PHPStan is a great command line tool for seeing how your PHP code is doing without running it. It’s great for finding potential bugs that other tools and unit tests couldn’t find.

Regarding Drupal projects, there is a small problem that PHPStan does not know how to interpret Drupal plugins, entities, controllers, or other Drupal architecture that goes into Drupal modules. Because of this, when you try to run PHPStan on your module code, you’ll find that it generates a lot of errors about missing objects and wrong parameters.

So, let’s get this installed in your Drupal project.

Steps to install PHPStan in Drupal project.

Step 1: To install PHPstan into your project, open the terminal and execute the below command in your project root directory.

composer require –dev phpstan/phpstan phpstan/extension-installer mglaman/phpstan-drupal phpstan/phpstan-deprecation-rules

Step 2: After installing PHPStan, we need to configure the settings for PHPStan to find errors in our code.

Create a new file in your project root directory called phpstan.neon and add the configuration below.

parameters:
level: 0
paths:
– docroot/modules/custom
editorUrl: ‘phpstorm://open?file=%%file%%&line=%%line%%’

Initially, we are setting the PHPStan error check level to 0. So, it will do the basic checks in your code. We can change it according to our level of code complexity.

Here’s a quick overview of what is checked at each level. Levels are cumulative. For example, if you go to level 5, you also get all checks from level 0 to 4.

Basic checks, unknown classes, unknown functions, unknown methods called by $this, incorrect number of arguments passed to these methods and functions, always undefined variables.
Potentially undefined variables, unknown magic methods, and class properties with __call and __get.
Unknown methods checked for all expressions (not just $this), PHPDocs verification.
Return type, the type assigned to a property.
For basic checks dead code – and other instances of type checking are always wrong, else branch is dead, in code after return unreachable, etc.
Check types of arguments passed to methods and functions.
Report missing type hints.
Report partially wrong union types – some types of union types Reporting starts at level 7 when calling a method that exists only in.
Reporting method calls and accesses to properties of nullable types.
Be strict with mixed types – the only legal operation that can be performed on a mixed type is passing it to another mixed type.

 

Step 3: Now, execute the command below in the terminal to generate a PHPStan errors report.

php ./vendor/bin/phpstan

 

It will generate PHPStan errors report. The default format will be table format to display all errors.

 

If you are facing a memory problem, use this command with –memory-limit option.

php ./vendor/bin/phpstan –memory-limit=1G

 

Also, You can generate this error report in a different format. Here is an example to generate this report in JSON format.

php ./vendor/bin/phpstan –error-format=json –no-progress –ansi > phpstan_analysis.json

Here, phpstan_analysis.json is a file name in which all errors will generate. It will be generated in the root directory of the project folder.

 

A Common Problem When Analysing Drupal Code using PHPStan.

When generating the PHPStan report, I found multiple issues in files regarding the below error.

Unsafe usage of new static().

See: https://phpstan.org/blog/solving-phpstan-error-unsafe-usage-of-new-static

This is because we are using dependency injection and calling services using ContainerInterface.

public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) {
    return new static(
      $configuration,
      $plugin_id,
      $plugin_definition
    );
  }

The reason PHPStan throws this error is that extending a class and overriding the constructor with other parameters can break it.

There’s some information on why this use of new static() is unsafe on the PHPStan website.

To ignore this error in a report you must add the below configuration in phpstan.neon file.

Adding this option turns off that error and means we can focus on other things that are important to improving the code quality of the custom code.

 

Conclusion

PHPStan is a great tool and should be part of your development workflow. Using this we can improve our code quality and efficiency. We were successfully able to generate a PHPStan error report in the Drupal project and we learned how to exclude errors that are not actual errors.