The banner feature is support for Language Server Protocol (using the vendor/bin/language-server-protocol binary).

It's still awaiting documentation for every single IDE, but if you use VS Code and want to hack around, I've included a VS Code plugin below.

Bugfixes

The last release prevented last-ditch scanning of files in the analysis phase, once scanning is assumed to be done. This introduced a couple of bugs (or rather, it highlighted them):

• Fix scanning of object casts (#1016)
• Fixed scanning of non-docblock return types (#1017)

For more information: https://github.com/vimeo/psalm/releases/tag/2.0.9

Fixes bugs:

• improves filtering of subclasses based on parent clauses (#856)
• improves handling of nested clauses based on same object (#857)
• fixed analysis of polyfilled classes (#862)
• downgraded issue type from LessSpecificReturnStatement to MixedTypeCoercion when returning an array of mixed where a typed array is expected (#863)
• Fixed handling of constants with different values across different operating systems (#867)
• Improved return types of version_compare, gettimeofday and parse_url (#868, #871 and #875)
• Improved handling of complex param types for @magic methods (#870)
• Issues in vendor are now suppressed by default for newly-created configs (#872)
• Allow is_iterable to filter out non-iterable types (#874)
• Allow any iterable to be unpacked when calling functions (#873)

This updates the PHP 5.6-compatible branch with all the new features & bugfixes in the 2.x branch, minus the API changes in 2.x.

See the Releases page for details of the 2.x additions/fixes.

This release improves handling of stubbed files, allowing you to override methods of a class without including the whole class. It's in anticipation of a library of stubs and plugins for different 3rd-party packages.

Other changes

• Improved handling of class constants (#837 and #840)
• Issues are now triggered when impossible assertions made outside of a conditional (#838)
• Improved dead code detection after method_exists call (#836)
• Unresolvable method args are now checked where possible (#839)
• Remove hard memory limit when calling with --use-ini-defaults (#842)
• Fix callmap issues (#843 and #835, thanks @fkooman)
• Fix division-by-zero issue (#844)
• Improve array_reduce return type (#846)
• Improved handling of autoloaded files with function definitions (#848)
• Fixed handling of null|object|T when simplifying types (#851)
• Allow is_numeric check to refine scalar types (#850)
• Fix handling of variables set in do {} while($a = rand(0, 1)) conditionals (#852)

New feature

Finally added support for detecting missing @throws annotations: #15

You have to explicitly enable this feature in your psalm.xml by adding a config flag checkForThrowsDocblock="true". You can also choose which exceptions to ignore with <ignoreExceptions>. Missing @throws docblocks emit a MissingThrowsDocblock issue.

Bugfixes

• Improve handling of array_filter and array_map (#811 and #810)
• Improve bad docblock handling (#808, #812, #816 and #818, #826)
• Improve literal type handling (#814)
• Allow some more @method names (#820)
• Improve dead code detection (#822, #475 and #805)
• Fix bug where erroneous !== false checks were ignored (#823, #825)
• Improve handling of self in is_a checks (#819)
• Improve selection of callmap args when function is overloaded (#831)
• Fixed bug with erroneous inference of splatted input (#830)

2.0.2 introduced a bug where it would complain about missing function storage in some cases. This is now fixed.

Other issues:

• Fix issues analysing anonymous classes without constructors (#795)
• Psalm now understands assignments in if statements that also have repeated falsy assertions (#801)
• Psalm allows (by ignoring for the moment) union types in @method params (#802)
• Better treatment of isset for ArrayAccess offsets (#800)
• Magic methods are now correctly invoked within classes when properties are missing (#798)
• Invalid selectively-overloaded trait methods are now understood better (#803)
• Type ...$var can now be documented with @param Type[] $var without complaint (#792)
• Improved docblock handling for nullable closure return types in (#791)
• Templated parameter types on class methods where the templated type has already been set are now bound to that set type so that arguments can be checked against those types (#794)
• Improved handling of $this outside of a class (#378)
• Improved dead code detection in traits (#416)

• Added wildcard pattern matching for files in the config e.g. <file name="src/Project/*Bar.php" />
• Fixed treatment of union types in @method docblock params
• Improved analysis of XML classes

• Adds support for three new docblock annotations
• Fixed treatment of xor when passed boolean operands
• Psalm now adopts the nullability of the return typehint, if present
• Prevent a situation where InvalidDocblock only appeared on first run in some situations
• Fixed a false positive when analysing array keys with occasional explicit offsets
• Improved Psalm's handling of dependent files - when analysing a file, Psalm will also now report errors in traits that file uses. The same goes for errors found in parent classes and require'd files.
• Fixed handling of self::instanceMethod() calls when performed from a non-static context
• @weirdan added support for array_columns inference - #719

The big feature in this release is support of string & int enumerations in @param and @return statements.

