Features

• Psalter: Undefined Variables can now be removed automatically (#1967) - thanks @jeffreyyoo!
• Psalm now warns about missing interface return types (#1846) and bad default types for static properties (#1974)

Bugfixes

• Improve DOM property types (#1951), thanks @ShiraNai7!
• Allow comparisons to templated param classes (#1970)
• Language Server: fix erroneous property not initialised issues (#1973)
• Fix handling of setcookie (#1972)
• Prevent fatal error with empty @template-extends docblock (#1963)
• No false positives about unused variables after continue (#1980)
• Prevent PHP Notice with malformed docblock type (#1563)
• ComplicatedExpressionException should no longer cause a fatal error on elseif (#1985)
• Support fully-qualified param types in @method annotations (#1989)
• Psalter: Allow full replacements to take precedence over minor alterations, avoiding corrupted output (#1991)
• Fix setlocale param types (#1988), thanks @BackEndTea!

Bugfixes

• Improve refinement of templated types (#1886, #1927, #1931, #1932)
• prevent a LogicException when scanning files nested class_exists checks (#1925)
• invalidate cached grandchild of stubbed class (#1935)
• fix evaluation of a/b/c/d/../../../../ (#1940)
• @inheritdoc leads to @throws being inherited - thanks @smelesh (#1945)
• allow assertions on templated values (#1937)
• support use of a third arg in explode that can lead to empty output (#1953)
• Language Server add support for completing built-in class names (#1863)
• Language Server allow signature help to kick in for root functions without proper scope
• Allow templated assertions on already-templated values (#1956)
• Improve detection of unused private properties - thanks @2e3s (#1962)
• Improve file path resolution on Windows

Fixes an issue with negated iterable/array assertions introduced in 3.4.8 (#1922)

Bugfixes

Fixes an issue (#1859) introduced in 3.4.3 where conditional definitions of functions e.g.

if (!function_exists("some_function")) {
  function some_function() {...}
}

would result in a crash some_function does exist in the runtime, and it's internal.

Also fixes a similar issue (#1860) where Psalm could crash while analysing blocks surrounded by a if (class_exists(Foo::class)) if Psalm thinks Foo always exists.

Features

• makes Psalm 20% faster by reducing object cloning
• added a SonarQube report type - thanks @lewinski! (#1808)
• trailing commas are now supported in object-like array docblocks (#1802)
• add documentation for the assertion syntax (#1810)
• Language server: improve autocompletion of methods and properties - thanks @iluuu1994 (#1831, #1834)
• Language server: improve legibility of on-hover definitions - thanks @iluuu1994 (#1833)
• Language server: add jump-to-definition of docblock types (#1832)
• Language server: jump between parentheses having autocompleted method name - thanks @iluuu1994 (#1839)
• warn when running Psalm with pcre.jit=1 on Macs with PHP 7.3

Bugfixes

• improve treatment of if (class_exists(Foo::class)) {...} when the class doesn’t exist in Psalm's world (#1801)
• complain about DeprecatedClass when using a deprecated class's constants (#1803, #1814)
• psalm-refactor: ensure directory exists before moving file (#1802)
• fix expected argument count message when too-few params are provided (#1811)
• object&Foo is converted to Foo when resolving templates (#1813)
• the effect of array_filter($arr, 'is_numeric') (and related is_... functions) is now interpreted correctly (#1816)
• allow comparison to static with instanceof static (#1458)
• handle intersection when expanding template (#1818)
• improve behaviour of callable reconciliation (#1825)
• don’t allow object-like array to be unioned with mixed (#1826)
• resolve docblock self references in the scanning phase (unless inside traits) (#1827)
• Language Server always show references to method, even if arguments are incomplete (#1835)
• prevent invalid templated returns - thanks (#1842, #1845)
• allow static class strings to be compared (#1848)
• improve messaging about invalid types with hyphens in (#1852)
• allow MethodParamsProvider to accept an empty array - thanks @Daeroni (#1854)

Features

• psalm-language-server: --enable-autocompletion is now enabled by default, after a ton of great work by @joshdifabio
• psalm-refactor: allow multiple class renames at once
• psalm-refactor: allow multiple method renames when the methods reference one another
• there's now a non-zero exit code when a config file is not found (#1779)
• PHP 7.4: nullable typed properties e.g. public ?int $foo are now also checked for initialisation (#1787)
• DeprecatedFunction is now emitted when using a deprecated function (#1793)
• slightly improved readability for object-like array output in error messages, thanks @Kocal (#1708)

Bugfixes

• interface @template-extends wasn't being inherited properly (#1766)
• get rid of notice with a by-ref array assignment with an unmet var-id (#1770)
• T<true> or T<false> are now acceptable as standins for of T<bool> (#1775)
• --report-show-info=false now works as advertised (#1773)
• psalm-language-server fixed erroneous behaviour on save seen in Vim and Sublime (#1780)
• allow scalar type in sprintf (#1792)
• missing static class constants are now complained about (#1791)
• allow uksort to accept version_compare (and improve handling of multiple-signature callmap options) (#1781)
• UndefinedFunction no longer causes analysis to stop in the given block (#1790)
• Missing docblock brackets are now detected (#1784)

This minor release adds inference of property types from simple constructors. It can be turned off with inferPropertyTypesFromConstructor="false" in the config.

Bugfixes

• adds psalm-refactor binary to composer so vendor/bin/psalm-refactor actually works...

This bumps requirements so Psalm can be installed in Symfony 4.3

The support for enum-like constructs with key-of and value-of in 3.3.1 was undercut by the fact that Psalm's string comparison checks were case-insensitive.

This fixes that issue.

Thanks to @bdsl for pointing it out!

