Top 18 PHP Code Analysis Resources – 2017 Compilation List

As you all knows PHP is one of the most popular server side language and is widely used open source general purpose scripting language that is specially suited for web development and can easily be embedded into HTML.

Today we’ll discuss about the top 19 Code analysis libraries which can be helpful for analysis, parsing and manipulation codebases.

1. PHP Parser A PHP parser written in PHP.

Its purpose is to simplify static code analysis and manipulation. This project is a PHP 5.2 to PHP 7.1 parser written in PHP itself. A parser is useful for static analysis, manipulation of code and basically any other application dealing with code programmatically. A parser constructs an Abstract Syntax Tree (AST) of the code and thus allows dealing with it in an abstract and robust way.

Apart from the parser itself this package also bundles support for some other, related features:

  • Support for pretty printing, which is the act of converting an AST into PHP code. Please note that “pretty printing” does not imply that the output is especially pretty. It’s just how it’s called 😉
  • Support for serializing and unserializing the node tree to XML
  • Support for dumping the node tree in a human readable form (see the section above for an example of how the output looks like)
  • Infrastructure for traversing and changing the AST (node traverser and node visitors)
  • A node visitor for resolving namespaced names

2. PHPPHP A PHP VM implementation in PHP.

This is a basic VM implemented in PHP using the AST generating parser. To use PHPPHP, you need to install all the dependencies first with the help of composer which will fetch the entire PHP source code. You can easily use PHPPHP on both Windows and Linux Operating Systems.

3. PHPSandbox A PHP sandbox environment.

A full-scale PHP 5.4+ sandbox class that utilizes PHP-Parser to prevent sandboxed code from running unsafe code. It also utilizes FunctionParser to disassemble callables passed to the sandbox, so that PHP callables can also be run in sandboxes without first converting them into strings.

Features –

  • Can redefine internal PHP and other functions to make them more secure for sandbox usage.
  • Can redefine superglobals and magic constants to expose your own values to sandboxed code.
  • Can selectively allow and disallow function creation, class declarations, constant definitions, keywords, and much more.
  • Can retrieve the generated sandbox code for later usage.
  • Can access the parsed, prepared and generated code ASTs for further analysis or for serialization.
  • Can specify a custom error handler to intercept PHP errors and handle them with custom logic.
  • Can specify a validation error handler to intercept thrown validation errors and handle them with custom logic.
  • Can intercept callbacks and validate them against function white lists and blacklists, even if they are called as strings

4. Dissect A set of tools for lexical and syntactical analysis.

Dissect is a set of tools for lexical and syntactical analysis written in pure PHP. There are basically two classes for lexical analysis in Dissect, SimpleLexer and StatefulLexer.

5. PHP Mess Detector A library that scans code for bugs, sub-optimal code, unused parameters and more.

This is the project site of PHPMD. It is a spin-off project of PHP Depend and aims to be a PHP equivalent of the well known Java tool PMD. PHPMD can be seen as an user friendly and easy to configure frontend for the raw metrics measured by PHP Depend.

It takes a given PHP source code base and look for several potential problems within that source. These problems can be things like:

  • Possible bugs
  • Sub optimal code
  • Over complicated expressions
  • Unused parameters, methods, properties

PHPMD is a young project and so it only provides a limited set of pre defined rules, compared with its brother PMD, that detect code smells and possible errors within the analyzed source code.

6. PHP Code Sniffer A library that detects PHP, CSS and JS coding standard violations.

PHP CodeSniffer is a set of two PHP scripts; the main phpcs script that tokenizes PHP, JavaScript and CSS files to detect violations of a defined coding standard, and a second phpcbf script to automatically correct coding standard violations. PHP CodeSniffer is an essential development tool that ensures your code remains clean and consistent.

PHP CodeSniffer requires PHP version 5.4.0 or greater, although individual sniffs may have additional requirements such as external applications and scripts.

7. PHPCPD PHP Copy/Paste Detector is a library that detects copied and pasted code.

The easiest way to obtain PHPCPD is to download a PHP Archive (PHAR) that has all required dependencies of PHPCPD bundled in a single file.

8. PHP Analyzer A library for analysing PHP code to find bugs and errors.

PHP Analyzer performs the same analyses that a compiler would like for example type inference or other flow analyses, ensuring that every line of code and every potential execution path are tested.

