Difference between revisions of "Static analysis"
(Answer "Why") |
(link to SonarQube) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
Static analysis tools allow you to maintain a healthy codebase because every time you make a code change, you can check the entire codebase for quality without having to run the code. What does static analysis do for you? It gives you | Static analysis tools allow you to maintain a healthy codebase because every time you make a code change, you can check the entire codebase for quality without having to run the code. What does static analysis do for you? It gives you | ||
− | * easier code review | + | *easier code review |
− | * better code quality | + | *better code quality |
− | * better product quality | + | *better product quality |
− | Static analysis tools detect 'technical debt', 'smelly code' and 'bad practices'. These might be OK in the short-term, but over time will slow down your development cycle and wreck your product. | + | Static analysis tools detect 'technical debt', 'smelly code' and 'bad practices'. These might be OK in the short-term, but over time will slow down your development cycle and wreck your product <ref>or worse: Software errors have famously caused rockets to miss targets; cars to kill people, trains to crash</ref>. |
− | + | Static analysis tools are not "magic". To paraphrase the famous Edsger Dijkstra, there is not a tool that can prove a program to be defect free. Still, one must recognize the benefits and utility of static analysis tools in producing better quality software with less time and effort. | |
[https://github.com/brendt Brent Roose] of PHP Annotated discusses Static Analysis in this video about Generics in PHP | [https://github.com/brendt Brent Roose] of PHP Annotated discusses Static Analysis in this video about Generics in PHP | ||
− | {{#ev:youtube|https://www.youtube.com/watch?v=JtmRG5lCENA|right}} | + | {{#ev:youtube|https://www.youtube.com/watch?v=JtmRG5lCENA|right}}<br /> |
+ | |||
+ | == Multi-language static analysis == | ||
+ | [[SonarQube]], SonarLint and SonarCloud are tools for muti-language static analysis and general code health. | ||
==Static Analysis tools for PHP== | ==Static Analysis tools for PHP== | ||
Line 20: | Line 23: | ||
===PHPStan=== | ===PHPStan=== | ||
− | + | I prefer [[PHPStan]] over phan. | |
===Psalm=== | ===Psalm=== | ||
https://psalm.dev/ | https://psalm.dev/ | ||
+ | |||
+ | {{References}} | ||
[[Category:Tools]] | [[Category:Tools]] |
Latest revision as of 15:31, 5 March 2024
Part of Testing is the static analysis that your IDE can perform, or that standalone analysis tools can perform.
Static analysis tools allow you to maintain a healthy codebase because every time you make a code change, you can check the entire codebase for quality without having to run the code. What does static analysis do for you? It gives you
- easier code review
- better code quality
- better product quality
Static analysis tools detect 'technical debt', 'smelly code' and 'bad practices'. These might be OK in the short-term, but over time will slow down your development cycle and wreck your product [1].
Static analysis tools are not "magic". To paraphrase the famous Edsger Dijkstra, there is not a tool that can prove a program to be defect free. Still, one must recognize the benefits and utility of static analysis tools in producing better quality software with less time and effort.
Brent Roose of PHP Annotated discusses Static Analysis in this video about Generics in PHP
Contents
Multi-language static analysis[edit | edit source]
SonarQube, SonarLint and SonarCloud are tools for muti-language static analysis and general code health.
Static Analysis tools for PHP[edit | edit source]
Phan[edit | edit source]
see Phan
PHPStan[edit | edit source]
I prefer PHPStan over phan.
Psalm[edit | edit source]
References[edit source]
- ↑ or worse: Software errors have famously caused rockets to miss targets; cars to kill people, trains to crash