Exakat Changelog

Version 2.6.8

2024-05-02 – Fang Xuanling

+ Updated analysis : Undefined Enum Case now handles class constant relays

  • Report
    • Ambassador : upgraded manual rendering
  • Analysis

Version 2.6.7

2024-03-21 – Zhang Gongjin

+ New analysis : new rule for Deprecated attribute (analysis)

  • Analysis

Version 2.6.6

2024-03-14 – Gao Shilian

+ New analysis : report usage of strpos() < 1 (possible bug)

  • Report
    • Ambassador : fixed documentation display of PHP scripts
    • CallGraph : displays the call graph in dot format
  • Analysis
  • Tokenizer
    • Made property inside a string with a Name, not a Identifier
    • Mark variable in append as modified

Version 2.6.5

2024-01-31 – Cheng Yaojin

+ New analysis : dump all combined method calls

  • Architecture
  • Cobbler
  • Report
  • Analysis
  • Tokenizer
    • Fixed display of ?-> inside strings
    • Refactored Goto labels with a common atom between goto and labels
    • Fixed minor errors with SEQUENCE (via NEXT)

+ New analysis: report literal passed by reference

  • Architecture
    • Moved assert configuration to ini_set and php.ini
    • Added a set of token values for Debian 12 and 8.3
    • Void is now a single atom in the graph (speed up, less resources)
    • Speed up Load with less arrays, more classes
  • Analysis
  • Tokenizer
    • Added CALLED link to new calls
    • Fixed edgecases with match and readonly

Version 2.6.3

2023-12-14 – Ma Sanbao

+ Updated analysis : Too Many Variables in Method

  • Analysis
  • Tokenizer
    • Fixed bug with short assignment left operand not being marked as read as well as written
    • Added fullnspath to Staticclass atom
    • Added support for THROWN, CALLED, YIELDED links in methods

Version 2.6.2

2023-11-21 – Duan Zhixian

  • Analysis
    • New analysis : Casting Method Favorite
    • Updated analysis : Ellipsis detection improved
    • New analysis : report arrays that are used for append and direct index access at the same time
    • New analysis : report get_class() and get_parent_class() without arguments
    • Updated analysis : Literal inventory now reports float, array() and heredocs
    • New analysis : report usage of advanced static variable initialisation
    • New analysis : cannot be readonly
    • New analysis : report triplet stats from the internal graph
    • New analysis : report static variables outside a method
    • Updated analysis : Missing types are now covering class constants too
    • New analysis : report usage of Deprecated features (CITE, functions, parameters…)
    • Updated analysis : Could Be Typed * now supports class constants
    • New analysis : add support for #[Override] before PHP 8.3
    • New analysis : report variables that use their type as name

Version 2.6.1

2023-10-19 – Liu Hongji

  • Cobbler
    • New Cobbler : Logical to In_array() conversion
  • Analysis
    • Updated analysis : Use same types for comparisons was refactored
    • Updated analysis : Add Zero skips ?? and ?: when it is used to create default values
    • Updated analysis : Implode() args order was refactored with type support
    • New analysis : report multiline expressions
    • New analysis : report usage of typed constants
    • Updated analysis : sprintf() argument counts is improved
    • Updated analysis : double instruction skips try, while, do while.
    • Updated analysis : useless instruction refactored clone expressions
    • Updated analysis : array Append in a list() call
    • Updated analysis : written only variables now take into account isset() too
    • Updated analysis : recursive functions don’t report recursion via property or method call()
    • Updated analysis : Shell favorite

Version 2.6.0

2023-10-04 – Xue Rengui

  • Architecture
    • Refactored generation of VCS
  • Cobbler
    • New cobbler : rename namespace
    • New cobbler : rename function
    • New cobbler : rename constant
    • New cobbler : rename class
    • New cobbler : rename interface
    • New cobbler : rename enums
    • New cobbler : rename trait
    • New cobbler : rename method
    • New cobbler : rename class constant
    • New cobbler : rename property
  • Report
    • Added Classes dependencies table to Ambassador
    • Added Classes dependencies counts table to Ambassador
    • Added Classes dependent counts table to Ambassador
    • Added Namespaces to Exception tree
    • Added list of repeated class names
    • New report : Naming, that checks spelling
  • Analysis
    • Updated analysis : Useless Null Coalesce now omits stdclass
    • New analysis : report rewritten final class constant
    • New analysis : report uselessly rewriten class constant
    • Updated analysis : Fixed detection of use for functions and constants
    • Removed analysis : Removed ‘Mark callable’
    • Updated analysis : Fixed detection of calls to __construct
    • Updated analysis : Avoid Boolean as Argument sped up
    • Updated analysis : Property Could Be Local sped up
    • New analysis : Report blind variable used beyond their foreach() loop
    • Updated analysis : Could Use Try has more exceptions sources
    • New analysis : Report recalled conditions
    • Updated analysis : Upgraded Classes depencencies list with attributes, New initializers and instanceof
    • New analysis : Report incompatible property definition between trait and class
    • Updated analysis : Deep definition now includes define() calls and enums
    • Updated analysis : Collection of File dependencies now include interfaces
    • Updated analysis : Fixed but in Could Be Spaceship
    • Updated analysis : Upgraded ‘unthrown exception’ to handle variables
    • New analysis : report usage of self:: on
    • New analysis : report usage of DNF
    • Updated analysis : readonly usage covers classes and anonymous classes
    • New analysis : report usage of FTN as standalone type
    • New analysis : Collect usage of throw and their method
    • New analysis : Collect literals used in comparisons
    • New analysis : Suggest using array_combine()
    • New analysis : Report comparisons with distinct scalar types
    • New analysis : reports null being used as array’s index
    • New analysis : collect all named things in the source code
    • Updated analysis : isComponent also supports enum and declare
    • New analysis : report useless Try clauses
    • New analysis : report converted exceptions
    • New analysis : report methods that are no more than a single if
    • New analysis : suggest to ditch default before assigning it
    • Updated analysis : Unset or Cast was refactored with less raw() calls
    • Updated analysis : PPP declaration style
    • New analysis : collect the number of injections in a constructor
    • New analysis : collect the property usage level for each class
    • New analysis : collect structures, instead of in dump
    • New analysis : collect catch, to complete results with throw collect
    • Updated analysis : report usage of standalone True, False, Null.
    • New analysis : report identical cases in match and switch
    • New analysis : report usage of constants in traits
    • New analysis : preference between short and formal comparison
    • New analysis : report yield that can be turned into a yield from
    • New analysis : report usage of enum cases in static constant expressions
    • New analysis : report modification of readonly properties in __clone()
    • New analysis : report usage of internal classes with class_alias()
    • New analysis : report usage PHP 8.3 new dynamic
    • New analysis : static variables may be initialized with arbitrary expression in PHP 8.3
    • New analysis : report when an interface’s class constant visibility is not public when in the class
    • Updated analysis : upgraded pre-calculate used variable in closure
    • Updated analysis : Insufficient typehint (extended coverage)
    • New analysis : Report final trait method that are overwritten
  • Tokenizer
    • Added support for typed constants
    • Checked support for readonly anonymous classes
    • Fixed LINK in DNF types
    • Added support for attributes in enum, trait, interface and enumcase

Version 2.5.2

2023-02-04 – Wang Gui

  • Report
    • New report : Format for SonarCube
  • Analysis
    • New analysis : report array literal, used by index.
    • New analysis : Cannot use empty strings with explode()
    • New analysis : Report max() and min() applied on empty arrays.
    • Updated analysis : Unused methods now skips internal use
    • Updated analysis : Date formats are collected only on Datetime and Datetimeimmutable
    • New analysis : strpos() used to convert integer to their ascii value
    • New analysis : report double checks in the code
    • New analysis : skip empty arrays in array_merge()
    • New analysis : ellipis is slower than array_merge()
    • Updated analysis : variable type is detected with cast too.
    • New analysis : follow unvalidated data in $_SESSION
    • Updated analysis : updated in_array() to also report short arrays
    • Updated analysis : closure2string skips when other arguments are necessary
    • Updated analysis : condition is always true is upgraded with more work on is_a() and class type
    • Updated analysis : htmlspecialchars() changed behavior in 8.1
    • Updated analysis : always false does a better job at comparing types
    • Updated analysis : upgraded analysis with types
    • New analysis : new functions in PHP 8.3
    • New analysis : suggestion for str_ends_with()
    • New analysis : suggestion for str_starts_with()
    • Updated analysis : dirname with 3rd arg is suggested when using ‘$path/../’ strings
    • New analysis : collect the number of arguments per PHP native calls
    • New analysis : report if/then when a variable is assigned in one branch, but not in the other
    • New analysis : report mono or multi bytes favorite
    • New analysis : count the number of arguments to PHP native calls
    • Updated analysis : Null on boolean now takes into account types
    • Updated analysis : upgraded Make One Call analysis to spot calls within same expression
    • Updated analysis : incompatible type with incoming now covers call with superglobals
    • Updated analysis : fixed bug when calculating DEFINITION for superglobals
    • New analysis : report different constructors
    • New analysis : report usage of short ternary operator
    • New analysis : report when finalizing the call before the closure is better
    • New analysis : report object cast to int or float
    • New analysis : report variables initialized before an if condition with reinitialisation
    • New analysis : report incompatible constructors
    • New analysis : Report sidelined methods from a trait
    • New analysis : Report misused Generators
    • New analysis : Substr() for partitions in a loop
    • New analysis : suggest caching local calls to reduce processing
    • New analysis : report list of PHP 8.3 new classes
  • Tokenizer
    • Added support for readonly + final/abstract class
    • Fixed DEFINITION for static in new
    • Fixed DEFINITION for global variable definitions
    • Upgraded support for variable types with PDFF
    • Adapted support for undefined Identifier between PHP 7 and 8

