Quality Assurance Tools for PHP

Sebastian Bergmann » 15 March 2009 » in Articles » 21 Comments

Map of PHP QA Tools

The map above contains the following tools that are useful for quality assurance in PHP projects:

  • PHP_CodeSniffer tokenises PHP, JavaScript and CSS files and detects violations of a defined set of coding standards.
  • phpmd scans PHP source code and looks for potential problems such as possible bugs, suboptimal code or overcomplicated expressions.
  • phpcpd is a Copy/Paste Detector (CPD) for PHP code.
  • PHP_Depend is a PHP software metrics tool.
  • PHPUnit is the de-facto standard unit test framework for PHP.

Build Automation is the act of scripting or automating a wide variety of tasks that a software developer will do in their day-to-day activities, including tasks that involve the tools listed above.

Apache Ant is a Java-based build tool that is similar to make, but without make's wrinkles. Its build files are XML-based, calling out a target tree where various tasks get executed.

The listing below shows an Apache Ant build file for a project named Money.

<project name="Money" default="build">
 <target name="clean">
  <delete dir="${basedir}/build"/>
 </target>

 <target name="prepare">
  <mkdir dir="${basedir}/build/logs"/>
 </target>

 <target name="phpcs">
  <exec dir="${basedir}"
        executable="phpcs"
        output="${basedir}/build/logs/checkstyle.xml"
        failonerror="false">
   <arg line="--report=checkstyle ."/>
  </exec>
 </target>

 <target name="phpmd">
  <exec dir="${basedir}"
        executable="phpmd"
        failonerror="false">
   <arg line=". xml codesize
              --reportfile ${basedir}/build/logs/pmd.xml"/>
  </exec>
 </target>

 <target name="phpcpd">
  <exec dir="${basedir}"
        executable="phpcpd"
        failonerror="false">
   <arg line="--log-pmd=${basedir}/build/logs/pmd-cpd.xml ."/>
  </exec>
 </target>

 <target name="pdepend">
  <exec dir="${basedir}"
        executable="pdepend"
        failonerror="false">
   <arg line="--jdepend-xml=${basedir}/build/logs/jdepend.xml ."/>
  </exec>
 </target>

 <target name="phpunit">
  <exec dir="${basedir}"
        executable="phpunit"
        failonerror="true">
   <arg line="--log-xml         ${basedir}/build/logs/junit.xml
              --coverage-clover ${basedir}/build/logs/clover.xml
              MoneyTest"/>
  </exec>
 </target>

 <target name="build"
         depends="clean,prepare,phpcs,phpmd,phpcpd,pdepend,phpunit"/>
</project>

The main target, build, depends on the targets that

  1. Delete the build directory, if it exists.
  2. Prepare the build directory, if it does not exist.
  3. Run PHP_CodeSniffer on the project's sourcecode and write a logfile in Checkstyle XML format.
  4. Run phpmd on the project's sourcecode and write a logfile in PMD XML format.
  5. Run phpcpd on the project's sourcecode and write a logfile in PMD-CPD XML format.
  6. Run PHP_Depend on the project's sourcecode and write a logfile in JDepend XML format.
  7. Run the project's tests using PHPUnit and write logfiles in JUnit XML and Clover XML format.

Below is the output for invoking Apache Ant in the project directory:

sb@ubuntu Money % ant
Buildfile: build.xml

clean:
   [delete] Deleting directory /home/sb/Money/build

prepare:
    [mkdir] Created dir: /home/sb/Money/build/logs

phpcs:

phpmd:

phpcpd:
     [exec] phpcpd 1.1.0 by Sebastian Bergmann.
     [exec] 
     [exec] 0.00% duplicated lines out of 722 total lines of code.

pdepend:
     [exec] PHP_Depend 0.9.4 by Manuel Pichler
     [exec] 
     [exec] Executing Dependency-Analyzer:
     [exec]                                                                 16
     [exec] 
     [exec] Generating pdepend log files, this may take a moment.

phpunit:
     [exec] PHPUnit 3.4.0 by Sebastian Bergmann.
     [exec] 
     [exec] ......................
     [exec] 
     [exec] Time: 0 seconds
     [exec] 
     [exec] OK (22 tests, 34 assertions)
     [exec] 
     [exec] Writing code coverage data to XML file, this may take a moment.

build:

BUILD SUCCESSFUL
Total time: 4 seconds

The generated logfiles can be processed by CruiseControl because it already knows the XML formats used. phpUnderControl is a customization of CruiseControl that caters to the needs of PHP projects and makes a lot of things easier.

Sonar enables to collect, analyze and report metrics on source code. It not only offers consolidated reporting on and across projects throughout time, but it becomes the central place to manage code quality. The developers of Sonar are working on out-of-the-box support for PHP projects.

Defined tags for this entry:

Trackback specific URI for this entry

21 Comments to "Quality Assurance Tools for PHP"

Display comments as (Linear | Threaded)
  1. hoschi
    15/03/2009 at 09:59 Permalink
    the first link to phpmd is dead :( I thought this part is covered by phpunit which can also generate pmd metric infos?!

    Can you talk a bit more about the differences between sonar and phpuc?

    best regards, stefan

    Reply

  2. Sebastian Bergmann
    15/03/2009 at 10:39 Permalink
    phpmd has no website yet, it will be at phpmd.org.

    Reply

  3. Dalibor Karlovic
    15/03/2009 at 10:18 Permalink
    Sonar is an alternative to CruiseControl? How do they compare to one another?

    Reply

  4. Sebastian Bergmann
    15/03/2009 at 10:40 Permalink
    Sonar is not a continuous integration software, it provides a software metrics dashboard that can be used with one.

