PHPStan v1.11 releases: PHP Static Analysis Tool
![phpstan PHP Static Analysis Tool](https://b3442631.smushcdn.com/3442631/wp-content/uploads/2019/07/phpstan-600x500.png?lossy=1&strip=1&webp=1)
PHPStan – PHP Static Analysis Tool
PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. It moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line.
What it currently checks for?
- Existence of classes used in instanceof, catch, typehints and other language constructs. PHP does not check this and just stays instead, rendering the surrounded code unused.
- Existence and accessibility of called methods and functions. It also checks the number of passed arguments.
- Whether a method returns the same type it declares to return.
- Existence and visibility of accessed properties. It will also point out if a different type from the declared one is assigned to the property.
- The correct number of parameters passed to sprintf/printf calls based on format strings.
- Existence of variables while respecting scopes of branches and loops.
- Useless casting like (string) ‘foo’ and strict comparisons (=== and !==) with different types as operands which always result in false.
PHPStan is fast…
It manages to check the whole codebase in a single pass. It doesn’t need to go through the code multiple times. And it only needs to go through the code you wish to analyze, e.g. the code you have written. It doesn’t need to parse and analyze 3rd party dependencies. Instead, it uses reflection to find out useful information about somebody else’s code your codebase uses.
PHPStan is able to check our codebase (6000 files, 600k LOCs) in around a minute. And it checks itself under a second.
Changelog v1.11
Major new features 🚀
- Error identifiers
- A way to categorize reported errors by a stable identifier. Up until now you had to use specific and ever-changing error messages
- Can be used for ignoring specific errors locally with new
@phpstan-ignore
comment (uses current or next line automatically) - Can be used for ignoring specific errors in
ignoreErrors
section of your configuration file (phpstan.neon) - Can be used in output formatters
- Can be seen in PHPStan Pro GUI or in TableErrorFormatter with
-v
- Catalogue with source code links: https://phpstan.org/error-identifiers
- PHPStan Pro Reboot
- A new migration wizard will effortlessly migrate all your
@phpstan-ignore-line
and@phpstan-ignore-next-line
to the new@phpstan-ignore
comment style with error identifiers. The old comment style is dangerous because it ignores all errors, current and future, on that line. - Revamped UI for much more comfortable viewing and browsing of reported errors
- The new UI also lets you browse ignored errors, from
ignoreErrors
, from your baseline and also ignored locally in source code using comments - Streaming errors during launch: You don’t have to wait for the analysis to complete, you can see errors as they come in during the analysis
- Support for mapping file paths to the host filesystem when running in Docker or remotely
- Try it out by running PHPStan with
--pro
CLI option
- A new migration wizard will effortlessly migrate all your
- PHPDoc tags describing callable lifecycle:
@param-immediately-invoked-callable
,@param-later-invoked-callable
- Useful for exception analysis (https://phpstan.org/blog/bring-your-exceptions-under-control) and
@phpstan-pure
- Useful for exception analysis (https://phpstan.org/blog/bring-your-exceptions-under-control) and
- PHPDoc tag
@param-closure-this
to describe what$this
is bound to in a passed closure - Two new config options around stricter offset checks in arrays (#3028), #7553, thanks @ttomdewit!
reportPossiblyNonexistentGeneralArrayOffset
reportPossiblyNonexistentConstantArrayOffset
- Learn more in the documentation
Bleeding edge 🔪
- Checking truthiness of
@phpstan-pure
above functions and methods - Check
new
/function call/method call/static method call on a separate line without any side effects even without@phpstan-pure
PHPDoc tag on the declaration side - BetterNoopRule – take advantage of impure points (phpstan/phpstan-src@a647052), #10389
- Run missing type check on
@param-out
(phpstan/phpstan-src@56b2002) - CallToConstructorStatementWithoutSideEffectsRule – report class with no constructor (phpstan/phpstan-src@b116d25)
- Deprecated: returning plain strings as errors, use RuleErrorBuilder
- Deprecated: returning RuleError without identifier (phpstan/phpstan-src@969e6fa)
- More…
Download & Use
Copyright (c) 2016 Ondřej Mirtes