danog/psalm
1
0
Fork 0
mirror of https://github.com/danog/psalm.git synced 2024-11-26 20:34:47 +01:00
Code Issues Projects Releases Wiki Activity
86af28aa31
psalm/docs
History
Markus Staab 86af28aa31
Document more taint types (#4704) 
* Document more taint types

Taken from the TaintKind enum

* Add more of a description

Co-authored-by: Matthew Brown <github@muglug.com>
2021-01-29 11:46:26 +01:00
..
annotating_code Update to more specific example 2021-01-29 11:46:04 +01:00
manipulating_code Add more accurate description of functionality 2021-01-29 11:39:44 +01:00
running_psalm Add example from @ludofleury's solution 2021-01-29 11:46:24 +01:00
security_analysis Document more taint types (#4704) 2021-01-29 11:46:26 +01:00
how_psalm_works.md Fix minor typos in docs (#3956) 2020-08-08 08:09:41 -04:00
README.md 4.x (#4363) 2021-01-29 11:39:58 +01:00
what_makes_psalm_complicated.md stripping trailing whitespace 2019-02-11 18:39:19 -05:00

README.md

About Psalm

Psalm is a static analysis tool that attempts to dig into your program and find as many type-related bugs as possible.

It has a few features that go further than other similar tools:

  • Mixed type warnings
    If Psalm cannot infer a type for an expression then it uses a mixed placeholder type. mixed types can sometimes mask bugs, so keeping track of them helps you avoid a number of common pitfalls.

  • Intelligent logic checks
    Psalm keeps track of logical assertions made about your code, so if ($a && $a) {} and if ($a && !$a) {} are both treated as issues. Psalm also keeps track of logical assertions made in prior code paths, preventing issues like if ($a) {} elseif ($a) {}.

  • Property initialisation checks
    Psalm checks that all properties of a given object have values after the constructor is called.

Psalm also has a few features to make it perform as well as possible on large codebases:

  • Multi-threaded mode
    Wherever possible Psalm will run its analysis in parallel to save time. Useful for large codebases, it has a massive impact on performance.

  • Incremental checks
    By default Psalm only analyses files that have changed and files that reference those changed files.

Example output

Given a file implode_strings.php:

<?php
$a = ['foo', 'bar'];
echo implode($a, ' ');

> ./vendor/bin/psalm implode_strings.php
ERROR: InvalidArgument - somefile.php:3:14 - Argument 1 of implode expects `string`, `array` provided (see https://psalm.dev/004)

Inspirations

There are two main inspirations for Psalm:

  • Etsy's Phan, which uses nikic's php-ast extension to create an abstract syntax tree
  • Facebook's Hack, a PHP-like language that supports many advanced typing features natively, so docblocks aren't necessary.

Index