Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PHPStan: finding bugs in your code without running it

PHPStan: finding bugs in your code without running it

PHPStan is a static analysis tool for our code, which can find common errors like erroneous written functions and methods, more complex errors like verifications that always return true or false, and even returns that do not match the scope of the function. It will be shown all its configuration, customization, extension and how this tool has changed many applications throughout the PHP ecosystem.


Gabriel Caruso

June 08, 2019

More Decks by Gabriel Caruso

Other Decks in Programming


  1. PHPStan: finding bugs in your code without even running it

    by Gabriel Caruso Darkmira Tour PHP 2019
  2. Thank You!

  3. None
  4. Compiled Languages

  5. Do you Monitor your PHP application?

  6. None
  7. New Relic Errors Analytics

  8. Who am I? • Backend Engineer at Usabilla • PHP

    enthusiastic • PHPSP member • OSS contributor • Stickers/ELEPHANTS lover
  9. Compiled X Interpreted Languages

  10. Interpreted language PHP, JavaScript, Ruby... “An interpreted language is a

    type of programming language for which most of its implementations execute instructions directly and freely, without previously compiling a program into machine-language instructions.”
  11. Compiled Language Java, C, Swift... “A compiled language is a

    programming language whose implementations are typically compilers (translators that generate machine code from source code), and not interpreters”
  12. None
  13. None
  14. New Relic Errors Analytics

  15. What does a Static Analyzer do?

  16. Static Analyzer “Static Analyzer Tool is the analysis of computer

    software that is performed without actually executing programs.”
  17. What is PHPStan?

  18. PHPStan “PHPStan focuses on finding errors in your code without

    actually running it. It catches whole classes of bugs even before you write tests for the code. It moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line”
  19. Why should I use PHPStan if I already write tests

    for my Code?
  20. None
  21. - Do you have 100% coverage of your code? -

    Do your tests run under a minute?
  22. PHPStan can analyze your entire codebase in almost a minute.

  23. The four essential tools for modern PHP development PHP Lint:

    checks if your code is right PHPUnit: checks if your business logic is right PHP Code Sniffer: checks if your code is readable PHPStan: checks if your code does not have bugs
  24. Questions? Something that you didn’t understand? Do you want to

    add something?
  25. Let’s use PHPStan!

  26. Installation with Composer composer require --dev phpstan/phpstan "require-dev": { “phpstan/phpstan”:

    “^0.11” }
  27. Usage ./vendor/bin/phpstan analyse src/ tests/ Executable Command Folders

  28. None
  29. What does happen in the first run? - Parse/Fatal Errors

    - Misconfigured PSR-4 Autoloading - Extra arguments passed to functions - Magic behaviour that needs to be defined (We'll talk more about this point in specific in a second) What happens after I solve all first-run errors?
  30. PHPStan is based on levels (Yes, like the Games!) 0

    (first run) -> 7 (max level)
  31. Defining a level ./vendor/bin/phpstan analyse -l 3 src/ Level

  32. Questions about how to use PHPStan?

  33. Let’s get the most of PHPStan

  34. Using phpstan.neon parameters: level: 3 paths: - src - tests

    ./vendor/bin/phpstan analyze
  35. Ignoring errors (using phpstan.neon) parameters: ignoreErrors: “- '~^Call to an

    undefined method Foo\\Bar\\::baz\(\)\.\z~'”
  36. Using PHPStan extensions - Doctrine - PHPUnit - Symfony -

    Mockery Some magic functions of ORMs and Frameworks need some extra work
  37. For further studies, visit PHPStan’s GitHub repository https://github.com/phpstan/phpstan

  38. - Tweet me @carusogabriel - Give a feedback to this

    talk Questionings? Thank you ♡