$30 off During Our Annual Pro Sale. View Details »

PHPStan: finding bugs in your code without running it

PHPStan: finding bugs in your code without running it

PHPStan is a static analysis tool for our code, which can find common errors like erroneous written functions and methods, more complex errors like verifications that always return true or false, and even returns that do not match the scope of the function. It will be shown all its configuration, customization, extension and how this tool has changed many applications throughout the PHP ecosystem.

Gabriel Caruso

June 08, 2019
Tweet

More Decks by Gabriel Caruso

Other Decks in Programming

Transcript

  1. PHPStan: finding bugs in your
    code without even running it
    by Gabriel Caruso
    Darkmira Tour PHP 2019

    View Slide

  2. Thank You!

    View Slide

  3. View Slide

  4. Compiled
    Languages

    View Slide

  5. Do you Monitor your
    PHP application?

    View Slide

  6. View Slide

  7. New Relic Errors Analytics

    View Slide

  8. Who am I?
    ● Backend Engineer at Usabilla
    ● PHP enthusiastic
    ● PHPSP member
    ● OSS contributor
    ● Stickers/ELEPHANTS lover

    View Slide

  9. Compiled X
    Interpreted
    Languages

    View Slide

  10. Interpreted
    language
    PHP, JavaScript, Ruby...
    “An interpreted language
    is a type of programming
    language for which most of
    its implementations
    execute instructions
    directly and freely,
    without previously
    compiling a program into
    machine-language
    instructions.”

    View Slide

  11. Compiled Language
    Java, C, Swift...
    “A compiled language is a
    programming language whose
    implementations are
    typically compilers
    (translators that generate
    machine code from source
    code), and not
    interpreters”

    View Slide

  12. View Slide

  13. View Slide

  14. New Relic Errors Analytics

    View Slide

  15. What does a Static Analyzer do?

    View Slide

  16. Static Analyzer “Static Analyzer Tool is
    the analysis of computer
    software that is performed
    without actually executing
    programs.”

    View Slide

  17. What is PHPStan?

    View Slide

  18. PHPStan
    “PHPStan focuses on
    finding errors in your
    code without actually
    running it. It catches
    whole classes of bugs even
    before you write tests for
    the code. It moves PHP
    closer to compiled
    languages in the sense
    that the correctness of
    each line of the code can
    be checked before you run
    the actual line”

    View Slide

  19. Why should I use PHPStan if I
    already write tests for my Code?

    View Slide

  20. View Slide

  21. - Do you have 100%
    coverage of your
    code?
    - Do your tests
    run under a
    minute?

    View Slide

  22. PHPStan can analyze your entire
    codebase in almost
    a minute.

    View Slide

  23. The four essential tools for modern PHP development
    PHP Lint: checks if your
    code is right
    PHPUnit: checks if your
    business logic is right
    PHP Code Sniffer: checks
    if your code is readable
    PHPStan: checks if your
    code does not have bugs

    View Slide

  24. Questions? Something that you didn’t
    understand? Do you want to add
    something?

    View Slide

  25. Let’s use PHPStan!

    View Slide

  26. Installation with Composer
    composer require
    --dev
    phpstan/phpstan
    "require-dev": {
    “phpstan/phpstan”: “^0.11”
    }

    View Slide

  27. Usage
    ./vendor/bin/phpstan analyse src/ tests/
    Executable
    Command
    Folders

    View Slide

  28. View Slide

  29. What does happen
    in the first run?
    - Parse/Fatal Errors
    - Misconfigured PSR-4
    Autoloading
    - Extra arguments passed
    to functions
    - Magic behaviour that
    needs to be defined
    (We'll talk more about
    this point in specific
    in a second)
    What happens after I solve
    all first-run errors?

    View Slide

  30. PHPStan is based on levels
    (Yes, like the Games!)
    0 (first run) -> 7 (max level)

    View Slide

  31. Defining a level
    ./vendor/bin/phpstan analyse -l 3 src/
    Level

    View Slide

  32. Questions about how to use PHPStan?

    View Slide

  33. Let’s get the most of PHPStan

    View Slide

  34. Using phpstan.neon
    parameters:
    level: 3
    paths:
    - src
    - tests
    ./vendor/bin/phpstan analyze

    View Slide

  35. Ignoring errors (using phpstan.neon)
    parameters:
    ignoreErrors: “- '~^Call to an undefined method
    Foo\\Bar\\::baz\(\)\.\z~'”

    View Slide

  36. Using PHPStan
    extensions - Doctrine
    - PHPUnit
    - Symfony
    - Mockery
    Some magic functions of ORMs
    and Frameworks need some
    extra work

    View Slide

  37. For further studies, visit
    PHPStan’s GitHub repository
    https://github.com/phpstan/phpstan

    View Slide

  38. - Tweet me @carusogabriel
    - Give a feedback to this talk
    Questionings?
    Thank you ♡

    View Slide