Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Viva64.com:
Analysis of PHP7
Apr 29, 2016 @ 12:15:56

On the Viva64.com site they've posted the results of their own evaluation of PHP 7 in terms of both the source of the language itself and the libraries it makes use of.

Sometimes checking a project one more time can be quite amusing. It helps to see which errors were fixed, and which ones got into the code since the time it was last checked. My colleague has already written an article about PHP analysis. As there was a new version released, I decided to check the source code of the interpreter once again, and I wasn't disappointed - the project had a lot of interesting fragments to look at.

They start with a brief look at PHP 7 including when it was released, some of the features/functionality included and the tool they used to do the analysis. They talk about some of the difficulties in the analysis process and how the widespread user of macros tripped it up a bit. They includes some code examples from PHP's source and the warnings that their PVS-Studio returned. The post ends with a brief look at the third-party libraries PHP uses and the responsibility the project takes in including them.

tagged: php7 analysis language source scanner pvsstudio results

Link: http://www.viva64.com/en/b/0392/#ID0EWECK

Rob Allen:
Running Phan against Slim 3
Dec 10, 2015 @ 09:51:20

Rob Allen has a quick post sharing the results of a test run of the Phan static analysis tool on the current state of the Slim 3 framework codebase (with v3.0 just being released).

Having installed Phan, I decided to use it against the upcoming Slim 3 codebase.

Phan needs a list of files to scan, and the place I started was with Lorna's article on Generating a file list for Phan.

He walks through the steps for creating this list of files (removing developer dependencies) and the results from the Phan execution. While a good amount of the errors related more to dependencies and missing class/interface definitions, there were some typing errors found based on the difference between the docblock and how the code handled the variable.

tagged: phan static analysis tool slim3 framework results

Link: https://akrabat.com/running-phan-against-slim-3

Rob Allen:
Installing Phan on OS X
Dec 03, 2015 @ 09:27:37

Rob Allen has posted a quick tip to his site showing how to get Phan installed on an OS X system. Phan is a static analysis tool written for PHP 7 and makes use of the new functionality that exposes the AST for the underlying language.

I use Homebrew for my local PHP installation on OS X and am currently running PHP 7.0.0 RC8.

Phan is a static analyser for PHP 7 which was written by Rasmus and then rewritten by Andrew Morrison. As it benefits from PHP 7's abstract syntax tree it can find all kinds of subtle errors, so I wanted to install it locally to have a play with it.

He shows how to get the tool installed via Composer (with a custom repository definition) and links to the ast extension you'll need installed to let the tool work. A quick exit to your php.ini file is then all it takes to complete the installation and let you install and run the tool from the command line.

tagged: phan static analysis tool php7 install configure osx

Link: http://akrabat.com/installing-phan-on-os-x/

Lorna Mitchell:
Generating a File List for Phan
Nov 27, 2015 @ 10:38:33

Lorna Mitchell has shared a tip she's found helpful when using the phan static analysis tool for finding only PHP files via a simple grep.

Phan is the PHP Analyzer for PHP 7 code. I've been using it, partly out of curiosity, and partly to look at what the implications of upgrading my various projects will be. [...] I generated my filelist.txt files with a little help from grep - by looking for all files with opening PHP tags in, and putting that list of filenames into a file.

The phan tool is still pretty young but it provides a good example of how to use the new php-ast handling to parse and analyze PHP code.

tagged: phan file list generate quick tip grep static analysis tool

Link: http://www.lornajane.net/posts/2015/generating-a-file-list-for-phan

SitePoint PHP Blog:
Writing PHP Git Hooks with Static Review
Sep 01, 2015 @ 11:16:01

On the SitePoint PHP blog Matthew Setter introduces the use of git hooks to help with automatic static analysis of your application's code, integrating it directly into your current workflow. He shows how to use this library to make creating and installing them as easy as a single command (and they're written in PHP).

If you’ve been using Git for more than a short length of time, you’ll hopefully have heard of Git hooks. [...] There are hooks for pre- and post-commit, pre- and post-update, pre-push, pre-rebase, and so on. The sample hooks are written in Bash, one of the Linux shell languages. But they can be written in almost any language you’re comfortable or proficient with. [...] Thanks to Static Review, by Samuel Parkinson, you can now write Git hooks with native PHP, optionally building on the existing core classes. In today’s post, I’m going to give you a tour of what’s on offer, finishing up by writing a custom class to check for any lingering calls to var_dump().

He walks you through the installation of the library and helps you create a simple working example that ensures you've correctly set up your (Composer) dependencies. He explains a bit about what's involved in the StaticReview package and the three "introspection" objects initialized for each run. He ends the post by walking you through the creation of a custom, more real-world check that evaluates your code (via a simple grep) to ensure no var_dump statements were left in.

tagged: static review git hook analysis tutorial

Link: http://www.sitepoint.com/writing-php-git-hooks-with-static-review/

Community News:
Launching Today: The Code Climate Platform
Jun 22, 2015 @ 09:57:56

Code Climate, the popular static code analysis service, has made an announcement that will definitely help make checking your PHP application for quality and security issues easier - the release of the Code Climate Platform. This platform provides, among other things, a command line tool that you can use to run their analysis rules on your own systems.

