Static Analysis Crash Course for Framework Developers

Slide 1

Slide 1 text

Ondřej Mirtes Static Analysis Crash Course for Framework Developers

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

$ composer require --dev phpstan/phpstan What is PHPStan? $ vendor/bin/phpstan analyse src/ tests/

Slide 4

Slide 4 text

What is PHPStan?

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

1. Use static analysis yourself

Slide 7

Slide 7 text

Rule levels in PHPStan 0⃣1⃣2⃣3⃣4⃣5⃣6⃣7⃣8⃣9⃣

Slide 8

Slide 8 text

Rule levels in PHPStan 0⃣ 5⃣ – All basic bugs checked

Slide 9

Slide 9 text

Missing typehints 6⃣ function foo($a, $b) { ... } Function foo() has parameter $a with no type speci fi ed. Function foo() has parameter $b with no type speci fi ed. Function foo() has no return type speci fi ed.

Slide 10

Slide 10 text

Partially wrong unions 7⃣ interface Foo { } interface Bar { function doBar(): void; } function (Foo|Bar $fb): void { $fb->doBar(); }; Call to an unde fi ned method Foo|Bar::doBar().

Slide 11

Slide 11 text

Nullables 8⃣ interface Bar { function doBar(): void; } function (?Bar $b): void { $b->doBar(); }; Cannot call method doBar() on Bar|null.

Slide 12

Slide 12 text

Be stricter about "mixed" 9⃣ function foo(mixed $m) { $m->doBar(); } Cannot call method doBar() on mixed.

Slide 13

Slide 13 text

2. Ensure good DX for SA of code written against your framework

Slide 14

Slide 14 text

No content

Slide 15

Slide 15 text

Strong types public function do(): void { $a = $this->callFramework(); }

Slide 16

Slide 16 text

Advanced PHPDoc types /** @var int<0, 23> */ private int $hours; /** @var array */ private array $items; /** @param callable(string): int $cb */ public function do(callable $cb): void { }

Slide 17

Slide 17 text

Advanced PHPDoc types phpstan.org Documentation » Writing PHP Code » PHPDoc Basics Documentation » Writing PHP Code » PHPDoc Types

Slide 18

Slide 18 text

live.symfony.com/account/replay/video/659

Slide 19

Slide 19 text

__call, __get, __set 🪄🧙 /** * @property int $count * @method int sum(int $a, int $b) * @mixin Lorem */ class MagicFoo { }

Slide 20

Slide 20 text

__call, __get, __set 🪄🧙 interface PropertiesClassReflectionExtension { function hasProperty( ClassReflection $classReflection, string $propertyName ): bool; function getProperty( ClassReflection $classReflection, string $propertyName ): PropertyReflection; } If there's "->getName()" then there's "->name"

Slide 21

Slide 21 text

phpstan.org Documentation » Developing Extensions » Class Reflection Extensions __call, __get, __set 🪄🧙

Slide 22

Slide 22 text

🚩 Red flags 🚩

Slide 23

Slide 23 text

🚩 Being forced to "fix" 🚩 a type public function do(): void { /** @var SpecificFoo $a */ $a = $this->callFramework(); }

Slide 24

Slide 24 text

public function do(): void { $a = $this->callFramework(); assert($a instanceof SpecificFoo); } 🚩 Being forced to "fix" 🚩 a type

Slide 25

Slide 25 text

🚩 Stringly-typed 🚩 public function do(): void { $issues = $this->githubClient->api('issue'); // what is $issues!? $issues = $this->githubClient->issues(); // $issues is IssueApi object }

Slide 26

Slide 26 text

🚩 Optional and nullable 🚩 parameters function setValidity( \DateTimeImmutable $from, \DateTimeImmutable $to ): void { }

Slide 27

Slide 27 text

🚩 Optional and nullable 🚩 parameters function setValidity( ?\DateTimeImmutable $from, ?\DateTimeImmutable $to ): void { }

Slide 28

Slide 28 text

🚩 Optional and nullable 🚩 parameters $foo->setValidity($from, $to); $foo->setValidity(null, null); $foo->setValidity($from, null); $foo->setValidity(null, $to);

Slide 29

Slide 29 text

🚩 Optional and nullable 🚩 parameters function setValidity( \DateTimeImmutable $from, \DateTimeImmutable $to ): void { } function removeValidity(): void { }

Slide 30

Slide 30 text

🚩 Di ff erent return types 🚩 based on parameters function getParameter( ?string $name = null ): array|string

