Infection Static Analysis Plugin

Related tags

Code Analysis infection-static-analysis-plugin
Overview

Infection Static Analysis Plugin

This plugin is designed to run static analysis on top of infection/infection test runs in order to discover if escaped mutants are valid mutations, or if they do not respect the type signature of your program. If the mutation would result in a type error, it is "killed".

TL;DR:

  • This will improve your mutation score, since mutations which result in type errors become killed.
  • This is very hacky, and replaces vendor/bin/infection essentially. Please read the Stability section below first for details.
  • This is currently much slower than running infection by itself. There are ideas/suggestions to improve this in the future.

Usage

The current design of this tool requires you to run vendor/bin/roave-infection-static-analysis-plugin instead of running vendor/bin/infection:

composer require --dev roave/infection-static-analysis-plugin

vendor/bin/roave-infection-static-analysis-plugin

Configuration

The roave-infection-static-analysis-plugin binary accepts all of infection flags and arguments, and an additional --psalm-config argument.

Using --psalm-config, you can specify the psalm configuration file to use when analysing the generated mutations:

vendor/bin/roave-infection-static-analysis-plugin --psalm-config config/psalm.xml

Background

If you come from a statically typed language with AoT compilers, you may be confused about the scope of this project, but in the PHP ecosystem, producing runnable code that does not respect the type system is very easy, and mutation testing tools do this all the time.

Take for example following snippet:

/**
 * @template T
 * @param array
   
     $values
   
 * @return list
   
 */
function makeAList(array $values): array
{
    return array_values($values);
}

Given a valid test as follows:

function test_makes_a_list(): void
{
    $list = makeAList(['a' => 'b', 'c' => 'd']);
 
    assert(count($list) === 2);
    assert(in_array('b', $list, true));
    assert(in_array('d', $list, true));
}

The mutation testing framework will produce following mutation, since we failed to verify the output in a more precise way:

/**
 * @template T
 * @param array
    $values
 * @return list
   
    
 */
function makeAList(array $values): array
{

    -    return array_values($values);

    +    return $values;
}

The code above is valid PHP, but not valid according to our type declarations. While we can indeed write a test for this, such test would probably be unnecessary, as existing type checkers can detect that our actual return value is no longer a list , but a map of array , which is in conflict with what we declared.

This plugin detects such mutations, and prevents them from making you write unnecessary tests, leveraging the full power of existing PHP type checkers such as phpstan and psalm.

Stability

Since infection/infection is not yet designed to support plugins, this tool uses a very aggressive approach to bootstrap itself, and relies on internal details of the underlying runner.

To prevent compatibility issues, it therefore always pins to a very specific version of infection/infection, so please be patient when you wish to use the latest and greatest version of infection/infection, as we may still be catching up to it.

Eventually, we will contribute patches to infection/infection so that there is a proper way to design and use plugins, without the need for dirty hacks.

PHPStan? Psalm? Where's my favourite static analysis tool?

Our initial scope of work for 1.0.x is to provide vimeo/psalm support as a start, while other static analysers will be included at a later point in time.

Comments
  • Rewrote plugin so that it does only reload mutated code, instead of re-analyzing whole codebase

    Rewrote plugin so that it does only reload mutated code, instead of re-analyzing whole codebase

    Fixes #4

    Quoting original issue:

    As discussed with @weirdan and @muglug on https://github.com/vimeo/psalm/issues/4117#issuecomment-686759090, there is a more efficient way to run static analysis repeatedly on a codebase:

    https://github.com/vimeo/psalm/blob/8c7423505a4282d1cdd38f3ff9552b911cbd5fa9/tests/FileUpdates/ErrorFixTest.php#L53

    In practice, Codebase#reloadFiles() should cause a file reload of only what's relevant to us, allowing us to avoid a complete cache bust like we do in https://github.com/Roave/infection-static-analysis-plugin/blob/5bb581368e244cbf7035d65faad2112e5547868c/bin/roave-infection-static-analysis-plugin#L40-L52

    Blockers

    • [ ] https://github.com/vimeo/psalm/issues/5764
    enhancement 
    opened by Ocramius 8
  • --configuration support

    --configuration support

    Can't seem to find it, but does this project support the --configuration flag from Infection? I'd like to move some files out of my projects root dir to declutter them. But for some reason I can't find the flag for it in this package.

    enhancement question 
    opened by WyriHaximus 7
  • Bump phpunit/phpunit from 9.2.6 to 9.4.2

    Bump phpunit/phpunit from 9.2.6 to 9.4.2

    Bumps phpunit/phpunit from 9.2.6 to 9.4.2.

