SlideShare a Scribd company logo

Modern Static Code Analysis in PHP

Download as PPTX, PDF
Vladimir Reznichenko
Vladimir Reznichenko

Modern Static Code Analysis in PHP: tolls generations, tools examples and my opinionated vision of things.

Engineering
1 of 18
Modern Static Code Analysis in PHP 25 Feb 2016, Mannheim @kalessil
Introducing myself • The author of Php Inspections (EA Extended) o A plugin for PhpStorm adding strong code semantics analysis • A contributor of Symfony 1.5 and Symfony 2 o With SCA focus of course • A contributor of PHP CS Fixer o SCA and contributed fixers • Background is PHP/Java Expert level in Enterprise
Modern Static Code Analysis in PHP 25 Feb 2016, Mannheim @kalessil
PHP • I love the community and hate language itself (not only me) • Infrastructure around PHP is great (Composer, ZF, Symfony, Yii, Hosting and etc.) • Php has low entry level for new developers (hits code quality) • Php has 2 really important characteristics (hits apps life-cycle) o It’s fast to go on a market when you develop apps in PHP o It’s painful to maintain survived applications
Modern software • Getting more complex with each year o Increases maintenance costs and complexity o Requires more intelligent tools • Continuous Integration and Delivery o Increases costs of failures at delivery phase o Raises additional stability requirements to development processes • Agile development processes o Affects code quality and introducing un-finished code/features o Requires more intelligent tools
Peer2Peer review still works
But…
Really!
Let’s dig dipper… • Code Style (formatting, naming, spaghetti code) o Can be covered by existing (“old”) tools, so easily solvable • Lack of API knowledge o Remember low entry level of PHP o You have to educate people (or tools can do it just during development) • Obviously inefficient code constructs o Remember low entry level of PHP o Remember Agile processes o You have to reject this (or tools can do it just during development) • Lack of team experience o That’s team work (but tools still can educate during development)
So how to simplify own life?
Or let machines work for us
Generations of SCA tools • 1st generation o Eclipse and other first IDEs o PHP CodeSniffer • 2nd generation o JetBrains IDEs + SCA plugins o SensioLabs Insight, Scritinizer, SonarCube o Exacat, PHP CS Fixer • 3rd generation o We’ll see them soon, expert systems specialized on code defects o SCA tools based on PHP 7 real PSI tree (presented in JB IDEs currently)
Semantic Analyzers • Php Inspections (EA Extended) o Targeting transition of 2nd and 3rd generation tools o Expert-level code reviews o “In-stream" analysis, when developers are not disturbed o Productivity booster (automated code adjustments) o CI usage available o Requires no configurations at start, just install the plugin • Exakat o Targeting transition of 2nd and 3rd generation tools o CI/local usage available o Expert-level code reviews
Code Style • Php CodeSniffer (a 1st generation tool) o CI/local usage available o Reports code style violations o Customizable and extendable • PHP CS Fixer (a 2nd generation tool) o CI/local usage available o Fixes code style violations o Customizable and extendable
SaaS alternatives SensioLabs Insight • Framework/CSM centric • Good technical debt estimation • 2nd generation tool Scrutinizer • Plays nicely with Open Source • A little bit noisy • Based on 1st generation tools ("old” tools)
In between: • Based on 1st generation toolst o But exists “Sonar way” rules o Only reports issues o Requires initial configuration, or not really usable • IDEs integration • Multi-language projects supported o But unfortunately not all • Integrated metrics and code style presets
Live demonstration
Thank you!

Recommended

Journey with XP a case study in embedded domain by Pradeep Kumar NR
Journey with XP a case study in embedded domain by Pradeep Kumar NRJourney with XP a case study in embedded domain by Pradeep Kumar NR
Journey with XP a case study in embedded domain by Pradeep Kumar NR
XP Conference India
 
Componentize! by Lancer Kind XP Conference 2016
Componentize! by Lancer Kind XP Conference 2016Componentize! by Lancer Kind XP Conference 2016
Componentize! by Lancer Kind XP Conference 2016
XP Conference India
 
Api NodeJS con PureScript
Api NodeJS con PureScriptApi NodeJS con PureScript
Api NodeJS con PureScript
Belatrix Software
 
Software Design Trilogy Part III - Domain Driven Design for Ruby on Rails App...
Software Design Trilogy Part III - Domain Driven Design for Ruby on Rails App...Software Design Trilogy Part III - Domain Driven Design for Ruby on Rails App...
Software Design Trilogy Part III - Domain Driven Design for Ruby on Rails App...
Andy Maleh
 
