Page MenuHomePhabricator
Create Task
Maniphest T248306

CI error on WMF branches: Cannot use the final modifier on an abstract class in vendor/microsoft/tolerant-php-parser/tests/cases/parser/abstractMethodDeclaration7.php on line 3
Closed, ResolvedPublic
Actions

Description

When backporting to wmf.24, mwext-php72-phan-seccheck-docker dies with

PHP Fatal error:  Cannot use the final modifier on an abstract class in vendor/microsoft/tolerant-php-parser/tests/cases/parser/abstractMethodDeclaration7.php on line 3

This is a testcase for Microsoft's PHP parser (ironically, itself a part of phan), so presumably it is testing invalid syntax, but 1) tests should not be in vendor (ideally by getting upstream to set their gitattributes correctly, less ideally by just us deleting them from the vendor repo), 2) why are these tests not run when the branch is built?

Details

SubjectRepoBranchLines +/-
Require taint-check 3.0.3, up from 3.0.2mediawiki/tools/phanmaster+1 -1
Exclude invalid PHP files from analysismediawiki/tools/phan/SecurityCheckPluginmaster+7 -2
Customize query in gerrit

Related Objects

Event Timeline

Tgr created this task.Mar 23 2020, 11:24 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 23 2020, 11:24 AM
Tgr added a project: MediaWiki-Vendor.Mar 23 2020, 11:24 AM
Tgr updated the task description. (Show Details)
Tgr updated the task description. (Show Details)
Tgr added a subscriber: MediaWiki-Vendor.
Tgr removed a subscriber: MediaWiki-Vendor.
Tgr added a comment.Mar 23 2020, 11:32 AM

Seems sporadic or already fixed: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/OAuth/+/582768

Jdforrester-WMF subscribed.Mar 23 2020, 6:24 PM
RhinosF1 subscribed.Mar 23 2020, 6:27 PM
Jdforrester-WMF added a project: ci-test-error.Mar 23 2020, 6:29 PM
Urbanecm subscribed.Mar 23 2020, 6:31 PM

Happened while doing https://gerrit.wikimedia.org/r/c/mediawiki/extensions/VisualEditor/+/582857, so it's not "already fixed".

matmarex subscribed.Mar 23 2020, 6:39 PM
Legoktm added a project: phan-taint-check-plugin.Mar 23 2020, 8:22 PM
Tgr added a comment.Mar 24 2020, 2:47 PM

The relevant command is

SECCHECK_MODE=mwext-fast-config.php
cd /mediawiki/extensions/OAuth
PHAN=/opt/phan/vendor/phan/phan/phan
CONFIG=/opt/phan/vendor/mediawiki/phan-taint-check-plugin/scripts/mwext-fast-config.php
php -dextension=ast_1.0.1.so /opt/phan/vendor/phan/phan/phan -d . -k /opt/phan/vendor/mediawiki/phan-taint-check-plugin/scripts/mwext-fast-config.php --output php://stdout -m checkstyle
tee /mediawiki/seccheck-issues

so this is microsoft/tolerant-php-parser in OAuth's own vendor dir, not the MediaWiki vendor. (The extension depends on mediawiki/mediawiki-phan-config which depends on phan which depends on tolerant-php-parser.) Indeed, it's in the composer log for the extension (at 09:16:43).

The file that results in the error has been in tolerant-php-parser since forever, so this must be a change in what directories are parsed by phan. Given the apparent stochastic behavior, maybe a race condition with the creation of some phan config file?

Catrope added subscribers: Reedy, Catrope.Mar 25 2020, 11:52 PM

This also happened on https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/583339 . @Reedy investigated this briefly, but was confused because there's a specific exclusion for this directory in the phan config

Reedy added a comment.Mar 25 2020, 11:53 PM

Why are we getting the test files when there's https://github.com/microsoft/tolerant-php-parser/blob/master/.gitattributes and it's been there for ages (unless we're using some ancient branch)?

And also https://github.com/wikimedia/mediawiki-tools-phan/blob/master/src/config.php#L125 shouldn't be looking there...