Version 2.5.1

2023-01-19 – Wang Gui

  • Architecture
    • Extracted Called* to external class
    • Introduced parallel loading for nodes and properties (links are WIP)
  • Analysis
    • New analysis : suggest omitting empty arrays before array_merge()
    • Updated analysis : more calls are collected
    • Updated analysis : Strict comparison with boolean covers array_search and array_keys
    • New analysis : report useless methods
    • Updated analysis : Add Zero also covers syntax like +$a
    • New analysis : report weak tests on array, without checks on index
    • New analysis : report multiple types in switch (PHP 8 compability)
    • New analysis : could be a readonly class
    • Updated analysis : Comparison strings to int include in_array() and co
    • New analysis : report class invasions
    • New analysis : report property invasions
    • New analysis : collect all setlocale() calls
    • Updated analysis : Collected calls includes __construct()
    • Updated analysis : Collected calls includes __clone()
    • New analysis : report usage of ++ on strings
    • New analysis : report usage of deprecated mb_string encodings
  • Tokenizer
    • Fixed edge cases with readonly/namespace as method name
    • Fixed handling of static keyword with rare combinaisons

Version 2.5.0

2023-01-05 – Wang Gui

  • Architecture
  • Cobbler
  • Report
  • Analysis
    • Refactored analysis : WrongTypeWithCall skips variables without a type
    • Refactored analysis : BailoutEarly skips blocks with one element only
    • Refactored analysis : NonStaticMethodsCalledStatic extended to Stubs
    • New analysis : ambiguous types for variables
    • Refactored analysis : Unpreprocessed skips static::class
    • Refactored analysis : Undefined constant skips class constants with variables
    • New analysis : report exception that can’t be chained
    • Refactored analysis : ShellExec preferences
    • Refactored analysis : CreateMagicProperty was extended
    • New analysis : report possible ::class usage
    • New analysis : report wrong order of argument with variadic
    • New analysis : report wrong encoding usage with mbstring
    • Refactored analysis : Sped up ‘could be abstract method’
    • Refactored analysis : Undefined Interfaces differentiate classes and interfaces
    • New analysis : Ternary and Coalesce Operators order
    • Refactored analysis : Set Parent DEFINITION also adds DEFINITION for CPM
    • Refactored analysis : NativeClassTypeCompatibility upgraded fully to stub support
    • New analysis : Report useless assignation of promoted properties
    • Refactored analysis : Parameter name checking works with methods
    • Refactored analysis : Classes/CouldUseClassOperator is extended to all CITE
    • Refactored analysis : Classes/UndefinedConstants skips situations where the class is a variable of unknown type
    • Refactored analysis : Infinite recursion also detects coalesce
    • New analysis : Report methods / property confusions
    • New analysis : Suggest using __NAMESPACE__, instead of hardcoded string
    • Refactored analysis : Indirect injection is extended with ?? ?: and ? :
    • New analysis : Report too many chained calls one in the other
    • Refactored analysis : ‘This is for classes’ is extended to traits and enums
    • Refactored analysis : ‘Unsupported types with operator’ is now using Stubs files
    • New analysis : Report wrong typed with incoming values
    • Refactored analysis : ‘Queries in loops’ is now using extended to methods and one functioncall down.
    • Refactored analysis : Identical Variables in Foreach now searches inside the source
    • New analysis : Empty Loops
    • New analysis : Report arrays that are too much extracted
    • New analysis : Report methods where variables are not needed (only unique usage)
    • New analysis : Report possible emission of TypeError
    • Refactored analysis : Cant Throw now skips Interfaces
    • Refactored analysis : fixed false positive with Always False
    • Refactored analysis : Constant Invalid names do not confuse the constant and its value
    • Refactored analysis : Undefined Variable in Catch, now skips variables also created in the catch clause
    • Refactored analysis : Implicit conversion to int : skip float returned values
    • Refactored analysis : Closure could be static now checks for internal definitions of enums or anonymous class
    • Refactored analysis : Dont Collect void is extended to unspecified return types
    • Refactored analysis : useless coalesce
    • Refactored analysis : Indirect Injections
    • Refactored analysis : Useless Reference now checks PHP, ext and stubs
    • New analysis : Suggest to throw exceptions with json_*code()
    • Refactored analysis : Scalar are not arrays cleaned
    • Refactored analysis : No net for xml now enforces class too
    • Refactored analysis : Static for classes now omits static variables
    • Refactored analysis : Incompatibility signature now omits __construct
    • Refactored analysis : Unreachable code
    • New analysis : collect all calls from methods to methods
    • New analysis : set fullnspath to method calls
    • New analysis : report variables with an initial capital S (readability)
    • New analysis : type dodging in parameter with union type
  • Tokenizer
    • Fixed bug with related to readonly position
    • Fixed bug where define was not correctly set with fullnspath
    • Fixed priorities for print and yield
    • Added support for DNF in the engine
    • Added definition with static calls, within a class
    • Added support for methods and properties with static calls to parent::
    • Refactored handling of scope with $this and self/static
    • Created a Precedence class for each version
    • Refactored calculations for currentMethods in external class
    • Migrating from Method to readsStubs (WIP)
    • Handled edge cases in Yield (yield yield)
    • Removed link between bool and int values when loading (edge case of numeric strings)
    • Cleaned Load of GlobalVars array

Version 2.4.9

2022-09-07 – Wang Gui

  • Analysis
    • Refactored analysis : Uses Default now supports PDFF and functions
    • Refactored analysis : Using PDFF with ext/seaslog and ext/memcache
    • Removed analysis : ext/wikidiff2, ext/wincache, ext/iis, ext/libevent, ext/mhash, ext/parsekit, ext/kdm5
    • New analysis : date() versus DatetTime preferences.
    • New analysis : identify unused public methods
    • Refactored analysis : Detecting wrong visibility with implemented methods was sped up
    • Removed analysis : Interface/ConcreteVisibility, double with Classes/ImplementedMethodsArePublic
    • New analysis : identify potential abstract methods
    • Refactored analysis : Upgraded ‘Wrong Type With Call’ to use the known variable types
    • Refactored analysis : No Parent now takes traits into account.
    • Refactored analysis : Should Have Destructor : removed some false positives, refactored documentation.
    • Refactored analysis : No Parent now also checks for traits
    • Refactored analysis : Uses default argument skips Virtualproperties
    • New analysis : Complete/SolveTraitConstants adds support for constants in traits (PHP 8.2)
    • Refactored analysis : Complete/SetParentDefinition was trimmed of 2 useless queries
    • Refactored analysis : PPP declaration style
    • Refactored analysis : Is Global Constant (removed usage of .ini)
    • Refactored analysis : Overwritten* are simplified for speed up and deduplication
    • Refactored analysis : UndefinedClasses speed up
    • Refactored analysis : Should Preprocess now adds Heredocs and skips variables inside strings
    • Refactored analysis : Should use Ternary now skips elsif
    • Refactored analysis : ext/fann now use pdff
  • Tokenizer
    • Added support for PHP keywords in namespace names.

Version 2.4.8

2022-08-24 – Xue Rengui

  • Architecture
  • Cobbler
  • Report
  • Analysis
    • Refactored analysis : strange names now covers types too.
    • Removed analysis : ext/proctitle, Composer/IsComposerName, ext/cyrus
    • Removed analysis : Composer/IsComposerInterface,
    • Refactored analysis : VariableTypehint now skips self-transforming variables in default
    • Refactored analysis : ErrorMessages now also tracks trigger_error()
    • New analysis : ext/teds, ext/scrypt, ext/geospatial
    • Refactored analysis with pdff : ext/crypto, ext/ev, ext/enchant
    • Refactored analysis : refactored ‘could use short assignation’
    • Removed analysis : ext/ereg, ext/async
    • Refactored analysis : undefined class constants are also looked in the children classes
    • Refactored analysis : vendor/symfony and vendor/phalcon
    • Refactored analysis : Unused Methods now handles foreach() with new()
    • New analysis : vendor/feast framework
    • Checked unit tests : 4480 / 4450 test pass (99.3% pass)
  • Tokenizer
    • Fixed detection of constant in ternary/coalesce
    • Finish adding types

Version 2.4.7

2022-08-03 – Xu Jingzong

  • Architecture
  • Cobbler
    • New cobbler : remove brackets to single-instruction commands
  • Report
    • New inventory : IP
  • Analysis
    • Refactored analysis : Could Use Array_sum()
    • Refactored analysis : Wrong Attribute with properties
    • Refactored analysis : implode Args order now support types
    • Refactored analysis : fopen mode does accept rw
    • Refactored analysis : references on objects (full refactor)
    • New analysis : finding empty arrays with comparisons
    • New analysis : using strict with in_array or not
    • New analysis : no default for referenced parameter
    • New analysis : No clone constant before PHP 8.1
    • New analysis : Complete enum cases with definition to value and name
    • Refactored analysis : better handling of clone in Variable Typehint
    • Refactored analysis : cleaned some false positives with Undefined Properties
    • Refactored analysis : Unresolved use now uses stubs; upgrade in function/const coverage
    • Removed analysis : ext/recode, ext/runkit, ext/ming
    • Refactored analysis : Better coverage for 1 + []
    • Refactored analysis : Difference preference has gremlin upgraded
    • New analysis : Ext/random (PHP 8.2)
    • New analysis : IP inventory
    • Refactored analysis : JsonSerialize and ReturnTypeWIllChange cover new methods
  • Tokenizer
    • Added support for -> out of Enum cases (with name and value)
    • Added new classes from PHP 8.2
    • Fixed missing fullnspath for attributes with absolute path
    • Added all attributes to properties

Version 2.4.6

2022-07-20 – Li Yuanji

  • Architecture
    • Skip loading of WS property when only doing an audit (speed up loading)
    • Finished moved to Gremlin 3.6
  • Cobbler
    • New cobbler : adds brackets to single-instruction commands
  • Report
    • Ambassador : refactored trait matrix
  • Analysis
    • Refactored analysis : Wrong Type Hint with First Class Callable
    • New analysis : PHP 8.2 new functions
    • Refactored analysis : Useless Cast takes advantages of const types
  • Tokenizer
    • Typed all internal atoms
    • Added types to internal loading engine

Version 2.4.5

2022-07-07 – Li Yuanji

  • Architecture
    • Docs : fixed presentation for cobblers
  • Cobbler
    • New cobbler : remove abstract option
  • Report
  • Analysis
    • Refactored analysis : No Pss Outside Class also checks for static closures
    • New analysis : Report errors in sprintf() formats
    • New analysis : Report methods and properties with the same name in a class
    • New analysis : Report invalid chars in date scanning formats
    • Refactored analysis : Useless Coalesce applied to PHP native methods
    • New analysis : Report Abstract Private methods in traits (php 8.0-)
    • Refactored analysis : Dynamic New now also works on parenthesis
    • New analysis : Report Utf8_encode() and utf8_decode() deprecation
    • Refactored analysis : Create Default Values checks on self-transforming variables
    • Refactored analysis : Missing Typehint skips constructor and destructor
    • Refactored analysis : Useless constructor skip one that has other constructor calling it
    • New analysis : Some Magic methods have compulsory return types
    • Refactored analysis : Overwritten const is extended to classes without constants (but in their parent or interfaces)
    • Refactored analysis : Nested ternaries now checks assignations, New parameter to set the min depth
    • Refactored analysis : Instantiating Abstract now uses PDFF
    • Refactored analysis : $this may be OK in closures (they can be rebinded later)
    • Refactored analysis : Adding ‘Void’ returntype when possible
    • Refactored analysis : Don’t Collect Void was upgraded with methods returning nothing.
    • Refactored analysis : Identical Expressions, now checks = and omits short assignations
    • New analysis : If Then Return Favorite
    • Refactored analysis : Useless Casting checks % distinctly
    • Refactored analysis : Add Zero skips variables more often
    • New analysis : Could Be Resource
    • New analysis : DateTime Immutable is not immutable
  • Tokenizer
    • Fixed namespace’s names dectection for older PHP versions
    • Fixed Functioncall detection inside a new operator.

Version 2.4.4

2022-06-23 – Li Jiancheng

  • Architecture
    • Upgraded to Gremlin 3.6.0 (tinkergraph)
    • Prepared engine to work with GSneo4j 3.6.0
  • Cobbler
    • New cobbler : turn ${a} into {$a} for PHP 8.2 compatibility
    • Refactored cobbler : Adds null type to nullable parameters
  • Report
  • Analysis
    • Refactored analysis : Non nullable setter skip properties set in constructor
    • Removed analysis : ext/ffmpeg, ext/fdf, ext/xcache, ext/yis, ext/cairo
    • Refactored analysis : ext/rdkafka, ext/zookeeper now uses PDFF
    • Refactored analysis : Should Preprocess, now include local constant strings
    • Refactored analysis : Undefined Interface, now not reporting extra Types
    • New analysis : retyped reference, when a parameter with a type, eventually get a new type
    • Refactored analysis : Static methods called from object, modernization
    • Refactored analysis : New Analyzers, omits local defaults values
    • Refactored analysis : Access Protected now takes into account PDFF
    • Refactored analysis : Null type detection includes null defaut value for parameters.
    • New analysis : Report type error for default values
    • Refactored analysis : ‘ds’, ‘ssh2’ were upgraded to PDFF
    • Checked unit tests : 4373 / 4349 test pass (99.5% pass)
    • New analysis : Ice framework
    • New analysis : taint
  • Tokenizer
    • Fixed ‘constant’ bug with functioncall on a nsname
    • Upgraded Typehint detection to handle clone() calls
    • Upgraded Typehint inference for properties and variables

Version 2.4.3

2022-06-02 – Emperor Gaozu of Tang

  • Architecture
    • Doctor failed to copy the tinkergraph configuration files
    • Removed old connector GSneo4j/Tinkergraph
    • Refactored starting/emptying of gremlin database
    • Testing on PHP 8.2
  • Cobbler
    • Added suggestions when the -P is not found
    • New cobbler : add Final to classes
    • New cobbler : removes Final from classes
    • Upgraded cobbler : removes Readonly from classes
  • Report
    • Ambassador, Emissary, Diplomat : removed link to the source code.
    • Ambassador, Emissary, Diplomat : fixed link to online documentation
  • Analysis
    • Fixed analysis : Undefined Classes and Trait where affected by the recent Complete/Returntyping
    • Refactored analysis : ‘Variables Used Once’ not omit inherited parameters.
    • Refactored analysis : ‘Functions without return’ not skip methods with Never and methods that throw in the main sequence.
    • New analysis : ‘Parent is not Static’, but rather self
    • Refactored analysis : ‘Use This’
    • Refactored analysis : ‘Extension/Extxhprof’ to PDFF
    • Refactored analysis : Removing usage of methods, moving to PDFF
    • New analysis : ‘No magic method for Enums’
    • Refactored analysis : ‘Multiple Identical Keys’ now also processes automated index
    • New analysis : ‘Modifying Readonly’ (WIP)
    • Refactored analysis : ‘Could use short assignation’ skips usage of ??
    • New analysis : ‘Readonly Can only be assigned in defining class’
    • Refactored analysis : ‘Runkit7’ was upgraded to PDFF
    • Refactored analysis : ‘Gnupg’ was upgraded to PDFF
    • Refactored analysis : ‘xdiff’ was upgraded to PDFF
    • Refactored analysis : ‘event’ was upgraded to PDFF
    • New analysis : ext/stomp, ext/csv
    • New analysis : Suggestion making the default assignation in property definition
    • Refactored analysis : ‘Redefined private properties’ now covers PDFF too
    • Refactored analysis : ‘Failing Stubstr Comparison’ now accepts != <>
    • Refactored analysis : ‘Insufficient typehint’ extended with class constants
    • Refactored analysis : ‘Unused constant’ takes advantage of hierarchy
    • Refactored analysis : ‘Useless Abstract’ extended to include single extended classes
    • Refactored analysis : ‘Mismatched Default Value’ now omits parameters without default value
    • New analysis : method is identity
    • New analysis : report overloaded existing names in use, from PDFF
    • New analysis : collect incoming date inventory
    • New analysis : collect vendor’s API usage
    • New analysis : report Array addition usage
    • Checked unit tests : 4373 / 4349 test pass (99.5% pass)
  • Tokenizer
    • Added support for PHP 8.2 readonly classes
    • Fixed bug that made VariableTypehint automatically isPHP

Version 2.4.2

2022-05-18 – Li Chunfeng

  • Analysis
    • Refactored analysis : ‘Raised access Level’ now supports PDFF files
    • Refactored analysis : ‘Cant Extends Final’ also Works with anonymous classes
    • New analysis : Report ‘Lowered access levels’
    • Refactored analysis : ‘Final methods’ extended to traits
    • Refactored analysis : ‘Overwritten Methods’ fixed bug with Traits
    • New analysis : ‘Cant extends Final Methods’
    • Refactored analysis : ‘Cant extends Final Constants’ with PDFF support
    • New analysis : ‘Extension Excimer’
    • New analysis : ‘Report implicit float to int conversions’
    • Refactored analysis : ‘Is always false’ is extended to typed properties
    • New analysis : ‘Report inegalities with different types’
    • New analysis : Report traits used once
    • Refactored analysis : ‘Is Not Implements’ now supports PDFF; support for trait added.
    • Refactored analysis : ‘Wrong name with paramter’ : added support for PDFF
    • Fixed analysis : ‘Overwritten Methods’ skipped some interfaces
    • Refactored analysis : ‘Fossilized methods’ was counting methods that are defined with Virtualmethod
    • Refactored analysis : ‘Fix bug’ when missing fqn in New for Classes/WrongTypedPropertyInit
    • New analysis : Report unknown locales.
    • New analysis : ext/pkcs11
    • New analysis : ext/spx
    • Checked unit tests : 4314 / 4317 test pass (99% pass)
    • Refactored analysis : ‘Basename suffix’ detection extended
  • Tokenizer
    • Fixed bug with float and power
    • Fixed bug in global variable creation
    • Create all possible links to static keyword
    • Speed up creation of links to $GLOBALS

