Current version: 3.0_20160307

PHPLint is a validator and documentator for PHP 5 and PHP 7 programs. PHPLint extends the PHP language through transparent meta-code that can drive the parser to a even more strict check of the source. PHPLint is not simply a checker: it implements a new, strong typed, language built over the PHP language. You can build your programs from scratch with PHPLint in mind, or you can check and fix existing programs, or you can follow the quick-and-dirty PHP programming way and then add the PHPLint meta-code later once the program is finished. Whatever is the strategy you choose, PHPLint makes your programs safer, more secure, well documented and with drastically less bugs.

PHPLint accurately parses the target PHP source file for strict compliance to its own safety model that goes far beyond a simple syntax validation: flow analysis, tracking of exceptions and errors propagation, consistent type handling, function and method signature check, class autoloading, error mapping into exception, and much more. Moreover, only a report terminated by the statement "zero errors, zero warnings" guarantees that the generated documentation really matches the actual behavior of the program.

PHPLint is a program written in PHP itself: all you need in order to run PHPLint is the PHP-CLI interpreter 5.5 or newer; most of the development and testing of the latest release has been done with PHP 7.1, which demonstrates to be even faster and solid.

Resources provided along with the distributed package

Resources NOT PROVIDED along with the distributed package

Umberto Salsi

Site map

An abstract of the last comments from the visitors of this page follows. Please, use the Comments link above to read all the messages or to send your contribute.

2016-03-08 by Anonymous
i literally cant even read this site
ugliest website i ever did see

2015-11-19 by Umberto Salsi
Re: unknown variable , if variable not in current file, but in included file?
dreamin wrote: [...] Hi dreamin, the reason why that variable cannot be seen from another module is due to the fact that this latter module imports the first one using include(), include_once() or require() instead of require_once(). Sources imported with require(), include and include_once() are not parsed recursively because these statements are unreliable and are not safe when external code has to be included. Only require_once() garantees the external package will be loaded or a fatal error is raised, and garantees that the package will be loaded just once. You may find more about this feature here: http://www.icosaedro.it/phplint/phplint2/doc/reference.htm?p=packages Regards, - U.Salsi

2015-11-19 by dreamin
unknown variable , if variable not in current file, but in included file?
As the title described, such as the variable "$AAA" defined in def.php but referenced in ref.php; ref.php file like this: <?php> include('def.php') #$AAA defined in 'def.php' --using $AAA here-- <?> if i run phpl ref.php, i'll get error msg: $AAA not exist. if i run phpl def.php ref.php, the error msg will be disappeared. if i run php ref.php def.php, the error appears again... Then I concluded that: if I wanna get more accurate msg, I should manually specify included|required file in the executable command.... To do one-time checking is ok for me, but for the whole project, I need to firstly manually parse the source file to let the scanner to find the included php file, and give the file-location as the command options .. yesterday, I experienced this tool, awesome~, today, I dive into [...]

2015-07-18 by Anonymous
thanx to provide this type tools
very helpfull tool, i was irritate but this tool helped me alot, i got exact error and solved in 2 minutes, which was not solving since 12 hours

2014-11-11 by Entropy
Re: PHPLint finding errors with var_dump()
Umberto Salsi wrote: [...] Hi Umberto, I have read up more on PHPLint and PHP. Based on your reply and my own research I think that I now have a much better understanding of how PHPLint works. Thank you, Peter

2014-11-10 by Entropy
Re: PHPLint finding errors with var_dump()
Umberto Salsi wrote: [...] (PLEASE ADD YOUR COMMENTS HERE) Hi Umberto, Thank you for the reply. When I use /*. require_module 'filter'; .*/ I obtain this warning message: Warning: using deprecated package /home/salsi/src/phplint/modules/filter.php: Very poorly written interface with too many 'mixed' values, difficult to validate automatically, leaving to the programmer all the responsibility to handle properly arguments and returned values. The returned values are also 'mixed' with a complex semantic based on the special values NULL, FALSE/TRUE, etc. It is questionable if this library really adds security. What is your suggestion, either not use the likes of filter_var($checkEmail, FILTER_VALIDATE_EMAIL); at all or else use /*. require_module 'filter'; .*/ just to suppress the errors and [...]

