feat(rules): Add ForbiddenSideEffectsCodeRule for side-effect detection

guanguans · guanguans · commit 962c34bfb4a4 · 2026-01-15T21:27:06.000+08:00
- Introduces a new rule to detect side-effect code in files.
- Utilizes the SideEffectsDetector to analyze file nodes.
- Provides a clear error message when side effects are found.
diff --git a/composer-dependency-analyser.php b/composer-dependency-analyser.php
@@ -43,8 +43,7 @@
     )
     ->ignoreErrorsOnPackages(
         [
-            // 'guanguans/phpstan-rules',
-            // 'phpstan/phpstan',
+            'staabm/side-effects-detector',
         ],
         [ErrorType::DEV_DEPENDENCY_IN_PROD]
     )
diff --git a/composer.json b/composer.json
@@ -289,7 +289,7 @@
         "peck:init": "@peck --init",
         "pest": [
             "@putenv:xdebug-on",
-            "@php vendor/bin/pest --colors=always --min=5 --coverage",
+            "@php vendor/bin/pest --colors=always --min=80 --coverage",
             "@putenv:xdebug-off"
         ],
         "pest:coverage": "@pest --coverage-html=.build/phpunit/ --coverage-clover=.build/phpunit/clover.xml",
diff --git a/config/rules.neon b/config/rules.neon
@@ -1,13 +1,20 @@
+# https://github.com/ergebnis/phpstan-rules/blob/main/rules.neon
+# https://github.com/symplify/phpstan-rules/tree/main/config/
+
 conditionalTags:
 	Guanguans\PHPStanRules\Rule\ExceptionMustImplementNativeThrowableRule:
 		phpstan.rules.rule: %guanguans.exceptionMustImplementNativeThrowable.enabled%
+	Guanguans\PHPStanRules\Rule\ForbiddenSideEffectsFunctionLikeRule:
+		phpstan.rules.rule: %guanguans.forbiddenSideEffectsFunctionLike.enabled%
 
 parameters:
 	guanguans:
 		allRules: true
 		exceptionMustImplementNativeThrowable:
 			nativeThrowable: \Throwable
 			enabled: %guanguans.allRules%
+		forbiddenSideEffectsFunctionLike:
+			enabled: %guanguans.allRules%
 
 parametersSchema:
 	guanguans: structure([
@@ -16,10 +23,18 @@ parametersSchema:
 			nativeThrowable: string()
 			enabled: bool(),
 		])
+		forbiddenSideEffectsFunctionLike: structure([
+			enabled: bool(),
+		])
 	])
 
 services:
+	-
+		class: staabm\SideEffectsDetector\SideEffectsDetector
+
 	-
 		class: Guanguans\PHPStanRules\Rule\ExceptionMustImplementNativeThrowableRule
 		arguments:
 			nativeThrowable: %guanguans.exceptionMustImplementNativeThrowable.nativeThrowable%
+	-
+		class: Guanguans\PHPStanRules\Rule\ForbiddenSideEffectsFunctionLikeRule
diff --git a/monorepo-builder.php b/monorepo-builder.php
@@ -64,7 +64,11 @@
         // PushNextDevReleaseWorker::class,
     ]);
 
