok {
+		if iface, ok := arg1.(*ir.MakeInterface); ok {
 			arg1 = iface.X
 		}
-		mc, ok := arg1.(*ssa.MakeClosure)
+		mc, ok := arg1.(*ir.MakeClosure)
 		if !ok {
 			return
 		}
 		for _, b := range mc.Bindings {
 			if b == v {
 				pos := lint.DisplayPosition(pass.Fset, mc.Fn.Pos())
-				pass.Reportf(site.Pos(), "the finalizer closes over the object, preventing the finalizer from ever running (at %s)", pos)
+				report.Report(pass, site, fmt.Sprintf("the finalizer closes over the object, preventing the finalizer from ever running (at %s)", pos))
 			}
 		}
 	}
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		eachCall(ssafn, fn)
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		eachCall(fn, cb)
 	}
 	return nil, nil
 }
 
 /*
 func CheckSliceOutOfBounds(pass *analysis.Pass) (interface{}, error) {
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		for _, block := range ssafn.Blocks {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		for _, block := range fn.Blocks {
 			for _, ins := range block.Instrs {
-				ia, ok := ins.(*ssa.IndexAddr)
+				ia, ok := ins.(*ir.IndexAddr)
 				if !ok {
 					continue
 				}
 				if _, ok := ia.X.Type().Underlying().(*types.Slice); !ok {
 					continue
 				}
-				sr, ok1 := c.funcDescs.Get(ssafn).Ranges[ia.X].(vrp.SliceInterval)
-				idxr, ok2 := c.funcDescs.Get(ssafn).Ranges[ia.Index].(vrp.IntInterval)
+				sr, ok1 := c.funcDescs.Get(fn).Ranges[ia.X].(vrp.SliceInterval)
+				idxr, ok2 := c.funcDescs.Get(fn).Ranges[ia.Index].(vrp.IntInterval)
 				if !ok1 || !ok2 || !sr.IsKnown() || !idxr.IsKnown() || sr.Length.Empty() || idxr.Empty() {
 					continue
 				}
 				if idxr.Lower.Cmp(sr.Length.Upper) >= 0 {
-					ReportNodef(pass, ia, "index out of bounds")
+					report.Nodef(pass, ia, "index out of bounds")
 				}
 			}
 		}
@@ -2277,25 +2436,25 @@ func CheckSliceOutOfBounds(pass *analysis.Pass) (interface{}, error) {
 */
 
 func CheckDeferLock(pass *analysis.Pass) (interface{}, error) {
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		for _, block := range ssafn.Blocks {
-			instrs := FilterDebug(block.Instrs)
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		for _, block := range fn.Blocks {
+			instrs := code.FilterDebug(block.Instrs)
 			if len(instrs) < 2 {
 				continue
 			}
 			for i, ins := range instrs[:len(instrs)-1] {
-				call, ok := ins.(*ssa.Call)
+				call, ok := ins.(*ir.Call)
 				if !ok {
 					continue
 				}
-				if !IsCallTo(call.Common(), "(*sync.Mutex).Lock") && !IsCallTo(call.Common(), "(*sync.RWMutex).RLock") {
+				if !code.IsCallToAny(call.Common(), "(*sync.Mutex).Lock", "(*sync.RWMutex).RLock") {
 					continue
 				}
-				nins, ok := instrs[i+1].(*ssa.Defer)
+				nins, ok := instrs[i+1].(*ir.Defer)
 				if !ok {
 					continue
 				}
-				if !IsCallTo(&nins.Call, "(*sync.Mutex).Lock") && !IsCallTo(&nins.Call, "(*sync.RWMutex).RLock") {
+				if !code.IsCallToAny(&nins.Call, "(*sync.Mutex).Lock", "(*sync.RWMutex).RLock") {
 					continue
 				}
 				if call.Common().Args[0] != nins.Call.Args[0] {
@@ -2309,7 +2468,7 @@ func CheckDeferLock(pass *analysis.Pass) (interface{}, error) {
 				case "RLock":
 					alt = "RUnlock"
 				}
-				pass.Reportf(nins.Pos(), "deferring %s right after having locked already; did you mean to defer %s?", name, alt)
+				report.Report(pass, nins, fmt.Sprintf("deferring %s right after having locked already; did you mean to defer %s?", name, alt))
 			}
 		}
 	}
@@ -2317,22 +2476,22 @@ func CheckDeferLock(pass *analysis.Pass) (interface{}, error) {
 }
 
 func CheckNaNComparison(pass *analysis.Pass) (interface{}, error) {
-	isNaN := func(v ssa.Value) bool {
-		call, ok := v.(*ssa.Call)
+	isNaN := func(v ir.Value) bool {
+		call, ok := v.(*ir.Call)
 		if !ok {
 			return false
 		}
-		return IsCallTo(call.Common(), "math.NaN")
+		return code.IsCallTo(call.Common(), "math.NaN")
 	}
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		for _, block := range ssafn.Blocks {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		for _, block := range fn.Blocks {
 			for _, ins := range block.Instrs {
-				ins, ok := ins.(*ssa.BinOp)
+				ins, ok := ins.(*ir.BinOp)
 				if !ok {
 					continue
 				}
 				if isNaN(ins.X) || isNaN(ins.Y) {
-					pass.Reportf(ins.Pos(), "no value is equal to NaN, not even NaN itself")
+					report.Report(pass, ins, "no value is equal to NaN, not even NaN itself")
 				}
 			}
 		}
@@ -2341,12 +2500,12 @@ func CheckNaNComparison(pass *analysis.Pass) (interface{}, error) {
 }
 
 func CheckInfiniteRecursion(pass *analysis.Pass) (interface{}, error) {
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		eachCall(ssafn, func(caller *ssa.Function, site ssa.CallInstruction, callee *ssa.Function) {
-			if callee != ssafn {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		eachCall(fn, func(caller *ir.Function, site ir.CallInstruction, callee *ir.Function) {
+			if callee != fn {
 				return
 			}
-			if _, ok := site.(*ssa.Go); ok {
+			if _, ok := site.(*ir.Go); ok {
 				// Recursively spawning goroutines doesn't consume
 				// stack space infinitely, so don't flag it.
 				return
@@ -2354,14 +2513,14 @@ func CheckInfiniteRecursion(pass *analysis.Pass) (interface{}, error) {
 
 			block := site.Block()
 			canReturn := false
-			for _, b := range ssafn.Blocks {
+			for _, b := range fn.Blocks {
 				if block.Dominates(b) {
 					continue
 				}
 				if len(b.Instrs) == 0 {
 					continue
 				}
-				if _, ok := b.Instrs[len(b.Instrs)-1].(*ssa.Return); ok {
+				if _, ok := b.Control().(*ir.Return); ok {
 					canReturn = true
 					break
 				}
@@ -2369,7 +2528,7 @@ func CheckInfiniteRecursion(pass *analysis.Pass) (interface{}, error) {
 			if canReturn {
 				return
 			}
-			pass.Reportf(site.Pos(), "infinite recursive call")
+			report.Report(pass, site, "infinite recursive call")
 		})
 	}
 	return nil, nil
@@ -2402,141 +2561,211 @@ func isName(pass *analysis.Pass, expr ast.Expr, name string) bool {
 }
 
 func CheckLeakyTimeTick(pass *analysis.Pass) (interface{}, error) {
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		if IsInMain(pass, ssafn) || IsInTest(pass, ssafn) {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		if code.IsMainLike(pass) || code.IsInTest(pass, fn) {
 			continue
 		}
-		for _, block := range ssafn.Blocks {
+		for _, block := range fn.Blocks {
 			for _, ins := range block.Instrs {
-				call, ok := ins.(*ssa.Call)
-				if !ok || !IsCallTo(call.Common(), "time.Tick") {
+				call, ok := ins.(*ir.Call)
+				if !ok || !code.IsCallTo(call.Common(), "time.Tick") {
 					continue
 				}
 				if !functions.Terminates(call.Parent()) {
 					continue
 				}
-				pass.Reportf(call.Pos(), "using time.Tick leaks the underlying ticker, consider using it only in endless functions, tests and the main package, and use time.NewTicker here")
+				report.Report(pass, call, "using time.Tick leaks the underlying ticker, consider using it only in endless functions, tests and the main package, and use time.NewTicker here")
 			}
 		}
 	}
 	return nil, nil
 }
 
+var checkDoubleNegationQ = pattern.MustParse(`(UnaryExpr "!" single@(UnaryExpr "!" x))`)
+
 func CheckDoubleNegation(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
-		unary1 := node.(*ast.UnaryExpr)
-		unary2, ok := unary1.X.(*ast.UnaryExpr)
-		if !ok {
-			return
+		if m, ok := Match(pass, checkDoubleNegationQ, node); ok {
+			report.Report(pass, node, "negating a boolean twice has no effect; is this a typo?", report.Fixes(
+				edit.Fix("turn into single negation", edit.ReplaceWithNode(pass.Fset, node, m.State["single"].(ast.Node))),
+				edit.Fix("remove double negation", edit.ReplaceWithNode(pass.Fset, node, m.State["x"].(ast.Node)))))
 		}
-		if unary1.Op != token.NOT || unary2.Op != token.NOT {
-			return
-		}
-		ReportNodef(pass, unary1, "negating a boolean twice has no effect; is this a typo?")
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.UnaryExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.UnaryExpr)(nil))
 	return nil, nil
 }
 
-func hasSideEffects(node ast.Node) bool {
-	dynamic := false
-	ast.Inspect(node, func(node ast.Node) bool {
-		switch node := node.(type) {
-		case *ast.CallExpr:
-			dynamic = true
-			return false
-		case *ast.UnaryExpr:
-			if node.Op == token.ARROW {
-				dynamic = true
-				return false
-			}
-		}
-		return true
-	})
-	return dynamic
-}
-
 func CheckRepeatedIfElse(pass *analysis.Pass) (interface{}, error) {
 	seen := map[ast.Node]bool{}
 
-	var collectConds func(ifstmt *ast.IfStmt, inits []ast.Stmt, conds []ast.Expr) ([]ast.Stmt, []ast.Expr)
-	collectConds = func(ifstmt *ast.IfStmt, inits []ast.Stmt, conds []ast.Expr) ([]ast.Stmt, []ast.Expr) {
+	var collectConds func(ifstmt *ast.IfStmt, conds []ast.Expr) ([]ast.Expr, bool)
+	collectConds = func(ifstmt *ast.IfStmt, conds []ast.Expr) ([]ast.Expr, bool) {
 		seen[ifstmt] = true
+		// Bail if any if-statement has an Init statement or side effects in its condition
 		if ifstmt.Init != nil {
-			inits = append(inits, ifstmt.Init)
+			return nil, false
 		}
+		if code.MayHaveSideEffects(pass, ifstmt.Cond, nil) {
+			return nil, false
+		}
+
 		conds = append(conds, ifstmt.Cond)
 		if elsestmt, ok := ifstmt.Else.(*ast.IfStmt); ok {
-			return collectConds(elsestmt, inits, conds)
+			return collectConds(elsestmt, conds)
 		}
-		return inits, conds
+		return conds, true
 	}
 	fn := func(node ast.Node) {
 		ifstmt := node.(*ast.IfStmt)
 		if seen[ifstmt] {
+			// this if-statement is part of an if/else-if chain that we've already processed
 			return
 		}
-		inits, conds := collectConds(ifstmt, nil, nil)
-		if len(inits) > 0 {
+		if ifstmt.Else == nil {
+			// there can be at most one condition
 			return
 		}
-		for _, cond := range conds {
-			if hasSideEffects(cond) {
-				return
-			}
+		conds, ok := collectConds(ifstmt, nil)
+		if !ok {
+			return
+		}
+		if len(conds) < 2 {
+			return
 		}
 		counts := map[string]int{}
 		for _, cond := range conds {
-			s := Render(pass, cond)
+			s := report.Render(pass, cond)
 			counts[s]++
 			if counts[s] == 2 {
-				ReportNodef(pass, cond, "this condition occurs multiple times in this if/else if chain")
+				report.Report(pass, cond, "this condition occurs multiple times in this if/else if chain")
 			}
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.IfStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.IfStmt)(nil))
 	return nil, nil
 }
 
 func CheckSillyBitwiseOps(pass *analysis.Pass) (interface{}, error) {
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		for _, block := range ssafn.Blocks {
-			for _, ins := range block.Instrs {
-				ins, ok := ins.(*ssa.BinOp)
-				if !ok {
-					continue
-				}
+	// FIXME(dh): what happened here?
+	if false {
+		for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+			for _, block := range fn.Blocks {
+				for _, ins := range block.Instrs {
+					ins, ok := ins.(*ir.BinOp)
+					if !ok {
+						continue
+					}
 
-				if c, ok := ins.Y.(*ssa.Const); !ok || c.Value == nil || c.Value.Kind() != constant.Int || c.Uint64() != 0 {
-					continue
-				}
-				switch ins.Op {
-				case token.AND, token.OR, token.XOR:
-				default:
-					// we do not flag shifts because too often, x<<0 is part
-					// of a pattern, x<<0, x<<8, x<<16, ...
-					continue
-				}
-				path, _ := astutil.PathEnclosingInterval(File(pass, ins), ins.Pos(), ins.Pos())
-				if len(path) == 0 {
-					continue
-				}
-				if node, ok := path[0].(*ast.BinaryExpr); !ok || !IsZero(node.Y) {
-					continue
-				}
+					if c, ok := ins.Y.(*ir.Const); !ok || c.Value == nil || c.Value.Kind() != constant.Int || c.Uint64() != 0 {
+						continue
+					}
+					switch ins.Op {
+					case token.AND, token.OR, token.XOR:
+					default:
+						// we do not flag shifts because too often, x<<0 is part
+						// of a pattern, x<<0, x<<8, x<<16, ...
+						continue
+					}
+					path, _ := astutil.PathEnclosingInterval(code.File(pass, ins), ins.Pos(), ins.Pos())
+					if len(path) == 0 {
+						continue
+					}
 
-				switch ins.Op {
-				case token.AND:
-					pass.Reportf(ins.Pos(), "x & 0 always equals 0")
-				case token.OR, token.XOR:
-					pass.Reportf(ins.Pos(), "x %s 0 always equals x", ins.Op)
+					if node, ok := path[0].(*ast.BinaryExpr); !ok || !code.IsIntLiteral(node.Y, "0") {
+						continue
+					}
+
+					switch ins.Op {
+					case token.AND:
+						report.Report(pass, ins, "x & 0 always equals 0")
+					case token.OR, token.XOR:
+						report.Report(pass, ins, fmt.Sprintf("x %s 0 always equals x", ins.Op))
+					}
 				}
 			}
 		}
 	}
+	fn := func(node ast.Node) {
+		binop := node.(*ast.BinaryExpr)
+		b, ok := pass.TypesInfo.TypeOf(binop).Underlying().(*types.Basic)
+		if !ok {
+			return
+		}
+		if (b.Info() & types.IsInteger) == 0 {
+			return
+		}
+		switch binop.Op {
+		case token.AND, token.OR, token.XOR:
+		default:
+			// we do not flag shifts because too often, x<<0 is part
+			// of a pattern, x<<0, x<<8, x<<16, ...
+			return
+		}
+		switch y := binop.Y.(type) {
+		case *ast.Ident:
+			obj, ok := pass.TypesInfo.ObjectOf(y).(*types.Const)
+			if !ok {
+				return
+			}
+			if v, _ := constant.Int64Val(obj.Val()); v != 0 {
+				return
+			}
+			path, _ := astutil.PathEnclosingInterval(code.File(pass, obj), obj.Pos(), obj.Pos())
+			if len(path) < 2 {
+				return
+			}
+			spec, ok := path[1].(*ast.ValueSpec)
+			if !ok {
+				return
+			}
+			if len(spec.Names) != 1 || len(spec.Values) != 1 {
+				// TODO(dh): we could support this
+				return
+			}
+			ident, ok := spec.Values[0].(*ast.Ident)
+			if !ok {
+				return
+			}
+			if !isIota(pass.TypesInfo.ObjectOf(ident)) {
+				return
+			}
+			switch binop.Op {
+			case token.AND:
+				report.Report(pass, node,
+					fmt.Sprintf("%s always equals 0; %s is defined as iota and has value 0, maybe %s is meant to be 1 << iota?", report.Render(pass, binop), report.Render(pass, binop.Y), report.Render(pass, binop.Y)))
+			case token.OR, token.XOR:
+				report.Report(pass, node,
+					fmt.Sprintf("%s always equals %s; %s is defined as iota and has value 0, maybe %s is meant to be 1 << iota?", report.Render(pass, binop), report.Render(pass, binop.X), report.Render(pass, binop.Y), report.Render(pass, binop.Y)))
+			}
+		case *ast.BasicLit:
+			if !code.IsIntLiteral(binop.Y, "0") {
+				return
+			}
+			switch binop.Op {
+			case token.AND:
+				report.Report(pass, node, fmt.Sprintf("%s always equals 0", report.Render(pass, binop)))
+			case token.OR, token.XOR:
+				report.Report(pass, node, fmt.Sprintf("%s always equals %s", report.Render(pass, binop), report.Render(pass, binop.X)))
+			}
+		default:
+			return
+		}
+	}
+	code.Preorder(pass, fn, (*ast.BinaryExpr)(nil))
 	return nil, nil
 }
 
+func isIota(obj types.Object) bool {
+	if obj.Name() != "iota" {
+		return false
+	}
+	c, ok := obj.(*types.Const)
+	if !ok {
+		return false
+	}
+	return c.Pkg() == nil
+}
+
 func CheckNonOctalFileMode(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
 		call := node.(*ast.CallExpr)
@@ -2545,14 +2774,12 @@ func CheckNonOctalFileMode(pass *analysis.Pass) (interface{}, error) {
 			return
 		}
 		n := sig.Params().Len()
-		var args []int
 		for i := 0; i < n; i++ {
 			typ := sig.Params().At(i).Type()
-			if IsType(typ, "os.FileMode") {
-				args = append(args, i)
+			if !code.IsType(typ, "os.FileMode") {
+				continue
 			}
-		}
-		for _, i := range args {
+
 			lit, ok := call.Args[i].(*ast.BasicLit)
 			if !ok {
 				continue
@@ -2567,11 +2794,12 @@ func CheckNonOctalFileMode(pass *analysis.Pass) (interface{}, error) {
 				if err != nil {
 					continue
 				}
-				ReportNodef(pass, call.Args[i], "file mode '%s' evaluates to %#o; did you mean '0%s'?", lit.Value, v, lit.Value)
+				report.Report(pass, call.Args[i], fmt.Sprintf("file mode '%s' evaluates to %#o; did you mean '0%s'?", lit.Value, v, lit.Value),
+					report.Fixes(edit.Fix("fix octal literal", edit.ReplaceWithString(pass.Fset, call.Args[i], "0"+lit.Value))))
 			}
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CallExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
@@ -2579,12 +2807,12 @@ func CheckPureFunctions(pass *analysis.Pass) (interface{}, error) {
 	pure := pass.ResultOf[facts.Purity].(facts.PurityResult)
 
 fnLoop:
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		if IsInTest(pass, ssafn) {
-			params := ssafn.Signature.Params()
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		if code.IsInTest(pass, fn) {
+			params := fn.Signature.Params()
 			for i := 0; i < params.Len(); i++ {
 				param := params.At(i)
-				if IsType(param.Type(), "*testing.B") {
+				if code.IsType(param.Type(), "*testing.B") {
 					// Ignore discarded pure functions in code related
 					// to benchmarks. Instead of matching BenchmarkFoo
 					// functions, we match any function accepting a
@@ -2597,16 +2825,17 @@ fnLoop:
 			}
 		}
 
-		for _, b := range ssafn.Blocks {
+		for _, b := range fn.Blocks {
 			for _, ins := range b.Instrs {
-				ins, ok := ins.(*ssa.Call)
+				ins, ok := ins.(*ir.Call)
 				if !ok {
 					continue
 				}
 				refs := ins.Referrers()
-				if refs == nil || len(FilterDebug(*refs)) > 0 {
+				if refs == nil || len(code.FilterDebug(*refs)) > 0 {
 					continue
 				}
+
 				callee := ins.Common().StaticCallee()
 				if callee == nil {
 					continue
@@ -2616,8 +2845,11 @@ fnLoop:
 					continue
 				}
 				if _, ok := pure[callee.Object().(*types.Func)]; ok {
-					pass.Reportf(ins.Pos(), "%s is a pure function but its return value is ignored", callee.Name())
-					continue
+					if pass.Pkg.Path() == "fmt_test" && callee.Object().(*types.Func).FullName() == "fmt.Sprintf" {
+						// special case for benchmarks in the fmt package
+						continue
+					}
+					report.Report(pass, ins, fmt.Sprintf("%s is a pure function but its return value is ignored", callee.Name()))
 				}
 			}
 		}
@@ -2665,8 +2897,8 @@ func CheckDeprecated(pass *analysis.Pass) (interface{}, error) {
 			// already in 1.0, and we're targeting 1.2, it still
 			// makes sense to use the alternative from 1.0, to be
 			// future-proof.
-			minVersion := deprecated.Stdlib[SelectorName(pass, sel)].AlternativeAvailableSince
-			if !IsGoVersion(pass, minVersion) {
+			minVersion := deprecated.Stdlib[code.SelectorName(pass, sel)].AlternativeAvailableSince
+			if !code.IsGoVersion(pass, minVersion) {
 				return true
 			}
 
@@ -2677,27 +2909,29 @@ func CheckDeprecated(pass *analysis.Pass) (interface{}, error) {
 					return true
 				}
 			}
-			ReportNodef(pass, sel, "%s is deprecated: %s", Render(pass, sel), depr.Msg)
+			report.Report(pass, sel, fmt.Sprintf("%s is deprecated: %s", report.Render(pass, sel), depr.Msg))
 			return true
 		}
 		return true
 	}
 
-	imps := map[string]*types.Package{}
-	for _, imp := range pass.Pkg.Imports() {
-		imps[imp.Path()] = imp
-	}
 	fn2 := func(node ast.Node) {
 		spec := node.(*ast.ImportSpec)
+		var imp *types.Package
+		if spec.Name != nil {
+			imp = pass.TypesInfo.ObjectOf(spec.Name).(*types.PkgName).Imported()
+		} else {
+			imp = pass.TypesInfo.Implicits[spec].(*types.PkgName).Imported()
+		}
+
 		p := spec.Path.Value
 		path := p[1 : len(p)-1]
-		imp := imps[path]
 		if depr, ok := deprs.Packages[imp]; ok {
-			ReportNodef(pass, spec, "Package %s is deprecated: %s", path, depr.Msg)
+			report.Report(pass, spec, fmt.Sprintf("package %s is deprecated: %s", path, depr.Msg))
 		}
 	}
 	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Nodes(nil, fn)
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.ImportSpec)(nil)}, fn2)
+	code.Preorder(pass, fn2, (*ast.ImportSpec)(nil))
 	return nil, nil
 }
 
@@ -2708,8 +2942,7 @@ func callChecker(rules map[string]CallCheck) func(pass *analysis.Pass) (interfac
 }
 
 func checkCalls(pass *analysis.Pass, rules map[string]CallCheck) (interface{}, error) {
-	ranges := pass.ResultOf[valueRangesAnalyzer].(map[*ssa.Function]vrp.Ranges)
-	fn := func(caller *ssa.Function, site ssa.CallInstruction, callee *ssa.Function) {
+	cb := func(caller *ir.Function, site ir.CallInstruction, callee *ir.Function) {
 		obj, ok := callee.Object().(*types.Func)
 		if !ok {
 			return
@@ -2720,16 +2953,15 @@ func checkCalls(pass *analysis.Pass, rules map[string]CallCheck) (interface{}, e
 			return
 		}
 		var args []*Argument
-		ssaargs := site.Common().Args
+		irargs := site.Common().Args
 		if callee.Signature.Recv() != nil {
-			ssaargs = ssaargs[1:]
+			irargs = irargs[1:]
 		}
-		for _, arg := range ssaargs {
-			if iarg, ok := arg.(*ssa.MakeInterface); ok {
+		for _, arg := range irargs {
+			if iarg, ok := arg.(*ir.MakeInterface); ok {
 				arg = iarg.X
 			}
-			vr := ranges[site.Parent()][arg]
-			args = append(args, &Argument{Value: Value{arg, vr}})
+			args = append(args, &Argument{Value: Value{arg}})
 		}
 		call := &Call{
 			Pass:   pass,
@@ -2738,44 +2970,45 @@ func checkCalls(pass *analysis.Pass, rules map[string]CallCheck) (interface{}, e
 			Parent: site.Parent(),
 		}
 		r(call)
+		path, _ := astutil.PathEnclosingInterval(code.File(pass, site), site.Pos(), site.Pos())
+		var astcall *ast.CallExpr
+		for _, el := range path {
+			if expr, ok := el.(*ast.CallExpr); ok {
+				astcall = expr
+				break
+			}
+		}
 		for idx, arg := range call.Args {
-			_ = idx
 			for _, e := range arg.invalids {
-				// path, _ := astutil.PathEnclosingInterval(f.File, edge.Site.Pos(), edge.Site.Pos())
-				// if len(path) < 2 {
-				// 	continue
-				// }
-				// astcall, ok := path[0].(*ast.CallExpr)
-				// if !ok {
-				// 	continue
-				// }
-				// pass.Reportf(astcall.Args[idx], "%s", e)
-
-				pass.Reportf(site.Pos(), "%s", e)
+				if astcall != nil {
+					report.Report(pass, astcall.Args[idx], e)
+				} else {
+					report.Report(pass, site, e)
+				}
 			}
 		}
 		for _, e := range call.invalids {
-			pass.Reportf(call.Instr.Common().Pos(), "%s", e)
+			report.Report(pass, call.Instr, e)
 		}
 	}
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		eachCall(ssafn, fn)
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		eachCall(fn, cb)
 	}
 	return nil, nil
 }
 
-func shortCallName(call *ssa.CallCommon) string {
+func shortCallName(call *ir.CallCommon) string {
 	if call.IsInvoke() {
 		return ""
 	}
 	switch v := call.Value.(type) {
-	case *ssa.Function:
+	case *ir.Function:
 		fn, ok := v.Object().(*types.Func)
 		if !ok {
 			return ""
 		}
 		return fn.Name()
-	case *ssa.Builtin:
+	case *ir.Builtin:
 		return v.Name()
 	}
 	return ""
@@ -2786,9 +3019,9 @@ func CheckWriterBufferModified(pass *analysis.Pass) (interface{}, error) {
 	// Taint the argument as MUST_NOT_MODIFY, then propagate that
 	// through functions like bytes.Split
 
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		sig := ssafn.Signature
-		if ssafn.Name() != "Write" || sig.Recv() == nil || sig.Params().Len() != 1 || sig.Results().Len() != 2 {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		sig := fn.Signature
+		if fn.Name() != "Write" || sig.Recv() == nil || sig.Params().Len() != 1 || sig.Results().Len() != 2 {
 			continue
 		}
 		tArg, ok := sig.Params().At(0).Type().(*types.Slice)
@@ -2801,30 +3034,30 @@ func CheckWriterBufferModified(pass *analysis.Pass) (interface{}, error) {
 		if basic, ok := sig.Results().At(0).Type().(*types.Basic); !ok || basic.Kind() != types.Int {
 			continue
 		}
-		if named, ok := sig.Results().At(1).Type().(*types.Named); !ok || !IsType(named, "error") {
+		if named, ok := sig.Results().At(1).Type().(*types.Named); !ok || !code.IsType(named, "error") {
 			continue
 		}
 
