SlideShare una empresa de Scribd logo

Listen afup 2010

Descargar como PPTX, PDF
Gabriele Santini
Gabriele Santini

The document discusses various static analysis tools for PHP code including PHP_CodeSniffer, PHPDepend, PHPMD, phploc, phpcpd, vld, Bytekit, Padawan, and Phantm. It explains how each tool works at different levels like lexical analysis, syntactic analysis, and bytecode level. The document also presents tools for continuous integration and reporting of analysis results like phpUnderControl, Arbit, and plugins for Sonar to integrate static analysis of PHP code.

Tecnología
1 de 66
LISTEN AND LOOK AT YOUR PHP CODE! Gabriele Santini Forum AFUP 2010
Gabriele Santini  Architect/Consultant at SQLI  Contributor to PHP_CodeSniffer  So expect a special focus on this…  Sonar PHP Plugin  I have to show you!  Ex-mathematician :  love business modelling  love architectures  love quality assurance
Static Analysis  All you can say about your program without actually execute the code  The rest is also interesting, let’s talk about it another time !  Examples ?  Syntax check, coding style, anti-patterns, metrics, OO design analysis, …  What PHP does before executing the code ?
Levels of analysis  Lexical analysis  Read sources linearly searching for known patterns  Convert them to a sequence of tokens
Levels of analysis  Lexical analysis  Read sources linearly searching for known patterns  Convert them to a sequence of tokens  Syntactic Analysis  Parse the tokens to find their logical structure
Levels of analysis  Lexical analysis  Read sources linearly searching for known patterns  Convert them to a sequence of tokens  Syntactic Analysis  Parse the tokens to find their logical structure  Opcode (Bytecode) Generation  Generates an intermediary code that the Zend Engine will be able to execute
Lexical Analysis  Tokenizer 1 <?php T_OPEN_TAG 2 if T_IF 2 T_WHITESPACE ( 2 1 T_LNUMBER 2 T_WHITESPACE < 2 T_WHITESPACE 2 2 T_LNUMBER ) 2 T_WHITESPACE { 2 T_WHITESPACE 3 echo T_ECHO 3 T_WHITESPACE 3 "Hello" T_CONSTANT_ENCAPSED_STRING ; 3 T_WHITESPACE } 4 T_WHITESPACE 5 ?> T_CLOSE_TAG <?php if (1 < 2) { echo "Hello"; } ?>
Syntactic Analysis  Produces an AST  Abstract SyntaxTree  Decompose code in a tree-like form  Can be executed once a context is given  Used in compilers
Syntactic Analysis
Opcodes Generation  Mistery tool… line # * op return operands -------------------------------------------------- 2 0 > EXT_STMT 1 IS_SMALLER ~0 1, 2 2 > JMPZ ~0, ->6 3 3 > EXT_STMT 4 ECHO 'Hello' 4 5 > JMP ->6 6 6 > EXT_STMT 7 > RETURN 1 <?php if (1 < 2) { echo "Hello"; } ?>
GIVE US THE TOOLS !
PHP_CodeSniffer  By Greg Sherwood  PEAR library  Venerable project  Code Style  But also a lot more  Works at lexical analysis level  Heavily use the tokenizer extension
PHP_CodeSniffer  Hands on
PHP_CodeSniffer  Sniffs  Classes that detectViolations  One or more type per class  Grouped in folders by subject:  Commenting, Formatting,WhiteSpace  Files, ControlStructures, Strings  Functions, Classes, NamingConventions  CodeAnalysis, Metrics  You can create your own!
PHP_CodeSniffer  Standards  Sets of Sniffs that define your coding style  Installed :  PEAR,  Generic,  Zend*,  Squiz, MySource  PHPCS
PHP_CodeSniffer 1.3  Rulesets XML! <ruleset name="MyPEAR"> <description>A variation of the PEAR coding standard.</description> <!-- Include some additional sniffs from the Generic standard --> <rule ref="Generic.Functions.FunctionCallArgumentSpacing"/> <message>Please review spacing in function ‘%s’</message> </rule> <rule ref="Generic.NamingConventions.UpperCaseConstantName"/> <!-- Lines can be 90 chars long, but never show errors --> <rule ref="Generic.Files.LineLength"> <properties> <property name="lineLimit" value="90"/> <property name="absoluteLineLimit" value="0"/> </properties> </rule> <!– Not so important for us --> <rule ref="Generic.PHP.DisallowShortOpenTag"> <severity>2</severity> </rule> </ruleset>
Inside PHP_CodeSniffer  Sniff class main methods  register()  Make the sniff a listener for the declared tokens  process($phpcsFile, $stackPtr)  Called by the file during parsing when a declared token is found  File  Represents a parsed file  Holds the tokens structure and offers convenience methods
Inside PHP_CodeSniffer  Life of a Sniff  DisallowMultipleStatementsSniff <?php echo $y; $x = 10; echo $y; for ($i = 1; $i < $length; $i++) { echo 'x'; } echo $x; $y = 2;; $this->wizardid = 10; $this->paint(); echo 'x'; ?>
Inside PHP_CodeSniffer  Life of a Sniff  DisallowMultipleStatementsSniff public function register() { return array(T_SEMICOLON); } public function process($phpcsFile, $stackPtr) { […]
Inside PHP_CodeSniffer  Life of a Sniff  DisallowMultipleStatementsSniff <?php echo $y; $x = 10; echo $y; for ($i = 1; $i < $length; $i++) { echo 'x'; } echo $x; $y = 2;; $this->wizardid = 10; $this->paint(); echo 'x'; ?>
Inside PHP_CodeSniffer  Life of a Sniff  DisallowMultipleStatementsSniff <?php echo $y; $x = 10; echo $y; for ($i = 1; $i < $length; $i++) { echo 'x'; } echo $x; $y = 2;; $this->wizardid = 10; $this->paint(); echo 'x'; ?> $stackPtr
Inside PHP_CodeSniffer  Life of a Sniff  DisallowMultipleStatementsSniff public function register() { return array(T_SEMICOLON); } public function process($phpcsFile, $stackPtr) { $tokens = $phpcsFile->getTokens(); $previous = $phpcsFile->findPrevious(…); if ($previous === false) { return; } // Continue =>
Inside PHP_CodeSniffer  Life of a Sniff (2) // Ignore multiple statements in a FOR condition. // First some gym for nested parenthesis […] if ($tokens[$owner]['code'] === T_FOR) { return; } […] // If the previous semicolon is on the same line we add an error // to this file if ($tokens[$previous]['line'] === $tokens[$stackPtr]['line']) { $error = 'Each PHP statement must be on a line by itself'; $phpcsFile->addError($error, $stackPtr); return; } }//end process()
PHP_CodeSniffer  At SQLI we have some framework standards  Zend Framework  Based onThomasWeidner work  Symfony  In collaboration with Fabien Potencier  Waiting for a serious release after 1.3 release
