SlideShare a Scribd company logo

Modern Static Code Analysis in PHP

Download as PPTX, PDF
Vladimir Reznichenko, profile picture
Vladimir Reznichenko

The document discusses modern static code analysis (SCA) in PHP, highlighting the evolution from first to third generation tools and their impact on code quality and development processes. It emphasizes the need for intelligent tools to address the complexities and maintenance challenges of contemporary software. The document also reviews specific tools such as PHP Inspections, PHP Codesniffer, and PHP CS Fixer, detailing their functionalities and integrations in continuous integration environments.

Engineering
1 of 18
Downloaded 13 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Modern Static Code Analysis in PHP 25 Feb 2016, Mannheim @kalessil
Introducing myself • The author of Php Inspections (EA Extended) o A plugin for PhpStorm adding strong code semantics analysis • A contributor of Symfony 1.5 and Symfony 2 o With SCA focus of course • A contributor of PHP CS Fixer o SCA and contributed fixers • Background is PHP/Java Expert level in Enterprise
Modern Static Code Analysis in PHP 25 Feb 2016, Mannheim @kalessil
PHP • I love the community and hate language itself (not only me) • Infrastructure around PHP is great (Composer, ZF, Symfony, Yii, Hosting and etc.) • Php has low entry level for new developers (hits code quality) • Php has 2 really important characteristics (hits apps life-cycle) o It’s fast to go on a market when you develop apps in PHP o It’s painful to maintain survived applications
Modern software • Getting more complex with each year o Increases maintenance costs and complexity o Requires more intelligent tools • Continuous Integration and Delivery o Increases costs of failures at delivery phase o Raises additional stability requirements to development processes • Agile development processes o Affects code quality and introducing un-finished code/features o Requires more intelligent tools
Peer2Peer review still works
But…
Really!
Let’s dig dipper… • Code Style (formatting, naming, spaghetti code) o Can be covered by existing (“old”) tools, so easily solvable • Lack of API knowledge o Remember low entry level of PHP o You have to educate people (or tools can do it just during development) • Obviously inefficient code constructs o Remember low entry level of PHP o Remember Agile processes o You have to reject this (or tools can do it just during development) • Lack of team experience o That’s team work (but tools still can educate during development)
So how to simplify own life?
Or let machines work for us
Generations of SCA tools • 1st generation o Eclipse and other first IDEs o PHP CodeSniffer • 2nd generation o JetBrains IDEs + SCA plugins o SensioLabs Insight, Scritinizer, SonarCube o Exacat, PHP CS Fixer • 3rd generation o We’ll see them soon, expert systems specialized on code defects o SCA tools based on PHP 7 real PSI tree (presented in JB IDEs currently)
Semantic Analyzers • Php Inspections (EA Extended) o Targeting transition of 2nd and 3rd generation tools o Expert-level code reviews o “In-stream" analysis, when developers are not disturbed o Productivity booster (automated code adjustments) o CI usage available o Requires no configurations at start, just install the plugin • Exakat o Targeting transition of 2nd and 3rd generation tools o CI/local usage available o Expert-level code reviews
Code Style • Php CodeSniffer (a 1st generation tool) o CI/local usage available o Reports code style violations o Customizable and extendable • PHP CS Fixer (a 2nd generation tool) o CI/local usage available o Fixes code style violations o Customizable and extendable
SaaS alternatives SensioLabs Insight • Framework/CSM centric • Good technical debt estimation • 2nd generation tool Scrutinizer • Plays nicely with Open Source • A little bit noisy • Based on 1st generation tools ("old” tools)
In between: • Based on 1st generation toolst o But exists “Sonar way” rules o Only reports issues o Requires initial configuration, or not really usable • IDEs integration • Multi-language projects supported o But unfortunately not all • Integrated metrics and code style presets
Live demonstration
Thank you!

