PHPcon Poland - Static Analysis of PHP Code – How the Heck did I write so many Bugs?
1. Static Analysis of PHP
Code
How the Heck did I write so many Bugs?
PHPCon Poland, September 2016
By Rouven Weßling ( )
Ecosystem Developer / Developer Evangelist, Contentful
@RouvenWessling
photo credit: byWarsaw Kamil Porembiński (license)
10. class ClientTest extends PHPUnit_Framework_TestCase
{
public function testGetSynchronizationManager()
{
$client = new Client('b4c0n73n7fu1', 'cfexampleapi');
$this->assertInstanceOf(Manager::class, $client->getSynchronizationManager());
}
}
28. Compiles PHP script with the actual PHP compiler
It's already installed on your computer
Can be used to test compatibility with multiple PHP
versions
29. <?php
namespace ContentfulLog
use PsrHttpMessageRequestInterface;
use PsrHttpMessageResponseInterface;
class NullLogger implements LoggerInterface
{
public function getTimer()
{
return new NullTimer;
}
public function log($api, RequestInterface $request, StandardTimer $timer, Respons
{
}
}
30. PHP 7.0.3 | 10 parallel jobs
.................................X...... 40/40 (100 %)
Checked 40 files in 0.5 seconds
Syntax error found in 1 file
------------------------------------------------------------
Parse error: src/Log/NullLogger.php:9
7| namespace ContentfulLog
8|
> 9| use PsrHttpMessageRequestInterface;
10| use PsrHttpMessageResponseInterface;
11|
Unexpected 'use' (T_USE), expecting '{'
33. Gather stats about your projects
Get an idea of the complexity
See long term trends
34. phploc 3.0.1 by Sebastian Bergmann.
Directories 6
Files 40
Size
Lines of Code (LOC) 5683
Comment Lines of Code (CLOC) 2562 (45.08%)
Non-Comment Lines of Code (NCLOC) 3121 (54.92%)
Logical Lines of Code (LLOC) 951 (16.73%)
Classes 868 (91.27%)
Average Class Length 21
Minimum Class Length 0
Maximum Class Length 190
Average Method Length 2
Minimum Method Length 0
Maximum Method Length 25
Functions 0 (0.00%)
Average Function Length 0
Not in classes or functions 83 (8.73%)
35. Cyclomatic Complexity
Average Complexity per LLOC 0.28
Average Complexity per Class 7.65
Minimum Class Complexity 1.00
Maximum Class Complexity 62.00
Average Complexity per Method 1.82
Minimum Method Complexity 1.00
Maximum Method Complexity 11.00
44. How it works
Parses all files in your code
Stores which classes access which others classes
Checks the graph for rule violations
45. deptrac is alpha, not production ready.
please help us and report feedback / bugs.
Start to create an AstMap for 24 Files.
........................
AstMap created.
start emitting dependencies "InheritanceDependencyEmitter"
start emitting dependencies "BasicDependencyEmitter"
end emitting dependencies
start flatten dependencies
end flatten dependencies
collecting violations.
formatting dependencies.
[...]ServicesPdfOrder::5 must not depend on [...]EntityVorkursticket (Service on Enti
[...]ServicesPdfOrder::23 must not depend on [...]EntityVorkursticket (Service on Ent
Found 2 Violations
49. Type safety for PHP
Checks docblocks
Signature mismatches
Unused code
50. How it works
Makes 2 passes over the codebase
1. Build a list of all classes, functions, methods, etc.
2. Go trough each function and follow the type of
each variable
51. /**
* @param Locale|string|null $locale
*
* @return string
*/
public function getDescription($locale = null)
{
$localeCode = $this->getLocaleFromInput($locale);
// This checks happens after the call to getLocaleFromInput to make sure
// the Exception for invalid locales is still thrown.
if ($this->description === null) {
return null;
}
return $this->description->$localeCode;
}
src/Delivery/Asset.php:74 PhanTypeMismatchReturn Returning type null
but getDescription() is declared to return string
52. class ContentType
{
/**
* The fields, keyed by ID.
*
* @var object
*/
private $fields = [];
}
src/Delivery/ContentType.php:34 PhanTypeMismatchProperty Assigning array to
property but contentfuldeliverycontenttype::fields is object
53. public function __call($name, $arguments)
{
// Lots of code here
if ($result instanceof Link) {
return $client->resolveLink($result);
}
return array_map(function ($value) use ($client) {
if ($value instanceof Link) {
return $client->resolveLink($value);
}
return $value;
}, $result);
}
src/Delivery/DynamicEntry.php:126
PhanTypeMismatchArgumentInternal Argument 2 (input1) is
contentfuldeliverylink but array_map() takes array
Not a bug
57. phan is using brute force for type checking
Roughly as good as the compiler for a statically
typed language
Works, but a Control Flow Graph could give even
deeper insight
58. int foo(int length) {
int x = 0;
for (int i = 0; i < length; i++)
x += 1
return length/x;
}
59.
60. Bottom line
There are dozens of tools - pick what's necessary for
you
Make them part of your Continuous Integration setup
Never trust. Make sure you understand where the
error is coming from.
61.
62. Slides available on Slideshare:
http://www.slideshare.net/rwessling
Please leave feedback on joind.in
( ) or tweet me
( )
https://joind.in/talk/8f19b
@RouvenWessling