SlideShare a Scribd company logo
1 of 18
Download to read offline
Modern Static Code
Analysis in PHP
25 Feb 2016, Mannheim
@kalessil
Introducing myself
• The author of Php Inspections (EA Extended)
o A plugin for PhpStorm adding strong code semantics analysis
• A contributor of Symfony 1.5 and Symfony 2
o With SCA focus of course
• A contributor of PHP CS Fixer
o SCA and contributed fixers
• Background is PHP/Java Expert level in Enterprise
Modern Static Code
Analysis in PHP
25 Feb 2016, Mannheim
@kalessil
PHP
• I love the community and hate language itself (not only me)
• Infrastructure around PHP is great (Composer, ZF, Symfony, Yii,
Hosting and etc.)
• Php has low entry level for new developers (hits code quality)
• Php has 2 really important characteristics (hits apps life-cycle)
o It’s fast to go on a market when you develop apps in PHP
o It’s painful to maintain survived applications
Modern software
• Getting more complex with each year
o Increases maintenance costs and complexity
o Requires more intelligent tools
• Continuous Integration and Delivery
o Increases costs of failures at delivery phase
o Raises additional stability requirements to development processes
• Agile development processes
o Affects code quality and introducing un-finished code/features
o Requires more intelligent tools
Peer2Peer review still works
But…
Really!
Let’s dig dipper…
• Code Style (formatting, naming, spaghetti code)
o Can be covered by existing (“old”) tools, so easily solvable
• Lack of API knowledge
o Remember low entry level of PHP
o You have to educate people (or tools can do it just during development)
• Obviously inefficient code constructs
o Remember low entry level of PHP
o Remember Agile processes
o You have to reject this (or tools can do it just during development)
• Lack of team experience
o That’s team work (but tools still can educate during development)
So how to simplify own life?
Or let machines work for us
Generations of SCA tools
• 1st generation
o Eclipse and other first IDEs
o PHP CodeSniffer
• 2nd generation
o JetBrains IDEs + SCA plugins
o SensioLabs Insight, Scritinizer, SonarCube
o Exacat, PHP CS Fixer
• 3rd generation
o We’ll see them soon, expert systems specialized on code defects
o SCA tools based on PHP 7 real PSI tree (presented in JB IDEs currently)
Semantic Analyzers
• Php Inspections (EA Extended)
o Targeting transition of 2nd and 3rd generation tools
o Expert-level code reviews
o “In-stream" analysis, when developers are not disturbed
o Productivity booster (automated code adjustments)
o CI usage available
o Requires no configurations at start, just install the plugin
• Exakat
o Targeting transition of 2nd and 3rd generation tools
o CI/local usage available
o Expert-level code reviews
Code Style
• Php CodeSniffer (a 1st generation tool)
o CI/local usage available
o Reports code style violations
o Customizable and extendable
• PHP CS Fixer (a 2nd generation tool)
o CI/local usage available
o Fixes code style violations
o Customizable and extendable
SaaS alternatives
SensioLabs Insight
• Framework/CSM centric
• Good technical debt estimation
• 2nd generation tool
Scrutinizer
• Plays nicely with Open Source
• A little bit noisy
• Based on 1st generation tools ("old” tools)
In between:
• Based on 1st generation toolst
o But exists “Sonar way” rules
o Only reports issues
o Requires initial configuration, or not really usable
• IDEs integration
• Multi-language projects supported
o But unfortunately not all
• Integrated metrics and code style presets
Live demonstration
Thank you!

More Related Content

What's hot

Effective programming in Java - Kronospan Job Fair 2016
Effective programming in Java - Kronospan Job Fair 2016Effective programming in Java - Kronospan Job Fair 2016
Effective programming in Java - Kronospan Job Fair 2016Łukasz Koniecki
 
Java and effective programming. Is it possible? - IAESTE Case Week 2016
Java and effective programming. Is it possible? - IAESTE Case Week 2016Java and effective programming. Is it possible? - IAESTE Case Week 2016
Java and effective programming. Is it possible? - IAESTE Case Week 2016Łukasz Koniecki
 
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for JavaSystematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for JavaMichael Reif
 
