[Bug] Joern gets number of arguments to call in PHP wrong

[neochristou]

Here is a minimal example:

<?php
$x = file("fasdfa");
define('SOME_CONST', 'somedir/');
$file = SOME_CONST . 'config.php';
include_once($file);
?>

In the last last, I would expect the call to include_once to only have one argument (the $file identifier), but I actually get the following:

joern> cpg.call.id(21).l(0).argument.l
val res5: List[io.shiftleft.codepropertygraph.generated.nodes.Expression] = List(
  Identifier(
    id = 22L,
    argumentIndex = 1,
    argumentName = None,
    code = "$file",
    columnNumber = None,
    dynamicTypeHintFullName = ArraySeq(),
    lineNumber = Some(value = 7),
    name = "file",
    order = 1,
    possibleTypes = ArraySeq(),
    typeFullName = "file"
  ),
  MethodRef(
    id = 87L,
    argumentIndex = 2,
    argumentName = None,
    code = "file",
    columnNumber = None,
    dynamicTypeHintFullName = ArraySeq(),
    lineNumber = Some(value = 7),
    methodFullName = "file",
    order = -1,
    possibleTypes = ArraySeq(),
    typeFullName = "<empty>"
  )
)

This only happens when both the call to file in the second line and the constant in the definition of the $file variable are there.

To reproduce:

1. Copy the example above in a file (e.g., test.php).
2. Generate its graph (joern-parse --language php test.php --output graph).
3. Start an interactive shell and check the call's arguments.

The expected behavior would be to only see the first argument (Identifier), but instead there is an additional MethodRef argument to the file function.

This was tested on Debian v12, Joern version 2.0.258, and Java version 17.0.9.