-		for _, block := range ssafn.Blocks {
+		for _, block := range fn.Blocks {
 			for _, ins := range block.Instrs {
 				switch ins := ins.(type) {
-				case *ssa.Store:
-					addr, ok := ins.Addr.(*ssa.IndexAddr)
+				case *ir.Store:
+					addr, ok := ins.Addr.(*ir.IndexAddr)
 					if !ok {
 						continue
 					}
-					if addr.X != ssafn.Params[1] {
+					if addr.X != fn.Params[1] {
 						continue
 					}
-					pass.Reportf(ins.Pos(), "io.Writer.Write must not modify the provided buffer, not even temporarily")
-				case *ssa.Call:
-					if !IsCallTo(ins.Common(), "append") {
+					report.Report(pass, ins, "io.Writer.Write must not modify the provided buffer, not even temporarily")
+				case *ir.Call:
+					if !code.IsCallTo(ins.Common(), "append") {
 						continue
 					}
-					if ins.Common().Args[0] != ssafn.Params[1] {
+					if ins.Common().Args[0] != fn.Params[1] {
 						continue
 					}
-					pass.Reportf(ins.Pos(), "io.Writer.Write must not modify the provided buffer, not even temporarily")
+					report.Report(pass, ins, "io.Writer.Write must not modify the provided buffer, not even temporarily")
 				}
 			}
 		}
@@ -2845,14 +3078,14 @@ func loopedRegexp(name string) CallCheck {
 }
 
 func CheckEmptyBranch(pass *analysis.Pass) (interface{}, error) {
-	for _, ssafn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		if ssafn.Syntax() == nil {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		if fn.Source() == nil {
 			continue
 		}
-		if IsExample(ssafn) {
+		if code.IsExample(fn) {
 			continue
 		}
-		fn := func(node ast.Node) bool {
+		cb := func(node ast.Node) bool {
 			ifstmt, ok := node.(*ast.IfStmt)
 			if !ok {
 				return true
@@ -2862,26 +3095,26 @@ func CheckEmptyBranch(pass *analysis.Pass) (interface{}, error) {
 				if !ok || len(b.List) != 0 {
 					return true
 				}
-				ReportfFG(pass, ifstmt.Else.Pos(), "empty branch")
+				report.Report(pass, ifstmt.Else, "empty branch", report.FilterGenerated(), report.ShortRange())
 			}
 			if len(ifstmt.Body.List) != 0 {
 				return true
 			}
-			ReportfFG(pass, ifstmt.Pos(), "empty branch")
+			report.Report(pass, ifstmt, "empty branch", report.FilterGenerated(), report.ShortRange())
 			return true
 		}
-		Inspect(ssafn.Syntax(), fn)
+		Inspect(fn.Source(), cb)
 	}
 	return nil, nil
 }
 
 func CheckMapBytesKey(pass *analysis.Pass) (interface{}, error) {
-	for _, fn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
 		for _, b := range fn.Blocks {
 		insLoop:
 			for _, ins := range b.Instrs {
 				// find []byte -> string conversions
-				conv, ok := ins.(*ssa.Convert)
+				conv, ok := ins.(*ir.Convert)
 				if !ok || conv.Type() != types.Universe.Lookup("string").Type() {
 					continue
 				}
@@ -2898,7 +3131,7 @@ func CheckMapBytesKey(pass *analysis.Pass) (interface{}, error) {
 				// skip first reference, that's the conversion itself
 				for _, ref := range (*refs)[1:] {
 					switch ref := ref.(type) {
-					case *ssa.DebugRef:
+					case *ir.DebugRef:
 						if _, ok := ref.Expr.(*ast.Ident); !ok {
 							// the string seems to be used somewhere
 							// unexpected; the default branch should
@@ -2907,7 +3140,7 @@ func CheckMapBytesKey(pass *analysis.Pass) (interface{}, error) {
 						} else {
 							ident = true
 						}
-					case *ssa.Lookup:
+					case *ir.MapLookup:
 					default:
 						// the string is used somewhere else than a
 						// map lookup
@@ -2920,7 +3153,7 @@ func CheckMapBytesKey(pass *analysis.Pass) (interface{}, error) {
 				if !ident {
 					continue
 				}
-				pass.Reportf(conv.Pos(), "m[string(key)] would be more efficient than k := string(key); m[k]")
+				report.Report(pass, conv, "m[string(key)] would be more efficient than k := string(key); m[k]")
 			}
 		}
 	}
@@ -2932,20 +3165,30 @@ func CheckRangeStringRunes(pass *analysis.Pass) (interface{}, error) {
 }
 
 func CheckSelfAssignment(pass *analysis.Pass) (interface{}, error) {
+	pure := pass.ResultOf[facts.Purity].(facts.PurityResult)
+
 	fn := func(node ast.Node) {
 		assign := node.(*ast.AssignStmt)
 		if assign.Tok != token.ASSIGN || len(assign.Lhs) != len(assign.Rhs) {
 			return
 		}
-		for i, stmt := range assign.Lhs {
-			rlh := Render(pass, stmt)
-			rrh := Render(pass, assign.Rhs[i])
+		for i, lhs := range assign.Lhs {
+			rhs := assign.Rhs[i]
+			if reflect.TypeOf(lhs) != reflect.TypeOf(rhs) {
+				continue
+			}
+			if code.MayHaveSideEffects(pass, lhs, pure) || code.MayHaveSideEffects(pass, rhs, pure) {
+				continue
+			}
+
+			rlh := report.Render(pass, lhs)
+			rrh := report.Render(pass, rhs)
 			if rlh == rrh {
-				ReportfFG(pass, assign.Pos(), "self-assignment of %s to %s", rrh, rlh)
+				report.Report(pass, assign, fmt.Sprintf("self-assignment of %s to %s", rrh, rlh), report.FilterGenerated())
 			}
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.AssignStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.AssignStmt)(nil))
 	return nil, nil
 }
 
@@ -2976,9 +3219,10 @@ func CheckDuplicateBuildConstraints(pass *analysis.Pass) (interface{}, error) {
 					continue
 				}
 				if buildTagsIdentical(constraint1, constraint2) {
-					ReportfFG(pass, f.Pos(), "identical build constraints %q and %q",
+					msg := fmt.Sprintf("identical build constraints %q and %q",
 						strings.Join(constraint1, " "),
 						strings.Join(constraint2, " "))
+					report.Report(pass, f, msg, report.FilterGenerated(), report.ShortRange())
 				}
 			}
 		}
@@ -2989,19 +3233,17 @@ func CheckDuplicateBuildConstraints(pass *analysis.Pass) (interface{}, error) {
 func CheckSillyRegexp(pass *analysis.Pass) (interface{}, error) {
 	// We could use the rule checking engine for this, but the
 	// arguments aren't really invalid.
-	for _, fn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
 		for _, b := range fn.Blocks {
 			for _, ins := range b.Instrs {
-				call, ok := ins.(*ssa.Call)
+				call, ok := ins.(*ir.Call)
 				if !ok {
 					continue
 				}
-				switch CallName(call.Common()) {
-				case "regexp.MustCompile", "regexp.Compile", "regexp.Match", "regexp.MatchReader", "regexp.MatchString":
-				default:
+				if !code.IsCallToAny(call.Common(), "regexp.MustCompile", "regexp.Compile", "regexp.Match", "regexp.MatchReader", "regexp.MatchString") {
 					continue
 				}
-				c, ok := call.Common().Args[0].(*ssa.Const)
+				c, ok := call.Common().Args[0].(*ir.Const)
 				if !ok {
 					continue
 				}
@@ -3013,7 +3255,7 @@ func CheckSillyRegexp(pass *analysis.Pass) (interface{}, error) {
 				if re.Op != syntax.OpLiteral && re.Op != syntax.OpEmptyMatch {
 					continue
 				}
-				pass.Reportf(call.Pos(), "regular expression does not contain any meta characters")
+				report.Report(pass, call, "regular expression does not contain any meta characters")
 			}
 		}
 	}
@@ -3030,7 +3272,7 @@ func CheckMissingEnumTypesInDeclaration(pass *analysis.Pass) (interface{}, error
 			return
 		}
 
-		groups := GroupSpecs(pass.Fset, decl.Specs)
+		groups := code.GroupSpecs(pass.Fset, decl.Specs)
 	groupLoop:
 		for _, group := range groups {
 			if len(group) < 2 {
@@ -3063,30 +3305,37 @@ func CheckMissingEnumTypesInDeclaration(pass *analysis.Pass) (interface{}, error
 					continue groupLoop
 				}
 			}
-			ReportNodef(pass, group[0], "only the first constant in this group has an explicit type")
+			var edits []analysis.TextEdit
+			typ := group[0].(*ast.ValueSpec).Type
+			for _, spec := range group[1:] {
+				nspec := *spec.(*ast.ValueSpec)
+				nspec.Type = typ
+				edits = append(edits, edit.ReplaceWithNode(pass.Fset, spec, &nspec))
+			}
+			report.Report(pass, group[0], "only the first constant in this group has an explicit type", report.Fixes(edit.Fix("add type to all constants in group", edits...)))
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.GenDecl)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.GenDecl)(nil))
 	return nil, nil
 }
 
 func CheckTimerResetReturnValue(pass *analysis.Pass) (interface{}, error) {
-	for _, fn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
 		for _, block := range fn.Blocks {
 			for _, ins := range block.Instrs {
-				call, ok := ins.(*ssa.Call)
+				call, ok := ins.(*ir.Call)
 				if !ok {
 					continue
 				}
-				if !IsCallTo(call.Common(), "(*time.Timer).Reset") {
+				if !code.IsCallTo(call.Common(), "(*time.Timer).Reset") {
 					continue
 				}
 				refs := call.Referrers()
 				if refs == nil {
 					continue
 				}
-				for _, ref := range FilterDebug(*refs) {
-					ifstmt, ok := ref.(*ssa.If)
+				for _, ref := range code.FilterDebug(*refs) {
+					ifstmt, ok := ref.(*ir.If)
 					if !ok {
 						continue
 					}
@@ -3101,7 +3350,7 @@ func CheckTimerResetReturnValue(pass *analysis.Pass) (interface{}, error) {
 							// statements a la "if x || y"
 							continue
 						}
-						ssautil.Walk(succ, func(b *ssa.BasicBlock) bool {
+						irutil.Walk(succ, func(b *ir.BasicBlock) bool {
 							if !succ.Dominates(b) {
 								// We've reached the end of the branch
 								return false
@@ -3114,7 +3363,7 @@ func CheckTimerResetReturnValue(pass *analysis.Pass) (interface{}, error) {
 								// priority, considering the rarity of
 								// Reset and the tiny likeliness of a
 								// false positive
-								if ins, ok := ins.(*ssa.UnOp); ok && ins.Op == token.ARROW && IsType(ins.X.Type(), "<-chan time.Time") {
+								if ins, ok := ins.(*ir.Recv); ok && code.IsType(ins.Chan.Type(), "<-chan time.Time") {
 									found = true
 									return false
 								}
@@ -3124,7 +3373,7 @@ func CheckTimerResetReturnValue(pass *analysis.Pass) (interface{}, error) {
 					}
 
 					if found {
-						pass.Reportf(call.Pos(), "it is not possible to use Reset's return value correctly, as there is a race condition between draining the channel and the new timer expiring")
+						report.Report(pass, call, "it is not possible to use Reset's return value correctly, as there is a race condition between draining the channel and the new timer expiring")
 					}
 				}
 			}
@@ -3133,43 +3382,33 @@ func CheckTimerResetReturnValue(pass *analysis.Pass) (interface{}, error) {
 	return nil, nil
 }
 
+var (
+	checkToLowerToUpperComparisonQ = pattern.MustParse(`
+	(BinaryExpr
+		(CallExpr fun@(Function (Or "strings.ToLower" "strings.ToUpper")) [a])
+ 		tok@(Or "==" "!=")
+ 		(CallExpr fun [b]))`)
+	checkToLowerToUpperComparisonR = pattern.MustParse(`(CallExpr (SelectorExpr (Ident "strings") (Ident "EqualFold")) [a b])`)
+)
+
 func CheckToLowerToUpperComparison(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
-		binExpr := node.(*ast.BinaryExpr)
-
-		var negative bool
-		switch binExpr.Op {
-		case token.EQL:
-			negative = false
-		case token.NEQ:
-			negative = true
-		default:
+		m, ok := Match(pass, checkToLowerToUpperComparisonQ, node)
+		if !ok {
 			return
 		}
-
-		const (
-			lo = "strings.ToLower"
-			up = "strings.ToUpper"
-		)
-
-		var call string
-		if IsCallToAST(pass, binExpr.X, lo) && IsCallToAST(pass, binExpr.Y, lo) {
-			call = lo
-		} else if IsCallToAST(pass, binExpr.X, up) && IsCallToAST(pass, binExpr.Y, up) {
-			call = up
-		} else {
-			return
+		rn := pattern.NodeToAST(checkToLowerToUpperComparisonR.Root, m.State).(ast.Expr)
+		if m.State["tok"].(token.Token) == token.NEQ {
+			rn = &ast.UnaryExpr{
+				Op: token.NOT,
+				X:  rn,
+			}
 		}
 
-		bang := ""
-		if negative {
-			bang = "!"
-		}
-
-		ReportNodef(pass, binExpr, "should use %sstrings.EqualFold(a, b) instead of %s(a) %s %s(b)", bang, call, binExpr.Op, call)
+		report.Report(pass, node, "should use strings.EqualFold instead", report.Fixes(edit.Fix("replace with strings.EqualFold", edit.ReplaceWithNode(pass.Fset, node, rn))))
 	}
 
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.BinaryExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.BinaryExpr)(nil))
 	return nil, nil
 }
 
@@ -3231,32 +3470,47 @@ func CheckUnreachableTypeCases(pass *analysis.Pass) (interface{}, error) {
 		for i, cc := range ccs[:len(ccs)-1] {
 			for _, next := range ccs[i+1:] {
 				if T, V, yes := subsumesAny(cc.types, next.types); yes {
-					ReportNodef(pass, next.cc, "unreachable case clause: %s will always match before %s", T.String(), V.String())
+					report.Report(pass, next.cc, fmt.Sprintf("unreachable case clause: %s will always match before %s", T.String(), V.String()),
+						report.ShortRange())
 				}
 			}
 		}
 	}
 
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.TypeSwitchStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.TypeSwitchStmt)(nil))
 	return nil, nil
 }
 
+var checkSingleArgAppendQ = pattern.MustParse(`(CallExpr (Builtin "append") [_])`)
+
 func CheckSingleArgAppend(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
-		if !IsCallToAST(pass, node, "append") {
+		_, ok := Match(pass, checkSingleArgAppendQ, node)
+		if !ok {
 			return
 		}
-		call := node.(*ast.CallExpr)
-		if len(call.Args) != 1 {
-			return
-		}
-		ReportfFG(pass, call.Pos(), "x = append(y) is equivalent to x = y")
+		report.Report(pass, node, "x = append(y) is equivalent to x = y", report.FilterGenerated())
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.CallExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
 func CheckStructTags(pass *analysis.Pass) (interface{}, error) {
+	importsGoFlags := false
+
+	// we use the AST instead of (*types.Package).Imports to work
+	// around vendored packages in GOPATH mode. A vendored package's
+	// path will include the vendoring subtree as a prefix.
+	for _, f := range pass.Files {
+		for _, imp := range f.Imports {
+			v := imp.Path.Value
+			if v[1:len(v)-1] == "github.com/jessevdk/go-flags" {
+				importsGoFlags = true
+				break
+			}
+		}
+	}
+
 	fn := func(node ast.Node) {
 		for _, field := range node.(*ast.StructType).Fields.List {
 			if field.Tag == nil {
@@ -3264,13 +3518,16 @@ func CheckStructTags(pass *analysis.Pass) (interface{}, error) {
 			}
 			tags, err := parseStructTag(field.Tag.Value[1 : len(field.Tag.Value)-1])
 			if err != nil {
-				ReportNodef(pass, field.Tag, "unparseable struct tag: %s", err)
+				report.Report(pass, field.Tag, fmt.Sprintf("unparseable struct tag: %s", err))
 				continue
 			}
 			for k, v := range tags {
 				if len(v) > 1 {
-					ReportNodef(pass, field.Tag, "duplicate struct tag %q", k)
-					continue
+					isGoFlagsTag := importsGoFlags &&
+						(k == "choice" || k == "optional-value" || k == "default")
+					if !isGoFlagsTag {
+						report.Report(pass, field.Tag, fmt.Sprintf("duplicate struct tag %q", k))
+					}
 				}
 
 				switch k {
@@ -3282,18 +3539,24 @@ func CheckStructTags(pass *analysis.Pass) (interface{}, error) {
 			}
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.StructType)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.StructType)(nil))
 	return nil, nil
 }
 
 func checkJSONTag(pass *analysis.Pass, field *ast.Field, tag string) {
+	if pass.Pkg.Path() == "encoding/json" || pass.Pkg.Path() == "encoding/json_test" {
+		// don't flag malformed JSON tags in the encoding/json
+		// package; it knows what it is doing, and it is testing
+		// itself.
+		return
+	}
 	//lint:ignore SA9003 TODO(dh): should we flag empty tags?
 	if len(tag) == 0 {
 	}
 	fields := strings.Split(tag, ",")
 	for _, r := range fields[0] {
 		if !unicode.IsLetter(r) && !unicode.IsDigit(r) && !strings.ContainsRune("!#$%&()*+-./:<=>?@[]^_{|}~ ", r) {
-			ReportNodef(pass, field.Tag, "invalid JSON field name %q", fields[0])
+			report.Report(pass, field.Tag, fmt.Sprintf("invalid JSON field name %q", fields[0]))
 		}
 	}
 	var co, cs, ci int
@@ -3306,25 +3569,25 @@ func checkJSONTag(pass *analysis.Pass, field *ast.Field, tag string) {
 		case "string":
 			cs++
 			// only for string, floating point, integer and bool
-			T := Dereference(pass.TypesInfo.TypeOf(field.Type).Underlying()).Underlying()
+			T := code.Dereference(pass.TypesInfo.TypeOf(field.Type).Underlying()).Underlying()
 			basic, ok := T.(*types.Basic)
 			if !ok || (basic.Info()&(types.IsBoolean|types.IsInteger|types.IsFloat|types.IsString)) == 0 {
-				ReportNodef(pass, field.Tag, "the JSON string option only applies to fields of type string, floating point, integer or bool, or pointers to those")
+				report.Report(pass, field.Tag, "the JSON string option only applies to fields of type string, floating point, integer or bool, or pointers to those")
 			}
 		case "inline":
 			ci++
 		default:
-			ReportNodef(pass, field.Tag, "unknown JSON option %q", s)
+			report.Report(pass, field.Tag, fmt.Sprintf("unknown JSON option %q", s))
 		}
 	}
 	if co > 1 {
-		ReportNodef(pass, field.Tag, `duplicate JSON option "omitempty"`)
+		report.Report(pass, field.Tag, `duplicate JSON option "omitempty"`)
 	}
 	if cs > 1 {
-		ReportNodef(pass, field.Tag, `duplicate JSON option "string"`)
+		report.Report(pass, field.Tag, `duplicate JSON option "string"`)
 	}
 	if ci > 1 {
-		ReportNodef(pass, field.Tag, `duplicate JSON option "inline"`)
+		report.Report(pass, field.Tag, `duplicate JSON option "inline"`)
 	}
 }
 
@@ -3346,15 +3609,211 @@ func checkXMLTag(pass *analysis.Pass, field *ast.Field, tag string) {
 			counts[s]++
 		case "":
 		default:
-			ReportNodef(pass, field.Tag, "unknown XML option %q", s)
+			report.Report(pass, field.Tag, fmt.Sprintf("unknown XML option %q", s))
 		}
 	}
 	for k, v := range counts {
 		if v > 1 {
-			ReportNodef(pass, field.Tag, "duplicate XML option %q", k)
+			report.Report(pass, field.Tag, fmt.Sprintf("duplicate XML option %q", k))
 		}
 	}
 	if len(exclusives) > 1 {
-		ReportNodef(pass, field.Tag, "XML options %s are mutually exclusive", strings.Join(exclusives, " and "))
+		report.Report(pass, field.Tag, fmt.Sprintf("XML options %s are mutually exclusive", strings.Join(exclusives, " and ")))
 	}
 }
+
+func CheckImpossibleTypeAssertion(pass *analysis.Pass) (interface{}, error) {
+	type entry struct {
+		l, r *types.Func
+	}
+
+	msc := &pass.ResultOf[buildir.Analyzer].(*buildir.IR).Pkg.Prog.MethodSets
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		for _, b := range fn.Blocks {
+			for _, instr := range b.Instrs {
+				assert, ok := instr.(*ir.TypeAssert)
+				if !ok {
+					continue
+				}
+				var wrong []entry
+				left := assert.X.Type()
+				right := assert.AssertedType
+				righti, ok := right.Underlying().(*types.Interface)
+
+				if !ok {
+					// We only care about interface->interface
+					// assertions. The Go compiler already catches
+					// impossible interface->concrete assertions.
+					continue
+				}
+
+				ms := msc.MethodSet(left)
+				for i := 0; i < righti.NumMethods(); i++ {
+					mr := righti.Method(i)
+					sel := ms.Lookup(mr.Pkg(), mr.Name())
+					if sel == nil {
+						continue
+					}
+					ml := sel.Obj().(*types.Func)
+					if types.AssignableTo(ml.Type(), mr.Type()) {
+						continue
+					}
+
+					wrong = append(wrong, entry{ml, mr})
+				}
+
+				if len(wrong) != 0 {
+					s := fmt.Sprintf("impossible type assertion; %s and %s contradict each other:",
+						types.TypeString(left, types.RelativeTo(pass.Pkg)),
+						types.TypeString(right, types.RelativeTo(pass.Pkg)))
+					for _, e := range wrong {
+						s += fmt.Sprintf("\n\twrong type for %s method", e.l.Name())
+						s += fmt.Sprintf("\n\t\thave %s", e.l.Type())
+						s += fmt.Sprintf("\n\t\twant %s", e.r.Type())
+					}
+					report.Report(pass, assert, s)
+				}
+			}
+		}
+	}
+	return nil, nil
+}
+
+func checkWithValueKey(call *Call) {
+	arg := call.Args[1]
+	T := arg.Value.Value.Type()
+	if T, ok := T.(*types.Basic); ok {
+		arg.Invalid(
+			fmt.Sprintf("should not use built-in type %s as key for value; define your own type to avoid collisions", T))
+	}
+	if !types.Comparable(T) {
+		arg.Invalid(fmt.Sprintf("keys used with context.WithValue must be comparable, but type %s is not comparable", T))
+	}
+}
+
+func CheckMaybeNil(pass *analysis.Pass) (interface{}, error) {
+	// This is an extremely trivial check that doesn't try to reason
+	// about control flow. That is, phis and sigmas do not propagate
+	// any information. As such, we can flag this:
+	//
+	// 	_ = *x
+	// 	if x == nil { return }
+	//
+	// but we cannot flag this:
+	//
+	// 	if x == nil { println(x) }
+	// 	_ = *x
+	//
+	// nor many other variations of conditional uses of or assignments to x.
+	//
+	// However, even this trivial implementation finds plenty of
+	// real-world bugs, such as dereference before nil pointer check,
+	// or using t.Error instead of t.Fatal when encountering nil
+	// pointers.
+	//
+	// On the flip side, our naive implementation avoids false positives in branches, such as
+	//
+	// 	if x != nil { _ = *x }
+	//
+	// due to the same lack of propagating information through sigma
+	// nodes. x inside the branch will be independent of the x in the
+	// nil pointer check.
+	//
+	//
+	// We could implement a more powerful check, but then we'd be
+	// getting false positives instead of false negatives because
+	// we're incapable of deducing relationships between variables.
+	// For example, a function might return a pointer and an error,
+	// and the error being nil guarantees that the pointer is not nil.
+	// Depending on the surrounding code, the pointer may still end up
+	// being checked against nil in one place, and guarded by a check
+	// on the error in another, which would lead to us marking some
+	// loads as unsafe.
+	//
+	// Unfortunately, simply hard-coding the relationship between
+	// return values wouldn't eliminate all false positives, either.
+	// Many other more subtle relationships exist. An abridged example
+	// from real code:
+	//
+	// if a == nil && b == nil { return }
+	// c := fn(a)
+	// if c != "" { _ = *a }
+	//
+	// where `fn` is guaranteed to return a non-empty string if a
+	// isn't nil.
+	//
+	// We choose to err on the side of false negatives.
+
+	isNilConst := func(v ir.Value) bool {
+		if code.IsPointerLike(v.Type()) {
+			if k, ok := v.(*ir.Const); ok {
+				return k.IsNil()
+			}
+		}
+		return false
+	}
+
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		maybeNil := map[ir.Value]ir.Instruction{}
+		for _, b := range fn.Blocks {
+			for _, instr := range b.Instrs {
+				if instr, ok := instr.(*ir.BinOp); ok {
+					var ptr ir.Value
+					if isNilConst(instr.X) {
+						ptr = instr.Y
+					} else if isNilConst(instr.Y) {
+						ptr = instr.X
+					}
+					maybeNil[ptr] = instr
+				}
+			}
+		}
+
+		for _, b := range fn.Blocks {
+			for _, instr := range b.Instrs {
+				var ptr ir.Value
+				switch instr := instr.(type) {
+				case *ir.Load:
+					ptr = instr.X
+				case *ir.Store:
+					ptr = instr.Addr
+				case *ir.IndexAddr:
+					ptr = instr.X
+				case *ir.FieldAddr:
+					ptr = instr.X
+				}
+				if ptr != nil {
+					switch ptr.(type) {
+					case *ir.Alloc, *ir.FieldAddr, *ir.IndexAddr:
+						// these cannot be nil
+						continue
+					}
+					if r, ok := maybeNil[ptr]; ok {
+						report.Report(pass, instr, "possible nil pointer dereference",
+							report.Related(r, "this check suggests that the pointer can be nil"))
+					}
+				}
+			}
+		}
+	}
+
+	return nil, nil
+}
+
+var checkAddressIsNilQ = pattern.MustParse(
+	`(BinaryExpr
+		(UnaryExpr "&" _)
+		(Or "==" "!=")
+		(Builtin "nil"))`)
+
+func CheckAddressIsNil(pass *analysis.Pass) (interface{}, error) {
+	fn := func(node ast.Node) {
+		_, ok := Match(pass, checkAddressIsNilQ, node)
+		if !ok {
+			return
+		}
+		report.Report(pass, node, "the address of a variable cannot be nil")
+	}
+	code.Preorder(pass, fn, (*ast.BinaryExpr)(nil))
+	return nil, nil
+}
diff --git a/vendor/honnef.co/go/tools/staticcheck/rules.go b/vendor/honnef.co/go/tools/staticcheck/rules.go
index 0152cac1..57f7282d 100644
--- a/vendor/honnef.co/go/tools/staticcheck/rules.go
+++ b/vendor/honnef.co/go/tools/staticcheck/rules.go
@@ -14,9 +14,8 @@ import (
 	"unicode/utf8"
 
 	"golang.org/x/tools/go/analysis"
-	. "honnef.co/go/tools/lint/lintdsl"
-	"honnef.co/go/tools/ssa"
-	"honnef.co/go/tools/staticcheck/vrp"
+	"honnef.co/go/tools/code"
+	"honnef.co/go/tools/ir"
 )
 
 const (
@@ -27,10 +26,10 @@ const (
 
 type Call struct {
 	Pass  *analysis.Pass
-	Instr ssa.CallInstruction
+	Instr ir.CallInstruction
 	Args  []*Argument
 
-	Parent *ssa.Function
+	Parent *ir.Function
 
 	invalids []string
 }
@@ -44,22 +43,21 @@ type Argument struct {
 	invalids []string
 }
 
