July 28 Johannes Schmitt schmittjoh

PHP Analyzer: New Features and Bug Fixes

We have recently deployed a new version of PHP Analyzer. This minor version upgrade contains mostly bug fixes and a couple of new features/improvements.

New: Deadlock Detection

One of the major new features in this upgrade is deadlock detection. This is mainly intended for CLI scripts where such deadlocks might go unnoticed for a while. PHP Analyzer now checks the exit conditions of loops for whether they are either always satisfied, or can never be satisfied.

Let’s have a look at an example:

function isMergeable(GitHubRepository $repository)
    $i = 0;
    do {
        if ($i > 0) {
            $waitTime = pow(2, $i) * 1;

        $prDetails = $this->api->getPrDetails($repository->getLogin(), $repository->getName(), $prNumber);
        if ($prDetails['mergeable'] === true) {
            return true;
    } while ($i < 3);

    return false;

This code fragment comes from our code-base. It is run as a background process whenever GitHub notifies us of a pull-request. We pull the GitHub API to check whether a pull-request is mergeable and return true or false. However, you might have spotted a small mistake in the loop, we are actually missing a $i++ or similar to increase the counter, and as such the condition $i < 3 is always true.

This did go unnoticed for a while since the actual result, i.e. creating an inspection when the pull-request was mergeable or ignoring the pull-request if it was not mergeable was achieved. However, we saw some errors because jobs exceeded their maximum runtime which eventually led us to find this error.

Even if the cost of this error was not high in this case, PHP Analyzer now makes sure that we do not slip in any unsatisfiable loops. This check is enabled by default if you are using the tools configuration, and can be enabled via the checks configuration as follows:

# .scrutinizer.yml
# Only add this if you already have a "checks" section.
        deadlock_detection_in_loops: true

Bug Fixes & Improvements

This release also contains a couple of bug fixes, and minor improvements. Some of the highlights below:

  • Various fixes to our PHP stubs: This mainly improves checks where we verify that you pass the right number of arguments, and the right types. PHP stubs tell the analyzer which types are built-in into the PHP runtime.
  • Type inference around associative arrays: PHP Analyzer is more accurate at inferring types of arrays that are used as maps with named keys.
  • Side-effects analysis supports some cases better: This makes various checks more accurate that draw on the results of the side-effects analysis. The side-effects analysis checks whether a function invocation has any effect after the invocation is done.

... and some more improvements, see the full changelog.

Thanks, and happy inspecting! :)


Have Feedback? Tweet to @scrutinizerci

If you experienced a bug or have any questions, please send them to [email protected].