Created by James Hurrell, last modified on Feb 18, 2020
This documentation is not maintained. Please refer to doc.castsoftware.com/technologies to find the latest updates.

Although this extension is officially supported by CAST, please note that it has been developed within the technical constraints of the CAST Universal Analyzer technology and to some extent adapted to meet specific customer needs. Therefore the extension may not address all of the coding techniques and patterns that exist for the target technology and may not produce the same level of analysis and precision regarding e.g. quality measurement and/or function point counts that are typically produced by other CAST AIP analyzers.

What's new?

PHP 1.3.2

Bug Fixing

PHP 1.3.1

Quality Rule description changes

The following Quality Rules have had minor updates to their descriptions:

  • Avoid using regular expressions - 1007188 (was missing the "(PHP)" suffix)

  • Use Increment/decrement operators where possible - 1007028 (was missing the "(PHP)" suffix)

  • Avoid artifacts having recursive calls (PHP) - 1007242 ("Total" description is mentioned as "Number of methods" only but it should be "Number of methods and functions")

  • Avoid direct definition of JavaScript Functions in a Web page (PHP) - 1007014 (the word "script" has been replaced with JavaScript)
  • Avoid having Files without a naming convention (PHP) - 1007072 - minor update to the "Output" and "Total" fields in the description:
    • Output: "This report lists all the files analysed that do not follow naming convention. The files considered for this QR are listed under heading "Source code requirements" in "Analysis Configuration" page. This QR provides the following information: File full name." - the list of file types referred to by this description is listed here.)

Bug Fixing

PHP 1.3.0

Log improvements for the PHP Preprocessor and PHP Code Sniffer

  • Improvements have been introduced with regard to the log files that are produced during an analysis of PHP code with the extension. Specifically, the logs produced by the PHP Preprocessor and PHP Code Sniffer have been improved in this release of the extension. You can find out more information in PHP 1.3 - Analysis Configuration.

<unnamed> objects

  • A fix has been implemented (see PHP 1.3 - Bug Fix List) to improve the resolution of PHP objects. Objects that were previously resolved as "<unamed>" (for example: phpMethod.<unnamed>) in the analysis results, should now be resolved. An exception is for PHP code that uses the heredoc syntax, which is currently unsupported.

Auto import of CAST Transaction Configuration Center (TCC) setup

  • In previous releases of the extension, a TCCSetup file was shipped with the extension which could be manually imported into the CAST Transaction Configuration Center (TCC) to provide a pre-defined set of PHP Transaction Entry Points under "Free Definition". If you are using the PHP ≥ 1.3.x extension with CAST AIP ≥ 8.3.x, then this Entry Point configuration specifically for PHP is now automatically imported when the extension is installed. See PHP 1.3 - Download and installation for more information.

Bug Fixing

Changes in results post upgrade

Below is a list of changes made to the Quality Model in the current release of the PHP extension that are known to cause impacts to results.

PHP 1.3.1

PHP-916 - Avoid unreferenced Interfaces (PHP) - 1007062

A bug has been discovered that causes the Quality Rule to report false violations for unreferenced interfaces, when the interfaces are correctly referenced in the source code. This bug has now been fixed, therefore after an upgrade to PHP 1.3.1 and the generation of a post upgrade snapshot on the same source code, results may differ: there will be an decrease in the number of violations reported, improving accuracy.