Features

• Psalter: Backwards-incompatible changes in Psalter can now be prevented with a --allow-backwards-incompatible-changes=false - thanks @iluuu1994 for suggesting and implementing! (#1622)
• Language Server: Completion (which you can enable with --enable-autocomplete) reliability has been improved, thanks to input from @joshdifabio (#1653, #1654, #1655, #1656)
• Covariant templated params are now prevented from being used as input to a function (#1609, #1610)
• You can use @psalm-internal Some\Namespace to specify a specific nested namespace that functions using this feature must be in. Existing @internal annotations are equivalent to @psalm-internal <CurrentNamespaceRoot>. Thanks @bdsl for suggesting and implementing! (#1623)
• Previously a misspelled/missing class in a docblock would result in a UndefinedClass issue emitted, as would a missing class in PHP code. Now anything stemming from a docblock is an UndefinedDocblockClass issue.

Bugfixes

• Psalter won't add phpdoc-incompatible @return empty[] annotations anymore (#1636)
• Unused code: fixed some false positives around try/catch statements (#1464, #1128)
• A more specific error ImplementedParamTypeMismatch is emitted when a docblock param type deviates from a parent's docblock (previously MoreSpecificImplementedParamType was emitted (#1633)
• no-return-returning functions inside try/catch blocks are now treated properly (#1580)
• Checkstyle format no longer over-escapes characters (#1639)
• Fix caching issue with autoloaded functions (#1646)
• Totally-templated intersections are now allowed (#1652)
• interface_exists now generates a class-string type (#1657)

Changes

This release also bumps the minimum PHP version to PHP 7.1, and updates a number of packages accordingly.

This release also removes a recently-added TSqlSelectString type that was being used for an internal Vimeo plugin. I deemed the type unnecessary, especially as it added an extra 1.4MB in dependencies to Psalm's core. I've added a plugin hook for you to make your own, if you find that functionality useful.

Features

• if psalm --init doesn't see a folder labeled src, it now looks at your composer.json to see what autoloaded directories you've configured in Composer, and adds them to Psalm's config
• unused variable detection improved (#1626, #1391)

Bugfixes

• escape characters in checkstyle.xml output (#1620)
• return type fixes from @voku
• prevent an autoloaded function from overriding a function that's already been autoloaded (#1627)
• prevent Psalter updating return types overridden elsewhere (#1622)
• improve behaviour of unset on arrays with known keys

Features

• Psalm now prevents users from using --threads=X on Macs with PHP ini setting pcre.jit=1, due to widely-known crash on PHP > 7.3 (#1601)
• psalm --find-unused-code can now be used as an alternative to psalm --find-dead-code (#1586)
• checkstyle format can now be used for reports (#1616)

Bugfixes

• Psalm can now infer param types from array_map and array_filter closures where none were provided, preventing an unnecessary MissingClosureParamType issue (#664)
• Psalm can also now infer param types for templated callables (#1600)
• it now inherits docblock signature when child has a PHP return type and the parent does not (#1593)
• methods that just exit are now treated the same, type-system-wise, as methods that throw an exception (#1592)
• some previously-broken yoda conditional comparisons now work (#1591)
• ternary else statements now only know about the first condition expression's evaluation (#1597)
• prevent UnusedVariable issues from being caught by a try statement inside a loop (#1598)
• fix a crash when calling is_subclass_of with a possibly-undefined variable
• prevent invalid covariant template classes from being passed (#1603)

This adds slightly better support for dead code detection when running with --diff.

Also splits TypeCoercion into three new issues - ArgumentTypeCoercion, PropertyTypeCoercion and ReturnTypeCoercion, with similar treatment for MixedTypeCoercion. Existing config suppressions for TypeCoercion and MixedTypeCoercion should still work.

Bugfixes

• Allows --shepherd to be used with the Phar
• Detect changes to the first statement's docblock in a given method when using --diff-methods (#1574)
• Prevent fatal error with templates and complicated inheritance (#1578)

The previous code coverage removal didn't adequately check that a method or property hadn't been called in a variable manner on a parent class or implemented interface. This fixes that.

Features

• using --shepherd is supported for public GitHub projects using https://shepherd.dev
• function map updates from @voku, pulling in changes from JetBrains/PHPstorm-stubs

Bugfixes

• improve handling of negated binary ops (#1545)
• catch more impossible comparison to true and false (#1546)
• use correct comparison for callable param types (#1540)

Features

This release allows you to run Psalm's language server from a phar with the --language-server command.

It also allows you to annotated static variables with their expected types, thus discovering bugs e.g.

function foo() : void {
  /** @var int */
  static $a = 0;

  if (++$a === 3) {
    echo '3 times';
  }

  $a = "hello"; // this is now a bug
}

The release also contains fixes from @SignpostMarv allowing tests to be run under Windows without errors.

Bugfixes

• calls to static interface methods are now prevented (#1514)
• process inheritance properly in builtin classes (#1515)
• improve comparison of templated trait parameters (#1513)
• make return type of mktime conditional on its arguments (#1512)
• make expected params of PDOStatement::setFetchMode conditional on its first argument (#1496)
• introduce TraitMethodSignatureMismatch issue that can be suppressed (#1499)
• analyse array offsets on mixed values (#1510)

3.2.1 (released 15 minutes ago) introduced a bug because I didn't read the documentation for array_reverse carefully enough. Oh well.