Slide 31

Slide 31 text

🚩 Di ff erent return types 🚩 based on parameters function getParameter(string $name): string /** @return array */ function getParameters(): array

Slide 32

Slide 32 text

3. Practical examples to achieve strong types

Slide 33

Slide 33 text

/** @return ($name is string ? string : array) */ function getParameter( ?string $name = null ): array|string { ... } Conditional return type

Slide 34

Slide 34 text

Constraint Validator class UserEmailValidator extends ConstraintValidator { function validate($value, Constraint $constraint): bool { if (!$constraint instanceof UserEmail) { throw new UnexpectedTypeException( $constraint, ContainsAlphanumeric::class ); } } }

Slide 35

Slide 35 text

Constraint Validator /** @template TConstraint of Constraint */ abstract class ConstraintValidator { /** @param TConstraint $constraint */ function validate($value, Constraint $constraint): bool; }

Slide 36

Slide 36 text

Constraint Validator /** @extends ConstraintValidator */ class UserEmailValidator extends ConstraintValidator { function validate($value, Constraint $constraint): bool { \PHPStan\dumpType($constraint); // outputs: UserEmail } }

Slide 37

Slide 37 text

Permission Voter class PostVoter extends Voter { function supports(string $attribute, $subject): bool { return $subject instanceof Post; } function voteOnAttribute(string $attribute, $subject): bool { /** @var Post $post */ $post = $subject; } }

Slide 38

Slide 38 text

Permission Voter /** @template T */ abstract class Voter { /** @phpstan-assert-if-true T $subject */ abstract function supports(string $attribute, $subject): bool; /** @param T $subject */ abstract function voteOnAttribute( string $attribute, $subject ): bool; }

Slide 39

Slide 39 text

Permission Voter /** @extends Voter */ class PostVoter extends Voter { function supports(string $attribute, $subject): bool { return $subject instanceof Post; } function voteOnAttribute(string $attribute, $subject): bool { \PHPStan\dumpType($subject); // outputs: Post } }

Slide 40

Slide 40 text

Permission Voter \PHPStan\dumpType($subject); // outputs: mixed $voter = new PostVoter(); if ($voter->supports('attr', $subject)) { \PHPStan\dumpType($subject); // outputs: Post $voter->voteOnAttribute('aaa', $subject); ✅ } else { $voter->voteOnAttribute('aaa', $subject); ❌ } Parameter #2 $subject of method PostVoter::voteOnAttribute() expects Post, mixed given.

Slide 41

Slide 41 text

Console commands today function configure(): void { $this->addArgument( 'paths', InputArgument::OPTIONAL | InputArgument::IS_ARRAY ); } function execute(InputInterface $input, OutputInterface $output) { $paths = $input->getPaths(); // is mixed ... }

Slide 42

Slide 42 text

phpstan / phpstan-symfony Console commands today function execute(InputInterface $input, OutputInterface $output) { $paths = $input->getPaths(); // is array ... }

Slide 43

Slide 43 text

Hypothetical strongly-typed future class RunCommandDTO { #[Argument, Optional] public array $paths; } function execute(RunCommandDTO $input, OutputInterface $output) { $paths = $input->paths; // is array ... }

Slide 44

Slide 44 text

4. Test your framework with static analysis

Slide 45

Slide 45 text

use function PHPStan\Testing\assertType; $parameters = $bag->getParameter(); assertType('array', $parameters); $foo = $bag->getParameter('foo'); assertType('string', $foo); assertType

Slide 46

Slide 46 text

reactphp / async / tests / types / await.php

Slide 47

Slide 47 text

5. Write custom PHPStan rules

Slide 48

Slide 48 text

Custom PHPStan rules #[ORM\Column(type: "datetime"] private DateTimeImmutable $created; Property User::$created type mapping mismatch: database can contain DateTime but property expects DateTimeImmutable.

Slide 49

Slide 49 text

Custom PHPStan rules #[Route('/blog/{slug}', name: 'blog_show')] public function show(string $title): Response Route parameter slug not found in controller action show(). Parameter $title of action show() not found in the route.

Slide 50

Slide 50 text

Custom PHPStan rules phpstan.org Documentation » Developing Extensions » Core Concepts Documentation » Developing Extensions » Custom Rules

Slide 51

Slide 51 text

github.com/phpstan/phpstan

Slide 52

Slide 52 text

@OndrejMirtes @OndrejMirtes@phpc.social