More Related Content

PPTX
Journey with XP a case study in embedded domain by Pradeep Kumar NR
XP Conference India
 
PPTX
Componentize! by Lancer Kind XP Conference 2016
XP Conference India
 
PPTX
Api NodeJS con PureScript
Belatrix Software
 
PDF
Software Design Trilogy Part III - Domain Driven Design for Ruby on Rails App...
Andy Maleh
 
PDF
Hack in the Box GSEC 2016 - Reverse Engineering Swift Applications
eightbit
 
KEY
Using Aspects for Language Portability (SCAM 2010)
lennartkats
 
PPTX
Oop project briefing sem 1 2015 2016 (1)
IIUM
 
PDF
Eclipse Day India 2015 - Unleashing the Java 8 Tooling in Eclipse
Eclipse Day India
 
Journey with XP a case study in embedded domain by Pradeep Kumar NR
XP Conference India
 
Componentize! by Lancer Kind XP Conference 2016
XP Conference India
 
Api NodeJS con PureScript
Belatrix Software
 
Software Design Trilogy Part III - Domain Driven Design for Ruby on Rails App...
Andy Maleh
 
Hack in the Box GSEC 2016 - Reverse Engineering Swift Applications
eightbit
 
Using Aspects for Language Portability (SCAM 2010)
lennartkats
 
Oop project briefing sem 1 2015 2016 (1)
IIUM
 
Eclipse Day India 2015 - Unleashing the Java 8 Tooling in Eclipse
Eclipse Day India
 

What's hot (20)

PDF
Effective programming in Java - Kronospan Job Fair 2016
Łukasz Koniecki
 
PPT
Asynchronous PHP. Myth? Reality!
Alexander Lisachenko
 
PDF
Java and effective programming. Is it possible? - IAESTE Case Week 2016
Łukasz Koniecki
 
PDF
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Michael Reif
 
KEY
Language Engineering in the Cloud
lennartkats
 
PDF
Writing readable Clojure code
Jiří Knesl
 
KEY
Test-driven language development
lennartkats
 
PDF
Sonarqube + Docker
Estefanía Fernández Muñoz
 
PDF
Continuous Inspection of Code Quality: SonarQube
Emre Dündar
 
PDF
Functional programming ruby mty
AdrianGzz2112
 
PDF
The Spoofax Language Workbench (SPLASH 2010)
lennartkats
 
PPTX
Java Comments | Java course
RAKESH P
 
PDF
Eclipse Testing Day 2010. Xored Q7
platoff
 
PDF
Performance profiling and testing of symfony application 2
Andrew Yatsenko
 
PPT
laravel Elegant artisan by santosh pawar
Santosh Pawar
 
PPTX
Static Analysis with Sonarlint
UT, San Antonio
 
PDF
Solving cross cutting concerns in PHP - PHPSerbia-2017
Alexander Lisachenko
 
PDF
Test automation design patterns
Vitaly Tatarinov
 
PDF
RoboCon 2018: How did we get here? Where do we go next?
Pekka Klärck
 
PDF
Deliberate Practice, New Learning Styles (2015)
Peter Kofler
 
Effective programming in Java - Kronospan Job Fair 2016
Łukasz Koniecki
 
Asynchronous PHP. Myth? Reality!
Alexander Lisachenko
 
Java and effective programming. Is it possible? - IAESTE Case Week 2016
Łukasz Koniecki
 
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Michael Reif
 
Language Engineering in the Cloud
lennartkats
 
Writing readable Clojure code
Jiří Knesl
 
Test-driven language development
lennartkats
 
Sonarqube + Docker
Estefanía Fernández Muñoz
 
Continuous Inspection of Code Quality: SonarQube
Emre Dündar
 
Functional programming ruby mty
AdrianGzz2112
 
The Spoofax Language Workbench (SPLASH 2010)
lennartkats
 
Java Comments | Java course
RAKESH P
 
Eclipse Testing Day 2010. Xored Q7
platoff
 
Performance profiling and testing of symfony application 2
Andrew Yatsenko
 
laravel Elegant artisan by santosh pawar
Santosh Pawar
 
Static Analysis with Sonarlint
UT, San Antonio
 
Solving cross cutting concerns in PHP - PHPSerbia-2017
Alexander Lisachenko
 
Test automation design patterns
Vitaly Tatarinov
 
RoboCon 2018: How did we get here? Where do we go next?
Pekka Klärck
 
Deliberate Practice, New Learning Styles (2015)
Peter Kofler
 
Ad

Viewers also liked (20)

