PHPStan is a static code analysis tool that find a new category of bugs that weren't discovered by other tools like SonarQube. In these slides we discuss:
- What is code analysis and its types.
- What do static code analysis tools focus on.
- PHPStan Levels.
- PHPStan setup and configuration.
- Adding PHPStan to GitLab CI/CD pipeline.
Mining Fix Patterns for FindBugs ViolationsDongsun Kim
Several static analysis tools, such as Splint or FindBugs, have been proposed to the software development community to help detect security vulnerabilities or bad programming practices. However, the adoption of these tools is hindered by their high false positive rates. If the false positive rate is too high, developers may get acclimated to violation reports from these tools, causing concrete and severe bugs being overlooked. Fortunately, some violations are actually addressed and resolved by developers. We claim that those violations that are recurrently fixed are likely to be true positives, and an automated approach can learn to repair similar unseen violations. However, there is lack of a systematic way to investigate the distributions on existing violations and fixed ones in the wild, that can provide insights into prioritizing violations for developers, and an effective way to mine code and fix patterns which can help developers easily understand the reasons of leading violations and how to fix them.
In this paper, we first collect and track a large number of fixed and unfixed violations across revisions of software. The empirical analyses reveal that there are discrepancies in the distributions of violations that are detected and those that are fixed, in terms of occurrences, spread and categories, which can provide insights into prioritizing violations. To automatically identify patterns in violations and their fixes, we propose an approach that utilizes convolutional neural networks to learn features and clustering to regroup similar instances. We then evaluate the usefulness of the identified fix patterns by applying them to unfixed violations. The results show that developers will accept and merge a majority (69/116) of fixes generated from the inferred fix patterns. It is also noteworthy that the yielded patterns are applicable to four real bugs in the Defects4J major benchmark for software testing and automated repair.
Interview with Dmitriy Vyukov - the author of Relacy Race Detector (RRD)PVS-Studio
This is an interview with Dmitriy Vyukov - the author of Relacy Race Detector (RRD) tool intended for verifying parallel applications. In this article you will learn about the history of creating RRD, its basic abilities and also about some other similar tools and the way they differ from RRD.
How to do code review and use analysis tool in software developmentMitosis Technology
Code Inspection is a phase of the software development process to find and correct the errors in the functional and non-functional area in the early stage.
Mining Fix Patterns for FindBugs ViolationsDongsun Kim
Several static analysis tools, such as Splint or FindBugs, have been proposed to the software development community to help detect security vulnerabilities or bad programming practices. However, the adoption of these tools is hindered by their high false positive rates. If the false positive rate is too high, developers may get acclimated to violation reports from these tools, causing concrete and severe bugs being overlooked. Fortunately, some violations are actually addressed and resolved by developers. We claim that those violations that are recurrently fixed are likely to be true positives, and an automated approach can learn to repair similar unseen violations. However, there is lack of a systematic way to investigate the distributions on existing violations and fixed ones in the wild, that can provide insights into prioritizing violations for developers, and an effective way to mine code and fix patterns which can help developers easily understand the reasons of leading violations and how to fix them.
In this paper, we first collect and track a large number of fixed and unfixed violations across revisions of software. The empirical analyses reveal that there are discrepancies in the distributions of violations that are detected and those that are fixed, in terms of occurrences, spread and categories, which can provide insights into prioritizing violations. To automatically identify patterns in violations and their fixes, we propose an approach that utilizes convolutional neural networks to learn features and clustering to regroup similar instances. We then evaluate the usefulness of the identified fix patterns by applying them to unfixed violations. The results show that developers will accept and merge a majority (69/116) of fixes generated from the inferred fix patterns. It is also noteworthy that the yielded patterns are applicable to four real bugs in the Defects4J major benchmark for software testing and automated repair.
Interview with Dmitriy Vyukov - the author of Relacy Race Detector (RRD)PVS-Studio
This is an interview with Dmitriy Vyukov - the author of Relacy Race Detector (RRD) tool intended for verifying parallel applications. In this article you will learn about the history of creating RRD, its basic abilities and also about some other similar tools and the way they differ from RRD.
How to do code review and use analysis tool in software developmentMitosis Technology
Code Inspection is a phase of the software development process to find and correct the errors in the functional and non-functional area in the early stage.