Hack in the Box GSEC 2016 - Reverse Engineering Swift Applications
Hack in the Box GSEC 2016 - Reverse Engineering Swift ApplicationsHack in the Box GSEC 2016 - Reverse Engineering Swift Applications
Hack in the Box GSEC 2016 - Reverse Engineering Swift Applications
eightbit
 
Using Aspects for Language Portability (SCAM 2010)
Using Aspects for Language Portability (SCAM 2010)Using Aspects for Language Portability (SCAM 2010)
Using Aspects for Language Portability (SCAM 2010)
lennartkats
 
Oop project briefing sem 1 2015 2016 (1)
Oop project briefing sem 1 2015 2016 (1)Oop project briefing sem 1 2015 2016 (1)
Oop project briefing sem 1 2015 2016 (1)
IIUM
 
Eclipse Day India 2015 - Unleashing the Java 8 Tooling in Eclipse
Eclipse Day India 2015 - Unleashing the Java 8 Tooling in EclipseEclipse Day India 2015 - Unleashing the Java 8 Tooling in Eclipse
Eclipse Day India 2015 - Unleashing the Java 8 Tooling in Eclipse
Eclipse Day India
 

Recommended

Journey with XP a case study in embedded domain by Pradeep Kumar NR
Journey with XP a case study in embedded domain by Pradeep Kumar NRJourney with XP a case study in embedded domain by Pradeep Kumar NR
Journey with XP a case study in embedded domain by Pradeep Kumar NR
XP Conference India
 
Componentize! by Lancer Kind XP Conference 2016
Componentize! by Lancer Kind XP Conference 2016Componentize! by Lancer Kind XP Conference 2016
Componentize! by Lancer Kind XP Conference 2016
XP Conference India
 
Api NodeJS con PureScript
Api NodeJS con PureScriptApi NodeJS con PureScript
Api NodeJS con PureScript
Belatrix Software
 
Software Design Trilogy Part III - Domain Driven Design for Ruby on Rails App...
Software Design Trilogy Part III - Domain Driven Design for Ruby on Rails App...Software Design Trilogy Part III - Domain Driven Design for Ruby on Rails App...
Software Design Trilogy Part III - Domain Driven Design for Ruby on Rails App...
Andy Maleh
 
Hack in the Box GSEC 2016 - Reverse Engineering Swift Applications
Hack in the Box GSEC 2016 - Reverse Engineering Swift ApplicationsHack in the Box GSEC 2016 - Reverse Engineering Swift Applications
Hack in the Box GSEC 2016 - Reverse Engineering Swift Applications
eightbit
 
Using Aspects for Language Portability (SCAM 2010)
Using Aspects for Language Portability (SCAM 2010)Using Aspects for Language Portability (SCAM 2010)
Using Aspects for Language Portability (SCAM 2010)
lennartkats
 
Oop project briefing sem 1 2015 2016 (1)
Oop project briefing sem 1 2015 2016 (1)Oop project briefing sem 1 2015 2016 (1)
Oop project briefing sem 1 2015 2016 (1)
IIUM
 
Eclipse Day India 2015 - Unleashing the Java 8 Tooling in Eclipse
Eclipse Day India 2015 - Unleashing the Java 8 Tooling in EclipseEclipse Day India 2015 - Unleashing the Java 8 Tooling in Eclipse
Eclipse Day India 2015 - Unleashing the Java 8 Tooling in Eclipse
Eclipse Day India
 
Effective programming in Java - Kronospan Job Fair 2016
Effective programming in Java - Kronospan Job Fair 2016Effective programming in Java - Kronospan Job Fair 2016
Effective programming in Java - Kronospan Job Fair 2016
Łukasz Koniecki
 
Asynchronous PHP. Myth? Reality!
Asynchronous PHP. Myth? Reality!Asynchronous PHP. Myth? Reality!
Asynchronous PHP. Myth? Reality!
Alexander Lisachenko
 
Java and effective programming. Is it possible? - IAESTE Case Week 2016
Java and effective programming. Is it possible? - IAESTE Case Week 2016Java and effective programming. Is it possible? - IAESTE Case Week 2016
Java and effective programming. Is it possible? - IAESTE Case Week 2016
Łukasz Koniecki
 
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for JavaSystematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Michael Reif
 
Language Engineering in the Cloud
Language Engineering in the CloudLanguage Engineering in the Cloud
Language Engineering in the Cloud
lennartkats
 
