Code quality is not just for christmas, it is a daily part of the job. So, what do you do when you're handed with a five feet long pole a million lines of code that must be vetted ? You call static analysis to the rescue. During one hour, we'll be reviewing totally unknown code code : no name, no usage, not a clue. We'll apply a wide range of tools, reaching for anything that helps us understand the code and form an opinion on it. Can we break this mystery and learn how everyone else is looking at our code ?  

1. REVIEW
UNKNOWN CODE
WITH STATIC ANALYSIS
Praha, Czech Republic, October 2018

2. Agenda
Reviewing code
Static analysis for PHP
A session in which you are the hero

3. Review some PHP code
We don't know what it does
We have never heard about it
We don't run it
We don't know the authors
Can we have an opinion?

4. Review the code
Reading code is humanly possible : its an art
Unit test are not adapted for review
Dynamic analysis is not fit for review
We need to explore code
We can only rely on the current state

5. Speaker
Damien Seguy
Exakat CTO
Static analysis for PHP
Elephpant retirement home
Nemluvím česky...

6. Source code is structured
Source code is a structured dataset
We need tools to query it
This is static analysis

7. Migration PHP 7.2->7.3
IncompatibilitiesNewfeatures

8. Appinfo()
List PHP features
Focus on PHP's specifics

9. PHP Features

14. Extensions

15. Application favorites
Many solutions to the same problem
Impact on PHP is minimal
Generate never-ending discussions
Rule : choose one, stick to it

20. Automated code review
Analyze code
Report PHP related problems

22. Tactical mistakes in the code
PHP classic trap
Development left overs
Dead code
Code modernisation
Literal bugs

23. Clean code for PHP
Best practices
Security, performance, clean code
in-house, PSR, calisthenics, other inspirations
Code mantras, code kata
PHP Manual
Migration guides

25. Exakat : 650 analysis
Analysis Freq. Here
function __destruct() { throw …} :
0,3 % 0
0,6 % 0
function foo($a, $a, $a) {} 2,0 % 0
substr($a, 2, 4) == 'abc' 6,9 % 0
!!(expression) 8,0 % 0
$a ? $b ? $c : $d : $e 11 % 0
No array_merge() in loops 43 % 8
include('file.php') 55 % 12
Use ::class operator 66 % 23

26. Which PHP version?
List of
directives

27. Automated code review
Semantic read of the code
Reports interesting issues
Works with AST

28. Automated code review
PHP 5 / 7
Calisthenics
ClearPHP
Performance
 
 


29. Semantics and definitions
Removes spaces, comments, documentations
Removes delimiters
( ) { } [ ] " ' ` ; :
Good network to link definition with usage

30. AST diagram
<?php
$x = source();
if ($x < 10) {
$y = $x + 1;
$a = 3;
$x = corrige($y);
} else {
$y = $x;
}

31. Flow Control Graph
<?php
$x = source();
if ($x < 10) {
$y = $x + 1;
$a = 3;
$x = corrige($y);
} else {
$y = $x;
}
$x = source;
if ($x < 10)
$y = $x;
$y = $x + 1;
$x = corrige($y);
end
$a = 3;
start

32. Data Dependency Graph
<?php
$x = source();
if ($x < 10) {
$y = $x + 1;
$a = 3;
$x = corrige($y);
} else {
$y = $x;
}
$x = source;
if ($x < 10) $y = $x;$y = $x + 1;
$x = corrige($y);
fin();
Depends onDepends on
Depends
on notDepends on
Depends on
$a = 3;
Depends on

33. Various AST
PHP7mar : nikic/php5-ast
PHAN : ext/ast (PHP 7 only)
PHPStan : based on reflection
Exakat : AST in a graph database
SonarQube : Java-build AST
PHPstorm : internal IDE AST

34. PHAN
PhanUndeclaredMethod Call to undeclared method
SyliusBundleChannelBundleTestsDependencyInjectionCompilerCompositeReques
tResolverPassTest::assertContainerBuilderHasServiceDefinitionWithMethodCall
(Did you mean expr-
>assertContainerBuilderNotHasServiceDefinitionWithMethodCall())
Total : 30566 results / 65 types
9459 issues
PhanParamTooMany Call with 4 arg(s) to
SyliusBundleMoneyBundleFormDataTransformerSyliusMoneyTransformer::__const
ruct() which only takes 0 arg(s) defined at projects/sylius/code/src/Sylius/
Bundle/MoneyBundle/Form/DataTransformer/SyliusMoneyTransformer.php:18
24 issues
PhanUnreferencedUseNormal Possibly zero references to use statement for
classlike/namespace OrderInterface
(SyliusComponentCoreModelOrderInterface)
171 issues
PhanParamTooFew : 36 issues

35. PHP 7 helps static analysis
Type hint, return type hint, scalar typehint
Usage of PHPDOC
Consistent behavior of PHP operators
Dynamic code is very difficult to analyze

36. PHP LINT
php -l <fichier.php>
Paralell executions
jakub-onderka/php-paralell-lint
Various versions of PHP : 7.0, 7.1, 7.2, 7.3, 5.6, 5.5