Version 2.4.1

2022-05-04 – Yuan Tiangang

  • Architecture
    • New Dump : collect all stub’s structures
  • Report
    • Sarif : Fixed URI (no initial /) and Exakat version
    • Unused : report unused stuff in the code
    • Ambassador : upgrade presentation of the Exception Treephp
  • Analysis
    • New analysis : Deprecated String interpolation in PHP 8.2
    • Refactored analysis : Spaceship features is used for isRead property
    • Refactored analysis : Skip analysis of returntypes for methods with throw/assert/trigger_error()
    • New analysis : Report unused Enumeration Cases
    • Refactored analysis : Can’t instantiate class now takes local class into account
    • Refactored analysis : Many new examples extracted from the docs
    • Refactored analysis : fixed bug with ‘Wrong Type With Call’
    • Refactored analysis : Conditional structures now includes Enums too.
    • New analysis : Don’t throw raw exceptions
    • New analysis : Useless Coalesce operator (when there is a type available)
    • New analysis : ext/yar
    • Refactored analysis : ‘Wrong number of argument’ now includes methods defined in a trait in a PDFF
    • Refactored analysis : moved ext/amqp to PDFF

Version 2.4.0

2022-04-20 – Yin Kaishan

  • Report
    • Ambassador : suggest literals to be turned into a constant, based on assignation and comparison
  • Analysis
    • Refactored analysis : ‘Classes/WrongCase’ reported too many arguments
    • New analysis : No constructor in interfaces
    • Refactored analysis : Bail Out Early also report if/then when in last position of an sequence
    • Refactored analysis : Useless Casting also checks for double application of typehint/cast
    • New analysis : Could Be A constant (in Dump)
    • New analysis : Could Be Spaceship
    • Refactored analysis : Vendors/Concrete5 is updated to Concrete5 v9.0
    • New analysis : Vendors Sylius
    • Refactored analysis : Vendors/Joomla is updated to Joomla 4.2.0
    • Refactored analysis : Wrong Number Of Arguments supports Constructors and methods (static and normal)

Version 2.3.9

2022-04-06 – Fu Yi

  • Architecture
    • Changed Loading system to handle globals directly with gremlin, and without ids
  • Cobbler
    • New cobbler : adds ‘function array_key_exists’ to the list of use statements to speed up array_key_exists.
  • Analysis
    • Refactored analysis : Fixed bug with ‘each’ and namespaces in Php/Deprecated
    • Refactored analysis : Next Month Trap was updated with support for datetime (Immutable)
    • Refactored analysis : TimeStamp Differences now covers any seconds additions. Datetime::format(‘U’) was also added to sources.
    • New analysis : Avoid using 86400 to handle days when calculating dates.
    • New analysis : Do not reuse the source name in a foreach($a as $a)
    • New analysis : Use constants when the function returns them
    • Updated analysis : New constants for ‘Use Constants As Arguments’
    • Refactored analysis : many Extensions/Ext* are moving to pdff support
    • Refactored analysis : speedup Should Preprocess analysis
    • Refactored analysis : Modernized Overwritten class constants
    • New analysis : Report overwritten final constants from PDFF
    • Refactored analysis : Moving Extensions/Ext* to PDFF
    • Refactored analysis : Repeated Regex
    • New analysis : Report string / integer comparison for PHP 8.0 migration
    • Refactored analysis : Defined Class Constants differentiate from Enumeration cases
    • New analysis : Complete functions with obvious typehints
    • New analysis : Extension protobuf
    • Refactored analysis : Upgraded Property analysis to use PDFF
    • Refactored analysis : ‘Multiple identical keys’ now has an array size limit (15000)
    • New analysis : Constant favorite : use or not?
    • Refactored analysis : Upgraded ‘Unresolved classes’ with Pdff support
  • Tokenizer
    • Fixed isPhp/isExt/isStub detection for catch classes

Version 2.3.8

2022-03-23 – Xiao Yu

  • Architecture
    • Speed up gremlin queries
  • Report
    • Pdff : added support for hasDefault in properties and parameters
  • Analysis
    • New analysis : Report type of string introspection used in the code, as a favorite
    • New analysis : Report functions to be of type ‘never’.
    • Refactored analysis : Variables used once by context, now omits Blind variables
    • Refactored analysis : Redeclared PHP functions works with PHP 8.1’s functions
    • Refactored analysis : Modern Empty
    • Refactored analysis : Deprecated Functions
    • Refactored analysis : Removed usage of IsExtInterface in UndefinedClasses
    • Refactored analysis : Suggesting static class names over objects takes into account the nature of the typehint available.
    • Refactored analysis : Using PDFF with ext/gender, ext/decimal, ext/xxtea, ext/mailparse, ext/uuid.
    • Refactored analysis : Using PDFF with ext/xmlreader, ext/writer, ext/mongodb, ext/gd, ext/dom
    • Refactored analysis : Class Usage rule now skips Interfaces in Implements
    • Removed analysis : Modules/*
    • Removed analysis : Extensions/Extzbarcode

Version 2.3.7

2022-03-09 – Xiao Yu

  • Architecture
    • Fixed all internal step’s case
  • Report
    • New report : PerRule (same as PerFile, but grouped by rules)
    • New report : CompatibilityPHP56 (based on Perfile, dedicated to Compatibility PHP 5.6)
    • Updated report : Ambassador now lists @keywords in phpdocs (inventories)
    • Updated report : Manual includes sections for namespaces, and global constants
  • Analysis
    • New analysis : Use variables when they are created inside a loop
    • New analysis : Simplify Foreach()
    • New analysis : Identical Conditions on If-elseif
    • Refactored analysis : Undefined Instanceof now relies on isPhp/isExt/IsStub
    • Refactored analysis : First byte only, now uses variable typehints
    • Refactored analysis : Dont loop on yield
    • Refactored analysis : Interfaces suggestion now accepts php/ext/stubs configuration
    • Refactored analysis : Static calls to traits exclude self, parent, static
    • Refactored analysis : Don’t read and write at the same time : Extended to all containers, removed edge cases
    • Refactored analysis : Undefined interfaces takes Variable Typehint into account
    • Refactored analysis : Incompatible Method signature
    • Refactored analysis : Unfinished objects now checks called internal methods
    • Refactored analysis : Better coverage for Class Constants
    • Refactored analysis : Insufficient typehint skips properties without a type
  • Tokenizer
    • Extended support for Variable typehints

Version 2.3.6

2022-02-16 – Qin Qiong

  • Architecture
  • Cobbler
    • Refactored cobbler : ‘SetTypehint’ checks more before adding a class typehint
  • Report
    • Ambassador : added the list of extended dependencies as an audit report
    • Diplomat : removed 4 rules from Analyze (Classes/Redefined*)
  • Analysis
    • New analysis : Too Many Stringed If-then-elsif
    • New analysis : Undefined Enumeration case
    • New analysis : Unfinished objects
    • New analysis : Class Alias usage
    • New analysis : Undefined Methods
    • New analysis : Suggest array_sum(), from the code
    • New analysis : Missing type on any structure (method, parameter, property)
    • New analysis : Spot unreachable methods
    • New analysis : Public Reach lists the paths from public methods to private ones.
    • New analysis : Avoid Static calls on objects when possible
    • Deprecated analysis : Is Php Function
    • Refactored analysis : Removed usage of IsExtFunction analysis
    • Refactored analysis : ‘Could Be array’ relies on … too
    • Refactored analysis : ‘No need for else’ now skips elseif
    • Refactored analysis : ‘Undefined constants, functions, traits, interfaces, classes{const, static P/M}’ now leverages the stubs
    • Refactored analysis : ‘Insufficient typehint’ checks for union types
    • Refactored analysis : ‘Used Once Properties’ now omits classes that have dynamic properties
    • Refactored analysis : ‘Unused class constants’
    • Refactored analysis : ‘Reuse variable’ has a narrower focus, and takes scope into account.
    • Refactored analysis : ‘Weak Type’ Extended analysis to typed containers
    • Refactored analysis : Definitions stats now break down to isPHP/isStub/isExt
    • Refactored analysis : Isset() calls with more complex expressions
    • Bug: fixed PHp/MixedKeyword in analyzer database
    • Checked unit tests : 4123 / 4132 test pass (99% pass)
  • Tokenizer
    • Refactored Foreach variable detection
    • Fixed constant detection in deep namespaces
    • Restored Stubs from configuration and commandline
    • Added fullnspath to static properties
    • Added Complete/Is*Structure, to finish marking atoms with isPhp, isStub
    • Deprecating Composer/IsComposerNsname
    • Fixed bug with class_alias
    • Added Not to guess list
    • Fixed bug in engine with comments at the end of scripts.

Version 2.3.5

2022-02-02 – Yuchi Gong

  • Architecture
    • ‘Complete’ ruleset will run the configured rulesets that are not already run
  • Cobbler
    • New cobbler : removes readonly option on properties
    • New cobbler : removes useless variables
  • Report
    • Ambassador : added counts with the actual sizes of the classes (constants, properties, methods)
    • Ambassador : Fixed display of compatibility features
    • Uml : Report number of classes exported
  • Analysis
    • New analysis : List all external dependencies extensions
    • New analysis : report recycling of foreach() sources
    • New analysis : report usage of readonly
    • New analysis : Suggest updating if-then to ternary operator
    • New analysis : Report multiple similar calls in a row
    • New analysis : Suggest using FILE_APPEND with file_put_contents()
    • New analysis : Report missing visibilities
    • New analysis : Identify literal that may actually be existing constants.
    • Fixed analysis : Cancelled parameter shall take ??= into consideration
    • Refactored analysis : ‘Cannot use static with closure’ analysis is extended to properties
    • Refactored analysis : Upgraded detection of variable modified by a reference in a PHP or custom function/methodcall.
    • Refactored analysis : Fixed bug with ‘This is for class’ where typehint where not correctly seen inside a class.
    • Refactored analysis : ‘Insufficient typehint’ was upgraded with class constants checks
    • Refactored analysis : ‘Undefined class’ skips ? as a class
    • Refactored analysis : ‘Static loops’ now takes into account modifications in the conditions
    • Refactored analysis : ‘Complex expressions’ omits match
    • Refactored analysis : ‘Cache variable outside loop’ fixed bug with function names and new expressions
    • Refactored analysis : ‘Logical mistakes’ now checks for constants on the rest of the comparison
    • Refactored analysis : ‘Cant instantiate class’ now takes into account self/static
    • Refactored analysis : ‘Should use self’ also reports self opportunities in new expression.
    • Refactored analysis : ‘Written only’ fixed a bug with propperties
    • Refactored analysis : ‘No choice’ also spots ?: null and ?? null
    • Refactored analysis : Written Only Variable now takes into account references in parameters
    • Refactored analysis : Classes’s strange names covers methods, properties and classes.
    • Refactored analysis : Caught but never thrown exceptions have an updated list of exception
    • Refactored analysis : Unresolved Catch uses updated PHP exception/error list
    • Refactored analysis : PHP 8.0 new types now covers mixed and also properties.
    • Refactored analysis : PHP 8.0 union type differentiate between ?A and null|A
    • Refactored analysis : CIT same names was extended to Enumeration
  • Tokenizer
    • Fixed boolval for multiplications
    • Fixed spaceship for string and boolean values
    • Added processing to isPhp/isExt/isStub to implemented names

Version 2.3.4

2022-01-19 – Yuchi Gong

  • Cobbler
    • New cobbler : remove unused use expression
    • Added 4 directives to each rules : namespaces, ignore_dirs, include_dirs and file_extensions. They filter out some of the results.
  • Report
    • Composer : upgrade the list of core PHP extensions
  • Analysis
    • New analysis : Mark simple getters/setters in classes
    • New analysis : Report unchecked divisions (int and operators)
    • New analysis : report possible abstract constants in classes (which should be defined in a parent)
    • New analysis : report recycled variables
    • Refactored analysis : Upgraded ‘Object references’ with union and intersectional types
    • Refactored analysis : Removed edges cases in ‘Don’t collect void’
    • Refactored analysis : Extension detection now takes into account enums
    • Refactored analysis : Upgraded AlwaysFalse with better typehinting inference
    • Refactored analysis : indentation levels missed several results while reporting
    • Refactored analysis : interfaces, traits and constants were missing for use expression resolution
    • Refactored analysis : Undefined Interfaces now exclude better PHP or ext’s interfaces
    • Refactored analysis : Never Used Parameter confused Void and first argument
    • Refactored analysis : Self were reported as outside a class when in foreach()
    • Refactored analysis : Clone with non-arrays now checks PHP native functions too
    • Refactored analysis : Excluded powers from calculations in IsZero
    • Refactored analysis : Fixed discrepancy between ‘ and ” handling of \
    • Extended tests : match without default
  • Tokenizer
    • Fixed a bug where static keyword is processed as a simple nsname
    • Fixed a bug where typehints were not marked as isPhp, isExt or isStub
    • Fixed an edge case with array functions inside match() syntax
    • Fixed an edge case with Closures and reference-use variable
    • Fixed an edge case with static inside ternary
    • Fixed yield expression scope
    • Added Table for PHP 8.2 compilations checks
    • Removed extra void with use expression for traits

Version 2.3.3

2022-01-05 – Xu Maogong

  • Cobbler
    • New Cobbler : removes attributes
  • Report
  • Analysis
    • New analysis : suggest using ?-> when Null is a possiblity
    • New analysis : Report backward incompatibility with overloaded interface constants
    • New analysis : Mark variables as local constants when only assigned once
    • New analysis : suggest using iterable, based on array|traversable usage
    • New analysis : Report usage of PHP 8.1 intersection typehints
    • Refactored analysis : Hidden Nullable rule now handles intersection types
    • Refactored analysis : ‘Use Nullable’ covers properties too
    • Refactored analysis : ‘Could Be stringable’ is extended to trait usage
    • Refactored analysis : skip static and globals when counting variable usage in methods
    • Refactored analysis : PHP 8.0 Union type detection includes properties
    • Added tests to Complete/Overloaded* (CPM)
  • Tokenizer
    • Fixed a bug with Ternary and constants

Version 2.3.2

2021-12-16 – Wei Zheng

  • Cobbler
    • New cobbler : removes a method
  • Report
  • Analysis
    • New analysis : suggest ::class instead of get_class()
    • New analysis : report when a class extends stdclass (for dynamic properties review)
    • New analysis : Reports when checks are made on the existence of properties
    • Upgraded analysis : Useless Typechecks is upgraded with union and intersectional type checks
    • Upgraded analysis : Reporting invalid access to protected CPM
    • Upgraded analysis : Removed Used Properties with classes with dynamic properties
    • Fixed bug in PropagateConstants
  • Tokenizer
    • Added detection of typehints for variables

Version 2.3.1

2021-12-01 – Li Shimin

  • Cobbler
    • Fixed bug with Settypehint when multiple types are available
  • Report
    • New Pdff report : PHP Document File Format
  • Analysis
    • New analysis : report promoted properties
    • New analysis : report deprecated PHP 8.2 callable
    • New analysis : report new in initializers
    • New analysis : report nested attributes
    • New analysis : report direct calls to Trait methods and properties
    • New analysis : report auto vivification of false (PHP 8.1)
    • New analysis : report implicit float to integer conversion for arrays
    • Updated analysis : Declare Static and Global early.
    • Updated analysis : No Null For Native now uses typehints
    • Updated analysis : refined No Static variable in method
  • Tokenizer
    • Fixed bug with __METHOD__ when it is called outside a method

Version 2.3.0

2021-11-18 – Wei

  • Architecture
    • Catchup tokens from PHP 5.6 till 7.2
    • Report unknown Rulesets during reports command
    • Extended ‘catalog’ command to list rules too
    • Extended ‘catalog’ command to return YAML format
  • Report
    • Added several new analysis to the Rector report
    • Added mixed and never to Appinfo report
    • Ugraded Sarif report with bartlett/sarif-php-sdk
  • Analysis
    • New analysis : report the missing mixed returntype for jsonserialize
    • New analysis : report final with constants
    • New analysis : report never usage (typehint)
    • New analysis : report PHP 8.1 typehint incompatibilities
    • New analysis : report PHP 8.0 typehint incompatibilities
    • New analysis : report PHP 8.0 named parameters
    • New analysis : report First Class Callable Syntax
    • New analysis : New Functions in PHP 8.1
    • New analysis : Removed functions in PHP 8.1
    • New analysis : Prepare ‘never’ for PHP 8.1
    • New analysis : Prepare ‘mixed’ for PHP 8.0
    • New analysis : detect mixed and never usage as typehints
    • Upgraded analysis : Wrong Number of arguments also works with new first class callable syntax
    • Upgraded analysis : Typehint stats now includes union and intersection types
    • Upgraded analysis : Removed functions in PHP 8.0

Version 2.2.5

2021-11-03 – Wood star

  • Analysis
    • New analysis : Calling Trait Static Method directly is deprecated in PHP 8.1
    • New analysis : No reference for returned void
    • New analysis : No Null for PHP native methods
    • Updated analysis : Wrong type for argument now covers classes, union type and intersection types.
    • Updated analysis : Wrong type for argument now covers classes, union type and intersection types.
    • Updated analysis : Unused Private Methods are also detected with array($this, ‘xx’) syntax
    • Checked unit tests : 3821 / 3805 test pass (99% pass)
  • Cobblers
    • New cobbler : remove typehints from arguments, returns and properties

Version 2.2.4

2021-10-21 – Gold star

  • Dataset
    • Updated PHP native dataset with missing classes and typehint.
  • Analysis
    • New analysis : Report incompatible typehint with native PHP methods in PHP 8.1
    • New analysis : Report Missing Attribute Attribute
    • New analysis : Report full_path index in $_FILES usage
    • Updated analysis : Type detection also include return type from methods
  • Cobblers
    • Updated cobbler : Set typehint handles typehint from arguments
  • Tokenizer
    • Added more cases for Constant types

Version 2.2.3

2021-10-06 – Wu

  • Architecture
    • Updated INI files for PHP 8.1
  • Data
    • Extended PHP directives lists
  • Report
    • New report Migration 8.1
  • Analysis
    • New analysis : PHP 8.1 removed directives
    • New analysis : PHP 8.1 removed constants
    • New analysis : Wrong named parameter for PHP native function
    • New analysis : Report duplicate named arguments
    • New analysis : htmlentities (and co) default 2nd argument
    • Updated analysis : Scalars are not arrays. Extemded with type support.
  • Tokenizer
    • Support for callable strlen(…)
    • Test for new syntax for octal 0o123

Version 2.2.2

2021-09-22 – Si

  • Architecture
    • Refactored documentation
  • Report
    • Added support for PHP 8.1 compatiblity
  • Analysis
    • New analysis : Restrict $GLOBALS usage
    • New analysis : No object as array’s index
    • New analysis : Overreaching classes (PHP feature)
    • New analysis : Report Enum usage
    • Updated analysis : Typehints/* got new Unit Tests
    • Updated analysis : Explode optimisation
  • Tokenizer
    • Reduced the number of DEFAULT creation for properties
    • Added support for new PHP 8.1 syntax (Enum )

Version 2.2.1

2020-11-20 – Chen

  • Architecture
    • Export : WIP of exporting PHP code from graph
    • New directives : rules_version_max, rules_version_min, ignore_rules and ignore_namespace
  • Report
    • Sarif : Fixed line number that may be null or less
    • Ambassador : Fixed visibility report
  • Analysis
    • New analysis : check for match as a keyword
    • New analysis : replace static variable by static properties
    • New analysis : warn about usage of get_object_vars()
    • New analysis : report global and static variables that are declared multiple times
    • Updated analysis : extended Used Classes to abstract classes
    • Updated analysis : wrong number of argument now supports $this()
    • Updated analysis : parse_str last argument doesn’t apply anymore in PHP 8
    • Updated analysis : useless argument now omits parameter with default value
    • Checked unit tests : 3797 / 3800 test pass (99% pass)
  • Tokenizer
    • Fixed race condition with phpdocs
    • Refactored static and global variables definitions (avoid double definitions)
    • Fixed detection of [] inside a list()
    • Fixed detection of alternative syntax for switch
    • Added use property to usenamespace too (for grouping)

Version 2.2.0

2020-10-15 – Mao

  • Architecture
    • Extended Export command to produce PHP scripts from the graph database
    • Added more typehints
    • Added new command ‘onefile’
    • Sped up database restart with id reset
    • Updated list of functions for several extensions. Started adding methods, class constants..
  • Report
    • Ambassador : updated popularities
    • Ambassador : added missing PHP 8.0 ruleset
  • Analysis
    • New analysis : report arguments and properties whose name clashes with the typehint
    • New analysis : report long preparation before throw command
    • New analysis : missing __isset() method
    • New analysis : suggest array_keys() for array_search in loops
    • New analysis : array_map() complains with values by reference
    • New analysis : report final private properties
    • New analysis : report misnamed constant/variable
    • New analysis : check for attribute configuration (PHP 8.0)
    • New analysis : suggest dropping variable in catch clause
    • New analysis : report resources that should not be tested with is_resource (PHP 8.0)
    • New analysis : check for named arguments and variadic
    • Updated analysis : wrong number of argument now supports $this()
    • Updated analysis : redefined private property uses OVERWRITE
    • Updated analysis : refactored UndefinedFunctions for speed
    • Updated analysis : array_map() complains with values by reference
    • Updated analysis : removed false positives on properties in strings
    • Updated analysis : unsupported types with operators skips cast values
    • Updated analysis : cancelled parameters are also for array_map/array_walk
    • Updated analysis : variable variable skips variables inside strings
    • Updated analysis : removed functions are not reported when in if/then with function_exists()
    • Updated analysis : wrong optional parameter fixed false positive with …
    • Updated analysis : extended list of removed directives, functions and constants
    • Removed analysis : RealVariables
    • Checked unit tests : 3761 / 3772 test pass (99% pass)
  • Tokenizer
    • Added Void to empty default/case
    • Bitoperation added to isRead
    • Fixed list[] in a Foreach
    • Fixed token T_OPEN_DOLLAR_CURLY_BRACKET

Version 2.1.9

2020-10-01 – Yin

  • Architecture
    • Removed old and unused commands
    • Modernized usage of docker as phpexec
    • New directive php_extensions to managed list of ext
  • Report
    • Ambassador : removed 3 gremlins from typehint stats, added scalar types
    • New Migration80 report, dedicated to PHP 8.0 migrations
    • New Stubs.ini report, dedicated to exakat extensions production
  • Analysis
    • New analysis : report arguments which are not nullable because of constants.
    • New analysis : could use stringable interface
    • New analysis : suggest explode()’s third argument when applicable
    • New analysis : suggest PHP 8.0 promoted properties
    • New analysis : report arrays with negative index, and auto-indexing
    • New analysis : report unsupported types with operators
    • New analysis : report usage of track_errors directive (PHP 8.0)
    • New analysis : report useless types on __get/__set
    • New analysis : count the number of use expressions in a file
    • New analysis : Avoid modifying typed arguments
    • New analysis : Report Assumptions in the code
    • New analysis : array_fill() usage with objects
    • New analysis : mismatch between parameter name and type
    • Updated analysis : magic methods definitions also find usage for __invoke()
    • Updated analysis : noscream operator usage may have exceptions
    • Updated analysis : identical methods and identical closures
    • Updated data : list of exceptions and their emitters
  • Tokenizer
    • Upgraded detection of extensions’ structures, beyond functions

Version 2.1.8

2020-09-18 – Chou

  • Architecture
    • added ‘–‘ options, and kept the ‘-‘ options, for migration purposes. (–format and -format are both available)
    • Added support for PHP 8 attributes in dump.sqlite
    • Added ‘precision’ to rule docs.
    • Moved all but one data collection from Dump -collect to Dump/ analysis.
  • Report
    • New report : SARIF
    • Typehint suggestion report : Tick classes when they are fully covered
    • Weekly report : fix donuts display.
    • Stubsjson : Added support for PHP attributes
    • Stubs : Added support for PHP attributes
  • Analysis
    • New ruleset : CI-Checks
    • New analysis : ‘Multiple declare(strict_types = 1)’
    • New analysis : ‘No more (unset) in PHP 8’
    • New analysis : Cancel methods in parent : when methods should not have been abstracted in parent class.
    • New analysis : ‘$php_errormsg is removed in PHP 8’
    • New analysis : ‘Mismatch Parameter Name’ checks parameter names between inherited methods for consistency
    • Upgraded analysis : ‘Useless Arguments’ is accelerated
    • Upgraded analysis : ‘Don’t use Void’ weeded out false positives
    • Upgraded analysis : ‘Wrong type for native calls’ weeded out false positives
    • Upgraded analysis : ‘Non static methods called statically’ was refactored for PHP 8.0 support
    • Upgraded analysis : ‘PHP Keywords’ includes ‘match’
    • Upgraded analysis : ‘Useless instruction’ reports ‘$a ?? null’ as useless.
    • Upgraded analysis : ‘Uncaught exceptions’ is extended to local variables
    • Upgraded analysis : ‘Foreach favorites’ also covers the keys
    • Upgraded analysis : ‘Should Preprocess’ skips expressions with constants
    • Upgraded analysis : ‘Compare Hashes’ has more functions covered
    • Removed analysis : ‘Normal Properties’ : no need anymore.
  • Tokenizer
    • Moved isPhp attribute to Task/Load plugin
    • Created isExt attribute to Task/Load plugin

Version 2.1.7

2020-09-07 – zi

  • Architecture
    • Refactored loading class, to keep query load at optimal size for Gremlin
    • GC during load to free memory
    • More typehints
    • Move several collections to Dump/ ruleset
  • Report
    • Upgraded Typesuggestion report with report on closures and arrow functions
    • Added Arrowfunctions in inventories
    • Added collection of arguments and details for closures and arrowfunctions
  • Analysis
    • New analysis : Could Be In Parent : suggest methods that should be defined in a parent
    • New analysis : Don’t pollute namespace
    • New analysis : report insufficient return typehints
    • Upgraded analysis : ‘Method signature must be compatible’ now PHP 8.0 compatible
    • Upgraded analysis : ‘Wrong type with native function’ fixes false positives
    • Upgraded analysis : ‘Same condition’ added coverage for || conditions
    • Upgraded analysis : ‘Missing returntype’ extended to class typehints
    • Upgraded analysis : ‘Should Use This’ also covers special functions like get_class_called()
    • Upgraded analysis : ‘No concat in loop’ skips nested loops
    • Upgraded analysis : ‘Always false’ covers typehint usage
    • Upgraded analysis : ‘NoChoice’ doesn’t report large expressions
    • Upgraded analysis : ‘Dont mix PlusPlus’ skip () and =
    • Upgraded analysis : ‘Fallthrough’ don’t report final cases without break
    • Checked unit tests : 3663 / 3630 test pass (99% pass)
  • Tokenizer
    • Removed ‘root’ property
    • Upgraded to new Attributes #[] in detection and normalisation
    • Fixed constant detection within instanceof
    • Created RETURN and RETURNED for Arrowfunctions (there is no return otherwise)
    • Parent method also calls children methods when those are not defined there
    • Support for multiple attributes in one syntax

Version 2.1.6

2020-08-28 – Night Patrol Deity

  • Architecture
    • More typehints coverage
    • Various speed-up
    • Lighter logging with gremlin
    • Fixed installation path
  • Report
    • Upgraded Typesuggestion report
    • Upgraded Stubs and Stubsjson
  • Analysis
    • New analysis : report PHP 8.0 unknown parameters
    • New analysis : overwritten methods with different argument counts
    • New analysis : Warn of iconv and TRANSLIT for portability
    • New analysis : Warn of glob and {} for portability
    • Upgraded analysis : ‘Useless check’ covers new situations.
    • Upgraded analysis : ‘Abstract away’ now covers new calls.
    • Upgraded analysis : ‘Must return Typehint’ skips Void.
    • Upgraded analysis : ‘Missing new’ with less false positives
    • Checked unit tests : 3559 / 3630 test pass (98% pass)
  • Tokenizer
    • Support for Virtualmethod and imports from traits
    • Refactored Usenamespace atom
    • Fixed calculations of fullnspath for static::class
    • Fixed detection of null/true/false in new()
    • Added support for T_BAD_CHARACTER

Version 2.1.5

2020-08-04 – Day Patrol Deity

  • Architecture
    • Fixed comment size estimation by 1 for T_COMMENT
    • Added more typehints to code
  • Report
    • Typehint suggestions : added ticks to fully typed methods
    • Emissary : Extract more information from dump.sqlite, instead of datastore.sqlite
    • Ambassador : Added a list of parameters, defined in the application
    • Ambassador : Added a list of fossilised methods
    • Stubs : Added check around PHP native functions and CIT
    • StubsJson : Added property for PHP native structures
  • Analysis
    • New analysis : Report insufficient initialisation for array_merge() collector variable
    • New analysis : Report useless triple equals
    • New analysis : Don’t compare typed boolean return values
    • New analysis : Report wrong type used with PHP functions
    • New analysis : Suggest abstracting away some PHP native functions
    • New analysis : Report try block that are too large
    • New analysis : Report variables potentially undefined in catch clause
    • New analysis : Report swapped arguments in methods overwriting
    • Upgraded analysis : InvalidPackFormat speed up
    • Upgraded analysis : Added parameter to Security/ShouldUsePreparedStatement to choose the preparing method
    • Upgraded analysis : Added parameter to Security/HardcodedPasswords to choose the name of properties/index
    • Upgraded analysis : PHP 8.0 new scalar typehint, stringable interface
  • Tokenizer
    • Added support for named parameters (PHP 8.0)
    • Trimmed some properties from atoms
    • Removed non-existent atom mentions
    • Added support for Attributes (WIP)
    • Added support for ?->
    • Added support for new T_*_NAME tokens

Version 2.1.4

2020-07-23 – Marshal of Heavenly Blessing

  • Architecture
    • Added time of last commit in audit results
    • Added more typehints
    • Upgraded PHP native method description with typehints (WIP)
  • Report
    • Typehint suggestion report
    • New toplogies : call order,
    • Ambassador : new statistics for typehint usage
  • Analysis
    • New analysis : Report double assignation of objects
    • New analysis : Typehints/CouldBe*, which makes suggestions for typehints
    • New analysis : Checks for argument type when typehint is present in custom methods
    • Upgraded analysis : Too Many Finds may be configured for threshold and prefix/suffix
    • Upgraded analysis : Typehints stats were extended to properties and multiple typehints
    • Upgraded analysis : Global outside Loop is extended to static variable too
    • Upgraded analysis : ErrorMessages also detect local variable contents
    • Upgraded analysis : Speed up for NullBoolean, Interfaces IsNotImplemented, InvalidPackFormat, arrayIndex, noWeakCrypto
    • Checked unit tests : 3532 / 3496 test pass (99% pass)
  • Tokenizer
    • Removed ‘aliased’ property in atoms
    • Fixed spotting of PHP native constants, when in Define() structure
    • Fixed loading of false values
    • Added support for the trailing comma in closure’s use expression
    • more handling of phpdocs
    • Null is now reused when it is a default value, as a typehint.
    • Logical was split in two : Logical and Bitoperation
    • Added support for match() {} expression
    • Fixed boolean calculations during Load
    • Removed auto-referencing in DEFAULT calculations

Version 2.1.3

2020-07-02 – Marshal of the Heavenly Canopy

  • Architecture
    • Removed all usage of datastore in Reports, and only rely on dump.
    • ignore_rules is now case insensitive
    • Moved some of the loading to a separate gremlin call to reduce the size of node load.
    • Fixed the branch option with Git calls.
    • Storing trait’s use expresion’s options.
  • Report
    • Ambassador ; New inventory : PHP protocol used (php, phar, glob://…)
    • Stubs and StubsJson, have been tested extensively
  • Analysis
    • New analysis : report double assignations of the same object ($a = $b = new C)
    • New analysis : report cyclic references
    • Upgraded analysis : Used Constants edge situations
    • Upgraded analysis : No real comparison : extended analysis to constants
    • Upgraded analysis : extended detection of dynamic method calls to call_user_func*
    • Upgraded analysis : paths are detected with new functions
    • Checked unit tests : 3490 / 3520 test pass (99% pass)
  • Tokenizer
    • More phpdoc support (from code to report)
    • Added isPHP to absolute FQN notations

Version 2.1.2

2020-06-25 – Mountain Deity

  • Architecture
    • Removed files task from initproject.
    • Added ignore_rule directive, to ignore specific rules while running a specific report
    • More documentation (in particular, modifications section)
    • Exakat avoids to return twice the same results (file and line)
    • Sped up some analysis, and added a time limit per analysis
    • Removed double linking for static variables
  • Report
    • New reports ; Stubs and StubsJson, which produce the stubs of the audited code (PHP and JSON format) (WIP)
    • New report ; Typehint suggestion (WIP)
    • Ambassador ; offers the configuration for all the rules that spotted issues in the current audit, for reuse in other codes
    • Collect the number of property per class
  • Analysis
    • New analysis : Report methods that are too much indented on average
    • New analysis : Report possible confusion between a class and an alias
    • New analysis : Report variables that are static and global at the same time
    • New analysis : Report statement with long blocks
    • New analysis : Report phpdoc’s deprecated methods and function calls
    • Upgraded analysis : Dereferencing levels now include () and =
    • Upgraded analysis : Unused Methods now skips classes that calls themselves dynamically
    • Upgraded analysis : No Need Get_class() was refactored
    • Upgraded analysis : Avoid Optional Properties was refactored
    • Upgraded analysis : Variable inconsistent Usage was extended with more reach
    • Upgraded analysis : Indirect Injections was upgraded with better reach with variables
    • Upgraded analysis : Direct Injections was upgraded with include
    • Upgraded analysis : PHP 8.0 new scalar typehint, stringable interface
    • Upgraded analysis : Mismatch Type and default now avoids undefined constants
    • Upgraded analysis : Wrong Optional Parameter is upgraded for PHP 8.0
    • Upgraded analysis : Indentation level was refactored
    • Checked unit tests : 3480 / 3510 test pass (99% pass)
  • Tokenizer
    • Upgraded detection of PHP native constants, when they are in absolute notation
    • Dump task stores use expressions’ options, plus minor fixes
    • Added support for Attributes (PHP 8.0)
    • Added support for Union types (PHP 8.0)
    • AtomIs step (WITH_VARIABLE) was extended with local variables
    • DEFAULT doesn’t point anymore on auto-updated values
    • Extended support for phpdoc in the code
    • Added support for promoted properties (PHP 8.0)

Version 2.1.1

2020-06-01 – Earth Deity

  • Architecture
    • Using timeLimit() to prevent Gremlin from running too deep in the rabbit hole
    • Added Neo4j Graphson V3 Graph driver
    • Moved ‘Dump’ rules to a specific Ruleset for easier administration
    • Propagated the upgrade to PHP 8.0 union types to three more rules
    • Fixed access to the list of ignored files
    • Added support for explicit stub files
    • Fixed multiple calls to Dump (better reentrant)
  • Report
    • New report : Meters, which holds measures for the audited code.
    • Ambassador : inventory of OpenSSL ciphers
  • Analysis
    • New analysis : Report unused traits
    • New analysis : Report chmod 777 system calls
    • New analysis : Check for keylength when generated by PHP
    • New analysis : Report methods with prefix/suffix and expected typehint
    • New analysis : Mark classes when they call dynamically their own methods
    • New analysis : Check for constants hidden in variable names ${X} != $X;
    • New analysis : Throw will be an expression in PHP 8.0
    • Upgraded analysis : Dangling operator now checks for loops too
    • Upgraded analysis : ‘Variables used once’ now skips variable definitions
    • Upgraded analysis : ‘Access Private’ takes into account dynamic classes
    • Upgraded analysis : ‘Could Centralize’ now uses a custom threshold. Default is 8 usage of an expression to centralize.
    • Upgraded analysis : ‘Return true/false’ checks that they are alone in the blocks
    • Upgraded analysis : ‘Unreachable code’ checks on constants values before reporting the next expression
    • Upgraded analysis : ‘Magic methods’ are case insensitive
    • Upgraded analysis : ‘No Hardcoded passwords’ has new functions that require a password
    • Upgraded analysis : ‘Unused methods’ are omitted for dynamically called methods and overwritten methods
    • Upgraded analysis : Insufficient Property Typehint also works for untyped properties
    • Upgraded analysis : PHP 8.0 new scalar typehint, stringable interface
    • Checked unit tests : 3383 / 3444 test pass (98% pass)
  • Tokenizer
    • Arguments with null as default values, automatically are nullable
    • Intval is also an integer for logical operations
    • Default Values now omits recursives assignations
    • Fixed fullnspath for PHP short tags
    • Added link between new command and constructor of anonymous classes.