+type Value struct {
+	Value ir.Value
+}
+
 func (arg *Argument) Invalid(msg string) {
 	arg.invalids = append(arg.invalids, msg)
 }
 
-type Value struct {
-	Value ssa.Value
-	Range vrp.Range
-}
-
 type CallCheck func(call *Call)
 
-func extractConsts(v ssa.Value) []*ssa.Const {
+func extractConsts(v ir.Value) []*ir.Const {
 	switch v := v.(type) {
-	case *ssa.Const:
-		return []*ssa.Const{v}
-	case *ssa.MakeInterface:
+	case *ir.Const:
+		return []*ir.Const{v}
+	case *ir.MakeInterface:
 		return extractConsts(v.X)
 	default:
 		return nil
@@ -118,20 +116,6 @@ func ValidateURL(v Value) error {
 	return nil
 }
 
-func IntValue(v Value, z vrp.Z) bool {
-	r, ok := v.Range.(vrp.IntInterval)
-	if !ok || !r.IsKnown() {
-		return false
-	}
-	if r.Lower != r.Upper {
-		return false
-	}
-	if r.Lower.Cmp(z) == 0 {
-		return true
-	}
-	return false
-}
-
 func InvalidUTF8(v Value) bool {
 	for _, c := range extractConsts(v.Value) {
 		if c.Value == nil {
@@ -149,13 +133,21 @@ func InvalidUTF8(v Value) bool {
 }
 
 func UnbufferedChannel(v Value) bool {
-	r, ok := v.Range.(vrp.ChannelInterval)
-	if !ok || !r.IsKnown() {
+	// TODO(dh): this check of course misses many cases of unbuffered
+	// channels, such as any in phi or sigma nodes. We'll eventually
+	// replace this function.
+	val := v.Value
+	if ct, ok := val.(*ir.ChangeType); ok {
+		val = ct.X
+	}
+	mk, ok := val.(*ir.MakeChan)
+	if !ok {
 		return false
 	}
-	if r.Size.Lower.Cmp(vrp.NewZ(0)) == 0 &&
-		r.Size.Upper.Cmp(vrp.NewZ(0)) == 0 {
-		return true
+	if k, ok := mk.Size.(*ir.Const); ok && k.Value.Kind() == constant.Int {
+		if v, ok := constant.Int64Val(k.Value); ok && v == 0 {
+			return true
+		}
 	}
 	return false
 }
@@ -169,7 +161,7 @@ func Pointer(v Value) bool {
 }
 
 func ConvertedFromInt(v Value) bool {
-	conv, ok := v.Value.(*ssa.Convert)
+	conv, ok := v.Value.(*ir.Convert)
 	if !ok {
 		return false
 	}
@@ -193,7 +185,7 @@ func validEncodingBinaryType(pass *analysis.Pass, typ types.Type) bool {
 			types.Float32, types.Float64, types.Complex64, types.Complex128, types.Invalid:
 			return true
 		case types.Bool:
-			return IsGoVersion(pass, 8)
+			return code.IsGoVersion(pass, 8)
 		}
 		return false
 	case *types.Struct:
@@ -232,8 +224,10 @@ func CanBinaryMarshal(pass *analysis.Pass, v Value) bool {
 func RepeatZeroTimes(name string, arg int) CallCheck {
 	return func(call *Call) {
 		arg := call.Args[arg]
-		if IntValue(arg.Value, vrp.NewZ(0)) {
-			arg.Invalid(fmt.Sprintf("calling %s with n == 0 will return no results, did you mean -1?", name))
+		if k, ok := arg.Value.Value.(*ir.Const); ok && k.Value.Kind() == constant.Int {
+			if v, ok := constant.Int64Val(k.Value); ok && v == 0 {
+				arg.Invalid(fmt.Sprintf("calling %s with n == 0 will return no results, did you mean -1?", name))
+			}
 		}
 	}
 }
@@ -293,8 +287,8 @@ func ValidHostPort(v Value) bool {
 
 // ConvertedFrom reports whether value v was converted from type typ.
 func ConvertedFrom(v Value, typ string) bool {
-	change, ok := v.Value.(*ssa.ChangeType)
-	return ok && IsType(change.X.Type(), typ)
+	change, ok := v.Value.(*ir.ChangeType)
+	return ok && code.IsType(change.X.Type(), typ)
 }
 
