 Привет, всем. Ну, я буду задавать вопросы для audiences, поэтому не поверите мне, чтобы ухватить свои руки. Но, первое важное вопрос, как много у вас выживающий пейстер? Ок, если кто-то не ухватит руки, говори с новым человеком, кто это сделал. Если вы не хотите быть конвенцией, то в конце все это. Я буду показывать, как Хард-корр-стоф, клоуза до конца, но это начало с какие-то важные вещи, как все, которые вы знаете. И многие, даже долгое время, не знают все функции. Во-первых, у нас есть большая часть из пищи, использована для себя, в том числе в пищи-писторном работе. Вы, в принципе, идите к гуглу, в гуглу в пищи-писторном работе. Я покажу вам гид-хаблинг, вы проверите, и вы следите. Я буду делать это сейчас, так как вы можете продолжить или делать некоторые части. Также, такой маленький дисклеймер, я буду использовать оба или аксесс-билд, и актual, как-то не релизовый билд, работа на моем лепто-пшопе, так что ничего не может работать, но все. И... Окей, начнем. Так, это, в принципе, проект-виндл, editor, какие-то тул-боксы. Наверное, многие, которые знают, в пищи-писторном работе, не помните, обычно, где их есть. В последней версии, мы очень обновлены санкционалитией. В принципе, это называется search everywhere. Вы double-pressed shift key, и вы typing anything. И мы покажем вам релизовые символы, файлы, акции, что-то. Вы можете попробовать лимитить это, включить системы, классы и так далее. Это очень важная акция. Я не знаю, где эта работа в меню здесь, в проекте, или что-то. Второе, если вы пойдете в этот workshop, или участвуете пищи-писы, когда-то, у вас есть важная вещь, которую вы используете. Если вы пойдете в меню, и проверяете проект-виндл. Это фреш-инсталация. Я использую ее для сегодня, я думаю. Я могу использовать фитюры для того, чтобы они использовались. Я показывал некоторые вещи, я использовал селекшн, по-моему, search, rename, и если я scroll-down, будут фитюры, попробовать с ними, и никогда. И в описании будет, как попробовать. Может быть, advanced. Так что я strongly suggest, все, чтобы вы открыли копию пищи-пис-пис-пис-пис-пис-пис, и проверили свои свои вещи, которые вы не использовали. И последствия, если что-то не работает для вас, или для любого из ваших компаний, или вы не знаете, как это должно работать, и вы не сможете Google it, не обходите, и не обходите поддержки. В принципе, это будет открыть форму, и мы у нас, как ребята, работаем прямо на моем команде с нашим ищетом, который both help us to identify the problems and help you to find the dark rounds. So you won't be struggling for months, or just hating pish-pish storm, we will help everyone to fix issues, and we will have you work down faster. Also, if you are using pish-pish storm for some time, there is a key map built into the IDE, it will open the PDF file you can print, but also online I found some handy tools, you can show you how it will work, if you press something, but directly in the browser, I think it has stuff for many products, so somebody did it, really nice. Okay, this is, I'm done with introduction. Okay, well, I will show a couple of things, which are in pish-pish storm for a really long time, but not many people aware that they are there. So, again, how many of you work with databases from within of pish-pish storm? Nice. How many of you do use databases in other tools or run some SQL? Okay, well, some of you, then I will be short. Basically, pish-pish storm includes everything we have in our other product called DataGrip. It's a few feature database client. It basically supports everything in cloud and locally and whatever. So, I will just quickly show how it might work. I will open a database console with this source DDL script and execute it to create schema. Just one, one, two, three, four, five. You see, it has been refreshed, created in MySQL, something like that. This is database explorer, looks nothing special, but this is pish-pish storm because we treat all the languages and all the presentation of languages the same way. So, be it text or some data structure, we work with it and keep it consistency and keep consistency across the languages. For example, I will refresh it with a pish-pish file, basically. So, you see, if you start typing in some literal here before, it will recognize that this is SQL and will also offer you completion from this database you have. And we understand all these databases I'll show you here properly with all the dialects and permissions and all the advanced stuff right there. For example, I can show you some help you completed constraints. We have smart completion. It basically sees the foreign keys and helps you to do it. And we also support refactoring this. For example, I can go and rename this table and it will generate both DDL and it will change all the references across your source code and everywhere, for example. So, this shows me references to table basically here. Like you expect with PHP or JavaScript whatever. So, full Fletcher skill client. And even more, it has like you can do it visually. If you change something here, you can rename it from here, basically. Or refactor, or do something. It will work and it will both generate your DDL for you. So, you can, if you change something, you can compare stuff. Also, you can basically view the data and export it anyway. This is one more hidden site of PHP Store. And this is available for everybody with the product. So, this is your database. It also has fully fledged front-end development support. But I won't be showing you that because I'm not a front-end developer for many years. I will show you the one thing. It has all you think, all you have in WebStorm. For example, I don't know, we have live editing in real time. All the JavaScript support. Lots of stuff. You can go to WebStorm blog and take a look what's new there. But my team introduced one more theme because in PHP we're also building like services. And we have APIs, REST APIs, stuff like that. And we have for some time a new REST client who tried working with REST requests within PHP Store already. Okay, nice. Basically, again, you don't need to do anything. We just create a file with HTTP extension. It basically works like some language. You can create a file on this folder. Basically a new... So it starts simply. It has some help. And basically this is like standard like raw text. But it has completion in some places and have what you might expect from the JetBrains editor. But let's try it. You see a second. You can see the body. You can see the body for you in