How can I perform static code analysis in PHP?

Viewed 83 times

Is there a static analysis tool for PHP source files?

The binary itself can check for syntax errors, but I'm looking for something that does more, like:

unused variable assignments
arrays that are assigned into without being initialized first
and possibly code style warnings
...

Answers

Run php in lint mode from the command line to validate syntax without execution:

php -l FILENAME

Higher-level static analyzers include:

php-sat - Requires http://strategoxt.org/
PHP_Depend
PHP_CodeSniffer
PHP Mess Detector
PHPStan
PHP-CS-Fixer
phan

Lower-level analyzers include:

PHP_Parser
token_get_all (primitive function)

Runtime analyzers, which are more useful for some things due to PHP's dynamic nature, include:

Xdebug has code coverage and function traces.
My PHP Tracer Tool uses a combined static/dynamic approach, building on Xdebug's function traces.

The documentation libraries phpdoc and Doxygen perform a kind of code analysis. Doxygen, for example, can be configured to render nice inheritance graphs with Graphviz.

Another option is xhprof, which is similar to Xdebug, but lighter, making it suitable for production servers. The tool includes a PHP-based interface.

Tuesday, December 13, 2022

novalirium-7d87966acc5d

First go to Tools -> Options -> Miscellaneous and click on the Javascript tab, make sure the targeted browsers are configured properly, code completion changes by the minimal version of the targeted browsers to make sure that the functionality is supported.

You also need to add the jquery js file to your project so netbeans would be able to parse it and to properly add code completion.

Tuesday, October 25, 2022

nicolas_oury

PHPLint seems to be the answer. For example, it parses

<?php

function some()
{
    if (time() == 123) {
        throw new Exception("I can't happen");
    }
}

some();

, which will never throw an exception (unless you're in the past), into:

BEGIN parsing of test-cSdHoW
1:      <?php
2:      
3:      function some()
4:      {
5:       if (time() == 123) {
6:        throw new Exception("I can't happen");

          throw new Exception("I can't happen");
                                                _ HERE
==== 6: notice: here generating exception(s) Exception

          throw new Exception("I can't happen");
                                                _ HERE
==== 6: ERROR: exception(s) must be caught or declared to be thrown: Exception
7:       }
8:      }
9:      
10:     some();
==== 3: notice: guessed signature of the function `some()' as void()

        some();
             _ HERE
==== 10: notice: here generating exception(s) Exception

        some();
             _ HERE
==== 10: Warning: uncaught exception(s): Exception
END parsing of test-cSdHoW
==== ?: notice: unused package `dummy.php'
==== ?: notice: required module `standard'
Overall test results: 1 errors, 1 warnings.

So that's exactly what I was asking for :) Adding a docblock and catching the exception results in no more errors or warnings from PHPLint.

Thursday, September 22, 2022

laune

Have a look Simian, you can use it for Java, C#, C, C++, COBOL, Ruby, JSP, ASP, HTML, XML, Visual Basic, Groovy source code and even plain text files.

Also, a similar question here.

Saturday, December 24, 2022

hurried-helpful

See the question for the tools I found.

Thursday, September 22, 2022

m.ricciuti

Only authorized users can answer the search term. Please sign in first, or register a free account.

Not the answer you're looking for? Browse other questions tagged :

php

code-analysis

static-analysis

How can I perform static code analysis in PHP?

Answers

php,code-analysis,static-analysis