 func UniqueStringCutset(v Value) bool {
diff --git a/vendor/honnef.co/go/tools/staticcheck/vrp/channel.go b/vendor/honnef.co/go/tools/staticcheck/vrp/channel.go
deleted file mode 100644
index 0ef73787..00000000
--- a/vendor/honnef.co/go/tools/staticcheck/vrp/channel.go
+++ /dev/null
@@ -1,73 +0,0 @@
-package vrp
-
-import (
-	"fmt"
-
-	"honnef.co/go/tools/ssa"
-)
-
-type ChannelInterval struct {
-	Size IntInterval
-}
-
-func (c ChannelInterval) Union(other Range) Range {
-	i, ok := other.(ChannelInterval)
-	if !ok {
-		i = ChannelInterval{EmptyIntInterval}
-	}
-	if c.Size.Empty() || !c.Size.IsKnown() {
-		return i
-	}
-	if i.Size.Empty() || !i.Size.IsKnown() {
-		return c
-	}
-	return ChannelInterval{
-		Size: c.Size.Union(i.Size).(IntInterval),
-	}
-}
-
-func (c ChannelInterval) String() string {
-	return c.Size.String()
-}
-
-func (c ChannelInterval) IsKnown() bool {
-	return c.Size.IsKnown()
-}
-
-type MakeChannelConstraint struct {
-	aConstraint
-	Buffer ssa.Value
-}
-type ChannelChangeTypeConstraint struct {
-	aConstraint
-	X ssa.Value
-}
-
-func NewMakeChannelConstraint(buffer, y ssa.Value) Constraint {
-	return &MakeChannelConstraint{NewConstraint(y), buffer}
-}
-func NewChannelChangeTypeConstraint(x, y ssa.Value) Constraint {
-	return &ChannelChangeTypeConstraint{NewConstraint(y), x}
-}
-
-func (c *MakeChannelConstraint) Operands() []ssa.Value       { return []ssa.Value{c.Buffer} }
-func (c *ChannelChangeTypeConstraint) Operands() []ssa.Value { return []ssa.Value{c.X} }
-
-func (c *MakeChannelConstraint) String() string {
-	return fmt.Sprintf("%s = make(chan, %s)", c.Y().Name(), c.Buffer.Name())
-}
-func (c *ChannelChangeTypeConstraint) String() string {
-	return fmt.Sprintf("%s = changetype(%s)", c.Y().Name(), c.X.Name())
-}
-
-func (c *MakeChannelConstraint) Eval(g *Graph) Range {
-	i, ok := g.Range(c.Buffer).(IntInterval)
-	if !ok {
-		return ChannelInterval{NewIntInterval(NewZ(0), PInfinity)}
-	}
-	if i.Lower.Sign() == -1 {
-		i.Lower = NewZ(0)
-	}
-	return ChannelInterval{i}
-}
-func (c *ChannelChangeTypeConstraint) Eval(g *Graph) Range { return g.Range(c.X) }
diff --git a/vendor/honnef.co/go/tools/staticcheck/vrp/int.go b/vendor/honnef.co/go/tools/staticcheck/vrp/int.go
deleted file mode 100644
index 926bb7af..00000000
--- a/vendor/honnef.co/go/tools/staticcheck/vrp/int.go
+++ /dev/null
@@ -1,476 +0,0 @@
-package vrp
-
-import (
-	"fmt"
-	"go/token"
-	"go/types"
-	"math/big"
-
-	"honnef.co/go/tools/ssa"
-)
-
-type Zs []Z
-
-func (zs Zs) Len() int {
-	return len(zs)
-}
-
-func (zs Zs) Less(i int, j int) bool {
-	return zs[i].Cmp(zs[j]) == -1
-}
-
-func (zs Zs) Swap(i int, j int) {
-	zs[i], zs[j] = zs[j], zs[i]
-}
-
-type Z struct {
-	infinity int8
-	integer  *big.Int
-}
-
-func NewZ(n int64) Z {
-	return NewBigZ(big.NewInt(n))
-}
-
-func NewBigZ(n *big.Int) Z {
-	return Z{integer: n}
-}
-
-func (z1 Z) Infinite() bool {
-	return z1.infinity != 0
-}
-
-func (z1 Z) Add(z2 Z) Z {
-	if z2.Sign() == -1 {
-		return z1.Sub(z2.Negate())
-	}
-	if z1 == NInfinity {
-		return NInfinity
-	}
-	if z1 == PInfinity {
-		return PInfinity
-	}
-	if z2 == PInfinity {
-		return PInfinity
-	}
-
-	if !z1.Infinite() && !z2.Infinite() {
-		n := &big.Int{}
-		n.Add(z1.integer, z2.integer)
-		return NewBigZ(n)
-	}
-
-	panic(fmt.Sprintf("%s + %s is not defined", z1, z2))
-}
-
-func (z1 Z) Sub(z2 Z) Z {
-	if z2.Sign() == -1 {
-		return z1.Add(z2.Negate())
-	}
-	if !z1.Infinite() && !z2.Infinite() {
-		n := &big.Int{}
-		n.Sub(z1.integer, z2.integer)
-		return NewBigZ(n)
-	}
-
-	if z1 != PInfinity && z2 == PInfinity {
-		return NInfinity
-	}
-	if z1.Infinite() && !z2.Infinite() {
-		return Z{infinity: z1.infinity}
-	}
-	if z1 == PInfinity && z2 == PInfinity {
-		return PInfinity
-	}
-	panic(fmt.Sprintf("%s - %s is not defined", z1, z2))
-}
-
-func (z1 Z) Mul(z2 Z) Z {
-	if (z1.integer != nil && z1.integer.Sign() == 0) ||
-		(z2.integer != nil && z2.integer.Sign() == 0) {
-		return NewBigZ(&big.Int{})
-	}
-
-	if z1.infinity != 0 || z2.infinity != 0 {
-		return Z{infinity: int8(z1.Sign() * z2.Sign())}
-	}
-
-	n := &big.Int{}
-	n.Mul(z1.integer, z2.integer)
-	return NewBigZ(n)
-}
-
-func (z1 Z) Negate() Z {
-	if z1.infinity == 1 {
-		return NInfinity
-	}
-	if z1.infinity == -1 {
-		return PInfinity
-	}
-	n := &big.Int{}
-	n.Neg(z1.integer)
-	return NewBigZ(n)
-}
-
-func (z1 Z) Sign() int {
-	if z1.infinity != 0 {
-		return int(z1.infinity)
-	}
-	return z1.integer.Sign()
-}
-
-func (z1 Z) String() string {
-	if z1 == NInfinity {
-		return "-∞"
-	}
-	if z1 == PInfinity {
-		return "∞"
-	}
-	return fmt.Sprintf("%d", z1.integer)
-}
-
-func (z1 Z) Cmp(z2 Z) int {
-	if z1.infinity == z2.infinity && z1.infinity != 0 {
-		return 0
-	}
-	if z1 == PInfinity {
-		return 1
-	}
-	if z1 == NInfinity {
-		return -1
-	}
-	if z2 == NInfinity {
-		return 1
-	}
-	if z2 == PInfinity {
-		return -1
-	}
-	return z1.integer.Cmp(z2.integer)
-}
-
-func MaxZ(zs ...Z) Z {
-	if len(zs) == 0 {
-		panic("Max called with no arguments")
-	}
-	if len(zs) == 1 {
-		return zs[0]
-	}
-	ret := zs[0]
-	for _, z := range zs[1:] {
-		if z.Cmp(ret) == 1 {
-			ret = z
-		}
-	}
-	return ret
-}
-
-func MinZ(zs ...Z) Z {
-	if len(zs) == 0 {
-		panic("Min called with no arguments")
-	}
-	if len(zs) == 1 {
-		return zs[0]
-	}
-	ret := zs[0]
-	for _, z := range zs[1:] {
-		if z.Cmp(ret) == -1 {
-			ret = z
-		}
-	}
-	return ret
-}
-
-var NInfinity = Z{infinity: -1}
-var PInfinity = Z{infinity: 1}
-var EmptyIntInterval = IntInterval{true, PInfinity, NInfinity}
-
-func InfinityFor(v ssa.Value) IntInterval {
-	if b, ok := v.Type().Underlying().(*types.Basic); ok {
-		if (b.Info() & types.IsUnsigned) != 0 {
-			return NewIntInterval(NewZ(0), PInfinity)
-		}
-	}
-	return NewIntInterval(NInfinity, PInfinity)
-}
-
-type IntInterval struct {
-	known bool
-	Lower Z
-	Upper Z
-}
-
-func NewIntInterval(l, u Z) IntInterval {
-	if u.Cmp(l) == -1 {
-		return EmptyIntInterval
-	}
-	return IntInterval{known: true, Lower: l, Upper: u}
-}
-
-func (i IntInterval) IsKnown() bool {
-	return i.known
-}
-
-func (i IntInterval) Empty() bool {
-	return i.Lower == PInfinity && i.Upper == NInfinity
-}
-
-func (i IntInterval) IsMaxRange() bool {
-	return i.Lower == NInfinity && i.Upper == PInfinity
-}
-
-func (i1 IntInterval) Intersection(i2 IntInterval) IntInterval {
-	if !i1.IsKnown() {
-		return i2
-	}
-	if !i2.IsKnown() {
-		return i1
-	}
-	if i1.Empty() || i2.Empty() {
-		return EmptyIntInterval
-	}
-	i3 := NewIntInterval(MaxZ(i1.Lower, i2.Lower), MinZ(i1.Upper, i2.Upper))
-	if i3.Lower.Cmp(i3.Upper) == 1 {
-		return EmptyIntInterval
-	}
-	return i3
-}
-
-func (i1 IntInterval) Union(other Range) Range {
-	i2, ok := other.(IntInterval)
-	if !ok {
-		i2 = EmptyIntInterval
-	}
-	if i1.Empty() || !i1.IsKnown() {
-		return i2
-	}
-	if i2.Empty() || !i2.IsKnown() {
-		return i1
-	}
-	return NewIntInterval(MinZ(i1.Lower, i2.Lower), MaxZ(i1.Upper, i2.Upper))
-}
-
-func (i1 IntInterval) Add(i2 IntInterval) IntInterval {
-	if i1.Empty() || i2.Empty() {
-		return EmptyIntInterval
-	}
-	l1, u1, l2, u2 := i1.Lower, i1.Upper, i2.Lower, i2.Upper
-	return NewIntInterval(l1.Add(l2), u1.Add(u2))
-}
-
-func (i1 IntInterval) Sub(i2 IntInterval) IntInterval {
-	if i1.Empty() || i2.Empty() {
-		return EmptyIntInterval
-	}
-	l1, u1, l2, u2 := i1.Lower, i1.Upper, i2.Lower, i2.Upper
-	return NewIntInterval(l1.Sub(u2), u1.Sub(l2))
-}
-
-func (i1 IntInterval) Mul(i2 IntInterval) IntInterval {
-	if i1.Empty() || i2.Empty() {
-		return EmptyIntInterval
-	}
-	x1, x2 := i1.Lower, i1.Upper
-	y1, y2 := i2.Lower, i2.Upper
-	return NewIntInterval(
-		MinZ(x1.Mul(y1), x1.Mul(y2), x2.Mul(y1), x2.Mul(y2)),
-		MaxZ(x1.Mul(y1), x1.Mul(y2), x2.Mul(y1), x2.Mul(y2)),
-	)
-}
-
-func (i1 IntInterval) String() string {
-	if !i1.IsKnown() {
-		return "[⊥, ⊥]"
-	}
-	if i1.Empty() {
-		return "{}"
-	}
-	return fmt.Sprintf("[%s, %s]", i1.Lower, i1.Upper)
-}
-
-type IntArithmeticConstraint struct {
-	aConstraint
-	A  ssa.Value
-	B  ssa.Value
-	Op token.Token
-	Fn func(IntInterval, IntInterval) IntInterval
-}
-
-type IntAddConstraint struct{ *IntArithmeticConstraint }
-type IntSubConstraint struct{ *IntArithmeticConstraint }
-type IntMulConstraint struct{ *IntArithmeticConstraint }
-
-type IntConversionConstraint struct {
-	aConstraint
-	X ssa.Value
-}
-
-type IntIntersectionConstraint struct {
-	aConstraint
-	ranges   Ranges
-	A        ssa.Value
-	B        ssa.Value
-	Op       token.Token
-	I        IntInterval
-	resolved bool
-}
-
-type IntIntervalConstraint struct {
-	aConstraint
-	I IntInterval
-}
-
-func NewIntArithmeticConstraint(a, b, y ssa.Value, op token.Token, fn func(IntInterval, IntInterval) IntInterval) *IntArithmeticConstraint {
-	return &IntArithmeticConstraint{NewConstraint(y), a, b, op, fn}
-}
-func NewIntAddConstraint(a, b, y ssa.Value) Constraint {
-	return &IntAddConstraint{NewIntArithmeticConstraint(a, b, y, token.ADD, IntInterval.Add)}
-}
-func NewIntSubConstraint(a, b, y ssa.Value) Constraint {
-	return &IntSubConstraint{NewIntArithmeticConstraint(a, b, y, token.SUB, IntInterval.Sub)}
-}
-func NewIntMulConstraint(a, b, y ssa.Value) Constraint {
-	return &IntMulConstraint{NewIntArithmeticConstraint(a, b, y, token.MUL, IntInterval.Mul)}
-}
-func NewIntConversionConstraint(x, y ssa.Value) Constraint {
-	return &IntConversionConstraint{NewConstraint(y), x}
-}
-func NewIntIntersectionConstraint(a, b ssa.Value, op token.Token, ranges Ranges, y ssa.Value) Constraint {
-	return &IntIntersectionConstraint{
-		aConstraint: NewConstraint(y),
-		ranges:      ranges,
-		A:           a,
-		B:           b,
-		Op:          op,
-	}
-}
-func NewIntIntervalConstraint(i IntInterval, y ssa.Value) Constraint {
-	return &IntIntervalConstraint{NewConstraint(y), i}
-}
-
-func (c *IntArithmeticConstraint) Operands() []ssa.Value   { return []ssa.Value{c.A, c.B} }
-func (c *IntConversionConstraint) Operands() []ssa.Value   { return []ssa.Value{c.X} }
-func (c *IntIntersectionConstraint) Operands() []ssa.Value { return []ssa.Value{c.A} }
-func (s *IntIntervalConstraint) Operands() []ssa.Value     { return nil }
-
-func (c *IntArithmeticConstraint) String() string {
-	return fmt.Sprintf("%s = %s %s %s", c.Y().Name(), c.A.Name(), c.Op, c.B.Name())
-}
-func (c *IntConversionConstraint) String() string {
-	return fmt.Sprintf("%s = %s(%s)", c.Y().Name(), c.Y().Type(), c.X.Name())
-}
-func (c *IntIntersectionConstraint) String() string {
-	return fmt.Sprintf("%s = %s %s %s (%t branch)", c.Y().Name(), c.A.Name(), c.Op, c.B.Name(), c.Y().(*ssa.Sigma).Branch)
-}
-func (c *IntIntervalConstraint) String() string { return fmt.Sprintf("%s = %s", c.Y().Name(), c.I) }
-
-func (c *IntArithmeticConstraint) Eval(g *Graph) Range {
-	i1, i2 := g.Range(c.A).(IntInterval), g.Range(c.B).(IntInterval)
-	if !i1.IsKnown() || !i2.IsKnown() {
-		return IntInterval{}
-	}
-	return c.Fn(i1, i2)
-}
-func (c *IntConversionConstraint) Eval(g *Graph) Range {
-	s := &types.StdSizes{
-		// XXX is it okay to assume the largest word size, or do we
-		// need to be platform specific?
-		WordSize: 8,
-		MaxAlign: 1,
-	}
-	fromI := g.Range(c.X).(IntInterval)
-	toI := g.Range(c.Y()).(IntInterval)
-	fromT := c.X.Type().Underlying().(*types.Basic)
-	toT := c.Y().Type().Underlying().(*types.Basic)
-	fromB := s.Sizeof(c.X.Type())
-	toB := s.Sizeof(c.Y().Type())
-
-	if !fromI.IsKnown() {
-		return toI
-	}
-	if !toI.IsKnown() {
-		return fromI
-	}
-
-	// uint<N> -> sint/uint<M>, M > N: [max(0, l1), min(2**N-1, u2)]
-	if (fromT.Info()&types.IsUnsigned != 0) &&
-		toB > fromB {
-
-		n := big.NewInt(1)
-		n.Lsh(n, uint(fromB*8))
-		n.Sub(n, big.NewInt(1))
-		return NewIntInterval(
-			MaxZ(NewZ(0), fromI.Lower),
-			MinZ(NewBigZ(n), toI.Upper),
-		)
-	}
-
-	// sint<N> -> sint<M>, M > N; [max(-∞, l1), min(2**N-1, u2)]
-	if (fromT.Info()&types.IsUnsigned == 0) &&
-		(toT.Info()&types.IsUnsigned == 0) &&
-		toB > fromB {
-
-		n := big.NewInt(1)
-		n.Lsh(n, uint(fromB*8))
-		n.Sub(n, big.NewInt(1))
-		return NewIntInterval(
-			MaxZ(NInfinity, fromI.Lower),
-			MinZ(NewBigZ(n), toI.Upper),
-		)
-	}
-
-	return fromI
-}
-func (c *IntIntersectionConstraint) Eval(g *Graph) Range {
-	xi := g.Range(c.A).(IntInterval)
-	if !xi.IsKnown() {
-		return c.I
-	}
-	return xi.Intersection(c.I)
-}
-func (c *IntIntervalConstraint) Eval(*Graph) Range { return c.I }
-
-func (c *IntIntersectionConstraint) Futures() []ssa.Value {
-	return []ssa.Value{c.B}
-}
-
-func (c *IntIntersectionConstraint) Resolve() {
-	r, ok := c.ranges[c.B].(IntInterval)
-	if !ok {
-		c.I = InfinityFor(c.Y())
-		return
-	}
-
-	switch c.Op {
-	case token.EQL:
-		c.I = r
-	case token.GTR:
-		c.I = NewIntInterval(r.Lower.Add(NewZ(1)), PInfinity)
-	case token.GEQ:
-		c.I = NewIntInterval(r.Lower, PInfinity)
-	case token.LSS:
-		// TODO(dh): do we need 0 instead of NInfinity for uints?
-		c.I = NewIntInterval(NInfinity, r.Upper.Sub(NewZ(1)))
-	case token.LEQ:
-		c.I = NewIntInterval(NInfinity, r.Upper)
-	case token.NEQ:
-		c.I = InfinityFor(c.Y())
-	default:
-		panic("unsupported op " + c.Op.String())
-	}
-}
-
-func (c *IntIntersectionConstraint) IsKnown() bool {
-	return c.I.IsKnown()
-}
-
-func (c *IntIntersectionConstraint) MarkUnresolved() {
-	c.resolved = false
-}
-
-func (c *IntIntersectionConstraint) MarkResolved() {
-	c.resolved = true
-}
-
-func (c *IntIntersectionConstraint) IsResolved() bool {
-	return c.resolved
-}
diff --git a/vendor/honnef.co/go/tools/staticcheck/vrp/slice.go b/vendor/honnef.co/go/tools/staticcheck/vrp/slice.go
deleted file mode 100644
index 40658dd8..00000000
--- a/vendor/honnef.co/go/tools/staticcheck/vrp/slice.go
+++ /dev/null
@@ -1,273 +0,0 @@
-package vrp
-
-// TODO(dh): most of the constraints have implementations identical to
-// that of strings. Consider reusing them.
-
-import (
-	"fmt"
-	"go/types"
-
-	"honnef.co/go/tools/ssa"
-)
-
-type SliceInterval struct {
-	Length IntInterval
-}
-
-func (s SliceInterval) Union(other Range) Range {
-	i, ok := other.(SliceInterval)
-	if !ok {
-		i = SliceInterval{EmptyIntInterval}
-	}
-	if s.Length.Empty() || !s.Length.IsKnown() {
-		return i
-	}
-	if i.Length.Empty() || !i.Length.IsKnown() {
-		return s
-	}
-	return SliceInterval{
-		Length: s.Length.Union(i.Length).(IntInterval),
-	}
-}
-func (s SliceInterval) String() string { return s.Length.String() }
-func (s SliceInterval) IsKnown() bool  { return s.Length.IsKnown() }
-
-type SliceAppendConstraint struct {
-	aConstraint
-	A ssa.Value
-	B ssa.Value
-}
-
-type SliceSliceConstraint struct {
-	aConstraint
-	X     ssa.Value
-	Lower ssa.Value
-	Upper ssa.Value
-}
-
-type ArraySliceConstraint struct {
-	aConstraint
-	X     ssa.Value
-	Lower ssa.Value
-	Upper ssa.Value
-}
-
-type SliceIntersectionConstraint struct {
-	aConstraint
-	X ssa.Value
-	I IntInterval
-}
-
-type SliceLengthConstraint struct {
-	aConstraint
-	X ssa.Value
-}
-
-type MakeSliceConstraint struct {
-	aConstraint
-	Size ssa.Value
-}
-
-type SliceIntervalConstraint struct {
-	aConstraint
-	I IntInterval
-}
-
-func NewSliceAppendConstraint(a, b, y ssa.Value) Constraint {
-	return &SliceAppendConstraint{NewConstraint(y), a, b}
-}
-func NewSliceSliceConstraint(x, lower, upper, y ssa.Value) Constraint {
-	return &SliceSliceConstraint{NewConstraint(y), x, lower, upper}
-}
-func NewArraySliceConstraint(x, lower, upper, y ssa.Value) Constraint {
-	return &ArraySliceConstraint{NewConstraint(y), x, lower, upper}
-}
-func NewSliceIntersectionConstraint(x ssa.Value, i IntInterval, y ssa.Value) Constraint {
-	return &SliceIntersectionConstraint{NewConstraint(y), x, i}
-}
-func NewSliceLengthConstraint(x, y ssa.Value) Constraint {
-	return &SliceLengthConstraint{NewConstraint(y), x}
-}
-func NewMakeSliceConstraint(size, y ssa.Value) Constraint {
-	return &MakeSliceConstraint{NewConstraint(y), size}
-}
-func NewSliceIntervalConstraint(i IntInterval, y ssa.Value) Constraint {
-	return &SliceIntervalConstraint{NewConstraint(y), i}
-}
-
-func (c *SliceAppendConstraint) Operands() []ssa.Value { return []ssa.Value{c.A, c.B} }
-func (c *SliceSliceConstraint) Operands() []ssa.Value {
-	ops := []ssa.Value{c.X}
-	if c.Lower != nil {
-		ops = append(ops, c.Lower)
-	}
-	if c.Upper != nil {
-		ops = append(ops, c.Upper)
-	}
-	return ops
-}
-func (c *ArraySliceConstraint) Operands() []ssa.Value {
-	ops := []ssa.Value{c.X}
-	if c.Lower != nil {
-		ops = append(ops, c.Lower)
-	}
-	if c.Upper != nil {
-		ops = append(ops, c.Upper)
-	}
-	return ops
-}
-func (c *SliceIntersectionConstraint) Operands() []ssa.Value { return []ssa.Value{c.X} }
-func (c *SliceLengthConstraint) Operands() []ssa.Value       { return []ssa.Value{c.X} }
-func (c *MakeSliceConstraint) Operands() []ssa.Value         { return []ssa.Value{c.Size} }
-func (s *SliceIntervalConstraint) Operands() []ssa.Value     { return nil }
-
-func (c *SliceAppendConstraint) String() string {
-	return fmt.Sprintf("%s = append(%s, %s)", c.Y().Name(), c.A.Name(), c.B.Name())
-}
-func (c *SliceSliceConstraint) String() string {
-	var lname, uname string
-	if c.Lower != nil {
-		lname = c.Lower.Name()
-	}
-	if c.Upper != nil {
-		uname = c.Upper.Name()
-	}
-	return fmt.Sprintf("%s[%s:%s]", c.X.Name(), lname, uname)
-}
-func (c *ArraySliceConstraint) String() string {
-	var lname, uname string
-	if c.Lower != nil {
-		lname = c.Lower.Name()
-	}
-	if c.Upper != nil {
-		uname = c.Upper.Name()
-	}
-	return fmt.Sprintf("%s[%s:%s]", c.X.Name(), lname, uname)
-}
-func (c *SliceIntersectionConstraint) String() string {
-	return fmt.Sprintf("%s = %s.%t ⊓ %s", c.Y().Name(), c.X.Name(), c.Y().(*ssa.Sigma).Branch, c.I)
-}
-func (c *SliceLengthConstraint) String() string {
-	return fmt.Sprintf("%s = len(%s)", c.Y().Name(), c.X.Name())
-}
-func (c *MakeSliceConstraint) String() string {
-	return fmt.Sprintf("%s = make(slice, %s)", c.Y().Name(), c.Size.Name())
-}
-func (c *SliceIntervalConstraint) String() string { return fmt.Sprintf("%s = %s", c.Y().Name(), c.I) }
-
-func (c *SliceAppendConstraint) Eval(g *Graph) Range {
-	l1 := g.Range(c.A).(SliceInterval).Length
-	var l2 IntInterval
-	switch r := g.Range(c.B).(type) {
-	case SliceInterval:
-		l2 = r.Length
-	case StringInterval:
-		l2 = r.Length
-	default:
-		return SliceInterval{}
-	}
-	if !l1.IsKnown() || !l2.IsKnown() {
-		return SliceInterval{}
-	}
-	return SliceInterval{
-		Length: l1.Add(l2),
-	}
-}
-func (c *SliceSliceConstraint) Eval(g *Graph) Range {
-	lr := NewIntInterval(NewZ(0), NewZ(0))
-	if c.Lower != nil {
-		lr = g.Range(c.Lower).(IntInterval)
-	}
-	ur := g.Range(c.X).(SliceInterval).Length
-	if c.Upper != nil {
-		ur = g.Range(c.Upper).(IntInterval)
-	}
-	if !lr.IsKnown() || !ur.IsKnown() {
-		return SliceInterval{}
-	}
-
-	ls := []Z{
-		ur.Lower.Sub(lr.Lower),
-		ur.Upper.Sub(lr.Lower),
-		ur.Lower.Sub(lr.Upper),
-		ur.Upper.Sub(lr.Upper),
-	}
-	// TODO(dh): if we don't truncate lengths to 0 we might be able to
-	// easily detect slices with high < low. we'd need to treat -∞
-	// specially, though.
-	for i, l := range ls {
-		if l.Sign() == -1 {
-			ls[i] = NewZ(0)
-		}
-	}
-
-	return SliceInterval{
-		Length: NewIntInterval(MinZ(ls...), MaxZ(ls...)),
-	}
-}
-func (c *ArraySliceConstraint) Eval(g *Graph) Range {
-	lr := NewIntInterval(NewZ(0), NewZ(0))
-	if c.Lower != nil {
-		lr = g.Range(c.Lower).(IntInterval)
-	}
-	var l int64
-	switch typ := c.X.Type().(type) {
-	case *types.Array:
-		l = typ.Len()
-	case *types.Pointer:
-		l = typ.Elem().(*types.Array).Len()
-	}
-	ur := NewIntInterval(NewZ(l), NewZ(l))
-	if c.Upper != nil {
-		ur = g.Range(c.Upper).(IntInterval)
-	}
-	if !lr.IsKnown() || !ur.IsKnown() {
-		return SliceInterval{}
-	}
-
-	ls := []Z{
-		ur.Lower.Sub(lr.Lower),
-		ur.Upper.Sub(lr.Lower),
-		ur.Lower.Sub(lr.Upper),
-		ur.Upper.Sub(lr.Upper),
-	}
-	// TODO(dh): if we don't truncate lengths to 0 we might be able to
-	// easily detect slices with high < low. we'd need to treat -∞
-	// specially, though.
-	for i, l := range ls {
-		if l.Sign() == -1 {
-			ls[i] = NewZ(0)
-		}
-	}
-
-	return SliceInterval{
-		Length: NewIntInterval(MinZ(ls...), MaxZ(ls...)),
-	}
-}
-func (c *SliceIntersectionConstraint) Eval(g *Graph) Range {
-	xi := g.Range(c.X).(SliceInterval)
-	if !xi.IsKnown() {
-		return c.I
-	}
-	return SliceInterval{
-		Length: xi.Length.Intersection(c.I),
-	}
-}
-func (c *SliceLengthConstraint) Eval(g *Graph) Range {
-	i := g.Range(c.X).(SliceInterval).Length
-	if !i.IsKnown() {
-		return NewIntInterval(NewZ(0), PInfinity)
-	}
-	return i
-}
-func (c *MakeSliceConstraint) Eval(g *Graph) Range {
-	i, ok := g.Range(c.Size).(IntInterval)
-	if !ok {
-		return SliceInterval{NewIntInterval(NewZ(0), PInfinity)}
-	}
-	if i.Lower.Sign() == -1 {
-		i.Lower = NewZ(0)
-	}
-	return SliceInterval{i}
-}
-func (c *SliceIntervalConstraint) Eval(*Graph) Range { return SliceInterval{c.I} }
diff --git a/vendor/honnef.co/go/tools/staticcheck/vrp/string.go b/vendor/honnef.co/go/tools/staticcheck/vrp/string.go
deleted file mode 100644
index e05877f9..00000000
--- a/vendor/honnef.co/go/tools/staticcheck/vrp/string.go
+++ /dev/null
@@ -1,258 +0,0 @@
-package vrp
-
-import (
-	"fmt"
-	"go/token"
-	"go/types"
-
-	"honnef.co/go/tools/ssa"
-)
-
-type StringInterval struct {
-	Length IntInterval
-}
-
-func (s StringInterval) Union(other Range) Range {
-	i, ok := other.(StringInterval)
-	if !ok {
-		i = StringInterval{EmptyIntInterval}
-	}
-	if s.Length.Empty() || !s.Length.IsKnown() {
-		return i
-	}
-	if i.Length.Empty() || !i.Length.IsKnown() {
-		return s
-	}
-	return StringInterval{
-		Length: s.Length.Union(i.Length).(IntInterval),
-	}
-}
-
-func (s StringInterval) String() string {
-	return s.Length.String()
-}
-
-func (s StringInterval) IsKnown() bool {
-	return s.Length.IsKnown()
-}
-
-type StringSliceConstraint struct {
-	aConstraint
-	X     ssa.Value
-	Lower ssa.Value
-	Upper ssa.Value
-}
-
-type StringIntersectionConstraint struct {
-	aConstraint
-	ranges   Ranges
-	A        ssa.Value
-	B        ssa.Value
-	Op       token.Token
-	I        IntInterval
-	resolved bool
-}
-
-type StringConcatConstraint struct {
-	aConstraint
-	A ssa.Value
-	B ssa.Value
-}
-
-type StringLengthConstraint struct {
-	aConstraint
-	X ssa.Value
-}
-
-type StringIntervalConstraint struct {
-	aConstraint
-	I IntInterval
-}
-
-func NewStringSliceConstraint(x, lower, upper, y ssa.Value) Constraint {
-	return &StringSliceConstraint{NewConstraint(y), x, lower, upper}
-}
-func NewStringIntersectionConstraint(a, b ssa.Value, op token.Token, ranges Ranges, y ssa.Value) Constraint {
-	return &StringIntersectionConstraint{
-		aConstraint: NewConstraint(y),
-		ranges:      ranges,
-		A:           a,
-		B:           b,
-		Op:          op,
-	}
-}
-func NewStringConcatConstraint(a, b, y ssa.Value) Constraint {
-	return &StringConcatConstraint{NewConstraint(y), a, b}
-}
-func NewStringLengthConstraint(x ssa.Value, y ssa.Value) Constraint {
-	return &StringLengthConstraint{NewConstraint(y), x}
-}
-func NewStringIntervalConstraint(i IntInterval, y ssa.Value) Constraint {
-	return &StringIntervalConstraint{NewConstraint(y), i}
-}
-
-func (c *StringSliceConstraint) Operands() []ssa.Value {
-	vs := []ssa.Value{c.X}
-	if c.Lower != nil {
-		vs = append(vs, c.Lower)
-	}
-	if c.Upper != nil {
-		vs = append(vs, c.Upper)
-	}
-	return vs
-}
-func (c *StringIntersectionConstraint) Operands() []ssa.Value { return []ssa.Value{c.A} }
-func (c StringConcatConstraint) Operands() []ssa.Value        { return []ssa.Value{c.A, c.B} }
-func (c *StringLengthConstraint) Operands() []ssa.Value       { return []ssa.Value{c.X} }
-func (s *StringIntervalConstraint) Operands() []ssa.Value     { return nil }
-
-func (c *StringSliceConstraint) String() string {
-	var lname, uname string
-	if c.Lower != nil {
-		lname = c.Lower.Name()
-	}
-	if c.Upper != nil {
-		uname = c.Upper.Name()
-	}
-	return fmt.Sprintf("%s[%s:%s]", c.X.Name(), lname, uname)
-}
-func (c *StringIntersectionConstraint) String() string {
-	return fmt.Sprintf("%s = %s %s %s (%t branch)", c.Y().Name(), c.A.Name(), c.Op, c.B.Name(), c.Y().(*ssa.Sigma).Branch)
-}
-func (c StringConcatConstraint) String() string {
-	return fmt.Sprintf("%s = %s + %s", c.Y().Name(), c.A.Name(), c.B.Name())
-}
-func (c *StringLengthConstraint) String() string {
-	return fmt.Sprintf("%s = len(%s)", c.Y().Name(), c.X.Name())
-}
-func (c *StringIntervalConstraint) String() string { return fmt.Sprintf("%s = %s", c.Y().Name(), c.I) }
-
-func (c *StringSliceConstraint) Eval(g *Graph) Range {
-	lr := NewIntInterval(NewZ(0), NewZ(0))
-	if c.Lower != nil {
-		lr = g.Range(c.Lower).(IntInterval)
-	}
-	ur := g.Range(c.X).(StringInterval).Length
-	if c.Upper != nil {
-		ur = g.Range(c.Upper).(IntInterval)
-	}
-	if !lr.IsKnown() || !ur.IsKnown() {
-		return StringInterval{}
-	}
-
-	ls := []Z{
-		ur.Lower.Sub(lr.Lower),
-		ur.Upper.Sub(lr.Lower),
-		ur.Lower.Sub(lr.Upper),
-		ur.Upper.Sub(lr.Upper),
-	}
-	// TODO(dh): if we don't truncate lengths to 0 we might be able to
-	// easily detect slices with high < low. we'd need to treat -∞
-	// specially, though.
-	for i, l := range ls {
-		if l.Sign() == -1 {
-			ls[i] = NewZ(0)
-		}
-	}
-
-	return StringInterval{
-		Length: NewIntInterval(MinZ(ls...), MaxZ(ls...)),
-	}
-}
-func (c *StringIntersectionConstraint) Eval(g *Graph) Range {
-	var l IntInterval
-	switch r := g.Range(c.A).(type) {
-	case StringInterval:
-		l = r.Length
-	case IntInterval:
-		l = r
-	}
-
-	if !l.IsKnown() {
-		return StringInterval{c.I}
-	}
-	return StringInterval{
-		Length: l.Intersection(c.I),
-	}
-}
-func (c StringConcatConstraint) Eval(g *Graph) Range {
-	i1, i2 := g.Range(c.A).(StringInterval), g.Range(c.B).(StringInterval)
-	if !i1.Length.IsKnown() || !i2.Length.IsKnown() {
-		return StringInterval{}
-	}
-	return StringInterval{
-		Length: i1.Length.Add(i2.Length),
-	}
-}
-func (c *StringLengthConstraint) Eval(g *Graph) Range {
-	i := g.Range(c.X).(StringInterval).Length
-	if !i.IsKnown() {
-		return NewIntInterval(NewZ(0), PInfinity)
-	}
-	return i
-}
-func (c *StringIntervalConstraint) Eval(*Graph) Range { return StringInterval{c.I} }
-
-func (c *StringIntersectionConstraint) Futures() []ssa.Value {
-	return []ssa.Value{c.B}
-}
-
-func (c *StringIntersectionConstraint) Resolve() {
-	if (c.A.Type().Underlying().(*types.Basic).Info() & types.IsString) != 0 {
-		// comparing two strings
-		r, ok := c.ranges[c.B].(StringInterval)
-		if !ok {
-			c.I = NewIntInterval(NewZ(0), PInfinity)
-			return
-		}
-		switch c.Op {
-		case token.EQL:
-			c.I = r.Length
-		case token.GTR, token.GEQ:
-			c.I = NewIntInterval(r.Length.Lower, PInfinity)
-		case token.LSS, token.LEQ:
-			c.I = NewIntInterval(NewZ(0), r.Length.Upper)
-		case token.NEQ:
-		default:
-			panic("unsupported op " + c.Op.String())
-		}
-	} else {
-		r, ok := c.ranges[c.B].(IntInterval)
-		if !ok {
-			c.I = NewIntInterval(NewZ(0), PInfinity)
-			return
-		}
-		// comparing two lengths
-		switch c.Op {
-		case token.EQL:
-			c.I = r
-		case token.GTR:
-			c.I = NewIntInterval(r.Lower.Add(NewZ(1)), PInfinity)
-		case token.GEQ:
-			c.I = NewIntInterval(r.Lower, PInfinity)
-		case token.LSS:
-			c.I = NewIntInterval(NInfinity, r.Upper.Sub(NewZ(1)))
-		case token.LEQ:
-			c.I = NewIntInterval(NInfinity, r.Upper)
-		case token.NEQ:
-		default:
-			panic("unsupported op " + c.Op.String())
-		}
-	}
-}
-
-func (c *StringIntersectionConstraint) IsKnown() bool {
-	return c.I.IsKnown()
-}
-
-func (c *StringIntersectionConstraint) MarkUnresolved() {
-	c.resolved = false
-}
-
-func (c *StringIntersectionConstraint) MarkResolved() {
-	c.resolved = true
-}
-
-func (c *StringIntersectionConstraint) IsResolved() bool {
-	return c.resolved
-}
diff --git a/vendor/honnef.co/go/tools/staticcheck/vrp/vrp.go b/vendor/honnef.co/go/tools/staticcheck/vrp/vrp.go
deleted file mode 100644
index 3c138e51..00000000
--- a/vendor/honnef.co/go/tools/staticcheck/vrp/vrp.go
+++ /dev/null
@@ -1,1056 +0,0 @@
-package vrp
-
-// TODO(dh) widening and narrowing have a lot of code in common. Make
-// it reusable.
-
-import (
-	"fmt"
-	"go/constant"
-	"go/token"
-	"go/types"
-	"math/big"
-	"sort"
-	"strings"
-
-	"honnef.co/go/tools/lint"
-	"honnef.co/go/tools/ssa"
-)
-
-type Future interface {
-	Constraint
-	Futures() []ssa.Value
-	Resolve()
-	IsKnown() bool
-	MarkUnresolved()
-	MarkResolved()
-	IsResolved() bool
-}
-
-type Range interface {
-	Union(other Range) Range
-	IsKnown() bool
-}
-
-type Constraint interface {
-	Y() ssa.Value
-	isConstraint()
-	String() string
-	Eval(*Graph) Range
-	Operands() []ssa.Value
-}
-
-type aConstraint struct {
-	y ssa.Value
-}
-
-func NewConstraint(y ssa.Value) aConstraint {
-	return aConstraint{y}
-}
-
-func (aConstraint) isConstraint()  {}
-func (c aConstraint) Y() ssa.Value { return c.y }
-
-type PhiConstraint struct {
-	aConstraint
-	Vars []ssa.Value
-}
-
-func NewPhiConstraint(vars []ssa.Value, y ssa.Value) Constraint {
-	uniqm := map[ssa.Value]struct{}{}
-	for _, v := range vars {
-		uniqm[v] = struct{}{}
-	}
-	var uniq []ssa.Value
-	for v := range uniqm {
-		uniq = append(uniq, v)
-	}
-	return &PhiConstraint{
-		aConstraint: NewConstraint(y),
-		Vars:        uniq,
-	}
-}
-
-func (c *PhiConstraint) Operands() []ssa.Value {
-	return c.Vars
-}
-
-func (c *PhiConstraint) Eval(g *Graph) Range {
-	i := Range(nil)
-	for _, v := range c.Vars {
-		i = g.Range(v).Union(i)
-	}
-	return i
-}
-
-func (c *PhiConstraint) String() string {
-	names := make([]string, len(c.Vars))
-	for i, v := range c.Vars {
-		names[i] = v.Name()
-	}
-	return fmt.Sprintf("%s = φ(%s)", c.Y().Name(), strings.Join(names, ", "))
-}
-
-func isSupportedType(typ types.Type) bool {
-	switch typ := typ.Underlying().(type) {
-	case *types.Basic:
-		switch typ.Kind() {
-		case types.String, types.UntypedString:
-			return true
-		default:
-			if (typ.Info() & types.IsInteger) == 0 {
-				return false
-			}
-		}
-	case *types.Chan:
-		return true
-	case *types.Slice:
-		return true
-	default:
-		return false
-	}
-	return true
-}
-
-func ConstantToZ(c constant.Value) Z {
-	s := constant.ToInt(c).ExactString()
-	n := &big.Int{}
-	n.SetString(s, 10)
-	return NewBigZ(n)
-}
-
-func sigmaInteger(g *Graph, ins *ssa.Sigma, cond *ssa.BinOp, ops []*ssa.Value) Constraint {
-	op := cond.Op
-	if !ins.Branch {
-		op = (invertToken(op))
-	}
-
-	switch op {
-	case token.EQL, token.GTR, token.GEQ, token.LSS, token.LEQ:
-	default:
-		return nil
-	}
-	var a, b ssa.Value
-	if (*ops[0]) == ins.X {
-		a = *ops[0]
-		b = *ops[1]
-	} else {
-		a = *ops[1]
-		b = *ops[0]
-		op = flipToken(op)
-	}
-	return NewIntIntersectionConstraint(a, b, op, g.ranges, ins)
-}
-
-func sigmaString(g *Graph, ins *ssa.Sigma, cond *ssa.BinOp, ops []*ssa.Value) Constraint {
-	op := cond.Op
-	if !ins.Branch {
-		op = (invertToken(op))
-	}
-
-	switch op {
-	case token.EQL, token.GTR, token.GEQ, token.LSS, token.LEQ:
-	default:
-		return nil
-	}
-
-	if ((*ops[0]).Type().Underlying().(*types.Basic).Info() & types.IsString) == 0 {
-		var a, b ssa.Value
-		call, ok := (*ops[0]).(*ssa.Call)
-		if ok && call.Common().Args[0] == ins.X {
-			a = *ops[0]
-			b = *ops[1]
-		} else {
-			a = *ops[1]
-			b = *ops[0]
-			op = flipToken(op)
-		}
-		return NewStringIntersectionConstraint(a, b, op, g.ranges, ins)
-	}
-	var a, b ssa.Value
-	if (*ops[0]) == ins.X {
-		a = *ops[0]
-		b = *ops[1]
-	} else {
-		a = *ops[1]
-		b = *ops[0]
-		op = flipToken(op)
-	}
-	return NewStringIntersectionConstraint(a, b, op, g.ranges, ins)
-}
-
-func sigmaSlice(g *Graph, ins *ssa.Sigma, cond *ssa.BinOp, ops []*ssa.Value) Constraint {
-	// TODO(dh) sigmaSlice and sigmaString are a lot alike. Can they
-	// be merged?
-	//
-	// XXX support futures
-
-	op := cond.Op
-	if !ins.Branch {
-		op = (invertToken(op))
-	}
-
-	k, ok := (*ops[1]).(*ssa.Const)
-	// XXX investigate in what cases this wouldn't be a Const
-	//
-	// XXX what if left and right are swapped?
-	if !ok {
-		return nil
-	}
-
-	call, ok := (*ops[0]).(*ssa.Call)
-	if !ok {
-		return nil
-	}
-	builtin, ok := call.Common().Value.(*ssa.Builtin)
-	if !ok {
-		return nil
-	}
-	if builtin.Name() != "len" {
-		return nil
-	}
-	callops := call.Operands(nil)
-
-	v := ConstantToZ(k.Value)
-	c := NewSliceIntersectionConstraint(*callops[1], IntInterval{}, ins).(*SliceIntersectionConstraint)
-	switch op {
-	case token.EQL:
-		c.I = NewIntInterval(v, v)
-	case token.GTR, token.GEQ:
-		off := int64(0)
-		if cond.Op == token.GTR {
-			off = 1
-		}
-		c.I = NewIntInterval(
-			v.Add(NewZ(off)),
-			PInfinity,
-		)
-	case token.LSS, token.LEQ:
-		off := int64(0)
-		if cond.Op == token.LSS {
-			off = -1
-		}
-		c.I = NewIntInterval(
-			NInfinity,
-			v.Add(NewZ(off)),
-		)
-	default:
-		return nil
-	}
-	return c
-}
-
-func BuildGraph(f *ssa.Function) *Graph {
-	g := &Graph{
-		Vertices: map[interface{}]*Vertex{},
-		ranges:   Ranges{},
-	}
-
-	var cs []Constraint
-
-	ops := make([]*ssa.Value, 16)
-	seen := map[ssa.Value]bool{}
-	for _, block := range f.Blocks {
-		for _, ins := range block.Instrs {
-			ops = ins.Operands(ops[:0])
-			for _, op := range ops {
-				if c, ok := (*op).(*ssa.Const); ok {
-					if seen[c] {
-						continue
-					}
-					seen[c] = true
-					if c.Value == nil {
-						switch c.Type().Underlying().(type) {
-						case *types.Slice:
-							cs = append(cs, NewSliceIntervalConstraint(NewIntInterval(NewZ(0), NewZ(0)), c))
-						}
-						continue
-					}
-					switch c.Value.Kind() {
-					case constant.Int:
-						v := ConstantToZ(c.Value)
-						cs = append(cs, NewIntIntervalConstraint(NewIntInterval(v, v), c))
-					case constant.String:
-						s := constant.StringVal(c.Value)
-						n := NewZ(int64(len(s)))
-						cs = append(cs, NewStringIntervalConstraint(NewIntInterval(n, n), c))
-					}
-				}
-			}
-		}
-	}
-	for _, block := range f.Blocks {
-		for _, ins := range block.Instrs {
-			switch ins := ins.(type) {
-			case *ssa.Convert:
-				switch v := ins.Type().Underlying().(type) {
-				case *types.Basic:
-					if (v.Info() & types.IsInteger) == 0 {
-						continue
-					}
-					cs = append(cs, NewIntConversionConstraint(ins.X, ins))
-				}
-			case *ssa.Call:
-				if static := ins.Common().StaticCallee(); static != nil {
-					if fn, ok := static.Object().(*types.Func); ok {
-						switch lint.FuncName(fn) {
-						case "bytes.Index", "bytes.IndexAny", "bytes.IndexByte",
-							"bytes.IndexFunc", "bytes.IndexRune", "bytes.LastIndex",
-							"bytes.LastIndexAny", "bytes.LastIndexByte", "bytes.LastIndexFunc",
-							"strings.Index", "strings.IndexAny", "strings.IndexByte",
-							"strings.IndexFunc", "strings.IndexRune", "strings.LastIndex",
-							"strings.LastIndexAny", "strings.LastIndexByte", "strings.LastIndexFunc":
-							// TODO(dh): instead of limiting by +∞,
-							// limit by the upper bound of the passed
-							// string
-							cs = append(cs, NewIntIntervalConstraint(NewIntInterval(NewZ(-1), PInfinity), ins))
-						case "bytes.Title", "bytes.ToLower", "bytes.ToTitle", "bytes.ToUpper",
-							"strings.Title", "strings.ToLower", "strings.ToTitle", "strings.ToUpper":
-							cs = append(cs, NewCopyConstraint(ins.Common().Args[0], ins))
-						case "bytes.ToLowerSpecial", "bytes.ToTitleSpecial", "bytes.ToUpperSpecial",
-							"strings.ToLowerSpecial", "strings.ToTitleSpecial", "strings.ToUpperSpecial":
-							cs = append(cs, NewCopyConstraint(ins.Common().Args[1], ins))
-						case "bytes.Compare", "strings.Compare":
-							cs = append(cs, NewIntIntervalConstraint(NewIntInterval(NewZ(-1), NewZ(1)), ins))
-						case "bytes.Count", "strings.Count":
-							// TODO(dh): instead of limiting by +∞,
-							// limit by the upper bound of the passed
-							// string.
-							cs = append(cs, NewIntIntervalConstraint(NewIntInterval(NewZ(0), PInfinity), ins))
-						case "bytes.Map", "bytes.TrimFunc", "bytes.TrimLeft", "bytes.TrimLeftFunc",
-							"bytes.TrimRight", "bytes.TrimRightFunc", "bytes.TrimSpace",
-							"strings.Map", "strings.TrimFunc", "strings.TrimLeft", "strings.TrimLeftFunc",
-							"strings.TrimRight", "strings.TrimRightFunc", "strings.TrimSpace":
-							// TODO(dh): lower = 0, upper = upper of passed string
-						case "bytes.TrimPrefix", "bytes.TrimSuffix",
-							"strings.TrimPrefix", "strings.TrimSuffix":
-							// TODO(dh) range between "unmodified" and len(cutset) removed
-						case "(*bytes.Buffer).Cap", "(*bytes.Buffer).Len", "(*bytes.Reader).Len", "(*bytes.Reader).Size":
-							cs = append(cs, NewIntIntervalConstraint(NewIntInterval(NewZ(0), PInfinity), ins))
-						}
-					}
-				}
-				builtin, ok := ins.Common().Value.(*ssa.Builtin)
-				ops := ins.Operands(nil)
-				if !ok {
-					continue
-				}
-				switch builtin.Name() {
-				case "len":
-					switch op1 := (*ops[1]).Type().Underlying().(type) {
-					case *types.Basic:
-						if op1.Kind() == types.String || op1.Kind() == types.UntypedString {
-							cs = append(cs, NewStringLengthConstraint(*ops[1], ins))
-						}
-					case *types.Slice:
-						cs = append(cs, NewSliceLengthConstraint(*ops[1], ins))
-					}
-
-				case "append":
-					cs = append(cs, NewSliceAppendConstraint(ins.Common().Args[0], ins.Common().Args[1], ins))
-				}
-			case *ssa.BinOp:
-				ops := ins.Operands(nil)
-				basic, ok := (*ops[0]).Type().Underlying().(*types.Basic)
-				if !ok {
-					continue
-				}
-				switch basic.Kind() {
-				case types.Int, types.Int8, types.Int16, types.Int32, types.Int64,
-					types.Uint, types.Uint8, types.Uint16, types.Uint32, types.Uint64, types.UntypedInt:
-					fns := map[token.Token]func(ssa.Value, ssa.Value, ssa.Value) Constraint{
-						token.ADD: NewIntAddConstraint,
-						token.SUB: NewIntSubConstraint,
-						token.MUL: NewIntMulConstraint,
-						// XXX support QUO, REM, SHL, SHR
-					}
-					fn, ok := fns[ins.Op]
-					if ok {
-						cs = append(cs, fn(*ops[0], *ops[1], ins))
-					}
-				case types.String, types.UntypedString:
-					if ins.Op == token.ADD {
-						cs = append(cs, NewStringConcatConstraint(*ops[0], *ops[1], ins))
-					}
-				}
-			case *ssa.Slice:
-				typ := ins.X.Type().Underlying()
-				switch typ := typ.(type) {
-				case *types.Basic:
-					cs = append(cs, NewStringSliceConstraint(ins.X, ins.Low, ins.High, ins))
-				case *types.Slice:
-					cs = append(cs, NewSliceSliceConstraint(ins.X, ins.Low, ins.High, ins))
-				case *types.Array:
-					cs = append(cs, NewArraySliceConstraint(ins.X, ins.Low, ins.High, ins))
-				case *types.Pointer:
-					if _, ok := typ.Elem().(*types.Array); !ok {
-						continue
-					}
-					cs = append(cs, NewArraySliceConstraint(ins.X, ins.Low, ins.High, ins))
-				}
-			case *ssa.Phi:
-				if !isSupportedType(ins.Type()) {
-					continue
-				}
-				ops := ins.Operands(nil)
-				dops := make([]ssa.Value, len(ops))
-				for i, op := range ops {
-					dops[i] = *op
-				}
-				cs = append(cs, NewPhiConstraint(dops, ins))
-			case *ssa.Sigma:
-				pred := ins.Block().Preds[0]
-				instrs := pred.Instrs
-				cond, ok := instrs[len(instrs)-1].(*ssa.If).Cond.(*ssa.BinOp)
-				ops := cond.Operands(nil)
-				if !ok {
-					continue
-				}
-				switch typ := ins.Type().Underlying().(type) {
-				case *types.Basic:
-					var c Constraint
-					switch typ.Kind() {
-					case types.Int, types.Int8, types.Int16, types.Int32, types.Int64,
-						types.Uint, types.Uint8, types.Uint16, types.Uint32, types.Uint64, types.UntypedInt:
-						c = sigmaInteger(g, ins, cond, ops)
-					case types.String, types.UntypedString:
-						c = sigmaString(g, ins, cond, ops)
-					}
-					if c != nil {
-						cs = append(cs, c)
-					}
-				case *types.Slice:
-					c := sigmaSlice(g, ins, cond, ops)
-					if c != nil {
-						cs = append(cs, c)
-					}
-				default:
-					//log.Printf("unsupported sigma type %T", typ) // XXX
-				}
-			case *ssa.MakeChan:
-				cs = append(cs, NewMakeChannelConstraint(ins.Size, ins))
-			case *ssa.MakeSlice:
-				cs = append(cs, NewMakeSliceConstraint(ins.Len, ins))
-			case *ssa.ChangeType:
-				switch ins.X.Type().Underlying().(type) {
-				case *types.Chan:
-					cs = append(cs, NewChannelChangeTypeConstraint(ins.X, ins))
-				}
-			}
-		}
-	}
-
-	for _, c := range cs {
-		if c == nil {
-			panic("nil constraint")
-		}
-		// If V is used in constraint C, then we create an edge V->C
-		for _, op := range c.Operands() {
-			g.AddEdge(op, c, false)
-		}
-		if c, ok := c.(Future); ok {
-			for _, op := range c.Futures() {
-				g.AddEdge(op, c, true)
-			}
-		}
-		// If constraint C defines variable V, then we create an edge
-		// C->V
-		g.AddEdge(c, c.Y(), false)
-	}
-
-	g.FindSCCs()
-	g.sccEdges = make([][]Edge, len(g.SCCs))
-	g.futures = make([][]Future, len(g.SCCs))
-	for _, e := range g.Edges {
-		g.sccEdges[e.From.SCC] = append(g.sccEdges[e.From.SCC], e)
-		if !e.control {
-			continue
-		}
-		if c, ok := e.To.Value.(Future); ok {
-			g.futures[e.From.SCC] = append(g.futures[e.From.SCC], c)
-		}
-	}
-	return g
-}
-
-func (g *Graph) Solve() Ranges {
-	var consts []Z
-	off := NewZ(1)
-	for _, n := range g.Vertices {
-		if c, ok := n.Value.(*ssa.Const); ok {
-			basic, ok := c.Type().Underlying().(*types.Basic)
-			if !ok {
-				continue
-			}
-			if (basic.Info() & types.IsInteger) != 0 {
-				z := ConstantToZ(c.Value)
-				consts = append(consts, z)
-				consts = append(consts, z.Add(off))
-				consts = append(consts, z.Sub(off))
-			}
-		}
-
-	}
-	sort.Sort(Zs(consts))
-
-	for scc, vertices := range g.SCCs {
-		n := 0
-		n = len(vertices)
-		if n == 1 {
-			g.resolveFutures(scc)
-			v := vertices[0]
-			if v, ok := v.Value.(ssa.Value); ok {
-				switch typ := v.Type().Underlying().(type) {
-				case *types.Basic:
-					switch typ.Kind() {
-					case types.String, types.UntypedString:
-						if !g.Range(v).(StringInterval).IsKnown() {
-							g.SetRange(v, StringInterval{NewIntInterval(NewZ(0), PInfinity)})
-						}
-					default:
-						if !g.Range(v).(IntInterval).IsKnown() {
-							g.SetRange(v, InfinityFor(v))
-						}
-					}
-				case *types.Chan:
-					if !g.Range(v).(ChannelInterval).IsKnown() {
-						g.SetRange(v, ChannelInterval{NewIntInterval(NewZ(0), PInfinity)})
-					}
-				case *types.Slice:
-					if !g.Range(v).(SliceInterval).IsKnown() {
-						g.SetRange(v, SliceInterval{NewIntInterval(NewZ(0), PInfinity)})
-					}
-				}
-			}
-			if c, ok := v.Value.(Constraint); ok {
-				g.SetRange(c.Y(), c.Eval(g))
-			}
-		} else {
-			uses := g.uses(scc)
-			entries := g.entries(scc)
-			for len(entries) > 0 {
-				v := entries[len(entries)-1]
-				entries = entries[:len(entries)-1]
-				for _, use := range uses[v] {
-					if g.widen(use, consts) {
-						entries = append(entries, use.Y())
-					}
-				}
-			}
-
-			g.resolveFutures(scc)
-
-			// XXX this seems to be necessary, but shouldn't be.
-			// removing it leads to nil pointer derefs; investigate
-			// where we're not setting values correctly.
-			for _, n := range vertices {
-				if v, ok := n.Value.(ssa.Value); ok {
-					i, ok := g.Range(v).(IntInterval)
-					if !ok {
-						continue
-					}
-					if !i.IsKnown() {
-						g.SetRange(v, InfinityFor(v))
-					}
-				}
-			}
-
-			actives := g.actives(scc)
-			for len(actives) > 0 {
-				v := actives[len(actives)-1]
-				actives = actives[:len(actives)-1]
-				for _, use := range uses[v] {
-					if g.narrow(use) {
-						actives = append(actives, use.Y())
-					}
-				}
-			}
-		}
-		// propagate scc
-		for _, edge := range g.sccEdges[scc] {
-			if edge.control {
-				continue
-			}
-			if edge.From.SCC == edge.To.SCC {
-				continue
-			}
-			if c, ok := edge.To.Value.(Constraint); ok {
-				g.SetRange(c.Y(), c.Eval(g))
-			}
-			if c, ok := edge.To.Value.(Future); ok {
-				if !c.IsKnown() {
-					c.MarkUnresolved()
-				}
-			}
-		}
-	}
-
-	for v, r := range g.ranges {
-		i, ok := r.(IntInterval)
-		if !ok {
-			continue
-		}
-		if (v.Type().Underlying().(*types.Basic).Info() & types.IsUnsigned) == 0 {
-			if i.Upper != PInfinity {
-				s := &types.StdSizes{
-					// XXX is it okay to assume the largest word size, or do we
-					// need to be platform specific?
-					WordSize: 8,
-					MaxAlign: 1,
-				}
-				bits := (s.Sizeof(v.Type()) * 8) - 1
-				n := big.NewInt(1)
-				n = n.Lsh(n, uint(bits))
-				upper, lower := &big.Int{}, &big.Int{}
-				upper.Sub(n, big.NewInt(1))
-				lower.Neg(n)
-
-				if i.Upper.Cmp(NewBigZ(upper)) == 1 {
-					i = NewIntInterval(NInfinity, PInfinity)
-				} else if i.Lower.Cmp(NewBigZ(lower)) == -1 {
-					i = NewIntInterval(NInfinity, PInfinity)
-				}
-			}
-		}
-
-		g.ranges[v] = i
-	}
-
-	return g.ranges
-}
-
-func VertexString(v *Vertex) string {
-	switch v := v.Value.(type) {
-	case Constraint:
-		return v.String()
-	case ssa.Value:
-		return v.Name()
-	case nil:
-		return "BUG: nil vertex value"
-	default:
-		panic(fmt.Sprintf("unexpected type %T", v))
-	}
-}
-
-type Vertex struct {
-	Value   interface{} // one of Constraint or ssa.Value
-	SCC     int
-	index   int
-	lowlink int
-	stack   bool
-
-	Succs []Edge
-}
-
-type Ranges map[ssa.Value]Range
-
-func (r Ranges) Get(x ssa.Value) Range {
-	if x == nil {
-		return nil
-	}
-	i, ok := r[x]
-	if !ok {
-		switch x := x.Type().Underlying().(type) {
-		case *types.Basic:
-			switch x.Kind() {
-			case types.String, types.UntypedString:
-				return StringInterval{}
-			default:
-				return IntInterval{}
-			}
-		case *types.Chan:
-			return ChannelInterval{}
-		case *types.Slice:
-			return SliceInterval{}
-		}
-	}
-	return i
-}
-
-type Graph struct {
-	Vertices map[interface{}]*Vertex
-	Edges    []Edge
-	SCCs     [][]*Vertex
-	ranges   Ranges
-
-	// map SCCs to futures
-	futures [][]Future
-	// map SCCs to edges
-	sccEdges [][]Edge
-}
-
-func (g Graph) Graphviz() string {
-	var lines []string
-	lines = append(lines, "digraph{")
-	ids := map[interface{}]int{}
-	i := 1
-	for _, v := range g.Vertices {
-		ids[v] = i
-		shape := "box"
-		if _, ok := v.Value.(ssa.Value); ok {
-			shape = "oval"
-		}
-		lines = append(lines, fmt.Sprintf(`n%d [shape="%s", label=%q, colorscheme=spectral11, style="filled", fillcolor="%d"]`,
-			i, shape, VertexString(v), (v.SCC%11)+1))
-		i++
-	}
-	for _, e := range g.Edges {
-		style := "solid"
-		if e.control {
-			style = "dashed"
-		}
-		lines = append(lines, fmt.Sprintf(`n%d -> n%d [style="%s"]`, ids[e.From], ids[e.To], style))
-	}
-	lines = append(lines, "}")
-	return strings.Join(lines, "\n")
-}
-
-func (g *Graph) SetRange(x ssa.Value, r Range) {
-	g.ranges[x] = r
-}
-
-func (g *Graph) Range(x ssa.Value) Range {
-	return g.ranges.Get(x)
-}
-
-func (g *Graph) widen(c Constraint, consts []Z) bool {
-	setRange := func(i Range) {
-		g.SetRange(c.Y(), i)
-	}
-	widenIntInterval := func(oi, ni IntInterval) (IntInterval, bool) {
-		if !ni.IsKnown() {
-			return oi, false
-		}
-		nlc := NInfinity
-		nuc := PInfinity
-
-		// Don't get stuck widening for an absurd amount of time due
-		// to an excess number of constants, as may be present in
-		// table-based scanners.
-		if len(consts) < 1000 {
-			for _, co := range consts {
-				if co.Cmp(ni.Lower) <= 0 {
-					nlc = co
-					break
-				}
-			}
-			for _, co := range consts {
-				if co.Cmp(ni.Upper) >= 0 {
-					nuc = co
-					break
-				}
-			}
-		}
-
-		if !oi.IsKnown() {
-			return ni, true
-		}
-		if ni.Lower.Cmp(oi.Lower) == -1 && ni.Upper.Cmp(oi.Upper) == 1 {
-			return NewIntInterval(nlc, nuc), true
-		}
-		if ni.Lower.Cmp(oi.Lower) == -1 {
-			return NewIntInterval(nlc, oi.Upper), true
-		}
-		if ni.Upper.Cmp(oi.Upper) == 1 {
-			return NewIntInterval(oi.Lower, nuc), true
-		}
-		return oi, false
-	}
-	switch oi := g.Range(c.Y()).(type) {
-	case IntInterval:
-		ni := c.Eval(g).(IntInterval)
-		si, changed := widenIntInterval(oi, ni)
-		if changed {
-			setRange(si)
-			return true
-		}
-		return false
-	case StringInterval:
-		ni := c.Eval(g).(StringInterval)
-		si, changed := widenIntInterval(oi.Length, ni.Length)
-		if changed {
-			setRange(StringInterval{si})
-			return true
-		}
-		return false
-	case SliceInterval:
-		ni := c.Eval(g).(SliceInterval)
-		si, changed := widenIntInterval(oi.Length, ni.Length)
-		if changed {
-			setRange(SliceInterval{si})
-			return true
-		}
-		return false
-	default:
-		return false
-	}
-}
-
-func (g *Graph) narrow(c Constraint) bool {
-	narrowIntInterval := func(oi, ni IntInterval) (IntInterval, bool) {
-		oLower := oi.Lower
-		oUpper := oi.Upper
-		nLower := ni.Lower
-		nUpper := ni.Upper
-
-		if oLower == NInfinity && nLower != NInfinity {
-			return NewIntInterval(nLower, oUpper), true
-		}
-		if oUpper == PInfinity && nUpper != PInfinity {
-			return NewIntInterval(oLower, nUpper), true
-		}
-		if oLower.Cmp(nLower) == 1 {
-			return NewIntInterval(nLower, oUpper), true
-		}
-		if oUpper.Cmp(nUpper) == -1 {
-			return NewIntInterval(oLower, nUpper), true
-		}
-		return oi, false
-	}
-	switch oi := g.Range(c.Y()).(type) {
-	case IntInterval:
-		ni := c.Eval(g).(IntInterval)
-		si, changed := narrowIntInterval(oi, ni)
-		if changed {
-			g.SetRange(c.Y(), si)
-			return true
-		}
-		return false
-	case StringInterval:
-		ni := c.Eval(g).(StringInterval)
-		si, changed := narrowIntInterval(oi.Length, ni.Length)
-		if changed {
-			g.SetRange(c.Y(), StringInterval{si})
-			return true
-		}
-		return false
-	case SliceInterval:
-		ni := c.Eval(g).(SliceInterval)
-		si, changed := narrowIntInterval(oi.Length, ni.Length)
-		if changed {
-			g.SetRange(c.Y(), SliceInterval{si})
-			return true
-		}
-		return false
-	default:
-		return false
-	}
-}
-
-func (g *Graph) resolveFutures(scc int) {
-	for _, c := range g.futures[scc] {
-		c.Resolve()
-	}
-}
-
-func (g *Graph) entries(scc int) []ssa.Value {
-	var entries []ssa.Value
-	for _, n := range g.Vertices {
-		if n.SCC != scc {
-			continue
-		}
-		if v, ok := n.Value.(ssa.Value); ok {
-			// XXX avoid quadratic runtime
-			//
-			// XXX I cannot think of any code where the future and its
-			// variables aren't in the same SCC, in which case this
-			// code isn't very useful (the variables won't be resolved
-			// yet). Before we have a cross-SCC example, however, we
-			// can't really verify that this code is working
-			// correctly, or indeed doing anything useful.
-			for _, on := range g.Vertices {
-				if c, ok := on.Value.(Future); ok {
-					if c.Y() == v {
-						if !c.IsResolved() {
-							g.SetRange(c.Y(), c.Eval(g))
-							c.MarkResolved()
-						}
-						break
-					}
-				}
-			}
-			if g.Range(v).IsKnown() {
-				entries = append(entries, v)
-			}
-		}
-	}
-	return entries
-}
-
-func (g *Graph) uses(scc int) map[ssa.Value][]Constraint {
-	m := map[ssa.Value][]Constraint{}
-	for _, e := range g.sccEdges[scc] {
-		if e.control {
-			continue
-		}
-		if v, ok := e.From.Value.(ssa.Value); ok {
-			c := e.To.Value.(Constraint)
-			sink := c.Y()
-			if g.Vertices[sink].SCC == scc {
-				m[v] = append(m[v], c)
-			}
-		}
-	}
-	return m
-}
-
-func (g *Graph) actives(scc int) []ssa.Value {
-	var actives []ssa.Value
-	for _, n := range g.Vertices {
-		if n.SCC != scc {
-			continue
-		}
-		if v, ok := n.Value.(ssa.Value); ok {
-			if _, ok := v.(*ssa.Const); !ok {
-				actives = append(actives, v)
-			}
-		}
-	}
-	return actives
-}
-
-func (g *Graph) AddEdge(from, to interface{}, ctrl bool) {
-	vf, ok := g.Vertices[from]
-	if !ok {
-		vf = &Vertex{Value: from}
-		g.Vertices[from] = vf
-	}
-	vt, ok := g.Vertices[to]
-	if !ok {
-		vt = &Vertex{Value: to}
-		g.Vertices[to] = vt
-	}
-	e := Edge{From: vf, To: vt, control: ctrl}
-	g.Edges = append(g.Edges, e)
-	vf.Succs = append(vf.Succs, e)
-}
-
-type Edge struct {
-	From, To *Vertex
-	control  bool
-}
-
-func (e Edge) String() string {
-	return fmt.Sprintf("%s -> %s", VertexString(e.From), VertexString(e.To))
-}
-
-func (g *Graph) FindSCCs() {
-	// use Tarjan to find the SCCs
-
-	index := 1
-	var s []*Vertex
-
-	scc := 0
-	var strongconnect func(v *Vertex)
-	strongconnect = func(v *Vertex) {
-		// set the depth index for v to the smallest unused index
-		v.index = index
-		v.lowlink = index
-		index++
-		s = append(s, v)
-		v.stack = true
-
-		for _, e := range v.Succs {
-			w := e.To
-			if w.index == 0 {
-				// successor w has not yet been visited; recurse on it
-				strongconnect(w)
-				if w.lowlink < v.lowlink {
-					v.lowlink = w.lowlink
-				}
-			} else if w.stack {
-				// successor w is in stack s and hence in the current scc
-				if w.index < v.lowlink {
-					v.lowlink = w.index
-				}
-			}
-		}
-
-		if v.lowlink == v.index {
-			for {
-				w := s[len(s)-1]
-				s = s[:len(s)-1]
-				w.stack = false
-				w.SCC = scc
-				if w == v {
-					break
-				}
-			}
-			scc++
-		}
-	}
-	for _, v := range g.Vertices {
-		if v.index == 0 {
-			strongconnect(v)
-		}
-	}
-
-	g.SCCs = make([][]*Vertex, scc)
-	for _, n := range g.Vertices {
-		n.SCC = scc - n.SCC - 1
-		g.SCCs[n.SCC] = append(g.SCCs[n.SCC], n)
-	}
-}
-
-func invertToken(tok token.Token) token.Token {
-	switch tok {
-	case token.LSS:
-		return token.GEQ
-	case token.GTR:
-		return token.LEQ
-	case token.EQL:
-		return token.NEQ
-	case token.NEQ:
-		return token.EQL
-	case token.GEQ:
-		return token.LSS
-	case token.LEQ:
-		return token.GTR
-	default:
-		panic(fmt.Sprintf("unsupported token %s", tok))
-	}
-}
-
-func flipToken(tok token.Token) token.Token {
-	switch tok {
-	case token.LSS:
-		return token.GTR
-	case token.GTR:
-		return token.LSS
-	case token.EQL:
-		return token.EQL
-	case token.NEQ:
-		return token.NEQ
-	case token.GEQ:
-		return token.LEQ
-	case token.LEQ:
-		return token.GEQ
-	default:
-		panic(fmt.Sprintf("unsupported token %s", tok))
-	}
-}
-
-type CopyConstraint struct {
-	aConstraint
-	X ssa.Value
-}
-
-func (c *CopyConstraint) String() string {
-	return fmt.Sprintf("%s = copy(%s)", c.Y().Name(), c.X.Name())
-}
-
-func (c *CopyConstraint) Eval(g *Graph) Range {
-	return g.Range(c.X)
-}
-
-func (c *CopyConstraint) Operands() []ssa.Value {
-	return []ssa.Value{c.X}
-}
-
-func NewCopyConstraint(x, y ssa.Value) Constraint {
-	return &CopyConstraint{
-		aConstraint: aConstraint{
-			y: y,
-		},
-		X: x,
-	}
-}
diff --git a/vendor/honnef.co/go/tools/stylecheck/analysis.go b/vendor/honnef.co/go/tools/stylecheck/analysis.go
index f252487f..0f93f443 100644
--- a/vendor/honnef.co/go/tools/stylecheck/analysis.go
+++ b/vendor/honnef.co/go/tools/stylecheck/analysis.go
@@ -1,111 +1,81 @@
 package stylecheck
 
