Viewed   83 times

Is there a static analysis tool for PHP source files?

The binary itself can check for syntax errors, but I'm looking for something that does more, like:

  • unused variable assignments
  • arrays that are assigned into without being initialized first
  • and possibly code style warnings
  • ...



Run php in lint mode from the command line to validate syntax without execution:


Higher-level static analyzers include:

  • php-sat - Requires
  • PHP_Depend
  • PHP_CodeSniffer
  • PHP Mess Detector
  • PHPStan
  • PHP-CS-Fixer
  • phan

Lower-level analyzers include:

  • PHP_Parser
  • token_get_all (primitive function)

Runtime analyzers, which are more useful for some things due to PHP's dynamic nature, include:

  • Xdebug has code coverage and function traces.
  • My PHP Tracer Tool uses a combined static/dynamic approach, building on Xdebug's function traces.

The documentation libraries phpdoc and Doxygen perform a kind of code analysis. Doxygen, for example, can be configured to render nice inheritance graphs with Graphviz.

Another option is xhprof, which is similar to Xdebug, but lighter, making it suitable for production servers. The tool includes a PHP-based interface.

Tuesday, December 13, 2022

First go to Tools -> Options -> Miscellaneous and click on the Javascript tab, make sure the targeted browsers are configured properly, code completion changes by the minimal version of the targeted browsers to make sure that the functionality is supported.

You also need to add the jquery js file to your project so netbeans would be able to parse it and to properly add code completion.

Tuesday, October 25, 2022

PHPLint seems to be the answer. For example, it parses


function some()
    if (time() == 123) {
        throw new Exception("I can't happen");


, which will never throw an exception (unless you're in the past), into:

BEGIN parsing of test-cSdHoW
1:      <?php
3:      function some()
4:      {
5:       if (time() == 123) {
6:        throw new Exception("I can't happen");

          throw new Exception("I can't happen");
                                                _ HERE
==== 6: notice: here generating exception(s) Exception

          throw new Exception("I can't happen");
                                                _ HERE
==== 6: ERROR: exception(s) must be caught or declared to be thrown: Exception
7:       }
8:      }
10:     some();
==== 3: notice: guessed signature of the function `some()' as void()

             _ HERE
==== 10: notice: here generating exception(s) Exception

             _ HERE
==== 10: Warning: uncaught exception(s): Exception
END parsing of test-cSdHoW
==== ?: notice: unused package `dummy.php'
==== ?: notice: required module `standard'
Overall test results: 1 errors, 1 warnings.

So that's exactly what I was asking for :) Adding a docblock and catching the exception results in no more errors or warnings from PHPLint.

Thursday, September 22, 2022

Have a look Simian, you can use it for Java, C#, C, C++, COBOL, Ruby, JSP, ASP, HTML, XML, Visual Basic, Groovy source code and even plain text files.

Also, a similar question here.

Saturday, December 24, 2022

See the question for the tools I found.

Thursday, September 22, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :