How can I perform static code analysis in PHP?
Run php
in lint mode from the command line to validate syntax without execution:
php -l FILENAME
Higher-level static analyzers include:
- php-sat - Requires http://strategoxt.org/
- PHP_Depend
- PHP_CodeSniffer
- PHP Mess Detector
- PHPStan
- PHP-CS-Fixer
- phan
Lower-level analyzers include:
- PHP_Parser
- token_get_all (primitive function)
Runtime analyzers, which are more useful for some things due to PHP's dynamic nature, include:
- Xdebug has code coverage and function traces.
- My PHP Tracer Tool uses a combined static/dynamic approach, building on Xdebug's function traces.
The documentation libraries phpdoc and Doxygen perform a kind of code analysis. Doxygen, for example, can be configured to render nice inheritance graphs with Graphviz.
Another option is xhprof, which is similar to Xdebug, but lighter, making it suitable for production servers. The tool includes a PHP-based interface.
Writing static code analysis tools
I suggest looking at the RIPS Scanner project and review its source code for ideas. It performs exactly the functions you wish to do.
Understanding php static code analysis results
Here are some more sources / links about the metrics , results and info in an old but similar question. If you want more info about mistakes and code smells I would recommand you look intro: PHP_CodeSniffer and PHP_Depend
PHP static code analysis tool, which detects uncaught exceptions?
PHPLint seems to be the answer. For example, it parses
<?php
function some()
{
if (time() == 123) {
throw new Exception("I can't happen");
}
}
some();
, which will never throw an exception (unless you're in the past), into:
BEGIN parsing of test-cSdHoW
1: <?php
2:
3: function some()
4: {
5: if (time() == 123) {
6: throw new Exception("I can't happen");
throw new Exception("I can't happen");
\_ HERE
==== 6: notice: here generating exception(s) Exception
throw new Exception("I can't happen");
\_ HERE
==== 6: ERROR: exception(s) must be caught or declared to be thrown: Exception
7: }
8: }
9:
10: some();
==== 3: notice: guessed signature of the function `some()' as void()
some();
\_ HERE
==== 10: notice: here generating exception(s) Exception
some();
\_ HERE
==== 10: Warning: uncaught exception(s): Exception
END parsing of test-cSdHoW
==== ?: notice: unused package `dummy.php'
==== ?: notice: required module `standard'
Overall test results: 1 errors, 1 warnings.
So that's exactly what I was asking for :) Adding a docblock and catching the exception results in no more errors or warnings from PHPLint.
Related Topics
How to Extend a Class Using More Than 1 Class in PHP
Selecting a CSS Class With Xpath
How to Send a Get Request from PHP
Storing Files in Database VS File System
Ajax and PHP to Enter Multiple Forms Input to Database
Delete Directory With Files in It
How to Extend Access Token Validity Since Offline_Access Deprecation
Best Way to Parse Rss/Atom Feeds With PHP
Generate Json String from Multidimensional Array Data
MySQLi Prepared Statements Error Reporting
Get Value from Simplexmlelement Object
PHP - Get Bool to Echo False When False
How to Delete a Line from the File With PHP
Setting Up a Deployment/Build/Ci Cycle For PHP Projects
How to Post Json to PHP With Curl
How to Create an Array from a CSV File Using PHP and the Fgetcsv Function