• Stars
    star
    121
  • Rank 293,924 (Top 6 %)
  • Language
    PHP
  • License
    MIT License
  • Created about 4 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

✅ 🐲 Static analysis on top of mutation testing - prevents escaped mutants from being invalid according to static analysis

Infection Static Analysis Plugin

This plugin is designed to run static analysis on top of infection/infection test runs in order to discover if escaped mutants are valid mutations, or if they do not respect the type signature of your program. If the mutation would result in a type error, it is "killed".

TL;DR:

  • This will improve your mutation score, since mutations which result in type errors become killed.
  • This is very hacky, and replaces vendor/bin/infection essentially. Please read the Stability section below first for details.
  • This is currently much slower than running infection by itself. There are ideas/suggestions to improve this in the future.

Usage

The current design of this tool requires you to run vendor/bin/roave-infection-static-analysis-plugin instead of running vendor/bin/infection:

composer require --dev roave/infection-static-analysis-plugin

vendor/bin/roave-infection-static-analysis-plugin

Configuration

The roave-infection-static-analysis-plugin binary accepts all of infection flags and arguments, and an additional --psalm-config argument.

Using --psalm-config, you can specify the psalm configuration file to use when analysing the generated mutations:

vendor/bin/roave-infection-static-analysis-plugin --psalm-config config/psalm.xml

Background

If you come from a statically typed language with AoT compilers, you may be confused about the scope of this project, but in the PHP ecosystem, producing runnable code that does not respect the type system is very easy, and mutation testing tools do this all the time.

Take for example following snippet:

/**
 * @template T
 * @param array<T> $values
 * @return list<T>
 */
function makeAList(array $values): array
{
    return array_values($values);
}

Given a valid test as follows:

function test_makes_a_list(): void
{
    $list = makeAList(['a' => 'b', 'c' => 'd']);
 
    assert(count($list) === 2);
    assert(in_array('b', $list, true));
    assert(in_array('d', $list, true));
}

The mutation testing framework will produce following mutation, since we failed to verify the output in a more precise way:

/**
 * @template T
 * @param array<T> $values
 * @return list<T>
 */
function makeAList(array $values): array
{
-    return array_values($values);
+    return $values;
}

The code above is valid PHP, but not valid according to our type declarations. While we can indeed write a test for this, such test would probably be unnecessary, as existing type checkers can detect that our actual return value is no longer a list<T>, but a map of array<int|string, T>, which is in conflict with what we declared.

This plugin detects such mutations, and prevents them from making you write unnecessary tests, leveraging the full power of existing PHP type checkers such as phpstan and psalm.

Stability

Since infection/infection is not yet designed to support plugins, this tool uses a very aggressive approach to bootstrap itself, and relies on internal details of the underlying runner.

To prevent compatibility issues, it therefore always pins to a very specific version of infection/infection, so please be patient when you wish to use the latest and greatest version of infection/infection, as we may still be catching up to it.

Eventually, we will contribute patches to infection/infection so that there is a proper way to design and use plugins, without the need for dirty hacks.

PHPStan? Psalm? Where's my favourite static analysis tool?

Our initial scope of work for 1.0.x is to provide vimeo/psalm support as a start, while other static analysers will be included at a later point in time.

More Repositories

1

SecurityAdvisories

🔐 Security advisories as a simple composer exclusion list, updated daily
2,694
star
2

BetterReflection

🔮 Better Reflection is a reflection API that aims to improve and provide more features than PHP's built-in reflection API.
PHP
1,176
star
3

BackwardCompatibilityCheck

🆎 Tool to compare two revisions of a class API to check for BC breaks
PHP
568
star
4

no-leaks

🚰 PHPUnit Plugin for detecting Memory Leaks in code and tests
PHP
496
star
5

Dont

🚫 Small set of defensive programming utilities/traits for PHP
PHP
400
star
6

StrictPhp

🚫 ✨ ❗ AOP-based strict type checks for PHP
PHP
261
star
7

you-are-using-it-wrong

🚔 Type check enforcement for library authors: enforces type-safety downstream
PHP
237
star
8

no-floaters

🔎 static analysis rules to prevent IEEE-754 floating point errors
PHP
207
star
9

FunctionFQNReplacer

PHP
158
star
10

psr-container-doctrine

Doctrine Factories for PSR-11 Containers
PHP
95
star
11

shorty

An asynchronous SMPP client and server built on Node.js. Shorty is sponsored and maintained by SMS Cloud, a subsidiary of Roave
JavaScript
92
star
12

DoctrineSimpleCache

Doctrine Cache adapter for PSR-16 Simple Cache
PHP
57
star
13

DocbookTool

📚 Docbook Tool for static documentation generation from Markdown files
PHP
53
star
14

Signature

✒️ Generate and verify basic signature for classes
PHP
43
star
15

behat-psr11extension

PSR-11 Container extension for Behat
PHP
40
star
16

composer-gpg-verify

🔐 📦 composer plugin to enforce GPG signatures on downloaded GIT composer packages
PHP
39
star
17

zf2-for-1

Enables using Zend Framework 2 features in a Zend Framework 1 application.
PHP
34
star
18

RoaveDeveloperTools

A PHP application visualization/debugging tool for ZendFramework/Symfony
PHP
29
star
19

psalm-html-output

Psalm HTML output format
XSLT
21
star
20

issues

Dead simple issue tracker (think standalone Github issues clone)
PHP
19
star
21

billing

open source php billing and invoicing
PHP
16
star
22

EmailTemplates

PHP
14
star
23

SecurityAdvisoriesBuilder

🔨 Build tools responsible for assembling https://github.com/Roave/SecurityAdvisories/blob/master/composer.json
PHP
10
star
24

RoaveDbCriteria

Use Doctrine Collections expressions with Zend\Db\Sql for smart criteria / filtering / query building.
PHP
6
star
25

NonceUtility

PHP
5
star
26

Assistant

Browser-based virtual assistant framework.
JavaScript
5
star
27

LaravelInfinidash

AWS Infinidash integration for Laravel applications
4
star
28

MtdTimeTracker

Simple time tracker
PHP
4
star
29

zf1-migration

Enables using newer Zend Framework features in a Zend Framework 1 application for easier migration.
PHP
3
star
30

tickets

Ticket thingy
PHP
2
star
31

roave.github.io

The Roave website.
JavaScript
2
star
32

roave.com

Roave.com website
CSS
2
star
33

DPC-Tutorial

ZF2 DPC Tutorial
PHP
2
star
34

Phlam

PHP Lambda runnner for running functions as a service on AWS
2
star
35

RoaveBot

Out little IRC campanion for #roave on Freenode.
CoffeeScript
2
star
36

RoaveTrack

This repository will somehow solve all of Roave's operational needs one day.
1
star
37

Realpath

Realpath, yo!
PHP
1
star
38

smscloud-shorty

Shorty implementation used by SMS Cloud in production.
JavaScript
1
star
39

roave.com-gh

New design for Roave.com
1
star
40

RoaveCast

Experiment(s) in real-time video/audio broadcasting to browsers.
1
star
41

demo-automatic-releases

Nothing to see here: we're just playing with github hooks
1
star