Smarter than debugging of PHP scripts

Introduction or "Detect possible problems BEFORE running"

Today, nobody really questions benefits of using source level debuggers for any language including PHP -- debugger is simply a tool, necessity in everyday programmers work. However, it is interesting to note that code validating tools are much less known and it is those tools that are very valuable addition to debuggers in code development.

Traditionally, in compiled languages, certain parts of code validation (type checking, checking for non-initialized variables) are usually done by compiler, but besides compiler there are also external tools used to conduct this task (for example checkstyle for Java). This article deals with use of those tools during development of PHP applications (we will be using Codenizer).

Basic question that programmer asks herself/himself when introducing one new tool into development process is "What benefit can I expect from using this?". Answer to this question is very simple -- it is dramatic time saver during development, and we all know what that means in today's world of merciless business competition -- more time you save in development of one application faster you can switch to next application, which means more money for you.

Code verification/checking tools are complementary to debuggers -- usual way of using debugger is after encountering program malfunction to better analyze reasons that led to unexpected behavior and in the end to eliminate those reasons (i.e. bugs). On the other hand, code verification tools are used during program development to pinpoint possible problematic locations which could eventually lead to bugs in program.

While debuggers are used to eliminate bugs once they are in the program, code validation tools are used to prevent bugs from appearing in the program in the first place.

Simple example

To better illustrate basic operation of validating tools let's consider this simple PHP script (schedule.php, given with line numbers to be easier to follow):

01: <?php
02:
03: class Schedule {
04:    private $SID;
05:    private $SDate;
06:    private $flights;
07:
08:    // Set methods
09:    function set_SID($SID) {
10:        $this->SID = $SID;
11:    }
12:    function set_SDate($SDate) {
13:        $this->SDate = $SDate;
14:    }
15:    function set_flights($flights) {
16:        $this->flights = $flights;
17:    }
18:
19:    // Get methods
20:    function get_SID() {
21:        return $this->SID;
22:    }
23:    function get_SDate() {
24:        return $this->SDate;
25:    }
26:    function get_flights() {
27:        return $this->fligths;
28:    }
29:    function __construct($sid, $sdate, $flights) {
30:        $this->SID = $sid;
31:        $this->SDate = $sdate;
32:        $flights = split(';', $flights);
33:        $this->flights = array();
34:        for ($i = 0; $i < count($flight); $i++)
35:            $this->flights[] = $i . '. ' . $flight[$i];
36:    }
37: }
38: ?>

After invoking code validation tool (bellow is example screen shot how it looks within Eclipse), we are presented with tool's report:

As we can see in the report are mentioned 3 potentially problematic spots which should be closer inspected by programmer:

'Performance - function called in condition part of loop' in line 34 -- calling function in condition checking part of loop usually impose certain performance penalty (since PHP interpreter usually doesn't optimize it), but it can be avoided by using auxiliary variable -- for example
```
$cnt = count($flight);
for ($i = 0; $i < $cnt; $i++)...
```
'Undeclared property 'fligths' in class 'Schedule'' in line 27 -- this is obviously typo, should be $this->flights;
'Uninitialized variable 'flight'' in line 34 -- another typo, should be count($flights).

We can see that it only took less than a second to detect 2 bugs and 1 performance tip, all without leaving the development environment or starting program. Compared to classical debugging this is real time saver, not to say how difficult could be to trace those errors with debugger especially if class Schedule was part of bigger project. This is however just small fraction of checks that code validation tools usually perform.

Pros and cons of code validation

Like every other technology that is used during development code validation also has its strengths as well as weaknesses. Most of these can be revealed by comparing code validation with debugging in various aspects:

Aspect	Debugging	Code validation
Time of performing	Unpredictable By its very definition debugging is performed when something doesn't work correctly; usually we can't predict exact moment of that happening.	Predictable Code validation tool is invoked after developer's request.
Time consumed	Unpredictable Can be anything from 1 second to months or years.	Short It is time consumed by tool - usually measured in seconds.
Reproducibility	Can be very hard Some bugs can be notoriously hard to reproduce.	Easy Code validation tool gives the same report on every run.
Accuracy	Very accurate When given reproducible bug that is very accurate indication that something is wrong with program, but fixing one bug doesn't guarantee that there are no remaining bugs.	Very accurate Some of problems reported by code validation tools are not real problems; also some real problems can slip unnoticed.

Conclusion

It would be wrong to think of code validation as of some magic that would forever relieve you of using debugger and make you make bug-free code. Code validation can't do that for you, but what it can do is to reduce your time spent debugging program by almost 80% and it can help you spot the problems that could otherwise go unseen for very long time.