Symfony5项目的Phan/phan配置

Question

我是静态分析方面的新手，我正在尝试在我当前的项目中使用phan/phan。

我的phan/config.php如下所示。

<?php

/**
 * This configuration will be read and overlaid on top of the
 * default configuration. Command-line arguments will be applied
 * after this file is read.
 */
return [
    // Supported values: `'5.6'`, `'7.0'`, `'7.1'`, `'7.2'`, `'7.3'`,
    // `'7.4'`, `null`.
    // If this is set to `null`,
    // then Phan assumes the PHP version which is closest to the minor version
    // of the php executable used to execute Phan.
    //
    // Note that the **only** effect of choosing `'5.6'` is to infer
    // that functions removed in php 7.0 exist.
    // (See `backward_compatibility_checks` for additional options)
    // TODO: Set this.
    'target_php_version' => null,

    // A list of directories that should be parsed for class and
    // method information. After excluding the directories
    // defined in exclude_analysis_directory_list, the remaining
    // files will be statically analyzed for errors.
    //
    // Thus, both first-party and third-party code being used by
    // your application should be included in this list.
    'directory_list' => [
        'src',
        'vendor/symfony/console',
    ],

    // A regex used to match every file name that you want to
    // exclude from parsing. Actual value will exclude every
    // "test", "tests", "Test" and "Tests" folders found in
    // "vendor/" directory.
    'exclude_file_regex' => '@^vendor/.*/(tests?|Tests?)/@',

    // A directory list that defines files that will be excluded
    // from static analysis, but whose class and method
    // information should be included.
    //
    // Generally, you'll want to include the directories for
    // third-party code (such as "vendor/") in this list.
    //
    // n.b.: If you'd like to parse but not analyze 3rd
    //       party code, directories containing that code
    //       should be added to both the `directory_list`
    //       and `exclude_analysis_directory_list` arrays.
    'exclude_analysis_directory_list' => [
        'vendor/'
    ],
];

?>

我的问题是，我有很多这样的“假阳性”错误：

类/命名空间路由(\Symfony\Component\Routing\Annotation\Routing)的语句可能为零引用--可能为类/命名空间(\Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface) (\Symfony\Component\DependencyInjection\ParameterBag\ContainerBagInterface) PhanUnreferencedUseNormal使用语句的引用为零--对于类/命名空间使用语句的引用可能为零用于类/命名空间安全性(\Sensio\Bundle\FrameworkExtraBundle\Configuration\Security)

似乎phan无法检测到Symfony供应商，我想知道如何纠正它？

我在使用php7.4和Symfony 5项目

Answer 1

我发现，问题就在以下几条线上：

'directory_list' => [
    'src',
    'vendor/symfony/console',
],

这是直接从Phan示例配置中获得的，但是由于directory_list中只包含了‘供应商/ Symfony /console’文件夹，所以Phan无法了解其他Symfony组件。

我把这个换成了：

'directory_list' => [
    'src',
    'vendor',
],

通过包含整个供应商目录，就可以解析它，并且Phan知道src中使用的每个供应商对象。

正如Leprechaun所提到的，由于注释没有被phan正确解析，我遇到了另一个问题，必须包括以下插件

'plugins' => [
    'vendor/drenso/phan-extensions/Plugin/Annotation/SymfonyAnnotationPlugin.php'
],

现在起作用了。

Answer 2

看起来这是已知的问题：https://github.com/phan/phan/issues/1757

在这个Github问题中，他们建议使用Phan扩展：https://github.com/Drenso/PhanExtensions#annotationsymfonyannotationplugin

或者尝试使用PHPStan或诗篇。