 import (
-	"flag"
-
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/analysis/passes/inspect"
 	"honnef.co/go/tools/config"
 	"honnef.co/go/tools/facts"
-	"honnef.co/go/tools/internal/passes/buildssa"
+	"honnef.co/go/tools/internal/passes/buildir"
 	"honnef.co/go/tools/lint/lintutil"
 )
 
-func newFlagSet() flag.FlagSet {
-	fs := flag.NewFlagSet("", flag.PanicOnError)
-	fs.Var(lintutil.NewVersionFlag(), "go", "Target Go version")
-	return *fs
-}
-
-var Analyzers = map[string]*analysis.Analyzer{
+var Analyzers = lintutil.InitializeAnalyzers(Docs, map[string]*analysis.Analyzer{
 	"ST1000": {
-		Name:     "ST1000",
-		Run:      CheckPackageComment,
-		Doc:      Docs["ST1000"].String(),
-		Requires: []*analysis.Analyzer{},
-		Flags:    newFlagSet(),
+		Run: CheckPackageComment,
 	},
 	"ST1001": {
-		Name:     "ST1001",
 		Run:      CheckDotImports,
-		Doc:      Docs["ST1001"].String(),
 		Requires: []*analysis.Analyzer{facts.Generated, config.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"ST1003": {
-		Name:     "ST1003",
 		Run:      CheckNames,
-		Doc:      Docs["ST1003"].String(),
-		Requires: []*analysis.Analyzer{facts.Generated, config.Analyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated, config.Analyzer},
 	},
 	"ST1005": {
-		Name:     "ST1005",
 		Run:      CheckErrorStrings,
-		Doc:      Docs["ST1005"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
 	"ST1006": {
-		Name:     "ST1006",
 		Run:      CheckReceiverNames,
-		Doc:      Docs["ST1006"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer, facts.Generated},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer, facts.Generated},
 	},
 	"ST1008": {
-		Name:     "ST1008",
 		Run:      CheckErrorReturn,
-		Doc:      Docs["ST1008"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	},
 	"ST1011": {
-		Name:  "ST1011",
-		Run:   CheckTimeNames,
-		Doc:   Docs["ST1011"].String(),
-		Flags: newFlagSet(),
+		Run:      CheckTimeNames,
+		Requires: []*analysis.Analyzer{inspect.Analyzer},
 	},
 	"ST1012": {
-		Name:     "ST1012",
 		Run:      CheckErrorVarNames,
-		Doc:      Docs["ST1012"].String(),
 		Requires: []*analysis.Analyzer{config.Analyzer},
-		Flags:    newFlagSet(),
 	},
 	"ST1013": {
-		Name:     "ST1013",
-		Run:      CheckHTTPStatusCodes,
-		Doc:      Docs["ST1013"].String(),
-		Requires: []*analysis.Analyzer{facts.Generated, facts.TokenFile, config.Analyzer},
-		Flags:    newFlagSet(),
+		Run: CheckHTTPStatusCodes,
+		// TODO(dh): why does this depend on facts.TokenFile?
+		Requires: []*analysis.Analyzer{facts.Generated, facts.TokenFile, config.Analyzer, inspect.Analyzer},
 	},
 	"ST1015": {
-		Name:     "ST1015",
 		Run:      CheckDefaultCaseOrder,
-		Doc:      Docs["ST1015"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated, facts.TokenFile},
-		Flags:    newFlagSet(),
 	},
 	"ST1016": {
-		Name:     "ST1016",
 		Run:      CheckReceiverNamesIdentical,
-		Doc:      Docs["ST1016"].String(),
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
-		Flags:    newFlagSet(),
+		Requires: []*analysis.Analyzer{buildir.Analyzer, facts.Generated},
 	},
 	"ST1017": {
-		Name:     "ST1017",
 		Run:      CheckYodaConditions,
-		Doc:      Docs["ST1017"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer, facts.Generated, facts.TokenFile},
-		Flags:    newFlagSet(),
 	},
 	"ST1018": {
-		Name:     "ST1018",
 		Run:      CheckInvisibleCharacters,
-		Doc:      Docs["ST1018"].String(),
 		Requires: []*analysis.Analyzer{inspect.Analyzer},
-		Flags:    newFlagSet(),
 	},
-}
+	"ST1019": {
+		Run:      CheckDuplicatedImports,
+		Requires: []*analysis.Analyzer{facts.Generated, config.Analyzer},
+	},
+	"ST1020": {
+		Run:      CheckExportedFunctionDocs,
+		Requires: []*analysis.Analyzer{facts.Generated, inspect.Analyzer},
+	},
+	"ST1021": {
+		Run:      CheckExportedTypeDocs,
+		Requires: []*analysis.Analyzer{facts.Generated, inspect.Analyzer},
+	},
+	"ST1022": {
+		Run:      CheckExportedVarDocs,
+		Requires: []*analysis.Analyzer{facts.Generated, inspect.Analyzer},
+	},
+})
diff --git a/vendor/honnef.co/go/tools/stylecheck/doc.go b/vendor/honnef.co/go/tools/stylecheck/doc.go
index 9097214d..b8e7f3f9 100644
--- a/vendor/honnef.co/go/tools/stylecheck/doc.go
+++ b/vendor/honnef.co/go/tools/stylecheck/doc.go
@@ -3,7 +3,7 @@ package stylecheck
 import "honnef.co/go/tools/lint"
 
 var Docs = map[string]*lint.Documentation{
-	"ST1000": &lint.Documentation{
+	"ST1000": {
 		Title: `Incorrect or missing package comment`,
 		Text: `Packages must have a package comment that is formatted according to
 the guidelines laid out in
@@ -12,7 +12,7 @@ https://github.com/golang/go/wiki/CodeReviewComments#package-comments.`,
 		NonDefault: true,
 	},
 
-	"ST1001": &lint.Documentation{
+	"ST1001": {
 		Title: `Dot imports are discouraged`,
 		Text: `Dot imports that aren't in external test packages are discouraged.
 
@@ -42,7 +42,7 @@ Quoting Go Code Review Comments:
 		Options: []string{"dot_import_whitelist"},
 	},
 
-	"ST1003": &lint.Documentation{
+	"ST1003": {
 		Title: `Poorly chosen identifier`,
 		Text: `Identifiers, such as variable and package names, follow certain rules.
 