Reedy triaged this task as High priority.Mar 26 2020, 11:25 AM
Reedy added a project: Release-Engineering-Team.
Reedy added a comment.EditedMar 26 2020, 11:31 AM
11:15:36 [265.2MB/29.03s]   - Installing microsoft/tolerant-php-parser (v0.0.18): [265.2MB/29.03s] Downloading[265.2MB/29.10s]     Failed to download microsoft/tolerant-php-parser from dist: Could not authenticate against github.com
11:15:36 [265.2MB/29.10s]     Now trying to download from source
11:15:36 [265.2MB/29.10s]   - Installing microsoft/tolerant-php-parser (v0.0.18): [265.2MB/29.75s] Cloning e255aa978b from cache

e255aa978b is https://github.com/microsoft/tolerant-php-parser/releases/tag/v0.0.18 which has the tests export-ignore in .gitattributes

But if it's doing it like this.. Is it git cloning the whole repo, bringing it all in?

Which doesn't explain why https://github.com/wikimedia/mediawiki-tools-phan/blob/master/src/config.php#L125 isn't taking effect, but is possibly a side effect of T248387: Could not authenticate against github.com ?

Reedy added a comment.Mar 26 2020, 11:41 AM

For anyone following along:

[11:40:33] <Daimona> Reedy: I know what's wrong with the tolerant parser thingy. I'll write down an explanation later today, as soon as I have a bit of free time

Daimona subscribed.Mar 26 2020, 12:46 PM

So, things to consider here:

  1. The issue comes from taint-check, not phan itself. Hence, the mediawiki-tools-phan repo isn't playing any role here.
    1. Specifically, https://github.com/wikimedia/mediawiki-tools-phan/blob/master/src/config.php is NOT the file used by taint-check
  2. Taint-check runs in its own CI job, separated from the main phan job. It also uses a different version of phan (latest stable uses phan 1.3.2
  3. Phan 1.3.2 does have tests marked as export-ignore, but somehow that isn't working (?)
  4. Taint-check also uses its own config file, which does NOT exclude test files
  5. Additionally, PHP 7.2 is bugged, in that it throws a fatal ("Cannot use the final modifier on an abstract class") when tokenizing invalid code, even if that code isn't going to be executed. See phan issue #3407 and linked PHP bug report.

As for the solution: in theory, it's possible to udate the config files of taint-check, tag a release, and upgrade. In practice, I'd like to have version 3.0.1 released (T240069). That includes bumping phan to the latest version available. After doing that, we can merge taint-check into the phan job, so that they also use the same config, and we don't have to apply config changes twice (T235390).

Nikerabbit subscribed.Mar 26 2020, 12:57 PM
gerritbot added a comment.Apr 16 2020, 12:53 PM

Change 589294 had a related patch set uploaded (by Daimona Eaytoy; owner: Daimona Eaytoy):
[mediawiki/tools/phan/SecurityCheckPlugin@master] Exclude invalid PHP files from analysis

https://gerrit.wikimedia.org/r/589294

gerritbot added a project: Patch-For-Review.Apr 16 2020, 12:53 PM
Daimona claimed this task.Apr 16 2020, 12:53 PM
gerritbot added a comment.Apr 16 2020, 2:30 PM

Change 589294 merged by jenkins-bot:
[mediawiki/tools/phan/SecurityCheckPlugin@master] Exclude invalid PHP files from analysis

https://gerrit.wikimedia.org/r/589294

Daimona mentioned this in rMTPSa6f3e1ed13ea: Exclude invalid PHP files from analysis.Apr 16 2020, 2:37 PM
gerritbot added a comment.Jun 4 2020, 9:34 PM

Change 602499 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[mediawiki/tools/phan@master] Require taint-check 3.03, up from 3.0.2

https://gerrit.wikimedia.org/r/602499

gerritbot added a comment.Jun 5 2020, 11:35 AM

Change 602499 merged by jenkins-bot:
[mediawiki/tools/phan@master] Require taint-check 3.0.3, up from 3.0.2

https://gerrit.wikimedia.org/r/602499

Daimona closed this task as Resolved.Jun 5 2020, 11:35 AM

Note, this was already resolved when upgrading to phan 0.10.2. The commit above solves the issue for the stand-alone config only.

gerritbot added a comment.Sep 22 2020, 8:14 AM

Change 629060 had a related patch set uploaded (by Hashar; owner: Hashar):
[mediawiki/tools/phan@master] Release 0.10.3

https://gerrit.wikimedia.org/r/629060

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL