Breaking changes:

• Uses PHP Parser 4 (and thus requires PHP 7)
• Issue type MoreSpecifcImplementedReturnType has been renamed LessSpecificImplementedReturnType
• Issue type PossiblyUndefinedArrayOffset is triggered for possibly undefined array keys (previously bucketed into PossiblyUndefinedVariable)

  $foo = rand(0, 1) ? ['a' => 1, 'b' => 2] : ['a' => 3];
  echo $foo['b'];

• removed stopOnFirstError <psalm /> config attribute, which hasn't been used in ages
• removed UntypedParam issue type, which also hasn't been used (MissingParamType is the replacement)

Fixed issues comparing variables - #677 for get_class vs ::class, and $a !== $b now fails if $a can never equal $b.

Fixed #676 - bit manipulations were getting typed to mixed, now string or int depending.

Fixed #673 where cached class names could pollute class lookups on case-sensitive OSes like Linux

@srsbiz fixed Windows directory handling in #655 and changed Psalm to use .dist files by default in #644

Bugfix release:

• Fixed bugs parsing docblock types in #614, #617, #630, #619, #629 and #560
• Improved type handling for #615, #626, #631, #635 and #637
• Improve handling of var_export and implode for #636 and #610 respectively

Fixes a couple of bugs with intersection types and nested trait resolution.

Thanks to the great work of @weirdan, this release has a Phar that you can use on any existing Psalm project.

Other changes:

• fixes #569 where trait function name maps got corrupted
• improves analysis of error-suppressed functions (#570)
• improves analysis of array_merge where ... is used (#571)
• improves analysis of strpos and abs calls (#576 and #577)
• improves handling of iterable types when negated (#574 and #579)
• added better checks to compare trait abstract methods to classes that use the traits

You can now specify that parameters that take fully-qualified class names must be passed a ::class constant. The docs have more info.

This release also brings more robustness to class-filename resolution, relying on composer's autoloader class where available to get the class name without using reflection. Thanks @weirdan for the ticket that led to this improvement.

This release also removes a dependency on composer/composer, using the much smaller composer/xdebug-handler instead. Thanks to @felixfbecker for the idea, and @johnstevenson for the legwork on the composer side, and @weirdan for integrating it with Psalm.

I introduced a new issue type of OverriddenPropertyAccess to fix #547. While this is technically a change in the API, it's also an issue that is very unlikely to occur in your codebase, so I felt it was acceptable to violate SemVer.

Other fixed issues:

• array_map/array_filter oddities in #555 and #556
• improved property-no-set-in-constructor checks (#562)
• improved do/while checks when vars are set only in the do, and used in the while (#561)
• prevented an issue from being triggered in #563
• improve handling of complicated (strings that contain square brackets) array keys in #564

• Fixes #540, allowing any param name starting with _ to be ignored in UnusedParam/PossiblyUnusedParam checks.
• Fixes #541 where array_map wasn't respecting key type
• Fixed some UnusedVariable false positives: #543 with static vars, #544 with try/catch vars, and #539 with global vars used in functions
• Fixed #546 where iterable|string[] was causing a fatal error when allowPhpStormGenerics="true"
• Fixed #548 allowing callables in array_map and array_filter to be properly checked
• Fixed documentation of --init in #537

Additionally Psalm now treats functions that start with assert more intelligently, and checks to see if they assert something. If they do it applies those assertions to the current scope.