scratch. So you can work with it later. If it's a REST file, it will be highlighted, formatted for you. And basically if you do it a couple of times, for example, this is a request not to Google, but to your PHP service. You can change the parameters. You can script them. You can store the keys and make assertions. I will show some simple stuff. I will compare them and see what has changed really easily. And I can make assertions on this writing small script. You can look for PHPStorm, REST, ClientTutorial, and we'll see what is possible. This is all for non- less PHP related parts, I guess. So if you have any questions about these parts, this is a moment to ask them. Okay. Let's close the workshop. And again, this workshop has all the concepts covered. So if you want to work with some kind of testing, including JavaScript testing, version controls and all that, you can take a look here. You can open any file. And this will be all the documentation here. Close it. And one more thing. You and all the PHPStorm has a lot of plugins. And in recent editions we have improved the workshop. Sorry, the plugin marketplace. It has for example we opened the file which is not supported. It will suggest you to install the plugin. For example, batch support here. And after that I restart the IDE. It is immediately available. And the support for this language works in the same way as it does for PHP, JavaScript or SQL. We check all the files. We keep the referential integrity within the file and across the files. You can refactor stuff and all that. Now this is the segue to like advanced part. Basically how IDE does this. IDE is not a text editor. You can work like this text. You can select stuff, type something in. But actually inside of the hood it works somewhat in between of how PHP runtime itself works. And maybe compiler works stuff like that. But it's really different because most of the time in your editor your code is broken. You start to type something, you didn't finish it. So IDE needs to write the wrong stuff and help you to correct it. So IDE sees the code like this, for example. It's a tree, basically a forest of trees with robes between branches. If you reference symbol in one file we keep all the system of these cross references intact for you. This is true for all the languages. This approach, for example for PHP it's all the same. This is technical, we don't need to know this actually, but it's important for next part. Same for SQL also. For example this complex stuff like we know this structure is a settings clause for SQL and if you notice these blocks, this is how we have this smart selection. Basically we select it by trees and this is how we have introduced expression basically. We know how to select because we never work with text. And internally all the code inspection analyzes and refactoring works based on this. So we have forest of trees and within there's some scope of function. We have for example here, we have tracking for values. For example, if you assign something to file variable we will know what this function have returned and track the assignments here. We have two types of analysis. Analysis which runs locally when you open editor and analysis which runs in background basically eating your battery. But all these smart completion features really depend on it. And we recently introduced two features which are visible to public and two features which are not has been released. I will show you in a moment. For example here you have a simple snippet with very strange warning. Unhandled exception here. Basically here inside this very simple code it can be really deep in your framework. I have thrown new exception. So IDE will tell you that this code will never finish running. And this analysis works by actually simulating the execution of PHP. So PHP Store never runs any PHP code in any way. But inside of itself it has totally different runtime with broken PHP code. Basically with incomplete statements. If you have something like this or basically like this even PHP interpreter won't be able to help with you. But here in PHP Store you have still the refresh and integrity for this interactive is intact. And also we differentiate between read accesses, write accesses and this is the result of type tracking engine working at Brigham. This is my area of expertise. What I was doing for PHP after creating like lexer, parser and editor with highlighter I was working on this engine which is so we have some new and exciting stuff. First of all in new versions this engine was rewritten. It was the fastest engine. Basically you all choosing PHP Store instead of Eclipse because of this engine. And soon comes a new version of this engine which will be both faster and will allow us to provide you completely new features. Like I showed you this exception. For example if I will comment this line this will there is no exception thrown in the real time. But there is a new error. This is the thing that nobody saw yet and it was not denied to public. Basically it has new kind of vision. You see the vulnerable function here. What's that? Basically right now most of internet runs on PHP. Like 85% of all the websites out there. And all the time we hear about security problems, breaches, stuff like that. And security is hard. I mean thinking in advance about how your code not might but will be exploited by some people maybe outside, maybe inside a company it's hard. It's hard to write the product that works and then to make it fast and then to make it secure nobody usually reaches the last point. You may put it some sandbox, like Firewall and stuff like that to think you might be protected but usually this doesn't help. So like we're helping you to write the correct code in the IDE so you don't have run time errors. Basically you try to call something like this. It's undefined function. It will fail in browser dump a stack trace. People will know what's inside the code. You don't want it. But when you have your code working, this code will run. It will dump something. But the source of this file is unknown. Maybe users have uploaded this file to your system. And you are right now reading it and output into screen. And output will be rendered in a web browser. And basically for a web browser your output is executable code. So right now you have a code path which is unsecured. Basically something maybe tainted. This is like terminology. And you need to keep it on mind. It's really hard. So with the help of new type tracking engine we can