exakat 0.11.8 review

Exakat 0.11.8 review

Exakat 0.11.8 has been published, as usual on Monday. This week, exakat received its very first PHP 7.2 specific analyzer : PHP 7.2 supports overwriting abstract methods. It goes with all the other PHP 7.2 analyzers that are ready. The Ambassador report now includes reports about framework usage, string encoding and a popularity indicator for analysis. One new analysis report classes where declarations do now follow the use trait, const, properties and methods order (give us your feedback!) or if a class may implement an interface.

PHP 7.2-only method

Far in advance for its time, exakat already report back-ward incompatibilities for PHP 7.2 code. Reading from the voted RFC PHP RFC: Allow abstract function override, PHP 7.2 is now able to compile overloaded abstract methods. According to the RFC, this is not a frequent question, but it works with the other methods, so why make an exception out of abstract methods?

<?php
abstract class A { abstract function foo() {} }
abstract class B extends A { abstract function foo() {} }
// Fatal error: Can't inherit abstract function A::foo()
// See it live: https://3v4l.org/lgUjG
?>

This was already added to compatibilityPHPxx themes in Exakat. The compatibilityPHP72 theme already holds 16 analysis to get your code ready for the upcoming PHP 7.2. At the time of writing, the branch hasn’t been created yet, though.

Upgrade of the ambassador report

The Ambassador report is the code-name for our most complete audit report. While it tends to grow, it also spawns more focused reports. This week, it was updated in several point: as usual, the new analyzers are added automatically to the issue list. Some new information made their way into the report. See them live in phpmyadmin’s report.

Literal strings are reported with their encoding and unicode block

The strings now report which encoding is used to write the string literals, and which block of the unicode are used.

 

 

 

Secondly, Ambassador now reports a short list of frameworks components whose usage is detected in the code. Definitions of such frameworks are usually in composer’s files, but the actual usage is available through calls to classes, namespaces or functions. This gives an overview of the dependencies.

Exakat detect various frameworks usage in the code

 

Note that, at the moment, CakePHP tends to be reported quite often. CakePHP has a full history of its versions and classes, available in a database for Exakat. Before version 1.0, CakePHP has an aptly named class called ‘Cookie’, in the global space. That tends to collide with many legacy code, which also has such a class.

 

 

Exakat analysis ranked by popularity

Finally, analyzers may be ranked by frequency. We thought initially to call this ‘popularity’ : it is the percentage of chance for the analyzer to yield results, when given a code. Basically, 91% of PHP code has some files with multiple classes or interfaces in them, which makes it a very common issue. On the other hand, an implied if ( something like $a == 2 || die() ) occurs in less than ¼ of every PHP code, making it far less common (and yet, still). We have more on the analysis frequencies coming for you, so I won’t detail this more here.

Order of declarations in a class

Apparently, PHP doesn’t pay much attention to the order of declaration. Our first attempt at checking this consistency is to rely on this order:

<?php
class foo {
use traits;
const constante = 1;
private $property = 2;
public function methode() {}
}
?>

A new analyzer is now checking that a constant wasn’t written down below, among methods or a property was added at the bottom of the script. This tends to make the code difficult to read.
This first default declaration order may easily be refined with a few subtleties:

  • private/protected/public order
  • final/abstract/static/none order
  • magic methods first (like __constructor first).

But before we go further, this is a first analysis. Do you have a favorite order for declaring element in a class ? Let us hear it!

Could use interface

Finally, the other analysis of the week can find classes that has all the methods to implement an interface, but doesn’t implement it explicitly. This looks like a forgotten feature in the code.

<?php
class MyArray {
public function offsetExists ( $offset ) { /**/ }
public function offsetGet ( $offset ){ /**/ }
public function offsetSet ( $offset , mixed $value ){ /**/ }
public function offsetUnset ( $offset ){ /**/ }
}
?>

Happy PHP code reviews

Exakat 0.11.8 has also several long-term features started, but not yet available. They will emerge in the coming weeks, so stay tuned for more code insights and audits!
All the 320+ analyzers are presented in the docs, including the polemic ‘No implied if then‘ which emulate a whole if/then structure with a ‘or’ or ‘and’ operator, leading to hidden or masked code.
Download Exakat on exakat.io, upgrade it with ‘exakat.phar upgrade -u’ and like us on github.