PHP_CodeSniffer  At SQLI we have some framework standards  Zend Framework  Based onThomasWeidner work  Symfony  In collaboration with Fabien Potencier  Waiting for a serious release after 1.3 release  That’s nice, but…  Where are the standards for the other tools ?  I’ld expect a Drupal,Wordpress, Cake official standard
PHP_CodeSniffer  How far a standard can go in detection ?
PHP_CodeSniffer  How far a standard can go in detection ?  Interestingly far for generic PHP Code
PHP_CodeSniffer  How far a standard can go in detection ?  Interestingly far for generic PHP Code  Very far if you know your tool’s structure  Imagine for example forcing PHP alternative syntax in Symfony views…  Or checking for escaping in ZendViews !
PHP_Depend  By Manuel Pichler  Functional port of JDepend  OO design analysis  Metrics visualisation  Dependency analyzer  Works at the syntactic analysis level
PHP_Depend  How it works  PHP_Depend first makes an AST off your code  A « personal » one, made by PHP objects  ASTComment, ASTClosure, ASTEvalExpression, …  This is made by the Builder/Parser component  Using PHP Reflection
PHP_Depend  How it works (2)  Then PHP_Depend can answer questions by « visiting » the AST  Task of Metrics Analyzers, that extend AbstractVisitor  IOC, the visitor decides what to do according to AST Class : visitMethod, visitForStatement(), …  Analyzers can fire listeners during analyze() call  To get ongoing informations about the visit process
PHP_Depend  What it gives:  The Abstraction/Instability graph
PHP_Depend  What it gives:  The Abstraction/Instability graph
PHP_Depend  What it gives:  The Pyramid !!
PHPMD  By Manuel Pichler  Detects rules violations  Analog to PHP_Codesniffer  Works at syntactic analysis level  Actually on the same AST  Depends on PHP_Depend  Has rulesets !
PHPMD  What it gives:  Code Size Rules  complexities, lengths, too many, …  Design Rules  OO, exit, eval  Naming Rules  Too short/long identifiers, old constructors, …  Unused Code Rules  Methods, members, parameters
phploc  By Sebastian Bergmann  Simple tool to give basic metrics  Fast, direct to the goal  Works mostly on lexical level  But use bytekit for ELOC if it can
phpcpd  By Sebastian Bergmann  Simple tool to detect duplicated code  Works at lexical analysis level  Use the tokenizer to minimize differences  Comments, whitespaces, …  Takes a minimum number of lines and tokens  Encodes according to this  Uses an hash table to find duplicates
vld  Vulcan Logic Disassembler  By Derick Rethans  Works at bytecode level  Shows generated bytecodes  Calculates possible paths (CFG)  Find unreachable code  Could be used for code coverage path metrics
vld  Output
vld  Output
Bytekit  By Stefan Esser (SektionEins)  Works at … bytecode level  Similar to vld  Exposes opcodes to a PHP array  bytekit_disassemble_file($filename)  Can be used directly for a custom script
Bytekit  CFG visualisation
Bytekit-cli  By Sebastian Bergmann  PHP Interface to use bytekit to spot violation rules  Initial state  Implemented rules :  Check for disallowed opcodes (example eval, exit)  Check for direct output of variables  In svn, check for unescaped ZendView
Padawan  By Florian Anderiasch  Focus on anti-pattern detection  alpha (?)  Works on syntactic analysis level  Based on PHC (PHP compiler)  Use an XML dump of the AST PHC generates  Makes xpath searches on it
Padawan  Interesting approach  Rules are fairly simple to write  Already many interesting tests :  Empty constructs (if, else, try,..), unsafe typecasts, loop repeated calls, unused keys in foreach, …  PHC not easy to install  Risk on PHC manteinance
Phantm  By Etienne Kneuss  Highly experimental  Severe limitation on PHP dynamic features  False positives  Works on syntax analysis level  Based on Java tools (Jflex, CUP, Scala)  Reports violations  Non top-level declarations, call-time pass-by-ref, nontrivial include calls, assign in conditional, …  Exploring Type FlowAnalysis  Tries to infer types and check for type safety
Conclusion  Use the right tool for the right job  Coding style is better analysed at the lexical level  OO design is better viewed after syntactic analyses  Unreachable code after bytecoding  Contribute !  Plenty of things still to implement  Easy to have new ideas  At least use them (you should!) and give feedback
Restitution  Once all this is collected what to do with it ?  At least, show it in a suitable form  At best, integrate this in your CI system
phpUnderControl  By Manuel Pichler  CI for PHP  Based on CruiseControl  Integrates natively various tools :  PHPUnit (+XDebug for code coverage),  PHP_CodeSniffer  PHPDocumentor  PMD via PHPUnit (now PHPMD)
phpUnderControl  What it gives : metrics graphs
phpUnderControl  What it gives : report lists
phpUnderControl  What it gives : PHPCodeBrowser
Arbit  By Qafoo (with Manuel Pichler)  Basically a project multi-services tool  Ticketing system  Repository browser  Continuous integration  As Manuel is in it, some graphical presentations are unique for this tool  Still alpha
Arbit  What it gives : more metrics graphs
Arbit  What it gives : PHP_Depend overview
Arbit  What it gives : Annotated sources
Plugins Sonar for PHP  By me   Really by the Java guys at SQLI  Frédéric Leroy, Akram Ben Aissi, JérômeTama  Sonar is the state of the art for Open Source QA Reporting in Java  Thought for multilanguage  Can easely integrate all PHP reportings ported from Java tools  Junit => PHPUnit  JDepend => PHPDepend  Java PMD => PHPMD
Plugins Sonar for PHP  Ok, not always so easely  CheckStyle is not PHP_CodeSniffer  Formats are not identical  Multi-language doesn’t mean no work to add one  First release on May 2010  0.2 Alpha state, but workable  Easy to install : give it a try !  Last version demo : sonar-php.sqli.com  Ok, enough, here are the screenshots
Plugins Sonar for PHP  Dashboard
Plugins Sonar for PHP  Components : treemaps
Plugins Sonar for PHP  Time machine
Plugins Sonar for PHP  Hotspots
Plugins Sonar for PHP  Violations
Plugins Sonar for PHP  Editing Code Profile
Conclusion  Sonar really goes further  Best integrates with Hudson  Still is java…  But SonarSource really cooperates  How to interact with phpUnderControl, Arbit ?  (actually our solution – PIC PHP SQLI- is based on phpUC + Sonar)  This needs to evolve