Includes those bugfixes:

• Preserve count with array_reverse (#1470)
• Improve null checks (#1459, #1451)
• Fix regression added in 3.1.0 when analysing negated assertions (#1460)
• Prevent traits from being treated like valid classes (#1453), though they could be sort of added back in #1478
• Always inherit docs from parents (#1447)
• Support templated union types (#1418)
• Fix mixed message formatting (#1368)
• Allow class-string<T> types to be interpreted correctly (#1457)
• Allow self-named params in traits (#1475)
• Fix internal errors caused by bad generic param counts (#1474)
• Exclude tests dir from packagist (#1477)
• @weirdan fixed #1387, preventing API use of Codebase::classExists before everything has been populated
• Allow interface method calls in abstract class methods (#1461)
• Update callmap to include some false returns (#1448, #1469)
• Use relative path for config xsd (#1472)
• Combine closure types in union (#1462)
• Prevent invalid casts inside string (#1471)

This fixes templated param inheritance so that no @param T $t is needed on functions that extend/implement classes or interfaces that already defined that templated param type.

This fixes a slight showstopper which prevented the Phar from working properly with SQL-like strings.

If you use the Phar, you can now use Psalter too - run psalm.phar --alter followed by Psalter args (e.g. --issues=MissingReturnType)

Bugfixes

• Fix tracking dead code when aliasing trait methods (#1412)
• Allow non-empty-array in namespaces (#1416)
• Prevent false positive error comparing covariant trait abstract method return types (#1414)
• Allow property constructor checks across file inclusion boundaries (#1417)
• Allow comparison to empty arrays to inform emptiness (#1419)
• Fix variadic param counts (#1421, #1422)
• Allow templated covariance checks (#1411)
• Fix get_class return types when called on new (#1397)
• @param-out now allows types to be changed (#1379)
• Complain about implementing static interface methods with non-static (#1383)

Features

This release adds plugin hooks that allow you to have more control over how Psalm treats functions, properties and methods:

• Psalm\Plugin\Hook\PropertyExistenceProviderInterface
  allows you to control whether a property exists or not
• Psalm\Plugin\Hook\PropertyVisibilityProviderInterface
  allows you to control whether a property is visible in a given Context
• Psalm\Plugin\Hook\PropertyTypeProviderInterface
  allows you to control a property's type
• Psalm\Plugin\Hook\MethodExistenceProviderInterface
  allows you to control whether a method exists or not
• Psalm\Plugin\Hook\MethodVisibilityProviderInterface
  allows you to control whether a method is visible in a given Context
• Psalm\Plugin\Hook\MethodParamsProviderInterface
  allows you to control a method's parameters
• Psalm\Plugin\Hook\MethodReturnTypeProviderInterface
  allows you to control a method's return type
• Psalm\Plugin\Hook\FunctionExistenceProviderInterface
  allows you to control whether a function exists or not
• Psalm\Plugin\Hook\FunctionParamsProviderInterface
  allows you to control a function's parameters
• Psalm\Plugin\Hook\FunctionReturnTypeProviderInterface
  allows you to control a function's return type

Much of this functionality is already possible using stub files and Psalm's existing plugin architecture, but this gives you more fine-grained control over the process.

Additional features

• Psalm now detects when you pass undefined variables to a function that expects a typed by-reference param
• Better checks for invalid template param names (#1288, #1403)
• Docblock params that don't match an actual param variable name are now flagged if you have a param that's missing some type information (#1382)
• You can now add docblocks for non-empty-array<int, string> and get warnings when the passed argument is empty, or might be empty (#1393)

Bugfixes

• Remove self/static from array_map return type (#1361)
• Improve handling of array offset checks (#1366, #1356)
• Improve treatment of namespaced functions in define - thanks @bugreportuser (#1375)
• Allow stdClass[]|Generator in PhpStorm-compat mode (#1370)
• Extended getIterator calls now use proper types (#1364)
• Always evaluate array offsets when passed as arguments (#1382)
• Fixed a crash on ""[0] (thanks @bugreportuser)
• Callable param and return types should now be treated as docblock types (#1395)
• Allow scalar to be compared to literal values, then negated (#1399)
• Continue analysis after undefined static call (#1402)
• Improve string casting rules for union of resource|array (#1398)
• Fix parsing of @template of type with spaces (#1406)
• Fix return type of apc_add - thanks @weirdan (#1409)

Features

• Types can now be compared in plugins - thanks @weirdan (#1357)

Bugfixes

• Allow restricted string keys to be compared to object-like arrays (#1329)
• Allow $_SESSION to be checked in isset (#1335)
• Don't check for redundant conditions when checking property initialisation (#1338)
• Don't crash when encountering method that uses __call during property initialisation checks (#1337)
• Prevent crash for callable(static|self|parent) type (#1339)
• Fix array_unique return type - thanks @bugreportuser! (#1347)
• Allow UnusedClass to be suppressed via docblocks - thanks @weirdan! (#1353)
• Fix notice when combining some traversables and iterables and arrays together (#1350)
• Check for bad iterable arg params (#1359)
• Allow MissingThrowsDocblock to be suppressed (#1325)
• Allow in-trait static property comparison (#1332)

Features

• Switched to using https://github.com/amphp/amp for the Language server - thanks @trowski and @kelunik for your contributions!
• Psalm can now check specific versions of PHP if you pass it a --php-version=7.x argument in the command line (#1191)
• @SignpostMarv and @weirdan helped improve docs around templates
• Thanks to @maludecks, running --update-baseline will tell you how many errors were removed
• Add MixedFunctionCall issue, emitted when totallyTyped="true" in the config and Psalm cannot infer what's being called (#1313)
• Improve strictness of ReflectionClass (thanks @SignpostMarv)

