Bleeding edge - check printf parameter types

schlndh · schlndh · commit da2e9f7c512d · 2025-07-17T17:52:24.000+02:00
diff --git a/conf/bleedingEdge.neon b/conf/bleedingEdge.neon
@@ -6,5 +6,6 @@ parameters:
 		skipCheckGenericClasses!: []
 		stricterFunctionMap: true
 		reportPreciseLineForUnusedFunctionParameter: true
+		checkPrintfParameterTypes: true
 		internalTag: true
 		newStaticInAbstractClassStaticMethod: true
diff --git a/conf/config.level5.neon b/conf/config.level5.neon
@@ -8,6 +8,8 @@ parameters:
 conditionalTags:
 	PHPStan\Rules\Functions\ParameterCastableToNumberRule:
 		phpstan.rules.rule: %featureToggles.checkParameterCastableToNumberFunctions%
+	PHPStan\Rules\Functions\PrintfParameterTypeRule:
+		phpstan.rules.rule: %featureToggles.checkPrintfParameterTypes%
 
 autowiredAttributeServices:
 	# registers rules with #[RegisteredRule] attribute
@@ -16,3 +18,5 @@ autowiredAttributeServices:
 services:
 	-
 		class: PHPStan\Rules\Functions\ParameterCastableToNumberRule
+	-
+		class: PHPStan\Rules\Functions\PrintfParameterTypeRule
diff --git a/conf/config.neon b/conf/config.neon
@@ -29,6 +29,7 @@ parameters:
 		skipCheckGenericClasses: []
 		stricterFunctionMap: false
 		reportPreciseLineForUnusedFunctionParameter: false
+		checkPrintfParameterTypes: false
 		internalTag: false
 		newStaticInAbstractClassStaticMethod: false
 	fileExtensions:
diff --git a/conf/parametersSchema.neon b/conf/parametersSchema.neon
@@ -33,6 +33,7 @@ parametersSchema:
 		skipCheckGenericClasses: listOf(string()),
 		stricterFunctionMap: bool()
 		reportPreciseLineForUnusedFunctionParameter: bool()
+		checkPrintfParameterTypes: bool()
 		internalTag: bool()
 		newStaticInAbstractClassStaticMethod: bool()
 	])
diff --git a/src/Rules/Functions/PrintfHelper.php b/src/Rules/Functions/PrintfHelper.php
@@ -5,29 +5,170 @@
 use Nette\Utils\Strings;
 use PHPStan\DependencyInjection\AutowiredService;
 use PHPStan\Php\PhpVersion;
+use PHPStan\Type\ErrorType;
+use PHPStan\Type\IntegerType;
+use PHPStan\Type\Type;
 use function array_filter;
+use function array_flip;
+use function array_keys;
+use function array_map;
+use function array_reduce;
 use function count;
 use function max;
+use function sort;
 use function sprintf;
 use function strlen;
+use function usort;
 use const PREG_SET_ORDER;
 
+/** @phpstan-type AcceptingTypeString 'strict-int'|'int'|'float'|'string'|'mixed' */
 #[AutowiredService]
 final class PrintfHelper
 {
 
+	private const PRINTF_SPECIFIER_PATTERN = '(?<specifier>[bs%s]|l?[cdeEgfFGouxX])';
+
 	public function __construct(private PhpVersion $phpVersion)
 	{
 	}
 
 	public function getPrintfPlaceholdersCount(string $format): int
 	{
-		return $this->getPlaceholdersCount('(?:[bs%s]|l?[cdeEgfFGouxX])', $format);
+		return $this->getPlaceholdersCount(self::PRINTF_SPECIFIER_PATTERN, $format);
+	}
+
+	/** @return array<int, array{string, callable(Type): bool}> position => [type name, matches callback] */
+	public function getPrintfPlaceholderAcceptingTypes(string $format): array
+	{
+		$placeholders = $this->parsePlaceholders(self::PRINTF_SPECIFIER_PATTERN, $format);
+		$result = [];
+		// int can go into float, string and mixed as well.
+		// float can't go into int, but it can go to string/mixed.
+		// string can go into mixed, but not into int/float.
+		// mixed can only go into mixed.
+		$typeSequenceMap = array_flip(['int', 'float', 'string', 'mixed']);
+
+		foreach ($placeholders as $position => $types) {
+			sort($types);
+			$typeNames = array_map(
+				static fn (string $t) => $t === 'strict-int'
+					? 'int'
+					: $t,
+				$types,
+			);
+			$typeName = array_reduce(
+				$typeNames,
+				static fn (string $carry, string $type) => $typeSequenceMap[$carry] < $typeSequenceMap[$type]
+					? $carry
+					: $type,
+				'mixed',
+			);
+			$result[$position] = [
+				$typeName,
+				static function (Type $t) use ($types): bool {
+					foreach ($types as $acceptingType) {
+						$subresult = match ($acceptingType) {
+							'strict-int' => (new IntegerType())->accepts($t, true)->yes(),
+							// This allows float, constant non-numeric string, ...
+							'int' => ! $t->toInteger() instanceof ErrorType,
+							'float' => ! $t->toFloat() instanceof ErrorType,
+							// The function signature already limits the parameters to stringable types, so there's
+							// no point in checking it again here.
+							'string', 'mixed' => true,
+						};
+
+						if (!$subresult) {
+							return false;
+						}
+					}
+
+					return true;
+				},
+			];
+		}
+
+		return $result;
 	}
 
 	public function getScanfPlaceholdersCount(string $format): int
 	{
-		return $this->getPlaceholdersCount('(?:[cdDeEfinosuxX%s]|\[[^\]]+\])', $format);
+		return $this->getPlaceholdersCount('(?<specifier>[cdDeEfinosuxX%s]|\[[^\]]+\])', $format);
+	}
+
+	/** @phpstan-return array<int, non-empty-list<AcceptingTypeString>> position => type */
+	private function parsePlaceholders(string $specifiersPattern, string $format): array
+	{
+		$addSpecifier = '';
+		if ($this->phpVersion->supportsHhPrintfSpecifier()) {
+			$addSpecifier .= 'hH';
+		}
+
+		$specifiers = sprintf($specifiersPattern, $addSpecifier);
+
+		$pattern = '~(?<before>%*)%(?:(?<position>\d+)\$)?[-+]?(?:[ 0]|(?:\'[^%]))?(?<width>\*)?-?\d*(?:\.(?:\d+|(?<precision>\*))?)?' . $specifiers . '~';
+
+		$matches = Strings::matchAll($format, $pattern, PREG_SET_ORDER);
+
+		if (count($matches) === 0) {
+			return [];
+		}
+
+		$placeholders = array_filter($matches, static fn (array $match): bool => strlen($match['before']) % 2 === 0);
+
+		$result = [];
+		$positionToIdxMap = [];
+		$positionalPlaceholders = [];
+		$idx = $position = 0;
+
+		foreach ($placeholders as $placeholder) {
+			if (isset($placeholder['width']) && $placeholder['width'] !== '') {
+				$result[$idx] = ['strict-int' => 1];
+				$positionToIdxMap[$position++] = $idx++;
+			}
+
+			if (isset($placeholder['precision']) && $placeholder['precision'] !== '') {
+				$result[$idx] = ['strict-int' => 1];
+				$positionToIdxMap[$position++] = $idx++;
+			}
+
+			if (isset($placeholder['position']) && $placeholder['position'] !== '') {
+				// It may reference future position, so we have to process them later.
+				$positionalPlaceholders[] = $placeholder;
+				continue;
+			}
+
+			$position++;
+			$positionToIdxMap[$position] = $idx;
+			$result[$idx++][$this->getAcceptingTypeBySpecifier($placeholder['specifier'] ?? '')] = 1;
+		}
+
+		usort(
+			$positionalPlaceholders,
+			static fn (array $a, array $b) => (int) $a['position'] <=> (int) $b['position'],
+		);
+
+		foreach ($positionalPlaceholders as $placeholder) {
+			$idx = $positionToIdxMap[$placeholder['position']] ?? null;
+
+			if ($idx === null) {
+				continue;
+			}
+
+			$result[$idx][$this->getAcceptingTypeBySpecifier($placeholder['specifier'] ?? '')] = 1;
+		}
+
+		return array_map(static fn (array $a) => array_keys($a), $result);
+	}
+
+	/** @phpstan-return 'string'|'int'|'float'|'mixed' */
+	private function getAcceptingTypeBySpecifier(string $specifier): string
+	{
+		return match ($specifier) {
+			's' => 'string',
+			'd', 'u', 'c', 'o', 'x', 'X', 'b' => 'int',
+			'e', 'E', 'f', 'F', 'g', 'G', 'h', 'H' => 'float',
+			default => 'mixed',
+		};
 	}
 
 	private function getPlaceholdersCount(string $specifiersPattern, string $format): int
diff --git a/src/Rules/Functions/PrintfParameterTypeRule.php b/src/Rules/Functions/PrintfParameterTypeRule.php
@@ -0,0 +1,145 @@
+<?php declare(strict_types = 1);
+
+namespace PHPStan\Rules\Functions;
+
+use PhpParser\Node;
+use PHPStan\Analyser\Scope;
+use PHPStan\Reflection\ReflectionProvider;
+use PHPStan\Rules\Rule;
+use PHPStan\Rules\RuleErrorBuilder;
+use PHPStan\Rules\RuleLevelHelper;
+use PHPStan\Type\BooleanType;
+use PHPStan\Type\ErrorType;
+use PHPStan\Type\FloatType;
+use PHPStan\Type\IntegerType;
+use PHPStan\Type\NullType;
+use PHPStan\Type\StringAlwaysAcceptingObjectWithToStringType;
+use PHPStan\Type\TypeCombinator;
+use PHPStan\Type\VerbosityLevel;
+use function array_key_exists;
+use function count;
+use function sprintf;
+
+/**
+ * @implements Rule<Node\Expr\FuncCall>
+ */
+final class PrintfParameterTypeRule implements Rule
+{
+
+	private const FORMAT_ARGUMENT_POSITIONS = [
+		'printf' => 0,
+		'sprintf' => 0,
+		'fprintf' => 1,
+	];
+	private const MINIMUM_NUMBER_OF_ARGUMENTS = [
+		'printf' => 1,
+		'sprintf' => 1,
+		'fprintf' => 2,
+	];
+
+	public function __construct(
+		private PrintfHelper $printfHelper,
+		private ReflectionProvider $reflectionProvider,
+		private RuleLevelHelper $ruleLevelHelper,
+	)
+	{
+	}
+
+	public function getNodeType(): string
+	{
+		return Node\Expr\FuncCall::class;
+	}
+
+	public function processNode(Node $node, Scope $scope): array
+	{
+		if (!($node->name instanceof Node\Name)) {
+			return [];
+		}
+
+		if (!$this->reflectionProvider->hasFunction($node->name, $scope)) {
+			return [];
+		}
+
+		$functionReflection = $this->reflectionProvider->getFunction($node->name, $scope);
+		$name = $functionReflection->getName();
+		if (!array_key_exists($name, self::FORMAT_ARGUMENT_POSITIONS)) {
+			return [];
+		}
+
+		$formatArgumentPosition = self::FORMAT_ARGUMENT_POSITIONS[$name];
+
+		$args = $node->getArgs();
+		foreach ($args as $arg) {
+			if ($arg->unpack) {
+				return [];
+			}
+		}
+		$argsCount = count($args);
+		if ($argsCount < self::MINIMUM_NUMBER_OF_ARGUMENTS[$name]) {
+			return []; // caught by CallToFunctionParametersRule
+		}
+
+		$formatArgType = $scope->getType($args[$formatArgumentPosition]->value);
+		$formatArgTypeStrings = $formatArgType->getConstantStrings();
+
+		// Let's start simple for now.
+		if (count($formatArgTypeStrings) !== 1) {
+			return [];
+		}
+
+		$formatString = $formatArgTypeStrings[0];
+		$format = $formatString->getValue();
+		$acceptingTypes = $this->printfHelper->getPrintfPlaceholderAcceptingTypes($format);
+		$errors = [];
+		$typeAllowedByCallToFunctionParametersRule = TypeCombinator::union(
+			new StringAlwaysAcceptingObjectWithToStringType(),
+			new IntegerType(),
+			new FloatType(),
+			new BooleanType(),
+			new NullType(),
+		);
+
+		for ($i = $formatArgumentPosition + 1, $j = 0; $i < $argsCount; $i++, $j++) {
+			// Some arguments may be skipped entirely.
+			if (! array_key_exists($j, $acceptingTypes)) {
+				continue;
+			}
+
+			[$acceptingName, $acceptingCb] = $acceptingTypes[$j];
+			$argType = $this->ruleLevelHelper->findTypeToCheck(
+				$scope,
+				$args[$i]->value,
+				'',
+				$acceptingCb,
+			)->getType();
+
+			if ($argType instanceof ErrorType || $acceptingCb($argType)) {
+				continue;
+			}
+
+			// This is already reported by CallToFunctionParametersRule
+			if (
+				!$this->ruleLevelHelper->accepts(
+					$typeAllowedByCallToFunctionParametersRule,
+					$argType,
+					$scope->isDeclareStrictTypes(),
+				)->result
+			) {
+				continue;
+			}
+
+			$errors[] = RuleErrorBuilder::message(
+				sprintf(
+					'Placeholder #%d of function %s expects %s, %s given',
+					$j + 1,
+					$name,
+					$acceptingName,
+					$argType->describe(VerbosityLevel::typeOnly()),
+				),
+			)->identifier('argument.type')->build();
+		}
+
+		return $errors;
+	}
+
+}
diff --git a/tests/PHPStan/Rules/Functions/PrintfParameterTypeRuleTest.php b/tests/PHPStan/Rules/Functions/PrintfParameterTypeRuleTest.php
diff --git a/tests/PHPStan/Rules/Functions/data/printf-param-types.php b/tests/PHPStan/Rules/Functions/data/printf-param-types.php