track not only the types of variables. This is maybe string, maybe int, maybe some class. But basically they are like flavors or tints. If somebody data wasn't secured or comes from dubious source like basically everything which wasn't explicitly sanitized should be treated like potentially like tainted data. Excess injection, JavaScript injection, database injection, whatever. All these types of errors have the same source. So if you take a look at this warning here for example, if you press quick help it shows you input variable to this file variable is tainted. You can go to definition you can go to definition here. You can try to analyze it and see that taint this section is new. And this is like work in progress. So there is not a file functionality that I can show you. Basically in the end you will be able to get reports that there is a feature also not much known. If you stay here like I did go to declaration find usages and go to declaration basically I am trying to analyze data flow to this point. And we have a special function which basically can help you to do this. You can go to actually I will find action so for small project for big project so basically there are two code paths to this place it can use this one this might work might not work so in the end we have same point. In the new interface you will be able to see taint, flavors, markers directly. And we are not limited to this type of markers. Null ability, like dreaded Java now upon the reception you will have the same in PHP now. You have strong types and all type of errors basically you can attach advanced type information to any type of data. We just marked these functions some functions or some variables like global variable get or post what you got from user and your request or what you read from database like MySQL query Output of MySQL query is insecure because you are not sure somebody did not edit database while application outside of the application you have to sanitize it before output into user screen and input parameters to MySQL query also should be sanitized for example so MySQL query is both sync and source of taint data Next. And this also checks it in real time. For example, if I dump this variable here, it's vulnerable here it's not. This function is a sanitizer it cleans output taint it can pass through and define function for example you can define your own custom functions we can recognize like escape something which will remove particular tints for example or maybe other type of escaping will clean the particular tints here this is some we did just for experiments So, a quick look how it works inside So inside of PitchPixel like I told you we never execute your code but we basically build control flow like assembly of your code maybe similar to PitchP does inside of it or how maybe extension see all the code pass in your code while your code is running it looks little bit cryptic but basically this simple set of statements here is a branch here you can go or not go into this code and the type of a page variable basically here a bunch is it's what if you will be debugging this you will step through debug and see a page is visible and has some value or isn't visible has no value and the IDE while it's running it sees it like this basically if you go inside this branch not is set the type of the value is empty definitely or if you go post this expression the type of this variable is set and basically due to some we also directed in please type conversions and merge them for you this is work in progress this is how we check stuff in PitchPixel actually thousands and tens of thousands of tests this is my actual test data I was just working before and you can see for a new engine we still have some errors which will be fixed obviously we miss some stuff but it's much faster and tracks much more information but we already have plenty of inspections and we add more inspections and all this stuff is really hardcore if error helps you or not we may you may be impressed by this particular functionality but maybe you have some needs in your project for example you have the best practice or like FAQ for you new employees please do not write code like this do it like that and you have no inspection or for this particular your custom framework or rule and you wasn't able to configure it you may have some problems like PHP code sniffer or maybe PHP 10 or whatever and trying to make this inspection for PHP I mean there is plenty of plugins and some of them really advance and do a lot of stuff but it's hard it's job development stuff like that you have no time but still it's like we also face the same problem getting up to speed and have a code review and in each code review for many people I and my colleagues have to repeat please don't do like this this is the problem which wasn't solved before and we have found solution for ourselves I will try to show it for you basically it's ability to define these things you say to people and ID will check them for you and show them directly in the editor so before sending a review to you personally will see in the editor your custom rules and these rules are really powerful because they can completely utilize all these technology inside of PHP Store for example if you have code sniffer you can only check some very local stuff in PHP 10 you have something similar to what PHP storm has inside referential integrity type assertions more advanced stuff but still there is no way to make advanced research I will show you experimental basically this feature was in PHP storm or all our products for many years but it wasn't underutilized we have it configured for our own project and it looks scary but we made it work nicely so I will show you how it works it's called structural solution to place some process for our platform for example for database tools they own best practice database mobility must be public and this is like a template and it's very special you see it looks like it's Java code basically and there are some assertions on this it's too simple maybe like this like performance thing do not do if start with something substring do it like this so this will show in my editor and my colleagues introduce these rules on the fly as they redesign our APIs so then I open file that was green like last time I checked it and changing something and did my work but I see I make a commit test a green but my file is still like yellow here I have some warnings this will be one of these and this is the what do not to do and