This first major version signifies the beginning of semantic versioning:

• No Psalm issues will be added between major versions
• Minor versions will be used to fix bugs, especially those leading to false positives, and also to introduce new features that don't substantially alter Psalm's analysis
• The plugin API will not change between major versions

Updates since 0.3.93

• Running Psalm with PHP 5.4 and 5.5 is no longer supported
• new caching engine, reducing time and increasing memory usage
• rewritten internals to group similar functionality into classes, increasing long-term maintainability
• add checks for __set calls where @property annotations are present - thanks @nickyr
• updated plugin API to use static methods instead of instance ones
• added support for Pylint output format - thanks @TysonAndre
• made igbinary the default serializer if it's installed with the latest version - thanks again to @TysonAndre for his tireless work on that project
• added ending-line & ending-column data to output for future Language Server Protocol support

Known bugs

• #534 Failure to properly evaluate some repeated instanceof logic
• #502 InvalidReturnStatement should fire for void return if no yield statements found
• #455 Unset on objectlike array should reset it to empty array
• #442 Calling count() on an array should inform its emptiness
• #416 Dead code detection fails for trait-defined methods not directly called
• #324 Suppressing EmptyArrayAccess causes weird side-effects on problematic code

Added two new issues:

DocblockTypeContradiction - emitted when contradicting a docblock-asserted type:

/**
 * @param string $s
 */
function foo($s) {
    if ($s === 5) { }
}

RedundantConditionGivenDocblockType - emitted when conditional is redundant given information in docblocks

/**
 * @param string $s
 */
function foo($s) {
    if (is_string($s)) {};
}

and fixed a few issues with erroneous emitting of RedundantCondition

Miscellaneous fixes, plus a big refactor that'll hopefully make Psalm a touch faster.

Fixes #348, #477, and improves documentation of issues and supported annotations.

This release aims to match, and possibly supersede, Scrutinizer's very good dead code detection.

Known issues: #475

This release also has the last breaking change before a planned 1.0 release – breaking apart the UntypedParam issue into MissingParamType and MissingClosureParamType (as the latter scenario is often less worrisome).

Inherit docs from interfaces where missing

Psalm used not to automatically inherit docs from interfaces. Now it does, unless two different interfaces contain the same method.

So this is fine:

interface I1 {
  /** @return string */
  public function foo();
}
interface I2 {
  /** @return string */
  public function bar();
}
class A implements I1, I2 {
  public function foo() {
    return "hello";
  }
  public function bar() {
    return "goodbye";
  }
}

This will cause Psalm to emit InvalidReturnType and MissingReturnType for A::foo:

interface I1 {
  /** @return string */
  public function foo();
}
interface I2 {
  /** @return int */
  public function foo();
}
class A implements I1, I2 {
  public function foo() {
    return "hello";
  }
}

And this will cause Psalm to emit MissingReturnType for A::foo:

interface I1 {
  /** @return string */
  public function foo();
}
interface I2 {
  /** @return string */
  public function foo();
}
class A implements I1, I2 {
  public function foo() {
    return "hello";
  }
}

More lenient treatment of various core functions

Functions like preg_replace, file_get_contents and current, which can return false, are now allowed to be reported as returning just a string. A few other functions, like strpos, still require explicit false checks because I judged the frequency of failure to be much higher in those situations.

Because CodeBase/Codebase broke autoloaders on *nix systems

Psalm gets a bit faster for the first time in a while. Also array_filter checks are more accurate, interpreting some closure contents if included.

Psalm is good at finding potential issues in large codebases, but once found, it can be something of a gargantuan task to fix all the issues.

This release introduces Psalter, designed to fix issues that Psalm finds.

Safety features

Updating code is inherently risky, doing so automatically is even more so. I've added a few features to make it a little more reassuring:

• To see what changes Psalter will make ahead of time, you can run it with --dry-run.
• You can target particular versions of PHP via --php-version, so that (for example) you don't add nullable typehints to PHP 7.0 code, or any typehints at all to PHP 5.6 code. --php-version defaults to your current version.
• it has a --safe-types mode that will only update PHP 7 return typehints with information Psalm has gathered from non-docblock sources of type information (e.g. typehinted params, instanceof checks, other return typehints etc.)

Plugins

You can pass in your own manipulation plugins e.g.

vendor/bin/psalter --plugin=vendor/vimeo/psalm/examples/ClassUnqualifier.php --dry-run

The above example plugin converts all unnecessarily qualified classnames in your code to shorter aliased versions.

