Code quality is not just for christmas, it is a daily part of the job. So, what do you do when you’re handed with a five feet long pole a million lines of code that must be vetted ? You call static analysis to the rescue. During one hour, we’ll be reviewing totally unknown code code : no name, no usage, not a clue. We’ll apply a wide range of tools, reaching for anything that helps us understand the code and form an opinion on it. Can we break this mystery and learn how everyone else is looking at our code ?

1. REVIEW
UNKNOWN CODE
WITH STATIC ANALYSIS
Berlin, Germany, June 2018

2. Agenda
Reviewing code
Static analysis for PHP
A session in which you are the hero

3. Review some PHP code
We don't know what it does
We have never heard about it
We don't run it
We don't know the authors
Can we have an opinion?

4. Review the code
Reading code is humanly possible : its an art
Unit test are not adapted for review
Dynamic analysis is not fit for review
We need to explore code
We can only rely on the current state

5. Speaker
Damien Seguy
Exakat CTO
Static analysis for PHP
Elephpant retirement home
Ich spreche kein Deutsch

6. Source code is structured
Source code is a structured dataset
We need tools to query it
This is static analysis

7. Migration PHP 7.0->7.1
IncompatibilitiesNewfeatures

8. Appinfo()
List PHP features
Focus on PHP's specifics

9. PHP Features

14. Extensions 1 / 2

15. Extensions 2 / 2

16. Application favorites
Many solutions to the same problem
Impact on PHP is minimal
Generate never-ending discussions
Rule : choose one, stick to it

18. List of
directives

19. Automated code review
Analyze code
Report PHP related problems

21. Tactical mistakes in the code
PHP classic trap
Development left overs
Dead code
Code modernisation
Literal bugs

22. Clean code for PHP
Best practices
Security, performance, clean code
in-house, PSR, calisthenics, other inspirations
Code mantras, code kata
PHP Manual
Migration guides

24. Exakat : 650 analysis
Analysis Freq. Here
function __destruct() { throw …} :
0,3 % 0
0.6% 0
function foo($a, $a, $a) {} 2.0% 0
substr($a, 2, 4) == 'abc' 6.9% 0
!!(expression) 8.0% 34
$a ? $b ? $c : $d : $e 11% 2
if (strpos($a, $b)) {} 46% 40
include('file.php') 55% 180
foreach($a as &$b) {} 60% 30

25. Which PHP version?
List of
directives

26. Automated code review
Semantic read of the code
Reports interesting issues
Works with AST

27. Automated code review
PHP 5 / 7
Calisthenics
ClearPHP
Performance
 
 


28. Semantics and definitions
Removes spaces, comments, documentations
Removes delimiters
( ) { } [ ] " ' ` ; :
Good network to link definition with usage

29. AST diagram
<?php
$x = source();
if ($x < 10) {
$y = $x + 1;
$a = 3;
$x = corrige($y);
} else {
$y = $x;
}

30. Flow Control Graph
<?php
$x = source();
if ($x < 10) {
$y = $x + 1;
$a = 3;
$x = corrige($y);
} else {
$y = $x;
}
$x = source;
if ($x < 10)
$y = $x;
$y = $x + 1;
$x = corrige($y);
end
$a = 3;
start

31. Data Dependency Graph
<?php
$x = source();
if ($x < 10) {
$y = $x + 1;
$a = 3;
$x = corrige($y);
} else {
$y = $x;
}
$x = source;
if ($x < 10) $y = $x;$y = $x + 1;
$x = corrige($y);
fin();
Depends onDepends on
Depends
on notDepends on
Depends on
$a = 3;
Depends on

32. Various AST
PHP7mar : nikic/php5-ast
PHAN : ext/ast (PHP 7 only)
Exakat : AST in a graph database
SonarQube : Java-build AST
PHPstorm : internal IDE AST
Reflexion / Better Reflexion