    Changelog

    Sourced from phpunit/phpunit's changelog.

    9.4.2 - 2020-10-19

    Added

    • Added missing PHPUnit\Framework\assertObjectEquals() and PHPUnit\Framework\objectEquals() wrapper functions

    Changed

    • PHPUnit\Framework\Assert::assertObjectEquals() is now static

    9.4.1 - 2020-10-11

    Fixed

    • #4480: Methods with "static" return type (introduced in PHP 8) are not handled correctly by test double code generator

    9.4.0 - 2020-10-02

    Added

    • #4462: Support for Cobertura XML report format
    • #4464: Filter based on covered (@covers) / used (@uses) units of code
    • #4467: Convenient custom comparison of objects

    Changed

    • The PHPUnit XML configuration generator (that is invoked using the --generate-configuration CLI option) now asks for a cache directory (default: .phpunit.cache)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    If all status checks pass Dependabot will automatically merge this pull request.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 6
  • Incompatibility with the Composer bin plugin

    Incompatibility with the Composer bin plugin

    Follow-up after investigation in https://github.com/Ocramius/PackageVersions/issues/220, https://github.com/bamarni/composer-bin-plugin/issues/138, https://github.com/bamarni/composer-bin-plugin/pull/141

    The culprit is actually this chunk of code: https://github.com/Roave/infection-static-analysis-plugin/blob/1.22.x/bin/roave-infection-static-analysis-plugin#L31-L52

    It's "too smart" and takes into account the Composer autoload file relative to the CWD, therefore it breaks the behavior if the lib was installed using the Composer bin plugin, which provides its own autoloader in the vendor-bin/<bin name>/vendor/autoload.php, which the binary will swallow just fine when using require __DIR__ . '/../../../vendor/autoload.php or something like that.

    enhancement question wontfix 
    opened by someniatko 4
  • allow using custome configuration directory for psalm

    allow using custome configuration directory for psalm

    I was trying to use this project with PSL, and it didn't work well, since PSL stores all configuration files in config/ directory.

    using this patch, I'm able to keep the same structure, by setting PROJECT_CONFIG_DIRECTORY env variable to config.

    duplicate enhancement 
    opened by azjezz 4
  • Bump infection/infection from 0.20.2 to 0.22.1

    Bump infection/infection from 0.20.2 to 0.22.1

    Bumps infection/infection from 0.20.2 to 0.22.1.

    Release notes

    Sourced from infection/infection's releases.

    xdebug-handler 2

    Fixed:

    • For recent Xdebug coverage collection needs XDEBUG_MODE=coverage or xdebug.mode=coverage #1473

    Changed:

    • Upgrade xdebug-handler to v2 and handle that coverage option is set #1510

    Add INFECTION and TEST_TOKEN environment variables for each Mutant process

    Added:

    • Add INFECTION and TEST_TOKEN environment variables for each Mutant process #1504

    Fixed:

    Fix file not found exception for Codeception Cests

    Fixed:

    • Fix file not found exception for Codeception Cests #1503

    0.21.4

    Fixed:

    • Invalid mutator config with MBString mutator #1479

    Fix "Error: Expected a value other than null"

    Fixed:

    • ProxyTrace should check for tests locations #1494

    Fix git-diff-filter option on MacOS

    Fixed:

    Do not increment max integer value

    Fixed:

    ... (truncated)

    Commits
    • c2f04fd Upgrade xdebug-handler to v2 and handle that coverage option is set (#1510)
    • d72c1f0 Update changelog for 0.22
    • 638d558 Add test where thread count is bigger than processes count, fix CS styles
    • 6aba02c Add INFECTION and TEST_TOKEN environment variables for each Mutant process to...
    • f2290b5 Fix file not found exception for Codeception Cests (from branch 0.21)
    • 4a222a2 Add PCOVDirectoryProvider (#1499)
    • f8d2447 Upgrade ocramius/package-versions to 1.11.0, set min PHP version from 7.4.0 t...
    • ad4e3c4 Make unique only global settings (arrays)
    • b4f036a ProxyTrace should check for tests locations (#1494)
    • 37e9682 Update GitDiffFileProvider.php
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    If all status checks pass Dependabot will automatically merge this pull request.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 4
  • Release supporting Infection 0.26.15

