To improve your code base, you run an audit. Now, with so many diagnostics, the situation appears to be overwhelming. If you have a mere million lines of code, it may display thousands of errors, in various orders. And with that, the market leaves no time to reduce technical debt before the next feature: we’ll do it when pressure gets lighter, right? WRONG! Code quality starts with a daily review. Learn how to navigate in the results of code audits that actually find more issues than you want. During this workshop, we’ll check PHP classic traps, architecture errors, security vulnerabilities and logical bugs. We’ll see how to detect those bugs, how they happen, and how to prepare a fix (or not). By the end, you’ll be able to set up your own coding reference, the one that reflect your style of coding in your projects.

1. THE CODE REVIEW
WORKSHOP
Miami, FL, USA - Sunshine PHP 2019
SunshinePHP

2. WHAT ARE WE DOING ?
➤ One mysterious code repository
➤ A large array of automated tools
➤ Tasks distribution
➤ You review the code
➤ with your agenda
➤ I'll introduce concepts

3. QUESTIONS
➤ How old is this code?
➤ What is the organisation of
this code ?
➤ How large is the size of the
team ?
➤ What are the external tools
used by this code ?
➤ Would you use this code ?
➤ What does this code do ?
➤ Is it secure ?
➤ Is it fast ?

4. QUESTIONS (CONTINUED)
➤ Has this code already been
reviewed ?
➤ What can we suggest to
improve this code ?
➤ Are there obvious pattern or
design choice in this code ?
➤ Are there external libraries,
component, frameworks ?
➤ Is it maintenable ?
➤ Is it modern ?
➤ Is it backward compatible ?

5. COLLECTING INFORMATION
➤ Learn about code
➤ Read it
➤ Read the reports
➤ Deduce and infer answers
➤ Avoid bias
➤ Validate inferences with more code reading
➤ Share your finding
➤ Your inference may be someone else's validation
➤ Suggest potential modifications

6. WHAT'S IN FOR YOU ?
➤ Read code and make suggestions
➤ Test drive automated tools
➤ 10 tools are available
➤ Take them home : I'll help install if needed
➤ Learn about code smells
➤ Code modernisations
➤ The infamous dangling reference, string initialized arrays
➤ Don't be too manual…
➤ Experiment on your own

7. AVAILABLE TOOLS

8. AVAILABLE TOOLS
➤ Exakat : static analysis, inventories
➤ Phan : static analysis
➤ PHP Lint : PHP linting, by PHP itself
➤ phpcpd : copy paste detector
➤ PHPloc : Lines of code
➤ PHPmd : PHP Mess Detector
➤ phpMetrics :
➤ PHPStan : static analysis
➤ phpmnd : magic number dectector
➤ Psalm : static analysis
➤ More tools : 72 "PHP awesome static analysis list"
➤ https://github.com/exakat/php-static-analysis-tools

9. SHOW ME THE CODE!!!
➤ This is an open source code
➤ It is in production, available online
➤ Our work on this repository will go to the author(s)
➤ We'll write a report
➤ This code is related to death
➤ Ping me if this subject makes you uneasy
➤ @faguo, dseguy@exakat, quick aparté

10. SHOW ME THE CODE!!!
➤ This is an open source code
➤ It is in production, available online
➤ Our work on this repository will go to the author(s)
➤ We'll write a report
➤ This code is related to death
➤ Ping me if this subject makes you uneasy
➤ @faguo, dseguy@exakat, quick aparté

11. SHOW ME THE CODE!!!
➤https://www.exakat.io/
sunshinephp2019/workshop.zip
➤

13. 0
1,25
2,5
3,75
5
5.2 5.3 5.4 5.5 5.6 7.0 7.1 7.2
0
1
2
3
4
5.2 5.3 5.4 5.5 5.6 7.0 7.1 7.2
0
0,75
1,5
2,25
3
5.2 5.3 5.4 5.5 5.6 7.0 7.1 7.2
0
1,75
3,5
5,25
7
5.2 5.3 5.4 5.5 5.6 7.0 7.1 7.2

14. SHOW ME THE CODE!!!
mkdir exakat
cd exakat
curl -o exakat.phar http://dist.exakat.io/index.php?file=latest
curl -o apache-tinkerpop-gremlin-server-3.3.4-bin.zip http://
dist.exakat.io/apache-tinkerpop-gremlin-server-3.3.4-bin.zip
unzip apache-tinkerpop-gremlin-server-3.3.4-bin.zip
mv apache-tinkerpop-gremlin-server-3.3.4 tinkergraph
rm -rf apache-tinkerpop-gremlin-server-3.3.4-bin.zip
# Optional : install neo4j engine.
cd tinkergraph
./bin/gremlin-server.sh -i org.apache.tinkerpop neo4j-gremlin 3.3.4
cd ..
php exakat.phar doctor
https://exakat.readthedocs.io/en/latest/Installation.html#osx-installation-with-
tinkergraph-3-3-4
https://exakat.readthedocs.io/ > Installation > Quick installation

15. SPEAKER
➤ Damien Seguy
➤ Exakat CTO
➤ Static analysis for PHP
➤ Elephpant retirement home