They use multiple techniques to ensure deep, accurate analysis including:

  • Interprodecural Dataflow Analysis identifies problems that cross method, function, class, or even package boundaries compared to simple style violations, or superficial feature usage detections of other tools.
  • Reverse Abstract Interpretation helps us dramatically improve accuracy and prune infeasible paths from the analysis.
  • Design Pattern Intelligence understands different design idioms of PHP code, and integrates them into the analysis.
  • Framework Intelligence incorporates knowledge of different PHP frameworks such as Symfony2, or Laravel providing us with an even deeper understanding of modern web applications, and highly specialized results.

9. PHP CS Fixer A coding standard fixer library.

The PHP Coding Standards Fixer tool fixes most issues in your code when you want to follow the PHP coding standards as defined in the PSR-1 and PSR-2 documents and many more. The only condition to use PHP CS Fixer is that your PHP version must be of minimum 5.3.6.

10. PHP Manipulator A helper library for analysing and modifying PHP Source Code.

PHP Manipulator can easily be installed via composer. There are two representations of your source code that this library uses. The first one is the token stream. This library internally uses token_get_all, and adds an object oriented abstraction on top of it. Also, it performs some transformations on the original tokens to make them more suitable for analysis.

The second representation is the abstract syntax tree. It is a higher level abstraction than the token stream; usually not suitable for modifying the source code, but very useful for analysis.

11. PHP Refactoring Browser A command line utility for refactoring PHP code.

Automatic Refactorings for PHP Code by generating diffs that describe the refactorings steps. To prevent simple mistakes during refactorings, an automated tool is always great.

Based on some data, the Refactoring Browser consists of three distinct components:

  • Patches allows to build patches based on change operations on a file.
  • Refactoring contains the actual Refactoring domain and adapters to third party libraries.
  • Collections adds some collection semantics on top of PHP arrays. Currently contains a Set type.

12. UBench A simple micro benchmark library.

Ubench is a micro library for benchmarking your PHP code. It monitors execution time and memory usage. It would be a good idea to run all checks while developing.

13. Athletic An annotation based benchmark framework.

Athletic is another benchmarking framework. It allows developers to benchmark their code without littering microtime() calls everywhere.

Athletic was inspired by the annotation format that PHPUnit uses. Benchmark tests extend the AthleticEvent class and are annotated with specific docblock parameters. The benchmark suite is then run with the Athletic command-line tool. Athletic is not currently being maintained, so it may have bugs or other problems.

14. Mondrian A code analysis tool using Graph Theory.

It is a set of CLI tools to help you to analyse and refactor highly coupled classes. As you know Law of Demeter and S.O.L.I.D guidances, you need your classes loosely coupled. And for this, there is one only rule : ABSTRACTION. This app provides some helpers to add abstraction into concrete classes with minimum pain.

You can easily add plugins to this tool to make your own algorithm, coloring scheme or new generator.

15. PHP Debug Bar A debugging toolbar.

The DebugBar integrates easily in any projects and can display profiling data from any part of your application. It comes built-in with data collectors for standard PHP features and popular projects.

The DebugBar has mainly two parts: the main DebugBar object with data collectors and the renderer. Data collectors are objects collecting a specific set of data. To makes things easy, the StandardDebugBar has all the built-in collectors activated.


  • Generic debug bar with no other dependencies
  • Easy to integrate with any project
  • Clean, fast and easy to use interface
  • Handles AJAX request
  • Includes generic data collectors and collectors for well known libraries
  • The client side bar is 100% coded in javascript
  • Easily create your own collectors and their associated view in the bar
  • Save and re-open previous requests

16. PHP Console A web debugging console.

Creating a test file or using php’s interactive mode can be a bit cumbersome to try random php snippets. This allows you to run small bits of code easily right from your browser.

It is secure since accessible only from the local host, and very easy to setup and use.

17. Barbushin PHP Console Another web debugging console using Google Chrome.

PHP Console allows you to handle PHP errors & exceptions, dump variables, execute PHP code remotely and many other things using Google Chrome extension PHP Console and PhpConsole server library.

The only requirement to use Barbushin PHP Console is that your PHP must be 5.3 or later version and PHP Console extension must be installed on Google Chrome.

18. Scrutinizer A web tool to scrutinise PHP code.

Scrutinizer is a continuous inspection platform helping you to write better software. Code quality management is always a continuous process – unfortunately, it cannot be done once and forgotten about. Scrutinizer takes the pain away and helps you make code quality management part of your development workflow which makes your developers happy and your customers even happier.

Scrutinizer’s rating system works very well with legacy code bases. As Scrutinizer continuously inspects your project, it will automatically learn the parts of your code which are under active development and increase their weighting in your average score. No need to change stable code just to make the tool happy!

Step by step hacking tutorials about wireless cracking, kali linux, metasploit, ethical hacking, seo tips and tricks, malware analysis and scanning.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × 4 =