Bugfixes

• fix handling of templated intersection (#1287)
• only match the most specific template param in a union (#1290)
• fix issue reconciling an isset command that includes a class constant array key (#1297)
• load functions defined in a class's PSR-4-compatible file whenever that class is used (#1300)
• vars defined in catches that end in a throw/return should be conditionally available in finally (#1299)
• yield from $myArray should infer types properly (#1307)
• Prevent same-named template params in extended classes from confusing inheritance (#1310)
• No PropertyNotSetInConstructor false positive warnings for grandchild classes without constructors (#1309)
• Improve behaviour of is_iterable and is_callable (#1316)
• Always preload reflection data for Callable if we're using a closure somewhere in the codebase (#1314)

Features

Missing param types can now be added with Psalter by using the --issues=MissingParamType option (#204)

Also:

• Support wildcards e.g. <referencedClass name="*Foo" /> - thanks @andrew-demb for additional help (#1225)
• detects illegal closure param use (#1256)
• improve analysis of automatically-invoked ArrayAccess methods offsetGet and offsetSet
• analysis of large arrays is now much faster - thanks @TysonAndre for the suggestion (#1279)

Bugfixes

• add template params for SplObjectStorage (#1259)
• support $this and static returns in @method annotations (#1196, #1257, #1258)
• fix redundant conditions when eliminating object after assertion (#1262)
• fix malformed class-string after certain assertions (#1263)
• allow <referencedMethod> issue suppression to be a warning (#1265)
• fix handling of @var self on static properties (#1267)
• fix handling of second variadic arg when used with explicit param types (#1273)
• improve combination of types resulting from get_class call and class-string (#1275)
• fix calls to a templated parent method when using @template-extends (#1274)
• fix handling of generic self and static return objects (#1282)

Features

Solidifies support for @template with support for @template-use for traits, and numerous extra checks for bad usage (#1232, #1234, #1236, #1238, #1240, #1243, #1244, #1245, #1248, #1250, #1072). Thanks @sserbin, @weirdan and @SignpostMarv for pointing out errors and omissions in my implementation!

Other features:

• Invalid @var annotations are now checked (#1246)
• Class-specific issues (e.g. UndefinedClass) can now be suppressed with wildcard class names (#1225)
• Generic params are now allowed in @psalm-assert calls (#1227)
• Add support for floats in enums e.g. @var 0.1|0.2 (#1099 and #1253)

Bugfixes

• Fix config value for allowStringToStandInForClass - thanks @andrew-demb (#1222)
• MissingClosureParamType can now be suppressed from a parent function @psalm-suppress (#1223)
• Classes with __invoke can be transformed via Closure::fromCallable to appropriate closure (#760)
• Improve error message when a type cannot be inferred for a packed arg (#1110)
• Fix confusion when namespaced function shared name with namespaced class in same scope (#1235)
• Check for undefined class before comparing to class/interface (#1229)
• Allow negative offsets on strings (#1241)
• Iterable should subsume array|Traversable (#1242)
• Allow instanceof comparisons to class strings (#1251)
• iterator_to_array now understands objects with getIterator() methods (#1249)
• Union of literal string and class-string now treated as string (#1254)

Features

• Improved handling of template constraints so that more errors are found (#1068, #1207)

• Adds support for object{foo:string, bar:int} annotation to describe runtime-generated objects like stdClass (#390)

• Initial support for @param-out, though the @param-out values are currently not verified (#1088)

• @property can now override parent param types, though that use case is not massively encouraged (#1214)

• Added @extends and @inherits as alternate syntax for @template-extends

• Catch invalid string/array parameters passed to functions expecting a typed callable (#1109 and #1218) so Psalm can see the bug in this:

  $a = [["hello"], ["goodbye"]];
  usort($a, 'strcmp');

  Thanks @weirdan for the issues and suggestions to help make this happen!

Bugfixes

• Disallow undefined class constants in enums (#1202)
• Prevent fatal error with array_map checks after unresolvable file include (#1200)
• Allow traits to override inheritance checks (#1205)
• Inheritance is now always respected when combining object types (#1208)
• Allow $_SERVER type to be set in a docblock. Foreach @var annotations are also now applied before evaluation of the iterable (#1211)
• Prevent type contradiction errors in catch and finally blocks (#1221)
• Allow namespaced constant refs everywhere (#1220)
• Allow class-string<Foo&Bar> (and Psalm to be able to infer that type) (#1219)
• Allow a protected property to be set by its parent constructor (#1217)

This release brings support for the @template-extends annotation.

You can use this when you have a templated class/interface that extends another templated class/interface.

Bugfixes

• Fix password_hash signature - thanks @weirdan (#1188)
• Fix issues with baseline file paths when generated on Windows (#1192)
• Evaluate assignment arguments when parameters are passed by reference (#1195)
• Treat all class_alias commands as acting globally to the project (#1113)
• Namespace classes in @psalm-assert docblock (#987)
• Evaluate phantom/mock-class method params (#1129)
• Warn for more invalid operands (#833)
• Support private trait method aliasing (#909)
• Allow constant arrays to be refined with isset (#813)

Release 3.0.9 contained a fix for #1141 that erroneously highlighted symlinked files as being analyzable. That's fixed in this release.

Features

• Added is a plugin hook that's called when Psalm has analysed a class, AfterClassLikeAnalysisInterface (#1183)
• Improved callmap from PHPStan's changes (thanks @voku)
• Made the language server more robust (fixed a bunch of potential crashes)

Other bugfixes

• Also fixed a potential OOM error with large conditionals in #1181 and some bad maths in #1180
• Allowed scalar to be coerced to numeric (#1178)
• Allow assignments in mixed method calls (#1176)
• Take note of trait method visibility overrides (#1175)
• Prevent RedundantCondition issues bleeding to unrelated callsites (#1177)

Features

As explained here, I've changed how class strings are typed, so as to discriminate between literal string values (e.g. Foo::class) and strings which we know to contain either Foo::class or SomeChildOfFoo::class which, in Psalm's type system, I'm calling class-string<Foo>.

