Daniil Gentili's blog

Tag: announcement

  • php-community: a faster-moving, community-driven PHP.

    I’ve just submitted to the PHP internals mailing list a new PHP RFC, for a faster-moving, community-driven PHP: https://wiki.php.net/rfc/php-community

    With this proposal, the entire PHP community gets immediate access to experimental features through an official php-community version of PHP, versioned in a rolling manner (i.e. php-community 2026.03.01), and available on php.net along normal PHP releases, similar to rust-nightly.

    Experimental features are offered as special PHP feature extensions built into PHP by default.

    These special feature extensions are versioned with semver and disabled by default, and can be easily enabled with a single PhpFeature::get($name, $version)->enable() call (i.e. automatically invoked by the Composer autoloader).

    Feature extensions cannot be enabled using php.ini, to allow enabling features on webhosts: however, to allow for proper sandboxing and thus webhost adoption, a new universal sandboxing level configuration key is added to php.ini, effectively offering the same protection offered by disable_functions et al, for all feature extensions, without the need to search which specific functions to disable.

    For the first time, official binaries and packages will be provided for all major Linux distros for php-community releases on php.net (and the usual binary builds for Mac OS and Windows will be provided as well).

    This makes it significantly easier to get real feedback on features from the entire PHP community.

    The main objective of this RFC is to allow the community to “preview” future language changes in an easily accessible manner: while there have been improvements lately with PIE, experimental language features distributed using normal extensions are still not easily accessible to the entire PHP community; every extra installation step is a barrier to entry, and often simply cannot be installed at all in the most popular PHP execution environment: shared hosts.

    To view a full description of the API and how it all works, take a look at the RFC: https://wiki.php.net/rfc/php-community

    Side note, I’m now part of the PHP True Async committee!

    I decided to not present the RFC as explicitly linked to True Async, to explicitly prevent an interpretation where it is something that will allow us to “sneak in” True Async into PHP.

    True Async is one of, but not the only nor the main reason why I created this RFC.

    I truly believe that PHP could really benefit from a more agile community RFC process, that can transform it from just a decent and fast language I and so many others love, to an amazing, blazing fast and actually modern and ergonomic language.

    I believe PHP truly deserves this.

    Let your voice be heard, take part in the discussion for a better future for PHP!

    Join in on the discussion using the PHP internals mailing list, or view it in readonly mode using externals.

  • Psalm v7: up to 10x performance!

    Announcing the public beta of Psalm v7!

    Psalm is one of the biggest and most powerful PHP Static analysis tools, featuring exclusive features like security analysis, and Psalm v7 brings huge performance improvements to security analysis, up to 10x thanks to a full refactoring of both the internal representation of taints, and optimization of the graph resolution logic.

    A major new feature was also added: combined analysis!

    Combined analysis, enabled by default in Psalm v7, allows running normal analysis, security analysis and dead code analysis all at the same time, within a single run, greatly reducing overall runtimes!

    Future beta releases will also enable taint analysis by default, given that now it can be run alongside normal analysis.

    Psalm v7 also brings performance improvements to dead code analysis, and fixes for list types.

    Even more performance improvements and new features will be released soon!

    Discuss on HackerNews!
    Discuss on Telegram!

  • Official Psalm docker image

    Psalm is one of the biggest and most powerful PHP Static analysis tools, featuring exclusive features like security analysis, and in Psalm 6.9, an official, hyperoptimized Docker image was introduced.

    Psalm’s docker image uses a custom build of PHP built from scratch with a custom deepbind patch and the jemalloc allocator, running Psalm +30% faster on average than normal PHP (+50% faster if comparing to PHP without opcache installed).

    My deepbind patch was also merged into PHP and will be available to all users (even those not using the Docker image) in PHP 8.5!

    To use it right now, on PHP 8.4, simply run:

    docker run -v $PWD:/app --rm -it ghcr.io/danog/psalm:latest /composer/vendor/bin/psalm --no-cache

    Issues due to missing extensions can be fixed by enabling them in psalm.xml and/or requiring them in composer.json, see here for more info.

    Extensions not stubbed by Psalm itself (and thus not available as a psalm config option) may be stubbed using traditional PHP stubs.

    This post is part of a series of posts about Psalm v6’s new features, click here to see all the other posts in the series, and subscribe to the newsletter to always stay up to date on the latest Psalm news and developments!

    Comment on Telegram
    Comment on HackerNews

  • Psalm v6 announcement

    Psalm is one of the biggest and most powerful PHP Static analysis tools, featuring exclusive features like security analysis, and Psalm v6 brings support for PHP 8.4, AMPHP v3, PHP-Parser v5 and much more!

    I am happy to announce that I, Daniil Gentili, am now the main maintainer of Psalm, and thanks to the newly launched Psalm support contracts, I now have the opportunity to work heavily on Psalm, specifically focusing on major performance improvements and improved security analysis.

    This post is the first of a series of technical deep dives into Psalm v6’s performance improvements, which will be released over the next weeks, starting with:

    Psalm v6 Deep Dive: Copy-on-Write + dynamic task dispatching

    To avoid missing the next posts, subscribe to my newsletter to always stay up to date on the latest Psalm news and developments!

    Subscribe to my newsletter to always stay up to date on my projects, and join my community to chat with me!

    Alternatively, you can also join my Telegram channel!

    An RSS feed is also available.

    Among other news, you can now join the new official Psalm news channel and the Psalm community!

    The news channel will be used to share inside exclusive news about upcoming Psalm features (including property hook support, coming within the next few releases!), and the community group can be used to discuss and share the way you use Psalm!

    Discuss on HackerNews
    Discuss on Telegram

    Do you like Psalm, does your company use it internally to improve security and reliability?

    Consider setting up a support contract: support contracts can cover full integration of Psalm into existing codebases, support for Psalm issues and development of additional Psalm features.

×