PDF
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
Rouven Weßling
 
PDF
Static Analysis of PHP Code – IPC Berlin 2016
Rouven Weßling
 
PDF
Dynamic PHP web-application analysis
ax330d
 
PPTX
XSSの評価基準とRIPSプラグイン的なものを作った
yamaguchi_2048
 
PDF
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
Shellmates
 
PDF
Web UI performance tuning
Andy Pemberton
 
PDF
PHP Static Code Review
Damien Seguy
 
KEY
Php Code Audits (PHP UK 2010)
Damien Seguy
 
PDF
Functions - complex first class citizen
Vytautas Butkus
 
DOC
Coding standards php
sagarrautray777
 
PDF
Coding Best practices (PHP)
Christian Baune
 
PPTX
Modular & Event driven UI Architecture
Vytautas Butkus
 
PDF
PHP CODING STANDARDS
Asheesh Sharma
 
PDF
RIPS - static code analyzer for vulnerabilities in PHP
Sorina Chirilă
 
PPTX
Coding Standard And Code Review
Milan Vukoje
 
PDF
JavaScript and UI Architecture Best Practices
Siarhei Barysiuk
 
PPTX
ニューラルネットワークによる音声の分類
yamaguchi_2048
 
PDF
Secure Programming With Static Analysis
ConSanFrancisco123
 
PDF
Refactoring Legacy Code
Adam Culp
 
PPT
Night of the Long Knives
DHUMPHREYS
 
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
Rouven Weßling
 
Static Analysis of PHP Code – IPC Berlin 2016
Rouven Weßling
 
Dynamic PHP web-application analysis
ax330d
 
XSSの評価基準とRIPSプラグイン的なものを作った
yamaguchi_2048
 
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
Shellmates
 
Web UI performance tuning
Andy Pemberton
 
PHP Static Code Review
Damien Seguy
 
Php Code Audits (PHP UK 2010)
Damien Seguy
 
Functions - complex first class citizen
Vytautas Butkus
 
Coding standards php
sagarrautray777
 
Coding Best practices (PHP)
Christian Baune
 
Modular & Event driven UI Architecture
Vytautas Butkus
 
PHP CODING STANDARDS
Asheesh Sharma
 
RIPS - static code analyzer for vulnerabilities in PHP
Sorina Chirilă
 
Coding Standard And Code Review
Milan Vukoje
 
JavaScript and UI Architecture Best Practices
Siarhei Barysiuk
 
ニューラルネットワークによる音声の分類
yamaguchi_2048
 
Secure Programming With Static Analysis
ConSanFrancisco123
 
Refactoring Legacy Code
Adam Culp
 
Night of the Long Knives
DHUMPHREYS
 
Ad

Similar to Modern Static Code Analysis in PHP (20)

PDF
The why and how of moving to php 8
Wim Godden
 
PPTX
2R-3KS03-OOP_UNIT-I (Part-A)_2023-24.pptx
GauravGamer2
 
PPTX
Listen and look at your PHP code
Gabriele Santini
 
PDF
Continous Delivery Toronto Presentation
XebiaLabs
 
PPTX
essential code quality tools and frontend web performance tools every modern ...
Sunny gupta
 
PDF
Intake_35_OpenSource_Developer track
Christine Raouf
 
PDF
open source applications developers
hoda mashaly
 
PPTX
Symphony Software Foundation API Working Group Proposal
Symphony Software Foundation
 
