All Versions
Latest Version
Avg Release Cycle
8 days
Latest Release
1293 days ago

Changelog History
Page 3

  • v3.13.1 Changes

    July 30, 2020
    • πŸ›  fixes a possible crash when recursing through template params (#3912)
    • πŸ‘Œ improves the return type for fgetcsv (now more lenient)
  • v3.13.0 Changes

    July 30, 2020

    πŸ”‹ Features

    MissingPropertyType fixer

    βš™ Running vendor/bin/psalm --alter --issues=MissingPropertyType (when using PHP 7.4) on

    \<?phpclass A { public $string\_or\_int; public $only\_string; public $conditionally\_set\_string; public function \_\_construct() { if (rand(0, 1)) { $this-\>string\_or\_int = 5; } else { $this-\>string\_or\_int = "hello"; $this-\>conditionally\_set\_string = "goodbye"; } $this-\>only\_string = "bar"; } }


    \<?phpclass A { /\*\* \* @var string|int \*/public $string\_or\_int; public string $only\_string; /\*\* \* @var null|string \*/public $conditionally\_set\_string; public function \_\_construct() { if (rand(0, 1)) { $this-\>string\_or\_int = 5; } else { $this-\>string\_or\_int = "hello"; $this-\>conditionally\_set\_string = "goodbye"; } $this-\>only\_string = "baz"; } }

    This fix has full compatibility with previous versions of PHP, too.

    === true detection

    @greg0ire added support such that Psalm will warn you when comparing $some_bool === true where $some_bool would have sufficed.

    This option is hidden behind the strictBinaryOperands config flag.


    Psalm has a new type, positive-int, for situations where you want the typechecker to guarantee that an integer is positive.

    Other features

    • πŸ‘ @TysonAndre added support for generating multiple reports from a single Psalm run (#3776, #3777)
    • Language Server: @joehoyle added jump-to-definition for use statements (#3805)
    • πŸ‘ @ntzm added support for disabling the analysis of phpStormMeta files (#3833)
    • @bdsl improved the handling of @internal, hopefully clarifying its usage (#3841)
    • Psalm now detects impossible substr comparisons based on string length (#3877)
    • πŸ‘ @var docblock annotations are now supported in many more places (#1916)

    πŸ›  Bugfixes

    • πŸ›  fix resolution of @template T as self inside traits (#3753)
    • prevent a crash when a class being thrown is not found (#3755)
    • array_map should remember how an array was created (#3764)
    • 🐎 @joehoyle improved performance when scanning large stub files (#3781)
    • Language Server: @joehoyle fixed the offset calculation in getReferenceAtPosition (#3783)
    • πŸ‘ allow removing false and null from a templated var (#3790)
    • πŸ‘ @erunion added support for always running taint analysis via the config (#3800)
    • πŸ‘ allow analysis of $i++ inside an isset check (#3802)
    • prevent a large number of chained assignments crashing Psalm (#3797)
    • Language Server: @joehoyle fixed jump-to-definition for nullable function param types (#3804)
    • Language Server: @joehoyle fixed jump-to-definition for return types where the docblock type is invalid (#3806)
    • πŸ‘ @weirdan improved Psalm's support for custom autoloader logic (#3183)
    • πŸ‘ allow more complex negations from custom assertions (#3811)
    • πŸ‘ allow detection of paradoxes when switching on the result of a function call (#3808)
    • πŸ‘ @EvgeniiR improved support for array_column such that it can understand emptiness (#3813)
    • @TysonAndre added more impure function references (#3814)
    • πŸ‘Œ improved a bunch of things around how getters are treated (#3820, #3825 and more)
    • @ntzm made the *getcsv return types more specific (#3832)
    • πŸ–¨ @adrienlucas added taint tracking through strval and sprintf
    • @ygottschalk improved handling of key, array_key_first and array_key_last (#3838)
    • πŸ›  @EvgeniiR fixed an erroneous UndefinedClass issue that could crop up with params of type array|callable (#3842)
    • πŸ‘ @gharlan added support for assignments to immutable classes in __unserialize (#3845)
    • πŸ‘Œ improve support for falsy assertions (#3858)
    • πŸ‘ allow magic properties to be reconciled just like regular properties (#3857)
    • πŸ†“ detect mutations due to property assignments in mutation-free methods (#3870)
    • prevent a crash when comparing an object with properties to a missing class (#3882)
    • don't alter a class-string type when doing an empty check (#3894)
    • πŸ‘Œ support turning methods final via trait aliasing (#3897)
    • πŸ‘ allow templated types to be refined via instanceof (#3907)
  • v3.12.2 Changes

