Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Fast (C++) static analyzer for PHP
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
3rdparty fix linux build
base add in more base php libs (from netbeans)
cmake/modules README updates. fixes for llvm-3.1, 3.2 support and no linking of boo…
corvus rework parse errors into diagnostics
frontend switch to a general logger in source manager, add pConfig rootDir
test switch to pSourceRange only, and fix support for catch nodes so that …
README README updates. fixes for llvm-3.1, 3.2 support and no linking of boo…
TODO add initial table indexes. multiple decl fixes, including correct arr…


= Corvus PHP Static Analyzer =

This is a fast (C++ based) PHP static analyzer with few dependencies.
Its purpose is to catch programming errors by statically analyzing the
source code (without running it).

It's meant to be a first, automated code review, generally by being run in
a continuous integration system or even before allowing code to be checked into
a repository.

== Requires ==

 * [ LLVM] 3.1+ (llvm-3.[123]-dev)
 * [ Boost] 1.38+ (libboost-dev)
 * [ CMake] 2.6+ (cmake)
 * [ SQLite] 3.7+ (libsqlite3-dev)

 Corvus is tested on Linux (Ubuntu) and OSX.

== Source ==

Browse the source at:

== Build ==

corvus uses the CMake build system. Basic *nix instructions:

 * ensure dependencies are installed (see Requires above)
 * create "build" directory inside of corvus/
 * in the build directory, type "cmake .."
 * make
 * make check

the corvus binary is located in build/frontend/corvus. there is no "make install" yet.

== Status ==

corvus can currently:

 * parse (most) php <= 5.3
 * dump tokens
 * dump AST in XML format
 * parse directories for source code by extension
 * handle include directories
 * build a model based on all source, cache it to a database
 * read YAML based config files
 * be used as a library (callable from e.g. an IDE or commandline tool)
 * resolve namespaces properly
 * provide a visual graph of the class hierarchy (DOT format)
 * report diagnostics on:

 1. in a function signature, using a parameter without a default after a parameter with one e.g. foo($bar, $baz='foo', $bip)
 2. function calls with the wrong number of arguments
 3. calls to nonexistent functions/methods
 4. use of undefined constants (from define() or class constants), or class constant from undefined class
 5. functions defined more than once
 6. unresolved classes in 'extends' or 'implements'


 * 5.4/5.5 source compatibility
 * many more diagnostics, configurable (see TODO)
 * asynchronous parsing
Something went wrong with that request. Please try again.