Recomendados

Surprise! It's PHP :) (unabridged)
Surprise! It's PHP :) (unabridged)Surprise! It's PHP :) (unabridged)
Surprise! It's PHP :) (unabridged)Sharon Levy
 
C Tutorials
C TutorialsC Tutorials
C TutorialsSudharsan S
 
Ida python intro
Ida python introIda python intro
Ida python intro小静 安
 
Clean Code Principles
Clean Code PrinciplesClean Code Principles
Clean Code PrinciplesYeurDreamin'
 
Applying Compiler Techniques to Iterate At Blazing Speed
Applying Compiler Techniques to Iterate At Blazing SpeedApplying Compiler Techniques to Iterate At Blazing Speed
Applying Compiler Techniques to Iterate At Blazing SpeedPascal-Louis Perez
 
A few words about OpenSSL
A few words about OpenSSLA few words about OpenSSL
A few words about OpenSSLPVS-Studio
 
Ejemplo completo de integración JLex y CUP
Ejemplo completo de integración JLex y CUPEjemplo completo de integración JLex y CUP
Ejemplo completo de integración JLex y CUPEgdares Futch H.
 
Machine learning in php php con poland
Machine learning in php php con polandMachine learning in php php con poland
Machine learning in php php con polandDamien Seguy
 

Recomendados

Surprise! It's PHP :) (unabridged)
Surprise! It's PHP :) (unabridged)Surprise! It's PHP :) (unabridged)
Surprise! It's PHP :) (unabridged)Sharon Levy
 
C Tutorials
C TutorialsC Tutorials
C TutorialsSudharsan S
 
Ida python intro
Ida python introIda python intro
Ida python intro小静 安
 
Clean Code Principles
Clean Code PrinciplesClean Code Principles
Clean Code PrinciplesYeurDreamin'
 
Applying Compiler Techniques to Iterate At Blazing Speed
Applying Compiler Techniques to Iterate At Blazing SpeedApplying Compiler Techniques to Iterate At Blazing Speed
Applying Compiler Techniques to Iterate At Blazing SpeedPascal-Louis Perez
 
A few words about OpenSSL
A few words about OpenSSLA few words about OpenSSL
A few words about OpenSSLPVS-Studio
 
Ejemplo completo de integración JLex y CUP
Ejemplo completo de integración JLex y CUPEjemplo completo de integración JLex y CUP
Ejemplo completo de integración JLex y CUPEgdares Futch H.
 
Machine learning in php php con poland
Machine learning in php php con polandMachine learning in php php con poland
Machine learning in php php con polandDamien Seguy
 
More about PHP
More about PHPMore about PHP
More about PHPJonathan Francis Roscoe
 
CodeChecker summary 21062021
CodeChecker summary 21062021CodeChecker summary 21062021
CodeChecker summary 21062021Olivera Milenkovic
 
C++ idioms by example (Nov 2008)
C++ idioms by example (Nov 2008)C++ idioms by example (Nov 2008)
C++ idioms by example (Nov 2008)Olve Maudal
 
Clean code
Clean codeClean code
Clean codeKnoldus Inc.
 