    July 03, 2020

    πŸ›  Taint analysis bugfixes & features

    • πŸ‘ allow taints to flow when no return type is given (#3652)
    • taint encapsulated strings based on their contents (#3655)
    • πŸ–¨ @TysonAndre added print, unserialize, create_function and more as sinks
    • πŸ‘ allow taints to flow through unpacked arguments and mixed foreach (#3670)
    • taint property types for magic getters/setters even in the absence of a @property annotation (#3668)
    • βž• add taints to filter_var (#3675)
    • preserve taints after is_string checks (#3680)
    • taint the contents of exit just as echo is (#3681)
    • @TysonAndre improved handling of preg_replace_callback
    • πŸ‘ allow taints to flow through implied __toString methods (#3697)
    • specialize constructor taints as nececssary
    • πŸ‘ allow any part of a taint path to be suppressed with @psalm-suppress TaintedInput

    Other features

    πŸ‘ @olleharstedt added support for @psalm-self-out, which allows some typestate-oriented programming in Psalm (#3650)

    πŸ›  Bugfixes

    • πŸ‘ allow comparison of get_class($foo) === static::class
    • πŸ›  fix false-negative around missing property declarations (#3642)
    • πŸ‘Œ improve treatment of comparisons after assignment in conditional (#3631)
    • @villfa improved reflection info for Redis (#3673)
    • PDO::query now allows two arguments (#3694)
    • @simPod improved reflection for RdKafka\ProducerTopic::producev (#3700)
    • @bdsl added a change that propagates @internal annotations on classes to their methods (#3698)
    • prevent crash with a Foo|? return type (#3716)
    • prevent crash on empty @method (#3721)
    • πŸ”Œ @jarstelfox fixed up the example TemplateChecker plugin
    • πŸ‘― prevent crash when clone-ing undefined class (#3719)
    • infer template params from a class-string where appropriate (#3726)
    • πŸ‘Œ improve handling of if conditionals inside do {...} while(); (#3685)
    • πŸ“œ @lhchavez fixed a bug in docblock parsing where data was lost if a comment referred to a tag (#3776)
    • πŸ‘ allow false to be removed from template params (#3737)
    • πŸ‘ allow storing references to impure classes via the class names inside immutable classes (#3738)
  • v3.12.1 Changes

    June 23, 2020

    Taint analysis

    • $_REQUEST is now treated as a source, and taints now flow through trim and similar funcs
    • @psalm-taint-specialize now works in static methods

    πŸ’» Also @TysonAndre added a --debug-emitted-issues command line flag to help debug the route of a Psalm issue.

    πŸ›  Bugfixes

    • preg_replace_callback now supports arrays properly even when the closure is not well-documented (#3639)
  • v3.12.0 Changes

    June 22, 2020

    πŸ‘ This will be the officially-supported taint analysis command going forward.

  • v3.11.7 Changes

    June 22, 2020

    πŸ”‹ Features

    • various taint analysis improvements
    • βž• added an <extraFiles> tag to tell Psalm about directories it should scan, but not analyse (#3618)

    πŸ›  Bugfixes

    • βž• add better support for complex switch (true) case statements (#3603)
    • πŸ‘ allow lists to have their types refined in @psalm-assert calls (#3605)
    • treat (Foo\Bar::class)::baz() as Foo\Bar::baz() (#3609)
    • @andrei-petre improved error message casing for undefined methods (#3615)
    • @iluuu1994 allowed strings with leading backslashes e.g. '\Foo\Bar::baz' to be treated as callables (#3607)
    • prevent a crash when analysing an assertion on a class constant where the class doesn’t exist (#3607)
  • v3.11.6 Changes

    June 17, 2020

    πŸ‘Œ Improved --diff behaviour

    πŸ›  @bendavies pointed out an issue (#3367) in Psalm's behaviour when running --diff, where the caching would only take effect the third time you ran Psalm, not the second. This is now fixed.

    Pathological-case switch statement speedups

    switch statements with 100 case statements in a row like

    switch ($i) { case 0: case 1: 99: return; }

    πŸ‘‰ Used to have polynomial complexity, but now they're evaluated in linear time.

    sealAllMethods config

    πŸ‘€ by default, if Psalm sees

    /\*\* \* @method getString():string \*/class Foo { public function \_\_call(string $name, array $args) {} } (new Foo)-\>bar(); // UndefinedMagicMethod

    it emits a UndefinedMagicMethod for the call to Foo::bar().

    But if no @method annotation is given, nor a @psalm-seal-methods annotation, then the call is allowed:

    class Foo { public function \_\_call(string $name, array $args) {} } (new Foo)-\>bar(); // no issue

    @olleharstedt added a new config option, sealAllMethods, that tells Psalm that this is always bad.