@@ -57,7 +57,7 @@ See the following links for details:
 		Options:    []string{"initialisms"},
 	},
 
-	"ST1005": &lint.Documentation{
+	"ST1005": {
 		Title: `Incorrectly formatted error string`,
 		Text: `Error strings follow a set of guidelines to ensure uniformity and good
 composability.
@@ -73,7 +73,7 @@ Quoting Go Code Review Comments:
 		Since: "2019.1",
 	},
 
-	"ST1006": &lint.Documentation{
+	"ST1006": {
 		Title: `Poorly chosen receiver name`,
 		Text: `Quoting Go Code Review Comments:
 
@@ -91,13 +91,13 @@ Quoting Go Code Review Comments:
 		Since: "2019.1",
 	},
 
-	"ST1008": &lint.Documentation{
+	"ST1008": {
 		Title: `A function's error value should be its last return value`,
 		Text:  `A function's error value should be its last return value.`,
 		Since: `2019.1`,
 	},
 
-	"ST1011": &lint.Documentation{
+	"ST1011": {
 		Title: `Poorly chosen name for variable of type time.Duration`,
 		Text: `time.Duration values represent an amount of time, which is represented
 as a count of nanoseconds. An expression like 5 * time.Microsecond
@@ -107,14 +107,14 @@ Milli.`,
 		Since: `2019.1`,
 	},
 
-	"ST1012": &lint.Documentation{
+	"ST1012": {
 		Title: `Poorly chosen name for error variable`,
 		Text: `Error variables that are part of an API should be called errFoo or
 ErrFoo.`,
 		Since: "2019.1",
 	},
 
-	"ST1013": &lint.Documentation{
+	"ST1013": {
 		Title: `Should use constants for HTTP error codes, not magic numbers`,
 		Text: `HTTP has a tremendous number of status codes. While some of those are
 well known (200, 400, 404, 500), most of them are not. The net/http
@@ -126,18 +126,18 @@ readability of your code.`,
 		Options: []string{"http_status_code_whitelist"},
 	},
 
-	"ST1015": &lint.Documentation{
+	"ST1015": {
 		Title: `A switch's default case should be the first or last case`,
 		Since: "2019.1",
 	},
 
-	"ST1016": &lint.Documentation{
+	"ST1016": {
 		Title:      `Use consistent method receiver names`,
 		Since:      "2019.1",
 		NonDefault: true,
 	},
 
-	"ST1017": &lint.Documentation{
+	"ST1017": {
 		Title: `Don't use Yoda conditions`,
 		Text: `Yoda conditions are conditions of the kind 'if 42 == x', where the
 literal is on the left side of the comparison. These are a common
@@ -147,8 +147,85 @@ bug, we prefer the more idiomatic 'if x == 42'.`,
 		Since: "2019.2",
 	},
 
-	"ST1018": &lint.Documentation{
+	"ST1018": {
 		Title: `Avoid zero-width and control characters in string literals`,
 		Since: "2019.2",
 	},
+
+	"ST1019": {
+		Title: `Importing the same package multiple times`,
+		Text: `Go allows importing the same package multiple times, as long as
+different import aliases are being used. That is, the following
+bit of code is valid:
+
+import (
+    "fmt"
+    fumpt "fmt"
+    format "fmt"
+    _ "fmt"
+)
+
+However, this is very rarely done on purpose. Usually, it is a
+sign of code that got refactored, accidentally adding duplicate
+import statements. It is also a rarely known feature, which may
+contribute to confusion.
+
+Do note that sometimes, this feature may be used
+intentionally (see for example
+https://github.com/golang/go/commit/3409ce39bfd7584523b7a8c150a310cea92d879d)
+– if you want to allow this pattern in your code base, you're
+advised to disable this check.`,
+		Since: "2020.1",
+	},
+
+	"ST1020": {
+		Title: "The documentation of an exported function should start with the function's name",
+		Text: `Doc comments work best as complete sentences, which
+allow a wide variety of automated presentations. The first sentence
+should be a one-sentence summary that starts with the name being
+declared.
+
+If every doc comment begins with the name of the item it describes,
+you can use the doc subcommand of the go tool and run the output
+through grep.
+
+See https://golang.org/doc/effective_go.html#commentary for more
+information on how to write good documentation.`,
+		Since:      "2020.1",
+		NonDefault: true,
+	},
+
+	"ST1021": {
+		Title: "The documentation of an exported type should start with type's name",
+		Text: `Doc comments work best as complete sentences, which
+allow a wide variety of automated presentations. The first sentence
+should be a one-sentence summary that starts with the name being
+declared.
+
+If every doc comment begins with the name of the item it describes,
+you can use the doc subcommand of the go tool and run the output
+through grep.
+
+See https://golang.org/doc/effective_go.html#commentary for more
+information on how to write good documentation.`,
+		Since:      "2020.1",
+		NonDefault: true,
+	},
+
+	"ST1022": {
+		Title: "The documentation of an exported variable or constant should start with variable's name",
+		Text: `Doc comments work best as complete sentences, which
+allow a wide variety of automated presentations. The first sentence
+should be a one-sentence summary that starts with the name being
+declared.
+
+If every doc comment begins with the name of the item it describes,
+you can use the doc subcommand of the go tool and run the output
+through grep.
+
+See https://golang.org/doc/effective_go.html#commentary for more
+information on how to write good documentation.`,
+		Since:      "2020.1",
+		NonDefault: true,
+	},
 }
diff --git a/vendor/honnef.co/go/tools/stylecheck/lint.go b/vendor/honnef.co/go/tools/stylecheck/lint.go
index 1699d589..75a0112b 100644
--- a/vendor/honnef.co/go/tools/stylecheck/lint.go
+++ b/vendor/honnef.co/go/tools/stylecheck/lint.go
@@ -6,15 +6,20 @@ import (
 	"go/constant"
 	"go/token"
 	"go/types"
+	"sort"
 	"strconv"
 	"strings"
 	"unicode"
 	"unicode/utf8"
 
+	"honnef.co/go/tools/code"
 	"honnef.co/go/tools/config"
-	"honnef.co/go/tools/internal/passes/buildssa"
+	"honnef.co/go/tools/edit"
+	"honnef.co/go/tools/internal/passes/buildir"
+	"honnef.co/go/tools/ir"
 	. "honnef.co/go/tools/lint/lintdsl"
-	"honnef.co/go/tools/ssa"
+	"honnef.co/go/tools/pattern"
+	"honnef.co/go/tools/report"
 
 	"golang.org/x/tools/go/analysis"
 	"golang.org/x/tools/go/analysis/passes/inspect"
@@ -36,14 +41,14 @@ func CheckPackageComment(pass *analysis.Pass) (interface{}, error) {
 	}
 	hasDocs := false
 	for _, f := range pass.Files {
-		if IsInTest(pass, f) {
+		if code.IsInTest(pass, f) {
 			continue
 		}
 		if f.Doc != nil && len(f.Doc.List) > 0 {
 			hasDocs = true
 			prefix := "Package " + f.Name.Name + " "
 			if !strings.HasPrefix(strings.TrimSpace(f.Doc.Text()), prefix) {
-				ReportNodef(pass, f.Doc, `package comment should be of the form "%s..."`, prefix)
+				report.Report(pass, f.Doc, fmt.Sprintf(`package comment should be of the form "%s..."`, prefix))
 			}
 			f.Doc.Text()
 		}
@@ -51,10 +56,10 @@ func CheckPackageComment(pass *analysis.Pass) (interface{}, error) {
 
 	if !hasDocs {
 		for _, f := range pass.Files {
-			if IsInTest(pass, f) {
+			if code.IsInTest(pass, f) {
 				continue
 			}
-			ReportNodef(pass, f, "at least one file in a package should have a package comment")
+			report.Report(pass, f, "at least one file in a package should have a package comment", report.ShortRange())
 		}
 	}
 	return nil, nil
@@ -72,8 +77,38 @@ func CheckDotImports(pass *analysis.Pass) (interface{}, error) {
 				}
 			}
 
-			if imp.Name != nil && imp.Name.Name == "." && !IsInTest(pass, f) {
-				ReportNodefFG(pass, imp, "should not use dot imports")
+			if imp.Name != nil && imp.Name.Name == "." && !code.IsInTest(pass, f) {
+				report.Report(pass, imp, "should not use dot imports", report.FilterGenerated())
+			}
+		}
+	}
+	return nil, nil
+}
+
+func CheckDuplicatedImports(pass *analysis.Pass) (interface{}, error) {
+	for _, f := range pass.Files {
+		// Collect all imports by their import path
+		imports := make(map[string][]*ast.ImportSpec, len(f.Imports))
+		for _, imp := range f.Imports {
+			imports[imp.Path.Value] = append(imports[imp.Path.Value], imp)
+		}
+
+		for path, value := range imports {
+			if path[1:len(path)-1] == "unsafe" {
+				// Don't flag unsafe. Cgo generated code imports
+				// unsafe using the blank identifier, and most
+				// user-written cgo code also imports unsafe
+				// explicitly.
+				continue
+			}
+			// If there's more than one import per path, we flag that
+			if len(value) > 1 {
+				s := fmt.Sprintf("package %s is being imported more than once", path)
+				opts := []report.Option{report.FilterGenerated()}
+				for _, imp := range value[1:] {
+					opts = append(opts, report.Related(imp, fmt.Sprintf("other import of %s", path)))
+				}
+				report.Report(pass, value[0], s, opts...)
 			}
 		}
 	}
@@ -83,7 +118,7 @@ func CheckDotImports(pass *analysis.Pass) (interface{}, error) {
 func CheckBlankImports(pass *analysis.Pass) (interface{}, error) {
 	fset := pass.Fset
 	for _, f := range pass.Files {
-		if IsInMain(pass, f) || IsInTest(pass, f) {
+		if code.IsMainLike(pass) || code.IsInTest(pass, f) {
 			continue
 		}
 
@@ -117,7 +152,7 @@ func CheckBlankImports(pass *analysis.Pass) (interface{}, error) {
 		for i, imp := range f.Imports {
 			pos := fset.Position(imp.Pos())
 
-			if !IsBlank(imp.Name) {
+			if !code.IsBlank(imp.Name) {
 				continue
 			}
 			// Only flag the first blank import in a group of imports,
@@ -126,13 +161,13 @@ func CheckBlankImports(pass *analysis.Pass) (interface{}, error) {
 			if i > 0 {
 				prev := f.Imports[i-1]
 				prevPos := fset.Position(prev.Pos())
-				if pos.Line-1 == prevPos.Line && IsBlank(prev.Name) {
+				if pos.Line-1 == prevPos.Line && code.IsBlank(prev.Name) {
 					continue
 				}
 			}
 
 			if imp.Doc == nil && imp.Comment == nil && !skip[imp] {
-				ReportNodef(pass, imp, "a blank import should be only in a main or test package, or have a comment justifying it")
+				report.Report(pass, imp, "a blank import should be only in a main or test package, or have a comment justifying it")
 			}
 		}
 	}
@@ -152,7 +187,7 @@ func CheckIncDec(pass *analysis.Pass) (interface{}, error) {
 			return
 		}
 		if (len(assign.Lhs) != 1 || len(assign.Rhs) != 1) ||
-			!IsIntLiteral(assign.Rhs[0], "1") {
+			!code.IsIntLiteral(assign.Rhs[0], "1") {
 			return
 		}
 
@@ -164,15 +199,15 @@ func CheckIncDec(pass *analysis.Pass) (interface{}, error) {
 			suffix = "--"
 		}
 
-		ReportNodef(pass, assign, "should replace %s with %s%s", Render(pass, assign), Render(pass, assign.Lhs[0]), suffix)
+		report.Report(pass, assign, fmt.Sprintf("should replace %s with %s%s", report.Render(pass, assign), report.Render(pass, assign.Lhs[0]), suffix))
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.AssignStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.AssignStmt)(nil))
 	return nil, nil
 }
 
 func CheckErrorReturn(pass *analysis.Pass) (interface{}, error) {
 fnLoop:
-	for _, fn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
 		sig := fn.Type().(*types.Signature)
 		rets := sig.Results()
 		if rets == nil || rets.Len() < 2 {
@@ -186,7 +221,7 @@ fnLoop:
 		}
 		for i := rets.Len() - 2; i >= 0; i-- {
 			if rets.At(i).Type() == types.Universe.Lookup("error").Type() {
-				pass.Reportf(rets.At(i).Pos(), "error should be returned as the last argument")
+				report.Report(pass, rets.At(i), "error should be returned as the last argument", report.ShortRange())
 				continue fnLoop
 			}
 		}
@@ -197,23 +232,23 @@ fnLoop:
 // CheckUnexportedReturn checks that exported functions on exported
 // types do not return unexported types.
 func CheckUnexportedReturn(pass *analysis.Pass) (interface{}, error) {
-	for _, fn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
 		if fn.Synthetic != "" || fn.Parent() != nil {
 			continue
 		}
-		if !ast.IsExported(fn.Name()) || IsInMain(pass, fn) || IsInTest(pass, fn) {
+		if !ast.IsExported(fn.Name()) || code.IsMain(pass) || code.IsInTest(pass, fn) {
 			continue
 		}
 		sig := fn.Type().(*types.Signature)
-		if sig.Recv() != nil && !ast.IsExported(Dereference(sig.Recv().Type()).(*types.Named).Obj().Name()) {
+		if sig.Recv() != nil && !ast.IsExported(code.Dereference(sig.Recv().Type()).(*types.Named).Obj().Name()) {
 			continue
 		}
 		res := sig.Results()
 		for i := 0; i < res.Len(); i++ {
-			if named, ok := DereferenceR(res.At(i).Type()).(*types.Named); ok &&
+			if named, ok := code.DereferenceR(res.At(i).Type()).(*types.Named); ok &&
 				!ast.IsExported(named.Obj().Name()) &&
 				named != types.Universe.Lookup("error").Type() {
-				pass.Reportf(fn.Pos(), "should not return unexported type")
+				report.Report(pass, fn, "should not return unexported type")
 			}
 		}
 	}
@@ -221,22 +256,22 @@ func CheckUnexportedReturn(pass *analysis.Pass) (interface{}, error) {
 }
 
 func CheckReceiverNames(pass *analysis.Pass) (interface{}, error) {
-	ssapkg := pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).Pkg
-	for _, m := range ssapkg.Members {
+	irpkg := pass.ResultOf[buildir.Analyzer].(*buildir.IR).Pkg
+	for _, m := range irpkg.Members {
 		if T, ok := m.Object().(*types.TypeName); ok && !T.IsAlias() {
 			ms := typeutil.IntuitiveMethodSet(T.Type(), nil)
 			for _, sel := range ms {
 				fn := sel.Obj().(*types.Func)
 				recv := fn.Type().(*types.Signature).Recv()
-				if Dereference(recv.Type()) != T.Type() {
+				if code.Dereference(recv.Type()) != T.Type() {
 					// skip embedded methods
 					continue
 				}
 				if recv.Name() == "self" || recv.Name() == "this" {
-					ReportfFG(pass, recv.Pos(), `receiver name should be a reflection of its identity; don't use generic names such as "this" or "self"`)
+					report.Report(pass, recv, `receiver name should be a reflection of its identity; don't use generic names such as "this" or "self"`, report.FilterGenerated())
 				}
 				if recv.Name() == "_" {
-					ReportfFG(pass, recv.Pos(), "receiver name should not be an underscore, omit the name if it is unused")
+					report.Report(pass, recv, "receiver name should not be an underscore, omit the name if it is unused", report.FilterGenerated())
 				}
 			}
 		}
@@ -245,8 +280,8 @@ func CheckReceiverNames(pass *analysis.Pass) (interface{}, error) {
 }
 
 func CheckReceiverNamesIdentical(pass *analysis.Pass) (interface{}, error) {
-	ssapkg := pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).Pkg
-	for _, m := range ssapkg.Members {
+	irpkg := pass.ResultOf[buildir.Analyzer].(*buildir.IR).Pkg
+	for _, m := range irpkg.Members {
 		names := map[string]int{}
 
 		var firstFn *types.Func
@@ -255,7 +290,11 @@ func CheckReceiverNamesIdentical(pass *analysis.Pass) (interface{}, error) {
 			for _, sel := range ms {
 				fn := sel.Obj().(*types.Func)
 				recv := fn.Type().(*types.Signature).Recv()
-				if Dereference(recv.Type()) != T.Type() {
+				if code.IsGenerated(pass, recv.Pos()) {
+					// Don't concern ourselves with methods in generated code
+					continue
+				}
+				if code.Dereference(recv.Type()) != T.Type() {
 					// skip embedded methods
 					continue
 				}
@@ -273,8 +312,9 @@ func CheckReceiverNamesIdentical(pass *analysis.Pass) (interface{}, error) {
 			for name, count := range names {
 				seen = append(seen, fmt.Sprintf("%dx %q", count, name))
 			}
+			sort.Strings(seen)
 
-			pass.Reportf(firstFn.Pos(), "methods on the same type should have the same receiver name (seen %s)", strings.Join(seen, ", "))
+			report.Report(pass, firstFn, fmt.Sprintf("methods on the same type should have the same receiver name (seen %s)", strings.Join(seen, ", ")))
 		}
 	}
 	return nil, nil
@@ -284,7 +324,7 @@ func CheckContextFirstArg(pass *analysis.Pass) (interface{}, error) {
 	// TODO(dh): this check doesn't apply to test helpers. Example from the stdlib:
 	// 	func helperCommandContext(t *testing.T, ctx context.Context, s ...string) (cmd *exec.Cmd) {
 fnLoop:
-	for _, fn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
 		if fn.Synthetic != "" || fn.Parent() != nil {
 			continue
 		}
@@ -298,7 +338,7 @@ fnLoop:
 		for i := 1; i < params.Len(); i++ {
 			param := params.At(i)
 			if types.TypeString(param.Type(), nil) == "context.Context" {
-				pass.Reportf(param.Pos(), "context.Context should be the first argument of a function")
+				report.Report(pass, param, "context.Context should be the first argument of a function", report.ShortRange())
 				continue fnLoop
 			}
 		}
@@ -307,20 +347,20 @@ fnLoop:
 }
 
 func CheckErrorStrings(pass *analysis.Pass) (interface{}, error) {
-	objNames := map[*ssa.Package]map[string]bool{}
-	ssapkg := pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).Pkg
-	objNames[ssapkg] = map[string]bool{}
-	for _, m := range ssapkg.Members {
-		if typ, ok := m.(*ssa.Type); ok {
-			objNames[ssapkg][typ.Name()] = true
+	objNames := map[*ir.Package]map[string]bool{}
+	irpkg := pass.ResultOf[buildir.Analyzer].(*buildir.IR).Pkg
+	objNames[irpkg] = map[string]bool{}
+	for _, m := range irpkg.Members {
+		if typ, ok := m.(*ir.Type); ok {
+			objNames[irpkg][typ.Name()] = true
 		}
 	}
-	for _, fn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
 		objNames[fn.Package()][fn.Name()] = true
 	}
 
-	for _, fn := range pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA).SrcFuncs {
-		if IsInTest(pass, fn) {
+	for _, fn := range pass.ResultOf[buildir.Analyzer].(*buildir.IR).SrcFuncs {
+		if code.IsInTest(pass, fn) {
 			// We don't care about malformed error messages in tests;
 			// they're usually for direct human consumption, not part
 			// of an API
@@ -329,15 +369,15 @@ func CheckErrorStrings(pass *analysis.Pass) (interface{}, error) {
 		for _, block := range fn.Blocks {
 		instrLoop:
 			for _, ins := range block.Instrs {
-				call, ok := ins.(*ssa.Call)
+				call, ok := ins.(*ir.Call)
 				if !ok {
 					continue
 				}
-				if !IsCallTo(call.Common(), "errors.New") && !IsCallTo(call.Common(), "fmt.Errorf") {
+				if !code.IsCallToAny(call.Common(), "errors.New", "fmt.Errorf") {
 					continue
 				}
 
-				k, ok := call.Common().Args[0].(*ssa.Const)
+				k, ok := call.Common().Args[0].(*ir.Const)
 				if !ok {
 					continue
 				}
@@ -348,7 +388,7 @@ func CheckErrorStrings(pass *analysis.Pass) (interface{}, error) {
 				}
 				switch s[len(s)-1] {
 				case '.', ':', '!', '\n':
-					pass.Reportf(call.Pos(), "error strings should not end with punctuation or a newline")
+					report.Report(pass, call, "error strings should not end with punctuation or a newline")
 				}
 				idx := strings.IndexByte(s, ' ')
 				if idx == -1 {
@@ -382,7 +422,7 @@ func CheckErrorStrings(pass *analysis.Pass) (interface{}, error) {
 				//
 				// It could still be a proper noun, though.
 
-				pass.Reportf(call.Pos(), "error strings should not be capitalized")
+				report.Report(pass, call, "error strings should not be capitalized")
 			}
 		}
 	}
@@ -397,34 +437,47 @@ func CheckTimeNames(pass *analysis.Pass) (interface{}, error) {
 		"Usec", "Usecs", "Microseconds",
 		"MS", "Ms",
 	}
-	fn := func(T types.Type, names []*ast.Ident) {
-		if !IsType(T, "time.Duration") && !IsType(T, "*time.Duration") {
-			return
-		}
+	fn := func(names []*ast.Ident) {
 		for _, name := range names {
+			if _, ok := pass.TypesInfo.Defs[name]; !ok {
+				continue
+			}
+			T := pass.TypesInfo.TypeOf(name)
+			if !code.IsType(T, "time.Duration") && !code.IsType(T, "*time.Duration") {
+				continue
+			}
 			for _, suffix := range suffixes {
 				if strings.HasSuffix(name.Name, suffix) {
-					ReportNodef(pass, name, "var %s is of type %v; don't use unit-specific suffix %q", name.Name, T, suffix)
+					report.Report(pass, name, fmt.Sprintf("var %s is of type %v; don't use unit-specific suffix %q", name.Name, T, suffix))
 					break
 				}
 			}
 		}
 	}
-	for _, f := range pass.Files {
-		ast.Inspect(f, func(node ast.Node) bool {
-			switch node := node.(type) {
-			case *ast.ValueSpec:
-				T := pass.TypesInfo.TypeOf(node.Type)
-				fn(T, node.Names)
-			case *ast.FieldList:
-				for _, field := range node.List {
-					T := pass.TypesInfo.TypeOf(field.Type)
-					fn(T, field.Names)
+
+	fn2 := func(node ast.Node) {
+		switch node := node.(type) {
+		case *ast.ValueSpec:
+			fn(node.Names)
+		case *ast.FieldList:
+			for _, field := range node.List {
+				fn(field.Names)
+			}
+		case *ast.AssignStmt:
+			if node.Tok != token.DEFINE {
+				break
+			}
+			var names []*ast.Ident
+			for _, lhs := range node.Lhs {
+				if lhs, ok := lhs.(*ast.Ident); ok {
+					names = append(names, lhs)
 				}
 			}
-			return true
-		})
+			fn(names)
+		}
 	}
+
+	code.Preorder(pass, fn2, (*ast.ValueSpec)(nil), (*ast.FieldList)(nil), (*ast.AssignStmt)(nil))
 	return nil, nil
 }
 
@@ -443,16 +496,21 @@ func CheckErrorVarNames(pass *analysis.Pass) (interface{}, error) {
 
 				for i, name := range spec.Names {
 					val := spec.Values[i]
-					if !IsCallToAST(pass, val, "errors.New") && !IsCallToAST(pass, val, "fmt.Errorf") {
+					if !code.IsCallToAnyAST(pass, val, "errors.New", "fmt.Errorf") {
 						continue
 					}
 
+					if pass.Pkg.Path() == "net/http" && strings.HasPrefix(name.Name, "http2err") {
+						// special case for internal variable names of
+						// bundled HTTP 2 code in net/http
+						continue
+					}
 					prefix := "err"
 					if name.IsExported() {
 						prefix = "Err"
 					}
 					if !strings.HasPrefix(name.Name, prefix) {
-						ReportNodef(pass, name, "error var %s should have name of the form %sFoo", name.Name, prefix)
+						report.Report(pass, name, fmt.Sprintf("error var %s should have name of the form %sFoo", name.Name, prefix))
 					}
 				}
 			}
@@ -528,17 +586,11 @@ func CheckHTTPStatusCodes(pass *analysis.Pass) (interface{}, error) {
 	for _, code := range config.For(pass).HTTPStatusCodeWhitelist {
 		whitelist[code] = true
 	}
-	fn := func(node ast.Node) bool {
-		if node == nil {
-			return true
-		}
-		call, ok := node.(*ast.CallExpr)
-		if !ok {
-			return true
-		}
+	fn := func(node ast.Node) {
+		call := node.(*ast.CallExpr)
 
 		var arg int
-		switch CallNameAST(pass, call) {
+		switch code.CallNameAST(pass, call) {
 		case "net/http.Error":
 			arg = 2
 		case "net/http.Redirect":
@@ -548,31 +600,29 @@ func CheckHTTPStatusCodes(pass *analysis.Pass) (interface{}, error) {
 		case "net/http.RedirectHandler":
 			arg = 1
 		default:
-			return true
+			return
 		}
 		lit, ok := call.Args[arg].(*ast.BasicLit)
 		if !ok {
-			return true
+			return
 		}
 		if whitelist[lit.Value] {
-			return true
+			return
 		}
 
 		n, err := strconv.Atoi(lit.Value)
 		if err != nil {
-			return true
+			return
 		}
 		s, ok := httpStatusCodes[n]
 		if !ok {
-			return true
+			return
 		}
-		ReportNodefFG(pass, lit, "should use constant http.%s instead of numeric literal %d", s, n)
-		return true
-	}
-	// OPT(dh): replace with inspector
-	for _, f := range pass.Files {
-		ast.Inspect(f, fn)
+		report.Report(pass, lit, fmt.Sprintf("should use constant http.%s instead of numeric literal %d", s, n),
+			report.FilterGenerated(),
+			report.Fixes(edit.Fix(fmt.Sprintf("use http.%s instead of %d", s, n), edit.ReplaceWithString(pass.Fset, lit, "http."+s))))
 	}
+	code.Preorder(pass, fn, (*ast.CallExpr)(nil))
 	return nil, nil
 }
 
@@ -582,31 +632,29 @@ func CheckDefaultCaseOrder(pass *analysis.Pass) (interface{}, error) {
 		list := stmt.Body.List
 		for i, c := range list {
 			if c.(*ast.CaseClause).List == nil && i != 0 && i != len(list)-1 {
-				ReportNodefFG(pass, c, "default case should be first or last in switch statement")
+				report.Report(pass, c, "default case should be first or last in switch statement", report.FilterGenerated())
 				break
 			}
 		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.SwitchStmt)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.SwitchStmt)(nil))
 	return nil, nil
 }
 
+var (
+	checkYodaConditionsQ = pattern.MustParse(`(BinaryExpr left@(BasicLit _ _) tok@(Or "==" "!=") right@(Not (BasicLit _ _)))`)
+	checkYodaConditionsR = pattern.MustParse(`(BinaryExpr right tok left)`)
+)
+
 func CheckYodaConditions(pass *analysis.Pass) (interface{}, error) {
 	fn := func(node ast.Node) {
-		cond := node.(*ast.BinaryExpr)
-		if cond.Op != token.EQL && cond.Op != token.NEQ {
-			return
+		if _, edits, ok := MatchAndEdit(pass, checkYodaConditionsQ, checkYodaConditionsR, node); ok {
+			report.Report(pass, node, "don't use Yoda conditions",
+				report.FilterGenerated(),
+				report.Fixes(edit.Fix("un-Yoda-fy", edits...)))
 		}
-		if _, ok := cond.X.(*ast.BasicLit); !ok {
-			return
-		}
-		if _, ok := cond.Y.(*ast.BasicLit); ok {
-			// Don't flag lit == lit conditions, just in case
-			return
-		}
-		ReportNodefFG(pass, cond, "don't use Yoda conditions")
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.BinaryExpr)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.BinaryExpr)(nil))
 	return nil, nil
 }
 
