Code auditing

Static analysis helps migrate to PHP 7

Posted on by dams

Static analysis helps migrate to PHP 7

Static analysis helps migrate to PHP 7
Static analysis helps migrate to PHP 7

Static analysis is the analyze of PHP code without running it. The traditional way to do this is to read the code and understand it. The modern way is to use a static analysis software. Including static analysis as a regular sanity check in your coding process raises dramatically the level of coding, and peace of mind.

Automated review

Static analysis runs on the source code. Give it the source code repository, and it start reviewing PHP immediately. The code is read, turned into a huge graph of tokens, and queried for issues. Then, report is written, either as a text file or a HTML report for further processing.
The automated process does the hard work of searching the code for various situations, characterize it as a bug-prone code or security issue. The work is converted from tedious searching for too rare or too frequent issues to expertise, where issues are validated and fixed. Exakat provides file and line number where the situation happens.

Use expertise

There are over 40 backward incompatibilities listed in the PHP manual when migrating to PHP 7. This is the easiest migration every for PHP. Some incompatibilities are easy target : for example, ‘string’ and ‘boolean’ are now reserved keywords. Any class with such a name has to be renamed.
This is humanely achievable : such classes should be few and easy to find, even manually. Find them and rename them. Although, there are actually a full list of 11 reserved words, more to come in PHP 7.1, and it is easy to forger one of them : one may have doubts about bool or boolean…

Such incompatibilities are hard coded in static analysis. The machine finds them faster and safer than any developer in the code. Since the analysis is coded, it has a complete list of what to find and where. A large proportion of all the warnings mentioned in the PHP manual may be found statically, relieving you from having to check all of that yourself.

Follow technical leaders

Etsy and Badoo moved their numerous servers to PHP 7 over a short amount of time. They reviewed PHP 5.5 legacy applications and got rid of surprises by using static analysis. Static analysis works both inside IDE, such as PHP AE inspections, or as a standalone tool, working directly on code repository, such as exakat. This is convenient when the code has been stable for some times, even legacy, and is not ready on coding stations. Badoo mentions that 90 % of the feedback was indeed fixed, and the rest was false positive.

Test your code in more than one way

Static analysis is a natural complement to Unit Testing. It focuses on the way code is written and logical errors, that will lead to failed test. Unit testing is close to business logic, and needs a testing environment. Unit testing and static analysis works together to bring an exhaustive view of the current situation.

Moreover, static analysis provides a review of the source, targeting files and line of code where issues or specific situation have to be assessed. Most of the time, the fix may be applied directly to the reported line and sometimes, it triggers a larger review, cleaning more code than expected. Once incompatibilities with PHP 7 are removed, then Unit testing will be applied with an excellent level of confidence.

Adopt Static analysis

Test your code today with an external tool. PHP 7 has opened a new field of study, and several static analysis tools are available : try Exakat or find more tools in the list of PHP static analysis tools.

Follow us on Twitter : @exakat.