    πŸ›  @mixin bugfixes

    • πŸ›  @mr-feek fixed a bug in a @mixin annotation used with a final class (#3470)
    • πŸ›  fix a crash when encountering a weird @mixin annotation (#3537)
    • πŸ‘ allow magic method call on @mixin (#3534)
    • βž• added back support for static @mixin calls (#3552)

    πŸ›  Bugfixes

    @still-dreaming-1 added better type inference for __TRAIT__ and __FILE__ (#3464)

    πŸ‘ allow wildcard references to builtin class constants (#3484)

    πŸ‘ @orklah added a better return type for DateInterval::$days (#3493)

    @orklah added checks for duplicate @return/@param annotations (#3487)

    πŸ‘ @0x450x6c added wildcard support for class constants inside generics (#3489)

    @orklah prevented division by explicit zero in bcdiv (#3494)

    ⚠ @staabm fixed the type of mysqli_warning::$sqlstate (#3497)

    prevent crash on malformed @throws annotation (#3506)

    prevent incorrect mixed type with Amp when a @psalm-yield annotation is provided (#3418)

    @LeSuisse fixed signatures of stream_filter_append/prepend (#3514)

    prevent crash when a callable string is empty (#3519)

    πŸ›  fix a regression with the memoizeMethodCallResults option (#3522)

    expand @psalm-type aliases recursively (#3532)

    Language Server : @joehoyle added support for globally-defined functions (#3477)

    πŸ›  @andrei-petre fixed some config location resolution issues when setting baselines (#3521)

    @gharlan added PharData::offsetGet/offsetExists to callmap (#3557)

    @enumag improved ext-ds stubs (#3559)

    πŸ›  fix a crash when reconciling strings to template params (#3510)

    @tvdijen improved the return type for preg_grep (#3565)

    πŸ‘Œ support complicated case expressions after switch (true) (#3563)

    πŸ‘‰ make callable():void is valid for callable():?bool (#3571)

    always analyse cast expressions even when used in unknown context (#3577)

    @weirdan marked session_decode as impure (#3572)

    @andrei-petre added a check to prevent users extending final classes (#3037)

    @ostrolucky marked fgetcsv impure (#3582)

    prevent impure use of count (#3551)

    πŸ›  @Daeroni fixed the property type of tidyNode::$child (#3599)

    πŸ›  @jaikdean fixed some Redis:: signatures (#3597)

  • v3.11.5 Changes

    May 27, 2020

    πŸ”‹ Features

    Import @psalm-type annotations into classes

    βž• Added support for importing @psalm-type annotations from one class to another based on a suggestion from @malukenho (in #2924)

    Given a class Phone that defines a @psalm-type annotation on a class:

    \<?php/\*\* \* @psalm-type PhoneType = array{phone: string} \*/class Phone { /\*\* \* @psalm-return PhoneType \*/public function toArray(): array { return ["phone" =\> "Nokia"]; } }

    You can reference that type with the @psalm-import-type annotation:

    /\*\* \* @psalm-import-type PhoneType from Phone \*/class User { /\*\* \* @psalm-return PhoneType \*/function toArray(): array { return array\_merge([], (new Phone)-\>toArray()); } } 

    Other features

    • Psalm now detects a number of unused magic methods (e.g. __get, __ set) (#3236)
    • Psalm now continues its analysis after encountering undefined variables (#3366)
    • πŸ–¨ @dereuromark added a pretty-print option for JSON output
    • Language Server : @joehoyle added variable assignment hover information (#3401)

    πŸ›  Bugfixes

    • πŸ“œ Prevent crashes in method type parsing (#3340), when @mixin type can't be found (#3452), when throwing an exception without a known alias (#3465), and when yielded type tokenisation fails (#3430)
    • Prevent notice due to empty function id (#3354)
    • The Phar now doesn’t prefix any Psalm classes (#3152, #2904, #2652)
    • @nobuf added support for inferring that an object can be cast after is_callable([$var, '__isString']) (#3372)
    • Psalter : @orklah added a fix that avoids updating docblocks when no changes are made (#3374)
    • πŸ›  @ragboyjr fixed return type inference (based on docblock return type) for arrow functions (#3376)
    • Eliminate null after > 0 check (#3388)
    • @SignpostMarv added numeric-string inference when casting a numeric type to a string (#3390)
    • πŸ‘― @EvgeniiR helped improve analysis of possibly-correct clone expressions (#3382)
    • @orklah improved inference for array_sum (#3395)
    • Language Server : @joehoyle fixed bugs around getting symbol information for array shapes (#3400)
    • βœ‚ Remove possibly-undefined array keys when merging (#3393)
    • Allow conditional return types with func_num_args() in namespaces (#3423)
    • Don’t add null to return type as part of reflection when using docblock templates (#3419)
    • πŸ‘ Allow falsy reconciliation for templated params (#3426)
    • Always treat $this as static-y (#3417)
    • Flesh out static references in Closure():static return types (#3415)
    • Prevent a function param typed with a "0"|"1" from accepting a numeric-string type (#3440)
    • πŸ‘ Allow isset checks on undefined static properties (#3460)
    • Allow conditional return type inference with func_get_args() on instance methods (#3453)
    • πŸ”Œ @still-dreaming-1 improved plugin handling for AfterAnalysisInterface (#3461)
    • πŸ‘Œ Improve handling of templated @mixin annotation (#3458)
    • Improve handling of array_key_exists checks (#3463)
  • v3.11.4 Changes