33. PHAN
PhanTypeMismatchArgument Argument 2 (order) is false but EGroupwareApi
Hooks::process() takes array|string defined at
Total : 11999 results / 96 types
1679 issues
PhanTypeArraySuspiciousNullable Suspicious array access to nullable ?array|null
1256 issues
PhanUndeclaredClassMethod Call to method decode from undeclared class Horde_Mime
1247 issues
PhanUndeclaredProperty Reference to undeclared property calendar_bo->total
PhanTypeInvalidDimOffset Invalid offset "timeformat" of array type array{tz:mixed}
999 issues
668 issues

34. PHP 7 helps static analysis
Type hint, return type hint, scalar typehint
Usage of PHPDOC
Consistent behavior of PHP operators
Dynamic code is very difficult to analyze

35. PHP LINT
php -l <fichier.php>
Paralell executions
jakub-onderka/php-paralell-lint
Various versions of PHP : 7.0, 7.1, 7.2, 7.3, 5.6, 5.5

36. PHP LINT - 5.5->7.3
Not a single error
615 compiled files
PHP 7.2.6 | 10 parallel jobs
............................................................ 60/615 (9 %)
............................................................ 120/615 (19 %)
............................................................ 180/615 (29 %)
............................................................ 240/615 (39 %)
............................................................ 300/615 (48 %)
............................................................ 360/615 (58 %)
............................................................ 420/615 (68 %)
............................................................ 480/615 (78 %)
............................................................ 540/615 (87 %)
............................................................ 600/615 (97 %)
............... 615/615 (100 %)
Checked 615 files in 4 seconds
No syntax error found

37. 0
1.25
2.5
3.75
5
5.2 5.3 5.4 5.5 5.6 7.0 7.1 7.2
0
1
2
3
4
5.2 5.3 5.4 5.5 5.6 7.0 7.1 7.2
0
0.75
1.5
2.25
3
5.2 5.3 5.4 5.5 5.6 7.0 7.1 7.2
0
1.75
3.5
5.25
7
5.2 5.3 5.4 5.5 5.6 7.0 7.1 7.2
5.2 5.3 5.4 5.5 5.6 7.0 7.1 7.2
5.2 5.3 5.4 5.5 5.6 7.0 7.1 7.2 5.2 5.3 5.4 5.5 5.6 7.0 7.1 7.2
5.2 5.3 5.4 5.5 5.6 7.0 7.1 7.2

38. What does this app do?
Inventories of the application
Names for classes, methods, traits, variables,
interfaces…
List of literal in the code
Integers, real, arrays, strings

39. Errors messages

40. Classes
timesheet_hooks 1
timesheet_import_csv 1
timesheet_merge 1
timesheet_tracking 1
timesheet_ui 1
timesheet_wizard_export_csv 1
timesheet_wizard_import_csv 1
uiconfig 1
Customfields 2
Dbmailuser 2
File 2
Files 2
Html 2
Image 2
Link 2
Mail 2
Merge 2
Request 2
Session 2
Template 2
Tracking 2
Vfs 2
Base 3
Cache 3
Storage 3
Univention 3
Ads 4
Exception 4
Sql 4
StreamWrapper 4
Hooks 5
Ldap 5

41. Variables
$folder 5
$link 5
$n 5
$resource 5
$script 5
$val 5
$vcard 5
$_headerobject 6
$appdata 6
$contact 6
$etemplate 6
$field 6
$name 6
$recurrence 6
$replacements 6
$account 7
$config 7
$list 7
$options 7
$v 7
$col 8
$item 8
$alarm 9
$event 9
$settings 9
$status 10
$id 12
$prop 13
$label 16
$data 19
$row 21
$value 21
9439 variables
Also :
958 used-once variables

42. List of PHP analyzers
Exakat
Phan
Phploc
PHPmetrics
https://github.com/exakat/
php-static-analysis-tools

43. Medium application
Internal framework
Low level of issues
Tend to use old PHP features
Backward compatibilities
Deal with school : contacts, identity

44. www.egroupware.org

45. Danke schön
http://exakat.io/ - @exakat