Modern Static Code Analysis in PHP
-
Upload
vladimir-reznichenko -
Category
Engineering
-
view
607 -
download
2
Transcript of Modern Static Code Analysis in PHP
![Page 1: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/1.jpg)
Modern Static Code Analysis in PHP
25 Feb 2016, Mannheim@kalessil
![Page 2: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/2.jpg)
Introducing myself• The author of Php Inspections (EA Extended)
o A plugin for PhpStorm adding strong code semantics analysis
• A contributor of Symfony 1.5 and Symfony 2o With SCA focus of course
• A contributor of PHP CS Fixero SCA and contributed fixers
• Background is PHP/Java Expert level in Enterprise
![Page 3: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/3.jpg)
Modern Static Code Analysis in PHP
25 Feb 2016, Mannheim@kalessil
![Page 4: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/4.jpg)
PHP• I love the community and hate language itself (not only me)
• Infrastructure around PHP is great (Composer, ZF, Symfony, Yii, Hosting and etc.)
• Php has low entry level for new developers (hits code quality)
• Php has 2 really important characteristics (hits apps life-cycle)
o It’s fast to go on a market when you develop apps in PHP
o It’s painful to maintain survived applications
![Page 5: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/5.jpg)
Modern software• Getting more complex with each year
o Increases maintenance costs and complexityo Requires more intelligent tools
• Continuous Integration and Deliveryo Increases costs of failures at delivery phaseo Raises additional stability requirements to development processes
• Agile development processeso Affects code quality and introducing un-finished code/featureso Requires more intelligent tools
![Page 6: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/6.jpg)
Peer2Peer review still works
![Page 7: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/7.jpg)
But…
![Page 8: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/8.jpg)
Really!
![Page 9: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/9.jpg)
Let’s dig dipper…• Code Style (formatting, naming, spaghetti code)
o Can be covered by existing (“old”) tools, so easily solvable• Lack of API knowledge
o Remember low entry level of PHPo You have to educate people (or tools can do it just during development)
• Obviously inefficient code constructso Remember low entry level of PHPo Remember Agile processeso You have to reject this (or tools can do it just during development)
• Lack of team experienceo That’s team work (but tools still can educate during development)
![Page 10: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/10.jpg)
So how to simplify own life?
![Page 11: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/11.jpg)
Or let machines work for us
![Page 12: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/12.jpg)
Generations of SCA tools
• 1st generationo Eclipse and other first IDEso PHP CodeSniffer
• 2nd generationo JetBrains IDEs + SCA pluginso SensioLabs Insight, Scritinizer, SonarCubeo Exacat, PHP CS Fixer
• 3rd generationo We’ll see them soon, expert systems specialized on code defectso SCA tools based on PHP 7 real PSI tree (presented in JB IDEs currently)
![Page 13: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/13.jpg)
Semantic Analyzers• Php Inspections (EA Extended)
o Targeting transition of 2nd and 3rd generation toolso Expert-level code reviewso “In-stream" analysis, when developers are not disturbedo Productivity booster (automated code adjustments)o CI usage availableo Requires no configurations at start, just install the plugin
• Exakato Targeting transition of 2nd and 3rd generation toolso CI/local usage availableo Expert-level code reviews
![Page 14: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/14.jpg)
Code Style• Php CodeSniffer (a 1st generation tool)
o CI/local usage availableo Reports code style violationso Customizable and extendable
• PHP CS Fixer (a 2nd generation tool)o CI/local usage availableo Fixes code style violationso Customizable and extendable
![Page 15: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/15.jpg)
SaaS alternativesSensioLabs Insight• Framework/CSM centric• Good technical debt estimation• 2nd generation tool
Scrutinizer• Plays nicely with Open Source• A little bit noisy• Based on 1st generation tools ("old” tools)
![Page 16: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/16.jpg)
In between:
• Based on 1st generation toolsto But exists “Sonar way” ruleso Only reports issueso Requires initial configuration, or not really usable
• IDEs integration
• Multi-language projects supportedo But unfortunately not all
• Integrated metrics and code style presets
![Page 17: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/17.jpg)
Live demonstration
![Page 18: Modern Static Code Analysis in PHP](https://reader033.fdocuments.in/reader033/viewer/2022042706/588303b81a28abe70d8b6007/html5/thumbnails/18.jpg)
Thank you!