Enumeration types allow you to specify a range of possible values for a given input or output, and allow you to write a little less code while still satisfying the type-checker.

For example, in the following Psalm understands that the function foo always returns a string, and only the last call, foo('bad'), is forbidden.

class A {
  const FOO = 'foo';
  const BAR = 'bar';
}

/**
 * @psalm-param A::FOO|A::BAR|'bat' $s
 */
function foo(string $s) : string {
  switch ($s) {
    case A::FOO:
      return 'hello';

    case A::BAR:
      return 'goodbye';
      
    case 'bat':
      return 'hello again';
  }
}

foo('foo');
foo(A::BAR);
foo('bat');
foo('bad');

Also included in this release are improvements to the templating engine, and fixes to how Psalm stores string values.

Includes support for value types (also in 1.x). Impetus comes from PHPStan, which has added this in dev-master.

This allows Psalm to find bugs in code like this (coincidentally the lone bug this new analysis found in Vimeo's codebase).

Also includes various fixes, including better analysis of expressions in disjunctive normal form

($a && $b) || ($c && $d) || ($e && $f)

Small bugfixes

Breaking changes:

• Uses PHP Parser 4 (and thus requires PHP 7)
• Issue type MoreSpecifcImplementedReturnType has been renamed LessSpecificImplementedReturnType
• Issue type PossiblyUndefinedArrayOffset is triggered for possibly undefined array keys (previously bucketed into PossiblyUndefinedVariable)

  $foo = rand(0, 1) ? ['a' => 1, 'b' => 2] : ['a' => 3];
  echo $foo['b'];

• removed stopOnFirstError <psalm /> config attribute, which hasn't been used in ages
• removed UntypedParam issue type, which also hasn't been used (MissingParamType is the replacement)

Fixed issues comparing variables - #677 for get_class vs ::class, and $a !== $b now fails if $a can never equal $b.

Fixed #676 - bit manipulations were getting typed to mixed, now string or int depending.

Fixed #673 where cached class names could pollute class lookups on case-sensitive OSes like Linux

@srsbiz fixed Windows directory handling in #655 and changed Psalm to use .dist files by default in #644

Bugfix release:

• Fixed bugs parsing docblock types in #614, #617, #630, #619, #629 and #560
• Improved type handling for #615, #626, #631, #635 and #637
• Improve handling of var_export and implode for #636 and #610 respectively

Fixes a couple of bugs with intersection types and nested trait resolution.

Thanks to the great work of @weirdan, this release has a Phar that you can use on any existing Psalm project.

Other changes:

• fixes #569 where trait function name maps got corrupted
• improves analysis of error-suppressed functions (#570)
• improves analysis of array_merge where ... is used (#571)
• improves analysis of strpos and abs calls (#576 and #577)
• improves handling of iterable types when negated (#574 and #579)
• added better checks to compare trait abstract methods to classes that use the traits

You can now specify that parameters that take fully-qualified class names must be passed a ::class constant. The docs have more info.

This release also brings more robustness to class-filename resolution, relying on composer's autoloader class where available to get the class name without using reflection. Thanks @weirdan for the ticket that led to this improvement.

This release also removes a dependency on composer/composer, using the much smaller composer/xdebug-handler instead. Thanks to @felixfbecker for the idea, and @johnstevenson for the legwork on the composer side, and @weirdan for integrating it with Psalm.

I introduced a new issue type of OverriddenPropertyAccess to fix #547. While this is technically a change in the API, it's also an issue that is very unlikely to occur in your codebase, so I felt it was acceptable to violate SemVer.

Other fixed issues:

• array_map/array_filter oddities in #555 and #556
• improved property-no-set-in-constructor checks (#562)
• improved do/while checks when vars are set only in the do, and used in the while (#561)
• prevented an issue from being triggered in #563
• improve handling of complicated (strings that contain square brackets) array keys in #564

• Fixes #540, allowing any param name starting with _ to be ignored in UnusedParam/PossiblyUnusedParam checks.
• Fixes #541 where array_map wasn't respecting key type
• Fixed some UnusedVariable false positives: #543 with static vars, #544 with try/catch vars, and #539 with global vars used in functions
• Fixed #546 where iterable|string[] was causing a fatal error when allowPhpStormGenerics="true"
• Fixed #548 allowing callables in array_map and array_filter to be properly checked
• Fixed documentation of --init in #537

Additionally Psalm now treats functions that start with assert more intelligently, and checks to see if they assert something. If they do it applies those assertions to the current scope.