37. PHP LINT - 5.5->7.3
Not a single error
2725 compiled files
PHP 7.2.11 | 10 parallel jobs
............................................................ 60/2725 (2 %)
............................................................ 120/2725 (4 %)
............................................................ 180/2725 (6 %)
............................................................ 240/2725 (8 %)
............................................................ 300/2725 (11 %)
............................................................ 360/2725 (13 %)
............................................................ 420/2725 (15 %)
............................................................ 480/2725 (17 %)
............................................................ 540/2725 (19 %)
............................................................ 600/2725 (22 %)
............................................................ 660/2725 (24 %)
............................................................ 720/2725 (26 %)
............................................................ 780/2725 (28 %)
............................................................ 840/2725 (30 %)
............................................................ 900/2725 (33 %)
............................................................ 960/2725 (35 %)
............................................................ 1020/2725 (37 %)
............................................................ 1080/2725 (39 %)
............................................................ 1140/2725 (41 %)
............................................................ 1200/2725 (44 %)
............................................................ 1260/2725 (46 %)
............................................................ 1320/2725 (48 %)
............................................................ 1380/2725 (50 %)
............................................................ 1440/2725 (52 %)
............................................................ 1500/2725 (55 %)
............................................................ 1560/2725 (57 %)
............................................................ 1620/2725 (59 %)
............................................................ 1680/2725 (61 %)
............................................................ 1740/2725 (63 %)
............................................................ 1800/2725 (66 %)
............................................................ 1860/2725 (68 %)
............................................................ 1920/2725 (70 %)
............................................................ 1980/2725 (72 %)
............................................................ 2040/2725 (74 %)
............................................................ 2100/2725 (77 %)
............................................................ 2160/2725 (79 %)
............................................................ 2220/2725 (81 %)
............................................................ 2280/2725 (83 %)
............................................................ 2340/2725 (85 %)
............................................................ 2400/2725 (88 %)
............................................................ 2460/2725 (90 %)
............................................................ 2520/2725 (92 %)
............................................................ 2580/2725 (94 %)
............................................................ 2640/2725 (96 %)
............................................................ 2700/2725 (99 %)
......................... 2725/2725 (100 %)
Checked 2725 files in 16.9 seconds
No syntax error found

38. 0
1,25
2,5
3,75
5
5.2 5.3 5.4 5.5 5.6 7.0 7.1 7.2
0
1
2
3
4
5.2 5.3 5.4 5.5 5.6 7.0 7.1 7.2
0
0,75
1,5
2,25
3
5.2 5.3 5.4 5.5 5.6 7.0 7.1 7.2
0
1,75
3,5
5,25
7
5.2 5.3 5.4 5.5 5.6 7.0 7.1 7.2
5.3 5.4 5.5 5.6 7.0 7.1 7.2 7.3
5.3 5.4 5.5 5.6 7.0 7.1 7.2 7.3 5.3 5.4 5.5 5.6 7.0 7.1 7.2 7.3
5.3 5.4 5.5 5.6 7.0 7.1 7.2 7.3

39. What does this app do?
Inventories of the application
Names for classes, methods, traits, variables,
interfaces…
List of literal in the code
Integers, real, arrays, strings

40. Errors messages

41. Classes
TaxRateSpec 2
Taxon 2
TaxonSpec 2
TextAttributeType 2
TextareaAttributeType 2
TranslatableEntityLocaleAssigner 2
TranslatableEntityLocaleAssignerSpec 2
TwigBulkActionGridRenderer 2
TwigBulkActionGridRendererSpec 2
TwigGridRenderer 2
TwigGridRendererSpec 2
UserRepository 2
ZoneContext 2
AddressType 3
CartContext 3
CurrencyContext 3
DataSource 3
Driver 3
ExpressionBuilder 3
ProductContext 3
ProductReviewContext 3
ThemeContext 3
UserContext 3
ChannelContext 4
CustomerContext 4
LocaleContext 4
ShowPage 5
ConfigurationTest 6
IndexPage 18
CreatePage 24
UpdatePage 24
Configuration 28

42. Variables
$class 3
$configuration 3
$constraint 3
$context 3
$customers 3
$data 3
$datetime 3
$factory 3
$fixture 3
$form 3
$image 3
$images 3
$item 3
$listener 3
$metadata 3
$method 3
$objects 3
$options 3
$optionvalues 3
$parameters 3
$payments 3
$productassociations 3
$products 3
$producttaxon 3
$provinces 3
$repository 3
$resource 3
$resources 3
$result 3
$results 3
$shipments 3
$taxons 3
$value 3
$values 3
$zone 3
$arguments 6
$expressions 10
3791 variables
Also :
59 used-once variables

43. List of PHP analyzers
Exakat
PHPStan
Phan
Phploc
PHPmetrics
https://github.com/exakat/
php-static-analysis-tools

44. Large application
Symfony framework
No databases
Very low level of issues
Tend to use very modern PHP features
Backward compatibilities
Deal with sales : customers, sales

45. https://sylius.com

46. Danke schön
http://exakat.io/ - @exakat