PHP Analyzer

This documentation refers to Scrutinizer's legacy PHP analysis. If you are still using this, consider migrating to our new PHP analysis engine.


PHP Analyzer performs the same analyses that a compiler would like for example type inference or other flow analyses, ensuring that every line of code and every potential execution path are tested. We use multiple techniques to ensure deep, accurate analysis including:

  • Interprodecural Dataflow Analysis identifies problems that cross method, function, class, or even package boundaries compared to simple style violations, or superficial feature usage detections of other tools.
  • Reverse Abstract Interpretation helps us dramatically improve accuracy and prune infeasible paths from the analysis.
  • Design Pattern Intelligence understands different design idioms of PHP code, and integrates them into the analysis.
  • Framework Intelligence incorporates knowledge of different PHP frameworks such as Symfony2, or Laravel providing us with an even deeper understanding of modern web applications, and highly specialized results.

Check the following guides to get the most out of PHP Analyzer:

Selected Checks

  • Request Data Validation to make sure no raw request data is passed to sensitive functions
  • Call Verification of methods, and functions
  • Property Validation when writing, or reading from properties
  • Access Visibility Verification of properties, and methods
  • Deprecation Checks of method calls, class usages, properties and functions
  • Variable Existence Verification to make sure all used variables are defined
  • Variable Path Verification checks variables are available for all executions paths
  • Deadlock Detection to ensure background processes can terminate
  • Reachability Detection to ensure all your code paths are reachable
  • ... and many more