Language Engineering in the Cloud
Language Engineering in the CloudLanguage Engineering in the Cloud
Language Engineering in the Cloudlennartkats
 
Writing readable Clojure code
Writing readable Clojure codeWriting readable Clojure code
Writing readable Clojure codeJiří Knesl
 
Test-driven language development
Test-driven language developmentTest-driven language development
Test-driven language developmentlennartkats
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeEmre Dündar
 
Functional programming ruby mty
Functional programming   ruby mtyFunctional programming   ruby mty
Functional programming ruby mtyAdrianGzz2112
 
The Spoofax Language Workbench (SPLASH 2010)
The Spoofax Language Workbench (SPLASH 2010)The Spoofax Language Workbench (SPLASH 2010)
The Spoofax Language Workbench (SPLASH 2010)lennartkats
 
Java Comments | Java course
Java Comments | Java courseJava Comments | Java course
Java Comments | Java courseRAKESH P
 
Eclipse Testing Day 2010. Xored Q7
Eclipse Testing Day 2010. Xored Q7Eclipse Testing Day 2010. Xored Q7
Eclipse Testing Day 2010. Xored Q7platoff
 
Performance profiling and testing of symfony application 2
Performance profiling and testing of symfony application 2Performance profiling and testing of symfony application 2
Performance profiling and testing of symfony application 2Andrew Yatsenko
 
laravel Elegant artisan by santosh pawar
laravel Elegant artisan by santosh pawarlaravel Elegant artisan by santosh pawar
laravel Elegant artisan by santosh pawarSantosh Pawar
 
Static Analysis with Sonarlint
Static Analysis with SonarlintStatic Analysis with Sonarlint
Static Analysis with SonarlintUT, San Antonio
 
Solving cross cutting concerns in PHP - PHPSerbia-2017
Solving cross cutting concerns in PHP - PHPSerbia-2017Solving cross cutting concerns in PHP - PHPSerbia-2017
Solving cross cutting concerns in PHP - PHPSerbia-2017Alexander Lisachenko
 
Test automation design patterns
Test automation design patternsTest automation design patterns
Test automation design patternsVitaly Tatarinov
 
RoboCon 2018: How did we get here? Where do we go next?
RoboCon 2018: How did we get here? Where do we go next?RoboCon 2018: How did we get here? Where do we go next?
RoboCon 2018: How did we get here? Where do we go next?Pekka Klärck
 
Deliberate Practice, New Learning Styles (2015)
Deliberate Practice, New Learning Styles (2015)Deliberate Practice, New Learning Styles (2015)
Deliberate Practice, New Learning Styles (2015)Peter Kofler
 

What's hot (20)

Effective programming in Java - Kronospan Job Fair 2016
Effective programming in Java - Kronospan Job Fair 2016Effective programming in Java - Kronospan Job Fair 2016
Effective programming in Java - Kronospan Job Fair 2016
 
Asynchronous PHP. Myth? Reality!
Asynchronous PHP. Myth? Reality!Asynchronous PHP. Myth? Reality!
Asynchronous PHP. Myth? Reality!
 
Java and effective programming. Is it possible? - IAESTE Case Week 2016
Java and effective programming. Is it possible? - IAESTE Case Week 2016Java and effective programming. Is it possible? - IAESTE Case Week 2016
Java and effective programming. Is it possible? - IAESTE Case Week 2016
 
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for JavaSystematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
 
Language Engineering in the Cloud
Language Engineering in the CloudLanguage Engineering in the Cloud
Language Engineering in the Cloud
 
Writing readable Clojure code
Writing readable Clojure codeWriting readable Clojure code
Writing readable Clojure code
 
Test-driven language development
Test-driven language developmentTest-driven language development
Test-driven language development
 
Sonarqube + Docker
Sonarqube + DockerSonarqube + Docker
Sonarqube + Docker
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQube
 
Functional programming ruby mty
Functional programming   ruby mtyFunctional programming   ruby mty
Functional programming ruby mty
 
The Spoofax Language Workbench (SPLASH 2010)
The Spoofax Language Workbench (SPLASH 2010)The Spoofax Language Workbench (SPLASH 2010)
The Spoofax Language Workbench (SPLASH 2010)
 