This first major version signifies the beginning of semantic versioning:

• No Psalm issues will be added between major versions
• Minor versions will be used to fix bugs, especially those leading to false positives, and also to introduce new features that don't substantially alter Psalm's analysis
• The plugin API will not change between major versions

Updates since 0.3.93

• Running Psalm with PHP 5.4 and 5.5 is no longer supported
• new caching engine, reducing time and increasing memory usage
• rewritten internals to group similar functionality into classes, increasing long-term maintainability
• add checks for __set calls where @property annotations are present - thanks @nickyr
• updated plugin API to use static methods instead of instance ones
• added support for Pylint output format - thanks @TysonAndre
• made igbinary the default serializer if it's installed with the latest version - thanks again to @TysonAndre for his tireless work on that project
• added ending-line & ending-column data to output for future Language Server Protocol support

Known bugs

• #534 Failure to properly evaluate some repeated instanceof logic
• #502 InvalidReturnStatement should fire for void return if no yield statements found
• #455 Unset on objectlike array should reset it to empty array
• #442 Calling count() on an array should inform its emptiness
• #416 Dead code detection fails for trait-defined methods not directly called
• #324 Suppressing EmptyArrayAccess causes weird side-effects on problematic code

Added two new issues:

DocblockTypeContradiction - emitted when contradicting a docblock-asserted type:

/**
 * @param string $s
 */
function foo($s) {
    if ($s === 5) { }
}

RedundantConditionGivenDocblockType - emitted when conditional is redundant given information in docblocks

/**
 * @param string $s
 */
function foo($s) {
    if (is_string($s)) {};
}

and fixed a few issues with erroneous emitting of RedundantCondition

Miscellaneous fixes, plus a big refactor that'll hopefully make Psalm a touch faster.

Fixes #348, #477, and improves documentation of issues and supported annotations.

This release aims to match, and possibly supersede, Scrutinizer's very good dead code detection.

Known issues: #475

This release also has the last breaking change before a planned 1.0 release – breaking apart the UntypedParam issue into MissingParamType and MissingClosureParamType (as the latter scenario is often less worrisome).

Inherit docs from interfaces where missing

Psalm used not to automatically inherit docs from interfaces. Now it does, unless two different interfaces contain the same method.

So this is fine:

interface I1 {
  /** @return string */
  public function foo();
}
interface I2 {
  /** @return string */
  public function bar();
}
class A implements I1, I2 {
  public function foo() {
    return "hello";
  }
  public function bar() {
    return "goodbye";
  }
}

This will cause Psalm to emit InvalidReturnType and MissingReturnType for A::foo:

interface I1 {
  /** @return string */
  public function foo();
}
interface I2 {
  /** @return int */
  public function foo();
}
class A implements I1, I2 {
  public function foo() {
    return "hello";
  }
}

And this will cause Psalm to emit MissingReturnType for A::foo:

interface I1 {
  /** @return string */
  public function foo();
}
interface I2 {
  /** @return string */
  public function foo();
}
class A implements I1, I2 {
  public function foo() {
    return "hello";
  }
}

More lenient treatment of various core functions

Functions like preg_replace, file_get_contents and current, which can return false, are now allowed to be reported as returning just a string. A few other functions, like strpos, still require explicit false checks because I judged the frequency of failure to be much higher in those situations.

Because CodeBase/Codebase broke autoloaders on *nix systems

Psalm gets a bit faster for the first time in a while. Also array_filter checks are more accurate, interpreting some closure contents if included.

Psalm is good at finding potential issues in large codebases, but once found, it can be something of a gargantuan task to fix all the issues.

This release introduces Psalter, designed to fix issues that Psalm finds.

Safety features

Updating code is inherently risky, doing so automatically is even more so. I've added a few features to make it a little more reassuring:

• To see what changes Psalter will make ahead of time, you can run it with --dry-run.
• You can target particular versions of PHP via --php-version, so that (for example) you don't add nullable typehints to PHP 7.0 code, or any typehints at all to PHP 5.6 code. --php-version defaults to your current version.
• it has a --safe-types mode that will only update PHP 7 return typehints with information Psalm has gathered from non-docblock sources of type information (e.g. typehinted params, instanceof checks, other return typehints etc.)

