Static analysis

From Freephile Wiki

Part of Testing is the static analysis that your IDE can perform, or that standalone analysis tools can perform.

Static analysis tools allow you to maintain a healthy codebase because every time you make a code change, you can check the entire codebase for quality without having to run the code. What does static analysis do for you? It gives you

  • easier code review
  • better code quality
  • better product quality

Static analysis tools detect 'technical debt', 'smelly code' and 'bad practices'. These might be OK in the short-term, but over time will slow down your development cycle and wreck your product [1].

Static analysis tools are not "magic". To paraphrase the famous Edsger Dijkstra, there is not a tool that can prove a program to be defect free. Still, one must recognize the benefits and utility of static analysis tools in producing better quality software with less time and effort.

Brent Roose of PHP Annotated discusses Static Analysis in this video about Generics in PHP


Multi-language static analysis[edit | edit source]

SonarQube, SonarLint and SonarCloud are tools for muti-language static analysis and general code health.

Static Analysis tools for PHP[edit | edit source]

Phan[edit | edit source]

see Phan

PHPStan[edit | edit source]

I prefer PHPStan over phan.

Psalm[edit | edit source]

https://psalm.dev/

References[edit source]

  1. or worse: Software errors have famously caused rockets to miss targets; cars to kill people, trains to crash