Static Code Analysis: Judging a Forest by Its Trees

Transcript

1. JUDGING A FOREST BY JUDGING A FOREST BY IT’S TREES

   IT’S TREES Static PHP code analysis

2. WELCOME WELCOME

3. TODAYS MENU: TODAYS MENU: TREES TREES

4. None

5. YOUR APP IS A FORREST YOUR APP IS A FORREST

   IT CONTAINS LOTS OF TREES IT CONTAINS LOTS OF TREES

6. /checkout checkout($userId) fetchUser($id) SELECT * FROM .. fetchCart($user) SELECT *

   FROM .. $cart->calculate() renderBill($bill)
7. None
8. None

9. ENOUGH OF THAT ENOUGH OF THAT (FOR NOW) (FOR NOW)

10. READABILITY READABILITY

11. INDENTATION INDENTATION LINE BREAKS LINE BREAKS MAX WIDTH MAX WIDTH

    … …

12. OBVIOUS OBVIOUS

13. STYLE ISSUES ARE BORING STYLE ISSUES ARE BORING

14. EASY CODING EASY CODING STANDARD STANDARD PHP_CS_FIXER ❤ PHP_CODESNIFFER️ PHP_CS_FIXER

    ❤ PHP_CODESNIFFER️

15. BACK TO THE TREES BACK TO THE TREES

16. None

17. PHP HAS TREES PHP HAS TREES

18. THE AST THE AST Abstract Syntax Tree Since PHP 7

19. 4 + 2 * 3 4 + 2 * 3

20. 4 + *

21. 2 3

22. $ cat index.php | wc -l 104

23. $ cat index_ast.json | wc -l 3566

24. 2 TOOLS TO HELP YOU 2 TOOLS TO HELP YOU

25. PHPSTAN PHPSTAN

26. EASY CONFIG EASY CONFIG

27. EASY CONFIG EASY CONFIG 9 LEVELS (0-8) 9 LEVELS (0-8)

28. ./vendor/bin/phpstan analyze --level 5 src

29. CUSTOM RULES CUSTOM RULES services: - class: ...\Rules\Decoratable\DecoratableImplementsInterfaceRule tags: -

    phpstan.rules.rule - class: ...\Rules\Decoratable\DecoratableDoesNotAddPublicMethodRule tags: - phpstan.rules.rule - class: ...\Rules\Decoratable\DecoratableDoesNotCallOwnPublicMethodRule tags: - phpstan.rules.rule - class: ...\Rules\Decoratable\DecoratableNotDirectlyDependetRule tags: - phpstan.rules.rule

30. PSALM PSALM

31. EXTENDED TYPE SYSTEM EXTENDED TYPE SYSTEM

32. UNION TYPES UNION TYPES /** @var int|false */ $v =

    strpos($needle, $haystack);

33. TYPED ARRAYS TYPED ARRAYS /** @var array<Foo> */ $v =

    [new Foo()]; /** @var array<int, Foo> */ $v = [new Foo()];

34. OBJECT LIKE ARRAYS OBJECT LIKE ARRAYS /** @var array{value: Foo,

    name: string} */ $v = ['value' => new Foo(), 'name' => 'fooInstance'];

35. TYPE SAFETY TYPE SAFETY

36. usort($arr, function ($a, $b) { return $a['type'] > $b['type']; });

37. $ ./vendor/bin/psalm

38. ERROR: InvalidScalarArgument - src/main.php:11:13 - Argument 2 of usort expects

    callable(mixed, mixed):int, Closure(mixed, mixed):bool provided usort($arr, function ($a, $b) { return $a['type'] > $b['type']; });

39. Note: If two members compare as equal, their relative order

    in the sorted array is undefined. www.php.net/manual/en/function.usort.php

40. usort($arr, function ($a, $b) { return $a['type'] <=> $b['type']; });

41. METRICS METRICS

42. None

43. DEPTRAC DEPTRAC

44. depfile.yml paths: - ../../components exclude_files: - .*test.*

45. depfile.yml layers: - name: Cdn collectors: - type: className regex:

    Cdn - name: Common collectors: - type: className regex: Common - name: SalesData collectors: - type: className regex: SalesData - name: SDK collectors: - type: className regex: SDK

46. depfile.yml ruleset: Cdn: - SDK - Common Common: - SDK

    - Common SalesData: - SDK - Common SDK: - SDK - Common SocialNetwork: - SDK - Common Updater: - SDK - Common
47. None
48. None
49. None

50. PHPMETRICS PHPMETRICS Lines of code Cyclomatic complexity Distribution of LOC

    per class Average bugs by class Afferent coupling Efferent coupling Class relationships

51. MAINTAINABILITY MAINTAINABILITY

52. None

53. PHPINSIGHTS PHPINSIGHTS

54. None
55. None

56. AUTOMATION AUTOMATION

57. None

58. CI CI ❤ ❤ LOCAL LOCAL

59. KEEP FRICTION LOW KEEP FRICTION LOW

60. BAMARNI/COMPOSER-BIN-PLUGIN BAMARNI/COMPOSER-BIN-PLUGIN

61. $ composer bin phpstan require phpstan/phpstan $ composer bin ecs

    require symplify/easy-coding-standard

62. tools/vendor-bin ├── ecs │ ├── composer.json │ ├── composer.lock │

    └── vendor └── phpstan ├── composer.json ├── composer.lock └── vendor

63. MAKEFILE MAKEFILE ecs-dry: | install-tools vendor ## runs easy coding

    standard in dry mode $(TOOLS_BIN)/ecs check . ecs-fix: | install-tools vendor ## runs easy coding standard and fixes issues $(TOOLS_BIN)/ecs check . --fix

64. static-analysis: | install-tools vendor ## runs psalm and phpstan $(TOOLS_BIN)/psalm

    --output-format=compact $(TOOLS_BIN)/phpstan analyze --configuration phpstan.neon src $(TOOLS_BIN)/phpinsights --no-interaction --min-quality=100 --min-complexi

65. ALTERNATIVES ALTERNATIVES plain shell php …

66. THANK YOU! THANK YOU!