Wtf per lineofcode
Wtf per lineofcodeWtf per lineofcode
Wtf per lineofcodeDavid Gómez García
 
PHP Tips for certification - OdW13
PHP Tips for certification - OdW13PHP Tips for certification - OdW13
PHP Tips for certification - OdW13julien pauli
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointTyler Shields
 
Clean code
Clean codeClean code
Clean codeifnu bima
 
Anti Debugging
Anti DebuggingAnti Debugging
Anti Debuggingn|u - The Open Security Community
 
Insecure coding in C (and C++)
Insecure coding in C (and C++)Insecure coding in C (and C++)
Insecure coding in C (and C++)Olve Maudal
 
PerlScripting
PerlScriptingPerlScripting
PerlScriptingAureliano Bombarely
 
RAII and ScopeGuard
RAII and ScopeGuardRAII and ScopeGuard
RAII and ScopeGuardAndrey Dankevich
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers ViewTyler Shields
 
Handling Exceptions In C &amp; C++[Part A]
Handling Exceptions In C &amp; C++[Part A]Handling Exceptions In C &amp; C++[Part A]
Handling Exceptions In C &amp; C++[Part A]ppd1961
 
C#.net evolution part 2
C#.net evolution part 2C#.net evolution part 2
C#.net evolution part 2Vahid Farahmandian
 
Testing untestable code - IPC12
Testing untestable code - IPC12Testing untestable code - IPC12
Testing untestable code - IPC12Stephan Hochdörfer
 
Solid C++ by Example
Solid C++ by ExampleSolid C++ by Example
Solid C++ by ExampleOlve Maudal
 
Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2ppd1961
 
Compiler Construction | Lecture 3 | Syntactic Editor Services
Compiler Construction | Lecture 3 | Syntactic Editor ServicesCompiler Construction | Lecture 3 | Syntactic Editor Services
Compiler Construction | Lecture 3 | Syntactic Editor ServicesEelco Visser
 
Php 7 compliance workshop singapore
Php 7 compliance workshop singaporePhp 7 compliance workshop singapore
Php 7 compliance workshop singaporeDamien Seguy
 
Steer and/or sink the supertanker by Andrew Rendell
Steer and/or sink the supertanker by Andrew RendellSteer and/or sink the supertanker by Andrew Rendell
Steer and/or sink the supertanker by Andrew RendellValtech UK
 
CiklumJavaSat15112011:Alexey Trusov-Code quality management
CiklumJavaSat15112011:Alexey Trusov-Code quality managementCiklumJavaSat15112011:Alexey Trusov-Code quality management
CiklumJavaSat15112011:Alexey Trusov-Code quality managementCiklum Ukraine
 

Más contenido relacionado

La actualidad más candente

C++ idioms by example (Nov 2008)
C++ idioms by example (Nov 2008)C++ idioms by example (Nov 2008)
C++ idioms by example (Nov 2008)Olve Maudal
 
PHP Tips for certification - OdW13
PHP Tips for certification - OdW13PHP Tips for certification - OdW13
PHP Tips for certification - OdW13julien pauli
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointTyler Shields
 
Insecure coding in C (and C++)
Insecure coding in C (and C++)Insecure coding in C (and C++)
Insecure coding in C (and C++)Olve Maudal
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers ViewTyler Shields
 
Handling Exceptions In C &amp; C++[Part A]
Handling Exceptions In C &amp; C++[Part A]Handling Exceptions In C &amp; C++[Part A]
Handling Exceptions In C &amp; C++[Part A]ppd1961
 
Solid C++ by Example
Solid C++ by ExampleSolid C++ by Example
Solid C++ by ExampleOlve Maudal
 
Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2ppd1961
 
Compiler Construction | Lecture 3 | Syntactic Editor Services
Compiler Construction | Lecture 3 | Syntactic Editor ServicesCompiler Construction | Lecture 3 | Syntactic Editor Services
Compiler Construction | Lecture 3 | Syntactic Editor ServicesEelco Visser
 
Php 7 compliance workshop singapore
Php 7 compliance workshop singaporePhp 7 compliance workshop singapore
Php 7 compliance workshop singaporeDamien Seguy
 

La actualidad más candente (20)

More about PHP
More about PHPMore about PHP
More about PHP
 
CodeChecker summary 21062021
CodeChecker summary 21062021CodeChecker summary 21062021
CodeChecker summary 21062021
 
C++ idioms by example (Nov 2008)
C++ idioms by example (Nov 2008)C++ idioms by example (Nov 2008)
C++ idioms by example (Nov 2008)
 
Clean code
Clean codeClean code
Clean code
 
Wtf per lineofcode
Wtf per lineofcodeWtf per lineofcode
Wtf per lineofcode
 
PHP Tips for certification - OdW13
PHP Tips for certification - OdW13PHP Tips for certification - OdW13
PHP Tips for certification - OdW13
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
 
Clean code
Clean codeClean code
Clean code
 
Anti Debugging
Anti DebuggingAnti Debugging
Anti Debugging
 
Insecure coding in C (and C++)
Insecure coding in C (and C++)Insecure coding in C (and C++)
Insecure coding in C (and C++)
 
PerlScripting
PerlScriptingPerlScripting
PerlScripting
 
RAII and ScopeGuard
RAII and ScopeGuardRAII and ScopeGuard
RAII and ScopeGuard
 
Anti-Debugging - A Developers View
Anti-Debugging - A Developers ViewAnti-Debugging - A Developers View
Anti-Debugging - A Developers View
 