Java Comments | Java course
Java Comments | Java courseJava Comments | Java course
Java Comments | Java course
 
Eclipse Testing Day 2010. Xored Q7
Eclipse Testing Day 2010. Xored Q7Eclipse Testing Day 2010. Xored Q7
Eclipse Testing Day 2010. Xored Q7
 
Performance profiling and testing of symfony application 2
Performance profiling and testing of symfony application 2Performance profiling and testing of symfony application 2
Performance profiling and testing of symfony application 2
 
laravel Elegant artisan by santosh pawar
laravel Elegant artisan by santosh pawarlaravel Elegant artisan by santosh pawar
laravel Elegant artisan by santosh pawar
 
Static Analysis with Sonarlint
Static Analysis with SonarlintStatic Analysis with Sonarlint
Static Analysis with Sonarlint
 
Solving cross cutting concerns in PHP - PHPSerbia-2017
Solving cross cutting concerns in PHP - PHPSerbia-2017Solving cross cutting concerns in PHP - PHPSerbia-2017
Solving cross cutting concerns in PHP - PHPSerbia-2017
 
Test automation design patterns
Test automation design patternsTest automation design patterns
Test automation design patterns
 
RoboCon 2018: How did we get here? Where do we go next?
RoboCon 2018: How did we get here? Where do we go next?RoboCon 2018: How did we get here? Where do we go next?
RoboCon 2018: How did we get here? Where do we go next?
 
Deliberate Practice, New Learning Styles (2015)
Deliberate Practice, New Learning Styles (2015)Deliberate Practice, New Learning Styles (2015)
Deliberate Practice, New Learning Styles (2015)
 

Viewers also liked

PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...Rouven Weßling
 
Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016Rouven Weßling
 
Dynamic PHP web-application analysis
Dynamic PHP web-application analysisDynamic PHP web-application analysis
Dynamic PHP web-application analysisax330d
 
XSSの評価基準とRIPSプラグイン的なものを作った
XSSの評価基準とRIPSプラグイン的なものを作ったXSSの評価基準とRIPSプラグイン的なものを作った
XSSの評価基準とRIPSプラグイン的なものを作ったyamaguchi_2048
 
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil BelakhdarBSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil BelakhdarShellmates
 
Web UI performance tuning
Web UI performance tuningWeb UI performance tuning
Web UI performance tuningAndy Pemberton
 
PHP Static Code Review
PHP Static Code ReviewPHP Static Code Review
PHP Static Code ReviewDamien Seguy
 
Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)Damien Seguy
 
Functions - complex first class citizen
Functions - complex first class citizenFunctions - complex first class citizen
Functions - complex first class citizenVytautas Butkus
 
Coding Best practices (PHP)
Coding Best practices (PHP)Coding Best practices (PHP)
Coding Best practices (PHP)Christian Baune
 
Modular & Event driven UI Architecture
Modular & Event driven UI ArchitectureModular & Event driven UI Architecture
Modular & Event driven UI ArchitectureVytautas Butkus
 
RIPS - static code analyzer for vulnerabilities in PHP
RIPS - static code analyzer for vulnerabilities in PHPRIPS - static code analyzer for vulnerabilities in PHP
RIPS - static code analyzer for vulnerabilities in PHPSorina Chirilă
 
Coding Standard And Code Review
Coding Standard And Code ReviewCoding Standard And Code Review
Coding Standard And Code ReviewMilan Vukoje
 
JavaScript and UI Architecture Best Practices
JavaScript and UI Architecture Best PracticesJavaScript and UI Architecture Best Practices
JavaScript and UI Architecture Best PracticesSiarhei Barysiuk
 
ニューラルネットワークによる音声の分類
ニューラルネットワークによる音声の分類ニューラルネットワークによる音声の分類
ニューラルネットワークによる音声の分類yamaguchi_2048
 
Secure Programming With Static Analysis
Secure Programming With Static AnalysisSecure Programming With Static Analysis
Secure Programming With Static AnalysisConSanFrancisco123
 
