Investigate using psalm for static analysis
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	Daimona
	Sep 11 2019, 10:03 AM

Description

Psalm is a static analysis tool similar to and inspired by phan. I'd propose to investigate whether we'd benefit from running it (together with phan), to help catch even more possible bugs.

I don't really know the differences between the 2 tools (which one's "stronger", if any, the pros and cons of each, etc.); I skimmed through psalm docs and I notably found that:

psalm supports incremental analysis, i.e. it can limit the analysis to the files touched by a patch (and the files referenced by them)
directory- and file-related config settings seem to be more rough for psalm, so it could be a little more difficult to set it up for core/extension

Finally, I tried running it locally on core. The main thing I noticed is that there are some dependencies conflicts; for instance, with nikic/php-parser and sebastian/diff. Psalm requires newer version, that presumably we don't use because of HHVM.
So we should probably wait before experimenting with this tool.

Event Timeline

Daimona created this task.Sep 11 2019, 10:03 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 11 2019, 10:03 AM

Krinkle moved this task from Inbox to Checkers on the MediaWiki-Core-Tests board.Oct 15 2019, 6:47 PM

Ricordisamoa subscribed.Dec 29 2019, 10:32 AM

kostajh awarded a token.Feb 20 2020, 3:07 PM

kostajh subscribed.

Lens0021 awarded a token.Dec 2 2023, 1:33 AM

Lens0021 subscribed.

Investigate using psalm for static analysisOpen, Needs TriagePublicActions

Description

Event Timeline

Investigate using psalm for static analysis
Open, Needs TriagePublic
Actions