Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How can I perform static code analysis in PHP? [closed]

Is there a static analysis tool for PHP source files?

The binary itself can check for syntax errors, but I'm looking for something that does more, like:

  • unused variable assignments
  • arrays that are assigned into without being initialized first
  • and possibly code style warnings
  • ...
like image 860
eswald Avatar asked Dec 18 '08 19:12

eswald


People also ask

What is PHP static analysis?

PHPStan PHPStan is a static code analysis tool that focuses on finding errors in the source code without having to actually run it. It catches whole classes of bugs even before you write tests for the code. PHPStan might be the most commonly used tool and also one of the newest.

In which stage static code analysis is performed?

Static code analysis is performed early in development, before software testing begins. For organizations practicing DevOps, static code analysis takes place during the “Create” phase.

Which tool performs static analysis of code?

SonarQube. SonarQube is the popular static analysis tool for continuously inspecting the code quality and security of your codebases and guiding development teams during code reviews. SonarQube is used for automated code review with CI/CD Integration.

What is PHP Linting?

phplint.com is a PHP Code Quality tool that checks your code for good PHP practices, as listed in the clearPHP reference. It uses the exakat engine (version 0.2. 4) to run the audit analysis. For every piece of code you submit, phplint.com warns you : Incompilable files.


2 Answers

Run php in lint mode from the command line to validate syntax without execution:

php -l FILENAME

Higher-level static analyzers include:

  • php-sat - Requires http://strategoxt.org/
  • PHP_Depend
  • PHP_CodeSniffer
  • PHP Mess Detector
  • PHPStan
  • PHP-CS-Fixer
  • phan

Lower-level analyzers include:

  • PHP_Parser
  • token_get_all (primitive function)

Runtime analyzers, which are more useful for some things due to PHP's dynamic nature, include:

  • Xdebug has code coverage and function traces.
  • My PHP Tracer Tool uses a combined static/dynamic approach, building on Xdebug's function traces.

The documentation libraries phpdoc and Doxygen perform a kind of code analysis. Doxygen, for example, can be configured to render nice inheritance graphs with Graphviz.

Another option is xhprof, which is similar to Xdebug, but lighter, making it suitable for production servers. The tool includes a PHP-based interface.

like image 170
troelskn Avatar answered Oct 23 '22 02:10

troelskn


Online PHP lint

PHPLint

Unitialized variables check. Link 1 and 2 already seem to do this just fine, though.

I can't say I have used any of these intensively, though :)

like image 28
Martijn Laarman Avatar answered Oct 23 '22 04:10

Martijn Laarman