    Release supporting Infection 0.26.15

    It seems the composer.json has been updated to allow for it, but it's not tagged, is there anything blocking it that I could help with? This would let me use --threads=max 🎉

    enhancement dependencies 
    opened by pamil 3
  • Update infection/infection to 0.26.1 version

    Update infection/infection to 0.26.1 version

    See: https://github.com/yiisoft/strings/pull/77, https://github.com/infection/infection/issues/1643 and https://github.com/infection/infection/pull/1644

    duplicate enhancement dependencies php 
    opened by devanych 3
  • Bump infection/infection from 0.20.2 to 0.21.0

    Bump infection/infection from 0.20.2 to 0.21.0

    Bumps infection/infection from 0.20.2 to 0.21.0.

    Release notes

    Sourced from infection/infection's releases.

    describe command, --noop option, @infection-ignore-all and new mutators

    Full Changelog

    Added:

    Changed:

    • [BC BREAK] Removed OneZeroInteger mutator in favor of IncrementInteger/DecrementInteger mutators
    • [BC BREAK] Rename @zero_iteration profile to the @loop #1407
    Changelog

    Sourced from infection/infection's changelog.

    0.20.1 (2021-01-27)

    Full Changelog

    Added:

    Changed:

    • [BC BREAK] Removed OneZeroInteger mutator in favor of IncrementInteger/DecrementInteger mutators
    • [BC BREAK] Rename @zero_iteration profile to the @loop #1407

    0.20.0 (2020-11-01)

    Full Changelog

    Added:

    Changed:

    0.19.0 (2020-10-28)

    Full Changelog

    Added:

    • [MUTATOR] Introduce YieldValue mutator #1342

    ... (truncated)

    Commits
    • dfacb1e Remove duplicate line
    • 281f4dc Fix typo in the changelog
    • 4637710 Rename constants with symfony style HTTP_*
    • 859ffa6 Use composer install for autoreview github action instead of composer update
    • b45888d Expect status 200 as well as 201 for Stryker Dashboard
    • 437ebc7 Update CHANGELOG.md for 0.20, 0.21
    • edfe1bd Do not log by default (#1472)
    • 2c4804c Whitelist symfony polyfill bootstraps to whitelists to avoid call undefined f...
    • d133849 Introduce --noop option to run Noop mutators that does not change the sourc...
    • ab7b999 Add support for @infection-ignore-all annotation (#1468)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    If all status checks pass Dependabot will automatically merge this pull request.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 3
  • Bump composer/semver from 3.2.0 to 3.2.1

    Bump composer/semver from 3.2.0 to 3.2.1

    Bumps composer/semver from 3.2.0 to 3.2.1.

    Release notes

    Sourced from composer/semver's releases.

    3.2.1

    • Fixed: accidental validation of broken constraints combining ^/~ and wildcards, and -dev suffix allowing weird cases
    • Fixed: normalization of beta0 and such which was dropping the 0
    Changelog

    Sourced from composer/semver's changelog.

    [3.2.1] 2020-09-27

    • Fixed: accidental validation of broken constraints combining ^/~ and wildcards, and -dev suffix allowing weird cases
    • Fixed: normalization of beta0 and such which was dropping the 0
    Commits
    • ebb7144 Merge branch '1.x' into main
    • 3827632 Update changelog
    • 13f64de Fix accidental validation of broken constraints combining ^/~ and wildcards, ...
    • 1768397 Fix normalizing of beta0 and such where the number is just 0 without delimiter
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    If all status checks pass Dependabot will automatically merge this pull request.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 3
  • Bump phpspec/prophecy from 1.11.1 to 1.12.0

    Bump phpspec/prophecy from 1.11.1 to 1.12.0

    Bumps phpspec/prophecy from 1.11.1 to 1.12.0.

    Release notes

    Sourced from phpspec/prophecy's releases.

    1.12.0

    Changelog

    Sourced from phpspec/prophecy's changelog.