this is a quick fix I can fix it immediately so my workflow is like that after I touch something I go and see for these special inspections to maintain my codebase to up to new standards because your vision of how your code should work is constantly evolving 65000 classes, for example, and basically like 800 modules with custom API so when my colleague in database makes some new cool API or new convention or fixes something or even not fixes found something is not performant like here maybe and he can go and like refector maybe 800 files by himself he won't do it because he will break something and stuff like that but so we define for you a workflow how to make your project evolve with you with your company, with your standards with your vision and I will show you how it works will be working now for PHP without all this stuff basically you can go to basically structure in here replace actually you can select PHP but PHP has now more advanced support than Java or JavaScript but right now it's like nothing here these results are really complex it's not easy to distribute this within the project because how many of you check .idea folder into your source control why you should this is the point of this folder there are only the shared settings the stuff like port style inspection settings you can have the inspection settings defined for your team and nobody should relate could commit the file until it's green this is the idea this is how we work this is how PHP storm is like evolving for 9 years with this speed question it won't be ever changing and the files which are machine specific workspace are automatically ignored and never checked in and basically we already have the situation here everybody has this dot ignore something press it along the 15 years of our project our vision for these files also have changed but once we broke the trust of the people and make these sudden changes people just ignored it once and then it's just broken so we will be redoing that folder may move it into other place to share you what should be shared basically if you go to settings most stuff here like I don't know like inspection you see the profile it's stored in project this is stored in id stored in project should be shared you can export and port it stuff like that and still for like we did with the rest client we moved away from forms we do not do graphical interface good we do editors grade so we moved everything into the editor so we do the same with this SSR basically also you do need like to quote anything this SSR running background so there is a test project with my quality created for me and here is this one some examples like very simple example this is like snippet of PHP code it's not complete super simple that cast some variable and this is the constraints we should like completion here for possible values it might be not working yet anyway you see this run button here so if you can try to experiment write something basically copy paste something for your code you run it it captures only one thing which you copy pasted then you edit it little bit to make it capture all what you need all things and then you can run it basically and see all the cases and while you edit in this you see it automatically in all of your editors if you commit this file use discussed with the project into special folder maybe metadata everyone who opens it in PHP storm will see in their subsystem and their file will see these notifications and you can define the replacement to play it also here can be like just remove this cast like quick fix we have there is no fix at the moment but it will work like that and this is like really simple case but inside it's basically it's actually doing what it does for example I can show you more advanced cases like magic methods course but for example you can have a type constant for this variable so it's not like you have some variable you can utilize PHP storm engines to check the variable type for you but basically you cannot do it by any other way because to decide whether to replace or have a variance here you need to trace the code back and see what the actual type here is and the idea does it for you and maybe this is a good case this is basically a control for example we have some code here this is like unconditional break within the loop this is potential error you may have a requirement in your company please do not write code like this because it breaks and we can see all the examples here and if I include this into the other kind of statement I guess it should disappear because it's just works I mean you have like the referential integrity within some scope like function or method you have a referential integrity between the members of class for example you have a referential integrity between your files in your project in libraries and within this method we can make the control for based assertions on types and actual values and at some point basically a taint is like abstraction of the value we can even tell you your loop doesn't finish because we can mark the e like it's 0 and up and your condition is less than 0 and basically these types never much it's like code symbol execution this is what these things here in IntelliJ like test for example on strings let's say some complex stuff yeah maybe like this for example in PHP every because we have we don't have core site declaration whether it's a point reference to variable in parameter or not any function can change your parameter you have to go to definition and check it out it might be somewhere inside of your call hierarchy so we have these symbols which are basically like a symbolic algebra we compute it for you but all you have to do is like take care and take a look here at your warnings this is what I wanted to show you what's come in PHP Store and of course having 700.000 users around the world working on their laptops maybe in the train or airplane or just working on their desktop we try to make it as fast as possible because like people joking about carbon footprint like the best thing for carbon footprint is not living or not having kids but I can improve situation differently by fixing performance like improving performance like 10% and in next version I save many lots of power and hours of your time thank you thank you LSE for the talk if you have any questions do visit the sponsor both outside and their team can answer all the questions that you have for yourself or your company so next up let's give here another round of applause thank you