ProHoster > Blog > internet news > Release of PHPStan 1.0, a static analyzer for PHP code

Release of PHPStan 1.0, a static analyzer for PHP code

After six years of development, the first stable release of the PHPStan 1.0 static analyzer has taken place, which allows you to find errors in PHP code without executing it and using unit tests. The project code is written in PHP and distributed under the MIT license.

The analyzer provides 10 levels of verification, in which each subsequent level expands the capabilities of the previous one and provides more stringent checks:

  • Basic checks, defining unknown classes, functions and methods ($this), undefined variables, and passing the wrong number of arguments.
  • Finding possibly undefined variables, unknown magic methods and class properties with __call and __get.
  • Detection of unknown methods in all expressions, not limited to calling via $this. Checking PHPDocs.
  • Checking return types and assigning types to properties.
  • Basic detection of "dead" (never called) code. Detect calls to instanceof always returning false, never firing else blocks, and code after return.
  • Checking the types of arguments passed to methods and functions.
  • Warning about missing type information annotations.
  • Warning about invalid union types that define collections of two or more types.
  • Warning about calling methods and accessing properties with "nullable" types.
  • Checking the use of the "mixed" type.

    Examples of underlying problems identified:

    • Existence of classes used in instanceof, catch, typehints and other language constructs.
    • Existence and availability of called methods and functions, as well as the number of arguments passed.
    • Checking if a method returns data with the same type as defined in the return statement.
    • Existence and visibility of the properties being accessed, and validation of the declared and actual data types used in the properties.
    • The correctness of the number of parameters passed to sprintf/printf calls in the string formatter.
    • The existence of variables, taking into account blocks formed by branch operators and loops.
    • Useless typecasts (like "(string) 'foo'") and strict checks ("===" and "!==") on data with different types and operands always returning false.

    Key innovations of PHPStan 1.0:

    • The check level "9" is implemented, which checks the use of the "mixed" type, which is intended for organizing the reception of parameters with different types by the function. The ninth level exposes the unsafe uses of "mixed", such as passing values ​​of type "mixed" to another type, calling methods of type "mixed", and accessing its properties because they might not exist.
    • Controlling return value identity checks for identical function calls using the @phpstan-pure and @phpstan-impure annotations.
    • Type analysis in try-catch-finally constructs using @throws annotations.
    • Identification of defined but unused internal (private) properties, methods and constants.
    • Passing incompatible callbacks to array functions such as array_map and usort.
    • Type inspection for missing typehint annotations.
    • Type declarations have been made compatible with PHPDocs, allowing PHPDocs to use types from error messages.

    Source: opennet.ru

    • Add a comment