Page MenuHomePhabricator
Create Task
Maniphest T133664

Statically analyse MinervaNeue codebases with Phan
Closed, ResolvedPublic
Actions

Description

Static analysis can help us to catch errors and (potentially) bugs before they're merged into the codebase.

Static analysis with Phan was enabled for MediaWiki extensions on our CI infrastructure as part of T153039: CI: Support running phan for extensions. We should enable/configure the tool like other extensions and reap the rewards!

We'll start by looking at a single extension/skin to get familiar with the tooling and get experience with fixing Phan bugs. Long term if we find it useful we'll apply Phan to all our codebases.

Acceptance criteria

  • Make the extension-unittest-generic job run for the MinervaNeue skin.
  • Copy the Phan config to the MinervaNeue skin.
    • We'll start with that given it's small and not an extension (so we can see if there are any issues with skins using it).
  • Review and group the errors by their difficulty to fix 'em.
  • Fix the easy to fix errors (and get those merged minus the config change)
  • Create tasks for errors that require further discussion (e.g. references to LqtDispatch).

Sign off steps

  • Open tasks for another reading web extension e.g. MobileFrontend or Popups. Copy this line to sign off steps for the new task - we'll do one at a time until reading web projects are using phan.

Questions

  • Do we need to enable any config changes e.g. check experimental?

@phuedx: Yes. Per T133664#3526092, we'll need to enable the extension-unittest-generic job for the MinervaNeue skin at least.

Details

SubjectRepoBranchLines +/-
Add phanmediawiki/skins/MinervaNeuemaster+38 -11
layout: [skins/MinervaNeue] Make phan votingintegration/configmaster+1 -2
layout: [skins/MinervaNeue] Add phan in non-voting modeintegration/configmaster+2 -0
Add phan dependencies for MinervaNeueintegration/configmaster+1 -0
Add phan config to MinervaNeuemediawiki/skins/MinervaNeuemaster+307 -0
Add phan config to Popupsmediawiki/extensions/Popupsmaster+307 -0
POC: Add Phan config filemediawiki/extensions/MobileFrontendmaster+30 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
MBinder_WMF added a project: Web-Team-Backlog.Apr 27 2016, 4:21 PM
MBinder_WMF moved this task from Incoming to Triaged but Future on the Web-Team-Backlog board.Jul 4 2016, 7:40 PM
MBinder_WMF added a project: Reading-Web-Tech-Debt.Oct 3 2016, 8:34 PM
MBinder_WMF edited projects, added Technical-Debt (RW-Tech-Debt); removed Technical-Debt.Oct 4 2016, 6:15 PM
MBinder_WMF removed a project: Reading-Web-Tech-Debt.Oct 4 2016, 7:53 PM
bmansurov moved this task from Uncategorized to Team Workflows/Internal on the Technical-Debt (RW-Tech-Debt) board.Oct 5 2016, 10:43 PM
phuedx closed this task as Declined.Nov 4 2016, 12:48 PM

I'll submit a new task about running Phan against MobileFrontend.

phuedx renamed this task from Review and fix phan errors to [EPIC] Fix Phan errors.Nov 6 2016, 6:23 AM
phuedx reopened this task as Open.
phuedx added a project: Epic.
phuedx updated the task description. (Show Details)
gerritbot subscribed.Nov 6 2016, 8:04 AM

Change 320077 had a related patch set uploaded (by Phuedx):
POC: Add Phan config file

https://gerrit.wikimedia.org/r/320077

gerritbot added a project: Patch-For-Review.Nov 6 2016, 8:04 AM
phuedx updated the task description. (Show Details)Nov 6 2016, 8:07 AM
phuedx claimed this task.Nov 6 2016, 8:19 AM
phuedx updated the task description. (Show Details)
phuedx renamed this task from [EPIC] Fix Phan errors to [EPIC] Statically analyse codebase with Etsy's Phan.Nov 7 2016, 11:55 AM
phuedx updated the task description. (Show Details)
gerritbot added a comment.Nov 8 2016, 9:27 AM

