search

vimeo / psalm

A static analysis tool for finding errors in PHP applications
https://psalm.dev
MIT License
5.57k stars 659 forks source link

Type narrowing doesn't work after string to int conversion #8419

Open fluffycondor opened 2 years ago

fluffycondor commented 2 years ago

https://psalm.dev/r/bf49f34907

A real-world example, quite easy, but it's a hard one for a static analyzer. I'd be nice to see int<2022, max> there someday :)

psalm-github-bot[bot] commented 2 years ago

I found these snippets:

https://psalm.dev/r/bf49f34907 ```php expected ``` ``` Psalm output (using commit 42462b8): INFO: Trace - 7:26 - $year: string INFO: Trace - 9:26 - $year: int ```
danog commented 2 years ago

You just need to change the assertion layout a bit: https://psalm.dev/r/e9953d77a7

psalm-github-bot[bot] commented 2 years ago

I found these snippets:

https://psalm.dev/r/e9953d77a7 ```php = 2022); /** @psalm-trace $year */; // int<2022, max> expected ``` ``` Psalm output (using commit 42462b8): INFO: Trace - 8:26 - $year: int<2022, max> ```
orklah commented 2 years ago

Yeah, a few things:

fluffycondor commented 2 years ago

Likewise, it would be easy to add here

Not so easy as it would be. ctype_* functions return true not only for asserted strings but also for some ASCII codes passed as int. That "but" can be ignored though, because passing ASCII codes is deprecated in PHP 8.1. But I'd like to stub it properly. Now looks like #8421 prevents me from doing it.

orklah commented 2 years ago

ctype_* functions return true not only for asserted strings but also for some ASCII codes passed as int.

doesn't matter a lot, all of that will be considered numeric. Psalm reconciliation should do the rest