TBar: Revisiting Template-based Automated Program RepairDongsun Kim
We revisit the performance of template-based APR to build comprehensive knowledge about the effectiveness of fix patterns, and to highlight the importance of complementary steps such as fault localization or donor code retrieval. To that end, we first investigate the literature to collect, summarize and label recurrently-used fix patterns. Based on the investigation, we build TBar, a straightforward APR tool that systematically attempts to apply these fix patterns to program bugs. We thoroughly evaluate TBar on the Defects4J benchmark. In particular, we assess the actual qualitative and quantitative diversity of fix patterns, as well as their effectiveness in yielding plausible or correct patches. Eventually, we find that, assuming a perfect fault localization, TBar correctly/plausibly fixes 74/101 bugs. Replicating a standard and practical pipeline of APR assessment, we demonstrate that TBar correctly fixes 43 bugs from Defects4J, an unprecedented performance in the literature (including all approaches, i.e., template-based, stochastic mutation-based or synthesis-based APR).
Some of the most common and easy-to-calculate/easy-to-measure code metrics. Understanding these can help you make your code better: avoiding code rot and writing maintainable code all starts here. Content is created for C# .net, however, the underlying principles apply to other languages/frameworks as well.
Aspect-Oriented Programming and Depedency InjectionRobert Lemke
From the Dynamic Languages World 2008 in Karlsruhe. This session introduces two powerful techniques which support a clean design of enterprise applications and the implementation of a domain-driven design. In addition to the theoretical background you will learn how to take advantage of AOP and DI in your own projects. The examples given are based on the FLOW3 framework.
Algorithm Class training institute in KPHB, Hyderabad, Python Training in Hyderabad Java Training Institutes in Hyderabad, python online training in hyderabad, java online training in hyderabad, C/C++ Training Institutes in Hyderabad
Every project has a development standard.
Sometimes the standard is “if it was hard to write, it should be hard to maintain.”
Developing, and following, a corporate Best Practices standard will lead to continuity, maintainability, robustness, and pride.
The article describes a new direction in development of static code analyzers - verification of parallel programs. The article reviews several static analyzers which can claim to be called "Parallel Lint".
Java 8 introduces new type annotation syntax (JSR 308) permitting annotations to appear on any use of a type. Type annotations provide exciting new opportunities for tooling such as detecting additional classes of errors at compile-time. This presentation provides an overview of the new type annotation syntax, tools for leveraging type annotations, and type annotation design patterns.
These slides are from Todd Schiller's talk at the March 24th New York City Java Meetup.
The purpose of types:
To define what the program should do.
e.g. read an array of integers and return a double
To guarantee that the program is meaningful.
that it does not add a string to an integer
that variables are declared before they are used
To document the programmer's intentions.
better than comments, which are not checked by the compiler
To optimize the use of hardware.
reserve the minimal amount of memory, but not more
use the most appropriate machine instructions.
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...apidays
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
Inside API delivery Pipeline, the checklist!
François Lasne, Director Open API & Open Banking at Finastra
TBar: Revisiting Template-based Automated Program RepairDongsun Kim
We revisit the performance of template-based APR to build comprehensive knowledge about the effectiveness of fix patterns, and to highlight the importance of complementary steps such as fault localization or donor code retrieval. To that end, we first investigate the literature to collect, summarize and label recurrently-used fix patterns. Based on the investigation, we build TBar, a straightforward APR tool that systematically attempts to apply these fix patterns to program bugs. We thoroughly evaluate TBar on the Defects4J benchmark. In particular, we assess the actual qualitative and quantitative diversity of fix patterns, as well as their effectiveness in yielding plausible or correct patches. Eventually, we find that, assuming a perfect fault localization, TBar correctly/plausibly fixes 74/101 bugs. Replicating a standard and practical pipeline of APR assessment, we demonstrate that TBar correctly fixes 43 bugs from Defects4J, an unprecedented performance in the literature (including all approaches, i.e., template-based, stochastic mutation-based or synthesis-based APR).
Some of the most common and easy-to-calculate/easy-to-measure code metrics. Understanding these can help you make your code better: avoiding code rot and writing maintainable code all starts here. Content is created for C# .net, however, the underlying principles apply to other languages/frameworks as well.
Aspect-Oriented Programming and Depedency InjectionRobert Lemke
From the Dynamic Languages World 2008 in Karlsruhe. This session introduces two powerful techniques which support a clean design of enterprise applications and the implementation of a domain-driven design. In addition to the theoretical background you will learn how to take advantage of AOP and DI in your own projects. The examples given are based on the FLOW3 framework.
Algorithm Class training institute in KPHB, Hyderabad, Python Training in Hyderabad Java Training Institutes in Hyderabad, python online training in hyderabad, java online training in hyderabad, C/C++ Training Institutes in Hyderabad
Every project has a development standard.
Sometimes the standard is “if it was hard to write, it should be hard to maintain.”
Developing, and following, a corporate Best Practices standard will lead to continuity, maintainability, robustness, and pride.
The article describes a new direction in development of static code analyzers - verification of parallel programs. The article reviews several static analyzers which can claim to be called "Parallel Lint".
