PHPStan: finding bugs in your code without running it

Transcript

1. PHPStan: finding bugs in your code without even running it

   by Gabriel Caruso Darkmira Tour PHP 2019

2. Thank You!

3. None

4. Compiled Languages

5. Do you Monitor your PHP application?

6. None

7. New Relic Errors Analytics

8. Who am I? • Backend Engineer at Usabilla • PHP

   enthusiastic • PHPSP member • OSS contributor • Stickers/ELEPHANTS lover

9. Compiled X Interpreted Languages

10. Interpreted language PHP, JavaScript, Ruby... “An interpreted language is a

    type of programming language for which most of its implementations execute instructions directly and freely, without previously compiling a program into machine-language instructions.”

11. Compiled Language Java, C, Swift... “A compiled language is a

    programming language whose implementations are typically compilers (translators that generate machine code from source code), and not interpreters”
12. None
13. None

14. New Relic Errors Analytics

15. What does a Static Analyzer do?

16. Static Analyzer “Static Analyzer Tool is the analysis of computer

    software that is performed without actually executing programs.”

17. What is PHPStan?

18. PHPStan “PHPStan focuses on finding errors in your code without

    actually running it. It catches whole classes of bugs even before you write tests for the code. It moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line”

19. Why should I use PHPStan if I already write tests

    for my Code?
20. None

21. - Do you have 100% coverage of your code? -

    Do your tests run under a minute?

22. PHPStan can analyze your entire codebase in almost a minute.

23. The four essential tools for modern PHP development PHP Lint:

    checks if your code is right PHPUnit: checks if your business logic is right PHP Code Sniffer: checks if your code is readable PHPStan: checks if your code does not have bugs

24. Questions? Something that you didn’t understand? Do you want to

    add something?

25. Let’s use PHPStan!

26. Installation with Composer composer require --dev phpstan/phpstan "require-dev": { “phpstan/phpstan”:

    “^0.11” }

27. Usage ./vendor/bin/phpstan analyse src/ tests/ Executable Command Folders

28. None

29. What does happen in the first run? - Parse/Fatal Errors

    - Misconfigured PSR-4 Autoloading - Extra arguments passed to functions - Magic behaviour that needs to be defined (We'll talk more about this point in specific in a second) What happens after I solve all first-run errors?

30. PHPStan is based on levels (Yes, like the Games!) 0

    (first run) -> 7 (max level)

31. Defining a level ./vendor/bin/phpstan analyse -l 3 src/ Level

32. Questions about how to use PHPStan?

33. Let’s get the most of PHPStan

34. Using phpstan.neon parameters: level: 3 paths: - src - tests

    ./vendor/bin/phpstan analyze

35. Ignoring errors (using phpstan.neon) parameters: ignoreErrors: “- '~^Call to an

    undefined method Foo\\Bar\\::baz\(\)\.\z~'”

36. Using PHPStan extensions - Doctrine - PHPUnit - Symfony -

    Mockery Some magic functions of ORMs and Frameworks need some extra work

37. For further studies, visit PHPStan’s GitHub repository https://github.com/phpstan/phpstan

38. - Tweet me @carusogabriel - Give a feedback to this

    talk Questionings? Thank you ♡