Welcome to the official channel for Psalm, a PHP static analysis tool for finding errors and security vulnerabilities in PHP applications!
This channel will be used to post news regarding Psalm and other projects maintained by Daniil Gentili.
Feel free to also join my other channels as well!
- @MadelineProto - Official channel for MadelineProto, an async PHP client API for the telegram MTProto protocol
- @daniilgentili - Personal blog
Psalm discussion group: @psalmphp_community
Documentation: psalm.dev
Github: https://github.com/vimeo/psalm
This channel will be used to post news regarding Psalm and other projects maintained by Daniil Gentili.
Feel free to also join my other channels as well!
- @MadelineProto - Official channel for MadelineProto, an async PHP client API for the telegram MTProto protocol
- @daniilgentili - Personal blog
Psalm discussion group: @psalmphp_community
Documentation: psalm.dev
Github: https://github.com/vimeo/psalm
GitHub
GitHub - vimeo/psalm: A PHP static analysis tool for finding errors and security vulnerabilities in PHP applications
A PHP static analysis tool for finding errors and security vulnerabilities in PHP applications - vimeo/psalm
Psalm 6.10.0 is out!
This is a smaller release, in preparation for some bigger feature releases, both on the v6 and v7 branches.
Features:
- Added rank to SARIF report
- Added forceJit and noCache configuration keys
7.0.0-beta4 was also released from the v7 branch with the same additions.
This is a smaller release, in preparation for some bigger feature releases, both on the v6 and v7 branches.
Features:
- Added rank to SARIF report
- Added forceJit and noCache configuration keys
7.0.0-beta4 was also released from the v7 branch with the same additions.
Psalm 7.0.0-beta5 is out!
This beta release adds a major new feature to Psalm v7: combined analysis!
Combined analysis allows running normal analysis, security analysis and dead code analysis all at the same time, within a single run, greatly reducing overall runtimes!
Future beta releases will also enable taint analysis by default, given that now it can be run alongside normal analysis.
This beta release adds a major new feature to Psalm v7: combined analysis!
Combined analysis allows running normal analysis, security analysis and dead code analysis all at the same time, within a single run, greatly reducing overall runtimes!
Future beta releases will also enable taint analysis by default, given that now it can be run alongside normal analysis.
Forwarded from Daniil Gentili's blog
Happy to announce I've launched a blog, where I'll be posting news about all my different projects, MadelineProto, Psalm, and much more: blog.daniil.it!
I now also have a newsletter, feel free to subscribe to receive all the latest news: blog.daniil.it/newsletter ❤️
All posts posted to my blog and newsletter will also be posted here (replacing the old @daniilgentili blog for technical reasons, as I do not have access to the owner account anymore).
You can now discuss posts news about *all* my projects in the linked discussion group: here!
I now also have a newsletter, feel free to subscribe to receive all the latest news: blog.daniil.it/newsletter ❤️
All posts posted to my blog and newsletter will also be posted here (replacing the old @daniilgentili blog for technical reasons, as I do not have access to the owner account anymore).
You can now discuss posts news about *all* my projects in the linked discussion group: here!
Forwarded from Daniil Gentili's blog
The first series of posts I'll be adding here will be some technical deep dives into the performance improvements I've made in Psalm v6, can't wait to share them all with you!
Forwarded from Daniil Gentili's blog
Official Psalm channel
The first series of posts I'll be adding here will be some technical deep dives into the performance improvements I've made in Psalm v6, can't wait to share them all with you!
And then, a long overdue post about my Autonomous System (AS198747), and an over more overdue MadelineProto v9 :D
Forwarded from Daniil Gentili's blog
Psalm v6 Deep Dive: Copy-on-Write + dynamic task dispatching
Psalm is one of the biggest and most powerful PHP Static analysis tools, featuring exclusive features like security analysis.
In Psalm 6.1, I implemented a major refactoring of multithreaded mode (automatically enabled on Linux/Mac OS) based on amphp/parallel, which greatly reduced analysis speeds!
But why was it so effective? To understand, one must first understand that in the vast majority of PHP multithreaded analysis tools, jobs are distributed statically between threads on startup, which means that towards the end of the analysis, a lot of workers just sit there doing nothing, just waiting for the other workers processing bigger and heavier files to finish.