Refactoring Legacy Code
Refactoring Legacy CodeRefactoring Legacy Code
Refactoring Legacy CodeAdam Culp
 
Night of the Long Knives
Night of the Long KnivesNight of the Long Knives
Night of the Long KnivesDHUMPHREYS
 

Viewers also liked (20)

PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
 
Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016
 
Dynamic PHP web-application analysis
Dynamic PHP web-application analysisDynamic PHP web-application analysis
Dynamic PHP web-application analysis
 
XSSの評価基準とRIPSプラグイン的なものを作った
XSSの評価基準とRIPSプラグイン的なものを作ったXSSの評価基準とRIPSプラグイン的なものを作った
XSSの評価基準とRIPSプラグイン的なものを作った
 
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil BelakhdarBSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
 
Web UI performance tuning
Web UI performance tuningWeb UI performance tuning
Web UI performance tuning
 
PHP Static Code Review
PHP Static Code ReviewPHP Static Code Review
PHP Static Code Review
 
Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)
 
Functions - complex first class citizen
Functions - complex first class citizenFunctions - complex first class citizen
Functions - complex first class citizen
 
Coding standards php
Coding standards phpCoding standards php
Coding standards php
 
Coding Best practices (PHP)
Coding Best practices (PHP)Coding Best practices (PHP)
Coding Best practices (PHP)
 
Modular & Event driven UI Architecture
Modular & Event driven UI ArchitectureModular & Event driven UI Architecture
Modular & Event driven UI Architecture
 
PHP CODING STANDARDS
PHP CODING STANDARDSPHP CODING STANDARDS
PHP CODING STANDARDS
 
RIPS - static code analyzer for vulnerabilities in PHP
RIPS - static code analyzer for vulnerabilities in PHPRIPS - static code analyzer for vulnerabilities in PHP
RIPS - static code analyzer for vulnerabilities in PHP
 
Coding Standard And Code Review
Coding Standard And Code ReviewCoding Standard And Code Review
Coding Standard And Code Review
 
JavaScript and UI Architecture Best Practices
JavaScript and UI Architecture Best PracticesJavaScript and UI Architecture Best Practices
JavaScript and UI Architecture Best Practices
 
ニューラルネットワークによる音声の分類
ニューラルネットワークによる音声の分類ニューラルネットワークによる音声の分類
ニューラルネットワークによる音声の分類
 
Secure Programming With Static Analysis
Secure Programming With Static AnalysisSecure Programming With Static Analysis
Secure Programming With Static Analysis
 
Refactoring Legacy Code
Refactoring Legacy CodeRefactoring Legacy Code
Refactoring Legacy Code
 
Night of the Long Knives
Night of the Long KnivesNight of the Long Knives
Night of the Long Knives
 

Similar to Modern Static Code Analysis in PHP

The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8Wim Godden
 
2R-3KS03-OOP_UNIT-I (Part-A)_2023-24.pptx
2R-3KS03-OOP_UNIT-I (Part-A)_2023-24.pptx2R-3KS03-OOP_UNIT-I (Part-A)_2023-24.pptx
2R-3KS03-OOP_UNIT-I (Part-A)_2023-24.pptxGauravGamer2
 
Listen and look at your PHP code
Listen and look at your PHP codeListen and look at your PHP code
Listen and look at your PHP codeGabriele Santini
 
Continous Delivery Toronto Presentation
Continous Delivery Toronto PresentationContinous Delivery Toronto Presentation
Continous Delivery Toronto PresentationXebiaLabs
 
open source applications developers
open source applications developersopen source applications developers
open source applications developershoda mashaly
 
Intake_35_OpenSource_Developer track
Intake_35_OpenSource_Developer trackIntake_35_OpenSource_Developer track
Intake_35_OpenSource_Developer trackChristine Raouf
 
Symphony Software Foundation API Working Group Proposal
Symphony Software Foundation API Working Group ProposalSymphony Software Foundation API Working Group Proposal
Symphony Software Foundation API Working Group ProposalSymphony Software Foundation
 
The why and how of moving to php 7
The why and how of moving to php 7The why and how of moving to php 7
The why and how of moving to php 7Wim Godden
 