PDF
The why and how of moving to php 7
Wim Godden
 
PPT
Online voting system ppt by anoop
Anoop Kumar
 
PDF
Continuous Integration In Php
Wilco Jansen
 
PPTX
#SPSNYC 2018 Migrate your custom components to the #SharePoint Framework #SPFX
Vincent Biret
 
PPTX
Build software like a bag of marbles, not a castle of LEGO®
Hannes Lowette
 
PDF
Introducing Continuous Delivery in the Enterprise
XebiaLabs
 
PDF
PHP 4? OMG! A small vademecum for obsolete software migration.
Francesco Fullone
 
PDF
Continuous Updating with VersionEye at code.talks 2014
Robert Reiz
 
PPTX
“One man” development process model
Silicon Straits
 
PDF
Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014
Matthew Cobby
 
PPTX
Web development post io2016
Filip Bruun Bech-Larsen
 
PDF
Why Plone Will Die
Andreas Jung
 
The why and how of moving to php 8
Wim Godden
 
2R-3KS03-OOP_UNIT-I (Part-A)_2023-24.pptx
GauravGamer2
 
Listen and look at your PHP code
Gabriele Santini
 
Continous Delivery Toronto Presentation
XebiaLabs
 
essential code quality tools and frontend web performance tools every modern ...
Sunny gupta
 
Intake_35_OpenSource_Developer track
Christine Raouf
 
open source applications developers
hoda mashaly
 
Symphony Software Foundation API Working Group Proposal
Symphony Software Foundation
 
The why and how of moving to php 7
Wim Godden
 
Online voting system ppt by anoop
Anoop Kumar
 
Continuous Integration In Php
Wilco Jansen
 
#SPSNYC 2018 Migrate your custom components to the #SharePoint Framework #SPFX
Vincent Biret
 
Build software like a bag of marbles, not a castle of LEGO®
Hannes Lowette
 
Introducing Continuous Delivery in the Enterprise
XebiaLabs
 
PHP 4? OMG! A small vademecum for obsolete software migration.
Francesco Fullone
 
Continuous Updating with VersionEye at code.talks 2014
Robert Reiz
 
“One man” development process model
Silicon Straits
 
Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014
Matthew Cobby
 
Web development post io2016
Filip Bruun Bech-Larsen
 
Why Plone Will Die
Andreas Jung
 

Recently uploaded (20)

PPTX
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
PPT
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
PDF
composite construction of structures.pdf
AinieButt1
 
PPTX
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
PDF
Well-logging-methods_new................
ZafriFarid
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
PDF
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
PPTX
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
PDF
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
PDF
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
PPTX
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
PPTX
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
PPTX
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
PDF
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
PPTX
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
PPTX
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
PPTX
Sustainable Sites - Green Building Construction
mhdumerali
 
PPTX
web development for engineering and engineering
keshriji700
 
MET 305 2019 SCHEME MODULE 2 COMPLETE.pptx
VinayB68
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
Mechanical Engineering MATERIALS Selection
arsalanahmad705384
 
composite construction of structures.pdf
AinieButt1
 
CH1 Production IntroductoryConcepts.pptx
RacemMellouli1
 
Well-logging-methods_new................
ZafriFarid
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
Model Code of Practice - Construction Work - 21102022 .pdf
AinieButt1
 
Foundation to blockchain - A guide to Blockchain Tech
Davies Chacko
 
Operating System & Kernel Study Guide-1 - converted.pdf
mranoninvisib16
 
Evaluating the Democratization of the Turkish Armed Forces from a Normative P...
jpsjournal1
 
MCN 401 KTU-2019-PPE KITS-MODULE 2.pptx
VinayB68
 
Engineering Ethics, Safety and Environment [Autosaved] (1).pptx
MehrabTaseenTalukder
 
