-
Notifications
You must be signed in to change notification settings - Fork 238
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
N°6644 - Add static analysis for PHP #536
Open
Molkobain
wants to merge
9
commits into
support/2.7
Choose a base branch
from
feature/4678-add-static-analysis-for-php
base: support/2.7
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Molkobain
force-pushed
the
feature/4678-add-static-analysis-for-php
branch
2 times, most recently
from
August 6, 2023 21:18
3adfdc3
to
11ee3f3
Compare
Have you investigated means to ignore errors by the mean of PHP anotations? Though it would be cumbersome to establish the first baseline, then the job would be far easier. |
Indeed I did, here are some of the observations:
That's why this wasn't a stopper at the time, but it can of course be discussed. |
Molkobain
changed the title
N°4678 - Add static analysis for PHP
N°6644 - Add static analysis for PHP
Aug 10, 2023
Molkobain
force-pushed
the
feature/4678-add-static-analysis-for-php
branch
from
August 11, 2023 20:08
11ee3f3
to
eb8b0d5
Compare
Molkobain
force-pushed
the
feature/4678-add-static-analysis-for-php
branch
from
April 8, 2024 14:30
e17570e
to
fcf5d5e
Compare
odain-cbd
force-pushed
the
feature/4678-add-static-analysis-for-php
branch
from
April 10, 2024 07:42
fcf5d5e
to
c688537
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Internal PR
Objective
Introduce static analysis in iTop and our modules to better detect code issues and compatibility with the PHP versions supported by each branches.
Framework choice
Initial choice
At first, I was really into Phan for the following reasons:
But it has a main drawback, its baseline.
The generated baseline only keeps track of the types of issues in a file but neither their counts nor their lines, which means that if an issue is already present for a file in the baseline, it won't detect a new occurrence of that issue.
Example of baseline
This is a no-go for us as we want to keep a accurate baseline so we can fix any issue from new pieces of code and leave existing (non critical) issues in baseline for correction over time.
New choice
Finally, I chose PHPStan because it was the closest contender to Phan with a good enough baseline. It offers almost everything we look for in Phan except:
=> We will rely on the PHP versions rotation of the CI
=> It's made out of a NEON file, but handles includes and PHP files to bootstrap the analysis, so we'll be able to do what we need
Also, PHPStan seems to offer better ways to suppress false positives due to polymorphism.
The baseline still isn't perfect as it doesn't keep track of the issues line numbers, so if we fix one but introduce another, the analysis result will see no change.
But keeping track of line numbers in a baseline is difficult as they change all the time due to codebase modifications. So we accept that, having the counts seems good enough.
Example of baseline
How the PR works
This PR was designed to be very easy to use either for a developer on it's computer and in the CI.
<ITOP>/tests/php-static-analysis
folderIf you are interested in testing this PR, you should take a look at the included README.md.
Proposed approach for static analysis deployment
As for the rules level we should start with, it as to be discussed to define what we want to try to match for new developments. I would go with level 5 for new developments and at least level 1 (or 3) for what we want to fix in the existing codebase.
What remains to be done in this PR
for-package.dist.neon
file, but seems rather heavy to maintainMain drawback is that it defines the PHP version running PHPStan as well and it won't allow to analyse PHP 5.6 => 7.1. So we might not consider it.
Make a PR on PHPStan to add the--php-version
argument to the command line. Issue created to see if a PR would be considered.Issue rejected, they recommend option 2.