Change 320077 abandoned by Phuedx:
POC: Add Phan config file

Reason:
This change was only submitted for posterity.

https://gerrit.wikimedia.org/r/320077

Jdlrobson removed a project: Patch-For-Review.Nov 28 2016, 5:56 PM
Jdlrobson removed a project: good first task.Dec 15 2016, 7:07 PM
hashar added a subtask: T153252: Fix PHP issues in MediaWiki core found by Phan (static code analysis).Jan 26 2017, 1:48 PM
hashar added a parent task: T89682: Improving static analysis tools for MediaWiki.
Jdlrobson moved this task from Triaged but Future to 2014-15 Q4 on the Web-Team-Backlog board.Apr 14 2017, 12:29 AM
Jdlrobson moved this task from 2014-15 Q4 to Tracking on the Web-Team-Backlog board.Jun 29 2017, 9:11 PM
Jdlrobson edited projects, added Web-Team-Backlog (Tracking); removed Web-Team-Backlog.
Jdlrobson moved this task from Untriaged to Discuss further on the Web-Team-Backlog (Tracking) board.
Jdlrobson subscribed.Jul 21 2017, 5:49 PM

Looks like etsy phan is running on RelatedArticles when I do check experimental.
Do we want to add a phan file there or do we want to remove this from the experimental build? It confused me while working on https://gerrit.wikimedia.org/r/#/c/347116/

phuedx added a comment.Jul 21 2017, 6:43 PM

It looks like we're running Phan against any extension that uses the extension-unittest-generic template. The mwext-php70-phan-jessie job was added to the template in rCICF150f06c41479: Add mwext phan job to ext-unittest-generic as part of T153039: CI: Support running phan for extensions. It's unlikely that you'll remove it from the experimental build.

It looks like this task could be resolved if we were to copy https://gerrit.wikimedia.org/r/#/c/330257/ for the MobileFrontend extension (and RelatedArticles and Popups too).

Addshore subscribed.Aug 15 2017, 12:42 AM

Not sure if this should be changed from an Epic to an good first task ?

phuedx added a comment.Aug 15 2017, 7:27 AM

@Addshore: Probably a bit of both, right? Getting Phan running against the codebase is now pretty darn easy – it already is! – but fixing the errors… ;)

phuedx added a comment.Aug 15 2017, 7:28 AM

Wait… I take that back. This task just covers getting it running. I'll update the description!

Nemo_bis subscribed.Aug 15 2017, 7:44 AM

Do you know about T110617? WMF is currently using Veracode. Whatever the outcome, please mention any ongoing static analysis on the wiki, at a minimum on https://www.mediawiki.org/wiki/Core_Infrastructure_Initiative_Best_Practices_badge#Static_code_analysis so that I can update our best practices information.

phuedx renamed this task from [EPIC] Statically analyse codebase with Etsy's Phan to Statically analyse Readers Web codebases with Phan.Aug 15 2017, 8:55 AM
phuedx edited projects, added good first task; removed Epic.
phuedx updated the task description. (Show Details)
phuedx edited projects, added Web-Team-Backlog; removed Web-Team-Backlog (Tracking).
phuedx moved this task from Incoming to Needs Prioritization on the Web-Team-Backlog board.
Aklapper removed a project: good first task.Aug 15 2017, 9:06 AM

@phuedx: As good first task tasks are self-contained, non-controversial issues with a clear approach and should be well-described with pointers to help the new contributor, I'm removing the good first task tag. I have no idea which code base(s) this is about, and "review and group the errors by their difficulty to fix 'em" requires knowledge I don't have (how to know which error is how difficult to fix"), and no explanation how to "run" Phan either.
Please re-add the tag once the task description has been polished and provides sufficient information for a new contributor. Thanks!

phuedx added a comment.Aug 15 2017, 9:06 AM
In T133664#3525466, @Nemo_bis wrote:

Do you know about T110617? WMF is currently using Veracode. Whatever the outcome, please mention any ongoing static analysis on the wiki, at a minimum on https://www.mediawiki.org/wiki/Core_Infrastructure_Initiative_Best_Practices_badge#Static_code_analysis so that I can update our best practices information.