Bugfixes

• Exception::getCode()/ Throwable::getCode() can return a string (#1148)
• IntlDateFormatter::format() can return false (#1147)
• Allow empty check on iterable (#1149)
• Don’t crash when calling parent::bar() with undefined parent class (#1154)
• Don't complain about self::class comparisons inside traits (#1152)
• Add better checks for new $foo() and $foo::bar() (#1143 and #1142)
• Prevent language server crashes when copying methods and classes (#1150)
• Fix handling of filter_var (#1163, thanks @andrew-demb)
• Fix inheritance of hard-to-resolve constants (#1165)

Fixes #1135, where a user had problems with a Laravel-based project that made heavy use of class_alias. Also fixed an issue (in the same ticket) reasoning about arrays that had been passed by reference to a function. Thanks to @josephzidell for his enormous patience as I tracked down the various Psalm bugs he stumbled upon.

Also fixed an issue where Psalm would not properly inherit a param type if a signature type was also given, e.g. here:

interface I {
  /** @param string[] $f */
  function foo(array $f) : void {}
}

class C implements I {
  /** @var string[] */
  private $f = [];
  
  /**
 * {@inheritdoc}
 */
  public function foo(array $f) : void {
    $this->f = $f; // Psalm thought $f was array<mixed, mixed>
  }
}

Psalm will now bypass the signature check if @inheritdoc is present in the docblock.

Features

Better analysis of when dealing with unknown types

Prior to this release, Psalm wouldn't see any problems with the following:

class A {}

function foo($bar) : void {
    if (rand(0, 1)) {
        $bar = new A();
    }
  
    $bar->bat();
}

That's because $bar would always be treated as mixed. mixed is a special type that basically says "we don't know anything", but if we look at the code above it's clear that it might fail.

I changed Psalm's type system so that mixed no longer subsumes any other possible type, and now the above reports a PossiblyUndefinedMethod issue.

New compact output

@erunion resolved #967, which asked for a more concise output format.

Use --output-format=compact to see the new format.

class_alias support

It used not to be supported. Now it is (as long as the class_alias calls are in your bootstrap file). Fixes #1102.

@method improvements

As per #999, @method annotations can now override parent method return/param types.

@psalm-misspelled-annotation warnings

If you use an annotation beginning with @psalm- that's not recognised, Psalm will now warn you (#490).

@Internal warnings

Psalm will now emit issues if you're using code marked @internal in a different namespace (#689).

Bugfixes

• Improved handling of long switch statements (#1103)
• Add support for referencedFunction in UndefinedFunction config issue suppression blocks (#1108)
• Fixed automatic inference of assert*-named function for complicated logic (#1095)
• Emit PossiblyUndefinedArrayOffset in more places (#1107)
• Many method trait method aliases can now map to the same method (#1104)
• Allow function docblocks with ...$some_var to imply variadic input (#945)
• Allow @throws annotation to capture subclasses of the given Exception class (#1115)
• Improve handling of callables with generic-param intersection return types (#1119)

Changes

• Psalm will now emit a TypeDoesNotContainType issue when comparing get_class($foo) to a string. Use class constants instead!

Features

Improves handling of intersection types somewhat so that docblocks can add intersections to an existing type e.g. @return SomeInterface&static will evaluate to SomeInterface&SomeOtherInterface&Foo when $this is typed to SomeOtherInterface&Foo.

If none of that makes any sense, basically I had to add improve some stuff so that Psalm could support a new Mockery plugin.

Bugfixes

• Phars work on Windows, and cache is not shared between non-Phar Psalm runs (#1074, #1094)
• Scan @throw classes in case they're not used elsewhere (#1093, thanks @aidantwoods for identifying)
• Improve typing of iterators and getIterator calls (#1036)
• Re-fix support for magic properties (#1074, thanks @TysonAndre for finding the regression)

The VS Code Language Server plugin was not tested on Windows, and therefore had a couple of bugs. With this update, and an accompanying one in VS Code plugin land, the plugin is Windows-safe.

Features

Baseline creation/updating

Thanks to @ErikBooijCB, the Psalm's config file is now updated automatically when using --set-baseline. The baseline XML file now includes snippets of the bad code, where possible, to reduce false positives when Psalm finds more errors in that file (because you can sometimes be directed to the wrong error site).

Non-empty array type inference

Psalm has improved slightly better understanding of when an array is non-empty.

Bugfixes

• improved treatment of the special class-string type (#1055)
• fix issue some were running into processing include paths (#1059)
• fix parsing of nested callables (#1063)
• fix return results of modulo arithmetic (PHP always returns ints, unlike JS) (#1069)

New features

Error Baselines

#1049 introduced support for creating baselines - thanks @ErikBooijCB!

If you have a big project and want to use Psalm, but don't want to fix all the possible errors right away, you previously had one option - adopt an incredibly lenient config and incrementally make it more strict.

Now there's another way - you can create a stricter config and generate a baseline with --set-baseline=[path/to/baseline.xml]. Psalm will scan your codebase and create a file with the current number of errors of each type in each file, so developers cannot add more issues of that given type in those files.

You currently have to then add errorLevel="path/to/baseline.xml" in your Psalm config for Psalm to use that baseline file, but that step will be automated in a future release.

Over time, as issues are fixed, you can call --update-baseline and Psalm will trim the baseline to represent the current error counts in your codebase.

LSP onChange support

Psalm now has support for onChange events in Language Server mode (previously only onOpen and onSave events were supported).

This allows for more seamless editing in IDEs that support LSP, and also means Psalm now supports hover events and go-to-definition.

