Differences
This shows you the differences between two versions of the page.
|
phantm:about [2010/05/04 14:42] ekneuss created |
phantm:about [2010/05/04 15:32] (current) ekneuss |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| ==== What is phantm? ==== | ==== What is phantm? ==== | ||
| - | ''phantm'' is a tool written in [[http://www.scala-lang.org|Scala]] that can be used to detect potential programming errors inside PHP applications. It will both work for small isolated script as well as full-blown applications. ''phantm'' stands for "PHp ANalyzer for Type Mistakes". | + | //phantm// is a tool written in [[http://www.scala-lang.org|Scala]] that can be used to detect potential programming errors inside PHP applications. It will both work for small isolated script as well as full-blown applications. //phantm// stands for "PHp ANalyzer for Type Mistakes". |
| ==== What does it do? ==== | ==== What does it do? ==== | ||
| - | ''phantm'' does multiple things. It first parses your php files, then try to resolve both constants and included files, from that point it will do name analysis, ensuring basic language restrictions. From that stage, it will perform data-flow analysis for every scopes in your applications. This data-flow analysis will be focused on checking whether the types of the values are used in a sound way. | + | //phantm// does multiple things: it first parses your php files, then try to resolve both constants and included files, from that point it will do name analysis, ensuring basic language restrictions. From that stage, it will perform data-flow analysis for every scopes in your applications. This data-flow analysis will be focused on checking whether the types of the values are used in a sound way. |
| ==== How does it do that? ==== | ==== How does it do that? ==== | ||
| - | First, a stronger type system have to be used. For instance, not all type juggling should be allowed, since some of them are most of the time a manifestation of a type error. By default, ''phantm'' will be picky and report nearly all implicit type conversions. With those rules in place, it will look at the uses of your multiple flowing values and try to reconstruct and refine types. Type refinement is necessary to reduce the number of errors generated as a result of a false positive. For more technical details, check out [[http://infoscience.epfl.ch/record/147867]]. | + | First, a stronger type system have to be used. For instance, not all type juggling should be allowed, since some of them are most of the time a manifestation of a type error. By default, //phantm// will be picky and report nearly all implicit type conversions. With those rules in place, it will look at the uses of your multiple flowing values and try to reconstruct and refine types. Type refinement is necessary to reduce the number of errors generated as a result of a false positive. For more technical details, check out [[http://infoscience.epfl.ch/record/147867]]. |
| ==== Why do types matter? ==== | ==== Why do types matter? ==== | ||
| Line 31: | Line 31: | ||
| </file> | </file> | ||
| - | In this case, we see that the parenthesis closing %%strtolower%% is mis-placed. A strong type system would have rejected that, complaining that %%strtolower%% expects a string but got a boolean. | + | In this case, we see that the parenthesis closing ''strtolower'' is mis-placed. A strong type system would have rejected that, complaining that ''strtolower'' expects a string but got a boolean. |
| - | Those are not made-up examples to illustrate the point. They are real bugs that ''phantm'' found in some PHP applications. | + | Those are not made-up examples to illustrate the point. They are real bugs that //phantm// found in some PHP applications. |