PHP fwdays '19
1 Jun 2019 at Mercure Congress Hall

A long time ago, in a land far away, lived a software wizard that was capable of grand magic. They built gardens, libraries, temples, castles. They created life where there wasn’t, and cleared the path where it was unsafe. And then they disappeared, and even though they left behind books and notes, none of their apprentices were able to learn the craft. Since then, nobody was able to use any of the tools of the great mage, and the creations kept working for only a few years, when finally even the last stone that was placed crumbled into sand. Sounds familiar? Software often feels the same: we’re all magicians that force a piece of sand into semi-rational thought, but what will happen when everyone moves on, and nothing works as expected anymore? This talk explores the problems that arise from breaking compatibility with existing tools, how to prevent those breakages from happening, and what to look for as a software maintainer. While I cannot guarantee that you will build indestructible magical fortresses with my tips, I can at least help you make sure that your work will live on with other people picking it up, and hopefully appreciating the stability that you worked towards.

Twig is the most powerful templating engine in the PHP world that enables us to create highly complex projects with hundreds of multi-level extended templates, thousands of blocks, functions, filters, tests, and macros. It also offers sandbox, a unique but not a widely used feature, that allows you to create secure user editable templates. In addition, there are a number of handy built-in and external debugging tools available in the Twig ecosystem to simplify the day-to-day work process for a Twig designer. In this presentation, I will talk about how extensively we use Twig in a complex open-source e-commerce project.

The era of slow applications has passed away. The submillisecond response is a must. Can we compete in the brave new world? Does PHP has something to offer? It is the time to finally find out what does it mean to be Parallel or Serial, Single- or Multithreaded, Concurrent or Monopoly, Synchronous or Asynchronous. We will cover the basics and dig into the asynchronous world of event loops and promises. Why Nginx is so powerful? What makes Vert.x so performant? How NodeJs is handling that many RPS? What about PHP-FPM? Secrets will be revealed, and the truth will be unleashed. You decided to go wild with PHP and use asynchronous framework. What should you expect? What dangers lurk in hidden places? Does it worth it? Let’s find out with some real-world system migration example to Swoole. Swoole is when “Made In China” is not embarrassing.

Codeception is a popular framework for all kind of testing. It helps you to find a suitable level of testing and start writing tests in a pleasant and elegant way. This year a new major version of Codeception was released with new features to improve the testing experience. What stands behind this? Let's hear the story of Michael Bodnarchuk, PHP developer who started Codeception 7 years ago, and his journey to testing. What he learned by maintaining a testing framework and working as a test consultant nowadays.

1

Programmers naturally give more attention to a “happy path” - default scenario in application execution in which everything works as expected, therefore neglecting the opposite way things can go. Topics such as dealing with exceptional conditions, use of exceptions, error handling seem to have been insufficiently studied, and it is very difficult to find useful explanations and tutorials online. This talk is an in-depth study about practices for dealing with exceptional conditions that promote code that is clean, consistent and convenient to work with. Special attention is given to applicable best practices for managing exceptions in a proper way, such as formatting exception messages, component-level exception type, exception wrapping. To make the story complete, second part of the talk introduces framework-agnostic solution for establishing central error handling system that makes this critical aspect of the software stable, unambiguous and easy to maintain. At the very end, some attention is given to testing exceptions and ways for keeping test code consistent and readable.

We all know that unit tests help us to be sure code works as we expected. And one of the metrics we can use with unit tests is a Code Coverage. But is it a good metric? Does it have a practical sense and can we really trust it? How confident are you in the project’s test suite? Does it cover all the branches of the code? Does it test anything at all? This talk answers to these questions and gives quite a deep introduction to Mutation Testing methodology, describes how it can be used, and how developers can get started working with it. It also describes the issues of Code Coverage and introduces Infection library - Mutation Testing framework for PHP.

