Error Identifier: possiblyImpure.eval
Every error reported by PHPStan has an error identifier. Here’s a list of all error identifiers. In PHPStan Pro you can see the error identifier next to each error and filter errors by their identifiers.
Code example #
<?php declare(strict_types = 1);
/**
* @phpstan-pure
*/
function compute(string $expression, bool $dynamic): mixed
{
if ($dynamic) {
return eval('return ' . $expression . ';'); // ERROR: Possibly impure eval in pure function compute().
}
return $expression;
}
Why is it reported? #
A function or method marked as @phpstan-pure must not have side effects and must always return the same result for the same inputs. Using eval() inside a pure function is considered an impure operation because eval() can execute arbitrary code with unpredictable side effects – it can modify global state, output content, define new functions or classes, and generally do anything that PHP code can do.
When PHPStan cannot determine with certainty whether the eval() call always executes (for example, because it is inside a conditional branch), it reports a “possibly impure” error rather than a definite impure one.
How to fix it #
Remove the eval() call from the pure function, or remove the @phpstan-pure annotation if the function genuinely needs to use eval():
<?php declare(strict_types = 1);
-/**
- * @phpstan-pure
- */
function compute(string $expression, bool $dynamic): mixed
{
if ($dynamic) {
return eval('return ' . $expression . ';');
}
return $expression;
}
Alternatively, refactor the function to avoid eval() entirely and keep it pure.
How to ignore this error #
You can use the identifier possiblyImpure.eval to ignore this error using a comment:
// @phpstan-ignore possiblyImpure.eval
codeThatProducesTheError();You can also use only the identifier key to ignore all errors of the same type in your configuration file in the ignoreErrors parameter:
parameters:
ignoreErrors:
-
identifier: possiblyImpure.eval