    1.12.0 / 2020/10/28

    Commits
    • 765cd5d Allow PHP8 and update changelog
    • d66a590 Merge pull request #462 from viniciusalonso/is-in-array
    • 7cb9cd4 Merge pull request #495 from ciaranmcnulty/union-types
    • 1e9fd18 Fix obviously wrong usort
    • 2f50454 Provide a default prophecy when a union type is used
    • a2bb56c Add missing spec for union argument generation
    • f8add31 Remove some duplication in how we generate the type hints
    • 2ee1b0b Deprecate TypeHintReference
    • 6e10e68 Fix issues with mixed and nullability
    • 35f4ff7 Support union types in arguments
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    If all status checks pass Dependabot will automatically merge this pull request.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
    • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

    Additionally, you can set the following in your Dependabot dashboard:

    • Update frequency (including time of day and day of week)
    • Pull request limits (per update run and/or open at any time)
    • Automerge options (never/patch/minor, and dev/runtime dependencies)
    • Out-of-range updates (receive only lockfile updates, if desired)
    • Security updates (receive only security updates, if desired)
    dependencies 
    opened by dependabot-preview[bot] 3
  • Evaluate if `1.28.0` caused downstream mutation score regressions

    Evaluate if `1.28.0` caused downstream mutation score regressions

    CI pipelines to check / reproduce locally:

    • [ ] https://github.com/maglnet/ComposerRequireChecker/pull/388 ( https://github.com/maglnet/ComposerRequireChecker/actions/runs/3814971451/jobs/6489668821 )
    • [ ] https://github.com/Ocramius/OcraCachedViewResolver/pull/420 ( https://github.com/Ocramius/OcraCachedViewResolver/actions/runs/3814541867/jobs/6488924511 ) - this one should be easy, since MT score was 100% before upgrade
    • [ ] https://github.com/Roave/BackwardCompatibilityCheck/pull/730 ( https://github.com/Roave/BackwardCompatibilityCheck/actions/runs/3814375967/jobs/6488637171 ) - this was also at 100% before - extremely clean codebase, so a local comparison could help
    bug help wanted 
    opened by Ocramius 0
  • Dependency Dashboard

    Dependency Dashboard

    This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

    Awaiting Schedule

    These updates are awaiting their schedule. Click on a checkbox to get an update now.

    • [ ] Lock file maintenance

    Detected dependencies

    composer
    composer.json
    • php ~8.1.0 || ~8.2.0
    • infection/infection 0.26.16
    • ocramius/package-versions ^2.7.0
    • sanmai/later ^0.1.2
    • vimeo/psalm ^4.30.0 || ^5.0.0
    • doctrine/coding-standard ^11.0.0
    • phpunit/phpunit ^9.5.27
    github-actions
    .github/workflows/continuous-integration.yml
    • laminas/laminas-ci-matrix-action 1.22.1
    • laminas/laminas-continuous-integration-action 1.32.0
    • actions/checkout v3
    • shivammathur/setup-php v2
    • actions/cache v3
    .github/workflows/release-on-milestone-closed.yml
    • actions/checkout v3
    • laminas/automatic-releases v1
    • laminas/automatic-releases v1
    • laminas/automatic-releases v1
    • laminas/automatic-releases v1
    • laminas/automatic-releases v1
    • [ ] Check this box to trigger a request for Renovate to run again on this repository
    opened by renovate[bot] 0
  • Attempt running static analysis checks within the thread running the mutated code

    Attempt running static analysis checks within the thread running the mutated code

    Infection supports --threads or -j as parameter: when using this tool together with infection, you can clearly observe how the entire process halts when a mutant is found, and needs to be passed through vimeo/psalm for inspection.

    This "stuttering" is because type checking is executed in the main thread, instead of in child threads.

    If we manage to bootstrap and run psalm in child threads, we can speed up this process massively, although at the overhead of having to respawn the whole psalm stack at every executed test.

    This is very much related to #3, perhaps mutually exclusive with that.

    enhancement help wanted 
    opened by Ocramius 0
  • Apply mutation filtering before running tests

    Apply mutation filtering before running tests

    Static analysis is potentially faster than re-running multiple tests affecting a single code path: we can apply static analysis before running tests on top of mutated code, but only after https://github.com/infection/infection/issues/1323 is implemented.

    enhancement 
    opened by Ocramius 0
Releases(1.28.0)
Owner
Roave, LLC
Roave, LLC
GitHub
Beautiful and understandable static analysis tool for PHP

PhpMetrics PhpMetrics provides metrics about PHP project and classes, with beautiful and readable HTML report. Documentation | Twitter | Contributing

