Why does "go vet" not show an error here?

With the following code, go vet does not show an "out of bounds" error as I would expect:

package main

func main() {
	a := make([]string, 1)
	a[2] = "foo"
}

From the go vet documentation:

> Flag: -shift
>
> Shifts equal to or longer than the variable's length.

If go vet is not the tool to catch these errors, what is? Compiling and/or testing the code will catch this, but I'm looking for a static analysis based tool.

Its true that Go vet is for catching suspicious runtime error, by using some heuristics. The first Para is exact regarding its work

> Vet examines Go source code and reports suspicious constructs, such as Printf calls whose arguments do not align with the format string. Vet uses heuristics that do not guarantee all reports are genuine problems, but it can find errors not caught by the compilers.

also in documentation its mentioned that

> Note that the tool does not check every possible problem and depends on unreliable heuristics.

also the code which you are using to check for vetting your package is something very difficult to find by those heuristics as you are using a dynamic slice which can be appended or modified at runtime.
thereby not a perfect heuristic can be thought about for that.

fmt.Printf("%d", "scsa", "DSD")

those heuristic can catch things like this it all depends on what the training data is.

So vet should be a tool to take a quick look whether there is some general mistake which has been missed by you (If It gets caught )its nothing like a compile tool or runtime checker it just runs some heuristics on the plane code you have written.

also documentation provides a list of available checks some examples are

> Assembly declarations,
> Copying locks,
> Printf family,
> Methods,
> Struct tags,

etc there are many, you can see and read the complete documentation