ProHoster > Blog > internet nhau > Kuburitswa kweMapisarema 3.12, static analyzer yemutauro wePHP. Alpha kuburitswa kwePHP 8.0

Kuburitswa kweMapisarema 3.12, static analyzer yemutauro wePHP. Alpha kuburitswa kwePHP 8.0

Vimeo Company yakabudiswa kuburitswa kutsva kwe static analyzer Pisarema 3.12, iyo inokutendera kuti uone zvikanganiso zviri pachena uye zvisinganzwisisike muPHP kodhi, pamwe nekugadzirisa otomatiki mamwe marudzi ezvikanganiso. Iyo sisitimu yakakodzera kuona matambudziko ese ari munhaka kodhi uye mukodhi inoshandisa zvazvino maficha akaunzwa mumapazi matsva ePHP. Iyo kodhi yeprojekiti yakanyorwa muPHP uye inoparadzirwa ne pasi peMIT rezinesi.

Mapisarema anozivisa mazhinji ematambudziko ane chekuita nemhando isiriyo kushandiswa, pamwe neakasiyana zvikanganiso zvakajairika. Semuyenzaniso, inotsigira yambiro pamusoro pekusanganisa mavhezheni emhando dzakasiyana mukutaura, zviyedzo zvisina musoro (sekuti "kana ($a && $a) {}", "kana ($a && !$a) {}" uye " kana ( $a) {} elseif ($a) {}"), kutanga kusina kukwana kwezvivakwa zvechinhu. Iyo analyzer inomhanya mu-multi-threaded mode. Zvinokwanisika kuita incremental scans, iyo inoongorora chete mafaira akachinja kubva pakupedzisira scan.

Uyezve, maturusi epurogiramu akachengeteka anopiwa kubvumira shandisa zvirevo mufomati Docblock (“/** @var Rudzi */”) kuti upe ruzivo rwemhando dzakasiyana-siyana, kudzorera kukosha, maitiro ekushanda, zvinhu zvezvinhu. Kutsanangura mhando dzemashandisirwo emhando uye kushandisa zvirevo zvinotsigirwa zvakare. Semuyenzaniso:

/** @var tambo|null */
$a = foo();

/** @var tambo $a */
echo strpos($a, 'hello');

/** @pisarema-assert-kana-chokwadi B $a */
basa isValidB (A $a): bool {
dzorera $a exampleof B && $a->isValid();
}

Kuti uite otomatiki kubviswa kwezvinetso zvakawanikwa, iyo Psalter utility inopihwa, iyo inotsigira plugins uye Kunoitawo gadzirisa matambudziko akajairwa ekodhi, wedzera zvinyorwa zvemhando, uye ita manipulations sekufambisa makirasi kubva kune rimwe zita kuenda kune rimwe, nzira dzekufambisa pakati pemakirasi, uye kupa mazita makirasi uye nzira.

Muchikamu chitsva chePisarema itwa iyo "--taint-analysis" sarudzo inobvumidza iwe kuronda hukama pakati pemapimendi ekuisa anogamuchirwa kubva kumushandisi (semuenzaniso, $_GET['zita']) uye kushandiswa kwawo munzvimbo dzinoda kutiza hunhu (semuenzaniso, echo " $zita "), kusanganisira kuburikidza nekutevera cheni dzepakati mabasa uye mafoni ekuita. Kushandiswa kweassociative arrays $_GET, $_POST uye $_COOKIE inoonekwa semanyuko e data rine njodzi, asi zvinogoneka zvakare. tsanangudzo zvinyorwa zvayo. Zviito zvinoda kutiza kuronda zvinosanganisira zvinobuda zvinoburitsa zvinyorwa zveHTML, wedzera misoro yeHTTP, kana kuita mibvunzo yeSQL.

Kusimbisa kunoshandiswa kana uchishandisa mabasa akadai se echo, exec, sanganisira uye musoro. Paunenge uchiongorora kudiwa kwekupukunyuka, mhando dzedata senge zvinyorwa, tambo dzine SQL, HTML neShell kodhi, tambo dzine maparamendi echokwadi anotariswa. Iyo yakarongwa modhi inobvumidza iwe kuti uone kusazvibata mukodhi inotungamira kune-cross-saiti scripting (XSS) kana SQL substitution.

Uyezve, inogona kucherechedzwa kutanga alpha kuyedzwa kweiyo itsva PHP 8.0 bazi. Kuburitswa kwakarongerwa Mbudzi 26. Zvinotevera zvinotarisirwa mubazi idzva: zvitsvalike:

  • Kusanganisira JIT compiler, kushandiswa kwayo kuchavandudza kubudirira.
  • tsigira mubatanidzwa mhando, ichitsanangura kuunganidzwa kwemhando mbiri kana kupfuura (semuenzaniso, “public function foo(Foo|Bar $input): int|float;”).
  • tsigira hunhu (zvirevo) zvinokutendera kuti usunge metadata (senge ruzivo rwemhando) kumakirasi pasina kushandisa Docblock syntax.
  • Sintakisi yakapfupikiswa tsananguro dzekirasi, zvichikubvumidza kuti ubatanidze tsananguro yeanovaka uye zvivakwa.
  • Rudzi rutsva rwekudzoka - kunofambira mberi.
  • Rudzi rutsva - zvakasiyana, iyo inogona kushandiswa kuona kana basa rinogamuchira paramita dzemhando dzakasiyana.
  • Tsanangudzo Throw kubata kunze.
  • WeakMap kugadzira zvinhu zvinogona kubayirwa panguva yekuunganidza marara (somuenzaniso, kuchengetedza zvisingakoshi cache).
  • Mukana uchishandisa izwi rekuti "::kirasi" kune zvinhu (zvakafanana nekufona get_class()).
  • Mukana tsananguro mubhuroko rekubata rezvisizvo izvo zvisina kusungirirwa kune zvinoshanduka.
  • Mukana kusiya koma mushure mechinhu chekupedzisira mune rondedzero yemabasa paramita.
  • New interface Stringable kuona chero mhando dzetambo kana data inogona kushandurwa kuita tambo (iyo iyo __toString () nzira inowanikwa).
  • New feature str_contains(), analogue yakareruka ye strpos yekuona kuitika kwetambo diki, pamwe nemabasa str_starts_with() uye str_ends_with() ekutarisa machisi panotangira uye panoperera tambo.
  • Akawedzera basa fdiv(), iyo inoita division operation pasina kukanda chikanganiso pakupatsanurwa ne zero.
  • Changed tambo yekubatanidza pfungwa. Semuenzaniso, izwi rekuti 'echo "sum:" . $a + $b' yakambodudzirwa ichinzi 'echo ("sum: " . $a) + $b', uye muPHP 8 ichatorwa se'echo "sum: " . ($a + $b)'.
  • Yakaomeswa kutarisa arithmetic uye bit operations, semuenzaniso, mazwi ekuti "[] % [42]" uye "$object + 4" achakonzera kukanganisa.
  • Implemented yakagadzikana yekuronga algorithm umo kurongeka kwehunhu hwakafanana hunochengetedzwa mukati mekumhanya kwakasiyana.

Source: opennet.ru

Voeg