Online voting system ppt by anoop
Online voting system ppt by anoopOnline voting system ppt by anoop
Online voting system ppt by anoopAnoop Kumar
 
Continuous Integration In Php
Continuous Integration In PhpContinuous Integration In Php
Continuous Integration In PhpWilco Jansen
 
#SPSNYC 2018 Migrate your custom components to the #SharePoint Framework #SPFX
#SPSNYC 2018 Migrate your custom components to the #SharePoint Framework #SPFX#SPSNYC 2018 Migrate your custom components to the #SharePoint Framework #SPFX
#SPSNYC 2018 Migrate your custom components to the #SharePoint Framework #SPFXVincent Biret
 
Build software like a bag of marbles, not a castle of LEGO®
Build software like a bag of marbles, not a castle of LEGO®Build software like a bag of marbles, not a castle of LEGO®
Build software like a bag of marbles, not a castle of LEGO®Hannes Lowette
 
Introducing Continuous Delivery in the Enterprise
Introducing Continuous Delivery in the EnterpriseIntroducing Continuous Delivery in the Enterprise
Introducing Continuous Delivery in the EnterpriseXebiaLabs
 
PHP 4? OMG! A small vademecum for obsolete software migration.
PHP 4? OMG! A small vademecum for obsolete software migration.PHP 4? OMG! A small vademecum for obsolete software migration.
PHP 4? OMG! A small vademecum for obsolete software migration.Francesco Fullone
 
Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014Robert Reiz
 
“One man” development process model
“One man” development process model“One man” development process model
“One man” development process modelSilicon Straits
 
Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014
Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014
Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014Matthew Cobby
 
Why Plone Will Die
Why Plone Will DieWhy Plone Will Die
Why Plone Will DieAndreas Jung
 
How to Review your Translation with 2 Free and Open Source QA Tools
How to Review your Translation with 2 Free and Open Source QA ToolsHow to Review your Translation with 2 Free and Open Source QA Tools
How to Review your Translation with 2 Free and Open Source QA ToolsQabiria
 

Similar to Modern Static Code Analysis in PHP (20)

The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8
 
2R-3KS03-OOP_UNIT-I (Part-A)_2023-24.pptx
2R-3KS03-OOP_UNIT-I (Part-A)_2023-24.pptx2R-3KS03-OOP_UNIT-I (Part-A)_2023-24.pptx
2R-3KS03-OOP_UNIT-I (Part-A)_2023-24.pptx
 
Listen and look at your PHP code
Listen and look at your PHP codeListen and look at your PHP code
Listen and look at your PHP code
 
Continous Delivery Toronto Presentation
Continous Delivery Toronto PresentationContinous Delivery Toronto Presentation
Continous Delivery Toronto Presentation
 
open source applications developers
open source applications developersopen source applications developers
open source applications developers
 
Intake_35_OpenSource_Developer track
Intake_35_OpenSource_Developer trackIntake_35_OpenSource_Developer track
Intake_35_OpenSource_Developer track
 
Symphony Software Foundation API Working Group Proposal
Symphony Software Foundation API Working Group ProposalSymphony Software Foundation API Working Group Proposal
Symphony Software Foundation API Working Group Proposal
 
The why and how of moving to php 7
The why and how of moving to php 7The why and how of moving to php 7
The why and how of moving to php 7
 
Online voting system ppt by anoop
Online voting system ppt by anoopOnline voting system ppt by anoop
Online voting system ppt by anoop
 
Continuous Integration In Php
Continuous Integration In PhpContinuous Integration In Php
Continuous Integration In Php
 
#SPSNYC 2018 Migrate your custom components to the #SharePoint Framework #SPFX
#SPSNYC 2018 Migrate your custom components to the #SharePoint Framework #SPFX#SPSNYC 2018 Migrate your custom components to the #SharePoint Framework #SPFX
#SPSNYC 2018 Migrate your custom components to the #SharePoint Framework #SPFX
 
Build software like a bag of marbles, not a castle of LEGO®
Build software like a bag of marbles, not a castle of LEGO®Build software like a bag of marbles, not a castle of LEGO®
Build software like a bag of marbles, not a castle of LEGO®
 
Introducing Continuous Delivery in the Enterprise
Introducing Continuous Delivery in the EnterpriseIntroducing Continuous Delivery in the Enterprise
Introducing Continuous Delivery in the Enterprise
 
PHP 4? OMG! A small vademecum for obsolete software migration.
PHP 4? OMG! A small vademecum for obsolete software migration.PHP 4? OMG! A small vademecum for obsolete software migration.
PHP 4? OMG! A small vademecum for obsolete software migration.
 
Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014
 
“One man” development process model
“One man” development process model“One man” development process model
“One man” development process model
 
Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014
Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014
Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014
 
Web development post io2016
Web development post io2016Web development post io2016
Web development post io2016
 
Why Plone Will Die
Why Plone Will DieWhy Plone Will Die
Why Plone Will Die
 
How to Review your Translation with 2 Free and Open Source QA Tools
How to Review your Translation with 2 Free and Open Source QA ToolsHow to Review your Translation with 2 Free and Open Source QA Tools
How to Review your Translation with 2 Free and Open Source QA Tools
 

Recently uploaded

Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...
Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...
Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...Amil baba
 
A Seminar on Electric Vehicle Software Simulation
A Seminar on Electric Vehicle Software SimulationA Seminar on Electric Vehicle Software Simulation
A Seminar on Electric Vehicle Software SimulationMohsinKhanA
 
me3493 manufacturing technology unit 1 Part A
me3493 manufacturing technology unit 1 Part Ame3493 manufacturing technology unit 1 Part A
me3493 manufacturing technology unit 1 Part Akarthi keyan
 
UNIT4_ESD_wfffffggggggggggggith_ARM.pptx
UNIT4_ESD_wfffffggggggggggggith_ARM.pptxUNIT4_ESD_wfffffggggggggggggith_ARM.pptx
UNIT4_ESD_wfffffggggggggggggith_ARM.pptxrealme6igamerr
 
Gender Bias in Engineer, Honors 203 Project
Gender Bias in Engineer, Honors 203 ProjectGender Bias in Engineer, Honors 203 Project
Gender Bias in Engineer, Honors 203 Projectreemakb03
 
Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...
Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...
Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...Sean Meyn
 
specification estimation and valuation of a building
specification estimation and valuation of a buildingspecification estimation and valuation of a building
specification estimation and valuation of a buildingswethasekhar5
 
News web APP using NEWS API for web platform to enhancing user experience
News web APP using NEWS API for web platform to enhancing user experienceNews web APP using NEWS API for web platform to enhancing user experience
News web APP using NEWS API for web platform to enhancing user experienceAkashJha84
 
Technology Features of Apollo HDD Machine, Its Technical Specification with C...
Technology Features of Apollo HDD Machine, Its Technical Specification with C...Technology Features of Apollo HDD Machine, Its Technical Specification with C...
Technology Features of Apollo HDD Machine, Its Technical Specification with C...Apollo Techno Industries Pvt Ltd
 
GENERAL CONDITIONS FOR CONTRACTS OF CIVIL ENGINEERING WORKS
GENERAL CONDITIONS  FOR  CONTRACTS OF CIVIL ENGINEERING WORKS GENERAL CONDITIONS  FOR  CONTRACTS OF CIVIL ENGINEERING WORKS
GENERAL CONDITIONS FOR CONTRACTS OF CIVIL ENGINEERING WORKS Bahzad5
 
nvidia AI-gtc 2024 partial slide deck.pptx
nvidia AI-gtc 2024 partial slide deck.pptxnvidia AI-gtc 2024 partial slide deck.pptx
nvidia AI-gtc 2024 partial slide deck.pptxjasonsedano2
 
Modelling Guide for Timber Structures - FPInnovations
Modelling Guide for Timber Structures - FPInnovationsModelling Guide for Timber Structures - FPInnovations
Modelling Guide for Timber Structures - FPInnovationsYusuf Yıldız
 
Guardians and Glitches: Navigating the Duality of Gen AI in AppSec
Guardians and Glitches: Navigating the Duality of Gen AI in AppSecGuardians and Glitches: Navigating the Duality of Gen AI in AppSec
Guardians and Glitches: Navigating the Duality of Gen AI in AppSecTrupti Shiralkar, CISSP
 