Writing readable Clojure code
Writing readable Clojure codeWriting readable Clojure code
Writing readable Clojure code
Jiří Knesl
 
Test-driven language development
Test-driven language developmentTest-driven language development
Test-driven language development
lennartkats
 
Sonarqube + Docker
Sonarqube + DockerSonarqube + Docker
Sonarqube + Docker
Estefanía Fernández Muñoz
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQube
Emre Dündar
 
Functional programming ruby mty
Functional programming ruby mtyFunctional programming ruby mty
Functional programming ruby mty
AdrianGzz2112
 
The Spoofax Language Workbench (SPLASH 2010)
The Spoofax Language Workbench (SPLASH 2010)The Spoofax Language Workbench (SPLASH 2010)
The Spoofax Language Workbench (SPLASH 2010)
lennartkats
 
Java Comments | Java course
Java Comments | Java courseJava Comments | Java course
Java Comments | Java course
RAKESH P
 
Eclipse Testing Day 2010. Xored Q7
Eclipse Testing Day 2010. Xored Q7Eclipse Testing Day 2010. Xored Q7
Eclipse Testing Day 2010. Xored Q7
platoff
 
Performance profiling and testing of symfony application 2
Performance profiling and testing of symfony application 2Performance profiling and testing of symfony application 2
Performance profiling and testing of symfony application 2
Andrew Yatsenko
 
laravel Elegant artisan by santosh pawar
laravel Elegant artisan by santosh pawarlaravel Elegant artisan by santosh pawar
laravel Elegant artisan by santosh pawar
Santosh Pawar
 
Static Analysis with Sonarlint
Static Analysis with SonarlintStatic Analysis with Sonarlint
Static Analysis with Sonarlint
UT, San Antonio
 
Solving cross cutting concerns in PHP - PHPSerbia-2017
Solving cross cutting concerns in PHP - PHPSerbia-2017Solving cross cutting concerns in PHP - PHPSerbia-2017
Solving cross cutting concerns in PHP - PHPSerbia-2017
Alexander Lisachenko
 
Test automation design patterns
Test automation design patternsTest automation design patterns
Test automation design patterns
Vitaly Tatarinov
 
RoboCon 2018: How did we get here? Where do we go next?
RoboCon 2018: How did we get here? Where do we go next?RoboCon 2018: How did we get here? Where do we go next?
RoboCon 2018: How did we get here? Where do we go next?
Pekka Klärck
 
Deliberate Practice, New Learning Styles (2015)
Deliberate Practice, New Learning Styles (2015)Deliberate Practice, New Learning Styles (2015)
Deliberate Practice, New Learning Styles (2015)
Peter Kofler
 
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
Rouven Weßling
 
Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016
Rouven Weßling
 

More Related Content

What's hot

Language Engineering in the Cloud
Language Engineering in the CloudLanguage Engineering in the Cloud
Language Engineering in the Cloud
lennartkats
 
Test-driven language development
Test-driven language developmentTest-driven language development
Test-driven language development
lennartkats
 

What's hot (20)

Effective programming in Java - Kronospan Job Fair 2016
Effective programming in Java - Kronospan Job Fair 2016Effective programming in Java - Kronospan Job Fair 2016
Effective programming in Java - Kronospan Job Fair 2016
 
Asynchronous PHP. Myth? Reality!
Asynchronous PHP. Myth? Reality!Asynchronous PHP. Myth? Reality!
Asynchronous PHP. Myth? Reality!
 
Java and effective programming. Is it possible? - IAESTE Case Week 2016
Java and effective programming. Is it possible? - IAESTE Case Week 2016Java and effective programming. Is it possible? - IAESTE Case Week 2016
Java and effective programming. Is it possible? - IAESTE Case Week 2016
 
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for JavaSystematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
Systematic Evaluation of the Unsoundness of Call Graph Algorithms for Java
 
Language Engineering in the Cloud
Language Engineering in the CloudLanguage Engineering in the Cloud
Language Engineering in the Cloud
 
Writing readable Clojure code
Writing readable Clojure codeWriting readable Clojure code
Writing readable Clojure code
 
Test-driven language development
Test-driven language developmentTest-driven language development
Test-driven language development
 
Sonarqube + Docker
Sonarqube + DockerSonarqube + Docker
Sonarqube + Docker
 
Continuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQubeContinuous Inspection of Code Quality: SonarQube
Continuous Inspection of Code Quality: SonarQube
 
