Type Safety and Compilation Checks: How Static Analysis Can Benefit Your Team

Transcript

1. Type Safety and Compilation Checks: How Static Analysis Can Benefit

   Your Team

2. What is dynamic typing?

3. function createUser($name, $age) { // Other complex business logic return

   new User($name, $age) }

4. createUser('Hunter', 30); createUser('Joe', '24'); createUser('Franke', true); createUser(42, 'age');

5. var_dump(createUser('Franke', true)); => User {#2674 +name: "Franke", +age: 1, }

   var_dump(createUser(42, 'age)); => User {#2670 +name: "42", +age: 0, }

6. console.log(3 < 2 < 1); // true (huh?) console.log(false <

   1);

7. How do we catch these types of bugs?

8. Static Analysis

9. Ok great, but how?

10. PHPStan

11. None
12. None

13. Psalm

14. None
15. None
16. None

17. Other cool features Security Analysis – Code Manipulation –

18. ------ ------------------------------------------------------ ------------------------------------------------------------- ------------------- Line ValueObjects/PhoneIntelligence.php ------ ----------------------------------------------------- ------------------------------------------------------------- --------------------

    45 Parameter $lineType of class App\ValueObjects\PhoneIntelligence constructor expects App\Enum\LineType, App\Enum\LineType|null given. 79 Method App\ValueObjects\PhoneIntelligence::toJson() should return string but returns string|false. ------ ----------------------------------------------------- ------------------------------------------------------------- --------------------

19. <?php declare(strict_types=1); namespace App\ValueObjects; class PhoneIntelligence implements Arrayable, Castable, Jsonable

    { public function __construct( private readonly ?string $formatted, private readonly ?string $carrier, private readonly LineType $lineType = LineType::Unknown ) { } public static function castUsing(array $arguments): CastsAttributes { return new class implements CastsAttributes { public function get($model, string $key, $value, array $attributes): PhoneIntelligence { return new PhoneIntelligence( formatted: $attributes['phone_formatted'], carrier: $attributes['phone_carrier'], lineType: LineType::tryFrom($attributes['phone_type'] ?? 'unknown'), ); } }; } public function toJson($options = 0) { return json_encode($this->toArray(), $options); } }

20. <?php declare(strict_types=1); namespace App\ValueObjects; class PhoneIntelligence implements Arrayable, Castable, Jsonable

    { public function __construct( private readonly ?string $formatted, private readonly ?string $carrier, private readonly LineType $lineType = LineType::Unknown ) { } public static function castUsing(array $arguments): CastsAttributes { return new class implements CastsAttributes { public function get($model, string $key, $value, array $attributes): PhoneIntelligence { return new PhoneIntelligence( formatted: $attributes['phone_formatted'], carrier: $attributes['phone_carrier'], lineType: LineType::from($attributes['phone_type'] ?? 'unknown'), ); } }; } public function toJson($options = 0) { return json_encode($this->toArray(), JSON_THROW_ON_ERROR | $options); } }
21. None

22. What about frontend development?

23. Introducing: TypeScript

24. TypeWhat?

25. None
26. None
27. None
28. None

29. interface Account { id: number displayName: string version: 1 }

    function welcome(user: Account) { console.log(user.id) } type Result = "pass" | "fail" function verify(result: Result) { if (result === "pass") { console.log("Passed") } else { console.log("Failed") } }

30. So how can we use these tools?

31. composer require --dev phpstan/phpstan composer require --dev vimeo/psalm

32. - run: name: "Perform a static analysis of application" command:

    | set -x git diff origin/master... > ~/test-results/phpstan/diff.txt if [ ! -s ~/test-results/phpstan/files.txt ]; then exit 0 fi docker compose run --rm app ./vendor/bin/phpstan analyse \ --memory-limit=-1 --error-format=junit --no-interaction --no-progress --no-ansi 1> ~/test-results/phpstan/junit.xml || true docker compose run --rm app ./vendor/bin/phpstan analyse \ --memory-limit=-1 --no-interaction --no-progress --no-ansi > ~/test- results/phpstan/phpstan.txt docker compose run --rm -v ~/test-results/phpstan:/test-reports app ./vendor/bin/diffFilter \ --phpstan /test-reports/diff.txt /test-reports/phpstan.txt 100

33. npm i typescript import axios, {AxiosResponse, AxiosStatic} from 'axios'; import

    {API_DOMAIN} from './constants'; import {Homeowner} from './homeowner'; import {Project} from './project'; import Contractor from './contractor'; import ExternalMatch from './external-match'; import {parse} from 'date-fns'; import * as _ from 'lodash'; class ModernizeClient { private axios: AxiosStatic; constructor() { this.axios = axios; this.axios.defaults.baseURL = API_DOMAIN; } public projectDetails(projectId: string): Promise<Project> { return axios.get('/v1/projects/' + projectId) .then(response => { let responseData = response.data.data; let homeowner = new Homeowner(responseData.homeowner.data.firstName, responseData.homeowner.data.lastName, responseData.homeowner.data.phoneNumber); return Promise.resolve( new Project(homeowner, responseData.projectType, parse(responseData.dateCreated), parse(responseData.startDate)) ); }); } } export {ModernizeClient}

34. ESLint npm install --save-dev eslint @typescript-eslint/parser @typescript-eslint/eslint-plugin eslint . --ext

    .ts { "root": true, "parser": "@typescript- eslint/parser", "plugins": [ "@typescript-eslint" ], "extends": [ "eslint:recommended", "plugin:@typescript- eslint/eslint-recommended", "plugin:@typescript- eslint/recommended" ] }

35. WHAT ABOUT EXISTING PROJECTS?

36. PHP PHPStan vendor/bin/phpstan analyse -- level 9 \ --configuration phpstan.neon

    \ src/ tests/ --generate-baseline Psalm vendor/bin/psalm --set- baseline=your-baseline.xml vendor/bin/psalm --update- baseline Configuration includes: - phpstan-baseline.neon parameters: # your usual configuration options <?xml version="1.0"?> <psalm ... errorBaseline="./path/to/your- baseline.xml" > ... </psalm>

37. JavaScript TypeScript

38. { "compilerOptions": { "target": "esnext", "module": "commonjs", "allowJs": true, "checkJs":

    false, "outDir": "dist", "rootDir": ".", "strict": false, "esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */, "forceConsistentCasingInFileNames": true, /* Disallow inconsistently-cased references to the same file. */ "declaration": true, /* Generates corresponding '.d.ts' file. */ "strictNullChecks": true, "resolveJsonModule": true, "sourceMap": true, "baseUrl": ".", "paths": { "*": [ "*", "src/*", "src/setup/*", "src/logic/*", "src/models/*", "config/*" ] }, }, "exclude": ["node_modules", "dist"], "include": [ "./src", "./test", "./*", "./config" ] }

39. /node_modules/typescript/bin/tsc

40. Closing Time

41. I've been: Hunter Skrasek

42. Where do I reside? Mastodon: [email protected] Email: [email protected]

43. Questions?