report error for non-strict or empty comparison on truthy+falsy union

config.xsd

@@ -427,6 +427,7 @@
             <xs:element name="ReferenceReusedFromConfusingScope" type="IssueHandlerType" minOccurs="0" />
             <xs:element name="ReservedWord" type="IssueHandlerType" minOccurs="0" />
             <xs:element name="RiskyCast" type="IssueHandlerType" minOccurs="0" />
+            <xs:element name="RiskyTruthyFalsyComparison" type="IssueHandlerType" minOccurs="0" />
             <xs:element name="StringIncrement" type="IssueHandlerType" minOccurs="0" />
             <xs:element name="TaintedCallable" type="IssueHandlerType" minOccurs="0" />
             <xs:element name="TaintedCookie" type="IssueHandlerType" minOccurs="0" />

docs/running_psalm/error_levels.md

@@ -244,6 +244,7 @@ Level 5 and above allows a more non-verifiable code, and higher levels are even
 - [RedundantConditionGivenDocblockType](issues/RedundantConditionGivenDocblockType.md)
 - [RedundantFunctionCallGivenDocblockType](issues/RedundantFunctionCallGivenDocblockType.md)
 - [ReferenceConstraintViolation](issues/ReferenceConstraintViolation.md)
+- [RiskyTruthyFalsyComparison](issues/RiskyTruthyFalsyComparison.md)
 - [UndefinedTrace](issues/UndefinedTrace.md)
 - [UnresolvableInclude](issues/UnresolvableInclude.md)
 - [UnsafeInstantiation](issues/UnsafeInstantiation.md)

docs/running_psalm/issues.md

@@ -229,6 +229,7 @@
  - [ReferenceReusedFromConfusingScope](issues/ReferenceReusedFromConfusingScope.md)
  - [ReservedWord](issues/ReservedWord.md)
  - [RiskyCast](issues/RiskyCast.md)
+ - [RiskyTruthyFalsyComparison](issues/RiskyTruthyFalsyComparison.md)
  - [StringIncrement](issues/StringIncrement.md)
  - [TaintedCallable](issues/TaintedCallable.md)
  - [TaintedCookie](issues/TaintedCookie.md)

docs/running_psalm/issues/RiskyTruthyFalsyComparison.md

@@ -0,0 +1,29 @@
+# RiskyTruthyFalsyComparison
+
+Emitted when comparing a value with multiple types that can both contain truthy and falsy values.
+
+```php
+<?php
+
+/**
+ * @param array|null $arg
+ * @return void
+ */
+function foo($arg) {
+    if ($arg) {
+        // this is risky, bc the empty array and null case are handled together
+    }
+
+    if (!$arg) {
+        // this is risky, bc the empty array and null case are handled together  
+    }
+}
+```
+
+## Why this is bad
+
+The truthy/falsy type of one variable is often forgotten and not handled explicitly causing hard to track down errors.
+
+## How to fix
+
+Explicitly validate the variable with strict comparison.