Difference between revisions of "Static analysis"

From Freephile Wiki
Jump to navigation Jump to search
(link to SonarQube)
 
(2 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
Static analysis tools allow you to maintain a healthy codebase because every time you make a code change, you can check the entire codebase for quality without having to run the code. What does static analysis do for you? It gives you
 
Static analysis tools allow you to maintain a healthy codebase because every time you make a code change, you can check the entire codebase for quality without having to run the code. What does static analysis do for you? It gives you
  
* easier code review
+
*easier code review
* better code quality
+
*better code quality
* better product quality
+
*better product quality
  
 
Static analysis tools detect 'technical debt', 'smelly code' and 'bad practices'. These might be OK in the short-term, but over time will slow down your development cycle and wreck your product <ref>or worse:  Software errors have famously caused rockets to miss targets; cars to kill people, trains to crash</ref>.
 
Static analysis tools detect 'technical debt', 'smelly code' and 'bad practices'. These might be OK in the short-term, but over time will slow down your development cycle and wreck your product <ref>or worse:  Software errors have famously caused rockets to miss targets; cars to kill people, trains to crash</ref>.
  
Some people don't like static analysis. Frankly, that might just be because you're OK producing software that has bugs. Or else I think it's either because those people are short-sighted in ways that extra process means "slow delivery" for them. Or, they don't know computer <nowiki>'''</nowiki>science<nowiki>'''</nowiki> and so if you mention topics like [[wp:Reification (computer science)]], they get uncomfortable and defensive. No matter the real reason, I don't believe you can be a professional software developer and disclaim the benefits and utility of static analysis tools in producing better quality software with less time and effort.  
+
Static analysis tools are not "magic". To paraphrase the famous Edsger Dijkstra, there is not a tool that can prove a program to be defect free. Still, one must recognize the benefits and utility of static analysis tools in producing better quality software with less time and effort.  
  
 
[https://github.com/brendt Brent Roose] of PHP Annotated discusses Static Analysis in this video about Generics in PHP
 
[https://github.com/brendt Brent Roose] of PHP Annotated discusses Static Analysis in this video about Generics in PHP
{{#ev:youtube|https://www.youtube.com/watch?v=JtmRG5lCENA|right}}
+
{{#ev:youtube|https://www.youtube.com/watch?v=JtmRG5lCENA|right}}<br />
 +
 
 +
== Multi-language static analysis ==
 +
[[SonarQube]], SonarLint and SonarCloud are tools for muti-language static analysis and general code health.
  
 
==Static Analysis tools for PHP==  
 
==Static Analysis tools for PHP==  
Line 20: Line 23:
  
 
===PHPStan===
 
===PHPStan===
This is my favorite tool. See [[PHPStan]]
+
I prefer [[PHPStan]] over phan.
  
 
===Psalm===
 
===Psalm===

Latest revision as of 15:31, 5 March 2024

Part of Testing is the static analysis that your IDE can perform, or that standalone analysis tools can perform.

Static analysis tools allow you to maintain a healthy codebase because every time you make a code change, you can check the entire codebase for quality without having to run the code. What does static analysis do for you? It gives you

  • easier code review
  • better code quality
  • better product quality

Static analysis tools detect 'technical debt', 'smelly code' and 'bad practices'. These might be OK in the short-term, but over time will slow down your development cycle and wreck your product [1].

Static analysis tools are not "magic". To paraphrase the famous Edsger Dijkstra, there is not a tool that can prove a program to be defect free. Still, one must recognize the benefits and utility of static analysis tools in producing better quality software with less time and effort.

Brent Roose of PHP Annotated discusses Static Analysis in this video about Generics in PHP


Multi-language static analysis[edit | edit source]

SonarQube, SonarLint and SonarCloud are tools for muti-language static analysis and general code health.

Static Analysis tools for PHP[edit | edit source]

Phan[edit | edit source]

see Phan

PHPStan[edit | edit source]

I prefer PHPStan over phan.

Psalm[edit | edit source]

https://psalm.dev/

References[edit source]

  1. or worse: Software errors have famously caused rockets to miss targets; cars to kill people, trains to crash