php

Inversion of control is the answer to more maintainable, testable, modular code, a common pattern in OOP adopted by frameworks and enterprise projects.  The main idea is to separate configuration (class names and initialisation parameters) from implementation (class instantiations and static calls), avoiding hard coded class names and parameters, so that they can be replaced by third parties and during tests.

There are at least three common ways of injecting dependencies (see here for a detailed description).

Constructor Injection: injection through constructor parameters

For every object, all the dependencies are passed as constructor arguments.  Constructor injection is fairly straightforward and works quite well on small projects, but as a project and the number of dependecies grow, so do constructors' signatures length.  Complex constructors are eventually refactored to receive an array of dependecies or moving them up in the hierarchy, in some base class, which evolves into a registry of dependencies (among other responsibilities).

Setter Injection: public setters for every dependency

Every dependency is set using a public method inside a class. For instance three classes depending on a Mailer would have each a `setMailer($object)` method.  Fairly simple to implement but leads to duplication and maintainability issues, every time an object is created all the setters must be called.

Service locator: holder/registry of components/services

All the dependencies are provided by a builder, which serves as a registry of dependencies and/or service definitions. The service locator knows how to instantiate each dependency.   Such service exposes methods like `getMailer()`, `getLogger()` etc.  A service locator centralises the configuration detailing classes and parameters involved on objects instantiations.

Select is a static Service Locator implementation with PHP method overloading.  It allows to replace classes and can be used to hold components/services, identified by unique names and automatically exposed with getter methods.

Select is designed to be subclassed with a custom class name, as opposed to the common injection through constructors.  To replace Select you subclass the main class.  For instance: during tests you can either use a different set of definitions (suggested) or use a mocked Service Locator class implementing the same interface iSelect.

Have you heard about pfff ? If someone approaches you with a similar question you might answer "what the ... are you talking about ?"  Yesterday at phpnw10 I made that very question to Scott MacVicar and the answer was not much different. Interestingly enough because the tool was recently released on Github by Facebook. It turns out that pfff stands for PHP Frontend For Fun, feel the fun on the videos, just avoid food before watching

As you can read in the wiki pfff is mainly an OCaml API to write static analysis, dynamic analysis, code visualizations, code navigations, or style-preserving source-to-source transformations such as refactorings on source code. It is inspired by a similar tool for C called Coccinelle, born out of a study of collateral evolutions in the Linux kernel where changes to core systems need to propagate correctly not only to the thousands of drivers in the Linux kernel source code tree, but also to all the proprietary drivers.

For the time being the effort is focused on PHP but there is preliminary support for Javascript, Sql, and C++ code. There is also preliminary support for OCaml code so that the framework can be used on the code of pfff itself.

pfff is made of some tools: pfff, pfff_db_light, pfff_db, pfff_visual, sgrep, spatch, scheck and pfff_tags. It works on Linux, OSX and any system with X11.

This is the sort of output you get from pfff_visual used on Coccinelle source code: 

where each rectangle is a file/folder, and the size of the rectangle is the size of the file/folder, the color represents the type (see the examples for many more). Then you can interactively navigate and search the codebase with left/right/middle clicks and a search tool, that allows to get an easy and quick idea of a project size., ie a huge API you are asked to understand and use, browse the entire source code within a single window, better if you have a big display (see videos for a demo) and, if you like, see where a function is used in the code, to give you an idea how refactoring/editing might impact the rest of an application.

A tool I find really interesting is sgrep, a powerful search function not just based on string, but on syntax. So you can for instance do this:

sgrep -e 'FALSE !== substr(...)' *.php

and it would work even if the expression is splitted on multiple lines or has extra spaces, because the code is syntactically analysed, token by token. 

Suppose you want to search all calls to error_log where the second parameter is 3, you can write something like this:

sgrep -e 'error_log(X, 3, ...)' *.php

For the record "..." is part of sgrep syntax: it means that you don't care about the arguments, so

sgrep -e 'error_log(X, ...)' *.php

will match all of the following:

error_log('warning message')
error_log('fatal error', 1, 'me@localhost')
etc.

Similarly spatch can be used for syntactic patches.

Probably only few will start using these tools, although I think it would be useful if IDEs such as Netbeans, Eclipse, PHPStorm, that already have some refactoring capabilities, would include pfff and allow the user to do complex refactoring operations using a standard syntactic search&replaces approach. pfff_visual is also a nice addon that comes handy on static code analysis, I look forward to try it with Zend Framework and some projects I'm working on.

Resources:

• http://github.com/facebook/pfff
• http://coccinelle.lip6.fr

Videos:

• http://www.youtube.com/watch?v=HRZjBGD3osw
• http://www.youtube.com/watch?v=993pmNLY_VU

In case you didn't know, during the last months Ibuildings has launched many challenges to PHP developers, rewarding the winners with iPads and tickets for the DPC 2010.

Unfortunately the contest is not for us, but a PHP challenge can't be refused, right?

"One of the key values at Facebook is to move fast. For the past six years, we have been able to accomplish a lot thanks to rapid pace of development that PHP offers. As a programming language, PHP is simple. Simple to learn, simple to write, simple to read, and simple to debug. We are able to get new engineers ramped up at Facebook a lot faster with PHP than with other languages, which allows us to innovate faster."

The idea of that talk is to go through the classes of vulnerabilities or security problems that you usually need to take care of yourself and look at the Zend Framework to check what internal protection ZF offers and how they are used and what problems you still need to solve on your own.

http://techportal.ibuildings.com/2009/10/13/secure-programming-with-the-...

The @ “operator” in PHP is used to silence any warnings or errors that would otherwise be shown (in the browser or the log). Some people thinks it is really useful, the most suggest to avoid it.
This is an interesting blog post about the slowness of @ , one more reason to avoid hiding errors.

http://bit.ly/MVFC9