Bugs fixed

• improved handling of malformed docblock @property types (#1026)
• fix fatal errors when dealing with inexistent intersection types exist (#1045, #1044)
• fix fatal errors when dealing with extension methods that aren't in the callmap (#1035)
• fix LSP mode method invalidation when adding/removing use statements (#1039)
• understand a lot of filter_var arguments (#1024)
• handling of -i (#1047) - thanks @DaveLiddament!

The banner feature is support for Language Server Protocol (using the vendor/bin/language-server-protocol binary).

It's still awaiting documentation for every single IDE, but if you use VS Code and want to hack around, I've included a VS Code plugin below.

Bugfixes

The last release prevented last-ditch scanning of files in the analysis phase, once scanning is assumed to be done. This introduced a couple of bugs (or rather, it highlighted them):

• Fix scanning of object casts (#1016)
• Fixed scanning of non-docblock return types (#1017)

For more information: https://github.com/vimeo/psalm/releases/tag/2.0.9

Fixes bugs:

• improves filtering of subclasses based on parent clauses (#856)
• improves handling of nested clauses based on same object (#857)
• fixed analysis of polyfilled classes (#862)
• downgraded issue type from LessSpecificReturnStatement to MixedTypeCoercion when returning an array of mixed where a typed array is expected (#863)
• Fixed handling of constants with different values across different operating systems (#867)
• Improved return types of version_compare, gettimeofday and parse_url (#868, #871 and #875)
• Improved handling of complex param types for @magic methods (#870)
• Issues in vendor are now suppressed by default for newly-created configs (#872)
• Allow is_iterable to filter out non-iterable types (#874)
• Allow any iterable to be unpacked when calling functions (#873)

This updates the PHP 5.6-compatible branch with all the new features & bugfixes in the 2.x branch, minus the API changes in 2.x.

See the Releases page for details of the 2.x additions/fixes.

This release improves handling of stubbed files, allowing you to override methods of a class without including the whole class. It's in anticipation of a library of stubs and plugins for different 3rd-party packages.

Other changes

• Improved handling of class constants (#837 and #840)
• Issues are now triggered when impossible assertions made outside of a conditional (#838)
• Improved dead code detection after method_exists call (#836)
• Unresolvable method args are now checked where possible (#839)
• Remove hard memory limit when calling with --use-ini-defaults (#842)
• Fix callmap issues (#843 and #835, thanks @fkooman)
• Fix division-by-zero issue (#844)
• Improve array_reduce return type (#846)
• Improved handling of autoloaded files with function definitions (#848)
• Fixed handling of null|object|T when simplifying types (#851)
• Allow is_numeric check to refine scalar types (#850)
• Fix handling of variables set in do {} while($a = rand(0, 1)) conditionals (#852)

New feature

Finally added support for detecting missing @throws annotations: #15

You have to explicitly enable this feature in your psalm.xml by adding a config flag checkForThrowsDocblock="true". You can also choose which exceptions to ignore with <ignoreExceptions>. Missing @throws docblocks emit a MissingThrowsDocblock issue.

Bugfixes

• Improve handling of array_filter and array_map (#811 and #810)
• Improve bad docblock handling (#808, #812, #816 and #818, #826)
• Improve literal type handling (#814)
• Allow some more @method names (#820)
• Improve dead code detection (#822, #475 and #805)
• Fix bug where erroneous !== false checks were ignored (#823, #825)
• Improve handling of self in is_a checks (#819)
• Improve selection of callmap args when function is overloaded (#831)
• Fixed bug with erroneous inference of splatted input (#830)

2.0.2 introduced a bug where it would complain about missing function storage in some cases. This is now fixed.

Other issues:

• Fix issues analysing anonymous classes without constructors (#795)
• Psalm now understands assignments in if statements that also have repeated falsy assertions (#801)
• Psalm allows (by ignoring for the moment) union types in @method params (#802)
• Better treatment of isset for ArrayAccess offsets (#800)
• Magic methods are now correctly invoked within classes when properties are missing (#798)
• Invalid selectively-overloaded trait methods are now understood better (#803)
• Type ...$var can now be documented with @param Type[] $var without complaint (#792)
• Improved docblock handling for nullable closure return types in (#791)
• Templated parameter types on class methods where the templated type has already been set are now bound to that set type so that arguments can be checked against those types (#794)
• Improved handling of $this outside of a class (#378)
• Improved dead code detection in traits (#416)

• Added wildcard pattern matching for files in the config e.g. <file name="src/Project/*Bar.php" />
• Fixed treatment of union types in @method docblock params
• Improved analysis of XML classes

• Adds support for three new docblock annotations
• Fixed treatment of xor when passed boolean operands
• Psalm now adopts the nullability of the return typehint, if present
• Prevent a situation where InvalidDocblock only appeared on first run in some situations
• Fixed a false positive when analysing array keys with occasional explicit offsets
• Improved Psalm's handling of dependent files - when analysing a file, Psalm will also now report errors in traits that file uses. The same goes for errors found in parent classes and require'd files.
• Fixed handling of self::instanceMethod() calls when performed from a non-static context
• @weirdan added support for array_columns inference - #719

The big feature in this release is support of string & int enumerations in @param and @return statements.

Enumeration types allow you to specify a range of possible values for a given input or output, and allow you to write a little less code while still satisfying the type-checker.

For example, in the following Psalm understands that the function foo always returns a string, and only the last call, foo('bad'), is forbidden.

class A {
  const FOO = 'foo';
  const BAR = 'bar';
}

/**
 * @psalm-param A::FOO|A::BAR|'bat' $s
 */
function foo(string $s) : string {
  switch ($s) {
    case A::FOO:
      return 'hello';

    case A::BAR:
      return 'goodbye';
      
    case 'bat':
      return 'hello again';
  }
}

foo('foo');
foo(A::BAR);
foo('bat');
foo('bad');

Also included in this release are improvements to the templating engine, and fixes to how Psalm stores string values.