PHP 1.3.0

  • Avoid using include_once: A bug (PHP-625) has been discovered that causes the Quality Rule to not report violations when CAST AIP schemas are installed on an Oracle Server . This bug has now been fixed, therefore after an upgrade to PHP 1.3.0 and the generation of a post upgrade snapshot on the same source code, results may differ: there will be an increase in the number of violations reported, improving accuracy.
  • All Quality Rules that depend on the PHP CodeSniffer: A bug (PHP-610) has been discovered that causes ALL the Quality Rules that depend on the PHP Code Sniffer (see the list here) to not report violations. This bug has now been fixed, therefore after an upgrade to PHP 1.3.0 and the generation of a post upgrade snapshot on the same source code, results may differ: there will be an increase in the number of violations reported, improving accuracy.
  • Avoid using variable without testing them for initialisation: A bug (PHP-609) has been discovered that causes the Quality Rule to not report violations in PHP Constructor objects. This bug has now been fixed, therefore after an upgrade to PHP 1.3.0 and the generation of a post upgrade snapshot on the same source code, results may differ: there will be an increase in the number of violations reported, improving accuracy.
  • Avoid using print function:
    • A bug (PHP-608) has been discovered that causes the Quality Rule to not report violations in PHP Constructor objects. This bug has now been fixed, therefore after an upgrade to PHP 1.3.0 and the generation of a post upgrade snapshot on the same source code, results may differ: there will be an increase in the number of violations reported, improving accuracy.
    • A bug (PHP-605) has been discovered that causes the Quality Rule to report false positive violations in PHP strings. This bug has now been fixed, therefore after an upgrade to PHP 1.3.0 and the generation of a post upgrade snapshot on the same source code, results may differ: there will be a decrease in the number of violations reported, improving accuracy.
    • A bug (PHP-602) has been discovered that causes the Quality Rule to report violations only on PHP Section objects. This bug has now been fixed, therefore after an upgrade to PHP 1.3.0 and the generation of a post upgrade snapshot on the same source code, results may differ: violations will be reported on the correct object type, improving accuracy.
  • Avoid using variable without testing them for initialisation:
    • A bug (PHP-604) has been discovered that causes the Quality Rule to report false positive violations in PHP strings. This bug has now been fixed, therefore after an upgrade to PHP 1.3.0 and the generation of a post upgrade snapshot on the same source code, results may differ: there will be a decrease in the number of violations reported, improving accuracy.
    • A bug (PHP-603) has been discovered that causes the Quality Rule to report violations only on PHP Section objects. This bug has now been fixed, therefore after an upgrade to PHP 1.3.0 and the generation of a post upgrade snapshot on the same source code, results may differ: violations will be reported on the correct object type, improving accuracy.
  • Avoid artifacts with recursive calls: A bug (PHP-577) has been discovered that causes the Quality Rule to not report violations on objects containing recursive calls (false negative results). This bug has now been fixed, therefore after an upgrade to PHP 1.3.0 and the generation of a post upgrade snapshot on the same source code, results may differ: violations will be reported, improving accuracy.

Function Point, Quality and Sizing support

This extension provides the following support:

  • Function Points (transactions): a green tick indicates that OMG Function Point counting and Transaction Risk Index are supported
  • Quality and Sizing: a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points
(transactions)		Quality and Sizing
(tick)(tick)

Prerequisites to using the extension

PrerequisitesDescriptionNotes
Java JREThe extension requires a Java JRE to be installed on the machine: only Java JRE 1.7 is currently supported. This is used by the pre-processor. See PHP 1.3 - Analysis Configuration.

Note that these prerequisites are only applicable in the following circumstances:

  • If you are using version  1.2.0 of the PHP extension AND CAST AIP  8.2.0

Therefore, if you are using CAST AIP  8.2.1, you don't need to set a JAVA_HOME. The PHP extension will use the JRE provided with CAST AIP and located in the installation folder.

 

JAVA_HOME environment variable

The extension requires that a JAVA_HOME system environment variable is also present on the machine, pointing to the Java JRE installation folder:


PHP / PHP Code Sniffer / PHPMD

The extension requires the installation of three third party items:

  • PHP
  • PHP Code Sniffer
  • PHPMD

These items are provided with the extension, however, they must be installed manually as described in PHP 1.3 - Analysis Configuration.

N/A

CAST AIP compatibility

CAST recommends that you always install the latest release of an extension.

7.3.48.0.x8.1.x8.2.x
(tick)(tick)(tick)(tick)

Supported DBMS servers

DBMSSupported?
CSS(tick)
Oracle(tick)
Microsoft SQL Server(error)

Supported Versions of PHP

This version of the PHP extension provides partial support for the following PHP versions:

  • 5.x

Licence Agreements

In order to provide a better solution and therefore increase the number of quality rules, the PHP configuration uses other external tools, such as:

PHP_CodeSniffer

More information about this tool is available here: http://pear.php.net/package/PHP_CodeSniffer

Version

CAST ships version 2.5.0 of the PHP_CodeSniffer.