@Nemo_bis: Thanks for the ping. I'll be sure to read up on the Veracode project!

AFAICT WMF is currently using both Phan and Veracode for two different types of analysis:

  • Phan's being used to check for program incorrectness: correct operations on types, methods are accessible, valid return types of functions etc. – for a full list see Phan's README.md.
  • Veracode is being used to detect security vulnerabilities.
phuedx removed phuedx as the assignee of this task.Aug 15 2017, 9:07 AM
phuedx updated the task description. (Show Details)
Jdlrobson updated the task description. (Show Details)Aug 15 2017, 2:45 PM
phuedx added a comment.Aug 15 2017, 3:09 PM

@Jdlrobson: Regarding the part 1/part 2 split: Which of the Readers Web extensions don't run the extension-unittest-generic job on a per-commit basis.

gerritbot added a comment.Aug 15 2017, 3:15 PM

Change 372061 had a related patch set uploaded (by Jdlrobson; owner: Jdlrobson):
[mediawiki/skins/MinervaNeue@master] Add phan config to MinervaNeue

https://gerrit.wikimedia.org/r/372061

gerritbot added a project: Patch-For-Review.Aug 15 2017, 3:15 PM
Jdlrobson renamed this task from Statically analyse Readers Web codebases with Phan to Statically analyse MinervaNeue codebases with Phan.Aug 15 2017, 3:22 PM
Jdlrobson updated the task description. (Show Details)
gerritbot added a comment.Aug 15 2017, 3:39 PM

Change 372062 had a related patch set uploaded (by Jdlrobson; owner: Jdlrobson):
[mediawiki/extensions/Popups@master] Add phan config to Popups

https://gerrit.wikimedia.org/r/372062

Jdlrobson raised the priority of this task from Low to Medium.Aug 15 2017, 3:43 PM
In T133664#3526024, @phuedx wrote:

@Jdlrobson: Regarding the part 1/part 2 split: Which of the Readers Web extensions don't run the extension-unittest-generic job on a per-commit basis.

Per https://gerrit.wikimedia.org/r/#/c/372061/ it seems skins do not... and I'm not seeing it here: https://gerrit.wikimedia.org/r/#/c/372062/ ?
Am I missing something?

Jdlrobson updated the task description. (Show Details)Aug 15 2017, 3:44 PM
Jdlrobson removed a project: Patch-For-Review.Aug 22 2017, 6:56 PM
phuedx updated the task description. (Show Details)Aug 23 2017, 8:41 AM
phuedx updated the task description. (Show Details)
Jdlrobson moved this task from Needs Prioritization to Triaged but Future on the Web-Team-Backlog board.Aug 23 2017, 1:57 PM

@phuedx it doesn't seem to run on Popups either so my guess is we need config for that too (https://gerrit.wikimedia.org/r/#/c/372062/) but since this task is about MinervaNeue this would be a good opportunity to explore it.

gerritbot added a comment.Sep 27 2017, 9:05 PM

Change 372062 abandoned by Jdlrobson:
Add phan config to Popups

https://gerrit.wikimedia.org/r/372062

gerritbot added a comment.Sep 27 2017, 9:05 PM

Change 372061 abandoned by Jdlrobson:
Add phan config to MinervaNeue

https://gerrit.wikimedia.org/r/372061

Jdlrobson lowered the priority of this task from Medium to Low.Oct 11 2017, 10:05 PM
Jdlrobson edited projects, added phan-taint-check-plugin, Web-Team-Backlog (Tracking); removed Web-Team-Backlog.Aug 14 2018, 4:56 PM
Bawolff moved this task from Backlog to Wikimedia deployed on the phan-taint-check-plugin board.Aug 30 2018, 1:23 PM
Bawolff removed a project: phan-taint-check-plugin.Sep 8 2018, 2:39 AM
Bawolff subscribed.