@@ -616,14 +664,251 @@ func CheckInvisibleCharacters(pass *analysis.Pass) (interface{}, error) {
 		if lit.Kind != token.STRING {
 			return
 		}
-		for _, r := range lit.Value {
+
+		type invalid struct {
+			r   rune
+			off int
+		}
+		var invalids []invalid
+		hasFormat := false
+		hasControl := false
+		for off, r := range lit.Value {
 			if unicode.Is(unicode.Cf, r) {
-				ReportNodef(pass, lit, "string literal contains the Unicode format character %U, consider using the %q escape sequence", r, r)
+				invalids = append(invalids, invalid{r, off})
+				hasFormat = true
 			} else if unicode.Is(unicode.Cc, r) && r != '\n' && r != '\t' && r != '\r' {
-				ReportNodef(pass, lit, "string literal contains the Unicode control character %U, consider using the %q escape sequence", r, r)
+				invalids = append(invalids, invalid{r, off})
+				hasControl = true
 			}
 		}
+
+		switch len(invalids) {
+		case 0:
+			return
+		case 1:
+			var kind string
+			if hasFormat {
+				kind = "format"
+			} else if hasControl {
+				kind = "control"
+			} else {
+				panic("unreachable")
+			}
+
+			r := invalids[0]
+			msg := fmt.Sprintf("string literal contains the Unicode %s character %U, consider using the %q escape sequence instead", kind, r.r, r.r)
+
+			replacement := strconv.QuoteRune(r.r)
+			replacement = replacement[1 : len(replacement)-1]
+			edit := analysis.SuggestedFix{
+				Message: fmt.Sprintf("replace %s character %U with %q", kind, r.r, r.r),
+				TextEdits: []analysis.TextEdit{{
+					Pos:     lit.Pos() + token.Pos(r.off),
+					End:     lit.Pos() + token.Pos(r.off) + token.Pos(utf8.RuneLen(r.r)),
+					NewText: []byte(replacement),
+				}},
+			}
+			delete := analysis.SuggestedFix{
+				Message: fmt.Sprintf("delete %s character %U", kind, r),
+				TextEdits: []analysis.TextEdit{{
+					Pos: lit.Pos() + token.Pos(r.off),
+					End: lit.Pos() + token.Pos(r.off) + token.Pos(utf8.RuneLen(r.r)),
+				}},
+			}
+			report.Report(pass, lit, msg, report.Fixes(edit, delete))
+		default:
+			var kind string
+			if hasFormat && hasControl {
+				kind = "format and control"
+			} else if hasFormat {
+				kind = "format"
+			} else if hasControl {
+				kind = "control"
+			} else {
+				panic("unreachable")
+			}
+
+			msg := fmt.Sprintf("string literal contains Unicode %s characters, consider using escape sequences instead", kind)
+			var edits []analysis.TextEdit
+			var deletions []analysis.TextEdit
+			for _, r := range invalids {
+				replacement := strconv.QuoteRune(r.r)
+				replacement = replacement[1 : len(replacement)-1]
+				edits = append(edits, analysis.TextEdit{
+					Pos:     lit.Pos() + token.Pos(r.off),
+					End:     lit.Pos() + token.Pos(r.off) + token.Pos(utf8.RuneLen(r.r)),
+					NewText: []byte(replacement),
+				})
+				deletions = append(deletions, analysis.TextEdit{
+					Pos: lit.Pos() + token.Pos(r.off),
+					End: lit.Pos() + token.Pos(r.off) + token.Pos(utf8.RuneLen(r.r)),
+				})
+			}
+			edit := analysis.SuggestedFix{
+				Message:   fmt.Sprintf("replace all %s characters with escape sequences", kind),
+				TextEdits: edits,
+			}
+			delete := analysis.SuggestedFix{
+				Message:   fmt.Sprintf("delete all %s characters", kind),
+				TextEdits: deletions,
+			}
+			report.Report(pass, lit, msg, report.Fixes(edit, delete))
+		}
 	}
-	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Preorder([]ast.Node{(*ast.BasicLit)(nil)}, fn)
+	code.Preorder(pass, fn, (*ast.BasicLit)(nil))
+	return nil, nil
+}
+
+func CheckExportedFunctionDocs(pass *analysis.Pass) (interface{}, error) {
+	fn := func(node ast.Node) {
+		if code.IsInTest(pass, node) {
+			return
+		}
+
+		decl := node.(*ast.FuncDecl)
+		if decl.Doc == nil {
+			return
+		}
+		if !ast.IsExported(decl.Name.Name) {
+			return
+		}
+		kind := "function"
+		if decl.Recv != nil {
+			kind = "method"
+			switch T := decl.Recv.List[0].Type.(type) {
+			case *ast.StarExpr:
+				if !ast.IsExported(T.X.(*ast.Ident).Name) {
+					return
+				}
+			case *ast.Ident:
+				if !ast.IsExported(T.Name) {
+					return
+				}
+			default:
+				ExhaustiveTypeSwitch(T)
+			}
+		}
+		prefix := decl.Name.Name + " "
+		if !strings.HasPrefix(decl.Doc.Text(), prefix) {
+			report.Report(pass, decl.Doc, fmt.Sprintf(`comment on exported %s %s should be of the form "%s..."`, kind, decl.Name.Name, prefix), report.FilterGenerated())
+		}
+	}
+
+	code.Preorder(pass, fn, (*ast.FuncDecl)(nil))
+	return nil, nil
+}
+
+func CheckExportedTypeDocs(pass *analysis.Pass) (interface{}, error) {
+	var genDecl *ast.GenDecl
+	fn := func(node ast.Node, push bool) bool {
+		if !push {
+			genDecl = nil
+			return false
+		}
+		if code.IsInTest(pass, node) {
+			return false
+		}
+
+		switch node := node.(type) {
+		case *ast.GenDecl:
+			if node.Tok == token.IMPORT {
+				return false
+			}
+			genDecl = node
+			return true
+		case *ast.TypeSpec:
+			if !ast.IsExported(node.Name.Name) {
+				return false
+			}
+
+			doc := node.Doc
+			if doc == nil {
+				if len(genDecl.Specs) != 1 {
+					// more than one spec in the GenDecl, don't validate the
+					// docstring
+					return false
+				}
+				if genDecl.Lparen.IsValid() {
+					// 'type ( T )' is weird, don't guess the user's intention
+					return false
+				}
+				doc = genDecl.Doc
+				if doc == nil {
+					return false
+				}
+			}
+
+			s := doc.Text()
+			articles := [...]string{"A", "An", "The"}
+			for _, a := range articles {
+				if strings.HasPrefix(s, a+" ") {
+					s = s[len(a)+1:]
+					break
+				}
+			}
+			if !strings.HasPrefix(s, node.Name.Name+" ") {
+				report.Report(pass, doc, fmt.Sprintf(`comment on exported type %s should be of the form "%s ..." (with optional leading article)`, node.Name.Name, node.Name.Name), report.FilterGenerated())
+			}
+			return false
+		case *ast.FuncLit, *ast.FuncDecl:
+			return false
+		default:
+			ExhaustiveTypeSwitch(node)
+			return false
+		}
+	}
+
+	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Nodes([]ast.Node{(*ast.GenDecl)(nil), (*ast.TypeSpec)(nil), (*ast.FuncLit)(nil), (*ast.FuncDecl)(nil)}, fn)
+	return nil, nil
+}
+
+func CheckExportedVarDocs(pass *analysis.Pass) (interface{}, error) {
+	var genDecl *ast.GenDecl
+	fn := func(node ast.Node, push bool) bool {
+		if !push {
+			genDecl = nil
+			return false
+		}
+		if code.IsInTest(pass, node) {
+			return false
+		}
+
+		switch node := node.(type) {
+		case *ast.GenDecl:
+			if node.Tok == token.IMPORT {
+				return false
+			}
+			genDecl = node
+			return true
+		case *ast.ValueSpec:
+			if genDecl.Lparen.IsValid() || len(node.Names) > 1 {
+				// Don't try to guess the user's intention
+				return false
+			}
+			name := node.Names[0].Name
+			if !ast.IsExported(name) {
+				return false
+			}
+			if genDecl.Doc == nil {
+				return false
+			}
+			prefix := name + " "
+			if !strings.HasPrefix(genDecl.Doc.Text(), prefix) {
+				kind := "var"
+				if genDecl.Tok == token.CONST {
+					kind = "const"
+				}
+				report.Report(pass, genDecl.Doc, fmt.Sprintf(`comment on exported %s %s should be of the form "%s..."`, kind, name, prefix), report.FilterGenerated())
+			}
+			return false
+		case *ast.FuncLit, *ast.FuncDecl:
+			return false
+		default:
+			ExhaustiveTypeSwitch(node)
+			return false
+		}
+	}
+
+	pass.ResultOf[inspect.Analyzer].(*inspector.Inspector).Nodes([]ast.Node{(*ast.GenDecl)(nil), (*ast.ValueSpec)(nil), (*ast.FuncLit)(nil), (*ast.FuncDecl)(nil)}, fn)
 	return nil, nil
 }
diff --git a/vendor/honnef.co/go/tools/stylecheck/names.go b/vendor/honnef.co/go/tools/stylecheck/names.go
index 160f9d7f..ffc689e9 100644
--- a/vendor/honnef.co/go/tools/stylecheck/names.go
+++ b/vendor/honnef.co/go/tools/stylecheck/names.go
@@ -4,14 +4,16 @@
 package stylecheck
 
 import (
+	"fmt"
 	"go/ast"
 	"go/token"
 	"strings"
 	"unicode"
 
 	"golang.org/x/tools/go/analysis"
+	"honnef.co/go/tools/code"
 	"honnef.co/go/tools/config"
-	. "honnef.co/go/tools/lint/lintdsl"
+	"honnef.co/go/tools/report"
 )
 
 // knownNameExceptions is a set of names that are known to be exempt from naming checks.
@@ -46,7 +48,7 @@ func CheckNames(pass *analysis.Pass) (interface{}, error) {
 
 		// Handle two common styles from other languages that don't belong in Go.
 		if len(id.Name) >= 5 && allCaps(id.Name) && strings.Contains(id.Name, "_") {
-			ReportfFG(pass, id.Pos(), "should not use ALL_CAPS in Go names; use CamelCase instead")
+			report.Report(pass, id, "should not use ALL_CAPS in Go names; use CamelCase instead", report.FilterGenerated())
 			return
 		}
 
@@ -56,10 +58,10 @@ func CheckNames(pass *analysis.Pass) (interface{}, error) {
 		}
 
 		if len(id.Name) > 2 && strings.Contains(id.Name[1:len(id.Name)-1], "_") {
-			ReportfFG(pass, id.Pos(), "should not use underscores in Go names; %s %s should be %s", thing, id.Name, should)
+			report.Report(pass, id, fmt.Sprintf("should not use underscores in Go names; %s %s should be %s", thing, id.Name, should), report.FilterGenerated())
 			return
 		}
-		ReportfFG(pass, id.Pos(), "%s %s should be %s", thing, id.Name, should)
+		report.Report(pass, id, fmt.Sprintf("%s %s should be %s", thing, id.Name, should), report.FilterGenerated())
 	}
 	checkList := func(fl *ast.FieldList, thing string, initialisms map[string]bool) {
 		if fl == nil {
@@ -80,101 +82,111 @@ func CheckNames(pass *analysis.Pass) (interface{}, error) {
 	for _, f := range pass.Files {
 		// Package names need slightly different handling than other names.
 		if !strings.HasSuffix(f.Name.Name, "_test") && strings.Contains(f.Name.Name, "_") {
-			ReportfFG(pass, f.Pos(), "should not use underscores in package names")
+			report.Report(pass, f, "should not use underscores in package names", report.FilterGenerated())
 		}
 		if strings.IndexFunc(f.Name.Name, unicode.IsUpper) != -1 {
-			ReportfFG(pass, f.Pos(), "should not use MixedCaps in package name; %s should be %s", f.Name.Name, strings.ToLower(f.Name.Name))
+			report.Report(pass, f, fmt.Sprintf("should not use MixedCaps in package name; %s should be %s", f.Name.Name, strings.ToLower(f.Name.Name)), report.FilterGenerated())
 		}
+	}
 
-		ast.Inspect(f, func(node ast.Node) bool {
-			switch v := node.(type) {
-			case *ast.AssignStmt:
-				if v.Tok != token.DEFINE {
-					return true
-				}
-				for _, exp := range v.Lhs {
-					if id, ok := exp.(*ast.Ident); ok {
-						check(id, "var", initialisms)
-					}
-				}
-			case *ast.FuncDecl:
-				// Functions with no body are defined elsewhere (in
-				// assembly, or via go:linkname). These are likely to
-				// be something very low level (such as the runtime),
-				// where our rules don't apply.
-				if v.Body == nil {
-					return true
+	fn := func(node ast.Node) {
+		switch v := node.(type) {
+		case *ast.AssignStmt:
+			if v.Tok != token.DEFINE {
+				return
+			}
+			for _, exp := range v.Lhs {
+				if id, ok := exp.(*ast.Ident); ok {
+					check(id, "var", initialisms)
 				}
+			}
+		case *ast.FuncDecl:
+			// Functions with no body are defined elsewhere (in
+			// assembly, or via go:linkname). These are likely to
+			// be something very low level (such as the runtime),
+			// where our rules don't apply.
+			if v.Body == nil {
+				return
+			}
 
-				if IsInTest(pass, v) && (strings.HasPrefix(v.Name.Name, "Example") || strings.HasPrefix(v.Name.Name, "Test") || strings.HasPrefix(v.Name.Name, "Benchmark")) {
-					return true
-				}
+			if code.IsInTest(pass, v) && (strings.HasPrefix(v.Name.Name, "Example") || strings.HasPrefix(v.Name.Name, "Test") || strings.HasPrefix(v.Name.Name, "Benchmark")) {
+				return
+			}
 
-				thing := "func"
-				if v.Recv != nil {
-					thing = "method"
-				}
+			thing := "func"
+			if v.Recv != nil {
+				thing = "method"
+			}
 
-				if !isTechnicallyExported(v) {
-					check(v.Name, thing, initialisms)
-				}
+			if !isTechnicallyExported(v) {
+				check(v.Name, thing, initialisms)
+			}
 
-				checkList(v.Type.Params, thing+" parameter", initialisms)
-				checkList(v.Type.Results, thing+" result", initialisms)
-			case *ast.GenDecl:
-				if v.Tok == token.IMPORT {
-					return true
-				}
-				var thing string
-				switch v.Tok {
-				case token.CONST:
-					thing = "const"
-				case token.TYPE:
-					thing = "type"
-				case token.VAR:
-					thing = "var"
-				}
-				for _, spec := range v.Specs {
-					switch s := spec.(type) {
-					case *ast.TypeSpec:
-						check(s.Name, thing, initialisms)
-					case *ast.ValueSpec:
-						for _, id := range s.Names {
-							check(id, thing, initialisms)
-						}
-					}
-				}
-			case *ast.InterfaceType:
-				// Do not check interface method names.
-				// They are often constrainted by the method names of concrete types.
-				for _, x := range v.Methods.List {
-					ft, ok := x.Type.(*ast.FuncType)
-					if !ok { // might be an embedded interface name
-						continue
-					}
-					checkList(ft.Params, "interface method parameter", initialisms)
-					checkList(ft.Results, "interface method result", initialisms)
-				}
-			case *ast.RangeStmt:
-				if v.Tok == token.ASSIGN {
-					return true
-				}
-				if id, ok := v.Key.(*ast.Ident); ok {
-					check(id, "range var", initialisms)
-				}
-				if id, ok := v.Value.(*ast.Ident); ok {
-					check(id, "range var", initialisms)
-				}
-			case *ast.StructType:
-				for _, f := range v.Fields.List {
-					for _, id := range f.Names {
-						check(id, "struct field", initialisms)
+			checkList(v.Type.Params, thing+" parameter", initialisms)
+			checkList(v.Type.Results, thing+" result", initialisms)
+		case *ast.GenDecl:
+			if v.Tok == token.IMPORT {
+				return
+			}
+			var thing string
+			switch v.Tok {
+			case token.CONST:
+				thing = "const"
+			case token.TYPE:
+				thing = "type"
+			case token.VAR:
+				thing = "var"
+			}
+			for _, spec := range v.Specs {
+				switch s := spec.(type) {
+				case *ast.TypeSpec:
+					check(s.Name, thing, initialisms)
+				case *ast.ValueSpec:
+					for _, id := range s.Names {
+						check(id, thing, initialisms)
 					}
 				}
 			}
-			return true
-		})
+		case *ast.InterfaceType:
+			// Do not check interface method names.
+			// They are often constrained by the method names of concrete types.
+			for _, x := range v.Methods.List {
+				ft, ok := x.Type.(*ast.FuncType)
+				if !ok { // might be an embedded interface name
+					continue
+				}
+				checkList(ft.Params, "interface method parameter", initialisms)
+				checkList(ft.Results, "interface method result", initialisms)
+			}
+		case *ast.RangeStmt:
+			if v.Tok == token.ASSIGN {
+				return
+			}
+			if id, ok := v.Key.(*ast.Ident); ok {
+				check(id, "range var", initialisms)
+			}
+			if id, ok := v.Value.(*ast.Ident); ok {
+				check(id, "range var", initialisms)
+			}
+		case *ast.StructType:
+			for _, f := range v.Fields.List {
+				for _, id := range f.Names {
+					check(id, "struct field", initialisms)
+				}
+			}
+		}
 	}
+
+	needle := []ast.Node{
+		(*ast.AssignStmt)(nil),
+		(*ast.FuncDecl)(nil),
+		(*ast.GenDecl)(nil),
+		(*ast.InterfaceType)(nil),
+		(*ast.RangeStmt)(nil),
+		(*ast.StructType)(nil),
+	}
+
+	code.Preorder(pass, fn, needle...)
 	return nil, nil
 }
 
diff --git a/vendor/honnef.co/go/tools/unused/unused.go b/vendor/honnef.co/go/tools/unused/unused.go
index 152d3692..0df5fc8f 100644
--- a/vendor/honnef.co/go/tools/unused/unused.go
+++ b/vendor/honnef.co/go/tools/unused/unused.go
@@ -11,11 +11,11 @@ import (
 	"sync/atomic"
 
 	"golang.org/x/tools/go/analysis"
+	"honnef.co/go/tools/code"
 	"honnef.co/go/tools/go/types/typeutil"
-	"honnef.co/go/tools/internal/passes/buildssa"
+	"honnef.co/go/tools/internal/passes/buildir"
+	"honnef.co/go/tools/ir"
 	"honnef.co/go/tools/lint"
-	"honnef.co/go/tools/lint/lintdsl"
-	"honnef.co/go/tools/ssa"
 )
 
 // The graph we construct omits nodes along a path that do not
@@ -103,7 +103,7 @@ import (
     from method to type.
 
   - (8.3) All interface methods are marked as used, even if they never get
-    called. This is to accomodate sum types (unexported interface
+    called. This is to accommodate sum types (unexported interface
     method that must exist but never gets called.)
 
   - (8.4) All embedded interfaces are marked as used. This is an
@@ -419,8 +419,8 @@ type pkg struct {
 	Pkg        *types.Package
 	TypesInfo  *types.Info
 	TypesSizes types.Sizes
-	SSA        *ssa.Package
-	SrcFuncs   []*ssa.Function
+	IR         *ir.Package
+	SrcFuncs   []*ir.Function
 }
 
 type Checker struct {
@@ -450,7 +450,7 @@ func (c *Checker) Analyzer() *analysis.Analyzer {
 		Name:     name,
 		Doc:      "Unused code",
 		Run:      c.Run,
-		Requires: []*analysis.Analyzer{buildssa.Analyzer},
+		Requires: []*analysis.Analyzer{buildir.Analyzer},
 	}
 }
 
@@ -477,15 +477,15 @@ func (c *Checker) Run(pass *analysis.Pass) (interface{}, error) {
 	c.initialPackages[pass.Pkg] = struct{}{}
 	c.mu.Unlock()
 
-	ssapkg := pass.ResultOf[buildssa.Analyzer].(*buildssa.SSA)
+	irpkg := pass.ResultOf[buildir.Analyzer].(*buildir.IR)
 	pkg := &pkg{
 		Fset:       pass.Fset,
 		Files:      pass.Files,
 		Pkg:        pass.Pkg,
 		TypesInfo:  pass.TypesInfo,
 		TypesSizes: pass.TypesSizes,
-		SSA:        ssapkg.Pkg,
-		SrcFuncs:   ssapkg.SrcFuncs,
+		IR:         irpkg.Pkg,
+		SrcFuncs:   irpkg.SrcFuncs,
 	}
 
 	c.processPkg(c.graph, pkg)
@@ -638,10 +638,9 @@ func (c *Checker) results() []types.Object {
 
 		c.debugf("digraph{\n")
 		debugNode(c.graph.Root)
-		c.graph.Nodes.Range(func(k, v interface{}) bool {
-			debugNode(v.(*Node))
-			return true
-		})
+		for _, v := range c.graph.Nodes {
+			debugNode(v)
+		}
 		c.graph.TypeNodes.Iterate(func(key types.Type, value interface{}) {
 			debugNode(value.(*Node))
 		})
@@ -655,10 +654,9 @@ func (c *Checker) results() []types.Object {
 	// don't flag its receiver. if a named type is unused, don't
 	// flag its methods.
 
-	c.graph.Nodes.Range(func(k, v interface{}) bool {
-		c.graph.quieten(v.(*Node))
-		return true
-	})
+	for _, v := range c.graph.Nodes {
+		c.graph.quieten(v)
+	}
 	c.graph.TypeNodes.Iterate(func(_ types.Type, value interface{}) {
 		c.graph.quieten(value.(*Node))
 	})
@@ -688,10 +686,9 @@ func (c *Checker) results() []types.Object {
 		}
 		c.debugf("n%d [color=gray];\n", node.id)
 	}
-	c.graph.Nodes.Range(func(k, v interface{}) bool {
-		report(v.(*Node))
-		return true
-	})
+	for _, v := range c.graph.Nodes {
+		report(v)
+	}
 	c.graph.TypeNodes.Iterate(func(_ types.Type, value interface{}) {
 		report(value.(*Node))
 	})
@@ -779,8 +776,6 @@ type Graph struct {
 	fset      *token.FileSet
 	Root      *Node
 	seenTypes typeutil.Map
-	Nodes     sync.Map // map[interface{}]*Node
-	objNodes  sync.Map // map[objNodeKey]*Node
 
 	// read-only
 	wholeProgram bool
@@ -788,6 +783,8 @@ type Graph struct {
 	// need synchronisation
 	mu        sync.Mutex
 	TypeNodes typeutil.Map
+	Nodes     map[interface{}]*Node
+	objNodes  map[objNodeKey]*Node
 }
 
 type context struct {
@@ -796,13 +793,13 @@ type context struct {
 	seenFns     map[string]struct{}
 	seenTypes   *typeutil.Map
 	nodeCounter uint64
-
-	// local cache for the map in Graph
-	typeNodes typeutil.Map
 }
 
 func NewGraph() *Graph {
-	g := &Graph{}
+	g := &Graph{
+		Nodes:    map[interface{}]*Node{},
+		objNodes: map[objNodeKey]*Node{},
+	}
 	g.Root = g.newNode(&context{}, nil)
 	return g
 }
@@ -844,49 +841,48 @@ type Node struct {
 }
 
 func (g *Graph) nodeMaybe(obj types.Object) (*Node, bool) {
-	if node, ok := g.Nodes.Load(obj); ok {
-		return node.(*Node), true
+	g.mu.Lock()
+	defer g.mu.Unlock()
+	if node, ok := g.Nodes[obj]; ok {
+		return node, true
 	}
 	return nil, false
 }
 
 func (g *Graph) node(ctx *context, obj interface{}) (node *Node, new bool) {
-	if t, ok := obj.(types.Type); ok {
-		if v := ctx.typeNodes.At(t); v != nil {
+	g.mu.Lock()
+	defer g.mu.Unlock()
+	switch obj := obj.(type) {
+	case types.Type:
+		if v := g.TypeNodes.At(obj); v != nil {
 			return v.(*Node), false
 		}
-		g.mu.Lock()
-		defer g.mu.Unlock()
-
-		if v := g.TypeNodes.At(t); v != nil {
-			return v.(*Node), false
-		}
-		node := g.newNode(ctx, t)
-		g.TypeNodes.Set(t, node)
-		ctx.typeNodes.Set(t, node)
+		node := g.newNode(ctx, obj)
+		g.TypeNodes.Set(obj, node)
 		return node, true
-	}
+	case types.Object:
+		if node, ok := g.Nodes[obj]; ok {
+			return node, false
+		}
 
-	if node, ok := g.Nodes.Load(obj); ok {
-		return node.(*Node), false
-	}
-
-	if obj, ok := obj.(types.Object); ok {
 		key := objNodeKeyFor(g.fset, obj)
-		if o, ok := g.objNodes.Load(key); ok {
-			onode := o.(*Node)
+		if onode, ok := g.objNodes[key]; ok {
 			return onode, false
 		}
 
 		node = g.newNode(ctx, obj)
-		g.Nodes.Store(obj, node)
-		g.objNodes.Store(key, node)
+		g.Nodes[obj] = node
+		g.objNodes[key] = node
+		return node, true
+	default:
+		if node, ok := g.Nodes[obj]; ok {
+			return node, false
+		}
+
+		node = g.newNode(ctx, obj)
+		g.Nodes[obj] = node
 		return node, true
 	}
-
-	node = g.newNode(ctx, obj)
-	g.Nodes.Store(obj, node)
-	return node, true
 }
 
 func (g *Graph) newNode(ctx *context, obj interface{}) *Node {
@@ -1067,7 +1063,7 @@ func (g *Graph) entry(pkg *pkg) {
 		ctx.seenTypes = &typeutil.Map{}
 	}
 
-	scopes := map[*types.Scope]*ssa.Function{}
+	scopes := map[*types.Scope]*ir.Function{}
 	for _, fn := range pkg.SrcFuncs {
 		if fn.Object() != nil {
 			scope := fn.Object().(*types.Func).Scope()
@@ -1087,12 +1083,12 @@ func (g *Graph) entry(pkg *pkg) {
 					// (1.8) packages use symbols linked via go:linkname
 					fields := strings.Fields(c.Text)
 					if len(fields) == 3 {
-						if m, ok := pkg.SSA.Members[fields[1]]; ok {
+						if m, ok := pkg.IR.Members[fields[1]]; ok {
 							var obj types.Object
 							switch m := m.(type) {
-							case *ssa.Global:
+							case *ir.Global:
 								obj = m.Object()
-							case *ssa.Function:
+							case *ir.Function:
 								obj = m.Object()
 							default:
 								panic(fmt.Sprintf("unhandled type: %T", m))
@@ -1106,7 +1102,7 @@ func (g *Graph) entry(pkg *pkg) {
 		}
 	}
 
-	surroundingFunc := func(obj types.Object) *ssa.Function {
+	surroundingFunc := func(obj types.Object) *ir.Function {
 		scope := obj.Parent()
 		for scope != nil {
 			if fn := scopes[scope]; fn != nil {
@@ -1117,10 +1113,10 @@ func (g *Graph) entry(pkg *pkg) {
 		return nil
 	}
 
-	// SSA form won't tell us about locally scoped types that aren't
+	// IR form won't tell us about locally scoped types that aren't
 	// being used. Walk the list of Defs to get all named types.
 	//
-	// SSA form also won't tell us about constants; use Defs and Uses
+	// IR form also won't tell us about constants; use Defs and Uses
 	// to determine which constants exist and which are being used.
 	for _, obj := range pkg.TypesInfo.Defs {
 		switch obj := obj.(type) {
@@ -1143,7 +1139,7 @@ func (g *Graph) entry(pkg *pkg) {
 		if fn.Object() != nil {
 			ctx.see(fn.Object())
 		}
-		node := fn.Syntax()
+		node := fn.Source()
 		if node == nil {
 			continue
 		}
@@ -1221,7 +1217,7 @@ func (g *Graph) entry(pkg *pkg) {
 			case *ast.GenDecl:
 				switch n.Tok {
 				case token.CONST:
-					groups := lintdsl.GroupSpecs(pkg.Fset, n.Specs)
+					groups := code.GroupSpecs(pkg.Fset, n.Specs)
 					for _, specs := range groups {
 						if len(specs) > 1 {
 							cg := &ConstGroup{}
@@ -1293,11 +1289,11 @@ func (g *Graph) entry(pkg *pkg) {
 		})
 	}
 