    May 11, 2020

    πŸ‘‰ Use of unset inside a loop on variables initialised before the loop was entered resulted in a crash after a change in 3.11.3

  • v3.11.3 Changes

    May 11, 2020

    πŸ”‹ Features

    func_num_args() in conditional types

    πŸš€ Having added support for conditional types in 3.11.0, this release fleshes out that support, adding the ability (among other things) to return different values based on the number of passed arguments.

    You can use func_num_args() in your definition to change the function's behaviour.

    /\*\* \* @return (func\_num\_args() is 0 ? false : string) \*/function zeroArgsFalseOneArgString(string $s = "") {if (func\_num\_args() === 0) {return false; }return $s;}zeroArgsFalseOneArgString(); // type inferred as falsezeroArgsFalseOneArgString(""); // type inferred as stringzeroArgsFalseOneArgString("hello"); // type inferred as string

    πŸ‘Œ Improved inference for date calls

    Psalm now understands when the date function can return a numeric string.

    Language Server options

    @pristinesource added a bunch of additional language server options in #3161

    Constructor initialisation method checks

    In #3201 @weirdan pointed out that there was problem with Psalm's property initialisation checks when a public or protected method that initialises a property is overridden in a subclass, such that the property initialisation never takes place. Psalm was ignorant of issue.

    πŸš€ With this release, if you initialise a property in a public or protected method, that method has to be declared final or Psalm will complain that the property isn't properly initialised.

    Templated @mixin

    @mixin SomeTemplate is now valid, as is @mixin SomeGenericClass<int> (#3237) – thanks @mr-feek for help here!

    πŸ‘Œ Improved RecursiveIteratorIterator return types

    πŸ‘ As part of the above, Psalm now has a better understanding of RecursiveIteratorIterator calls (#3228)

    Array shape key quoting/escaping

    You can now specify array shape keys with special characters in docblocks (#1518), e.g.

    /** @return array{'?': string, '\'': int} */

    πŸ†• New plugin AfterFunctionLikeAnalysisInterface

    πŸ‘€ See #3258

    βž• Add more protections when destructuring arrays

    Code like

    [$a, $b, $c] = [1, 2];

    is now caught (#3210)

    Tuple annotations

    When you use the docblock annotation array{int, string} (with no keys given) Psalm will treat it like a tuple – that is, a sequential array of the form [$some_int, $some_string].

    Previously this was just treated as an alternative form for array{0: int, 1: string}, which allows [1 => $some_string, 0 => $some_int]. These types are now represented separately internally.

    πŸ›  Bugfixes

    • 🚚 array_unique now removes assumed information about array length (#3142)
    • @enumag improved Ds\* generics (#3146)
    • πŸ‘ nested templates are now supported (#3137)
    • array_keys now respects array non-emptiness - thanks @vudaltsov (#3168)
    • Throwable methods are now marked as pure – thanks @greg0ire (#3171)
    • array access in class constants is now resolved properly (#3132)
    • πŸ‘Œ improve inference of templated properties (#3138, #3163, #3289)
    • @vladyslavstartsev added correct types for BCMath and GMP functions (#3189)
    • prevent un-namespaced string references to functions in the current namespace (#3182, #3204)
    • @still-dreaming-1 improved the specificity of compact's return type (#3209)
    • Mixed assignments to all variables named $_ are now ignored - thanks @villfa (#3045)
    • πŸ‘Œ Support intersections with object with __toString method (#3149)
    • πŸ”„ allow non-string keys in array_change_key_case - thanks @greg0ire (#3221)
    • yield within a closure is now correctly understood (#3268)
    • βž• add support for parsing extra spaces before @param (#3270)
    • πŸ‘€ ensure short closures see the same sorts of issues as closures (#3305)
    • πŸ›  fix a crash when asserting on a possibly-undefined variable (#3324)
    • πŸ‘ allow interface methods to be used in array_map callables (#3321)
    • πŸ‘Œ improve treatment of custom autoloader scripts which themselves contain non-composer-loaded classes (#3311)
    • @sj-i improved function types for proc_open in PHP 7.4 (#3333)