Plugins

You can pass in your own manipulation plugins e.g.

vendor/bin/psalter --plugin=vendor/vimeo/psalm/examples/ClassUnqualifier.php --dry-run

The above example plugin converts all unnecessarily qualified classnames in your code to shorter aliased versions.

Supported fixes

This initial release provides support for the following alterations, corresponding to the names of issues Psalm finds:

MissingReturnType

Running vendor/bin/psalter --issues=MissingReturnType --php-version=7.0 on

function foo() {
  return "hello";
}

gives

function foo() : string {
  return "hello";
}

and running vendor/bin/psalter --issues=MissingReturnType --php-version=5.6 on

function foo() {
  return "hello";
}

gives

/**
 * @return string
 */
function foo() {
  return "hello";
}

MissingClosureReturnType

As above, except for closures

InvalidReturnType

Running vendor/bin/psalter --issues=InvalidReturnType on

/**
 * @return int
 */
function foo() {
  return "hello";
}

gives

/**
 * @return string
 */
function foo() {
  return "hello";
}

There's also support for return typehints, so running vendor/bin/psalter --issues=InvalidReturnType on

function foo() : int {
  return "hello";
}

gives

function foo() : string {
  return "hello";
}

InvalidNullableReturnType

Running vendor/bin/psalter --issues=InvalidNullableReturnType --php-version=7.1 on

function foo() : string {
  return rand(0, 1) ? "hello" : null;
}

gives

function foo() : ?string {
  return rand(0, 1) ? "hello" : null;
}

and running vendor/bin/psalter --issues=InvalidNullableReturnType --php-version=7.0 on

function foo() : string {
  return rand(0, 1) ? "hello" : null;
}

gives

/**
 * @return string|null
 */
function foo() {
  return rand(0, 1) ? "hello" : null;
}

InvalidFalsableReturnType

Running vendor/bin/psalter --issues=InvalidFalsableReturnType on

function foo() : string {
  return rand(0, 1) ? "hello" : false;
}

gives

/**
 * @return string|false
 */
function foo() {
  return rand(0, 1) ? "hello" : false;
}

MismatchingDocblockParamType

Given

class A {}
class B extends A {}
class C extends A {}
class D {}

running vendor/bin/psalter --issues=MismatchingDocblockParamType on

/**
 * @param B|C $first
 * @param D $second
 */
function foo(A $first, A $second) : void {}

gives

/**
 * @param B|C $first
 * @param A $second
 */
function foo(A $first, A $second) : void {}

MismatchingDocblockReturnType

Running vendor/bin/psalter --issues=MismatchingDocblockReturnType on

/**
 * @return int
 */
function foo() : string {
  return "hello";
}

gives

/**
 * @return string
 */
function foo() : string {
  return "hello";
}

LessSpecificReturnType

Running vendor/bin/psalter --issues=LessSpecificReturnType on

function foo() : ?string {
  return "hello";
}

gives

function foo() : string {
  return "hello";
}

This introduces a file replacement API, allowing you to build plugins that alter your code.

For example, you can run

vendor/bin/psalm --plugin=vendor/vimeo/psalm/examples/ClassUnqualifier.php --replace-code

and all classes that are unnecessarily fully-qualified will be fixed

Psalm now has a more accurate representation of arrays with integer keys e.g. ["one", 2, 3.0] is now represented internally as array{0:string, 1:int, 2:float}

98085b2
e2b1b24
and reduce some false positives from the loop refactor

Psalm used to cautiously emit FailedTypeResolution issues. @TysonAndre encouraged the emitting of a RedundantCondition issue in the same sorts of places, but in more instances.

Emitting that issue in more places meant shining a harsh light on Psalm's analysis, and its generation and modification of type algebra, as it relates to the code it's scanning. Fixing the bugs that were revealed required a wholesale refactor of loop analysis and a bunch of other attendant changes.

The result is an analysis that is hopefully very much more robust than it was previously.

Includes #325 and other array fixes

Introduces MixedTypeCoercion, separate from TypeCoercion, to reduce severity of issues.

And also fix a bug with get_class($c) !== A::class checks

Includes more accurate array function typing.

Also can deal with weird Wordpress class definitions.