Functional programming ruby mty
Functional programming ruby mtyFunctional programming ruby mty
Functional programming ruby mty
 
The Spoofax Language Workbench (SPLASH 2010)
The Spoofax Language Workbench (SPLASH 2010)The Spoofax Language Workbench (SPLASH 2010)
The Spoofax Language Workbench (SPLASH 2010)
 
Java Comments | Java course
Java Comments | Java courseJava Comments | Java course
Java Comments | Java course
 
Eclipse Testing Day 2010. Xored Q7
Eclipse Testing Day 2010. Xored Q7Eclipse Testing Day 2010. Xored Q7
Eclipse Testing Day 2010. Xored Q7
 
Performance profiling and testing of symfony application 2
Performance profiling and testing of symfony application 2Performance profiling and testing of symfony application 2
Performance profiling and testing of symfony application 2
 
laravel Elegant artisan by santosh pawar
laravel Elegant artisan by santosh pawarlaravel Elegant artisan by santosh pawar
laravel Elegant artisan by santosh pawar
 
Static Analysis with Sonarlint
Static Analysis with SonarlintStatic Analysis with Sonarlint
Static Analysis with Sonarlint
 
Solving cross cutting concerns in PHP - PHPSerbia-2017
Solving cross cutting concerns in PHP - PHPSerbia-2017Solving cross cutting concerns in PHP - PHPSerbia-2017
Solving cross cutting concerns in PHP - PHPSerbia-2017
 
Test automation design patterns
Test automation design patternsTest automation design patterns
Test automation design patterns
 
RoboCon 2018: How did we get here? Where do we go next?
RoboCon 2018: How did we get here? Where do we go next?RoboCon 2018: How did we get here? Where do we go next?
RoboCon 2018: How did we get here? Where do we go next?
 
Deliberate Practice, New Learning Styles (2015)
Deliberate Practice, New Learning Styles (2015)Deliberate Practice, New Learning Styles (2015)
Deliberate Practice, New Learning Styles (2015)
 

Viewers also liked

Dynamic PHP web-application analysis
Dynamic PHP web-application analysisDynamic PHP web-application analysis
Dynamic PHP web-application analysis
ax330d
 
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil BelakhdarBSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
Shellmates
 
Web UI performance tuning
Web UI performance tuningWeb UI performance tuning
Web UI performance tuning
Andy Pemberton
 
Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)
Damien Seguy
 
RIPS - static code analyzer for vulnerabilities in PHP
RIPS - static code analyzer for vulnerabilities in PHPRIPS - static code analyzer for vulnerabilities in PHP
RIPS - static code analyzer for vulnerabilities in PHP
Sorina Chirilă
 
ニューラルネットワークによる音声の分類
ニューラルネットワークによる音声の分類ニューラルネットワークによる音声の分類
ニューラルネットワークによる音声の分類
yamaguchi_2048
 
Secure Programming With Static Analysis
Secure Programming With Static AnalysisSecure Programming With Static Analysis
Secure Programming With Static Analysis
ConSanFrancisco123
 

Viewers also liked (20)

PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
 
Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016
 
Dynamic PHP web-application analysis
Dynamic PHP web-application analysisDynamic PHP web-application analysis
Dynamic PHP web-application analysis
 
XSSの評価基準とRIPSプラグイン的なものを作った
XSSの評価基準とRIPSプラグイン的なものを作ったXSSの評価基準とRIPSプラグイン的なものを作った
XSSの評価基準とRIPSプラグイン的なものを作った
 
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil BelakhdarBSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
BSides Algiers - PHP Static Code Analysis - Abdeldjalil Belakhdar
 
Web UI performance tuning
Web UI performance tuningWeb UI performance tuning
Web UI performance tuning
 
PHP Static Code Review
PHP Static Code ReviewPHP Static Code Review
PHP Static Code Review
 
Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)Php Code Audits (PHP UK 2010)
Php Code Audits (PHP UK 2010)
 
Functions - complex first class citizen
Functions - complex first class citizenFunctions - complex first class citizen
Functions - complex first class citizen
 
Coding standards php
Coding standards phpCoding standards php
Coding standards php
 
Coding Best practices (PHP)
Coding Best practices (PHP)Coding Best practices (PHP)
Coding Best practices (PHP)
 
Modular & Event driven UI Architecture
Modular & Event driven UI ArchitectureModular & Event driven UI Architecture
Modular & Event driven UI Architecture
 
