PHPStan v0.12.83 releases: PHP Static Analysis Tool

PHPStan focuses on finding errors in your code without actually running it. It catches whole classes of bugs even before you write tests for the code. It moves PHP closer to compiled languages in the sense that the correctness of each line of the code can be checked before you run the actual line.

What it currently checks for?

• Existence of classes used in instanceof, catch, typehints and other language constructs. PHP does not check this and just stays instead, rendering the surrounded code unused.
• Existence and accessibility of called methods and functions. It also checks the number of passed arguments.
• Whether a method returns the same type it declares to return.
• Existence and visibility of accessed properties. It will also point out if a different type from the declared one is assigned to the property.
• The correct number of parameters passed to sprintf/printf calls based on format strings.
• Existence of variables while respecting scopes of branches and loops.
• Useless casting like (string) ‘foo’ and strict comparisons (=== and !==) with different types as operands which always result in false.

PHPStan is fast…

It manages to check the whole codebase in a single pass. It doesn’t need to go through the code multiple times. And it only needs to go through the code you wish to analyze, e.g. the code you have written. It doesn’t need to parse and analyze 3rd party dependencies. Instead, it uses reflection to find out useful information about somebody else’s code your codebase uses.

PHPStan is able to check our codebase (6000 files, 600k LOCs) in around a minute. And it checks itself under a second.

Changelog v0.12.83

Improvements 🔧

• Precise try-catch-finally analysis (#481), thanks @rainbow-alex for the kick-off of this feature!
  • Learn more on PHPStan’s blog
  • Fixes: #1597, #3617, #778, #2969, #3004, #3710, #3822, #505, #1670, #1219, #3302
• Dependent types – understand truthy BooleanOr and falsey BooleanAnd scope (phpstan/phpstan-src@2c42ef1), #4733, #4326, #987, #4215, #4695
• Dependent types – save conditional expression after variable assignment (phpstan/phpstan-src@56ae015), #2977, #3190

Bleeding edge 🔪

• Consistent remembering and forgetting returned values (phpstan/phpstan-src@d4edc59)
  • Learn more on PHPStan’s blog
  • Fixes: #2420, #4588, #3553, #3382, #4177, #4091, #2288, #1157
• Report dead catch with exception that is not thrown in the try block – level 4 (phpstan/phpstan-src@ce9299c)
• Rule for detecting overwriting exit points in finally – level 4 (phpstan/phpstan-src@3f712be)

If you want to see the shape of things to come and adopt bleeding edge features early, you can include this config file in your project’s phpstan.neon:

includes:
	- vendor/phpstan/phpstan/conf/bleedingEdge.neon

Of course, there are no backwards compatibility guarantees when you include this file. The behaviour and reported errors can change in minor versions with this file included. Learn more

Bugfixes 🐛

• Fixed detecting method signature compatibility (phpstan/phpstan-src@8f0150d), #4729
• Fixed inferring template types from ThisType (phpstan/phpstan-src@a843d87), #4725
• More robust PHPDoc parsing (phpstan/phpstan-src@5d37113), #4731
• Support the $foo ?? false pattern when making sure variable exists (phpstan/phpstan-src@c4cc668), #560
• mt_rand and rand are not pure (phpstan/phpstan-src@edc8446)
• random_int and random_bytes are not deterministic (phpstan/phpstan-src@f36fa71), #4190
• Invalidate is_file() calls and similar only after clearstatcache() (phpstan/phpstan-src@bcc8d61)
• Invalidate object state after passing to impure function (phpstan/phpstan-src@f92b95e), #3203
• BaselineNeonErrorFormatter: Sort output by file and pattern (#483), thanks @dktapps!
• Match expression – do not complain about void in arm body (phpstan/phpstan-src@90e49f7, phpstan/phpstan-src@2c0dda3), #4292
• Fix merging scopes with narrowed constant types (phpstan/phpstan-src@42d0b36), #4434
• Allow phpVersion up to 80099 (phpstan/phpstan-src@4db2e14), #4762
• Fix Access to an undefined static property in Closure::bind (#489), thanks @VincentLanglet!
• Add array_sum() dynamic return type extension (#490), thanks @VincentLanglet!
• Fix NativeMethodReflection::hasSideEffects() (phpstan/phpstan-src@98fb540), #4231, #4287
• TypeSpecifier – support IntegerRangeType with count() (phpstan/phpstan-src@7b417c7), #4700
• Improved performance (phpstan/phpstan-src@dbe08a6, phpstan/phpstan-src@626f72a, phpstan/phpstan-src@1463c57, phpstan/phpstan-src@91f477f), #4723
• Fix problem with generics and inheritance, #4008, #3546
• Fix native static return typehint when entering class method (phpstan/phpstan-src@baa371e), #4795

Function signature fixes 🤖

• Fix function-map for PDOStatement pass-by-reference functions (#480), thanks @jaylinski!
• Add uopz 6.x functions (#482), thanks @zonuexe!

Install && Use

Copyright (c) 2016 Ondřej Mirtes