This doc gives an overview about what the different analyzers do.
Discourages the use of the @ operator to silence errors.
Checks for use of multiple unary operators that cancel each other out. For example !!boolean or - -int. (there is a space between the two minus)
Checks for use of UnaryPlus +$a and suggests to use an int or float cast instead.
Discourages the use of variable variables.
Checks for casts that try to cast a type to itself.
Discourages the use of eval().
Checks for use of static:: inside a final class.
Checks for {type array} > 1 and similar and suggests use of count().
Checks for division from 0. For example: 0/$x, false%$x
Checks for division by 1. For example: $x/1, $x%true
Discourages the use of backtick operator for shell execution.
Checks for Logic inversion like if (!($a == $b)) and suggests the correct operator.
Discourages the use of exit() and die().
Discourages the use of nested ternaries.
Protection of usage & and new.
Recommends the use of [] short syntax for arrays.
This inspection reports any duplicated keys on array creation expression. If multiple elements in the array declaration use the same key, only the last one will be used as all others are overwritten.
Checks for illegal array key types (for example objects).
Check for duplicate variables in use statement
Checks for use of alias functions and suggests the use of the originals.
Checks for use of debug code and suggests to remove it.
Checks for use of old rand, srand, getrandmax functions and suggests alternatives.
Checks for use of different sleep functions which can lead to a DoS vulnerability.
Checks for use of functions like boolval, strval and others and suggests the use of casts.
Checks for use of deprecated php.ini options and gives alternatives if available.
Checks that regular expressions are syntactically correct.
Checks for use of func_get_args() and suggests the use of argument unpacking. (... operator)
Checks for use of unserialize() without a 2nd parameter defining the allowed classes. Requires PHP 7.0+
Checks for use of deprecated functions and gives alternatives if available.
Format string has same number of placeholders as parameters are passed into and forbid invalid type formats.
Checks that magic methods have the right amount of parameters.
Discourages the use of goto and goto labels.
Discourages the use of global $var;.
Checks for multiple property definitions in one line. For example public $a, $b; and discourages it.
Checks for a missing break or return statement in switch cases. Can ignore empty cases and the last case.
Checks for missing visibility modifiers for properties and methods.
Checks for return statements in __construct and __destruct since they can't return anything.
Checks for behavior that would result in overwriting $this variable.
Checks for use of @test when methods name begins with test, since it is unnecessary.
Checks for a missing docblock for: class, property, class constant, trait, interface, class method, function.
Checks for use of PHP 4 constructors and discourages it.
Checks that constants are all uppercase.
Checks that statements that define a block of statements are not empty.
Discourages the use of inline html.
Checks for assignments in conditions. (= instead of ==)
Discourages the use of static variables (not properties).
Checks if any optional parameters are before a required one. For example: function ($a = 1, $b)
Checks for Yoda conditions, where a constant is placed before the variable. For example: if (3 == $a)
Discourages the use of for with multiple conditions.
Checks if any Property Definition is done with a default null value (not needed). For example: $a = null
Checks for using return and yield statements in a one method and discourages it.
Checks for return void statements.
Using octal, hexadecimal or binary integers is discouraged.