Extra strict and opinionated rules for PHPStan

0.10.1 2018-07-06 20:36 UTC


Build Status Latest Stable Version License

PHPStan focuses on finding bugs in your code. But in PHP there's a lot of leeway in how stuff can be written. This repository contains additional rules that revolve around strictly and strongly typed code with no loose casting for those who want additional safety in extremely defensive programming:

  • Require booleans in if, elseif, ternary operator, after !, and on both sides of && and ||.
  • Require numeric operands or arrays in + and numeric operands in -/*///**/%.
  • Require numeric operand in $var++, $var--, ++$varand --$var.
  • These functions contain a $strict parameter for better type safety, it must be set to true:
    • in_array (3rd parameter)
    • array_search (3rd parameter)
    • array_keys (3rd parameter; only if the 2nd parameter $search_value is provided)
    • base64_decode (2nd parameter)
  • Variables assigned in while loop condition and for loop initial assignment cannot be used after the loop.
  • Types in switch condition and case value must match. PHP compares them loosely by default and that can lead to unexpected results.
  • Statically declared methods are called statically.
  • Disallow empty() - it's a very loose comparison (see manual), it's recommended to use more strict one.
  • Always true instanceof, type-checking is_* functions and strict comparisons ===/!==. These checks can be turned off by setting checkAlwaysTrueInstanceof/checkAlwaysTrueCheckTypeFunctionCall/checkAlwaysTrueStrictComparison to false.
  • Require parameter and return typehints for functions and methods (either native or phpDocs)
  • Correct case for referenced and called function names.
  • Correct case for inherited and implemented method names.
  • Contravariance for parameter types and covariance for return types in inherited methods (also known as Liskov substitution principle - LSP)
  • Check LSP even for static methods

Additional rules are coming in subsequent releases!


To use these rules, require it in Composer:

composer require --dev phpstan/phpstan-strict-rules

And include rules.neon in your project's PHPStan config:

	- vendor/phpstan/phpstan-strict-rules/rules.neon

Enabling rules one-by-one

If you don't want to start using all the available strict rules at once but only one or two, you can! Just don't include the whole rules.neon from this package in your configuration, but look at its contents and copy only the rules you want to your configuration under the services key:

		class: PHPStan\Rules\StrictCalls\StrictFunctionCallsRule
			- phpstan.rules.rule

		class: PHPStan\Rules\SwitchConditions\MatchingTypeInSwitchCaseConditionRule
			- phpstan.rules.rule