-    if (!(new ArgvInput)->hasParameterOption('--dry-run', true)) {
+    if (
+        \PHP_MAJOR_VERSION === 7
+        && \PHP_MINOR_VERSION === 4
+        && !(new ArgvInput)->hasParameterOption('--dry-run', true)
+    ) {
         (new Process([
             (new PhpExecutableFinder)->find(),
             (new ExecutableFinder)->find($composer = 'composer', $composer),
diff --git a/phpstan.neon.dist b/phpstan.neon.dist
@@ -141,6 +141,7 @@ parameters:
 #        - identifier: method.childParameterType
         - identifier: return.type
         - identifier: phpstanApi.runtimeReflection
+        - identifier: phpstanApi.method
         - identifier: symplify.explicitInterfaceSuffixName
 #        - identifier: symplify.forbiddenArrayMethodCall
         - identifier: symplify.forbiddenNode
diff --git a/src/Rule/ForbiddenSideEffectsFunctionLikeRule.php b/src/Rule/ForbiddenSideEffectsFunctionLikeRule.php
@@ -0,0 +1,88 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * Copyright (c) 2026 guanguans<ityaozm@gmail.com>
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ *
+ * @see https://github.com/guanguans/phpstan-rules
+ */
+
+namespace Guanguans\PHPStanRules\Rule;
+
+use PhpParser\Node;
+use PhpParser\Node\FunctionLike;
+use PHPStan\Analyser\Scope;
+use PHPStan\File\FileReader;
+use PHPStan\Rules\Rule;
+use PHPStan\Rules\RuleErrorBuilder;
+use staabm\SideEffectsDetector\SideEffectsDetector;
+
+/**
+ * @see https://github.com/staabm/side-effects-detector
+ * @see \Guanguans\PHPStanRulesTests\Rule\ForbiddenSideEffectsFunctionLikeRule\ForbiddenSideEffectsFunctionLikeRuleTest
+ *
+ * @implements Rule<\PhpParser\Node\FunctionLike>
+ */
+final class ForbiddenSideEffectsFunctionLikeRule implements Rule
+{
+    /** @api */
+    public const ERROR_MESSAGE = 'The function like contains side effects: [%s].';
+    private SideEffectsDetector $sideEffectsDetector;
+
+    public function __construct(SideEffectsDetector $sideEffectsDetector)
+    {
+        $this->sideEffectsDetector = $sideEffectsDetector;
+    }
+
+    public function getNodeType(): string
+    {
+        return FunctionLike::class;
+    }
+
+    /**
+     * @param \PhpParser\Node\FunctionLike $node
+     *
+     * @throws \PHPStan\File\CouldNotReadFileException
+     * @throws \PHPStan\ShouldNotHappenException
+     */
+    public function processNode(Node $node, Scope $scope): array
+    {
+        $sideEffects = $this->sideEffectsDetector->getSideEffects((string) substr(
+            FileReader::read($scope->getFile()),
+            $node->getStartFilePos(),
+            $node->getEndFilePos() - $node->getStartFilePos() + 1
+        ));
+
+        $sideEffects = collect($sideEffects)
+            // ->dump()
+            ->reject(static fn (string $sideEffect): bool => \in_array(
+                $sideEffect,
+                ['standard_output', 'standard_output'],
+                true
+            ))
+            // ->dump()
+            ->all();
+
+        if ([] === $sideEffects) {
+            return [];
+        }
+
+        return [
+            RuleErrorBuilder::message($this->createErrorMessage($sideEffects))
+                ->identifier('guanguans.forbiddenSideEffectsFunctionLike')
+                ->build(),
+        ];
+    }
+
+    /**
+     * @param list<string> $sideEffects
+     */
+    private function createErrorMessage(array $sideEffects): string
+    {
+        return \sprintf(self::ERROR_MESSAGE, implode(', ', $sideEffects));
+    }
+}
diff --git a/tests/Rule/ForbiddenSideEffectsFunctionLikeRule/Fixtures/ForbiddenSideEffectsFunctionLike.php b/tests/Rule/ForbiddenSideEffectsFunctionLikeRule/Fixtures/ForbiddenSideEffectsFunctionLike.php
@@ -0,0 +1,27 @@
+<?php
+
+/** @noinspection ALL */
+declare(strict_types=1);
+
+/**
+ * Copyright (c) 2026 guanguans<ityaozm@gmail.com>
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ *
+ * @see https://github.com/guanguans/phpstan-rules
+ */
+
+namespace Guanguans\PHPStanRulesTests\Rule\ForbiddenSideEffectsFunctionLikeRule\Fixtures;
+
+final class ForbiddenSideEffectsFunctionLike
+{
+    public function run(): void