PHP CODING STANDARDS
PHP CODING STANDARDSPHP CODING STANDARDS
PHP CODING STANDARDS
 
RIPS - static code analyzer for vulnerabilities in PHP
RIPS - static code analyzer for vulnerabilities in PHPRIPS - static code analyzer for vulnerabilities in PHP
RIPS - static code analyzer for vulnerabilities in PHP
 
Coding Standard And Code Review
Coding Standard And Code ReviewCoding Standard And Code Review
Coding Standard And Code Review
 
JavaScript and UI Architecture Best Practices
JavaScript and UI Architecture Best PracticesJavaScript and UI Architecture Best Practices
JavaScript and UI Architecture Best Practices
 
ニューラルネットワークによる音声の分類
ニューラルネットワークによる音声の分類ニューラルネットワークによる音声の分類
ニューラルネットワークによる音声の分類
 
Secure Programming With Static Analysis
Secure Programming With Static AnalysisSecure Programming With Static Analysis
Secure Programming With Static Analysis
 
Refactoring Legacy Code
Refactoring Legacy CodeRefactoring Legacy Code
Refactoring Legacy Code
 
Night of the Long Knives
Night of the Long KnivesNight of the Long Knives
Night of the Long Knives
 

Similar to Modern Static Code Analysis in PHP

Listen and look at your PHP code
Listen and look at your PHP codeListen and look at your PHP code
Listen and look at your PHP code
Gabriele Santini
 
open source applications developers
open source applications developersopen source applications developers
open source applications developers
hoda mashaly
 
Intake_35_OpenSource_Developer track
Intake_35_OpenSource_Developer trackIntake_35_OpenSource_Developer track
Intake_35_OpenSource_Developer track
Christine Raouf
 
Build software like a bag of marbles, not a castle of LEGO®
Build software like a bag of marbles, not a castle of LEGO®Build software like a bag of marbles, not a castle of LEGO®
Build software like a bag of marbles, not a castle of LEGO®
Hannes Lowette
 
Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014
Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014
Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014
Matthew Cobby
 

Similar to Modern Static Code Analysis in PHP (20)

The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8
 
2R-3KS03-OOP_UNIT-I (Part-A)_2023-24.pptx
2R-3KS03-OOP_UNIT-I (Part-A)_2023-24.pptx2R-3KS03-OOP_UNIT-I (Part-A)_2023-24.pptx
2R-3KS03-OOP_UNIT-I (Part-A)_2023-24.pptx
 
Listen and look at your PHP code
Listen and look at your PHP codeListen and look at your PHP code
Listen and look at your PHP code
 
Continous Delivery Toronto Presentation
Continous Delivery Toronto PresentationContinous Delivery Toronto Presentation
Continous Delivery Toronto Presentation
 
open source applications developers
open source applications developersopen source applications developers
open source applications developers
 
Intake_35_OpenSource_Developer track
Intake_35_OpenSource_Developer trackIntake_35_OpenSource_Developer track
Intake_35_OpenSource_Developer track
 
Symphony Software Foundation API Working Group Proposal
Symphony Software Foundation API Working Group ProposalSymphony Software Foundation API Working Group Proposal
Symphony Software Foundation API Working Group Proposal
 
The why and how of moving to php 7
The why and how of moving to php 7The why and how of moving to php 7
The why and how of moving to php 7
 
Online voting system ppt by anoop
Online voting system ppt by anoopOnline voting system ppt by anoop
Online voting system ppt by anoop
 
Continuous Integration In Php
Continuous Integration In PhpContinuous Integration In Php
Continuous Integration In Php
 
#SPSNYC 2018 Migrate your custom components to the #SharePoint Framework #SPFX
#SPSNYC 2018 Migrate your custom components to the #SharePoint Framework #SPFX#SPSNYC 2018 Migrate your custom components to the #SharePoint Framework #SPFX
#SPSNYC 2018 Migrate your custom components to the #SharePoint Framework #SPFX
 
Build software like a bag of marbles, not a castle of LEGO®
Build software like a bag of marbles, not a castle of LEGO®Build software like a bag of marbles, not a castle of LEGO®
Build software like a bag of marbles, not a castle of LEGO®
 
Introducing Continuous Delivery in the Enterprise
Introducing Continuous Delivery in the EnterpriseIntroducing Continuous Delivery in the Enterprise
Introducing Continuous Delivery in the Enterprise
 
PHP 4? OMG! A small vademecum for obsolete software migration.
PHP 4? OMG! A small vademecum for obsolete software migration.PHP 4? OMG! A small vademecum for obsolete software migration.
PHP 4? OMG! A small vademecum for obsolete software migration.
 
Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014Continuous Updating with VersionEye at code.talks 2014
Continuous Updating with VersionEye at code.talks 2014
 
“One man” development process model
“One man” development process model“One man” development process model
“One man” development process model
 
Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014
Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014
Practical Continuous Deployment - Atlassian - London AUG 18 Feb 2014
 
Web development post io2016
Web development post io2016Web development post io2016
Web development post io2016
 
Why Plone Will Die
Why Plone Will DieWhy Plone Will Die
Why Plone Will Die
 
How to Review your Translation with 2 Free and Open Source QA Tools
How to Review your Translation with 2 Free and Open Source QA ToolsHow to Review your Translation with 2 Free and Open Source QA Tools
How to Review your Translation with 2 Free and Open Source QA Tools
 

Recently uploaded

Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Call Girls in Nagpur High Profile
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Call Girls in Nagpur High Profile
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
Asst.prof M.Gokilavani
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
SUHANI PANDEY
 

Recently uploaded (20)

Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
Vivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design SpainVivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design Spain
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSUNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 

Modern Static Code Analysis in PHP

  • 1. Modern Static Code Analysis in PHP 25 Feb 2016, Mannheim @kalessil
  • 2. Introducing myself • The author of Php Inspections (EA Extended) o A plugin for PhpStorm adding strong code semantics analysis • A contributor of Symfony 1.5 and Symfony 2 o With SCA focus of course • A contributor of PHP CS Fixer o SCA and contributed fixers • Background is PHP/Java Expert level in Enterprise
  • 3. Modern Static Code Analysis in PHP 25 Feb 2016, Mannheim @kalessil
  • 4. PHP • I love the community and hate language itself (not only me) • Infrastructure around PHP is great (Composer, ZF, Symfony, Yii, Hosting and etc.) • Php has low entry level for new developers (hits code quality) • Php has 2 really important characteristics (hits apps life-cycle) o It’s fast to go on a market when you develop apps in PHP o It’s painful to maintain survived applications
  • 5. Modern software • Getting more complex with each year o Increases maintenance costs and complexity o Requires more intelligent tools • Continuous Integration and Delivery o Increases costs of failures at delivery phase o Raises additional stability requirements to development processes • Agile development processes o Affects code quality and introducing un-finished code/features o Requires more intelligent tools
  • 9. Let’s dig dipper… • Code Style (formatting, naming, spaghetti code) o Can be covered by existing (“old”) tools, so easily solvable • Lack of API knowledge o Remember low entry level of PHP o You have to educate people (or tools can do it just during development) • Obviously inefficient code constructs o Remember low entry level of PHP o Remember Agile processes o You have to reject this (or tools can do it just during development) • Lack of team experience o That’s team work (but tools still can educate during development)
  • 10. So how to simplify own life?
  • 11. Or let machines work for us
  • 12. Generations of SCA tools • 1st generation o Eclipse and other first IDEs o PHP CodeSniffer • 2nd generation o JetBrains IDEs + SCA plugins o SensioLabs Insight, Scritinizer, SonarCube o Exacat, PHP CS Fixer • 3rd generation o We’ll see them soon, expert systems specialized on code defects o SCA tools based on PHP 7 real PSI tree (presented in JB IDEs currently)
  • 13. Semantic Analyzers • Php Inspections (EA Extended) o Targeting transition of 2nd and 3rd generation tools o Expert-level code reviews o “In-stream" analysis, when developers are not disturbed o Productivity booster (automated code adjustments) o CI usage available o Requires no configurations at start, just install the plugin • Exakat o Targeting transition of 2nd and 3rd generation tools o CI/local usage available o Expert-level code reviews
  • 14. Code Style • Php CodeSniffer (a 1st generation tool) o CI/local usage available o Reports code style violations o Customizable and extendable • PHP CS Fixer (a 2nd generation tool) o CI/local usage available o Fixes code style violations o Customizable and extendable
  • 15. SaaS alternatives SensioLabs Insight • Framework/CSM centric • Good technical debt estimation • 2nd generation tool Scrutinizer • Plays nicely with Open Source • A little bit noisy • Based on 1st generation tools ("old” tools)
  • 16. In between: • Based on 1st generation toolst o But exists “Sonar way” rules o Only reports issues o Requires initial configuration, or not really usable • IDEs integration • Multi-language projects supported o But unfortunately not all • Integrated metrics and code style presets