Handling Exceptions In C &amp; C++[Part A]
Handling Exceptions In C &amp; C++[Part A]Handling Exceptions In C &amp; C++[Part A]
Handling Exceptions In C &amp; C++[Part A]
 
C#.net evolution part 2
C#.net evolution part 2C#.net evolution part 2
C#.net evolution part 2
 
Testing untestable code - IPC12
Testing untestable code - IPC12Testing untestable code - IPC12
Testing untestable code - IPC12
 
Solid C++ by Example
Solid C++ by ExampleSolid C++ by Example
Solid C++ by Example
 
Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2Handling Exceptions In C &amp; C++ [Part B] Ver 2
Handling Exceptions In C &amp; C++ [Part B] Ver 2
 
Compiler Construction | Lecture 3 | Syntactic Editor Services
Compiler Construction | Lecture 3 | Syntactic Editor ServicesCompiler Construction | Lecture 3 | Syntactic Editor Services
Compiler Construction | Lecture 3 | Syntactic Editor Services
 
Php 7 compliance workshop singapore
Php 7 compliance workshop singaporePhp 7 compliance workshop singapore
Php 7 compliance workshop singapore
 

Destacado

Steer and/or sink the supertanker by Andrew Rendell
Steer and/or sink the supertanker by Andrew RendellSteer and/or sink the supertanker by Andrew Rendell
Steer and/or sink the supertanker by Andrew RendellValtech UK
 
CiklumJavaSat15112011:Alexey Trusov-Code quality management
CiklumJavaSat15112011:Alexey Trusov-Code quality managementCiklumJavaSat15112011:Alexey Trusov-Code quality management
CiklumJavaSat15112011:Alexey Trusov-Code quality managementCiklum Ukraine
 
Part5 - enforcing coding standard and best practices with jas forge v1.0
Part5 - enforcing coding standard and best practices with jas forge v1.0Part5 - enforcing coding standard and best practices with jas forge v1.0
Part5 - enforcing coding standard and best practices with jas forge v1.0Jasmine Conseil
 
Suivi de qualité PIC afup2010
Suivi de qualité PIC afup2010Suivi de qualité PIC afup2010
Suivi de qualité PIC afup2010Gabriele Santini
 
Suivi qualité avec sonar pour php
Suivi qualité avec sonar pour phpSuivi qualité avec sonar pour php
Suivi qualité avec sonar pour phpGabriele Santini
 

Destacado (6)

Steer and/or sink the supertanker by Andrew Rendell
Steer and/or sink the supertanker by Andrew RendellSteer and/or sink the supertanker by Andrew Rendell
Steer and/or sink the supertanker by Andrew Rendell
 
CiklumJavaSat15112011:Alexey Trusov-Code quality management
CiklumJavaSat15112011:Alexey Trusov-Code quality managementCiklumJavaSat15112011:Alexey Trusov-Code quality management
CiklumJavaSat15112011:Alexey Trusov-Code quality management
 
Dev ecosystem v1.1
Dev ecosystem v1.1Dev ecosystem v1.1
Dev ecosystem v1.1
 
Part5 - enforcing coding standard and best practices with jas forge v1.0
Part5 - enforcing coding standard and best practices with jas forge v1.0Part5 - enforcing coding standard and best practices with jas forge v1.0
Part5 - enforcing coding standard and best practices with jas forge v1.0
 
Suivi de qualité PIC afup2010
Suivi de qualité PIC afup2010Suivi de qualité PIC afup2010
Suivi de qualité PIC afup2010
 
Suivi qualité avec sonar pour php
Suivi qualité avec sonar pour phpSuivi qualité avec sonar pour php
Suivi qualité avec sonar pour php
 

Similar a Listen afup 2010

Listen and look at your PHP code
Listen and look at your PHP codeListen and look at your PHP code
Listen and look at your PHP codeGabriele Santini
 
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...Rouven Weßling
 
Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016Rouven Weßling
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8Wim Godden
 
Living With Legacy Code
Living With Legacy CodeLiving With Legacy Code
Living With Legacy CodeRowan Merewood
 
The why and how of moving to php 5.4
The why and how of moving to php 5.4The why and how of moving to php 5.4
The why and how of moving to php 5.4Wim Godden
 
The why and how of moving to php 7
The why and how of moving to php 7The why and how of moving to php 7
The why and how of moving to php 7Wim Godden
 
Review unknown code with static analysis Zend con 2017
Review unknown code with static analysis Zend con 2017Review unknown code with static analysis Zend con 2017
Review unknown code with static analysis Zend con 2017Damien Seguy
 
What To Expect From PHP7
What To Expect From PHP7What To Expect From PHP7
What To Expect From PHP7Codemotion
 
Review unknown code with static analysis
Review unknown code with static analysisReview unknown code with static analysis
Review unknown code with static analysisDamien Seguy
 
The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5Wim Godden
 
The why and how of moving to php 5.4/5.5
The why and how of moving to php 5.4/5.5The why and how of moving to php 5.4/5.5
The why and how of moving to php 5.4/5.5Wim Godden
 
Code analysis tools (for PHP)
Code analysis tools (for PHP)Code analysis tools (for PHP)
Code analysis tools (for PHP)Karlen Kishmiryan
 
Introduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPIntroduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPwahidullah mudaser
 
The why and how of moving to PHP 5.5/5.6
The why and how of moving to PHP 5.5/5.6The why and how of moving to PHP 5.5/5.6
The why and how of moving to PHP 5.5/5.6Wim Godden
 
Php training100%placement-in-mumbai
Php training100%placement-in-mumbaiPhp training100%placement-in-mumbai
Php training100%placement-in-mumbaivibrantuser
 
Simplify your professional web development with symfony
Simplify your professional web development with symfonySimplify your professional web development with symfony
Simplify your professional web development with symfonyFrancois Zaninotto
 
Working Effectively With Legacy Perl Code
Working Effectively With Legacy Perl CodeWorking Effectively With Legacy Perl Code
Working Effectively With Legacy Perl Codeerikmsp
 

Similar a Listen afup 2010 (20)

Listen and look at your PHP code
Listen and look at your PHP codeListen and look at your PHP code
Listen and look at your PHP code
 
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so man...
 
Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016Static Analysis of PHP Code – IPC Berlin 2016
Static Analysis of PHP Code – IPC Berlin 2016
 
The why and how of moving to php 8
The why and how of moving to php 8The why and how of moving to php 8
The why and how of moving to php 8
 
Living With Legacy Code
Living With Legacy CodeLiving With Legacy Code
Living With Legacy Code
 
The why and how of moving to php 5.4
The why and how of moving to php 5.4The why and how of moving to php 5.4
The why and how of moving to php 5.4
 
The why and how of moving to php 7
The why and how of moving to php 7The why and how of moving to php 7
The why and how of moving to php 7
 
Review unknown code with static analysis Zend con 2017
Review unknown code with static analysis Zend con 2017Review unknown code with static analysis Zend con 2017
Review unknown code with static analysis Zend con 2017
 
What To Expect From PHP7
What To Expect From PHP7What To Expect From PHP7
What To Expect From PHP7
 
Review unknown code with static analysis
Review unknown code with static analysisReview unknown code with static analysis
Review unknown code with static analysis
 
The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5The why and how of moving to PHP 5.4/5.5
The why and how of moving to PHP 5.4/5.5
 
The why and how of moving to php 5.4/5.5
The why and how of moving to php 5.4/5.5The why and how of moving to php 5.4/5.5
The why and how of moving to php 5.4/5.5
 
Code analysis tools (for PHP)
Code analysis tools (for PHP)Code analysis tools (for PHP)
Code analysis tools (for PHP)
 
Introduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHPIntroduction to PHP - Basics of PHP
Introduction to PHP - Basics of PHP
 
Php’s guts
Php’s gutsPhp’s guts
Php’s guts
 
The why and how of moving to PHP 5.5/5.6
The why and how of moving to PHP 5.5/5.6The why and how of moving to PHP 5.5/5.6
The why and how of moving to PHP 5.5/5.6
 
Php manish
Php manishPhp manish
Php manish
 
Php training100%placement-in-mumbai
Php training100%placement-in-mumbaiPhp training100%placement-in-mumbai
Php training100%placement-in-mumbai
 
Simplify your professional web development with symfony
Simplify your professional web development with symfonySimplify your professional web development with symfony
Simplify your professional web development with symfony
 
Working Effectively With Legacy Perl Code
Working Effectively With Legacy Perl CodeWorking Effectively With Legacy Perl Code
Working Effectively With Legacy Perl Code
 

Último

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Último (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