Java 8 introduces new type annotation syntax (JSR 308) permitting annotations to appear on any use of a type. Type annotations provide exciting new opportunities for tooling such as detecting additional classes of errors at compile-time. This presentation provides an overview of the new type annotation syntax, tools for leveraging type annotations, and type annotation design patterns.
These slides are from Todd Schiller's talk at the March 24th New York City Java Meetup.
The purpose of types:
To define what the program should do.
e.g. read an array of integers and return a double
To guarantee that the program is meaningful.
that it does not add a string to an integer
that variables are declared before they are used
To document the programmer's intentions.
better than comments, which are not checked by the compiler
To optimize the use of hardware.
reserve the minimal amount of memory, but not more
use the most appropriate machine instructions.
apidays LIVE Paris 2021 - Inside API delivery Pipeline, the checklist! - Fran...apidays
apidays LIVE Paris 2021 - APIs and the Future of Software
December 7, 8 & 9, 2021
Inside API delivery Pipeline, the checklist!
François Lasne, Director Open API & Open Banking at Finastra
Refactoring legacy code driven by tests - ITALuca Minudel
Are you working on code poorly designed or on legacy code that’s hard to test? And you cannot refactor it because there are no tests?
During this Coding Dojo you’ll be assigned a coding challenge in Java, C#, Ruby, JavaScript or Python. You will face the challenge of improving the design and refactoring existing code in order to make it testable and to write unit tests.
We will discuss SOLID principles, the relation between design and TDD, and how this applies to your solution.
Reading list:
Growing Object-Oriented Software, Guided by Tests; Steve Freeman, Nat Pryce
Test Driven Development: By Example; Kent Beck
Working Effectively with Legacy; Michael Feathers
Agile Software Development, Principles, Patterns, and Practices; Robert C. Martin (C++, Java)
Agile Principles, Patterns, and Practices in C#; Robert C. Martin (C#)
PHP is now part of the normal tools at every IT department. Indeed, it must now cope with a raise in exigence and level of quality expected beyond it's famed scalability and fast development. What tools are needed to organize a large dev team and produce several hundreds of web site a year? Now is the time of industrialisation, where planning and organizing the code production must track bugs before publishing the code. We'll cover the tools and technics available to tame conception, production, publication and team work.
PHP 7 was recently released, bringing some much-desired changes and improvements to the language. However, many developers haven't had the opportunity to use it for their projects and may not be familiar with the changes it brings. We'll remedy this by checking out the new "spaceship operator," demonstrating how static type hints produce clean code, and using anonymous classes to quickly implement interfaces on the fly. Attendees will also learn about breaking changes and "gotchas" to watch out for when making the upgrade and will receive pointers on getting started with PHP 7 today.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
In the ever-evolving landscape of technology, enterprise software development is undergoing a significant transformation. Traditional coding methods are being challenged by innovative no-code solutions, which promise to streamline and democratize the software development process.
This shift is particularly impactful for enterprises, which require robust, scalable, and efficient software to manage their operations. In this article, we will explore the various facets of enterprise software development with no-code solutions, examining their benefits, challenges, and the future potential they hold.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
4. Code analysis is the process of
testing and evaluating a
program either statically or
dynamically.
Next slide
5. Static
Static code analysis is a method of
evaluating a program by examining
the source code before its execution.
It is done by analyzing a set of code
against a set of coding rules.
Analysis
Dynamic
Dynamic analysis is the process of testing
and evaluating a program — while
software is running. It addresses the
diagnosis and correction of bugs,
memory issues, and crashes of a program
during its execution.
Analysis
7. Naming.
Variables and methods’ names, are
they too short or too long?
Do they follow a naming
convention like camel-case?
Type Hinting.
Some tools can suggest a name
consistent with the return type.
For example a getFoo() method
that returns a boolean better be
named isFoo().
Lines of Code.
Measures the line of codes in your
class or method against a
maximum value. In addition to the
number of method's parameter or
class' number of public methods
and properties.
Measurements
STATIC ANALYSIS JARGONS
8. Commented Code
No commented out block of code,
as long as you are using a version
control system, you can remove
unused code and if needed, it's
recoverable.
Return Statements
How many return statements do
you have through out your
method? Many return statements
make it difficult to understand the
method.
Return Types
Makes sure that return type
matches the expected. Having
many return types possibilities
confuses the analyzers.
Code Structure I
STATIC ANALYSIS JARGONS
9. Dedicated Exceptions
Throw dedicated exception instead
of generic run-time exceptions that
can be cached by client code.
No Static Calls
Avoid using static calls in your
code and instead use dependency
injection. Factory methods is the
only exception.
DRY
Checks for code duplication either
in repeating literal values or whole
blocks of code.
