LARA

Phantm : PHP Analyzer for Type Mismatch

Welcome to the phantm wiki! Phantm analyzes PHP code statically (with optional help from dynamic instrumention). It has found many errors in real PHP applications.

News 05.10.2012: phantm 1.0.7 has been released, see Releases for more details.

You'll find more information in the following sections dedicated on various aspects of phantm:

Getting started

In most cases, using phantm is easy.

The first step is to download a jar release of phantm. You'll find those files in Releases. The jar is self contained, meaning that the only requirement is Java. If you don't want to wait for releases, see Building from source.

Once you have downloaded the jar distribution, use it as follows:

java -jar path/to/phantm.jar [options] 

For a detailed description of the available options, see Options.

Publications

Parts of phantm are described in the following papers:

  • E. Kneuss, P. Suter, V. Kuncak. Runtime Instrumentation for Precise Flow-sensitive Analysis. RV 2010, pp. 300-314. PDF
  • E. Kneuss, P. Suter, V. Kuncak. Phantm: PHP Analyzer for Type Mismatch (Research Demonstration). FSE 2010, pp. 373-374. PDF