exakat 0.11.3 review : sun deity of mao

Exakat 0.11.3 review

Exakat 0.11.3 is out. This version focuses on speed gains, stability and adds 4 new analysis. As for news, there is now support for the sphinx and grpc extensions. Exakat also reports ‘randomly sorted arrays’, multiple catch on try and the alternative tags consistence. More insights for your code.

Randomly sorted arrays

Exakat reports arrays that are defined several times across the code, and have different sorting each time.
// some variable initializations
$cities = array(‘Paris’, ‘Montreal’, ‘Guangzhou’, ‘The Hague’);

// Another part of the code, probably another file
display_cities(array(‘Guangzhou’, ‘Montreal’, ‘Paris’, ‘The Hague’));

In the example above, the two arrays are identical in content, but not in order. They are obviously built for different usage, and may very well be written differently: the last one is in alphabetical order, so it may have been known at coding time. The first one has no special order, and may be chronologically added.

That difference in sorting may make this array harder to find and to make into a constant (for example), so as to reduce the amount of literal data in the code. Making the sorting consistent across the code is a good start to strengthen it, and centralize it.
On the other hand, the sorting may also be different because it represents different situations: whenever there is value in the sorting, the analyzer brings false positives. There is no much information left to tell the difference by looking at the code only.

Support for sphinx and grpc
Exakat added support for the Sphinx Client and GRPC library. Both have a PHP extension, which is in the manual or in the PECL repository.
There are now 137 extensions recognized by Exakat. They are read from the manual, from PECL or by popularity (like xdebug or suhoshin). This is the base for the Appinfo() report (in the Ambassador format), the Extension usage report, the directives listing and the compilation recommendations.

We keep adding extensions, and if any is missing, send us a link so we may add it to the analysis.

Multiple Catch per Try

A new analysis has been introduced, to detect ‘Multiple Catch per Try’. This feels strange at first, but it is quite an interesting analysis.
Firstly, one catch only is the norm, and multiple catch is much rarer. The usual case is to catch one Exception, or to catch a generic Exception. Catching several exceptions
Secondly, PHP 7.1.5 fixed a bug that froze PHP in certain weird case of multiple catches: see 74444. This analysis is needed to spot the situation.

Alternative syntax consistence

PHP sports two syntax: the syntax, or the normal syntax, for lack of a better word, and the alternative syntax.
if ($a === 2) {
// mixed syntax
foreach($b as $c):
$d += $a * $c;
While talking with Philippe Gamache about Exakat code preferences, we though about reporting preferences between syntax and alternative syntax. The preference for one or the other is detected when syntax or alternative syntax is used over 90% of the time.
Such a preference can’t be applied at the project level: first, by experience, all source code rely on both syntax, and most of the time, on the normal syntax. Alternative is simply rarer, and may never be a ‘code preference’.

The only situation where alternative syntax is most popular may be in templates. Several template engines have the habit to write PHP templates with alternative syntax, and keep the normal syntax for the engine. In that case, template files may have a majority of alternative syntax, and others have a majority of normal syntax.

This is how the ‘alternative syntax consistence’ analysis was born: for each file in the code source, the syntax usages are counted, and the majority is calculated. Then, the minority syntax is reported as an issue.

We’ll see how this analysis reports interesting results in the coming weeks.

Speed gains

Exakat 0.11.3 brings also speed gains for analysis that relies on functioncalls. Those functioncalls are now split into Functioncalls (for functions), Methodscall (for methods) and Newcall (for instantiations). PHP tokens doesn’t make any difference between them, while exakat has now different nodes for them in the graph database. Gremlin navigates through smaller sets of nodes before finding the good results.
More of such speed gains are scheduled for the upcoming weeks, so your favorites analysis are up from some accelerations.

Happy PHP code reviews

Exakat 0.11.3 brings speed gains, better coverage, up to date PHP 7.0.19 and 7.1.5 database and some new experimental analysis. Thanks to the contributors, who shared interesting insights about code analysis.
All the 310+ analyzers are presented in the docs, including the recent ‘random without try‘ that reports usage of random_bytes without encapsulating it in a try/catch. Download Exakat on exakat.io, upgrade it with ‘exakat.phar upgrade -u’ and like us on github: .