License

The licence agreement for the PHP_CodeSniffer tool is available here:

and is detailed below:

Copyright (c) 2012, Squiz Pty Ltd (ABN 77 084 670 600)
All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  • Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  • Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  • Neither the name of Squiz Pty Ltd nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Quality Rules calculated by the PHP Code Sniffer tool

1007022Avoid FOR loops which can be simplified to a WHILE loop (PHP)
1007024Avoid incrementer jumbling in loops (PHP)
1007026Avoid using identical type operators rather than EQUAL operators (PHP)
1007028Avoid using increment/decrement operator (PHP)
1007030Avoid using empty statement (PHP)
1007032Avoid empty class definition (PHP)
1007034Avoid empty style definition (PHP)
1007036Avoid classes having too many children (PHP)
1007038Avoid classes having too many dependencies (PHP)
1007040Avoid classes having too many parents (PHP)
1007046Avoid Classes and Interfaces with a High Depth of Inheritance Tree (PHP)
1007056Avoid unnecessary final modifiers inside final Classes (PHP)
1007058Avoid unused Function parameters (PHP)
1007080Avoid Classes not having the same name as the file  (PHP)
1007084Avoid uppercase keywords for control structures in Sections(PHP)
1007086Avoid uppercase keywords for control structures in Functions and Methods(PHP)
1007088Avoid having variable with a too short name (PHP)
1007090Avoid having variable with a too long  name (PHP)
1007096Avoid ELSEIF statements. ELSE and IF should be separate (PHP)
1007116Avoid Methods with Object Instantiation in loops (PHP)
1007124Avoid empty catch blocks (PHP)
1007126Avoid Functions throwing exceptions and not having a @Throws tag (PHP)
1007128Avoid classes exceeding maximum length (PHP)
1007130Avoid methods having too many  parameters (PHP)
1007132Avoid methods having lenght exceeding the maximum (PHP)
1007134Avoid  classes with too many fields (PHP)
1007136Avoid classes with too many methods (PHP)
1007138Avoid classes having a  number of public methods and attributs exceeds maximum (PHP)
1007140Avoid having unused variables (PHP)
1007142Avoid unused private fields (PHP)
1007144Avoid unused private  methods (PHP)
1007146Avoid classes exceeding number of weighted methods (PHP)
1007148Avoid unconditional IF and ELSEIF statements (PHP)
1007150Avoid useless overriding Methods (PHP)
1007152Avoid unassigned default values in Functions (PHP)
1007156Avoid using a goto statements (PHP)
1007158Avoid using eval expressions (PHP)
1007160Avoid using exit expressions (PHP)
1007212Avoid having variables without naming conventions (PHP)
1007226Avoid having For-loops that use a function call in the test expression (PHP)
1007228Avoid having control structures without proper spacing in the open and close brace - PSR2 (PHP)
1007230Avoid Having control structures without proper switch case declarations (PSR2) (PHP)
1007232Avoid having variables passed by reference when calling a function (PHP)
1007234Avoid having inline control statements (PHP)
1007236Avoid having multiple classes defined in a single file - Symfony STD (PHP)
1007238Avoid having class methods without scope modifiers - Symfony STD (PHP)
1007240Avoid having object not instantiated using parenthesis - Symfony STD (PHP)

PHPMD

More information about this tool is available here: http://phpmd.org/

The licence agreement for the PHPMD tool is available available in the file "LICENSE.txt" delivered in the source folder of the tool and is detailed below:

Copyright (c) 2009-2011, Manuel Pichler <mapi@phpmd.org>.
All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  • Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  • Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  • Neither the name of Manuel Pichler nor the names of his contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

PHP Depend

More information about this tool is available here: http://pdepend.org/

The licence agreement for the PHP Depend tool is available in the file "LICENSE.txt" delivered in the source folder of the tool and is detailed below:

Copyright (c) 2008-2012, Manuel Pichler <mapi@pdepend.org>.
All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  • Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
  • Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  • Neither the name of Manuel Pichler nor the names of his contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Documentation of PHP Quality Rules and Metrics

Documentation of all CAST Metrics and Quality Rules specific to the PHP extension is delivered via a compiled HTML Help file (CHM). Please ensure that once the CHM has been downloaded you right-click on the CHM file in Windows Explorer and choose Properties > Unblock. This will ensure that the CHM is readable on your own PC:

VersionCHM
1.2.x - 1.3.xmetrics_PHP_1-2-0.chm
1.3.1 +metrics_PHP_1-3-1.chm