Download as PDF, PPTX
![PHP Tokens
token_get_all()
Comments, phpDoc, spaces
Delimiters : ' " () {} [] `
2 tokens out of 3 are ignored
[248] => Array
(
[0] => 382
[1] =>
[2] => 167
)
[249] => Array
(
[0] => 319
[1] => define
[2] => 167
)
[250] => (
[251] => Array
(
[0] => 323
[1] => 'EXT'
[2] => 167
)
[252] => ,
[253] => Array
(
[0] => 382
[1] =>
[2] => 167
)
<?php
//....
define('EXT', '.php');](https://image.slidesharecdn.com/understandingstaticanalysis-phpamsterdam2018-190106111718/85/Understanding-static-analysis-php-amsterdam-2018-8-320.jpg)
![Definitions and usage
Function definition
Parameters
Functioncall
Arguments
Context
foo($a[1])
DEFINITION
function
foo($b)
foo($b)
foo($a)
foo($a)
DEFINITION
DEFINITION
DEFINITION](https://image.slidesharecdn.com/understandingstaticanalysis-phpamsterdam2018-190106111718/85/Understanding-static-analysis-php-amsterdam-2018-20-320.jpg)
![Definitions and usage
Function definition
Parameters
Functioncall
Arguments
Context
foo($a[1])
DEFINITION
function
foo($b)](https://image.slidesharecdn.com/understandingstaticanalysis-phpamsterdam2018-190106111718/85/Understanding-static-analysis-php-amsterdam-2018-21-320.jpg)
Uploaded byDamien Seguy
Understanding static analysis php amsterdam 2018
The document discusses static analysis in PHP, covering its definition, functionality, and benefits. It includes topics such as code review techniques, tokenization, abstract syntax trees, and the identification of PHP extensions and functions. Additionally, it addresses advanced concepts like dead functions and compatibility checks within PHP code.
More Related Content
Similar to Understanding static analysis php amsterdam 2018
Understanding static analysis php amsterdam 2018
- 1. Understanding static analysis AmsterdamPHP 2018,The Netherlands
- 2. Agenda What is staticanalysis How does it work How can you take advantage of it
- 3. Damien Seguy CTO atExakat Static analysis engine for PHP Ik ben een boterham
- 4. Code review Reading onthe IDE Automated code review L'analyse statique, c'est quoi? Manual code review Higher abstraction Simple review Systématic
- 5. Synopsis Convert PHP codeinto data Add more knowledge Query the internal database
- 6. Static analysis Performences Hosting Sécurity Migration 7.3 Tokenization Memory Source Audits
- 7. An extra step Opcodecache Optimization Text file Tokens / syntax Static analysis Execution
- 8. PHP Tokens token_get_all() Comments, phpDoc,spaces Delimiters : ' " () {} [] ` 2 tokens out of 3 are ignored [248] => Array ( [0] => 382 [1] => [2] => 167 ) [249] => Array ( [0] => 319 [1] => define [2] => 167 ) [250] => ( [251] => Array ( [0] => 323 [1] => 'EXT' [2] => 167 ) [252] => , [253] => Array ( [0] => 382 [1] => [2] => 167 ) <?php //.... define('EXT', '.php');
- 9.
- 10. Playing in thetree Spot PHP features Variable, Function, Addition, Multiplication, Ifthen, Return
- 11. Jouons dans l'arbre Parameters,Variables Properties, array variable, object variable, static property name, global variable, static variable Everything is a T_VARIABLE
- 12.
- 13. Local variable counts 0,00 25,00 50,00 75,00 100,00 01 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51
- 14. Play in thetree Local patterns $a = 1 + $b; $a = $a + 1; $z = $a + $b + $d - $b + $e; Assignat ion $a Addition LEFT RIGHT $b RIGHT 1 LEFT Motif Analyse Analyse
- 15. PHP is nota tree Link definitions with usage
- 16. Definitions and usage Functionand functioncalls class X and instantiations define('A') or const A and A or A $variable and their hidden definition
- 17.
- 18.
- 19. Definitions and usage Functiondefinition Parameters Functioncall Arguments Context foo($a) DEFINITION function foo($b) $a = 2 NEXT echo $a Sequence NEXT BLOCK
- 20. Definitions and usage Functiondefinition Parameters Functioncall Arguments Context foo($a[1]) DEFINITION function foo($b) foo($b) foo($a) foo($a) DEFINITION DEFINITION DEFINITION
- 21. Definitions and usage Functiondefinition Parameters Functioncall Arguments Context foo($a[1]) DEFINITION function foo($b)
- 22. What is that? Onefunction call, Multiple definition? function foo($b) DEFINITION foo($a) function foo($b) function foo($b) function foo($b) DEFINITION DEFINITION DEFINITION
- 23.
- 24. Dead Function A functionwithout outgoing DEFINITION function foo($b)
- 25.
- 26.
- 27. Dead Function (Hard) Thelinear propagation of death function foob($b) function fooa($b) DEFINITION
- 28. Dead Function (veryhard) <?php function morte($z) { }
- 29. Dead Function (veryhard) Fonctions récursives function foo($b) foo($a) BLOCK DEFINITION EXPRESSION Sequence
- 30.
- 31. Dead Function (hardest) Recursive,level 2 Recursive, level 3 Recursive, level 4… DEFINITION function foob($b) function fooa($b) DEFINITION
- 32. Dead Function (hardest) Recursive,level 2 Recursive, level 3 Recursive, level 4… DEFINITION function foob($b) function fooa($b) DEFINITION function fooc($b) DEFINITION
- 33. Dead functions No callto the function Function called by dead functions Recursive functions Level 2+ recursive functions
- 34. What fresh hellis that? Call to function without definition ? bar($a)
- 35. Functions without definition PHPextensions Components Higher level of abstraction Components PHP Extensions Code PHP
- 36. Identifying extensions API Functions, constants Classes,interfaces, traits, namespaces Configuration directives Natives extensions, PECL, independent
- 37. Extension usage Removed extensions APC,posix Added extensions AST, libsodium Extension evolution Nouvelle classe, fonctions obsolètes, corrections… APIExt PHP code
- 38.
- 39.
- 40.
- 41.
- 42. Compatibility Check the APIversion Check the correct usage of the API Validate contextual usage : error_reporting(E_ERROR | E_WARNING | E_PARSE)
- 44.
- 45. Beyond the docs Coachyour users Usage stats Compatibility usage Suggestions
- 46.