CARTOGRAPHY AND GEOINFORMATION VISUALIZATION chapter1 NPTE (2).pptx
abhi1361yadav
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
Mohammad Mahdi Farshadian CV - Prospective PhD Student 2026
Educational Group Mohammad Farshadian
 
FINAL REVIEW FOR COPD DIANOSIS FOR PULMONARY DISEASE.pptx
rubeshbme
 
KTU 2019 -S7-MCN 401 MODULE 2-VINAY.pptx
VinayB68
 
Sustainable Sites - Green Building Construction
mhdumerali
 
web development for engineering and engineering
keshriji700
 

Modern Static Code Analysis in PHP

  • 1. Modern Static Code Analysis in PHP 25 Feb 2016, Mannheim @kalessil
  • 2. Introducing myself • The author of Php Inspections (EA Extended) o A plugin for PhpStorm adding strong code semantics analysis • A contributor of Symfony 1.5 and Symfony 2 o With SCA focus of course • A contributor of PHP CS Fixer o SCA and contributed fixers • Background is PHP/Java Expert level in Enterprise
  • 3. Modern Static Code Analysis in PHP 25 Feb 2016, Mannheim @kalessil
  • 4. PHP • I love the community and hate language itself (not only me) • Infrastructure around PHP is great (Composer, ZF, Symfony, Yii, Hosting and etc.) • Php has low entry level for new developers (hits code quality) • Php has 2 really important characteristics (hits apps life-cycle) o It’s fast to go on a market when you develop apps in PHP o It’s painful to maintain survived applications
  • 5. Modern software • Getting more complex with each year o Increases maintenance costs and complexity o Requires more intelligent tools • Continuous Integration and Delivery o Increases costs of failures at delivery phase o Raises additional stability requirements to development processes • Agile development processes o Affects code quality and introducing un-finished code/features o Requires more intelligent tools
  • 9. Let’s dig dipper… • Code Style (formatting, naming, spaghetti code) o Can be covered by existing (“old”) tools, so easily solvable • Lack of API knowledge o Remember low entry level of PHP o You have to educate people (or tools can do it just during development) • Obviously inefficient code constructs o Remember low entry level of PHP o Remember Agile processes o You have to reject this (or tools can do it just during development) • Lack of team experience o That’s team work (but tools still can educate during development)
  • 10. So how to simplify own life?
  • 11. Or let machines work for us
  • 12. Generations of SCA tools • 1st generation o Eclipse and other first IDEs o PHP CodeSniffer • 2nd generation o JetBrains IDEs + SCA plugins o SensioLabs Insight, Scritinizer, SonarCube o Exacat, PHP CS Fixer • 3rd generation o We’ll see them soon, expert systems specialized on code defects o SCA tools based on PHP 7 real PSI tree (presented in JB IDEs currently)
  • 13. Semantic Analyzers • Php Inspections (EA Extended) o Targeting transition of 2nd and 3rd generation tools o Expert-level code reviews o “In-stream" analysis, when developers are not disturbed o Productivity booster (automated code adjustments) o CI usage available o Requires no configurations at start, just install the plugin • Exakat o Targeting transition of 2nd and 3rd generation tools o CI/local usage available o Expert-level code reviews
  • 14. Code Style • Php CodeSniffer (a 1st generation tool) o CI/local usage available o Reports code style violations o Customizable and extendable • PHP CS Fixer (a 2nd generation tool) o CI/local usage available o Fixes code style violations o Customizable and extendable
  • 15. SaaS alternatives SensioLabs Insight • Framework/CSM centric • Good technical debt estimation • 2nd generation tool Scrutinizer • Plays nicely with Open Source • A little bit noisy • Based on 1st generation tools ("old” tools)
  • 16. In between: • Based on 1st generation toolst o But exists “Sonar way” rules o Only reports issues o Requires initial configuration, or not really usable • IDEs integration • Multi-language projects supported o But unfortunately not all • Integrated metrics and code style presets