On Fri, 5 Apr 2019 at 11:30, Robert Hickman <robehick...@gmail.com> wrote:
> If a static > analyser were programmable, it could parse the SQL query and query the > database to find out what keys exist in some_table. Thus it could > check for references to non-existing keys. > That's an interesting example, but I don't think it generalises as far as you think: what would a "programmable analyser" do with an array of HTTP headers, or query-string parameters? However, I wasn't referring to dynamic *data* like this, but rather dynamic behaviour in the language itself. A couple of simple examples: function foo(callable $bar): int { return $bar(); } function foo(iterable $bar): int { foreach ( $bar as $baz ) { return $baz; } } In order to analyse those, you need a) the language to offer a richer type system (generics, derived types, etc); and b) the programmer to make full use of that type system, everywhere. As soon as you have code that's missing rich type information, or use a truly dynamic feature, that whole section of code becomes essentially unchecked. That's why Hack is not only adding features for richer (statically analysed) type annotations, but also *removing* PHP features which don't work nicely with them. Regards, -- Rowan Collins [IMSoP]