Supported fixes

This initial release provides support for the following alterations, corresponding to the names of issues Psalm finds:

MissingReturnType

Running vendor/bin/psalter --issues=MissingReturnType --php-version=7.0 on

function foo() {
  return "hello";
}

gives

function foo() : string {
  return "hello";
}

and running vendor/bin/psalter --issues=MissingReturnType --php-version=5.6 on

function foo() {
  return "hello";
}

gives

/**
 * @return string
 */
function foo() {
  return "hello";
}

MissingClosureReturnType

As above, except for closures

InvalidReturnType

Running vendor/bin/psalter --issues=InvalidReturnType on

/**
 * @return int
 */
function foo() {
  return "hello";
}

gives

/**
 * @return string
 */
function foo() {
  return "hello";
}

There's also support for return typehints, so running vendor/bin/psalter --issues=InvalidReturnType on

function foo() : int {
  return "hello";
}

gives

function foo() : string {
  return "hello";
}

InvalidNullableReturnType

Running vendor/bin/psalter --issues=InvalidNullableReturnType --php-version=7.1 on

function foo() : string {
  return rand(0, 1) ? "hello" : null;
}

gives

function foo() : ?string {
  return rand(0, 1) ? "hello" : null;
}

and running vendor/bin/psalter --issues=InvalidNullableReturnType --php-version=7.0 on

function foo() : string {
  return rand(0, 1) ? "hello" : null;
}

gives

/**
 * @return string|null
 */
function foo() {
  return rand(0, 1) ? "hello" : null;
}

InvalidFalsableReturnType

Running vendor/bin/psalter --issues=InvalidFalsableReturnType on

function foo() : string {
  return rand(0, 1) ? "hello" : false;
}

gives

/**
 * @return string|false
 */
function foo() {
  return rand(0, 1) ? "hello" : false;
}

MismatchingDocblockParamType

Given

class A {}
class B extends A {}
class C extends A {}
class D {}

running vendor/bin/psalter --issues=MismatchingDocblockParamType on

/**
 * @param B|C $first
 * @param D $second
 */
function foo(A $first, A $second) : void {}

gives

/**
 * @param B|C $first
 * @param A $second
 */
function foo(A $first, A $second) : void {}

MismatchingDocblockReturnType

Running vendor/bin/psalter --issues=MismatchingDocblockReturnType on

/**
 * @return int
 */
function foo() : string {
  return "hello";
}

gives

/**
 * @return string
 */
function foo() : string {
  return "hello";
}

LessSpecificReturnType

Running vendor/bin/psalter --issues=LessSpecificReturnType on

function foo() : ?string {
  return "hello";
}

gives

function foo() : string {
  return "hello";
}

This introduces a file replacement API, allowing you to build plugins that alter your code.

For example, you can run

vendor/bin/psalm --plugin=vendor/vimeo/psalm/examples/ClassUnqualifier.php --replace-code

and all classes that are unnecessarily fully-qualified will be fixed

Psalm now has a more accurate representation of arrays with integer keys e.g. ["one", 2, 3.0] is now represented internally as array{0:string, 1:int, 2:float}

98085b2
e2b1b24
and reduce some false positives from the loop refactor

Psalm used to cautiously emit FailedTypeResolution issues. @TysonAndre encouraged the emitting of a RedundantCondition issue in the same sorts of places, but in more instances.

Emitting that issue in more places meant shining a harsh light on Psalm's analysis, and its generation and modification of type algebra, as it relates to the code it's scanning. Fixing the bugs that were revealed required a wholesale refactor of loop analysis and a bunch of other attendant changes.

The result is an analysis that is hopefully very much more robust than it was previously.

Includes #325 and other array fixes

Introduces MixedTypeCoercion, separate from TypeCoercion, to reduce severity of issues.

And also fix a bug with get_class($c) !== A::class checks

Includes more accurate array function typing.

Also can deal with weird Wordpress class definitions.