2014-11-10 by Umberto Salsi
Re: PHPLint finding errors with var_dump()
Hi Peter, currently PHP allow to insert invalid escaped sequences, for example "\m": in this case, PHP simply passes all these characters verbatim without complaining. But, at the same time, the PHP developers team adds new escape sequences from time to time that break the compatibility with the existing code. For example \v \e \f are new sequences recently added; existing sources that contains that sequences do not work properly anymore. PHPLint, instead, is very pedantic while parsing literal strings, and always it pretends the backslash character '\' be used to enter an actual escape sequence choosen from a set of established, well know, escape sequences, exactly those he lists in its error messages. In this way the compatibility of the validated source is ensured with any past and [...]

2014-11-09 by Entropy
PHPLint finding errors with var_dump()
Hi Umberto, I must say I am most impressed with PHPLint. lt has found many errors in my code, thank you. Additionally the Reference Manual and the PHPLint Tutorial are very informative about problem areas even if one was not to use PHPLint. I have learnt much just by reading those. I am using the online verssion http://www.icosaedro.it/phplint/phplint-on-line2.html as I will not be able to install PHP on my computer. I have obtained some warnings and errors as follows: PHPLint issues warnings for back slashes From Example #4 Strip whitespace (please see below) located on the php.net site http://us3.php.net/manual/en/function.preg-replace.php <?php $str = 'foo o'; $str = preg_replace('/\s\s+/', ' ', $str); // This will be 'foo o' now echo $str; ?> Warning: invalid [...]

2014-02-11 by Anonymous
Anonymous functions
Could you please add support for PHPs anonymous functions?

2013-01-16 by Anonymous
Some time ago, you added a hard edit to prevent using relative paths in require_once. You suggested adding __DIR__. This works fine for PHP5.3+, but it fails for earlier releases. My ISP uses PHP5.2, so I can't both lint my code successfully and run it on my site. Prior releases of PHP can use the equivalent construction dirname(__FILE__), but PHPlint currently balks at that. Would it be possible for you to detect the use of dirname(__FILE__) in this circumstance, treating it as if it were __DIR__?

2012-08-16 by Anonymous
Great job! Thanks.
Though I'm not a fan of php I have to work with it. And I'm no fan of fancy POS'es like IDE's, I use vim, and I hate plugins. So I had no good way of checking php code since 'php -l', well mostly sucks. Now THIS is great tool and not some crappy plugin targeted only to some lame environment, its a general command line tool easily integratable anywhere/everywhere! Thank you very much.

2012-04-08 by Pierre Rudloff
Re: False positives
Umberto Salsi wrote: [...] I was confused because the doc only talks about 2 arguments for this function. But I have added /*., args.*/. [...] Well, the doc does say it is an interface, but when I try to implement it, I get: Fatal error: xDOMImplementation cannot implement DOMImplementation - it is not an interface in /var/www/assoquest/classes/DOMElement.php on line 2 [...] It works, thanks!

2012-04-08 by Umberto Salsi
Re: False positives
Pierre Rudloff wrote: [...] If the original method you are overriding accepts /*.args.*/, that is, it accepts 0 or more values of any type, also the overriding method must accept 0 or more values of any type; then, you cannot restrict its signature. If you really need such a method m(string[,string]), then either define a new method with a different name, or throw an unchecked exception UnexpectedValueException or InvalidArgumentException if the client calls the method with more than 2 args or with a second arg which is not string respectively. [...] If DOMImplementation really is an interface, it cannot be instantiated by definition. Only concrete classes can be instantiated. [...] The prototype of the get_headers() function as defined in the standard module is wrong, you may correct it [...]

