3. About me
Peter
Active open source contributor
An associate engineer
DevOps
Back-end
System Architecture Researching
Web Application Security
PHP, Python and JavaScript
Smart Grid Technology (2017~2021)
Database, Data platform architecture (2021~)
GitHub
3
7. Coding style
Founded by PHP-FIG
PHP Framework Interop Group
PSR-1
PSR-2
PSR-12
More standard docs
https://www.php-fig.org
https://github.com/php-fig
https://github.com/php-fig/fig-standards/tree/master/accepted
7
8. PSR-1 Overview
Files MUST use only <?php and <?= tags.
Files MUST use only UTF-8 without BOM for PHP code.
Files SHOULD either declare symbols (classes, functions, constants, etc.)
or cause side-effects (e.g. generate output, change .ini settings, etc.) but
SHOULD NOT do both.
Namespaces and classes MUST follow an "autoloading" PSR: [PSR-0, PSR-
4].
Class names MUST be declared in StudlyCaps.
Class constants MUST be declared in all upper case with underscore
separators.
Method names MUST be declared in camelCase.
8
9. PSR-2 Overview(Deprecated)
Code MUST follow a "coding style guide" PSR [ ].
Code MUST use 4 spaces for indenting, not tabs.
There MUST NOT be a hard limit on line length; the soft limit MUST be 120 characters; lines SHOULD be 80 characters or less.
There MUST be one blank line after the namespace declaration, and there MUST be one blank line after the block of use
declarations.
Opening braces for classes MUST go on the next line, and closing braces MUST go on the next line after the body.
Opening braces for methods MUST go on the next line, and closing braces MUST go on the next line after the body.
Visibility MUST be declared on all properties and methods; abstract and final MUST be declared before the visibility; static
MUST be declared after the visibility.
Control structure keywords MUST have one space after them; method and function calls MUST NOT.
Opening braces for control structures MUST go on the same line, and closing braces MUST go on the next line after the body.
Opening parentheses for control structures MUST NOT have a space after them, and closing parentheses for control
structures MUST NOT have a space before.
PSR-1
9
10. PSR-12
This specification extends, expands and replaces PSR-2, the
coding style guide and requires adherence to PSR-1, the basic
coding standard.
10
23. Static Code Analysis
It's the analysis of computer software that is performed without actually
executing programs.
Dynamic code analysis is the analysis of computer software that is
performed by executing programs.
Unit tests, integration tests, system tests and acceptance tests use dynamic testing.
23
27. Standard Checks
there are no syntax errors;
all the classes, methods, functions and constants exist;
the variables exist;
the hints in PHPDoc correspond to reality;
there are no arguments or variables unused.
Avoid copy-caste code errors and careless
27
28. Data type checks
Most analyzers allow to configure the level of strictness of checking and
imitate strict_types:
they check that String or Boolean aren’t passed to this function.
28
29. Union types
Most analyzers allow to configure the level of strictness of checking and
imitate strict_types:
they check that String or Boolean aren’t passed to this function.
/**
* @var string|int|bool $yes_or_no
*/
function isYes($yes_or_no) :bool
{
if (is_numeric($yes_or_no)) {
return $yes_or_no > 0;
} else {
return strtoupper($yes_or_no) == 'YES';
}
}
1
2
3
4
5
6
7
8
9
10
11
29
30. False type
Most analyzers allow to configure the level of strictness of checking and
imitate strict_types:
they check that String or Boolean aren’t passed to this function.
/** @return int|bool */
function fwrite(...) {
…
}
1
2
3
4
30
31. False type Error
<?php
/** @return resource|bool */
function open_file() {
$fp = fopen('./composer.json', 'r');
if($fp === false) {
return false;
}
return fwrite($fp, "some string");
}
1
2
3
4
5
6
7
8
9
10
11
lee@lee-VirtualBox:~/phpstan-example$ vendor/bin/phpstan analyse ./false_type.php --level=max -c phpstan
------ --------------------------------------------------------------------------------------------
Line false_type.php
------ --------------------------------------------------------------------------------------------
4 Function open_file() never returns resource so it can be removed from the return typehint.
10 Function open_file() should return bool|resource but returns int|false.
------ --------------------------------------------------------------------------------------------
1
2
3
4
5
6
7
31
33. Array shapes
<?php
/** @return array */
function array_func(array $arr) {
return $arr;
}
1
2
3
4
5
6
lee@lee-VirtualBox:~/phpstan-example$ vendor/bin/phpstan analyse ./array_example.php
--level=max -c phpstan.neon --no-progress --ansi
------ -----------------------------------------------------------------------------------------------
Line array_example.php
------ -----------------------------------------------------------------------------------------------
4 Function array_func() has parameter $arr with no value type specified in iterable type array.
💡 See: https://phpstan.org/blog/solving-phpstan-no-value-type-specified-in-iterable-type
4 Function array_func() return type has no value type specified in iterable type array.
💡 See: https://phpstan.org/blog/solving-phpstan-no-value-type-specified-in-iterable-type
------ -----------------------------------------------------------------------------------------------
[ERROR] Found 2 errors
1
2
3
4
5
6
7
8
9
10
11
12
13
33
36. PHPStan
Developed by
Install it (the simplest way is via Composer)
Configure it (optional)
Run it
Ondřej Mirtes
lee@lee-VirtualBox:~/phpstan-example$ vendor/bin/phpstan analyse ./array_example.php
1/1 [▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓] 100%
[OK] No errors
💡 Tip of the Day:
PHPStan is performing only the most basic checks.
You can pass a higher rule level through the --level option
(the default and current level is 0) to analyse code more thoroughly.
lee@lee-VirtualBox:~/phpstan-example$
1
2
3
4
5
6
7
8
9
10
11
12
13
14 36
37. PHPStan Key Features
PHPStan will try to autoload unknown classes.
If some classes are not autoloaded, it will not be able to find them and
will return an error.
If using magical methods via __call, __get, or __set, it can write a plug-in
for PHPStan.
In actual fact, PHPStan doesn’t only perform autoload in the case of
unknown classes, but it also does so for all classes.
Using for configuration.
No support for its PHPDoc tags @phpstan-var, @phpstan-return etc.
PhpStan has a playground website .
neon-format
https://phpstan.org
37
38. Phan
Developed by the Etsy company. First commits by Rasmus Lerdorf.
Requiring the php-ast extension.
Plugin example is available .
Creating a file.
Playground website is .
here
.phan/config.php
available
lee@lee-VirtualBox:~/phpstan-example$ php vendor/bin/phan array_example.php
analyze ████████████████████████████████████████████████████████████ 100.0% 29MB/29MB
lee@lee-VirtualBox:~/phpstan-example$ php vendor/bin/phan array_example.php
analyze ████████████████████████████████████████████████████████████ 100.0% 28MB/31MB
array_example.php:9 PhanSyntaxError syntax error, unexpected '}', expecting ';' (at column 1)
1
2
3
4
5
6
38
39. Psalm
Developed by the Vimeo company
Annotations code
XML format file about configuration
Type aliases
array
closure
union type (for example, several classes or a class and other types)
enum
39
43. GitHub Workflow examples
1. Using Composer to install required development dependencies.
2. GithubAction for PHP-CS-Fixer.
3. PHP Static Analysis in Github Actions.
43