Upload
wim-godden
View
3.124
Download
0
Tags:
Embed Size (px)
Citation preview
Who am I ?
Wim Godden (@wimgtr)
Founder of Cu.be Solutions (http://cu.be)
Open Source developer since 1997
Developer of OpenX, PHPCompatibility, PHPConsistent, ...
Speaker at Open Source conferences
Why vs How
Part 1 : why upgrade ?Bad reasons :
It's cool to have the latest version
Annoy sysadmins
Oh cool, a new toy !
Part 2 : how to upgrade ?The nightmare of compatibility
The joy of automation
No miracles here !
The numbers
W3Techs (http://w3techs.com/technologies/details/pl-php/all/all)
Now Nov 2013 Aug 2013 May 2013
PHP 4 : 1.8% 2.7% 2.9% 2.7%
PHP 5 : 98.2% 97.3% 97.1% 97.3%
5.0 : < 0.1% 0.1% 0.1% 0.1%
5.1 : 1.2% 2.0% 2.2% 2.6%
5.2 : 19.2% 37.6% 40.2% 43.5%
5.3 : 45.5% 52.0% 51.7% 49.7%
5.4 : 26.9% 7.9% 5.7% 4.1%
5.5 : 6.3% 0.5% 0.1 % < 0.1%
5.6 : 0.5% < 0.1%
5.7 : < 0.1%
5.27 : < 0.1%
5.3 quick recap
Namespaces (\)
Late static binding
Closures
Better garbage collection
Goto
Mysqlnd
Performance gain
5.4 quick recap
Short array syntax
Function array dereferencing
Traits
Built-in webserver
SessionHandler
File upload extension
Binary notation
register_globals and magic_quotes_gpc removed :-)
Safe mode removed :-)
5.3 – people are not even using it !
19.2% still on PHP 5.2
No :Symfony 2
Zend Framework 2
Other frameworks that need namespaces
Problematic for developers
PHP 5.5/5.6 – what's changed ?
New features
Performance and memory usage
Improved consistency
Some things removed
New things – Generators (5.5)
Simple way of implementing iterators
Simply put : foreach over a functionSay what ?
Generators - example
<?phpfunction returnAsciiTable($start, $end) { for ($i = $start; $i <= $end; $i++) { yield $i => chr($i); }}
foreach (returnAsciiTable(97, 122) as $key => $value) { echo $key . " - " . $value . "\n";}
Output :97 - a98 - b99 - c100 - d101 - e102 - f103 - g104 - h105 - i106 - j107 - k108 - l109 - m110 - n111 - o112 - p113 - q114 - r115 - s116 - t117 - u118 - v119 - w120 - x121 - y122 - z
Finally : finally (5.5)
Exception handling
Until now : try {} catch() {}
Now :
<?phptry { doSomething();} catch (Exception $e) { echo 'Caught exception: ', $e->getMessage(), "\n";} finally { echo "We're always going here !";}
Beware : finally + return
<?php
function footest(){ try { return 1; } catch (Exception $e) { return 2; } finally { return 10; }}
echo footest();
Will return 10 !
Password hashing (5.5)
To create :$hash = password_hash($password, PASSWORD_DEFAULT);
To verify :password_verify($password, $hash);
Currently only supports Blowfish
Also has password_needs_rehash() → check if hash was strong enough
Zend Optimizer+ (5.5)
Name in PHP 5.5 : OPcache
Opcode cache (like APC, Xcache, ...)
APC users : no userland (variable) caching in OPcache→ Use APCu
Variadic functions
function sumNumbers($base, ...$params) { foreach ($params as $param) { $base += $param; } return $base;}
sumNumbers(5); // returns 5sumNumbers(5, 2); // returns 7sumNumbers(5, 2, 3); // returns 10
Argument unpacking
function add($a, $b, $c) { return $a + $b + $c;}
$params = array(2, 3);echo add(5, ...$params); // returns 10
Other changes in 5.6
json_decode() strictness : true, false, null values
Constant expressions :const ONE = 1;
const TWO = ONE * 2;
Exponent operator (**)printf("2 ** 4 == %d\n", 2 ** 4);
→ Output = 2 ** 4 == 16
use function and use const
Default charset is now UTF-8 → set in ini default_charset
__debuginfo() magic method for use with var_dump()
SSL/TLS security improvements (peer certificate verification, TLS renegotiation attacks, …)
phpdbg : interactive debugger
Removed features in PHP 5.5
php_logo_guid()
php_egg_logo_guid()
php_real_logo_guid()
zend_logo_guid()
Windows XP and 2003 support
Removed features in PHP 5.6
$HTTP_RAW_POST_DATA and ini setting always_populate_raw_post_data
iconv and mbstring encoding settings → default_charset in ini
Performance and memory usage from 5.3 to 5.6
Performance : 10 – 30%How ?
