Phan Versions Save

Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.

5.1.0

2 years ago

New Features (Analysis):

Support running Phan 5 with AST version 80 instead of 85 but warn about php-ast being outdated.

Documentation:

Update documentation of --target-php-version and --minimum-target-php-version

5.0.0

2 years ago

If you are migrating from Phan 4, it may be useful to set up or update a Phan baseline file to catch issues such as nullable type mismatches. https://github.com/phan/phan/wiki/Tutorial-for-Analyzing-a-Large-Sloppy-Code-Base has other advice on setting up suppressions. For example, Phan is now more consistently warning about nullable arguments (i.e. both \X|null and ?\X) in a few cases where it may have not warned about passing \X|null to a function that expects a non-null type.

If you are using plugins for Phan 4 that are not part of Phan itself, they may have issues in Phan 5 due to additional required parameters being added to many of Phan's methods.

See the changelog for other changes in the previous alpha releases: https://github.com/phan/phan/blob/5.0.0/NEWS.md

New Features (Analysis):

Warn about implicitly nullable parameter intersection types (function(A&B $paramName = null)) being a compile error. New issue type: PhanTypeMismatchDefaultIntersection
Emit PhanTypeMismatchArgumentSuperType instead of PhanTypeMismatchArgument when passing in an object supertype (e.g. ancestor class) of an object instead of a subtype. Emit PhanTypeMismatchReturnSuperType instead of PhanTypeMismatchReturn when returning an object supertype (e.g. ancestor class) of an object instead of a subtype.

Phan 5 starts warning about ancestor classes being incompatible argument or return types in cases where it previously allowed it. (#4413)

5.0.0a4

2 years ago

This is the unstable branch for alpha releases of Phan 5. Planned/remaining work is described in https://github.com/phan/phan/issues/4413

If you are using plugins that are not part of Phan itself, they may have issues in Phan 5 due to additional required methods being added to many of Phan's methods.

New Features (Analysis):

Use the enum class declaration type (int, string, or absent) from AST version 85 to check if enum cases are valid. (#4313) New issue types: PhanSyntaxEnumCaseExpectedValue, PhanSyntaxEnumCaseUnexpectedValue, PhanTypeUnexpectedEnumCaseType

Backwards incompatible changes:

Bump the minimum required AST version from 80 to 85 (Required to analyze php 8.1 enum classes - 'type' was added in AST version 85).
In php 8.1, require php-ast 1.0.14 to natively parse AST version 85.

Maintenance:

Upgrade tolerant-php-parser from 0.1.0 to 0.1.1 to prepare to support new php syntax in the polyfill/fallback parser. (#4449)

Bug fixes:

Fix extraction of reflection attribute target type bitmask from internal attributes such as PHP 8.1's ReturnTypeWillChange

5.0.0a3

2 years ago

July 15, 2021, Phan 5.0.0a3

Phan 5 introduces support for intersection types, and improves the accuracy of type casting checks and type inference to catch more issues.

This is the unstable branch for alpha releases of Phan 5. Planned/remaining work is described in https://github.com/phan/phan/issues/4413

If you are using plugins that are not part of Phan itself, they may have issues in Phan 5 due to additional required methods being added to many of Phan's methods.

New Features (Analysis):

Support parsing php 8.1 intersection types in php-ast 1.0.13+ (#4469) (not yet supported in polyfill)
Support parsing php 8.1 first-class callable syntax in unreleased php-ast version (#4464)
Support parsing php 8.1 readonly property modifier (#4463)
Support allowing new expressions in php 8.1 readonly property modifier (#4460)
Emit PhanTypeInvalidArrayKey and PhanTypeInvalidArrayKeyValue for invalid array key literal types or values.
Fix false positive PhanTypeMissingReturn/PhanPluginAlwaysReturnMethod for method with phpdoc return type of @return never
Warn about direct access to static methods or properties on traits (instead of classes using those methods/properties) being deprecated in php 8.1 (#4396)
Add Stringable to allowed types for sprintf variadic arguments. This currently requires explicitly implementing Stringable. (#4466)

Bug fixes:

Fix a crash when analyzing array literals with invalid key literal values in php 8.1.
Fix a crash due to deprecation notices for accessing trait methods/properties directly in php 8.1

4.0.7

2 years ago

The Phan 5 release line (currently in alpha) will support PHP 8.1 syntax and new features such as intersection types

Language Server/Daemon mode:

Fix an uncaught exception sometimes seen checking for issue suppressions when pcntl is unavailable.

