Lab for Automated Reasoning and Analysis LARA

About phantm

What is phantm?

phantm is a tool written in Scala that can be used to detect potential programming errors inside PHP applications. It will both work for small isolated script as well as full-blown applications. phantm stands for “PHp ANalyzer for Type Mistakes”.

What does it do?

phantm does multiple things: it first parses your php files, then try to resolve both constants and included files, from that point it will do name analysis, ensuring basic language restrictions. From that stage, it will perform data-flow analysis for every scopes in your applications. This data-flow analysis will be focused on checking whether the types of the values are used in a sound way.

How does it do that?

First, a stronger type system have to be used. For instance, not all type juggling should be allowed, since some of them are most of the time a manifestation of a type error. By default, phantm will be picky and report nearly all implicit type conversions. With those rules in place, it will look at the uses of your multiple flowing values and try to reconstruct and refine types. Type refinement is necessary to reduce the number of errors generated as a result of a false positive. For more technical details, check out http://infoscience.epfl.ch/record/147867.

Why do types matter?

PHP type juggles for a reason: most people don't want to care about types. So why should they? To illustrate, let's take two small examples of programming errors that would be avoided with a strong type system:

if ($a & MY_FLAG === 0) {
    // ...
}

In fact, this code is understood by PHP as if ($a & (MYFLAG === 0)). Since & expects two integers, it would have rejected that code as the right hand side is a boolean.

if (strtolower(trim($var) == 'foo')) {
    // ...
}

In this case, we see that the parenthesis closing strtolower is mis-placed. A strong type system would have rejected that, complaining that strtolower expects a string but got a boolean.

Those are not made-up examples to illustrate the point. They are real bugs that phantm found in some PHP applications.

 
phantm/about.txt · Last modified: 2010/05/04 15:32 by ekneuss