"NPATH, which counts the acyclic execution paths through a function, is an objective measure of software complexity related to the ease with which software can be comprehensively tested."[1] This is the definition from an article written in 1988 by Brian Nejmeh. As informative as this is, my eyes glazed over half way into it. So what the heck is acyclic execution anyway?

He defines the term in a bit easier to understand language and includes an example function to help illustrate how NPATH is measured.

The goal is to limit your NPATH complexity in a given method down to 200 or less. [...] As with other complexity metrics, this one can be checked with PHP Mess Detector (phpmd). The importance of staying under the 200 path threshold is realized when you develop tests and start trying to debug.

My interest was mostly because I'm working on a book chapter which includes some static analysis content, and there are a couple of these tools that I include in my own builds, but I don't do much with the output of them. However I didn't want to drop anything from the chapter if it was actually a valuable tool and I was just missing the point - pretty much all the tools got a good number of votes though, so I'll be covering all of the [options].

According to her results, the most used tool by developers is the PHP_CodeSniffer with the PHP Mess Detector and PHP Copy & Paste Detector tied for second place.

PHPsrc is a plugin that allow you to run PHP_CodeSniffer, PHPUnit, PHP Depend and PHP Copy/Paste Detector directly in Eclipse. The site also says that more tools should come. As you work, you will see any transgression you make. That will save you from breaking the build, but it also makes it easier to fix the problem. After all, you just wrote the faulty lines of code.

He walks you through the install of the plugin and shows you how to set things up to point to the executables on your development environment (complete with some screenshots). There's even an example of the output for a particularly offensive (standards-wise, of course) piece of code.

Let us start with some architecture basics behind PHPMD. All rules in PHPMD must at least implement the PHP_PMD_Rule interface. You can also extend the abstract rule base class PHP_PMD_AbstractRule which already provides an implementation of all required infrastructure methods and application logic, so that the only task which is left to you is the implementation of the concrete validation code of your rule.

He walks you through some sample code and talks about some of the common interfaces that are available to your testing. He takes one of them, IFunctionAware, and looks at it specifically, showing how to use it to detect and add violations for the validation. He includes an example of writing a rule based on an existing software metric (in this case, the number of public methods). There's also bit at the end showing how to write a rule based on the "abstract syntax tree" to be able to check just about anything in the code you're looking to test.

PHPMD can be seen as an one level down/low level equivalent to PHP_CodeSniffer. It is a simple command line tool that can be used to check your application's source code for possible bugs, suboptimal or overcomplicated code. The current release of PHPMD ships with three default rule sets.

The first deals with code size, the second checks for unused variables and the like and the third looks at naming conventions. He shows how to take one of the structures from one of these three and create a new rule. For his example it's a measurement of cyclomatic complexity. He also shows you how to exclude certain rules that might come in another set so you don't have to completely redefine to use pre-existing rules.

The latest release of PHPMD can be pulled from pear.phpmd.org or from its github repository.

He's laid out a map of the tools that can all interact to create a more robust environment for automatically building and testing your code. Here's his list:

• PHP_CodeSniffer
• phpmd
• phpcpd
• PHP_Depend
• PHPUnit

The results of all of these tools running on your code is then fed into the CruiseControl instance and passed off to phpUnderControl for final deployment.