Today, we’re thrilled to launch the Code Climate Platform − the first open, extensible platform for all types of static analysis. [...] What does this mean exactly? First, we’re open sourcing our analysis tools, including the engines and algorithms we use to evaluate code. We’re also enabling anyone to write static analysis engines that run on our servers by following a simple specification. [...] Finally, using our new Code Climate CLI, you can now run any Code Climate-compatible static analysis on your laptop – for free.

This is a great step forward to helping ensure the overall quality of your codebase and makes it even easier than having to rely on a fully external service for the results. Plus, with the specification you can write rules and customize the checks according to your application or framework of choice. They have a developer program you can register for to find out more information about that.

tagged: codeclimate static analysis tool commandline platform opensource specification developer program

Link: http://blog.codeclimate.com/blog/2015/06/19/code-climate-platform/

Efficient Chinese Search with Elasticsearch
Dec 19, 2014 @ 11:56:41

On the SitePoint PHP blog a new tutorial has been posted showing you how to effectively search Chinese content with ElasticSearch. ElasticSearch is a "powerful open source search and analytics engine that makes data easy to explore" and plays nice with PHP via a JSON based query format.

If you have played with Elasticsearch, you already know that analyzing and tokenization are the most important steps while indexing content, and without them your pertinency is going to be bad, your users unhappy and your results poorly sorted. Even with English content you can lose pertinence with a bad stemming, miss some documents when not performing proper elision and so on. And that’s worse if you are indexing another language; the default analyzers are not all-purpose. When dealing with Chinese documents, everything is even more complex, even by considering only Mandarin which is the official language in China and the most spoken worldwide.

He starts by explaining exactly what the problem is with searching Chinese content including the fact that some words can actually be a combination of two or more characters (words). He then lists out a few plugins and tools that can be integrated with ElasticSearch to help with analyzing the content. He goes through each of them and provides instructions on installation and usage. He ends the post with a sample of the results for a set of three search terms, comparing the matches each found.

tagged: chinese search elasticsearch tutorial tokenization analysis

Link: http://www.sitepoint.com/efficient-chinese-search-elasticsearch/

SitePoint PHP Blog:
Analyzing a PHP Project with Jenkins
Dec 05, 2014 @ 10:58:32

The SitePoint PHP blog has posted the latest part in their Jenkins+PHP series today. In this new article (the final part in the series) they use the Jenkins setup they've walked you through already and actually run the analysis on the PHP project and the resulting information.

The results of Jenkins come from different tools and will be placed in different locations within the Jenkins GUI. [...] Within this article, we will be going through each tool and have a look at what it reports back to us. In the end, we will also look at some extra details Jenkins collects for us. Since we build the same project several times, we will get straight lines within our graphs. In a real project, the graph would fluctuate.

He goes through some examples of the results from his analysis including screenshots and explanations for:

  • PHP_CodeSniffer
  • PHP MD (Mess Detector)
  • PHP CPD (Copy & Paste Detector)
  • PHP Depend
  • PHPLOC (Lines Of Code)
  • PHPUnit
  • PHPDox

He also briefly mentions the "changes" information, showing you what changed in that particular build to help narrow down any issues that might have come up.

tagged: tutorial jenkins project analysis report output

Link: http://www.sitepoint.com/analyzing-php-project-jenkins/

Codacy.com:
Review of PHP Static Analysis Tools
May 09, 2014 @ 11:35:15

The Codacy.com blog has posted a review of various static analysis tools for PHP-based applications. These tools can help provided quality and consistency in your code in a more automated way.

Maintaining code quality over time is a hard challenge. It becomes even harder in large projects developed by many programmers. Each person has different code styles and different ways to approach problems. Over time, this may result in confusing and unmaintainable code. Static analysis tools can help developers solve this problem, they enforce coding standards, detect common errors and cleanup code blocks.

Tools mentioned in the post include: PHP_CodeSniffer, the PHP Mess Detector and the PHP Copy & Paste Detector. Each comes with an example of the command to execute it and some sample results. They also talk briefly about where and how these tools could fit into your current workflow, either during development or as a part of a full deployment process.

tagged: static analysis tool list review standards quality integration

Link: http://blog.codacy.com/2014/05/06/php-static-analysis-tools/

Carl Vuorinen:
Installing SonarQube with Jenkins integration for a PHP project
Sep 04, 2013 @ 10:50:25

Carl Vuorinen has posted a tutorial about getting SonarQube to run on your codebase (with the help of Jenkins). SonarQube runs statics on your application including lines of code, number of classes, enforcement of coding standards and duplicated code.

n this second part of my Continous Integration setup I will detail the steps required to install SonarQube (previously called just Sonar, renamed to SonarQube with 3.6 release just a few days ago) and integrate it with the Jenkins server from the previous post so SonarQube will run a daily analysis of our PHP project. In the previous post I covered the installation of Jenkins on a CentOS server and integrated it with GitHub, so if you do not have Jenkins set up you might want to start there.

He talks a bit about what SonarQube can do for you and the features it includes as well as links to a screencast and live demo. From there he gets into the setup and configuration, broken down into steps:

  • Installing SonarQube (with yum)
  • Creating the MySQL database it needs
  • Installing SonarQube Runner
  • Installing PHP environment for SonarQube
  • Integrating SonarQube with Jenkins

There's a quick note at the end about some things that can be done to optimize and clean up the installation too.

tagged: sonarqube jenkins code analysis project tutorial install configure

Link: http://cvuorinen.net/2013/07/installing-sonarqube-with-jenkins-integration-for-a-php-project/