reproducer

Author: mvhirsch

tests/Type/Php/TypeAssertionsTest.php

@@ -15,6 +15,7 @@ public static function dataFileAsserts(): iterable
         yield from self::gatherAssertTypes(__DIR__ . '/data/preg_match_checked.php');
         yield from self::gatherAssertTypes(__DIR__ . '/data/preg_replace_return.php');
         yield from self::gatherAssertTypes(__DIR__ . '/data/json_decode_return.php');
+        yield from self::gatherAssertTypes(__DIR__ . '/data/preg_match_identity_check.php');
     }
 
     /**

tests/Type/Php/data/preg_match_identity_check.php

@@ -0,0 +1,31 @@
+<?php
+
+namespace TheCodingMachine\Safe\PHPStan\Type\Php\data;
+
+use function Safe\preg_match;
+
+// PHPStan bug report: Safe\preg_match with "1 ===" identity check does NOT narrow $matches,
+// even though plain truthy if (preg_match(...)) works correctly.
+//
+// Root cause: PHPStan's TypeSpecifier.php has a hardcoded literal-name check for 'preg_match'
+// in resolveNormalizedIdentical(). This triggers specifyTypesInCondition() on the FuncCall, but
+// the FuncCall is wrapped in AlwaysRememberedExpr at that point, so FunctionTypeSpecifyingExtension
+// is never called and $matches is not narrowed.
+//
+// This affects ANY extension-based preg_match wrapper (e.g. Safe\preg_match) — not only native.
+
+$pattern = '/H(.)ll(o) (World)?/';
+$string = 'Hello World';
+
+// This is what SHOULD happen (same as the truthy check in preg_match_checked.php):
+$expectedType = "array{0: non-falsy-string, 1: non-empty-string, 2: 'o', 3?: 'World'}";
+
+// BUG: $matches is NOT narrowed — actual type is array{}|array{...} instead of array{...}
+if (1 === preg_match($pattern, $string, $matches)) {
+    \PHPStan\Testing\assertSuperType($expectedType, $matches);
+}
+
+// BUG: same issue via FQCN
+if (1 === \Safe\preg_match($pattern, $string, $matches2)) {
+    \PHPStan\Testing\assertSuperType($expectedType, $matches2);
+}