PhpMetrics 2.3k Dec 22, 2022
Static code analysis to find violations in a dependency graph

PhpDependencyAnalysis PhpDependencyAnalysis is an extendable static code analysis for object-oriented PHP-Projects to generate dependency graphs from

Marco Muths 546 Dec 7, 2022
Performs advanced static analysis on PHP code

PHP Analyzer Please report bugs or feature requests via our website support system ? in bottom right or by emailing [email protected]. Contri

Continuous Inspection 443 Sep 23, 2022
The Exakat Engine : smart static analysis for PHP

Exakat The Exakat Engine is an automated code reviewing engine for PHP. Installation Installation with the phar Phar is the recommended installation p

Exakat 370 Dec 28, 2022
A static php code analysis tool using the Graph Theory

Mondrian Ok guyz, you have a master degree in Graph Theory, you follow Law of Demeter and you live on S.O.L.I.D principles ? Let's have some Fun ! (^ω

Florent Genette 391 Nov 30, 2022
A static analysis tool for finding errors in PHP applications

Psalm Psalm is a static analysis tool for finding errors in PHP applications. Installation To get started, check out the installation guide. Live Demo

Vimeo 5k Jan 2, 2023
Deptrac is a static code analysis tool for PHP that helps you communicate, visualize and enforce architectural decisions in your projects

Deptrac is a static code analysis tool for PHP that helps you communicate, visualize and enforce architectural decisions in your projects. You can freely define your architectural layers over classes and which rules should apply to them.

QOSSMIC GmbH 2.2k Dec 30, 2022
A static analysis tool for security

progpilot A static analyzer for security purposes Only PHP language is currently supported Installation Option 1: use standalone phar Download the lat

null 271 Dec 27, 2022
Static Analysis Results Baseliner

Static Analysis Results Baseliner (SARB) Why SARB Requirements Installing Using SARB Examples Further reading Why SARB? If you've tried to introduce a

Dave Liddament 151 Jan 3, 2023
A set of tools for lexical and syntactical analysis written in pure PHP.

Welcome to Dissect! master - this branch always contains the last stable version. develop - the unstable development branch. Dissect is a set of tools

Jakub Lédl 221 Nov 29, 2022
A project to add Psalm support for Drupal for security testing, focused only on taint analysis.

psalm-plugin-drupal A Drupal integration for Psalm focused on security scanning (SAST) taint analysis. Features Stubs for sinks, sources, and sanitize

Samuel Mortenson 38 Aug 29, 2022
Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

Phan is a static analyzer for PHP that prefers to minimize false-positives. Phan attempts to prove incorrectness rather than correctness. Phan looks f

null 5.4k Jan 7, 2023
A static analyzer for PHP version migration

PHP Migration Readme in Chinese 中文 This is a static analyzer for PHP version migration and compatibility checking. It can suppose your current code ru

Yuchen Wang 194 Sep 27, 2022
Parse: A Static Security Scanner

Parse: A PHP Security Scanner PLEASE NOTE: This tool is still in a very early stage. The work continues... The Parse scanner is a static scanning tool

psec.io 342 Jan 2, 2023
SonarPHP: PHP static analyzer for SonarQube & SonarLint

Code Quality and Security for PHP This SonarSource project is a static code analyser for PHP language used as an extension for the SonarQube platform.

SonarSource 343 Dec 25, 2022
A PocketMine-MP plugin which let's you whitelist specific commands on specific worlds.

LevelLimiter A PocketMine-MP plugin which let's you whitelist specific commands on specific worlds. Config.yml Set up the commands and the whitelisted

MCA7 7 Aug 6, 2022
HCF Plugin for PocketMine-MP

Notice This add-on is under development, if you want to test the add-on it is at you disposal see crashes, instabilities, addictions malfunction, etc.

SrDevYT 11 Jan 1, 2023
A fully customizable CPS plugin for PocketMine-MP servers.

CPS A fully customizable CPS plugin for PocketMine-MP servers. Features: CPS Limiter CPS Popup CPS Alerts Discord Webhook Fully Configurable If you ha

Austin Desrochers 3 May 10, 2022
A Pocketmine-MP Plugin that keeps track of Player Statistics

VecnaLeaderboards This plugin will be an advanced Leaderboards plugin, with tons of supported feature, simple fast and easy! This plugin's current fea

null 21 Nov 5, 2022