--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2019-8759960ad5
2019-11-13 10:05:36.733010
--------------------------------------------------------------------------------
Name : phan
Product : Fedora 31
Version : 2.4.1
Release : 1.fc31
URL :
https://github.com/phan/phan
Summary : A static analyzer for PHP
Description :
Phan is a static analyzer that looks for common issues and will verify type
compatibility on various operations when type information is available or can
be deduced. Phan does not make any serious attempt to understand flow control
and narrow types based on conditionals.
--------------------------------------------------------------------------------
Update Information:
Nov 03 2019, **Phan 2.4.1** ** New features (CLI, Configs):** + Enable the
progress bar by default, if `STDERR` is being rendered directly to a terminal.
Add a new option `--no-progress-bar`. + Emit warnings about missing files in
`file_list`, CLI args, etc. to `STDERR`. (#3434) + Clear the progress bar when
emitting many types of warnings to STDERR. **New features (Analysis):** +
Suggest similarly named static methods and static properties for
`PhanUndeclaredConstant` issues on class constants. (#3393) + Support `@mixin`
(and an alias `@phan-mixin`) as a way to load public methods and public instance
properties as magic methods and magic properties from another classlike.
(#3237) Attempts to parse or analyze mixins can be disabled by setting
`read_mixin_annotations` to `false` in your Phan config. + Support `@readonly`
as an alias of the `@phan-read-only` annotation. + Also emit
`PhanImpossibleTypeComparison` for `int === float` checks. (#3106) + Emit
`PhanSuspiciousMagicConstant` when using `__METHOD__` in a function instead of a
method. + Check return types and parameter types of global functions which Phan
has signatures for, when `ignore_undeclared_functions_with_known_signatures`
is `false` and `PhanUndeclaredFunction` is emitted. (#3441) Previously, Phan
would emit `PhanUndeclaredFunction` without checking param or return types. +
Emit `PhanImpossibleTypeComparison*` and `PhanSuspiciousWeakTypeComparison*`
when `in_array` or `array_search` is used in a way that will always return
false. + Emit `PhanImpossibleTypeComparison*` when `array_key_exists` is used in
a way that will always return false. (e.g. checking for a string literal or
negative key in a list, an integer in an array with known string keys, or
anything in an empty array) + Add some missing function analyzers: Infer that
`shuffle`, `rsort`, `natsort`, etc. convert arrays to lists. Same for
`arsort`, `krsort`, etc. + Convert to `list` or `associative-array` in
`sort`/`asort` in more edge cases. + Infer that `sort`/`asort` on an array (and
other internal functions using references) returns a real `list` or
`associative-array`. Infer that `sort`/`asort` on a non-empty array (and other
internal functions using references) returns a real `non-empty-list` or `non-
empty-associative-array`. + Infer that some array operations (`array_reduce`,
`array_filter`, etc.) result in `array` instead of `non-empty-array` (etc.)
**Bug fixes:** + Fix a bug where global functions, closures, and arrow
functions may have inferred values from previous analysis unintentionally left
over in the original scope when analyzing that function again. (methods were
unaffected) **Maintenance:** + Clarify a warning message about "None of the
files to analyze in /path/to/project exist" **Plugins:** + Add a new plugin
`RedundantAssignmentPlugin` to warn about assigning the same value a variable
already has to that variable. (#3424) New issue types:
`PhanPluginRedundantAssignment`, `PhanPluginRedundantAssignmentInLoop`,
`PhanPluginRedundantAssignmentInGlobalScope` + Warn about alignment directives
and more padding directives (`'x`) without width directive in
`PrintfCheckerPlugin` (#3317) + Also emit `PhanPluginPrintfNoArguments` in cases
when the format string could not be determined. (#3198) ---- Oct 26 2019,
**Phan 2.4.0** **New features (CLI, Configs):** + Support saving and loading
baselines with `--save-baseline=.phan/baseline.php` and `--load-
baseline=.phan/baseline.php`. (#2000) `--save-baseline` will save all pre-
existing issues for the provided analysis settings to a file. When Phan is
invoked later with `--load-baseline`, it will ignore any issue kinds in the
files from `file_suppressions` in the baseline. This is useful for setting up
analysis with Phan on a new project, or when enabling stricter analysis
settings. Different baseline files can be used for different Phan
configurations. (e.g. `.phan/baseline_deadcode.php` for runs with `--dead-code-
detection`) **New features (Analysis):** + Fix edge cases in checking if some
nullable types were possibly falsey (`?true` and literal floats (e.g. `?1.1`))
+ Emit `PhanCoalescingNeverNull` instead of `PhanCoalescingNeverNullIn*` if
it's impossible for the node kind to be null. (#3386) + Warn about array
destructuring syntax errors (`[] = $arr`, `[$withoutKey, 1 => $withKey] = $arr`)
+ Return a clone of an existing variable if one already exists in
Variable::fromNodeInContext. (#3406) This helps analyze
`PassByReferenceVariable`s. + Don't emit PhanParamSpecial2 for
min/max/implode/join with a single vararg. (#3396) + Properly emit
PhanPossiblyInfiniteRecursionSameParams for functions with varargs. + Emit
`PhanNoopNew` or `PhanNoopNewNoSideEffects` when an object is created with `new
expr(...)` but the result is not used (#3410) + Emit
`PhanPluginUseReturnValueInternalKnown` for about unused results of function
calls on the right hand side of control flow operators (`??`/`?:`/`&&`/`||`)
(#3408) ---- Oct 20 2019, **Phan 2.3.1** **New features (CLI, Configs):** +
Instead of printing the full help when Phan CLI args or configuration is
invalid, print just the errors/warnings and instructions and `Type ./phan
--help (or --extended-help) for usage.` + Add an option `--debug-signal-handler`
that can be used to diagnose why Phan or a plugin is slow or hanging.
