Crash when '9223372036854775807' literal is used as an array key

[MoonE]

https://psalm.dev/r/cbd73b78e5

[psalm-github-bot]

I found these snippets:

https://psalm.dev/r/cbd73b78e5

<?php
['9223372036854775807' => ''];

Psalm encountered an internal error:

/vendor/vimeo/psalm/src/Psalm/Internal/Analyzer/Statements/Expression/ArrayAnalyzer.php: Cannot assign float to property Psalm\Internal\Analyzer\Statements\Expression\ArrayCreationInfo::$int_offset of type int

[MoonE]

PHP Fatal error: Uncaught Error: Cannot add element to the array as the next element is already occupied

Thrown from php when executing this code:

<?php
$x = [PHP_INT_MAX => ''];
$x[] = '';

When int_offset would store the current offset (initialized with -1) instead of the next offset it would be possible to check if the array is already full and add a message.

diff --git a/src/Psalm/Internal/Analyzer/Statements/Expression/ArrayAnalyzer.php b/src/Psalm/Internal/Analyzer/Statements/Expression/ArrayAnalyzer.php
index 0c0e30fcc..b2a64ef6d 100644
--- a/src/Psalm/Internal/Analyzer/Statements/Expression/ArrayAnalyzer.php
+++ b/src/Psalm/Internal/Analyzer/Statements/Expression/ArrayAnalyzer.php
@@ -333,11 +333,11 @@ class ArrayAnalyzer
                 } elseif ($key_type->isSingleIntLiteral()) {
                     $item_key_value = $key_type->getSingleIntLiteral()->value;
 
-                    if ($item_key_value >= $array_creation_info->int_offset) {
+                    if ($item_key_value > $array_creation_info->int_offset) {
                         if ($item_key_value === $array_creation_info->int_offset) {
                             $item_is_list_item = true;
                         }
-                        $array_creation_info->int_offset = $item_key_value + 1;
+                        $array_creation_info->int_offset = $item_key_value;
                     }
                 }
             } else {
@@ -345,7 +345,11 @@ class ArrayAnalyzer
             }
         } else {
             $item_is_list_item = true;
-            $item_key_value = $array_creation_info->int_offset++;
+            if ($array_creation_info->int_offset < PHP_INT_MAX) {
+                $item_key_value = ++$array_creation_info->int_offset;
+            } else {
+                // FIXME: Cannot insert array element, php does not allow it.
+            }
             $key_atomic_type = new TLiteralInt($item_key_value);
             $array_creation_info->item_key_atomic_types[] = $key_atomic_type;
             $key_type = new Union([$key_atomic_type]);

Code is duplicated in SimpleTypeInferer and ArrayAnalyzer and should be fixed there, too.

[weirdan]

Code is duplicated in SimpleTypeInferer and ArrayAnalyzer and should be fixed there, too.

Good point.

PHP Fatal error: Uncaught Error: Cannot add element to the array as the next element is already occupied

I think we better fix it separately from the original problem.