2008-12-18 19:39

是否有一个 PHP 文件的静态代码分析器[像 Lint ]? [关闭]


Is there a static code analyzer for PHP files? The binary itself can check for syntax errors, but I'm looking for something that does more, like unused variable assignments, arrays that are assigned into without being initialized first, and possibly code style warnings. Open-source programs would be preferred, but we might convince the company to pay for something if it's highly recommended.


  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答


  • csdnceshi59 ℙℕℤℝ 13年前

    Run php in lint-mode from the command line to validate syntax without execution:

    php -l FILENAME

    Higher-level static analyzers include:

    Lower-level analyzers include:

    Runtime analyzers, which are more useful for some things due to PHPs dynamic nature, include:

    The documentation libraries phpdoc and doxygen perform a kind of code analysis. Doxygen, for example, can be configured to render nice inheritance graphs with graphviz.

    Another option is xhprof, which is similar to xdebug, but lighter, making it suitable for production servers. The tool includes a PHP-based interface.

    点赞 28 评论 复制链接分享
  • csdnceshi57 perhaps? 8年前

    There is absolutely new tool for static code analysis called PHP Analyzer.

    Among many types of static analysis it also provides basic auto-fixing functionality, see documentation.

    UPDATE: PHP-Analyzer is now deprecated project but you still can access it on legacy branch

    点赞 9 评论 复制链接分享
  • weixin_41568208 北城已荒凉 11年前

    PHP PMD (project mess detector) and PHP CPD (copy paste detector) as the former part of PHPUnit

    点赞 8 评论 复制链接分享
  • csdnceshi72 谁还没个明天 13年前

    For completeness -- also check phpCallGraph.

    点赞 7 评论 复制链接分享
  • csdnceshi50 三生石@ 13年前

    Online PHP lint


    Unitialized variables check. Link 1 and 2 already seem to do this just fine, though.

    I can't say I have used any of these intensively, though :)

    点赞 6 评论 复制链接分享
  • weixin_41568183 零零乙 9年前

    Also, PHP Compiler maybe worth a try. Its main function is to produce PHP binaries but it does have some analysis capabilities.

    点赞 5 评论 复制链接分享
  • weixin_41568196 撒拉嘿哟木头 9年前

    PHP Mess Detector is awesome and fast.

    点赞 5 评论 复制链接分享
  • csdnceshi80 胖鸭 11年前

    See Semantic Designs' CloneDR, a "clone detection" tool that finds copy/paste/edited code. It will find exact and near miss code fragments, in spite of whitespace, comments and even variable renamings. A sample detection report for PHP can be found at the wesite. (I'm the author).

    点赞 5 评论 复制链接分享
  • csdnceshi79 python小菜 8年前

    You may want to try compiling with Facebook's hiphop.

    It does a static analysis on the entire project, and may be what you're looking for.


    点赞 4 评论 复制链接分享
  • csdnceshi73 喵-见缝插针 9年前

    I have tried using $php -l and couple other tools. However the best one in my experience (YMMV, of course) is scheck of pfff toolset. I heard about pfff on Quora (http://www.quora.com/Is-there-a-good-PHP-lint-static-analysis-tool)

    You can compile and install it. There are no nice packages (on my mint Debian, I had to install libpcre3-dev, ocaml, libcairo-dev, libgtk-3-dev and libgimp2.0-dev dependencies first) but it should be worth an intsall.

    The results are reported like

    rjha@mint ~ $ ~/sw/pfff/scheck ~/code/github/sc/
    login-now.php:7:4: CHECK: Unused Local variable $title
    go-automatic.php:14:77: CHECK: Use of undeclared variable $goUrl.
    点赞 4 评论 复制链接分享
  • csdnceshi56 lrony* 11年前

    There a new tool called nWire for PHP. It is a code exploration plugin for Eclipse PDT and Zend Studio 7.x. It enables real-time code analysis for PHP and provides the following tools:

    • Code visualization - interactive graphical representation of components and associations.
    • Code navigation - unique navigation view shows all the associations and works with you while you write or read code.
    • Quick search - search as you type for methods, fields, file, etc.
    点赞 3 评论 复制链接分享
  • csdnceshi73 喵-见缝插针 8年前

    There is RIPS - A static source code analyser for vulnerabilities in PHP scripts. Sources of RIPS available at SourceForge.

    From the RIPS site:

    RIPS is a tool written in PHP to find vulnerabilities in PHP applications using static code analysis. By tokenizing and parsing all source code files RIPS is able to transform PHP source code into a program model and to detect sensitive sinks (potentially vulnerable functions) that can be tainted by userinput (influenced by a malicious user) during the program flow. Besides the structured output of found vulnerabilities RIPS also offers an integrated code audit framework for further manual analysis.

    点赞 2 评论 复制链接分享
  • weixin_41568183 零零乙 11年前

    The NetBeans IDE checks for syntax errors, unusued variables and such. It's not automated, but works fine for small or medium projects.

    点赞 2 评论 复制链接分享