(Requires the `pcntl` module) This installs a signal handler that response to
SIGINT (aka Ctrl-C), SIGUSR1, and SIGUSR2. + Print a single backtrace in the
crash reporter with the file, line, and arguments instead of multiple
backtraces. + Emit a warning suggesting using `--long-option` instead when
`-long-option[=value]` is passed in. + Change colorization of some error
messages. Print some warnings to stderr instead of using `error_log()`. **New
features (Analysis):** + Emit `PhanTypeMismatchPropertyRealByRef` or
`PhanTypeMismatchPropertyByRef` when potentially assigning an incompatible
type to a php 7.4 typed property (or a property with a phpdoc type). + Warn
about suspicious uses of `+` or `+=` on array shapes or lists. (#3364) These
operator will prefer the fields from the left hand side, and will merge lists
instead of concatenate them. New issue types: `PhanSuspiciousBinaryAddLists`,
`PhanUselessBinaryAddRight` + Improvements to inferred types of `sort`,
`array_merge`, etc. (#3354) + Fix bug allowing any array shape type to cast to a
list. + Warn about unnecessary branches leading to identical return statements
in pure functions, methods, and closures (#3383) This check is only run on
pure methods. This requires that `UseReturnValuePlugin` be enabled and works
best when `'plugin_config' => ['infer_pure_methods' => true]` is
set. + Allow
`list<X>` to cast to `array{0:X, 1?:X}` (#3390) + Speed up computing line
numbers of diagnostics in the polyfill/fallback parser when there are multiple
diagnostics. **Language Server/Daemon mode:** + Reduce the CPU usage of the
language server's main process when the `pcntl` module is used to fork analysis
processes (Unix/Linux). + Speed up serializing large responses in language
server mode (e.g. when a string has an unmatched quote). ---- Oct 13 2019,
**Phan 2.3.0** **New features (CLI, Configs):** + Limit --debug-emitted-issues
to the files that weren't excluded from analysis. **New features (Analysis):**
+ Add support for `list<T>` and `non-empty-list<T>` in phpdoc and in inferred
values. These represent arrays with consecutive integer keys starting at 0
without any gaps (e.g. `function (string ...$args) {}`) + Add support for
`associative-array<T>` and `non-empty-associative-array<T>` in phpdoc and in
inferred values. (#3357) These are the opposite of `list<T>` and `non-empty-
associative-list<T>`. `list` cannot cast to `associative-array` and vice-versa.
These represent arrays that are unlikely to end up with consecutive integer keys
starting at 0 without any gaps. `associative-array` is inferred after
analyzing code such as the following: - Expressions such as `[$uid1 =>
$value, $uid2 => $value2]` with unknown keys - Unsetting an array key of a
variable. - Adding an unknown array key to an empty array. - Certain built-
in functions, such as `array_filter` or `array_unique`, which don't preserve
all keys and don't renumber array keys. Note that `array<string, T>` is
always treated like an associative array. However, `T[]` (i.e. `array<mixed,
T>`) is not treated like `associative-array<mixed, T>` (i.e. `associative-
array<T>`). Phan will warn about using the latter (`associative-array`) where
a list is expected, but not the former (`array`). + Allow omitting keys from
array shapes for sequential array elements (e.g. `array{stdClass, array}` is
equivalent to `array{0:stdClass, 1:array}`). + Add array key of array shapes in
the same field order that php would for assignments such as `$x = [10]; $x[1] =
11;`. (#3359) + Infer that arrays are non-empty after analyzing code such as
`$x[expr] = expr` or `$x[] = expr`. + Infer that arrays are possibly empty after
analyzing code such as `unset($x[expr]);`. + Fix false positives in redundant
condition detection when the source union type contains the `mixed` type.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 4 2019 Remi Collet <remi(a)remirepo.net> - 2.4.1-1
- update to 2.4.1
* Mon Oct 28 2019 Remi Collet <remi(a)remirepo.net> - 2.4.0-1
- update to 2.4.0
* Mon Oct 21 2019 Remi Collet <remi(a)remirepo.net> - 2.3.1-1
- update to 2.3.1
* Mon Oct 14 2019 Remi Collet <remi(a)remirepo.net> - 2.3.0-1
- update to 2.3.0
* Fri Oct 4 2019 Remi Collet <remi(a)remirepo.net> - 2.2.13-1
- update to 2.2.13
- raise dependency on felixfbecker/advanced-json-rpc 3.0.4
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-8759960ad5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------