Listen afup 2010

  • 1. LISTEN AND LOOK AT YOUR PHP CODE! Gabriele Santini Forum AFUP 2010
  • 2. Gabriele Santini  Architect/Consultant at SQLI  Contributor to PHP_CodeSniffer  So expect a special focus on this…  Sonar PHP Plugin  I have to show you!  Ex-mathematician :  love business modelling  love architectures  love quality assurance
  • 3. Static Analysis  All you can say about your program without actually execute the code  The rest is also interesting, let’s talk about it another time !  Examples ?  Syntax check, coding style, anti-patterns, metrics, OO design analysis, …  What PHP does before executing the code ?
  • 4. Levels of analysis  Lexical analysis  Read sources linearly searching for known patterns  Convert them to a sequence of tokens
  • 5. Levels of analysis  Lexical analysis  Read sources linearly searching for known patterns  Convert them to a sequence of tokens  Syntactic Analysis  Parse the tokens to find their logical structure
  • 6. Levels of analysis  Lexical analysis  Read sources linearly searching for known patterns  Convert them to a sequence of tokens  Syntactic Analysis  Parse the tokens to find their logical structure  Opcode (Bytecode) Generation  Generates an intermediary code that the Zend Engine will be able to execute
  • 7. Lexical Analysis  Tokenizer 1 <?php T_OPEN_TAG 2 if T_IF 2 T_WHITESPACE ( 2 1 T_LNUMBER 2 T_WHITESPACE < 2 T_WHITESPACE 2 2 T_LNUMBER ) 2 T_WHITESPACE { 2 T_WHITESPACE 3 echo T_ECHO 3 T_WHITESPACE 3 "Hello" T_CONSTANT_ENCAPSED_STRING ; 3 T_WHITESPACE } 4 T_WHITESPACE 5 ?> T_CLOSE_TAG <?php if (1 < 2) { echo "Hello"; } ?>
  • 8. Syntactic Analysis  Produces an AST  Abstract SyntaxTree  Decompose code in a tree-like form  Can be executed once a context is given  Used in compilers
  • 10. Opcodes Generation  Mistery tool… line # * op return operands -------------------------------------------------- 2 0 > EXT_STMT 1 IS_SMALLER ~0 1, 2 2 > JMPZ ~0, ->6 3 3 > EXT_STMT 4 ECHO 'Hello' 4 5 > JMP ->6 6 6 > EXT_STMT 7 > RETURN 1 <?php if (1 < 2) { echo "Hello"; } ?>
  • 11. GIVE US THE TOOLS !
  • 12. PHP_CodeSniffer  By Greg Sherwood  PEAR library  Venerable project  Code Style  But also a lot more  Works at lexical analysis level  Heavily use the tokenizer extension
  • 14. PHP_CodeSniffer  Sniffs  Classes that detectViolations  One or more type per class  Grouped in folders by subject:  Commenting, Formatting,WhiteSpace  Files, ControlStructures, Strings  Functions, Classes, NamingConventions  CodeAnalysis, Metrics  You can create your own!
  • 15. PHP_CodeSniffer  Standards  Sets of Sniffs that define your coding style  Installed :  PEAR,  Generic,  Zend*,  Squiz, MySource  PHPCS
  • 16. PHP_CodeSniffer 1.3  Rulesets XML! <ruleset name="MyPEAR"> <description>A variation of the PEAR coding standard.</description> <!-- Include some additional sniffs from the Generic standard --> <rule ref="Generic.Functions.FunctionCallArgumentSpacing"/> <message>Please review spacing in function ‘%s’</message> </rule> <rule ref="Generic.NamingConventions.UpperCaseConstantName"/> <!-- Lines can be 90 chars long, but never show errors --> <rule ref="Generic.Files.LineLength"> <properties> <property name="lineLimit" value="90"/> <property name="absoluteLineLimit" value="0"/> </properties> </rule> <!– Not so important for us --> <rule ref="Generic.PHP.DisallowShortOpenTag"> <severity>2</severity> </rule> </ruleset>
  • 17. Inside PHP_CodeSniffer  Sniff class main methods  register()  Make the sniff a listener for the declared tokens  process($phpcsFile, $stackPtr)  Called by the file during parsing when a declared token is found  File  Represents a parsed file  Holds the tokens structure and offers convenience methods
  • 18. Inside PHP_CodeSniffer  Life of a Sniff  DisallowMultipleStatementsSniff <?php echo $y; $x = 10; echo $y; for ($i = 1; $i < $length; $i++) { echo 'x'; } echo $x; $y = 2;; $this->wizardid = 10; $this->paint(); echo 'x'; ?>
  • 19. Inside PHP_CodeSniffer  Life of a Sniff  DisallowMultipleStatementsSniff public function register() { return array(T_SEMICOLON); } public function process($phpcsFile, $stackPtr) { […]
  • 20. Inside PHP_CodeSniffer  Life of a Sniff  DisallowMultipleStatementsSniff <?php echo $y; $x = 10; echo $y; for ($i = 1; $i < $length; $i++) { echo 'x'; } echo $x; $y = 2;; $this->wizardid = 10; $this->paint(); echo 'x'; ?>
  • 21. Inside PHP_CodeSniffer  Life of a Sniff  DisallowMultipleStatementsSniff <?php echo $y; $x = 10; echo $y; for ($i = 1; $i < $length; $i++) { echo 'x'; } echo $x; $y = 2;; $this->wizardid = 10; $this->paint(); echo 'x'; ?> $stackPtr
  • 22. Inside PHP_CodeSniffer  Life of a Sniff  DisallowMultipleStatementsSniff public function register() { return array(T_SEMICOLON); } public function process($phpcsFile, $stackPtr) { $tokens = $phpcsFile->getTokens(); $previous = $phpcsFile->findPrevious(…); if ($previous === false) { return; } // Continue =>
  • 23. Inside PHP_CodeSniffer  Life of a Sniff (2) // Ignore multiple statements in a FOR condition. // First some gym for nested parenthesis […] if ($tokens[$owner]['code'] === T_FOR) { return; } […] // If the previous semicolon is on the same line we add an error // to this file if ($tokens[$previous]['line'] === $tokens[$stackPtr]['line']) { $error = 'Each PHP statement must be on a line by itself'; $phpcsFile->addError($error, $stackPtr); return; } }//end process()
  • 24. PHP_CodeSniffer  At SQLI we have some framework standards  Zend Framework  Based onThomasWeidner work  Symfony  In collaboration with Fabien Potencier  Waiting for a serious release after 1.3 release
  • 25. PHP_CodeSniffer  At SQLI we have some framework standards  Zend Framework  Based onThomasWeidner work  Symfony  In collaboration with Fabien Potencier  Waiting for a serious release after 1.3 release  That’s nice, but…  Where are the standards for the other tools ?  I’ld expect a Drupal,Wordpress, Cake official standard
  • 26. PHP_CodeSniffer  How far a standard can go in detection ?
  • 27. PHP_CodeSniffer  How far a standard can go in detection ?  Interestingly far for generic PHP Code
