/corvus

Fast (C++) static analyzer for PHP

Primary LanguagePHPMozilla Public License 2.0MPL-2.0

= Corvus PHP Static Analyzer =

This is a fast (C++ based) PHP static analyzer with few dependencies.
Its purpose is to catch programming errors by statically analyzing the
source code (without running it).

It's meant to be a first, automated code review, generally by being run in
a continuous integration system or even before allowing code to be checked into
a repository.

== Requires ==

 * [http://llvm.org LLVM] 3.1+ (llvm-3.[123]-dev)
 * [http://boost.org Boost] 1.38+ (libboost-dev)
 * [http://cmake.org CMake] 2.6+ (cmake)
 * [http://sqlite.org SQLite] 3.7+ (libsqlite3-dev)

 Corvus is tested on Linux (Ubuntu) and OSX.

== Source ==

Browse the source at:
https://github.com/weyrick/corvus

== Build ==

corvus uses the CMake build system. Basic *nix instructions:

 * ensure dependencies are installed (see Requires above)
 * create "build" directory inside of corvus/
 * in the build directory, type "cmake .."
 * make
 * make check

the corvus binary is located in build/frontend/corvus. there is no "make install" yet.

== Status ==

corvus can currently:

 * parse (most) php <= 5.3
 * dump tokens
 * dump AST in XML format
 * parse directories for source code by extension
 * handle include directories
 * build a model based on all source, cache it to a database
 * read YAML based config files
 * be used as a library (callable from e.g. an IDE or commandline tool)
 * resolve namespaces properly
 * provide a visual graph of the class hierarchy (DOT format)
 * report diagnostics on:

 1. in a function signature, using a parameter without a default after a parameter with one e.g. foo($bar, $baz='foo', $bip)
 2. function calls with the wrong number of arguments
 3. calls to nonexistent functions/methods
 4. use of undefined constants (from define() or class constants), or class constant from undefined class
 5. functions defined more than once
 6. unresolved classes in 'extends' or 'implements'

planned:

 * 5.4/5.5 source compatibility
 * many more diagnostics, configurable (see TODO)
 * asynchronous parsing