Basic Principle of Electrochemical Sensor
Basic Principle of  Electrochemical SensorBasic Principle of  Electrochemical Sensor
Basic Principle of Electrochemical SensorTanvir Moin
 
solar wireless electric vechicle charging system
solar wireless electric vechicle charging systemsolar wireless electric vechicle charging system
solar wireless electric vechicle charging systemgokuldongala
 
Phase noise transfer functions.pptx
Phase noise transfer      functions.pptxPhase noise transfer      functions.pptx
Phase noise transfer functions.pptxSaiGouthamSunkara
 

Recently uploaded (20)

Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...
Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...
Popular-NO1 Kala Jadu Expert Specialist In Germany Kala Jadu Expert Specialis...
 
Litature Review: Research Paper work for Engineering
Litature Review: Research Paper work for EngineeringLitature Review: Research Paper work for Engineering
Litature Review: Research Paper work for Engineering
 
A Seminar on Electric Vehicle Software Simulation
A Seminar on Electric Vehicle Software SimulationA Seminar on Electric Vehicle Software Simulation
A Seminar on Electric Vehicle Software Simulation
 
me3493 manufacturing technology unit 1 Part A
me3493 manufacturing technology unit 1 Part Ame3493 manufacturing technology unit 1 Part A
me3493 manufacturing technology unit 1 Part A
 
UNIT4_ESD_wfffffggggggggggggith_ARM.pptx
UNIT4_ESD_wfffffggggggggggggith_ARM.pptxUNIT4_ESD_wfffffggggggggggggith_ARM.pptx
UNIT4_ESD_wfffffggggggggggggith_ARM.pptx
 
計劃趕得上變化
計劃趕得上變化計劃趕得上變化
計劃趕得上變化
 
Gender Bias in Engineer, Honors 203 Project
Gender Bias in Engineer, Honors 203 ProjectGender Bias in Engineer, Honors 203 Project
Gender Bias in Engineer, Honors 203 Project
 
Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...
Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...
Quasi-Stochastic Approximation: Algorithm Design Principles with Applications...
 
specification estimation and valuation of a building
specification estimation and valuation of a buildingspecification estimation and valuation of a building
specification estimation and valuation of a building
 
News web APP using NEWS API for web platform to enhancing user experience
News web APP using NEWS API for web platform to enhancing user experienceNews web APP using NEWS API for web platform to enhancing user experience
News web APP using NEWS API for web platform to enhancing user experience
 
Technology Features of Apollo HDD Machine, Its Technical Specification with C...
Technology Features of Apollo HDD Machine, Its Technical Specification with C...Technology Features of Apollo HDD Machine, Its Technical Specification with C...
Technology Features of Apollo HDD Machine, Its Technical Specification with C...
 
GENERAL CONDITIONS FOR CONTRACTS OF CIVIL ENGINEERING WORKS
GENERAL CONDITIONS  FOR  CONTRACTS OF CIVIL ENGINEERING WORKS GENERAL CONDITIONS  FOR  CONTRACTS OF CIVIL ENGINEERING WORKS
GENERAL CONDITIONS FOR CONTRACTS OF CIVIL ENGINEERING WORKS
 
nvidia AI-gtc 2024 partial slide deck.pptx
nvidia AI-gtc 2024 partial slide deck.pptxnvidia AI-gtc 2024 partial slide deck.pptx
nvidia AI-gtc 2024 partial slide deck.pptx
 
Modelling Guide for Timber Structures - FPInnovations
Modelling Guide for Timber Structures - FPInnovationsModelling Guide for Timber Structures - FPInnovations
Modelling Guide for Timber Structures - FPInnovations
 
Guardians and Glitches: Navigating the Duality of Gen AI in AppSec
Guardians and Glitches: Navigating the Duality of Gen AI in AppSecGuardians and Glitches: Navigating the Duality of Gen AI in AppSec
Guardians and Glitches: Navigating the Duality of Gen AI in AppSec
 
Lecture 2 .pdf
Lecture 2                           .pdfLecture 2                           .pdf
Lecture 2 .pdf
 