  • 28. PHP_CodeSniffer  How far a standard can go in detection ?  Interestingly far for generic PHP Code  Very far if you know your tool’s structure  Imagine for example forcing PHP alternative syntax in Symfony views…  Or checking for escaping in ZendViews !
  • 29. PHP_Depend  By Manuel Pichler  Functional port of JDepend  OO design analysis  Metrics visualisation  Dependency analyzer  Works at the syntactic analysis level
  • 30. PHP_Depend  How it works  PHP_Depend first makes an AST off your code  A « personal » one, made by PHP objects  ASTComment, ASTClosure, ASTEvalExpression, …  This is made by the Builder/Parser component  Using PHP Reflection
  • 31. PHP_Depend  How it works (2)  Then PHP_Depend can answer questions by « visiting » the AST  Task of Metrics Analyzers, that extend AbstractVisitor  IOC, the visitor decides what to do according to AST Class : visitMethod, visitForStatement(), …  Analyzers can fire listeners during analyze() call  To get ongoing informations about the visit process
  • 32. PHP_Depend  What it gives:  The Abstraction/Instability graph
  • 33. PHP_Depend  What it gives:  The Abstraction/Instability graph
  • 34. PHP_Depend  What it gives:  The Pyramid !!
  • 35. PHPMD  By Manuel Pichler  Detects rules violations  Analog to PHP_Codesniffer  Works at syntactic analysis level  Actually on the same AST  Depends on PHP_Depend  Has rulesets !
  • 36. PHPMD  What it gives:  Code Size Rules  complexities, lengths, too many, …  Design Rules  OO, exit, eval  Naming Rules  Too short/long identifiers, old constructors, …  Unused Code Rules  Methods, members, parameters
  • 37. phploc  By Sebastian Bergmann  Simple tool to give basic metrics  Fast, direct to the goal  Works mostly on lexical level  But use bytekit for ELOC if it can
  • 38. phpcpd  By Sebastian Bergmann  Simple tool to detect duplicated code  Works at lexical analysis level  Use the tokenizer to minimize differences  Comments, whitespaces, …  Takes a minimum number of lines and tokens  Encodes according to this  Uses an hash table to find duplicates
  • 39. vld  Vulcan Logic Disassembler  By Derick Rethans  Works at bytecode level  Shows generated bytecodes  Calculates possible paths (CFG)  Find unreachable code  Could be used for code coverage path metrics
  • 42. Bytekit  By Stefan Esser (SektionEins)  Works at … bytecode level  Similar to vld  Exposes opcodes to a PHP array  bytekit_disassemble_file($filename)  Can be used directly for a custom script
  • 44. Bytekit-cli  By Sebastian Bergmann  PHP Interface to use bytekit to spot violation rules  Initial state  Implemented rules :  Check for disallowed opcodes (example eval, exit)  Check for direct output of variables  In svn, check for unescaped ZendView
  • 45. Padawan  By Florian Anderiasch  Focus on anti-pattern detection  alpha (?)  Works on syntactic analysis level  Based on PHC (PHP compiler)  Use an XML dump of the AST PHC generates  Makes xpath searches on it
  • 46. Padawan  Interesting approach  Rules are fairly simple to write  Already many interesting tests :  Empty constructs (if, else, try,..), unsafe typecasts, loop repeated calls, unused keys in foreach, …  PHC not easy to install  Risk on PHC manteinance
  • 47. Phantm  By Etienne Kneuss  Highly experimental  Severe limitation on PHP dynamic features  False positives  Works on syntax analysis level  Based on Java tools (Jflex, CUP, Scala)  Reports violations  Non top-level declarations, call-time pass-by-ref, nontrivial include calls, assign in conditional, …  Exploring Type FlowAnalysis  Tries to infer types and check for type safety
  • 48. Conclusion  Use the right tool for the right job  Coding style is better analysed at the lexical level  OO design is better viewed after syntactic analyses  Unreachable code after bytecoding  Contribute !  Plenty of things still to implement  Easy to have new ideas  At least use them (you should!) and give feedback
  • 49. Restitution  Once all this is collected what to do with it ?  At least, show it in a suitable form  At best, integrate this in your CI system
  • 50. phpUnderControl  By Manuel Pichler  CI for PHP  Based on CruiseControl  Integrates natively various tools :  PHPUnit (+XDebug for code coverage),  PHP_CodeSniffer  PHPDocumentor  PMD via PHPUnit (now PHPMD)
  • 51. phpUnderControl  What it gives : metrics graphs
  • 52. phpUnderControl  What it gives : report lists
  • 53. phpUnderControl  What it gives : PHPCodeBrowser
  • 54. Arbit  By Qafoo (with Manuel Pichler)  Basically a project multi-services tool  Ticketing system  Repository browser  Continuous integration  As Manuel is in it, some graphical presentations are unique for this tool  Still alpha
  • 55. Arbit  What it gives : more metrics graphs
  • 56. Arbit  What it gives : PHP_Depend overview
  • 57. Arbit  What it gives : Annotated sources
  • 58. Plugins Sonar for PHP  By me   Really by the Java guys at SQLI  Frédéric Leroy, Akram Ben Aissi, JérômeTama  Sonar is the state of the art for Open Source QA Reporting in Java  Thought for multilanguage  Can easely integrate all PHP reportings ported from Java tools  Junit => PHPUnit  JDepend => PHPDepend  Java PMD => PHPMD
  • 59. Plugins Sonar for PHP  Ok, not always so easely  CheckStyle is not PHP_CodeSniffer  Formats are not identical  Multi-language doesn’t mean no work to add one  First release on May 2010  0.2 Alpha state, but workable  Easy to install : give it a try !  Last version demo : sonar-php.sqli.com  Ok, enough, here are the screenshots
  • 60. Plugins Sonar for PHP  Dashboard
  • 61. Plugins Sonar for PHP  Components : treemaps
  • 62. Plugins Sonar for PHP  Time machine
  • 63. Plugins Sonar for PHP  Hotspots
  • 64. Plugins Sonar for PHP  Violations
  • 65. Plugins Sonar for PHP  Editing Code Profile
  • 66. Conclusion  Sonar really goes further  Best integrates with Hudson  Still is java…  But SonarSource really cooperates  How to interact with phpUnderControl, Arbit ?  (actually our solution – PIC PHP SQLI- is based on phpUC + Sonar)  This needs to evolve