2012-04-08 by Pierre Rudloff
False positives
Hello, I am using PHPLint to check my code and I seem to get 3 false positives: ==== /var/www/assoquest/classes/DOMElement.php:51: ERROR: `xDOMDocument::createElement()': the signature `xDOMElement(string [, string])' does not match the overridden method `DOMDocument::createElement()' declared in modules/dom:427 with signature `DOMElement(string, ...)': required variable number of arguments /*.args.*/ The doc says this for createElement: DOMElement DOMDocument::createElement ( string $name [, string $value ] ) So xDOMElement(string [, string]) should be OK. ==== /var/www/assoquest/classes/DOMElement.php:62: ERROR: cannot instantiate interface class `DOMImplementation' Why ? This class does have a constructor according to the doc: DOMImplementation::__construct ( void ) ==== 6: ERROR: [...]

2011-05-18 by Anonymous
Re: DateTimeZone::listIdentifiers Permits an Argument
Umberto Salsi wrote: [...] (PLEASE ADD YOUR COMMENTS HERE) Works perfectly! Thanks for the speedy response.

2011-05-17 by Umberto Salsi
Re: DateTimeZone::listIdentifiers Permits an Argument
Anonymous wrote: [...] The problem is due to the incomplete declaration of the prototype of the method in the 'standard' module. You can download the updated module from the CVS that fix this problem: http://cvs.icosaedro.it:8080/viewvc/*checkout*/public/phplint/modules/standard

2011-05-17 by Anonymous
DateTimeZone::listIdentifiers Permits an Argument
PHPLint handles this line with no problems: $lines = DateTimeZone::listIdentifiers(); However, when I add a permitted argument: $lines = DateTimeZone::listIdentifiers(DateTimeZone::ALL_WITH_BC); PHPLint flags that line: ERROR: `DateTimeZone::listIdentifiers()' declared in /home/owen/phplint/modules/standard:1175: too many arguments ERROR: constant `DateTimeZone::ALL_WITH_BC' does not exist In fact, this code is valid: http://www.php.net/manual/en/datetimezone.listidentifiers.php The code does execute as expected, returning different results when the argument is specified than when it is omitted. What do I, or you, need to do to get PHPLint to accept it?

2010-07-06 by Umberto Salsi
Re: Simplexml
Anonymous wrote: [...] The problem are the dynamically created properties, that are not supported by PHPLint (and never will be). Instead you can try to convert the $xml object into an array with $a = get_object_vars($xml); which returns a generic associative array of mixed values. This adds a little overhead due to unnecessary (for PHP) creation of another array that duplicates data that are already available in the $xml object. As an alternative, maybe more efficient, you may use the DOM module. In the following example the process_children(0 function completely traverses an XML document: /*. require_module 'spl'; require_module 'dom'; .*/ /*. void .*/ function process_children(/*. DOMNode .*/ $root, $level = 0) { $children = $root->childNodes; foreach($children as $elem){ $node = /*. [...]

2010-07-05 by Anonymous
Nice product! I have successfully run all my scripts through phplint, except for the following. I execute a web service, then process the output: $xml = simplexml_load_file(whatever); $answer = $xml->Result->Answer; That second line results in 2 messages: ERROR: property `SimpleXMLElement::$Result' does not exist or not visible Warning: `->' operator applied to a value of type unknown The script works fine, and I can certainly live with these messages if necessary. But if there is some way of supplying meta information, or even recoding the script, so that the messages aren't generated, that would be even better. Is there something that I can do?

