Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Jakub Zalas:
Static analysis tools for PHP in a single docker image
Jul 21, 2017 @ 10:56:07

Jakub Zalas has a new post to his site sharing a Docker image he's created to help make static analysis for your PHP code simpler: the phpqa image.

As part of my job I often perform application reviews and code quality analysis for clients who wish to have their code base looked at by an independent company. Running static analysis tools is usually a starting point to the review as it gives a general overview of a state of the project. I also like to run those tools as part of an introduction to an inherited code base.

For an easy access to the most popular static analysis tools for PHP I recently created a docker image - phpqa.

He lists out the tools that are included with the current version (a quite lengthy list) including:

  • analyze
  • box
  • deptrac
  • php-code-fixer
  • phpDocumentor
  • phpa
  • phploc
  • phpmd
  • phpstan
  • psalm

...and many more. Check out the full post for more of the tools in the list and links to more information about each one.

tagged: docker image static analysis tool image phpqa

Link: http://zalas.eu/phpqa-static-analysis-tools-for-php-docker-image/

SitePoint PHP Blog:
How to Analyze Tweet Sentiments with PHP Machine Learning
Jul 10, 2017 @ 12:10:52

On the SitePoint PHP blog they've posted a new tutorial showing you how to analyze tweet sentiments using a combination of PHP and machine learning (with the help of the php-ai/php-ml library).

As of late, it seems everyone and their proverbial grandma is talking about Machine Learning. [...] Yes, what about Machine Learning and PHP? Fortunately, someone was crazy enough not only to ask that question, but to also develop a generic machine learning library that we can use in our next project. In this post we are going take a look at PHP-ML – a machine learning library for PHP – and we’ll write a sentiment analysis class that we can later reuse for our own chat or tweet bot.

The post then starts in with some of the basics of machine learning and sentiment analysis and briefly introduces the php-ml library and what functionality it offers. It then outlines the problem they're trying to solve and the solution including what data points php-ml will use to determine the sentiment of a tweet. The author shows how to get the php-ml package installed, how to read in the data set and how to "exercise" the sentiment analysis against the tweets. It describes how the evaluation works and shows the accuracy result of a basic run.

tagged: machine learning phpml library tutorial introduction sentiment analysis

Link: https://www.sitepoint.com/how-to-analyze-tweet-sentiments-with-php-machine-learning/

Medium.com:
The Three Pillars of Static Analysis in PHP
Dec 12, 2016 @ 13:06:03

In this post over on Medium.com Ond?ej Mirtes looks at what he calls the "Three Pillars of Static Analysis in PHP" - three kinds of testing you can do to catch errors "at rest" in your codebase.

My credo is that everything that can be automated should be automated. Computers are really good at repeating tedious tasks and they don’t usually make mistakes while us squishy humans are defined by making mistakes everywhere we go.

[...] In the following article, I’d like to introduce three tools that will help you to find errors and inconsistencies in your codebase. If your build integrating these tools finishes successfully, you can be pretty sure your application is in a good shape.

His list of three tools covers checking for:

He covers some of the things the last option verifies and links to another introductory article about the tool to help you get started.

tagged: static analysis pillars lint codesniffer phpstan code

Link: https://medium.com/@ondrejmirtes/three-pillars-of-static-analysis-in-php-f3f5d7bfd61b#.etoa1rfkq

Medium.com:
PHPStan: Find Bugs In Your Code Without Writing Tests!
Dec 05, 2016 @ 13:25:38

In this post on Medium.com Ond?ej Mirtes introduces a tool that can be use to statically analyze your PHP application and locate bugs without the need for tests - PHPStan.

Keeping up with modern PHP practices leads to codebases where we can be sure about types of a lot of data, converging with statically typed languages, although the dynamic nature is still present. Modern PHP codebases are similar to the ones in languages people make much less fun of. Object-oriented code, dependency injection and usage of established design patterns are truly common nowadays.

Which led me to the idea of a static analysis tool for PHP that would substitute the role of the compiler from other languages. I’ve spent a lot of time working on it and I’ve been employing its various development versions checking our codebase for more than a year.

It’s called PHPStan, it’s open-source and free to use.

The post goes on to talk about some of the checks that PHPStan performs (with more information available in the project's README). He also talks about the performance of the tool, how to extend it and configuring it for "strictness". He ends the post by pointing out that, despite the title of the article, he still encourages writing tests, just making sure they're "meaningful ones" that test more than just syntax.

tagged: phpstan static analysis tool tests evaluation

Link: https://medium.com/@ondrejmirtes/phpstan-2939cd0ad0e3#.23491arlh

Master Zend Framework:
Preparing Legacy Applications for PHP 7 with Phan
Sep 08, 2016 @ 12:07:42

The Master Zend Framework site has posted a new tutorial for those making the move in their legacy applications up to the world of PHP 7. In it Matthew Setter shows how to use phan, a static analysis tool, to locate issues that could cause breakage in the upgrade.

Unless you’ve been living under a rock these last 12 - 18 months, you will have heard about PHP 7; the latest version of PHP. Not only is it fast, by some reports it’s up to twice as fast as PHP 5.6, and far less memory hungry.

[...] Unfortunately, your application’s source code may not be 100% compatible with version 7. Upgrading may well leave you with a broken application and a set of unhappy customers. So before you go breaking your site in the interests of speed and being one of the cool kids, find out if your code’s compatible. How? By using a static code analyser, one which gives you all the changes you need to make on your code, so that you can upgrade with confidence.