Maintenance:

Expand allowed netresearch/jsonmapper version ranges to include ^4.0 for php 8.1 support.
Update dependencies in composer.lock for compatibility with php 8.1 in published phar files.

Bug fixes:

Don't emit PhanCompatibleNonCapturingCatch when minimum_target_php_version is '8.0' or newer. (#4433)
Stop ignoring @return null and @param null $paramName in phpdoc. (#4453)

Stop special casing @param null now that Phan allows many other literal types in param types.

5.0.0a2

2 years ago

Jun 26 2021, Phan 5.0.0a2

Phan 5 introduces support for intersection types, and improves the accuracy of type casting checks and type inference to catch more issues.

This is the unstable branch for alpha releases of Phan 5. Planned/remaining work is described in https://github.com/phan/phan/issues/4413

If you are using plugins that are not part of Phan itself, they may have issues in Phan 5 due to additional required methods being added to many of Phan's methods.

New Features (Analysis):

Improve accuracy of checks for weak type overlap for redundant condition warnings on <=
Emit PhanAccessOverridesFinalConstant when overriding a final class constant. (#4436)
Emit PhanCompatibleFinalClassConstant if class constants have the final modifier in codebases supporting a minimum target php version older than 8.1 (#4436)
Analyze class constants declared in interfaces as if they were final in php versions prior to 8.1. (#4436)
Warn about using $this or superglobals as a parameter or closure use. (#4336)

New Features (CLI)

Use var_representation/polyfill for generating representations of values in issue messages.

Maintenance:

Upgrade tolerant-php-parser from ^0.0.23 to ^0.1.0 to prepare to support new php syntax in the polyfill/fallback parser. (#4449)

Bug fixes:

Properly warn about referencing $this from a static fn declared in an instance method. (#4336)
Fix a crash getting template parameters of intersection types

5.0.0a1

2 years ago

May 30 2021, Phan 5.0.0a1

Phan 5 introduces support for intersection types, and improves the accuracy of type casting checks and type inference to catch more issues.

This is the unstable branch for alpha releases of Phan 5. Planned/remaining work is described in https://github.com/phan/phan/issues/4413

If you are using plugins that are not part of Phan itself, they may have issues in Phan 5 due to additional required methods being added to many of Phan's methods.

New Features (Analysis):

Support parsing intersection types in phpdoc and checking if intersection types satisfy type comparisons
Support inferring intersection types from conditions such as instanceof
Warn about impossible type combinations in phpdoc intersection types. New issue types: PhanImpossibleIntersectionType
Improve type checking precision for whether a type can cast to another type.
Improve precision of checking if a type is a subtype of another type.
Split out warnings about possibly invalid types for property access (non-object) and possibly invalid classes for property access New issue types: PhanPossiblyUndeclaredPropertyOfClass
Also check for partially invalid expressions for instance properties during assignment (PhanPossiblyUndeclaredProperty*)
Treat @template-covariant T as an alias of @template T - Previously, that tag was not parsed and T would be treated like a (probably undeclared) classlike name. (#4432)

Bug fixes:

Fix wrong expression in issue message for PhanPossiblyNullTypeMismatchProperty (#4427)

Breaking Changes:

Many internal methods now require a mandatory CodeBase instance. This will affect third party plugins.
Remove --language-server-min-diagnostic-delay-ms.

4.0.6

2 years ago

New Features (Analysis):

Partially support php 8.1 enums (#4313) (infer the real type is the class type, that they cannot be instantiated, that enum values cannot be reused, and that class constants will exist for enum cases)

New issue types: PhanReusedEnumCaseValue, PhanTypeInstantiateEnum, PhanTypeInvalidEnumCaseType, PhanSyntaxInconsistentEnum, PhanInstanceMethodWithNoEnumCases, PhanInstanceMethodWithNoEnumCases, PhanEnumCannotHaveProperties, PhanUnreferencedEnumCase, PhanEnumForbiddenMagicMethod.
Support php 7.4 covariant return types and contravariant parameter types when the configured or inferred minimum_target_php_version is '7.4' or newer (#3795)
Add initial support for the php 8.1 never type (in real return types and phpdoc). (#4380) Also add support for the phpdoc aliases no-return, never-return, and never-returns
Support casting iterable<K, V> to Traversable<K, V> with is_object or !is_array checks
Detect more types of expressions that never return when inferring types (e.g. when analyzing ?:, ?? operators)
Use php 8.1's tentative return types from reflection (hasTentativeReturnType, getTentativeReturnType) to assume real return types of internal functions/methods (#4400)

This can be disabled by setting use_tentative_return_type to false (e.g. when using subclasses of internal classes that return incompatible types).
Warn about modifying properties of classes that are immutable at runtime (enums, internal classes such as \Closure and \WeakRef, etc.) (#4313) New issue type: PhanTypeModifyImmutableObjectProperty

Dead code detection:

Infer that functions with a return type of never (or phpdoc aliases such as no-return) are unreachable when performing control flow analysis. This can be disabled by setting dead_code_detection_treat_never_type_as_unreachable to false

Note that control flow is only affected when UseReturnValuePlugin is enabled.

Plugins:

In UseReturnValuePlugin, also start warning about when using the result of an expression that evaluates to never New issue types: PhanUseReturnValueOfNever

Bug fixes:

As part of the work on php 7.4 contravariant parameter types, don't automatically inherit inferred parameter types from ancestor classlikes when (1) there is no @param tag with a type for the parameter on the overriding method and (2) the ancestor parameter types are a subtype of the real parameter types unless
1. @inheritDoc is used.
2. This is a generic array type such as array<string,mixed> that is a specialization of an array type. If you want to indicate that the overriding method can be any array type, add @param array $paramName.
Change composer.json dependency on composer/xdebug-handler from ^2.0 to ^1.1|2.0 to avoid conflicting with other libraries or applications that depend on xdebug-handler 1.x (#4382)
Support parsing multiple declare directives in the polyfill/fallback parser (#4160)

4.0.5

3 years ago

New Features (Analysis):

Fix handling of some redundant condition checks involving non-null-mixed and null (#4388, #4391)
Emit PhanCompatibleSerializeInterfaceDeprecated when a class implements Serializable without also implementing the __serialize and __unserialize methods as well. (#4387) PHP 8.1 deprecates the Serializable interface when __serialize and __unserialize aren't also implemented to be used instead of serialize/unserialize.

Maintenance:

Warn about running phan with multiple processes without pcntl before the analysis phase starts.
Start implementing __serialize/__unserialize in Phan itself in places that use Serializable.
Use different static variables in different subclasses of Phan\Language\Type to account for changes in static variable inheritance in php 8.1. (#4379)

Bug fixes:

Allow ?T to be used in parameter/property types with @template T (#4388)

4.0.4

3 years ago

New Features (CLI, Config):

Support --doc-comment flag on tool/make_stubs to emit the doc comments Phan is using for internal elements along with the stubs. (these are the doc comments Phan would use for hover text in the language server)
Allow target_php_version and minimum_target_php_version to be 8.1 or newer.

New Features (Analysis):

Support the php 8.1 array unpacking with string keys RFC (#4358). Don't emit warnings about array unpacking with string keys when minimum_target_php_version is '8.1' or newer.
Support php 8.1 array_is_list(array $array): bool conditional and its negation. (#4348)
Fix some false positive issues when trying to eagerly evaluate expressions without emitting issues (#4377)

Bug fixes:

Fix crash analyzing union type in trait (#4383)

Maintenance:

Update from xdebug-handler 1.x to 2.0.0 to support Xdebug 3 (#4382)

Plugins:

Cache plugin instances in ConfigPluginSet. This is useful for unit testing stateless plugins which declare the plugin class in the same file returning the plugin instance. (#4352)