2010-05-18 by Anonymous
Ignoring certain code
Hi, First, congratulations on PHPLint. I love static code checkers, they make the developer's life much easier! Is it possible (perhaps by means of specially formatted comments) to ignore certain parts of a document, for example for machine generated code or something like that? //G

2010-02-24 by Umberto Salsi
Re: parent classes
Anonymous wrote: [...] You may look at the "Importing packages" chapter of the reference manual where the recommended layout of the whole source program is explained. In few words, every class file should import all the classes it depends upon. Then in your case: require_once 'cParent.php'; class cChild extends cParent { ... }

2010-02-24 by Anonymous
parent classes
Hello, First at all: tnx a lot for PHPLint! I use PHPLint to analyze a large set of php classes. It's of great help when looking for potential bugs. I have a problem when PHPLint parses classes that make reference to their parents. For example for: class cChild extends cParent { public function __construct() { parent::__construct('mode'); } ... } PHPLint says: FATAL ERROR: invalid `parent::': class `cChild' do not has a parent

2010-01-04 by Umberto Salsi
Re: order of methods?
Anonymous wrote: [...] Currently already the WEB pages of PHPLint receive hundreds of distinct visitors every day, with several backlinks from other important WEB sites. So, as far as PHPLint is gaining more and more popularity, it is simple for any interested programmer to find this tool on The Net without difficulty either searcing for "PHP validation" or "PHP static analysis" or even "PHP documentor". [...] PHPLint is a single-pass parser (just like C and C++) for a two good reasons: 1) The program is much more simple tha than double-pass pass parser. Being PHPLint an experimental and rapidly evolving tool, this is an important advantage. 2) Sources written in the bottom-up order (simpler things first, the complex ones next) are easier to read by humans for code review. Recursive [...]

2010-01-01 by Anonymous
order of methods?
Dear Umberto, first off, thanks for writing such a great tool and releasing it to the PHP community. Btw, you really should add more meta tags to your site, your PHPLint site is not even found/ranked high when searching for "PHP Lint" on google (yep, "PHPLint" has you ranked #1). Anyway, I have a question. As far as I know and learned, your parser is a single-time parser, so basically, the following code would trigger an error that function "fun" is not found, because it is referenced in the code before it is defined. <?php fun(); function fun() { } ?> This behaviour results in many many PHPLint errors in my classes, because class method are called from other class methods which are defined "earlier" (e.g. a calls b, but b is defined before a). Now, I could reorder my whole libraries, [...]

2009-11-27 by Anonymous
Nice work! We used it to check our buggy PHP system. Once the analysis finished... lot of work! Thanks!

2009-08-20 by Anonymous
Custom types
Hi! PHPLint is useful tool. But it supports only built-in data types: int, float, string and so on. Are you plan to add support for simple custom data types? Examples of custom types: enum, money, temperature, safe_string, unsafe_string. From interpretator`s point of view such data is built-in type data. But from programmer`s point of view such data should be treated separately and should not be mixed with other built-in data types. For example enum is set of integer values, but we should not add, substract or divide it. Money and temperature are both float, but we should not assign money to temperature. Safe_string and unsafe_string are both string, but we should not directly assign unsafe_string to safe_string. Best regards, Andrey Epifantsev

2009-07-14 by Umberto Salsi
Re: PHP Namespaces
PHPLint 0.9 is out, with full support for namespaces, namespaces in DocBlocks, experimental class autoloading feature, magic constants expansion, iterators in foreach() (thank to Jirka Grunt for the code and all the suggestions!), data-flow analysis, and several other improvements. Check the CHANGES page for details.

2009-06-29 by Umberto Salsi
Re: PHP Namespaces
Anonymous wrote: [...] Full support for namespaces, along with other additions specific of PHP 5.3.0, will be available, I hope, within the next 2 or 3 weeks. I can anticipate that namespaces as implemented under PHPLint will be case-insensitive as required by PHP 5.3.0 but, as usual, PHPLint will enforce the proper spelling of the path. The challanging part is the "namespace" keyword used as operator, the behaviour of the DocBlock with qualified names, and the formatting of the generated documentation, but I plan to resolve all these issues soon.

2009-06-27 by Anonymous
PHP Namespaces
Hi, Great tool, PHPLint. What I'm missing now is support for the PHP namespaces. PHPLint halts when it encounters the namespace keyword. And/or can I use a workaround in the form of a pseudo phplint-module that will mock the namespace keyword? Kind regards, Michael van de Ven