Includes support for value types (also in 1.x). Impetus comes from PHPStan, which has added this in dev-master.

This allows Psalm to find bugs in code like this (coincidentally the lone bug this new analysis found in Vimeo's codebase).

Also includes various fixes, including better analysis of expressions in disjunctive normal form

($a && $b) || ($c && $d) || ($e && $f)

Small bugfixes

Breaking changes:

• Uses PHP Parser 4 (and thus requires PHP 7)
• Issue type MoreSpecifcImplementedReturnType has been renamed LessSpecificImplementedReturnType
• Issue type PossiblyUndefinedArrayOffset is triggered for possibly undefined array keys (previously bucketed into PossiblyUndefinedVariable)

  $foo = rand(0, 1) ? ['a' => 1, 'b' => 2] : ['a' => 3];
  echo $foo['b'];

• removed stopOnFirstError <psalm /> config attribute, which hasn't been used in ages
• removed UntypedParam issue type, which also hasn't been used (MissingParamType is the replacement)

Fixed issues comparing variables - #677 for get_class vs ::class, and $a !== $b now fails if $a can never equal $b.

Fixed #676 - bit manipulations were getting typed to mixed, now string or int depending.

Fixed #673 where cached class names could pollute class lookups on case-sensitive OSes like Linux

@srsbiz fixed Windows directory handling in #655 and changed Psalm to use .dist files by default in #644

Bugfix release:

• Fixed bugs parsing docblock types in #614, #617, #630, #619, #629 and #560
• Improved type handling for #615, #626, #631, #635 and #637
• Improve handling of var_export and implode for #636 and #610 respectively

Fixes a couple of bugs with intersection types and nested trait resolution.

Thanks to the great work of @weirdan, this release has a Phar that you can use on any existing Psalm project.

Other changes:

• fixes #569 where trait function name maps got corrupted
• improves analysis of error-suppressed functions (#570)
• improves analysis of array_merge where ... is used (#571)
• improves analysis of strpos and abs calls (#576 and #577)
• improves handling of iterable types when negated (#574 and #579)
• added better checks to compare trait abstract methods to classes that use the traits

You can now specify that parameters that take fully-qualified class names must be passed a ::class constant. The docs have more info.

This release also brings more robustness to class-filename resolution, relying on composer's autoloader class where available to get the class name without using reflection. Thanks @weirdan for the ticket that led to this improvement.

This release also removes a dependency on composer/composer, using the much smaller composer/xdebug-handler instead. Thanks to @felixfbecker for the idea, and @johnstevenson for the legwork on the composer side, and @weirdan for integrating it with Psalm.

I introduced a new issue type of OverriddenPropertyAccess to fix #547. While this is technically a change in the API, it's also an issue that is very unlikely to occur in your codebase, so I felt it was acceptable to violate SemVer.

Other fixed issues:

• array_map/array_filter oddities in #555 and #556
• improved property-no-set-in-constructor checks (#562)
• improved do/while checks when vars are set only in the do, and used in the while (#561)
• prevented an issue from being triggered in #563
• improve handling of complicated (strings that contain square brackets) array keys in #564

• Fixes #540, allowing any param name starting with _ to be ignored in UnusedParam/PossiblyUnusedParam checks.
• Fixes #541 where array_map wasn't respecting key type
• Fixed some UnusedVariable false positives: #543 with static vars, #544 with try/catch vars, and #539 with global vars used in functions
• Fixed #546 where iterable|string[] was causing a fatal error when allowPhpStormGenerics="true"
• Fixed #548 allowing callables in array_map and array_filter to be properly checked
• Fixed documentation of --init in #537

Additionally Psalm now treats functions that start with assert more intelligently, and checks to see if they assert something. If they do it applies those assertions to the current scope.

This first major version signifies the beginning of semantic versioning:

• No Psalm issues will be added between major versions
• Minor versions will be used to fix bugs, especially those leading to false positives, and also to introduce new features that don't substantially alter Psalm's analysis
• The plugin API will not change between major versions

Updates since 0.3.93

• Running Psalm with PHP 5.4 and 5.5 is no longer supported
• new caching engine, reducing time and increasing memory usage
• rewritten internals to group similar functionality into classes, increasing long-term maintainability
• add checks for __set calls where @property annotations are present - thanks @nickyr
• updated plugin API to use static methods instead of instance ones
• added support for Pylint output format - thanks @TysonAndre
• made igbinary the default serializer if it's installed with the latest version - thanks again to @TysonAndre for his tireless work on that project
• added ending-line & ending-column data to output for future Language Server Protocol support

Known bugs

• #534 Failure to properly evaluate some repeated instanceof logic
• #502 InvalidReturnStatement should fire for void return if no yield statements found
• #455 Unset on objectlike array should reset it to empty array
• #442 Calling count() on an array should inform its emptiness
• #416 Dead code detection fails for trait-defined methods not directly called
• #324 Suppressing EmptyArrayAccess causes weird side-effects on problematic code

Added two new issues:

DocblockTypeContradiction - emitted when contradicting a docblock-asserted type:

/**
 * @param string $s
 */
function foo($s) {
    if ($s === 5) { }
}

RedundantConditionGivenDocblockType - emitted when conditional is redundant given information in docblocks

/**
 * @param string $s
 */
function foo($s) {
    if (is_string($s)) {};
}

and fixed a few issues with erroneous emitting of RedundantCondition

Miscellaneous fixes, plus a big refactor that'll hopefully make Psalm a touch faster.

