find-boundary-issues
Boundary Issue Detection
Analyze PHP code for boundary and range violations.
Detection Patterns
1. Array Index Out of Bounds
// BUG: No bounds check
$items = [1, 2, 3];
$last = $items[count($items)]; // Off by one, should be count - 1
// BUG: Hardcoded index
$third = $data[2]; // May not have 3 elements
// BUG: Negative index
$item = $array[$index]; // $index could be negative
2. Empty Collection Access
// BUG: first() on empty
$users = $repository->findBy(['status' => 'vip']);
$topUser = $users[0]; // May be empty
// BUG: array_pop on empty
$items = [];
$last = array_pop($items); // Returns null
// BUG: reset() on empty
$first = reset($emptyArray); // Returns false
3. Off-by-One Errors
// BUG: Loop boundary
for ($i = 0; $i <= count($items); $i++) { // Should be <
process($items[$i]); // Last iteration fails
}
// BUG: Substring
$sub = substr($string, 0, strlen($string) + 1); // Off by one
// BUG: Slice
$slice = array_slice($array, 0, count($array) + 1);
4. Integer Overflow/Underflow
// BUG: No overflow check
$total = $price * $quantity; // May overflow
// BUG: Negative result
$remaining = $stock - $ordered; // May go negative
// BUG: Division truncation
$average = $total / $count; // Integer division loses precision
5. String Length Issues
// BUG: Empty string access
$first = $string[0]; // Undefined if empty
// BUG: Multibyte issues
$length = strlen($utf8String); // Wrong for multibyte
$char = $string[5]; // May split multibyte char
// BUG: No length check
$sub = substr($name, 0, 10); // May be shorter than 10
6. Range Validation
// BUG: Unchecked range
$page = $request->get('page'); // Could be 0, negative, or huge
$items = $repository->findPage($page); // Invalid page
// BUG: Missing min/max
$age = (int) $input; // Could be negative or 1000
7. Date/Time Boundaries
// BUG: Invalid month/day
$date = new DateTime("2024-13-45"); // Invalid date
// BUG: Leap year
$date = new DateTime("2023-02-29"); // Not a leap year
Grep Patterns
# Direct array index access
Grep: "\$\w+\[\d+\]" --glob "**/*.php"
# count() in loop condition
Grep: "for\s*\([^;]+;\s*\$\w+\s*<=\s*count" --glob "**/*.php"
# Array access after find
Grep: "findBy[^;]+;\s*\n\s*\$\w+\[0\]" --glob "**/*.php"
# Hardcoded string index
Grep: '\$\w+\["\w+"\]\[\d+\]' --glob "**/*.php"
Severity Classification
| Pattern | Severity |
|---|---|
| Unchecked array index | π Major |
| Off-by-one in loop | π Major |
| Empty collection access | π Major |
| Integer overflow | π‘ Minor |
| Multibyte string issue | π‘ Minor |
Output Format
### Boundary Issue: [Description]
**Severity:** π΄/π /π‘
**Location:** `file.php:line`
**Type:** [Array Bounds|Off-by-One|Empty Access|Overflow|...]
**Issue:**
[Description of the boundary violation]
**Code:**
```php
// Problematic code
Fix:
// With bounds check
More from dykyi-roman/awesome-claude-code
psr-overview-knowledge
PHP Standards Recommendations (PSR) overview knowledge base. Provides comprehensive reference for all accepted PSRs including PSR-1,3,4,6,7,11,12,13,14,15,16,17,18,20. Use for PSR selection decisions and compliance audits.
22detect-code-smells
Detects code smells in PHP codebases. Identifies God Class, Feature Envy, Data Clumps, Long Parameter List, Long Method, Primitive Obsession, Message Chains, Inappropriate Intimacy. Generates actionable reports with refactoring recommendations.
15clean-arch-knowledge
Clean Architecture knowledge base. Provides patterns, antipatterns, and PHP-specific guidelines for Clean Architecture and Hexagonal Architecture audits.
15ddd-knowledge
DDD architecture knowledge base. Provides patterns, antipatterns, and PHP-specific guidelines for Domain-Driven Design audits.
14testing-knowledge
Testing knowledge base for PHP 8.4 projects. Provides testing pyramid, AAA pattern, naming conventions, isolation principles, DDD testing guidelines, and PHPUnit patterns.
12bug-root-cause-finder
Root cause analysis methods for PHP bugs. Provides 5 Whys technique, fault tree analysis, git bisect guidance, and stack trace parsing.
12