Phantm

Phantm is a tool written in Scala that can be used to detect potential programming errors inside PHP applications

Prof. Viktor Kuncak ~ Project Website

What is phantm?

Phantm is a tool written in Scala that can be used to detect potential programming errors inside PHP applications. It will both work for small isolated script as well as full-blown applications. Phantm stands for “PHp ANalyzer for Type Mistakes”.

What does it do?

phantm does multiple things: it first parses your PHP files, then try to resolve both constants and included files, from that point it will do name analysis, ensuring basic language restrictions. From that stage, it will perform data-flow analysis for every scopes in your applications. This data-flow analysis will be focused on checking whether the types of the values are used in a sound way.

How does it do that?

First, a stronger type system have to be used. For instance, not all type juggling should be allowed, since some of them are most of the time a manifestation of a type error. By default, phantm will be picky and report nearly all implicit type conversions. With those rules in place, it will look at the uses of your multiple flowing values and try to reconstruct and refine types. Type refinement is necessary to reduce the number of errors generated as a result of a false positive. For more technical details, check out http://infoscience.epfl.ch/record/147867.

Why do types matter?

PHP type juggles for a reason: most people don’t want to care about types. So why should they? To illustrate, let’s take two small examples of programming errors that would be avoided with a strong type system.