Fixes #348, #477, and improves documentation of issues and supported annotations.

This release aims to match, and possibly supersede, Scrutinizer's very good dead code detection.

Known issues: #475

This release also has the last breaking change before a planned 1.0 release – breaking apart the UntypedParam issue into MissingParamType and MissingClosureParamType (as the latter scenario is often less worrisome).

Inherit docs from interfaces where missing

Psalm used not to automatically inherit docs from interfaces. Now it does, unless two different interfaces contain the same method.

So this is fine:

interface I1 {
  /** @return string */
  public function foo();
}
interface I2 {
  /** @return string */
  public function bar();
}
class A implements I1, I2 {
  public function foo() {
    return "hello";
  }
  public function bar() {
    return "goodbye";
  }
}

This will cause Psalm to emit InvalidReturnType and MissingReturnType for A::foo:

interface I1 {
  /** @return string */
  public function foo();
}
interface I2 {
  /** @return int */
  public function foo();
}
class A implements I1, I2 {
  public function foo() {
    return "hello";
  }
}

And this will cause Psalm to emit MissingReturnType for A::foo:

interface I1 {
  /** @return string */
  public function foo();
}
interface I2 {
  /** @return string */
  public function foo();
}
class A implements I1, I2 {
  public function foo() {
    return "hello";
  }
}

More lenient treatment of various core functions

Functions like preg_replace, file_get_contents and current, which can return false, are now allowed to be reported as returning just a string. A few other functions, like strpos, still require explicit false checks because I judged the frequency of failure to be much higher in those situations.

Because CodeBase/Codebase broke autoloaders on *nix systems

Psalm gets a bit faster for the first time in a while. Also array_filter checks are more accurate, interpreting some closure contents if included.

Psalm is good at finding potential issues in large codebases, but once found, it can be something of a gargantuan task to fix all the issues.

This release introduces Psalter, designed to fix issues that Psalm finds.

Safety features

Updating code is inherently risky, doing so automatically is even more so. I've added a few features to make it a little more reassuring:

• To see what changes Psalter will make ahead of time, you can run it with --dry-run.
• You can target particular versions of PHP via --php-version, so that (for example) you don't add nullable typehints to PHP 7.0 code, or any typehints at all to PHP 5.6 code. --php-version defaults to your current version.
• it has a --safe-types mode that will only update PHP 7 return typehints with information Psalm has gathered from non-docblock sources of type information (e.g. typehinted params, instanceof checks, other return typehints etc.)

Plugins

You can pass in your own manipulation plugins e.g.

vendor/bin/psalter --plugin=vendor/vimeo/psalm/examples/ClassUnqualifier.php --dry-run

The above example plugin converts all unnecessarily qualified classnames in your code to shorter aliased versions.

Supported fixes

This initial release provides support for the following alterations, corresponding to the names of issues Psalm finds:

MissingReturnType

Running vendor/bin/psalter --issues=MissingReturnType --php-version=7.0 on

function foo() {
  return "hello";
}

gives

function foo() : string {
  return "hello";
}

and running vendor/bin/psalter --issues=MissingReturnType --php-version=5.6 on

function foo() {
  return "hello";
}

gives

/**
 * @return string
 */
function foo() {
  return "hello";
}

MissingClosureReturnType

As above, except for closures

InvalidReturnType

Running vendor/bin/psalter --issues=InvalidReturnType on

/**
 * @return int
 */
function foo() {
  return "hello";
}

gives

/**
 * @return string
 */
function foo() {
  return "hello";
}

There's also support for return typehints, so running vendor/bin/psalter --issues=InvalidReturnType on

function foo() : int {
  return "hello";
}

gives

function foo() : string {
  return "hello";
}

InvalidNullableReturnType

Running vendor/bin/psalter --issues=InvalidNullableReturnType --php-version=7.1 on

function foo() : string {
  return rand(0, 1) ? "hello" : null;
}

gives

function foo() : ?string {
  return rand(0, 1) ? "hello" : null;
}

and running vendor/bin/psalter --issues=InvalidNullableReturnType --php-version=7.0 on

function foo() : string {
  return rand(0, 1) ? "hello" : null;
}

gives

/**
 * @return string|null
 */
function foo() {
  return rand(0, 1) ? "hello" : null;
}

InvalidFalsableReturnType

Running vendor/bin/psalter --issues=InvalidFalsableReturnType on

function foo() : string {
  return rand(0, 1) ? "hello" : false;
}

gives

/**
 * @return string|false
 */
function foo() {
  return rand(0, 1) ? "hello" : false;
}

MismatchingDocblockParamType

Given

class A {}
class B extends A {}
class C extends A {}
class D {}

running vendor/bin/psalter --issues=MismatchingDocblockParamType on

/**
 * @param B|C $first
 * @param D $second
 */
function foo(A $first, A $second) : void {}

gives

/**
 * @param B|C $first
 * @param A $second
 */
function foo(A $first, A $second) : void {}

MismatchingDocblockReturnType

Running vendor/bin/psalter --issues=MismatchingDocblockReturnType on

/**
 * @return int
 */
function foo() : string {
  return "hello";
}

gives

/**
 * @return string
 */
function foo() : string {
  return "hello";
}

LessSpecificReturnType

Running vendor/bin/psalter --issues=LessSpecificReturnType on

function foo() : ?string {
  return "hello";
}

gives

function foo() : string {
  return "hello";
}

This introduces a file replacement API, allowing you to build plugins that alter your code.

For example, you can run

vendor/bin/psalm --plugin=vendor/vimeo/psalm/examples/ClassUnqualifier.php --replace-code

and all classes that are unnecessarily fully-qualified will be fixed