He then shows how to install the Phan tool via Composer and execute it against your codebase. The result of his commands are a file that contains the issues found during the scan. If there are some "false positives" you'd like to ignore he also shows you how to create a config.php file with these and other values set to make it all more reusable.

tagged: php7 upgrade phan detect static analysis code tutorial

Link: http://www.masterzendframework.com/preparing-for-php7-with-phan/

SitePoint PHP Blog:
Static analysis with PHPSA: PHP Smart Analyzer
Sep 08, 2016 @ 09:25:33

On the SitePoint PHP blog there's a post from Claudio Ribeiro introducing you to a new static analysis tool to help improve the quality of your code - PHP Static Analyzer, or "PHPSA" for short.

One requirement that never changes whether you are working on your projects alone or in a team, on small projects or big, is Code Quality. The bigger the project and the team, the harder it gets to maintain it.

A good way of slowing this increase in difficulty down is to use static analysis tools. Static analysis is the process of analyzing software without actually executing the program – a sort of automatic code review. Static analysis tools will detect common errors, enforce coding standards, and even clean up code blocks. The days of php -l filename are not over, but we now have a number of great tools that go the extra mile in helping us create and maintain high quality code.

They start with an example of using the tried and true "php -l" to lint an example PHP file but note that the yes/no answer it provides doesn't help give much feedback on the quality of the code, just its syntax. Enter PHPSA, a Composer-installable tool that does much more than lint checking. It also provides information about things like missing docblocks, function alias use and undefined property usage. they show an example of it in use on the command line, the results it provides and the changes made to the example class to fix the issues it found.

tagged: phpsa smart analyzer static analysis tool tutorial example

Link: https://www.sitepoint.com/static-analysis-with-phpsa-php-smart-analyzer/

Viva64.com:
Analysis of PHP7
Apr 29, 2016 @ 12:15:56

On the Viva64.com site they've posted the results of their own evaluation of PHP 7 in terms of both the source of the language itself and the libraries it makes use of.

Sometimes checking a project one more time can be quite amusing. It helps to see which errors were fixed, and which ones got into the code since the time it was last checked. My colleague has already written an article about PHP analysis. As there was a new version released, I decided to check the source code of the interpreter once again, and I wasn't disappointed - the project had a lot of interesting fragments to look at.

They start with a brief look at PHP 7 including when it was released, some of the features/functionality included and the tool they used to do the analysis. They talk about some of the difficulties in the analysis process and how the widespread user of macros tripped it up a bit. They includes some code examples from PHP's source and the warnings that their PVS-Studio returned. The post ends with a brief look at the third-party libraries PHP uses and the responsibility the project takes in including them.

tagged: php7 analysis language source scanner pvsstudio results

Link: http://www.viva64.com/en/b/0392/#ID0EWECK

Rob Allen:
Running Phan against Slim 3
Dec 10, 2015 @ 09:51:20

Rob Allen has a quick post sharing the results of a test run of the Phan static analysis tool on the current state of the Slim 3 framework codebase (with v3.0 just being released).

Having installed Phan, I decided to use it against the upcoming Slim 3 codebase.

Phan needs a list of files to scan, and the place I started was with Lorna's article on Generating a file list for Phan.

He walks through the steps for creating this list of files (removing developer dependencies) and the results from the Phan execution. While a good amount of the errors related more to dependencies and missing class/interface definitions, there were some typing errors found based on the difference between the docblock and how the code handled the variable.

tagged: phan static analysis tool slim3 framework results

Link: https://akrabat.com/running-phan-against-slim-3

Rob Allen:
Installing Phan on OS X
Dec 03, 2015 @ 09:27:37

Rob Allen has posted a quick tip to his site showing how to get Phan installed on an OS X system. Phan is a static analysis tool written for PHP 7 and makes use of the new functionality that exposes the AST for the underlying language.

I use Homebrew for my local PHP installation on OS X and am currently running PHP 7.0.0 RC8.

Phan is a static analyser for PHP 7 which was written by Rasmus and then rewritten by Andrew Morrison. As it benefits from PHP 7's abstract syntax tree it can find all kinds of subtle errors, so I wanted to install it locally to have a play with it.

He shows how to get the tool installed via Composer (with a custom repository definition) and links to the ast extension you'll need installed to let the tool work. A quick exit to your php.ini file is then all it takes to complete the installation and let you install and run the tool from the command line.

tagged: phan static analysis tool php7 install configure osx

Link: http://akrabat.com/installing-phan-on-os-x/

Lorna Mitchell:
Generating a File List for Phan
Nov 27, 2015 @ 10:38:33

Lorna Mitchell has shared a tip she's found helpful when using the phan static analysis tool for finding only PHP files via a simple grep.

Phan is the PHP Analyzer for PHP 7 code. I've been using it, partly out of curiosity, and partly to look at what the implications of upgrading my various projects will be. [...] I generated my filelist.txt files with a little help from grep - by looking for all files with opening PHP tags in, and putting that list of filenames into a file.

The phan tool is still pretty young but it provides a good example of how to use the new php-ast handling to parse and analyze PHP code.

tagged: phan file list generate quick tip grep static analysis tool

Link: http://www.lornajane.net/posts/2015/generating-a-file-list-for-phan