Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/schlndh/maria-stan

Static analyser for MariaDB queries
https://github.com/schlndh/maria-stan

mariadb php phpstan-extension static-analysis

Last synced: 3 months ago
JSON representation

Static analyser for MariaDB queries

Awesome Lists containing this project

README 

        
# MariaStan



MariaStan is a static analysis tool for MariaDB queries. Its primary purpose is to serve as a basis for

[PHPStan](https://phpstan.org/) extensions.



**Current status** (31. 01. 2025):



MariaStan is very much incomplete. It covers probably ~90% of use-cases in a large code-base where I use it

(hundreds of tables, thousands of queries). As a result there is not much activity. But it is actively maintained in

the sense that if something breaks for me, it will probably get fixed.



If you try to use it in your project, you are likely to run into use-cases which are not implemented

(e.g. syntax/functions which my project doesn't use). If that happens, you should be prepared to fix things for yourself

(most things should be easy).



There is no backwards-compatibility promise on anything, and there are no releases - I just use master.



MariaStan is tested with MariaDB 10.11 and PHP 8.1-8.4.



## Installation



Install MariaStan using `composer require --dev schlndh/maria-stan:dev-master`. Then you'll need to add the following

to your `phpstan.neon`:



```neon

includes:

    - ./vendor/schlndh/maria-stan/extension.neon



```



## Configuration



MariaStan needs access to the database schema. The easiest way to provide it is to let it connect directly to a database.

You'll need to add the following configuration to your `phpstan.neon` and set proper credentials:



```neon

parameters: 

    maria-stan:

        db:

            # Change these to match your database

            host: 127.0.0.1

            port: 3306

            user: 'root'

            password: ''

            database: 'db'

```



MariaStan needs access to a database to fetch the schema for query analysis. It only reads table schema and does not

write anything. Nevertheless, **DO NOT** give it access to any database which contains any important data.



Alternatively, it is also possible to use MariaStan without access to the database during analysis. In that case you'll

need to first dump the schema using `MariaDbFileDbReflection::dumpSchema` and save it into a file. Here is an example

script that does that:



```php

prepare("SELECT * FROM tbl WHERE id IN (" . implode(',', array_fill(0, $count, '?')) . ')');

    }

    ```

  PHPStan will not be able to evaluate it statically and thus MariaStan has nothing to analyse.

- There is no support for temporary tables.

- There is no support for multiple databases.

- The limitations above are the main ones long term. But besides them, everything is only partially implemented.



## Similar projects



### [staabm/phpstan-dba](https://github.com/staabm/phpstan-dba)



As far as I can tell, phpstan-dba works by executing the queries to get the information about result types, errors, ...

MariaStan on the other hand analyzes the queries statically. Benefits of phpstan-dba include:



- Easy support for multiple databases. With MariaStan this is impossible (with the possible exception of MySQL).

- More complete and reliable error checking thanks to the database doing the heavy lifting. On the other hand,

 the database only returns one error at a time, whereas MariaStan may be able to discover multiple issues at once.

- Query plan analysis. This seems infeasible to do statically. On the other hand, I'm not sure how useful this is in

 practice especially if you don't want to give phpstan-dba access to production data.

- It appears to be easier to get started with it, as it has extensions for multiple database abstractions.



There are some minor downsides to phpstan-dba's approach:



- There is no path to full static analysis (i.e. not requiring a running database at any point). MariaStan currently

 also requires a running database (to get data from `information_schema`, not necessarily at analysis time). But it is

 possible to implement `CREATE TABLE` (etc.) parsing and implement a DB reflection on top of that.

- Because the queries are executed, it has to be careful with data/schema modification queries. I saw some conditions

 that restrict it to `SELECT` queries in several places, as well as the use of transactions. Therefore, I'm not sure

 how well it supports `INSERT` etc. (there are some in tests at least).