However, the new multithreaded mode now allows Psalm to dynamically distribute jobs to workers immediately, as soon as they finish processing their current task, reducing idle worker time and maximizing CPU usage, thus reducing the overall runtime!
Implementation wasn't as easy as just plugging in amphp/parallel, because Psalm relies heavily on the copy-on-write semantics of fork(): indeed, Psalm's multithreaded mode was quite fast even before the refactoring because it doesn't have to copy all type information to all workers when spawning them, as when workers are spawned using the fork() syscall, the entire memory is not copied to the forked process.
Instead, it is copied only when a memory page is modified by the forked process, which means that unless workers start modifying large amounts of type information (which usually happens pretty rarely, as most of that data is immutable after Psalm's scan phase), most of the memory is not copied, leading to large performance improvements.
amphp/parallel does not support using fork() to spawn workers out of the box, however I managed to add support using a custom context class (taking care to avoid some edge cases around reused file descriptors, which can cause issues with the event loop).
The maintainer of amphp was kind enough to begin integration of Psalm's fork context inside of parallel itself after I pinged him, which means amphp users will soon be able to make use of Psalm's fork context to improve worker spawning performance with copy-on-write fork() semantics.
This release also adds an additional check to ensure VM overcommitting (the feature which allows copy-on-write optimizations) is enabled in the OS when running Psalm, by ensuring that the
~~~
This post is the first of a series of technical deep dives into Psalm v6's performance improvements, which will be released over the next weeks, subscribe to @danog_blog to always stay up to date on the latest Psalm news and developments!
Psalm is one of the biggest and most powerful PHP Static analysis tools, featuring exclusive features like security analysis.
In Psalm 6.1, I implemented a major refactoring of multithreaded mode (automatically enabled on Linux/Mac OS) based on amphp/parallel, which greatly reduced analysis speeds!
But why was it so effective? To understand, one must first understand that in the vast majority of PHP multithreaded analysis tools, jobs are distributed statically between threads on startup, which means that towards the end of the analysis, a lot of workers just sit there doing nothing, just waiting for the other workers processing bigger and heavier files to finish.
However, the new multithreaded mode now allows Psalm to dynamically distribute jobs to workers immediately, as soon as they finish processing their current task, reducing idle worker time and maximizing CPU usage, thus reducing the overall runtime!
Implementation wasn't as easy as just plugging in amphp/parallel, because Psalm relies heavily on the copy-on-write semantics of fork(): indeed, Psalm's multithreaded mode was quite fast even before the refactoring because it doesn't have to copy all type information to all workers when spawning them, as when workers are spawned using the fork() syscall, the entire memory is not copied to the forked process.
Instead, it is copied only when a memory page is modified by the forked process, which means that unless workers start modifying large amounts of type information (which usually happens pretty rarely, as most of that data is immutable after Psalm's scan phase), most of the memory is not copied, leading to large performance improvements.
amphp/parallel does not support using fork() to spawn workers out of the box, however I managed to add support using a custom context class (taking care to avoid some edge cases around reused file descriptors, which can cause issues with the event loop).
The maintainer of amphp was kind enough to begin integration of Psalm's fork context inside of parallel itself after I pinged him, which means amphp users will soon be able to make use of Psalm's fork context to improve worker spawning performance with copy-on-write fork() semantics.
This release also adds an additional check to ensure VM overcommitting (the feature which allows copy-on-write optimizations) is enabled in the OS when running Psalm, by ensuring that the
vm.overcommit_memory kernel setting is always set to 1. ~~~
This post is the first of a series of technical deep dives into Psalm v6's performance improvements, which will be released over the next weeks, subscribe to @danog_blog to always stay up to date on the latest Psalm news and developments!
Daniil Gentili's blog
Psalm v6 Deep Dive: Copy-on-Write + dynamic task dispatching - Daniil Gentili's blog
A deep dive into Psalm 6.1's performance improvements, powered by CoW optimizations, and dynamic task dispatching with amphp/parallel!
Small overview of the new psalm-review tool I added in Psalm 6.3: https://blog.daniil.it/2025/05/18/psalm-review-tool-in-psalm-6-3/
Daniil Gentili's blog
Psalm review tool in Psalm 6.3 - Daniil Gentili's blog
Introducing the new psalm-review tool!