-	for _, m := range pkg.SSA.Members {
+	for _, m := range pkg.IR.Members {
 		switch m := m.(type) {
-		case *ssa.NamedConst:
+		case *ir.NamedConst:
 			// nothing to do, we collect all constants from Defs
-		case *ssa.Global:
+		case *ir.Global:
 			if m.Object() != nil {
 				ctx.see(m.Object())
 				if g.trackExportedIdentifier(ctx, m.Object()) {
@@ -1305,7 +1301,7 @@ func (g *Graph) entry(pkg *pkg) {
 					ctx.use(m.Object(), nil, edgeExportedVariable)
 				}
 			}
-		case *ssa.Function:
+		case *ir.Function:
 			mObj := owningObject(m)
 			if mObj != nil {
 				ctx.see(mObj)
@@ -1331,8 +1327,8 @@ func (g *Graph) entry(pkg *pkg) {
 				// (9.8) runtime functions that may be called from user code via the compiler
 				ctx.use(mObj, nil, edgeRuntimeFunction)
 			}
-			if m.Syntax() != nil {
-				doc := m.Syntax().(*ast.FuncDecl).Doc
+			if m.Source() != nil {
+				doc := m.Source().(*ast.FuncDecl).Doc
 				if doc != nil {
 					for _, cmt := range doc.List {
 						if strings.HasPrefix(cmt.Text, "//go:cgo_export_") {
@@ -1343,7 +1339,7 @@ func (g *Graph) entry(pkg *pkg) {
 				}
 			}
 			g.function(ctx, m)
-		case *ssa.Type:
+		case *ir.Type:
 			if m.Object() != nil {
 				ctx.see(m.Object())
 				if g.trackExportedIdentifier(ctx, m.Object()) {
@@ -1383,7 +1379,7 @@ func (g *Graph) entry(pkg *pkg) {
 
 		// (8.0) handle interfaces
 		for _, t := range notIfaces {
-			ms := pkg.SSA.Prog.MethodSets.MethodSet(t)
+			ms := pkg.IR.Prog.MethodSets.MethodSet(t)
 			for _, iface := range ifaces {
 				if sels, ok := g.implements(t, iface, ms); ok {
 					for _, sel := range sels {
@@ -1400,19 +1396,19 @@ func (g *Graph) useMethod(ctx *context, t types.Type, sel *types.Selection, by i
 	path := sel.Index()
 	assert(obj != nil)
 	if len(path) > 1 {
-		base := lintdsl.Dereference(t).Underlying().(*types.Struct)
+		base := code.Dereference(t).Underlying().(*types.Struct)
 		for _, idx := range path[:len(path)-1] {
 			next := base.Field(idx)
 			// (6.3) structs use embedded fields that help implement interfaces
 			ctx.see(base)
 			ctx.seeAndUse(next, base, edgeProvidesMethod)
-			base, _ = lintdsl.Dereference(next.Type()).Underlying().(*types.Struct)
+			base, _ = code.Dereference(next.Type()).Underlying().(*types.Struct)
 		}
 	}
 	ctx.seeAndUse(obj, by, kind)
 }
 
-func owningObject(fn *ssa.Function) types.Object {
+func owningObject(fn *ir.Function) types.Object {
 	if fn.Object() != nil {
 		return fn.Object()
 	}
@@ -1422,8 +1418,8 @@ func owningObject(fn *ssa.Function) types.Object {
 	return nil
 }
 
-func (g *Graph) function(ctx *context, fn *ssa.Function) {
-	if fn.Package() != nil && fn.Package() != ctx.pkg.SSA {
+func (g *Graph) function(ctx *context, fn *ir.Function) {
+	if fn.Package() != nil && fn.Package() != ctx.pkg.IR {
 		return
 	}
 
@@ -1503,7 +1499,7 @@ func (g *Graph) typ(ctx *context, t types.Type, parent types.Type) {
 						// the pointer type to get the full method set
 						T = types.NewPointer(T)
 					}
-					ms := ctx.pkg.SSA.Prog.MethodSets.MethodSet(T)
+					ms := ctx.pkg.IR.Prog.MethodSets.MethodSet(T)
 					for j := 0; j < ms.Len(); j++ {
 						if ms.At(j).Obj().Exported() {
 							// (6.4) structs use embedded fields that have exported methods (recursively)
@@ -1516,7 +1512,7 @@ func (g *Graph) typ(ctx *context, t types.Type, parent types.Type) {
 				seen := map[*types.Struct]struct{}{}
 				var hasExportedField func(t types.Type) bool
 				hasExportedField = func(T types.Type) bool {
-					t, ok := lintdsl.Dereference(T).Underlying().(*types.Struct)
+					t, ok := code.Dereference(T).Underlying().(*types.Struct)
 					if !ok {
 						return false
 					}
@@ -1565,7 +1561,7 @@ func (g *Graph) typ(ctx *context, t types.Type, parent types.Type) {
 				// (2.1) named types use exported methods
 				ctx.use(t.Method(i), t, edgeExportedMethod)
 			}
-			g.function(ctx, ctx.pkg.SSA.Prog.FuncValue(t.Method(i)))
+			g.function(ctx, ctx.pkg.IR.Prog.FuncValue(t.Method(i)))
 		}
 
 		g.typ(ctx, t.Underlying(), t)
@@ -1646,22 +1642,22 @@ func (g *Graph) signature(ctx *context, sig *types.Signature, fn types.Object) {
 	}
 }
 
-func (g *Graph) instructions(ctx *context, fn *ssa.Function) {
+func (g *Graph) instructions(ctx *context, fn *ir.Function) {
 	fnObj := owningObject(fn)
 	for _, b := range fn.Blocks {
 		for _, instr := range b.Instrs {
 			ops := instr.Operands(nil)
 			switch instr.(type) {
-			case *ssa.Store:
+			case *ir.Store:
 				// (9.7) variable _reads_ use variables, writes do not
 				ops = ops[1:]
-			case *ssa.DebugRef:
+			case *ir.DebugRef:
 				ops = nil
 			}
 			for _, arg := range ops {
-				walkPhi(*arg, func(v ssa.Value) {
+				walkPhi(*arg, func(v ir.Value) {
 					switch v := v.(type) {
-					case *ssa.Function:
+					case *ir.Function:
 						// (4.3) functions use closures and bound methods.
 						// (4.5) functions use functions they call
 						// (9.5) instructions use their operands
@@ -1670,11 +1666,11 @@ func (g *Graph) instructions(ctx *context, fn *ssa.Function) {
 							ctx.seeAndUse(owningObject(v), fnObj, edgeInstructionOperand)
 						}
 						g.function(ctx, v)
-					case *ssa.Const:
+					case *ir.Const:
 						// (9.6) instructions use their operands' types
 						ctx.seeAndUse(v.Type(), fnObj, edgeType)
 						g.typ(ctx, v.Type(), nil)
-					case *ssa.Global:
+					case *ir.Global:
 						if v.Object() != nil {
 							// (9.5) instructions use their operands
 							ctx.seeAndUse(v.Object(), fnObj, edgeInstructionOperand)
@@ -1682,8 +1678,8 @@ func (g *Graph) instructions(ctx *context, fn *ssa.Function) {
 					}
 				})
 			}
-			if v, ok := instr.(ssa.Value); ok {
-				if _, ok := v.(*ssa.Range); !ok {
+			if v, ok := instr.(ir.Value); ok {
+				if _, ok := v.(*ir.Range); !ok {
 					// See https://github.com/golang/go/issues/19670
 
 					// (4.8) instructions use their types
@@ -1693,29 +1689,29 @@ func (g *Graph) instructions(ctx *context, fn *ssa.Function) {
 				}
 			}
 			switch instr := instr.(type) {
-			case *ssa.Field:
+			case *ir.Field:
 				st := instr.X.Type().Underlying().(*types.Struct)
 				field := st.Field(instr.Field)
 				// (4.7) functions use fields they access
 				ctx.seeAndUse(field, fnObj, edgeFieldAccess)
-			case *ssa.FieldAddr:
-				st := lintdsl.Dereference(instr.X.Type()).Underlying().(*types.Struct)
+			case *ir.FieldAddr:
+				st := code.Dereference(instr.X.Type()).Underlying().(*types.Struct)
 				field := st.Field(instr.Field)
 				// (4.7) functions use fields they access
 				ctx.seeAndUse(field, fnObj, edgeFieldAccess)
-			case *ssa.Store:
+			case *ir.Store:
 				// nothing to do, handled generically by operands
-			case *ssa.Call:
+			case *ir.Call:
 				c := instr.Common()
 				if !c.IsInvoke() {
 					// handled generically as an instruction operand
 
 					if g.wholeProgram {
 						// (e3) special case known reflection-based method callers
-						switch lintdsl.CallName(c) {
+						switch code.CallName(c) {
 						case "net/rpc.Register", "net/rpc.RegisterName", "(*net/rpc.Server).Register", "(*net/rpc.Server).RegisterName":
-							var arg ssa.Value
-							switch lintdsl.CallName(c) {
+							var arg ir.Value
+							switch code.CallName(c) {
 							case "net/rpc.Register":
 								arg = c.Args[0]
 							case "net/rpc.RegisterName":
@@ -1725,10 +1721,10 @@ func (g *Graph) instructions(ctx *context, fn *ssa.Function) {
 							case "(*net/rpc.Server).RegisterName":
 								arg = c.Args[2]
 							}
-							walkPhi(arg, func(v ssa.Value) {
-								if v, ok := v.(*ssa.MakeInterface); ok {
-									walkPhi(v.X, func(vv ssa.Value) {
-										ms := ctx.pkg.SSA.Prog.MethodSets.MethodSet(vv.Type())
+							walkPhi(arg, func(v ir.Value) {
+								if v, ok := v.(*ir.MakeInterface); ok {
+									walkPhi(v.X, func(vv ir.Value) {
+										ms := ctx.pkg.IR.Prog.MethodSets.MethodSet(vv.Type())
 										for i := 0; i < ms.Len(); i++ {
 											if ms.At(i).Obj().Exported() {
 												g.useMethod(ctx, vv.Type(), ms.At(i), fnObj, edgeNetRPCRegister)
@@ -1743,13 +1739,13 @@ func (g *Graph) instructions(ctx *context, fn *ssa.Function) {
 					// (4.5) functions use functions/interface methods they call
 					ctx.seeAndUse(c.Method, fnObj, edgeInterfaceCall)
 				}
-			case *ssa.Return:
+			case *ir.Return:
 				// nothing to do, handled generically by operands
-			case *ssa.ChangeType:
+			case *ir.ChangeType:
 				// conversion type handled generically
 
-				s1, ok1 := lintdsl.Dereference(instr.Type()).Underlying().(*types.Struct)
-				s2, ok2 := lintdsl.Dereference(instr.X.Type()).Underlying().(*types.Struct)
+				s1, ok1 := code.Dereference(instr.Type()).Underlying().(*types.Struct)
+				s2, ok2 := code.Dereference(instr.X.Type()).Underlying().(*types.Struct)
 				if ok1 && ok2 {
 					// Converting between two structs. The fields are
 					// relevant for the conversion, but only if the
@@ -1768,13 +1764,13 @@ func (g *Graph) instructions(ctx *context, fn *ssa.Function) {
 						ctx.seeAndUse(s2.Field(i), s1.Field(i), edgeStructConversion)
 					}
 				}
-			case *ssa.MakeInterface:
+			case *ir.MakeInterface:
 				// nothing to do, handled generically by operands
-			case *ssa.Slice:
+			case *ir.Slice:
 				// nothing to do, handled generically by operands
-			case *ssa.RunDefers:
+			case *ir.RunDefers:
 				// nothing to do, the deferred functions are already marked use by defering them.
-			case *ssa.Convert:
+			case *ir.Convert:
 				// to unsafe.Pointer
 				if typ, ok := instr.Type().(*types.Basic); ok && typ.Kind() == types.UnsafePointer {
 					if ptr, ok := instr.X.Type().Underlying().(*types.Pointer); ok {
@@ -1797,61 +1793,79 @@ func (g *Graph) instructions(ctx *context, fn *ssa.Function) {
 						}
 					}
 				}
-			case *ssa.TypeAssert:
+			case *ir.TypeAssert:
 				// nothing to do, handled generically by instruction
 				// type (possibly a tuple, which contains the asserted
 				// to type). redundantly handled by the type of
-				// ssa.Extract, too
-			case *ssa.MakeClosure:
+				// ir.Extract, too
+			case *ir.MakeClosure:
 				// nothing to do, handled generically by operands
-			case *ssa.Alloc:
+			case *ir.Alloc:
 				// nothing to do
-			case *ssa.UnOp:
+			case *ir.UnOp:
 				// nothing to do
-			case *ssa.BinOp:
+			case *ir.BinOp:
 				// nothing to do
-			case *ssa.If:
+			case *ir.If:
 				// nothing to do
-			case *ssa.Jump:
+			case *ir.Jump:
 				// nothing to do
-			case *ssa.IndexAddr:
+			case *ir.Unreachable:
 				// nothing to do
-			case *ssa.Extract:
+			case *ir.IndexAddr:
 				// nothing to do
-			case *ssa.Panic:
+			case *ir.Extract:
 				// nothing to do
-			case *ssa.DebugRef:
+			case *ir.Panic:
 				// nothing to do
-			case *ssa.BlankStore:
+			case *ir.DebugRef:
 				// nothing to do
-			case *ssa.Phi:
+			case *ir.BlankStore:
 				// nothing to do
-			case *ssa.MakeMap:
+			case *ir.Phi:
 				// nothing to do
-			case *ssa.MapUpdate:
+			case *ir.Sigma:
 				// nothing to do
-			case *ssa.Lookup:
+			case *ir.MakeMap:
 				// nothing to do
-			case *ssa.MakeSlice:
+			case *ir.MapUpdate:
 				// nothing to do
-			case *ssa.Send:
+			case *ir.MapLookup:
 				// nothing to do
-			case *ssa.MakeChan:
+			case *ir.StringLookup:
 				// nothing to do
-			case *ssa.Range:
+			case *ir.MakeSlice:
 				// nothing to do
-			case *ssa.Next:
+			case *ir.Send:
 				// nothing to do
-			case *ssa.Index:
+			case *ir.MakeChan:
 				// nothing to do
-			case *ssa.Select:
+			case *ir.Range:
 				// nothing to do
-			case *ssa.ChangeInterface:
+			case *ir.Next:
+				// nothing to do
+			case *ir.Index:
+				// nothing to do
+			case *ir.Select:
+				// nothing to do
+			case *ir.ChangeInterface:
+				// nothing to do
+			case *ir.Load:
+				// nothing to do
+			case *ir.Go:
+				// nothing to do
+			case *ir.Defer:
+				// nothing to do
+			case *ir.Parameter:
+				// nothing to do
+			case *ir.Const:
+				// nothing to do
+			case *ir.Recv:
+				// nothing to do
+			case *ir.TypeSwitch:
+				// nothing to do
+			case *ir.ConstantSwitch:
 				// nothing to do
-			case *ssa.Go:
-				// nothing to do, handled generically by operands
-			case *ssa.Defer:
-				// nothing to do, handled generically by operands
 			default:
 				panic(fmt.Sprintf("unreachable: %T", instr))
 			}
@@ -1892,22 +1906,22 @@ func isNoCopyType(typ types.Type) bool {
 	return true
 }
 
-func walkPhi(v ssa.Value, fn func(v ssa.Value)) {
-	phi, ok := v.(*ssa.Phi)
+func walkPhi(v ir.Value, fn func(v ir.Value)) {
+	phi, ok := v.(*ir.Phi)
 	if !ok {
 		fn(v)
 		return
 	}
 
-	seen := map[ssa.Value]struct{}{}
-	var impl func(v *ssa.Phi)
-	impl = func(v *ssa.Phi) {
+	seen := map[ir.Value]struct{}{}
+	var impl func(v *ir.Phi)
+	impl = func(v *ir.Phi) {
 		if _, ok := seen[v]; ok {
 			return
 		}
 		seen[v] = struct{}{}
 		for _, e := range v.Edges {
-			if ev, ok := e.(*ssa.Phi); ok {
+			if ev, ok := e.(*ir.Phi); ok {
 				impl(ev)
 			} else {
 				fn(e)
diff --git a/vendor/honnef.co/go/tools/version/version.go b/vendor/honnef.co/go/tools/version/version.go
index 468e8efd..8272a49b 100644
--- a/vendor/honnef.co/go/tools/version/version.go
+++ b/vendor/honnef.co/go/tools/version/version.go
@@ -7,7 +7,7 @@ import (
 	"runtime"
 )
 
-const Version = "2019.2.3"
+const Version = "2020.1.3"
 
 // version returns a version descriptor and reports whether the
 // version is a known release.
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 802b0dde..1740354f 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -73,6 +73,11 @@ github.com/crillab/gophersat/solver
 github.com/cyphar/filepath-securejoin
 # github.com/davecgh/go-spew v1.1.1
 github.com/davecgh/go-spew/spew
+# github.com/docker/cli v0.0.0-20200130152716-5d0cf8839492
+github.com/docker/cli/cli/config
+github.com/docker/cli/cli/config/configfile
+github.com/docker/cli/cli/config/credentials
+github.com/docker/cli/cli/config/types
 # github.com/docker/distribution v2.7.1+incompatible
 github.com/docker/distribution
 github.com/docker/distribution/digestset
@@ -81,6 +86,7 @@ github.com/docker/distribution/manifest/schema1
 github.com/docker/distribution/manifest/schema2
 github.com/docker/distribution/reference
 github.com/docker/distribution/registry/api/errcode
+github.com/docker/distribution/registry/client/auth/challenge
 # github.com/docker/docker v17.12.0-ce-rc1.0.20200417035958-130b0bc6032c+incompatible => github.com/Luet-lab/moby v17.12.0-ce-rc1.0.20200605210607-749178b8f80d+incompatible
 github.com/docker/docker/api/types/blkiodev
 github.com/docker/docker/api/types/container
@@ -105,6 +111,9 @@ github.com/docker/docker/pkg/stdcopy
 github.com/docker/docker/pkg/system
 github.com/docker/docker/pkg/term
 github.com/docker/docker/pkg/term/windows
+# github.com/docker/docker-credential-helpers v0.6.3
+github.com/docker/docker-credential-helpers/client
+github.com/docker/docker-credential-helpers/credentials
 # github.com/docker/go-connections v0.4.0
 github.com/docker/go-connections/nat
 # github.com/docker/go-units v0.4.0
@@ -141,7 +150,7 @@ github.com/gogo/protobuf/gogoproto
 github.com/gogo/protobuf/proto
 github.com/gogo/protobuf/protoc-gen-gogo/descriptor
 github.com/gogo/protobuf/sortkeys
-# github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6
+# github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e
 github.com/golang/groupcache/lru
 # github.com/golang/protobuf v1.4.2
 github.com/golang/protobuf/proto
@@ -149,11 +158,34 @@ github.com/golang/protobuf/ptypes
 github.com/golang/protobuf/ptypes/any
 github.com/golang/protobuf/ptypes/duration
 github.com/golang/protobuf/ptypes/timestamp
+# github.com/google/go-containerregistry v0.2.1
+github.com/google/go-containerregistry/pkg/authn
+github.com/google/go-containerregistry/pkg/crane
+github.com/google/go-containerregistry/pkg/internal/legacy
+github.com/google/go-containerregistry/pkg/internal/redact
+github.com/google/go-containerregistry/pkg/internal/retry
+github.com/google/go-containerregistry/pkg/internal/retry/wait
+github.com/google/go-containerregistry/pkg/legacy
+github.com/google/go-containerregistry/pkg/legacy/tarball
+github.com/google/go-containerregistry/pkg/logs
+github.com/google/go-containerregistry/pkg/name
+github.com/google/go-containerregistry/pkg/v1
+github.com/google/go-containerregistry/pkg/v1/empty
+github.com/google/go-containerregistry/pkg/v1/layout
+github.com/google/go-containerregistry/pkg/v1/match
+github.com/google/go-containerregistry/pkg/v1/mutate
+github.com/google/go-containerregistry/pkg/v1/partial
+github.com/google/go-containerregistry/pkg/v1/remote
+github.com/google/go-containerregistry/pkg/v1/remote/transport
+github.com/google/go-containerregistry/pkg/v1/stream
+github.com/google/go-containerregistry/pkg/v1/tarball
+github.com/google/go-containerregistry/pkg/v1/types
+github.com/google/go-containerregistry/pkg/v1/v1util
 # github.com/google/gofuzz v1.1.0
 github.com/google/gofuzz
 # github.com/google/uuid v1.1.1
 github.com/google/uuid
-# github.com/googleapis/gnostic v0.1.0
+# github.com/googleapis/gnostic v0.2.2
 github.com/googleapis/gnostic/OpenAPIv2
 github.com/googleapis/gnostic/compiler
 github.com/googleapis/gnostic/extensions
@@ -356,7 +388,7 @@ go.mongodb.org/mongo-driver/bson/bsonrw
 go.mongodb.org/mongo-driver/bson/bsontype
 go.mongodb.org/mongo-driver/bson/primitive
 go.mongodb.org/mongo-driver/x/bsonx/bsoncore
-# go.opencensus.io v0.22.2
+# go.opencensus.io v0.22.3
 go.opencensus.io
 go.opencensus.io/internal
 go.opencensus.io/trace
@@ -382,9 +414,11 @@ golang.org/x/crypto/pbkdf2
 golang.org/x/crypto/ripemd160
 golang.org/x/crypto/scrypt
 golang.org/x/crypto/ssh/terminal
-# golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f
+# golang.org/x/lint v0.0.0-20200302205851-738671d3881b
 golang.org/x/lint
 golang.org/x/lint/golint
+# golang.org/x/mod v0.3.0
+golang.org/x/mod/semver
 # golang.org/x/net v0.0.0-20201006153459-a7d1128ccaa0
 golang.org/x/net/context
 golang.org/x/net/context/ctxhttp
@@ -395,10 +429,10 @@ golang.org/x/net/http/httpguts
 golang.org/x/net/http2
 golang.org/x/net/http2/hpack
 golang.org/x/net/idna
-# golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
+# golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
 golang.org/x/oauth2
 golang.org/x/oauth2/internal
-# golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e
+# golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208
 golang.org/x/sync/errgroup
 # golang.org/x/sys v0.0.0-20201113135734-0a15ea8d9b02
 golang.org/x/sys/internal/unsafeheader
@@ -425,27 +459,35 @@ golang.org/x/text/secure/bidirule
 golang.org/x/text/transform
 golang.org/x/text/unicode/bidi
 golang.org/x/text/unicode/norm
-# golang.org/x/time v0.0.0-20191024005414-555d28b269f0
+# golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1
 golang.org/x/time/rate
-# golang.org/x/tools v0.0.0-20200103221440-774c71fcf114
+# golang.org/x/tools v0.0.0-20200916195026-c9a70fc28ce3
 golang.org/x/tools/go/analysis
 golang.org/x/tools/go/analysis/passes/inspect
 golang.org/x/tools/go/ast/astutil
 golang.org/x/tools/go/ast/inspector
 golang.org/x/tools/go/buildutil
 golang.org/x/tools/go/gcexportdata
+golang.org/x/tools/go/internal/cgo
 golang.org/x/tools/go/internal/gcimporter
 golang.org/x/tools/go/internal/packagesdriver
+golang.org/x/tools/go/loader
 golang.org/x/tools/go/packages
 golang.org/x/tools/go/types/objectpath
 golang.org/x/tools/go/types/typeutil
-golang.org/x/tools/internal/fastwalk
-golang.org/x/tools/internal/gopathwalk
-golang.org/x/tools/internal/semver
-# golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543
+golang.org/x/tools/internal/analysisinternal
+golang.org/x/tools/internal/event
+golang.org/x/tools/internal/event/core
+golang.org/x/tools/internal/event/keys
+golang.org/x/tools/internal/event/label
+golang.org/x/tools/internal/gocommand
+golang.org/x/tools/internal/lsp/fuzzy
+golang.org/x/tools/internal/packagesinternal
+golang.org/x/tools/internal/typesinternal
+# golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
 golang.org/x/xerrors
 golang.org/x/xerrors/internal
-# google.golang.org/appengine v1.6.5
+# google.golang.org/appengine v1.6.6
 google.golang.org/appengine/internal
 google.golang.org/appengine/internal/base
 google.golang.org/appengine/internal/datastore
@@ -453,15 +495,13 @@ google.golang.org/appengine/internal/log
 google.golang.org/appengine/internal/remote_api
 google.golang.org/appengine/internal/urlfetch
 google.golang.org/appengine/urlfetch
-# google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55
+# google.golang.org/genproto v0.0.0-20200527145253-8367513e4ece
 google.golang.org/genproto/googleapis/rpc/status
-# google.golang.org/grpc v1.27.1
+# google.golang.org/grpc v1.29.1
 google.golang.org/grpc/codes
-google.golang.org/grpc/connectivity
-google.golang.org/grpc/grpclog
-google.golang.org/grpc/internal
+google.golang.org/grpc/internal/status
 google.golang.org/grpc/status
-# google.golang.org/protobuf v1.23.0
+# google.golang.org/protobuf v1.24.0
 google.golang.org/protobuf/encoding/prototext
 google.golang.org/protobuf/encoding/protowire
 google.golang.org/protobuf/internal/descfmt
@@ -508,29 +548,33 @@ helm.sh/helm/v3/pkg/chart
 helm.sh/helm/v3/pkg/chart/loader
 helm.sh/helm/v3/pkg/chartutil
 helm.sh/helm/v3/pkg/engine
-# honnef.co/go/tools v0.0.1-2019.2.3
+# honnef.co/go/tools v0.0.1-2020.1.3
 honnef.co/go/tools/arg
 honnef.co/go/tools/cmd/staticcheck
+honnef.co/go/tools/code
 honnef.co/go/tools/config
 honnef.co/go/tools/deprecated
+honnef.co/go/tools/edit
 honnef.co/go/tools/facts
 honnef.co/go/tools/functions
 honnef.co/go/tools/go/types/typeutil
 honnef.co/go/tools/internal/cache
-honnef.co/go/tools/internal/passes/buildssa
+honnef.co/go/tools/internal/passes/buildir
 honnef.co/go/tools/internal/renameio
+honnef.co/go/tools/internal/robustio
 honnef.co/go/tools/internal/sharedcheck
+honnef.co/go/tools/ir
+honnef.co/go/tools/ir/irutil
 honnef.co/go/tools/lint
 honnef.co/go/tools/lint/lintdsl
 honnef.co/go/tools/lint/lintutil
 honnef.co/go/tools/lint/lintutil/format
 honnef.co/go/tools/loader
+honnef.co/go/tools/pattern
 honnef.co/go/tools/printf
+honnef.co/go/tools/report
 honnef.co/go/tools/simple
-honnef.co/go/tools/ssa
-honnef.co/go/tools/ssautil
 honnef.co/go/tools/staticcheck
-honnef.co/go/tools/staticcheck/vrp
 honnef.co/go/tools/stylecheck
 honnef.co/go/tools/unused
 honnef.co/go/tools/version