    Reply

  5. Manuel Pichler
    15/03/2009 at 11:50 Permalink
    Sonar provides out-of-the-box a really excellent set of metric reports to get a general idea of the quality of a software project. Additionally it provides the so called time-machine, an chart engine to create custom line-charts from various metrics.

    Reply

  6. Noel Darlow
    15/03/2009 at 14:16 Permalink
    As well as the "de facto standard" (?) phpunit, readers ought to consider SimpleTest. Testing doesn't really catch fire unless you're using test driven design (write a little test then write a little code to make the test pass, etc). The biggest strength of SimpleTest is the test-infected culture surrounding it. Anyone interested will get lots of good advice on the mailing list from some very talented and helpful programmers.

    Reply

  7. Herman Radtke
    15/03/2009 at 18:41 Permalink
    Hopefully the Phing project will start to pick back up so we can use a complete PHP toolset.

    Reply

  8. Daniel K. Theemann
    15/03/2009 at 20:04 Permalink
    Hi Sebastian,

    When you talk about QA tools in PHP projects, then I see Selenium as one. Since you not included it in your list of tools, I would like to know why?

    Reply

  9. Sebastian Bergmann
    15/03/2009 at 22:33 Permalink
    Selenium is missing in the map as I usually run my Selenium tests through PHPUnit. I shall update the map accordingly.

    Reply

  10. Freddy Mallet
    15/03/2009 at 21:44 Permalink
    Hi Sebastian, I've planned to use PMD-CPD library from Sonar to search for duplicated lines on PHP sources. If PHPCPD generates the same report, it won't be a big deal to switch to PHPCPD. Do you use a similar algorithm ? The birth of PHPMD is also a good news !

    Reply

  11. Sebastian Bergmann
    15/03/2009 at 22:32 Permalink
    phpcpd operates on the token-level, I don't think that the PMD-CPD library in Sonar can do that for PHP source code.

    Reply

  12. Freddy Mallet
    16/03/2009 at 23:50 Permalink
    I confirm that PMD-CPD operates on the token-level. In the source code of this tool, you can even find a PHPTokenizer class and if you launch the PMP-CPD java web start, you can already analyse PHP code.

    Reply

  13. Sebastian Bergmann
    18/03/2009 at 07:34 Permalink
    Interesting. I trust an implementation that uses PHP's own tokenizer more, though.

    Reply

  14. Roderik
    17/03/2009 at 07:39 Permalink
    I've been programming php for years but in the last four i've been working in java at work. I'm still maintaining older large php projects and i've been having difficulties with keeping then running. Changing something in one place, breaks another etc. This happens mostly with methods that change. In java i would just get compile errors, are there tools that can detect these issues? I realy don't want to start creatingunit-testing all those lines of code...

    Reply

  15. senjy
    17/03/2009 at 10:17 Permalink
    is it possible to have the same things with hudson ?

    Reply

  16. Sebastian Bergmann
    17/03/2009 at 10:20 Permalink
    I do not see why it would not be possible with Hudson. I have only tried it with CruiseControl, phpUnderControl, and Atlassian Bamboo so far.

    Reply

  17. Ladislav Prskavec
    18/03/2009 at 13:12 Permalink
    I use Hudson for phpunit, pmd, checkstyle and cpd. http://toptopic.wordpress.com/2009/02/26/php-and-hudson/

    Reply

  18. Chris Graham
    17/03/2009 at 13:28 Permalink
    In our company (we write some open source CMS software called ocPortal) we developed and use:
    - a custom version of PHP that is statically typed, performs various other checks, and picks up on possible XSS vulnerabilities
    - a custom lint-like tool ('Code quality checker').
    to enforce our coding standards.
    We don't develop these tools for other people really (they're tailored to our own needs), but anybody interested can see our approach and get the tools/code from http://ocportal.com/docs/codebook.pdf

    We're pretty o.c. about things, and frankly some of our coding standards would drive other coders insane - but I find our approach works very well and let's us catch quite a few classes of bugs early on.

    Reply

  19. Ángel C. Lázaro
    04/11/2009 at 19:33 Permalink
    Hi all,

    I´m using pdepend, but i don´t know what is the meaning of jdepend graph, i´ve try to know in the users@pdepend.org list whitout any result. Any idea?

    Thanks a lot.

    Best regards.

    Reply

  20. Ángel C. Lázaro
    05/11/2009 at 10:47 Permalink
    Hi,

    I´ve found the requested information in Manuel Pichler´s blog, but i can´t write the links in the comment.

    Best regards.

    Reply

  21. Kirill
    12/05/2010 at 07:09 Permalink
    Hi all

    Does anybody had problems with phpcpd? I got all above tools working great together with PHPUndercontrol, the only problem is phpcpd. Task is executed during build process, I got logs/pmd-cpd.xml report, but it is not shown by Cruisecontrol/PHPUndercontrol :(
    Can you give me hint on what can be wrong ?

    P.S. I'm using all latest version from PEAR, for example phpundercontrol is 0.5.1

    Reply

2 Trackbacks to "Quality Assurance Tools for PHP"

  1. D-Down is coding 17/03/2009 at 09:11
    Sebastian Bergmann hat auf seinem Blog eine Zusammenstellung nützlicher QA-Tools für PHP-Entwickler veröffentlicht. Vorgestellt werden hier Tools wie: PHP_CodeSniffer phpmd phpcpd PHP_Depend PHPUnit Zudem wird ein kleines Beispiel von einer Bu
  2. Murugan Krishnamoorthy's Blog 24/03/2009 at 19:39
    PHP_CodeSniffer tokenises PHP, JavaScript and CSS files and detects violations of a defined set of coding standards. phpmd scans PHP source code and looks for potential problems such as possible bugs, suboptimal code or overcomplicated expressions. ...

Add Comment


To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Submitted comments will be subject to moderation before being displayed.