excludes_analyse influences scanDirectories

[matthijskooijman]

Bug report

It seems that directories specified in excludes_analyse are not only excluded from analysis, but also from scanning (but only using scanDirectories, not scanFiles). I'm not sure if this is intentional, but it is certainly not documented (only the docs for paths seem to document the excludes_analyse directive, making me think it should only apply there).

Code snippet that reproduces the problem

Here's a dummy example, that has a similar structure as my original codebase but also shows the problem. It is intentionally minimal and probably does not make sense by itself, but shows the problem concisely.

$ tree
.
├── phpstan.neon
└── src
    ├── mine.php
    └── thirdparty
        └── thirdparty.php

2 directories, 3 files
$ cat phpstan.neon 
parameters:
 level: 5
 paths:
  - src
 excludes_analyse:
  - src/thirdparty
 scanDirectories:
  - src/thirdparty
$ cat src/mine.php 
<?php
some_function();
$ cat src/thirdparty/thirdparty.php 
<?php
function some_function() {
}
$ php phpstan.phar analyse 
Note: Using configuration file /home/matthijs/test/phpstan.neon.
 1/1 [▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓] 100%

 ------ -------------------------------------------------------------------- 
  Line   mine.php                                                            
 ------ -------------------------------------------------------------------- 
  2      Function some_function not found.                                   
         💡 Learn more at https://phpstan.org/user-guide/discovering-symbols  
 ------ -------------------------------------------------------------------- 
                                                                                                                        
 [ERROR] Found 1 error                                                                                                  
                                                                                                                        

Expected output

The function is defined in a scanned directory, but an error is shown as if the directory is not scanned. If I remove the excludes_analyse from the config, the error disappears, but now src/thirdparty is also scanned.

I suspect that phpstan is intended for a directory layout where your own code and third party code are separated on the top level, but this is not how our codebase is structured. As a workaround, I'm now omitting exclude_analyse and instead specifying all subdirectories of src that contain my own code explicitly, which works, but isn't ideal to maintain (easy to forget a new directory, silently not analysing it).

Note that this problem does not occur with scanFiles. If I change the
config file to the following, no errors are reported (i.e.
thirdparty.php is scanned as expected):

$ cat phpstan.neon
parameters:
 level: 5
 paths:
  - src
 excludes_analyse:
  - src/thirdparty/thirdparty.php
 scanFiles:
  - src/thirdparty/thirdparty.php

Fixes

I can think of two fixes:

1. Do not apply excludes_analyse to scanDirectories
2. Let any files / directories specified with scanDirectories and scanFiles be excluded from analysis automatically. This would remove the need for specifying third party stuff double (in excludes_analyse and scanDirectories / scanFiles). AFAIU, the there would never be a reason to specify a file as both analyzed and scanned (analyzing it implies its already scanned, so if you specify it needs to be (only) scanned, you can exclude it from analysis safely).

I guess both of these could even be applied, since the former makes things more like (IMHO) expected and documented, and the latter makes it easier to configure phpstan.

[mergeable]

This bug report is missing a link to reproduction on phpstan.org.
It will most likely be closed after manual review.

[matthijskooijman]

AFAIU, the there would never be a reason to specify a file as both analyzed and scanned

Hm, this is not currently true, it seems: Specifying files for analyzing and scanning is a workaround for #3750.

[ondrejmirtes]

Yeah, this project structure is currently problematic. excludes_analyse has been used to skip broken source code with parse errors etc. so it makes sense it currently excludes files from both analysed paths and scanDirectories.

This is solvable by making two distinct options - one for skipping analysed paths (but not skipping paths that are used for discovering symbols), and another for skipping from both analysed paths and discovering symbols.

It's also useful to do this because excludes_analyse is the last option that still has underscore case (#1796) so we can modernize it and make it consistent with the other options as well.

[MacGritsch]

Same here: have tons of folders with custom php files and one third-party folder.
Currently we have to add every folder with custom code to the config-file manually (and dont forget to add it when a new one is created...).

[Luc45]

In my scenario, I have this:

excludes_analyse:
    - /var/www/foo/vendor/*
scanDirectories:
    - /var/www/foo/vendor/

Because I want PHPStan to find my vendor symbols, but I don't want it to analyze them.

Unfortunately, it doesn't work, as excludes_analyse makes it skip that folder in scanDirectories

[ondrejmirtes]

@Luc45 Don't put vendor in your analysed paths then. List the directories you want to analyse instead.

[Luc45]

@ondrejmirtes That would work, yes.

However, I have 14 folders and 9 files at the root of the project, so it's inconvenient and risky to list them all, as new changes could be easily overlooked.

For me, personally, it would be good to be able to use excludes_analyse and scanDirectories to have symbols loaded without analyzing them.

[Luc45]

But I agree there are ways I could get around that in my local environment, I don't know how much of an effort this is to implement this on PHPStan. If it would change the structure too much I agree it's not a big deal.

[ondrejmirtes]

It's not currently possible as some people use excludes_analyse to skip things in their scanDirectories, so you'll have to list the paths, sorry.

[pwaring]

I'm affected by this issue too - large legacy codebase that is all in one directory (i.e. no segregation between 'my' code and third party libraries). Excluding the third party libraries from analysis results in errors from my code where it calls the third party libraries, including them results in a huge list of errors relating to the libraries themselves, which I'm not able to fix.

Since I have a useful test case and a vested interest in this issue, please let me know if any testing is needed if/when a proposed fix is ready. :)

[ondrejmirtes]

So I spent some time thinking about and implementing a solution for this, and I came up with this:

Instead of a flat excludes_analyse array option, there's now excludePaths. You can rewrite your excludes_analyse that looks like this:

excludes_analyse:
  - foo.php
  - bar/baz.php

Into:

excludePaths:
  - foo.php
  - bar/baz.php

And it will continue working the same way. But if you have the same issue that's described in this thread (you want to exclude different paths for analysis and different paths for scanning - discovering 3rd party symbols), now you can.

excludePaths:
  analyse:
    - foo.php
  analyseAndScan:
    - bar.php

This configuration means that foo.php will still be scanned for discovered symbols. bar.php will be skipped for both analysis and scanning.

Given the tree structure from the OP:

├── phpstan.neon
└── src
    ├── mine.php
    └── thirdparty
        └── thirdparty.php

This is how I'd configure phpstan.neon:

parameters:
  level: 5
  paths:
    - src
  excludePaths:
    analyse:
      - src/thirdparty

Relevant commit: phpstan/phpstan-src@bf35a10

Please test the current phpstan/phpstan dev-master and let me know how it works for you :) Thanks!