Basic Principle of Electrochemical Sensor
Basic Principle of  Electrochemical SensorBasic Principle of  Electrochemical Sensor
Basic Principle of Electrochemical Sensor
 
Présentation IIRB 2024 Marine Cordonnier.pdf
Présentation IIRB 2024 Marine Cordonnier.pdfPrésentation IIRB 2024 Marine Cordonnier.pdf
Présentation IIRB 2024 Marine Cordonnier.pdf
 
solar wireless electric vechicle charging system
solar wireless electric vechicle charging systemsolar wireless electric vechicle charging system
solar wireless electric vechicle charging system
 
Phase noise transfer functions.pptx
Phase noise transfer      functions.pptxPhase noise transfer      functions.pptx
Phase noise transfer functions.pptx
 

Modern Static Code Analysis in PHP

  • 1. Modern Static Code Analysis in PHP 25 Feb 2016, Mannheim @kalessil
  • 2. Introducing myself • The author of Php Inspections (EA Extended) o A plugin for PhpStorm adding strong code semantics analysis • A contributor of Symfony 1.5 and Symfony 2 o With SCA focus of course • A contributor of PHP CS Fixer o SCA and contributed fixers • Background is PHP/Java Expert level in Enterprise
  • 3. Modern Static Code Analysis in PHP 25 Feb 2016, Mannheim @kalessil
  • 4. PHP • I love the community and hate language itself (not only me) • Infrastructure around PHP is great (Composer, ZF, Symfony, Yii, Hosting and etc.) • Php has low entry level for new developers (hits code quality) • Php has 2 really important characteristics (hits apps life-cycle) o It’s fast to go on a market when you develop apps in PHP o It’s painful to maintain survived applications
  • 5. Modern software • Getting more complex with each year o Increases maintenance costs and complexity o Requires more intelligent tools • Continuous Integration and Delivery o Increases costs of failures at delivery phase o Raises additional stability requirements to development processes • Agile development processes o Affects code quality and introducing un-finished code/features o Requires more intelligent tools
  • 9. Let’s dig dipper… • Code Style (formatting, naming, spaghetti code) o Can be covered by existing (“old”) tools, so easily solvable • Lack of API knowledge o Remember low entry level of PHP o You have to educate people (or tools can do it just during development) • Obviously inefficient code constructs o Remember low entry level of PHP o Remember Agile processes o You have to reject this (or tools can do it just during development) • Lack of team experience o That’s team work (but tools still can educate during development)
  • 10. So how to simplify own life?
  • 11. Or let machines work for us
  • 12. Generations of SCA tools • 1st generation o Eclipse and other first IDEs o PHP CodeSniffer • 2nd generation o JetBrains IDEs + SCA plugins o SensioLabs Insight, Scritinizer, SonarCube o Exacat, PHP CS Fixer • 3rd generation o We’ll see them soon, expert systems specialized on code defects o SCA tools based on PHP 7 real PSI tree (presented in JB IDEs currently)
  • 13. Semantic Analyzers • Php Inspections (EA Extended) o Targeting transition of 2nd and 3rd generation tools o Expert-level code reviews o “In-stream" analysis, when developers are not disturbed o Productivity booster (automated code adjustments) o CI usage available o Requires no configurations at start, just install the plugin • Exakat o Targeting transition of 2nd and 3rd generation tools o CI/local usage available o Expert-level code reviews
  • 14. Code Style • Php CodeSniffer (a 1st generation tool) o CI/local usage available o Reports code style violations o Customizable and extendable • PHP CS Fixer (a 2nd generation tool) o CI/local usage available o Fixes code style violations o Customizable and extendable
  • 15. SaaS alternatives SensioLabs Insight • Framework/CSM centric • Good technical debt estimation • 2nd generation tool Scrutinizer • Plays nicely with Open Source • A little bit noisy • Based on 1st generation tools ("old” tools)
  • 16. In between: • Based on 1st generation toolst o But exists “Sonar way” rules o Only reports issues o Requires initial configuration, or not really usable • IDEs integration • Multi-language projects supported o But unfortunately not all • Integrated metrics and code style presets