Static Code Analysis Tech Talk
Being a successful developer, in particular PHP, means to stay up-to-date and to keep your eye on PHP trends.
We, at PROBEGIN, strive for being aware of everything new according to our area of interests. Our DEVs understand that knowledge is power and the knowledge, which is shared, is power multiplied. Sharing it might seem like a burden to someone, but on the contrary it’s a reflection of teamwork.
The latest knowledge sharing session gave us an opportunity to improve our understanding of such things as Static Code Analysis and Type Checking.
What do we know about static code analysis?
Static code analysis is the automation of code reading and the identification of its characteristics, such as:
- formatting
- cyclic dependencies
- complexity of algorithms
- the call stack methods
- potential errors or exceptions
- violation of coding standards
What tasks can be solved by that?
1. Simplify the code review
For instance, you can exclude formatting errors before the code review, and thus pay more attention to checking functional changes.
2. Search for obvious errors
For example, we can go through all the classes and find out the properties or methods that never used, or remove definitions of imported files that no longer needed.
3. The collection of code metrics (including the method call stack, the number of references to objects, etc), which solves two tasks at once:
- Reducing the threshold of entry into the project by simplifying the search for places of using methods, classes, interfaces and their implementations (helps to understand the functionality).
- Identifying the bottlenecks of code or architecture. It helps to optimize the architecture and keep the code cleaner. The bottlenecks include cyclic dependencies and not optimal algorithms. Or, for example, a large number of references can indicate that it should be decomposed in order to perform the single responsibility principle. The number of changes that is required after adding a functional to a particular method/class can indicate the instability of the system (roughly speaking, when after adding 1 line you need to fix 10 bugs). We can use such a tool as dephpend. It performs analysis of metrics and code links as well as search for cyclic dependencies.
Time for Type Checking
To check the types there are such analyzers as:
- PhpStorm – can be expanded only on Java
- Phan – is written by one of the authors of PHP – Rasmus Lerdorf
- PhpStan – is specialized in type checking or null
- Psalm – is specialized in type deduction
As for the extension of these tools, problems can arise only when writing a plugin for PhpStorm, since you will have to write in Java. All others – Phan, PhpStan, Psalm can be expanded without any problems. You can ask why you need this extension? The answer is simple – to take any restrictions into the project. For example, if you need to disallow calling EntityManager from the controller.
To conclude, we’d like to give a little advice, do not consider type checking or static analysis as a substitution of tests. These methods are exploited the best together, which in turns improve product quality.