[Meta] Introduce a static code analyzer (like PHPStan) to the build process #25459
Comments
|
I guess I would be 👍 because we implemented it in Api-Platform and in our clients project and it's quite nice. But it could be alot of work to get everything to green, we should ensure that this cause no BC too. |
|
PHPStan's level system is meant for exactly that purpose: you're able to gradually ramp up your code quality over time, but have new code conform to the level once reached. The first step might be level 0 which is, AFAIK, only a lint. I'm sure @ondrejmirtes might weight in how to do this integration properly. |
|
Hi, PHPStan is already used by Doctrine, CakePHP, Prooph and other popular open-source libraries. CakePHP introduced PHPStan around a year ago, with level 0 and they gradually increased the level now to 2 (which is checked in CI build) and they are now working on fixing issues from level 3. I should summarise what each rule level is about:
Unique feature of PHPStan is that it's possible to define magic behaviour of classes/method/functions ( You can read more about PHPStan in the introductory article and also in the most recent article about the latest version. Let's not rush this; I'm not yet sure whether the better approach would be first to focus on analysing a Symfony-based project (which can bring a lot of benefits to Symfony users), or analyse Symfony framework itself. Because the extensions that one would need to write should be usable in both cases. What are your opinions? |
|
@ondrejmirtes thanks for the exhaustive answer. 👍 My suggestion here is definitely the framework itself, I'm using PHPStan on my Symfony project already and see HUGE benefits from doing it, it's not even a question if you should be doing it (from my POV, anyway). If you're talking about the container-related extension, agreed that it would be quite useful (it's already tracked at phpstan/phpstan#645). My reason is, I've gotten quite used to PHPStan pointing out errors I'm making as I'm working and, as I'm currently working on #24781, it feels quite bad to have it be missing. I'm sure Symfony would benefit from it, if only by developers having access to "a code review before code review". |
|
(Note: I use PHPStan and I think it's a very nice tool) The problem with introducing PHPStan is that the current codebase doesn't comply with its analysis, so it would take us a lot of time to make all branches pass all PHPStan checks ... and if we don't make the branches pass the analysis, we can't activate it for new pull requests because you'll find lots of unrelated issues. The same happens to us with something much simpler: PHP CS Fixer. Our code doesn't comply with it entirely (because some old code) so we can't recommend contributors to run "php-cs-fixer fix" in their PRs because they'll find some unrelated problems (we have fabbot checker that does the PHP Cs Fixer only for the changes of the PR, not the entire codebase). |
|
I think that once we integrate PHPStan at least with level 0 (which is very basic and the errors pointed out are objectively bugs), it's benefitial that also all the branches and pull requests are also analysed and correct before merging - that means that no new bugs are introduced because there are guards set up by CI and PHPStan. |
That's exactly my suggestion here, it should be rather easy to start from here and attach PRs to increase the level once possible. |
|
note: SCA is already performed via fabbot.io. |
|
You guys said issues found on level 0 are objectively bugs. So far it doesn't seem so. PhpStan does wrong assumptions. I'm not blaming PHPStan though, those assumptions are logical and are made because PHPStan lacks the context. |
|
@ostrolucky in what way wrong? There's only one false positive found as of yet, IIRC (I'm on mobile) |
|
AFAIK PHPStan works according to the rule levels I described. If there’s
something that does not meet this criteria, file a bug please.
My view of this is that the code in question in traits is weird or wrong in
some ways - the rule of thumb is that if a developer has problems
understanding the code, so will PHPStan, so it’s a valuable feedback either
way.
On Tue, 19 Dec 2017 at 11:58, Dalibor Karlović ***@***.***> wrote:
@ostrolucky <https://github.com/ostrolucky> in what way wrong? There's
only one false positive found as of yet, IIRC (I'm on mobile)
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#25459 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAGZuLPxwEKsuZ_cBmyQpdxxtv7F8wFeks5tB5bkgaJpZM4Q-u2V>
.
--
Ondřej Mirtes
|
Can we move on? The code is working as expected and perfectly right for the purpose. |
|
Closing as it seems the current code is fine as-is. See #25536 discussion for details. |
Having a tool like PHPStan introduced to the build process would mean we'd be able to have much more instances like #21802 caught all over the codebase. It would require fewer resources doing code reviews as plenty of thing will get pointed out by PHPStan before even getting to the review process.
The text was updated successfully, but these errors were encountered: