Geeklog: What I Learnt Today / Adam

Static analysis of PHP code base using Phan

> Ran phan over a php codebase to try it out see what it produces. First ran least stringent which didn't produce much (possibly my code base is a magical unicorn)

./phan -p --minimum-severity=10 --quick --ignore-undeclared -f files.txt -o out.txt
So then went to severest which produced noise

./phan -p --minimum-severity=0 --backward-compatibility-checks --dead-code-detection -f files.txt -o out.txt

So then dialed back to

./phan --progress-bar --minimum-severity=0 --backward-compatibility-checks --file-list files.txt --ignore-undeclared --output out.txt

There are possibly false warnings but it does give you an idea of places that might need consideration. Here I'm operating on a the result of a function that might return False on no results or an array of results on success.

$siblings = $this->getSiblingsForAssessment($siblingGroups,$problemSetId);
	$siblings = implode(',', $siblings);

Which causes it to fuss as its thinking that $siblings is a (bool) ie True/False when it gets to $siblings = implode(',', $siblings);

/classes/assessment.php:210 PhanParamSpecial1 Argument 2 (pieces) is bool but \implode() takes array when argument 1 is string
/classes/assessment.php:210 PhanTypeMismatchArgumentInternal Argument 2 (glue) is bool but \implode() takes string

Perhaps in a more functional world we wouldn't want to do something where the type of a value changes but in a php world where variables are mutable and type is flexible perhaps its not so bad.
it can produce you more straight forwardly useful things like /classes/bookingChange.php:311 PhanNoopVariable Unused variable which was a pointless line


and warning you about optional arguments that are followed by non optional arguments in function calls
PhanParamTooMany Call with 6 arg(s) to \className::functionName() which only takes 5 arg(s) so thats probably not intentional.

Its probably useful as a way of reviewing code occasionally for smells and possible issues. I wouldn't worry about running as often as unit tests. Perhaps it would be useful as a way of viewing other peoples code or new code. Seems like its aimed athelping move a code base forward and stop it slipping back into old ‘bad’ habits.
They have a tutorial for analysing sloppy code base and installation instructions.

/ Adam