'PHPStan finds bugs in your code without writing tests.' https://phpstan.org/
PHPStan performs static code analysis on your code.
Static analysis is the method of testing your code for basic logical, runtime or typographical exceptions without actually executing the code or accessing external services like databases
Static analysis of your codebase happens relatively fast since the code doesn't actually get executed but scanned for common errors, like having a method that doesn't return the expected date type.
PHPStan checks for a couple of language constructs such as use of instanceof, try-catch blocks, typehints, number of arguments passed to a function, accessibility of called methods and variables, and many more.
Install PHPStan
> composer require --dev phpstan/phpstan
Add helper script commands to composer.json
"scripts": {
"phpstan-dev": "php vendor/bin/phpstan analyse -c phpstan.neon --memory-limit=1G",
"phpstan-ci": "php vendor/bin/phpstan analyse -c phpstan.neon --memory-limit=1G --no-progress",
...
}
-c:
The configuration file phpstan.neon allows you to commit additional options for your project
--memory-limit=1G:
argument is to suppress a common false warning on runs which suggests that the errors are due to a memory limit; projects often only consume tens to a couple hundreds of MB.
--no-progress:
omits the progress bar which could be useful for Continuous Integration runs.
Configuration
PHPStan makes use of the neon file format for its configuration, which is yaml like.
An example configuration file, phpstan.neon:
# https://phpstan.org/config-reference
parameters:
# https://phpstan.org/user-guide/rule-levels
level: 8
# code paths
paths:
- cfg
- public
- src
excludePaths:
analyse:
- vendor
tmpDir: tmp
# https://phpstan.org/config-reference#vague-typehints
checkMissingIterableValueType: false
checkGenericClassInNonGenericObjectType: false
# btr if true, but false allows changing level w/o errors
reportUnmatchedIgnoredErrors: true
ignoreErrors:
- '#Negated boolean expression is always true\.#'
- '#If condition is always false\.#'
...
level:
indicates how many tests to run
https://phpstan.org/user-guide/rule-levels
paths:
should point to your code
excludePaths:
should exclude code you are not responsible for, such as vendor
tmpDir:
if not set will use your default os tmp dir, but setting to a local tmp allows for easier cleanup, observation
ignoreErrors:
allows common code patterns in your project to be ignored by PHPStan
https://phpstan.org/user-guide/ignoring-errors
This should be used minimally, but may be necessary depending on your code. It can also be used when adding PHPStan to an existing project with lots of errors and you want to ease PHPStan into your workflow.
reportUnmatchedIgnoredErrors:
shows you if you have any unused ignoreError expressions
Run PHPStan
Run using composer
> php composer phpstan-dev
php vendor/bin/phpstan analyse -c phpstan.neon --memory-limit=1G
...
------------------------------------------------------------------------------
Line src\Your\Service\AService.php
------------------------------------------------------------------------------
15 Property App\Your\Service\AService::$aDomain has no typehint specified.
------------------------------------------------------------------------------
...
[ERROR] Found 214 errors
115/115 [============================] 100%
Script php vendor/bin/phpstan analyse -c phpstan.neon --memory-limit=1G handling the phpstan event returned with error code 1
Now the 'fun' begins. The errors list the file name, method, and line number. Go through all the reported errors and 'fix' them increasing code quality, and sometimes functionality; and only if necessary, add the error(s) to the ignore list.
Work toward the goal of no reported errors
> php composer phpstan-dev
php vendor/bin/phpstan analyse -c phpstan.neon --memory-limit=1G
115/115 [============================] 100%
[OK] No errors
Now celebrate!
And before every Push, Pull/Merge Request, run PHPStan.
Sounds like a good job for git hooks or CI huh?
-End of Document-
Thanks for reading