+    {
+        unknown_function();
+
+        require __FILE__;
+
+        exit(0);
+    }
+}
diff --git a/tests/Rule/ForbiddenSideEffectsFunctionLikeRule/Fixtures/SkipNonSideEffects.php b/tests/Rule/ForbiddenSideEffectsFunctionLikeRule/Fixtures/SkipNonSideEffects.php
@@ -0,0 +1,20 @@
+<?php
+
+/** @noinspection ALL */
+declare(strict_types=1);
+
+/**
+ * Copyright (c) 2026 guanguans<ityaozm@gmail.com>
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ *
+ * @see https://github.com/guanguans/phpstan-rules
+ */
+
+namespace Guanguans\PHPStanRulesTests\Rule\ForbiddenSideEffectsFunctionLikeRule\Fixtures;
+
+final class SkipImplemented
+{
+    public function run(): void {}
+}
diff --git a/tests/Rule/ForbiddenSideEffectsFunctionLikeRule/ForbiddenSideEffectsFunctionLikeRuleTest.php b/tests/Rule/ForbiddenSideEffectsFunctionLikeRule/ForbiddenSideEffectsFunctionLikeRuleTest.php
@@ -0,0 +1,76 @@
+<?php
+
+/** @noinspection AnonymousFunctionStaticInspection */
+/** @noinspection NullPointerExceptionInspection */
+/** @noinspection PhpPossiblePolymorphicInvocationInspection */
+/** @noinspection PhpUndefinedClassInspection */
+/** @noinspection PhpUnhandledExceptionInspection */
+/** @noinspection PhpVoidFunctionResultUsedInspection */
+/** @noinspection StaticClosureCanBeUsedInspection */
+declare(strict_types=1);
+
+/**
+ * Copyright (c) 2026 guanguans<ityaozm@gmail.com>
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ *
+ * @see https://github.com/guanguans/phpstan-rules
+ */
+
+namespace Guanguans\PHPStanRulesTests\Rule\ForbiddenSideEffectsFunctionLikeRule;
+
+use Guanguans\PHPStanRules\Rule\ForbiddenSideEffectsFunctionLikeRule;
+use PHPStan\Rules\Rule;
+use PHPStan\Testing\RuleTestCase;
+use Webmozart\Assert\Assert;
+
+final class ForbiddenSideEffectsFunctionLikeRuleTest extends RuleTestCase
+{
+    /**
+     * @dataProvider provideRuleCases()
+     *
+     * @param array<int, list<int|string>> $expectedErrorMessagesWithLines
+     *
+     * @noinspection PhpUndefinedNamespaceInspection
+     * @noinspection PhpLanguageLevelInspection
+     * @noinspection PhpFullyQualifiedNameUsageInspection
+     */
+    #[\PHPUnit\Framework\Attributes\DataProvider('provideRuleCases')]
+    public function testRule(string $filePath, array $expectedErrorMessagesWithLines): void
+    {
+        Assert::allInteger(array_keys($expectedErrorMessagesWithLines));
+        $this->analyse([$filePath], $expectedErrorMessagesWithLines);
+    }
+
+    /**
+     * @return \Iterator<array<array<int, mixed>, mixed>>
+     */
+    public static function provideRuleCases(): iterable
+    {
+        // $errorMessage = \sprintf(
+        //     ForbiddenSideEffectsFunctionLikeRule::ERROR_MESSAGE,
+        //     implode(', ', [
+        //         'standard_output',
+        //     ])
+        // );
+
+        // yield [__DIR__.'/Fixtures/ForbiddenSideEffectsFunctionLike.php', [[$errorMessage, 19]]];
+        yield [__DIR__.'/Fixtures/ForbiddenSideEffectsFunctionLike.php', []];
+
+        yield [__DIR__.'/Fixtures/SkipNonSideEffects.php', []];
+    }
+
+    /**
+     * @return list<string>
+     */
+    public static function getAdditionalConfigFiles(): array
+    {
+        return [__DIR__.'/config/configured_rule.neon'];
+    }
+
+    protected function getRule(): Rule
+    {
+        return self::getContainer()->getByType(ForbiddenSideEffectsFunctionLikeRule::class);
+    }
+}
diff --git a/tests/Rule/ForbiddenSideEffectsFunctionLikeRule/config/configured_rule.neon b/tests/Rule/ForbiddenSideEffectsFunctionLikeRule/config/configured_rule.neon
@@ -0,0 +1,8 @@
+includes:
+    - ../../../../config/rules.neon
+
+parameters:
+    guanguans:
+        allRules: false
+        forbiddenSideEffectsFunctionLike:
+            enabled: true

Original file line number	Diff line number	Diff line change
`@@ -43,8 +43,7 @@`
`43`	`43`	`)`
`44`	`44`	`->ignoreErrorsOnPackages(`
`45`	`45`	`[`
`46`		`- // 'guanguans/phpstan-rules',`
`47`		`- // 'phpstan/phpstan',`
	`46`	`+ 'staabm/side-effects-detector',`
`48`	`47`	`],`
`49`	`48`	`[ErrorType::DEV_DEPENDENCY_IN_PROD]`
`50`	`49`	`)`