It appears that phan-taint-check is voting on MinervaNeue, so removing that project from this bug.

EBernhardson closed subtask T153252: Fix PHP issues in MediaWiki core found by Phan (static code analysis) as Resolved.Sep 17 2018, 4:44 PM
Umherirrender merged a task: T224782: Add phan to MinervaNeue skin.May 31 2019, 9:30 PM
Umherirrender subscribed.
Umherirrender added a parent task: T224783: Enable mediawiki/mediawiki-phan-config on all Wikimedia-deployed repositories.May 31 2019, 9:39 PM
gerritbot added a comment.Jul 14 2019, 2:44 PM

Change 522953 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/skins/MinervaNeue@master] [WIP] Add phan

https://gerrit.wikimedia.org/r/522953

gerritbot added a project: Patch-For-Review.Jul 14 2019, 2:44 PM
gerritbot added a comment.Jul 14 2019, 2:50 PM

Change 522958 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[integration/config@master] Add phan dependencies for MinervaNeue

https://gerrit.wikimedia.org/r/522958

Daimona claimed this task.Jul 14 2019, 2:53 PM
gerritbot added a comment.Jul 15 2019, 3:57 PM

Change 523210 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[integration/config@master] layout: [skins/MinervaNeue] Add phan in non-voting mode

https://gerrit.wikimedia.org/r/523210

gerritbot added a comment.Jul 15 2019, 3:57 PM

Change 523211 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[integration/config@master] layout: [skins/MinervaNeue] Make phan voting

https://gerrit.wikimedia.org/r/523211

gerritbot added a comment.Jul 15 2019, 3:58 PM

Change 522958 merged by jenkins-bot:
[integration/config@master] Add phan dependencies for MinervaNeue

https://gerrit.wikimedia.org/r/522958

Stashbot added a comment.Jul 15 2019, 3:59 PM

Mentioned in SAL (#wikimedia-releng) [2019-07-15T15:59:30Z] <James_F> Zuul: Adding Echo and MobileFrontend dependencies to skins/MinervaNeue T133664

gerritbot added a comment.Jul 15 2019, 4:48 PM

Change 523210 merged by jenkins-bot:
[integration/config@master] layout: [skins/MinervaNeue] Add phan in non-voting mode

https://gerrit.wikimedia.org/r/523210

Stashbot added a comment.Jul 15 2019, 4:49 PM

Mentioned in SAL (#wikimedia-releng) [2019-07-15T16:49:10Z] <James_F> Zuul: [MinervaNeue] Add phan as non-voting T133664

gerritbot added a comment.Jul 15 2019, 6:00 PM

Change 523211 merged by jenkins-bot:
[integration/config@master] layout: [skins/MinervaNeue] Make phan voting

https://gerrit.wikimedia.org/r/523211

Stashbot added a comment.Jul 15 2019, 6:05 PM

Mentioned in SAL (#wikimedia-releng) [2019-07-15T18:05:04Z] <James_F> Zuul: [MinervaNeue] Make phan voting T133664

Jdforrester-WMF closed this task as Resolved.Jul 15 2019, 6:07 PM
Jdforrester-WMF subscribed.

Thank you for all your work on this, Daimona.

gerritbot added a comment.Jul 15 2019, 6:09 PM

Change 522953 merged by jenkins-bot:
[mediawiki/skins/MinervaNeue@master] Add phan

https://gerrit.wikimedia.org/r/522953

Restricted Repository Identity mentioned this in rSKIN29279be6053e: Update git submodules.Jul 15 2019, 6:11 PM
ReleaseTaggerBot added a project: MW-1.34-notes (1.34.0-wmf.14; 2019-07-16).Jul 15 2019, 7:01 PM
Jdforrester-WMF mentioned this in T191743: Bundle MinervaNeue skin with MediaWiki.Aug 25 2021, 6:50 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits