Check printf parameter types

conf/bleedingEdge.neon

@@ -6,6 +6,7 @@ parameters:
 		skipCheckGenericClasses!: []
 		stricterFunctionMap: true
 		reportPreciseLineForUnusedFunctionParameter: true
+		checkPrintfParameterTypes: true
 		internalTag: true
 		newStaticInAbstractClassStaticMethod: true
 		checkExtensionsForComparisonOperators: true

conf/config.level5.neon

@@ -8,6 +8,8 @@ parameters:
 conditionalTags:
 	PHPStan\Rules\Functions\ParameterCastableToNumberRule:
 		phpstan.rules.rule: %featureToggles.checkParameterCastableToNumberFunctions%
+	PHPStan\Rules\Functions\PrintfParameterTypeRule:
+		phpstan.rules.rule: %featureToggles.checkPrintfParameterTypes%
 
 autowiredAttributeServices:
 	# registers rules with #[RegisteredRule] attribute
@@ -16,3 +18,5 @@ autowiredAttributeServices:
 services:
 	-
 		class: PHPStan\Rules\Functions\ParameterCastableToNumberRule
+	-
+		class: PHPStan\Rules\Functions\PrintfParameterTypeRule

conf/config.neon

@@ -30,6 +30,7 @@ parameters:
 			- DOMNamedNodeMap
 		stricterFunctionMap: false
 		reportPreciseLineForUnusedFunctionParameter: false
+		checkPrintfParameterTypes: false
 		internalTag: false
 		newStaticInAbstractClassStaticMethod: false
 		checkExtensionsForComparisonOperators: false

conf/parametersSchema.neon

@@ -33,6 +33,7 @@ parametersSchema:
 		skipCheckGenericClasses: listOf(string()),
 		stricterFunctionMap: bool()
 		reportPreciseLineForUnusedFunctionParameter: bool()
+		checkPrintfParameterTypes: bool()
 		internalTag: bool()
 		newStaticInAbstractClassStaticMethod: bool()
 		checkExtensionsForComparisonOperators: bool()

src/Rules/Functions/PrintfHelper.php

@@ -6,7 +6,9 @@
 use PHPStan\DependencyInjection\AutowiredService;
 use PHPStan\Php\PhpVersion;
 use function array_filter;
+use function array_keys;
 use function count;
+use function in_array;
 use function max;
 use function sprintf;
 use function strlen;
@@ -16,21 +18,30 @@
 final class PrintfHelper
 {
 
+	private const PRINTF_SPECIFIER_PATTERN = '(?<specifier>[bs%s]|l?[cdeEgfFGouxX])';
+
 	public function __construct(private PhpVersion $phpVersion)
 	{
 	}
 
 	public function getPrintfPlaceholdersCount(string $format): int
 	{
-		return $this->getPlaceholdersCount('(?:[bs%s]|l?[cdeEgfFGouxX])', $format);
+		return $this->getPlaceholdersCount(self::PRINTF_SPECIFIER_PATTERN, $format);
+	}
+
+	/** @phpstan-return array<int, non-empty-list<PrintfPlaceholder>> parameter index => placeholders */
+	public function getPrintfPlaceholders(string $format): array
+	{
+		return $this->parsePlaceholders(self::PRINTF_SPECIFIER_PATTERN, $format);
 	}
 
 	public function getScanfPlaceholdersCount(string $format): int
 	{
-		return $this->getPlaceholdersCount('(?:[cdDeEfinosuxX%s]|\[[^\]]+\])', $format);
+		return $this->getPlaceholdersCount('(?<specifier>[cdDeEfinosuxX%s]|\[[^\]]+\])', $format);
 	}
 
-	private function getPlaceholdersCount(string $specifiersPattern, string $format): int
+	/** @phpstan-return array<int, non-empty-list<PrintfPlaceholder>> parameter index => placeholders */
+	private function parsePlaceholders(string $specifiersPattern, string $format): array
 	{
 		$addSpecifier = '';
 		if ($this->phpVersion->supportsHhPrintfSpecifier()) {
@@ -44,34 +55,83 @@ private function getPlaceholdersCount(string $specifiersPattern, string $format)
 		$matches = Strings::matchAll($format, $pattern, PREG_SET_ORDER);
 
 		if (count($matches) === 0) {
-			return 0;
+			return [];
 		}
 
 		$placeholders = array_filter($matches, static fn (array $match): bool => strlen($match['before']) % 2 === 0);
 
-		if (count($placeholders) === 0) {
-			return 0;
-		}
+		$result = [];
+		$parsedPlaceholders = [];
+		$parameterIdx = 0;
+		$placeholderNumber = 0;
 
-		$maxPositionedNumber = 0;
-		$maxOrdinaryNumber = 0;
 		foreach ($placeholders as $placeholder) {
+			$placeholderNumber++;
+			$showValueSuffix = false;
+
 			if (isset($placeholder['width']) && $placeholder['width'] !== '') {
-				$maxOrdinaryNumber++;
+				$parsedPlaceholders[] = new PrintfPlaceholder(
+					sprintf('"%s" (width)', $placeholder[0]),
+					$parameterIdx++,
+					$placeholderNumber,
+					'strict-int',
+				);
+				$showValueSuffix = true;
 			}
 
 			if (isset($placeholder['precision']) && $placeholder['precision'] !== '') {
-				$maxOrdinaryNumber++;
+				$parsedPlaceholders[] = new PrintfPlaceholder(
+					sprintf('"%s" (precision)', $placeholder[0]),
+					$parameterIdx++,
+					$placeholderNumber,
+					'strict-int',
+				);
+				$showValueSuffix = true;
 			}
 
-			if (isset($placeholder['position']) && $placeholder['position'] !== '') {
-				$maxPositionedNumber = max((int) $placeholder['position'], $maxPositionedNumber);
-			} else {
-				$maxOrdinaryNumber++;
-			}
+			$parsedPlaceholders[] = new PrintfPlaceholder(
+				sprintf('"%s"', $placeholder[0]) . ($showValueSuffix ? ' (value)' : ''),
+				isset($placeholder['position']) && $placeholder['position'] !== ''
+					? $placeholder['position'] - 1
+					: $parameterIdx++,
+				$placeholderNumber,
+				$this->getAcceptingTypeBySpecifier($placeholder['specifier'] ?? ''),
+			);
+		}
+
+		foreach ($parsedPlaceholders as $placeholder) {
+			$result[$placeholder->parameterIndex][] = $placeholder;
+		}
+
+		return $result;
+	}
+
+	/** @phpstan-return 'string'|'int'|'float'|'mixed' */
+	private function getAcceptingTypeBySpecifier(string $specifier): string
+	{
+		if ($specifier === 's') {
+			return 'string';
+		}
+
+		if (in_array($specifier, ['d', 'u', 'c', 'o', 'x', 'X', 'b'], true)) {
+			return 'int';
+		}
+
+		if (in_array($specifier, ['e', 'E', 'f', 'F', 'g', 'G', 'h', 'H'], true)) {
+			return 'float';
 		}
 
-		return max($maxPositionedNumber, $maxOrdinaryNumber);
+		return 'mixed';
+	}
+
+	private function getPlaceholdersCount(string $specifiersPattern, string $format): int
+	{
+		$paramIndices = array_keys($this->parsePlaceholders($specifiersPattern, $format));
+
+		return $paramIndices === []
+			? 0
+			// The indices start from 0
+			: max($paramIndices) + 1;
 	}
 
 }

src/Rules/Functions/PrintfParameterTypeRule.php

@@ -0,0 +1,155 @@
+<?php declare(strict_types = 1);
+
+namespace PHPStan\Rules\Functions;
+
+use PhpParser\Node;
+use PHPStan\Analyser\Scope;
+use PHPStan\Reflection\ReflectionProvider;
+use PHPStan\Rules\Rule;
+use PHPStan\Rules\RuleErrorBuilder;
+use PHPStan\Rules\RuleLevelHelper;
+use PHPStan\Type\BooleanType;
+use PHPStan\Type\ErrorType;
+use PHPStan\Type\FloatType;
+use PHPStan\Type\IntegerType;
+use PHPStan\Type\NullType;
+use PHPStan\Type\StringAlwaysAcceptingObjectWithToStringType;
+use PHPStan\Type\Type;
+use PHPStan\Type\TypeCombinator;
+use PHPStan\Type\VerbosityLevel;
+use function array_key_exists;
+use function count;
+use function sprintf;
+
+/**
+ * @implements Rule<Node\Expr\FuncCall>
+ */
+final class PrintfParameterTypeRule implements Rule
+{
+
+	private const FORMAT_ARGUMENT_POSITIONS = [
+		'printf' => 0,
+		'sprintf' => 0,
+		'fprintf' => 1,
+	];
+	private const MINIMUM_NUMBER_OF_ARGUMENTS = [
+		'printf' => 1,
+		'sprintf' => 1,
+		'fprintf' => 2,
+	];
+
+	public function __construct(
+		private PrintfHelper $printfHelper,
+		private ReflectionProvider $reflectionProvider,
+		private RuleLevelHelper $ruleLevelHelper,
+	)
+	{
+	}
+
+	public function getNodeType(): string
+	{
+		return Node\Expr\FuncCall::class;
+	}
+
+	public function processNode(Node $node, Scope $scope): array
+	{
+		if (!($node->name instanceof Node\Name)) {
+			return [];
+		}
+
+		if (!$this->reflectionProvider->hasFunction($node->name, $scope)) {
+			return [];
+		}
+
+		$functionReflection = $this->reflectionProvider->getFunction($node->name, $scope);
+		$name = $functionReflection->getName();
+		if (!array_key_exists($name, self::FORMAT_ARGUMENT_POSITIONS)) {
+			return [];
+		}
+
+		$formatArgumentPosition = self::FORMAT_ARGUMENT_POSITIONS[$name];
+
+		$args = $node->getArgs();
+		foreach ($args as $arg) {
+			if ($arg->unpack) {
+				return [];
+			}
+		}
+		$argsCount = count($args);
+		if ($argsCount < self::MINIMUM_NUMBER_OF_ARGUMENTS[$name]) {
+			return []; // caught by CallToFunctionParametersRule
+		}
+
+		$formatArgType = $scope->getType($args[$formatArgumentPosition]->value);
+		$formatArgTypeStrings = $formatArgType->getConstantStrings();
+
+		// Let's start simple for now.
+		if (count($formatArgTypeStrings) !== 1) {
+			return [];
+		}
+
+		$formatString = $formatArgTypeStrings[0];
+		$format = $formatString->getValue();
+		$placeholderMap = $this->printfHelper->getPrintfPlaceholders($format);
+		$errors = [];
+		$typeAllowedByCallToFunctionParametersRule = TypeCombinator::union(
+			new StringAlwaysAcceptingObjectWithToStringType(),
+			new IntegerType(),
+			new FloatType(),
+			new BooleanType(),
+			new NullType(),
+		);
+		// Type on the left can go to the type on the right, but not vice versa.
+		$allowedTypeNameMap = [
+			'strict-int' => 'int',
+			'int' => 'castable to int',
+			'float' => 'castable to float',
+			// These are here just for completeness. They won't be used because, these types are already enforced by
+			// CallToFunctionParametersRule.
+			'string' => 'castable to string',
+			'mixed' => 'castable to string',
+		];
+
+		for ($i = $formatArgumentPosition + 1, $j = 0; $i < $argsCount; $i++, $j++) {
+			// Some arguments may be skipped entirely.
+			foreach ($placeholderMap[$j] ?? [] as $placeholder) {
+				$argType = $this->ruleLevelHelper->findTypeToCheck(
+					$scope,
+					$args[$i]->value,
+					'',
+					static fn (Type $t) => $placeholder->doesArgumentTypeMatchPlaceholder($t),
+				)->getType();
+
+				if ($argType instanceof ErrorType || $placeholder->doesArgumentTypeMatchPlaceholder($argType)) {
+					continue;
+				}
+
+				// This is already reported by CallToFunctionParametersRule
+				if (
+					!$this->ruleLevelHelper->accepts(
+						$typeAllowedByCallToFunctionParametersRule,
+						$argType,
+						$scope->isDeclareStrictTypes(),
+					)->result
+				) {
+					continue;
+				}
+
+				$errors[] = RuleErrorBuilder::message(
+					sprintf(
+						'Parameter #%d of function %s is expected to be %s by placeholder #%d (%s), %s given.',
+						$i + 1,
+						$name,
+						$allowedTypeNameMap[$placeholder->acceptingType],
+						$placeholder->placeholderNumber,
+						$placeholder->label,
+						$argType->describe(VerbosityLevel::typeOnly()),
+					),
+				)->identifier('argument.type')->build();
+			}
+		}
+
+		return $errors;
+	}
+
+}

src/Rules/Functions/PrintfPlaceholder.php

@@ -0,0 +1,44 @@
+<?php declare(strict_types = 1);
+
+namespace PHPStan\Rules\Functions;
+
+use PHPStan\ShouldNotHappenException;
+use PHPStan\Type\ErrorType;
+use PHPStan\Type\IntegerType;
+use PHPStan\Type\Type;
+
+final class PrintfPlaceholder
+{
+
+	/** @phpstan-param 'strict-int'|'int'|'float'|'string'|'mixed' $acceptingType */
+	public function __construct(
+		public readonly string $label,
+		public readonly int $parameterIndex,
+		public readonly int $placeholderNumber,
+		public readonly string $acceptingType,
+	)
+	{
+	}
+
+	public function doesArgumentTypeMatchPlaceholder(Type $argumentType): bool
+	{
+		switch ($this->acceptingType) {
+			case 'strict-int':
+				return (new IntegerType())->accepts($argumentType, true)->yes();
+			case 'int':
+				return ! $argumentType->toInteger() instanceof ErrorType;
+			case 'float':
+				return ! $argumentType->toFloat() instanceof ErrorType;
+			// The function signature already limits the parameters to stringable types, so there's
+			// no point in checking string again here.
+			case 'string':
+			case 'mixed':
+				return true;
+			// Without this PHPStan with PHP 7.4 reports "...should return bool but return statement is missing."
+			// Presumably, because promoted properties are turned into regular properties and the phpdoc isn't applied to the property.
+			default:
+				throw new ShouldNotHappenException('Unexpected type ' . $this->acceptingType);
+		}
+	}
+
+}