Code Structure II
STATIC ANALYSIS JARGONS
10. Complexity
Having a lot of control structures in one method
AKA the pyramid of doom.
Possible fixes include:
• Early return statements
• Merging nested if statements in combination
with helper functions that make the condition
readable.
STATIC ANALYSIS JARGONS
11. Cipher Algorithms
Using cryptographic systems
resistant to cryptanalysis, they are
not vulnerable to well-known
attacks like brute force attacks for
example.
Cookies
Always create sensitive cookies
with the “secure” flag so it’s not
sent over an unencrypted HTTP
request.
Dynamic Execution
Some APIs allow the execution of
dynamic code by providing it as
strings at runtime. Most of the time
their use is frowned upon as they
also increase the risk of Injected
Code
Security Issues
STATIC ANALYSIS JARGONS
13. PHPStan moves PHP closer to
compiled languages in the
sense that the correctness of
each line of the code can be
checked before you run the
actual line.
PHPStan repository README.md
14. 2
157
191 203 212 226
351
378
429
516
0
100
200
300
400
500
600
Level 0 Level 1 Level 2 Level 3 Level 4 Level 5 Level 6 Level 7 Level 8 Level 9
Errors
Errors Detected in a Laravel App.
WHAT DOES PHPSTAN BRING
That has been analyzed with SonarQube
since day one
15. 00
Basic Checks.
Unknown classes, unknown functions,
unknown methods called on $this, wrong
number of arguments passed to those
methods and functions, always undefined
variables
01
$this Unknowns.
Possibly undefined variables, unknown
magic methods and properties on classes
with __call and __get
02
Methods
Unknown methods checked on all
expressions (not just $this), validating
PHPDocs
Rule Levels
WHAT DOES PHPSTAN BRING
16. 03
Types.
Return types, types assigned to
properties.
04
Dead Code.
Basic dead code checking - always false
instanceof and other type checks, dead
else branches, unreachable code after
return; etc.
05
Arguments.
Checking types of arguments passed to
methods and functions.
Rule Levels II
WHAT DOES PHPSTAN BRING
17. 06
Type Hints.
Reports missing type hints.
07
Union Types.
Reports partially wrong union types - if
you call a method that only exists on
some types in a union type, level 7 starts
to report that.
08
Nullable Types.
report calling methods and accessing
properties on nullable types.
Rule Levels III
WHAT DOES PHPSTAN BRING
18. 09 Mixed Type
Be strict about the mixed type - the only
allowed operation you can do with it is to
pass it to another mixed
WHAT DOES PHPSTAN BRING
Rule Levels IV
21. Configuration File
PHPStan uses configuration file, phpstan.neon
or phpstan.neon.dist, that allows you to:
HOW TO USE IT
- Define the paths that will be analyzed.
- Set the rule level.
- Exclude paths.
- Include PHPStan extensions.
- Ignore errors.
- Define the maximum number of parallel processes
Config Reference
24. PHPDocs
PHPDocs are essential part to PHPStan robust.
PHP in its most recent versions introduced native
type hints, but it still leaves a lot of room for
PHPDocs to augment the information.
HOW TO USE IT
25. Properties and Inline Variables.
PHPDocs can be written above
class properties to denote their
type, or in variable assignment as a
last resort.
Magic Properties.
For custom __get/__set methods logic, a
@property PHPDoc tag can be placed
above a class. It can also define
read/write access.
Magic Methods.
For custom __call methods logic, a
@method PHPDoc tag can be
placed above a class
26. PHPDocs
HOW TO USE IT
PHPDocs Reference
Combining PHPDoc types with native type hints
27. The Baseline
HOW TO USE IT
Introducing PHPStan to the CI pipeline, increasing
strictness level or upgrading to a newer version can
be overwhelming.
PHPStan allows you to declare the currently
reported list of errors as “the baseline” and stop
reporting them in subsequent runs. It allows you to
be interested in violations only in new and changed
code.
28. Generating the
Baseline
If you want to export the current list of errors
and use it as the baseline, run PHPStan with
--generate-baseline option
It generates the list of errors with the number
of occurrences per file and saves it as
phpstan-baseline.neon
HOW TO USE IT
29. Adding PHPStan to
CI Pipeline
Adding PHPStan to the CI pipeline and running it
regularly on merge requests and main branches will
increase our code quality. In addition to helping in
code review.
HOW TO USE IT
31. Final
Thoughts
PHPStan and code analysis in
general is not a substitute for
testing.
PHP is moving in the direction of
being more predictable and
relaying less on magic.
32. Helpful Links about
PHPStan and Other Tools
• PHPStan configuration reference
• PHPDocs usage with PHPStan
• PHPStan extensions library
• List of analysis tools for different languages
RESOURCES