Version 2.1.0

2020-05-13 – City God

  • Architecture
    • results stored in HashResults are now testable
    • Moved all query methods to Query/DSL namespace, from Analyzer class
  • Report
    • New report : ClassReview, with focus on classes structures
    • New report : Typechecks, with focus on type hint usage
    • Ambassador : Added typehint stats section
    • Ambassador : fixed display of classes name in classes tree
    • Ambassador : some missing sections have been rehabilitated
  • Analysis
    • New analysis : Trailing comma in signature (PHP 8.0)
    • New analysis : Hidden nullable types
    • New analysis : Not implemented abstract methods
    • New analysis : Report confusion between variables and arguments with arrow functions
    • Upgraded analysis : No literal for reference was extended
    • Upgraded analysis : Add zero is extended to constants
    • Upgraded analysis : This is for classes is now valid with arrow functions
    • Upgraded analysis : Useless arguments takes also into account constants
    • Upgraded analysis : Wrong Type With Call supports variadic arguments
    • Upgraded analysis : Extension constants now support fully qualified names
    • Upgraded analysis : Bad Typehint relay is compatible with union types
    • Upgraded analysis : Multiple Identical Cases now handles constants too
    • Checked unit tests : 3437 / 3477 test pass (99% pass)
  • Tokenizer
    • Restored ‘List’ atom
    • Interface methods are now ‘abstract’ by default
    • Added ‘array’ typehint for variadic arguments
    • Distinguish between argument and local variable in fn functions
    • Removed nullable property
    • propagate calls now propagates closures and arrow functions
    • Added support for union types (PHP 8.0)
    • Check all error messages from php, not just the first ones

Version 2.0.9

2020-04-30 – Jialan

  • Architecture
    • Added option in TU for analysis that won’t fill the result table.
    • Reduced the number of duplicate links in the graph
    • Upgraded tokens for PHP 8.0.
  • Analysis
    • New analysis : Don’t collect void
    • New analysis : Wrongly inited properties
    • New analysis : Not inited properties
    • Upgraded analysis : PHP 8.0 removed functions
    • Upgraded analysis : Useless instructions also include global/static variables
    • Upgraded analysis : Bad Relay Function now works with return types and property types
    • Upgraded analysis : ‘Scalar or object properties’ are upgraded with static calls
    • Removed analysis : Classes and Arrays IsRead and IsModified. Use properties now.
    • Checked unit tests : 3347 / 3420 test pass (97% pass)
  • Tokenizer
    • Fixed edge case for xor, with intval
    • Refactored multiple calculation for cast values
    • Added support for links between constants and use expressions
    • Linked classes with calls, when using use expression

Version 2.0.8

2020-04-20 – Ao Run

  • Architecture
    • Added new information in dump.sqlite, to make report autonomous
  • Analysis
    • Upgraded analysis : Paths are also recognized with constants, and more functions
    • Upgraded analysis : Should Use single Quotes
    • Checked unit tests : 3328 / 3398 test pass (97% pass)
  • Tokenizer
    • Fixed detection of PHP constants

Version 2.0.7

2020-04-14 – Ao Shun

  • Architecture
    • Adopted strict_types
    • Removed ctype1 attribute
    • Moved linting into separate processes
    • Refactored analysis to export to dump via SQL
    • Added ‘None’ ruleset to Dump task
  • Report
    • Ambassador : Added Constant’s order report
    • None : Added support for No report
  • Analysis
    • Upgraded analysis : Undefined class constants
    • Upgraded analysis : Undefined global constants
    • Upgraded analysis : Undefined property
    • Checked unit tests : 3347 / 3420 test pass (97% pass)
  • Tokenizer
    • Support PHP 8.0’s tokens
    • Added support for multiple typehint in the engine
    • Fixed edge case for boolean type casting

Version 2.0.6

2020-03-04 – Ao Qin

  • Architecture
    • Refactored analysis types for first UT
    • Moving to PHP 7.4 by default
  • Report
    • Rector : added more coverage
    • All : better display of typed properties
  • Analysis
    • New analysis : Semantic names of arguments
    • New analysis : !$a == $b
    • New prototype : possibles interfaces
    • Upgraded analysis : Overwritten literals now skips .=
    • Upgraded analysis : Scalar or object handles return type
    • Checked unit tests : 3322 / 3420 test pass (97% pass)

Version 2.0.5

2019-11-25 – Ao Guang

  • Architecture
    • Fixed access to severity and timetofix from compiled extension
  • Report
    • Ambassador : Fixed links to documentation
  • Analysis
    • Upgraded analysis : Mismatched Type and Default now omit undefined constants
    • Checked unit tests : 3366 / 3402 test pass (99% pass)

Version 2.0.4

2019-11-18 – Army Defeating Star of Heaven’s Gate

  • Architecture
    • Reducing Analyzer’s class method count
    • Moving more collections to Dump/ and Complete/
  • Report
    • Rector : added more coverage
    • Ambassador : Skiped analysis are now reported, not with -1
    • Ambassador : Foreach favorites’s graph is displayed
    • Ambassador : Visibility suggestion has full method names
  • Analysis
    • Upgraded analysis : Don’t Mix ++ now skips $a[$b++]
    • Upgraded analysis : Type hint stats skips some return values
    • Checked unit tests : 3365 / 3401 test pass (99% pass)

Version 2.0.3

2019-11-11 – Military Star of the North Pole

  • Architecture
    • Added check on xdebug presence (nesting limit)
    • Moving more collections to Dump/
  • Analysis
    • New analysis : Nullable typehint requires a test on NULL
    • New analysis : Typehint that requires too much
    • Upgraded analysis : Printf check on arguments works with ‘.’
    • Upgraded analysis : No magic for arrays skips __get()
    • Upgraded analysis : Const recommended, but not when methods are used
    • Upgraded analysis : Written only variables handles compact()
    • Upgraded analysis : Callbacks need returns, but not for spl_autoload_register()
    • Upgraded analysis : Extended analysis to Concatenation an Heredoc for Email
    • Upgraded analysis : Disconnected classes handles case sensitivity
    • Checked unit tests : 3371 / 3397 test pass (99% pass)

Version 2.0.2

2019-11-04 – Danyuan Star of Honesty and Chasity

  • Architecture
    • Adding more typehint
    • Created new class to build Dot files
    • Cleaned double examples
    • Dump handles multiple definitions for constants, class, trait, functions.
  • Report
    • Added new Topology report
    • Added new Type hint topology sort
    • Stubs : added class constant visibility
  • Analysis
    • New analysis : Report argument whose name clashes with typehint
    • New analysis : Report properties that are insufficiently typed
    • Moved ‘Inclusions’ to Dump/
    • Added steps to find original and relayed arguments
  • Tokenizer
    • Fixed paralellisation bug in Load

Version 2.0.1

2019-10-28 – Military Star of the North Pole

  • Architecture
    • Added more return type
    • Centralized reading for ini or json
  • Report
    • Ambassador: fixed Foreach favorites
    • Ambassador: added sort to number of parameter list
    • Checked unit tests : 3345 / 3377 test pass (99% pass)
  • Analysis
    • Upgraded xmlwriter to json

Version 2.0.0

2019-10-21 – Civil Star of Mystery and Darkness

  • Architecture
    • Manual file/line fixes
    • More simplifcations in load step
  • Report
    • Ambassador : fixed performance display
    • Ambassador : report list of shell commands
    • Typehint4all : first report
    • Perfile : fixed sorting
  • Analysis
    • New analysis : Report possible typehint for bool, int, string, array. WIP
    • Upgraded analysis : common alternatives are extended to switch and elsif
    • Upgraded analysis : xmlreader description includes class constants, properties and methods.
    • Upgraded analysis : callback needs return, is extended to php native functions
    • Checked unit tests : 3345 / 3377 test pass (99% pass)