We got the task to make an order API, from open order, to delivered, with payments in between and after. So there are naturally a lot of states, and a lot of transitions where we needed to calculate the prices correctly and handle credit card transfers. Keeping track of all of this, and when we need to do what, ensuring that an order is always up to date, and that it has the data it needs, and that we send good error messages when a user can not do an action, was a challenge for us until we discovered the workflow component. This is a real happy use case story where I will show you how we did this, and how much more straightforward it was for us to build an otherwise complex system using the workflow component.

There is not enough knowledge of programming languages to be good developers nowadays. It is important to understand the processes of continually improving the quality of the code and its performance. The ability to configure the development processes in a team more valuable than just writing code. To do this, you need to start using new tools or improve existing ones. We will go through all stages of development and find out what can be done better.

3

Development gets easier day by day. Many high-level tools reduce the entry threshold, the level of technology penetration is rapidly growing, and as a result, we have a growing amount of surrounding systems. Vulnerable systems. In 2018, India leaked 1.1 billion citizens data, Twitter leaked 330 million passwords, Facebook leaked 50 million passwords and 87 million conversations. Tens of thousands of other personal data and confidential information leaks left behind or were not spotted at all. Most of the incidents are related to simple and well-studied vulnerabilities that are relatively easy to resist. The presentation is tailored for developers who care about security of their applications. I’ll talk about the popular vectors of applications attack, how to defend against them, and about general practices to maintain security with minimal effort.

1

What if you could upgrade your code in same speed "composer update" updates all your dependencies? With AST you can. And it's easier than you think...

- Have you ever think how PDO work under the hood? - What if tomorrow you need to write own DB driver from scratch? - How to approach such tasks and get around the pitfalls? - Is it possible to achieve in pure PHP performance comparable to the C extension? In this talk I will try to answer these and other questions related to the development of clients for various binary protocols. We also analyze the nuances of the asynchronous driver implementation and dive into the world of low-level and not-so-optimizations.

Demonizing PHP application to gain higher performance. Splitting an application into infrastructure (go) and business logic (PHP) layers to gain higher flexibility.

Undoubtedly, most of the successful projects require scaling and often it happens through migration into cloud services such as Amazon Web Services, for example. Unfortunately, in the process of migration, many developers face some problems, issues, and mistakes which were have done at the beginning stage of code writing. In this talk, I will focus on the main areas and key things where developers should pay their attention from the start of the project, for the future cloud migration without any problems. Also, I will show a possible step-by-step way for the projects scaling on the AWS, and tell about the main services stack: EC2, ElasticBalancer, RDS, ElastiCache, SQS, CloudWatch, S3. The traffic balancing and system stability topics will be considered too.

1

Nowadays, many of us choose the micro-service architecture for their projects. But with this solution, you can take many additional problems as efficient and transparent interaction between all of them in one infrastructure. In addition, there is an issue of communication and integration among teams that responsible for those services. The decent solution is gRPC. In this talk we going to focus on how gRPC and ProtoBuffers work, compare with alternatives like REST+JSON, RPC via RabbitMQ. The presentation will be useful to anyone who uses or plans to use a micro-service approach in the development process.

There are developers who never even worked on a project without ORM. This is something that we are taking for granted. But what cost we are paying for using them? Could it be that we don’t really need them as much as we think? Could it be that ORMs playing major role in hiding design problems? Let’s find out.

As part of this lecture, I will be able to share the experience of writing production code for an enterprise application in PHP that works under the WAMP protocol. I'll tell you about the real experience of using such technologies as WAMP, Crossbar, Thruway, spawning of child processes, communication between the child and the host process. I'll tell you about the questions and difficulties that we faced, and, of course, about how we solved them. I can also add that we used this approach to the development of the application, launching sales for Eurovision 2017. The approach was tested in the most combat conditions.

Symfony 4 is a very different framework from the previous versions. Symfony 4 provides a new developer experience on a very stable foundation. Learn more about how you can quickly develop new applications and how you can grow your projects from a micro-style app to a full monolith or a set of micro-services.