Core optimizations
New internal caches (functions, constants, …)
Better (un)serialization
Inlining often-used code paths
…
Reduced memory usage : up to 50% !Big impact on large frameworks
Even bigger impact on codebases such as Drupal
Upgrade : yes / no
Yes No
Using removed extensions x
Using removed functions x
Need extra performance / reduced memory x
Really need new feature x
Want to use recent framework x
No unit tests x
No package available (.rpm, .deb, ...) x
Postponing upgrades
End-Of-LifeIn the past : we'll see
Now : minor release + 2 = out → EOL
5.5 = OUT → 5.3 = EOL
5.6 = OUT → 5.4 = EOL
Critical security patches : 1 year
No bugfixes
Framework support
Developer motivation
So you want to upgrade...
Option 1 : run your unit tests
Option 2 : visit each page (good luck !) + check error_logOr : record visits, then replay log on test environment
Option 3 : automated static analysis
Unit tests on different PHP versions
Vagrant boxes
Integrate into your CI
Use Travis CI (http://travis-ci.org)
Why make it so hard ? A best-case scenario...
Development environment : 5.6
Production environment : 5.6
All is well, right ?
End 2015 : PHP 7 arrives
How can you test compatibility ?
→ Set up your test environment today
→ Even for new projects
Back in 2010...
PHP Architect @ Belgian Railways
8 years of legacy code
40+ different developers
40+ projects
Challenge :
migrate all projects from
PHP 5.1.x (on Solaris)
to
PHP 5.3.x (on Linux)
PHP_CodeSniffer
PEAR package (pear install PHP_CodeSniffer)
Detect coding standard violations
Supports multiple standards
Static analysis tool→ Runs without executing code
→ Splits code in tokens
Ex. : T_OPEN_CURLY_BRACKET
T_FALSE
T_SEMICOLON
PHPCompatibility
New PHP_CodeSniffer standard
Only purpose : find compatibility issues
Detects :Deprecated functions
Deprecated extensions
Deprecated php.ini settings and ini_set() calls
Prohibited function names, class names, …
…
Works for PHP 5.0 and above
PHPCompatibility – making it work
Via Composer : wimg/php-compatibility
From Github :Download :
http://github.com/wimg/PHPCompatibility
Install in <pear_dir>/PHP/CodeSniffer/Standards
Run :phpcs --standard=PHPCompatibility <path>
Important notes
Large directories → can be slow !
Use --extensions=php,phtmlNo point scanning .js files
Static analysisDoesn't run code
Can not detect every single incompatibility
Provides filename and line number
Some common apps – phpBB (latest)
FILE: /usr/src/phpBB3/adm/index.php--------------------------------------------------------------------------------FOUND 0 ERROR(S) AND 2 WARNING(S) AFFECTING 1 LINE(S)-------------------------------------------------------------------------------- 48 | WARNING | INI directive 'safe_mode' is deprecated in PHP 5.3 and forbidden in PHP 5.4. 48 | WARNING | INI directive 'safe_mode' is deprecated in PHP 5.3 and forbidden in PHP 5.4.--------------------------------------------------------------------------------
Common apps - MediaWiki
FILE: /usr/src/mediawiki-1.19.8/includes/GlobalFunctions.php--------------------------------------------------------------------------------FOUND 0 ERROR(S) AND 1 WARNING(S) AFFECTING 1 LINE(S)-------------------------------------------------------------------------------- 2705 | WARNING | The use of function dl is discouraged in PHP version 5.3 and | | discouraged in PHP version 5.4 and discouraged in PHP version | | 5.5--------------------------------------------------------------------------------
Common apps – Wordpress (latest)
FILE: /usr/src/wordpress/wp-admin/includes/class-pclzip.php--------------------------------------------------------------------------------FOUND 2 ERROR(S) AFFECTING 2 LINE(S)-------------------------------------------------------------------------------- 5340 | ERROR | The use of function set_magic_quotes_runtime is discouraged in | | PHP version 5.3 and forbidden in PHP version 5.4 and forbidden | | in PHP version 5.5 5371 | ERROR | The use of function set_magic_quotes_runtime is discouraged in | | PHP version 5.3 and forbidden in PHP version 5.4 and forbidden | | in PHP version 5.5--------------------------------------------------------------------------------
FILE: /usr/src/wordpress/wp-includes/SimplePie/Item.php--------------------------------------------------------------------------------FOUND 0 ERROR(S) AND 1 WARNING(S) AFFECTING 1 LINE(S)-------------------------------------------------------------------------------- 125 | WARNING | INI directive 'zend.ze1_compatibility_mode' is deprecated in | | PHP 5.3 and forbidden in PHP 5.4.--------------------------------------------------------------------------------
FILE: /usr/src/wordpress/wp-includes/wp-db.php--------------------------------------------------------------------------------FOUND 16 ERROR(S) AFFECTING 16 LINE(S)-------------------------------------------------------------------------------- 641 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 - use mysqli | | instead. 646 | ERROR | Extension 'mysql_' is deprecated since PHP 5.5 - use mysqli | | instead.
Conclusion
No 100% detection
But : 95% automation = lots of time saved !
First : PHPCompatibility on local machine
Then : use your CI/test environment and run unit tests
Start upgrading !
We're hiring !
Looking for a challenge ?
Want to do more than just code all day ?
→ Come visit our booth !
We've got chocolate ;-)