Exakat 1.4.9 Review

Exakat 1.4.9 Review

Exakat 1.4.9 Review

Exakat 1.4.9 follows the preparation of PHP 7.3 : we added a lot of new rules to get ready for the upcoming version. There was already 9 available checks, but more are coming in. The most interesting of it is that they close edge cases that will benefit other versions : avoid giving references to static properties, avoid mixing reading and writing the same variable in the same expression. We also kindly suggest you start using ‘named regex’, where the captured subpatterns have names. As the saying goes, I am not a number, I am the Exakat 1.4.9 review.

Static properties and references

From the UPGRADING docs, static properties were split between inheriting classes when the property was set with a reference.


class Test {      
       public static $x = 0;
class Test2 extends Test { }

Test2::$x = &$x;
$x = 1;

var_dump(Test::$x, Test2::$x);
// Previously: int(0), int(1)
// Now:        int(1), int(1)


This is a fairly rare piece of code, but a nasty bug when it shows up. This is now reported as an issue for version below PHP 7.3.

Repeated interfaces

PHP accepts multiple time the same interfaces in a implements clause, just like that :


class foo implements bar, bar, bar, bar {



Once bar is implemented, the following one is also valid, so there is no need for an error. As for clean code, of course, there is no need to repeat the interface, so this is now reported.

Note that this analysis is distinct from the Already Parents Interface analysis, which reports when an interface is implemented multiple times, over several generations : for example, when the class and its children both implements the same interface. This double implementation is also superfluous, but it is easier to miss.

Named Regex

PCRE is moving to PCRE 2.0 in PHP 7.3, so it will be time to review all those regex. While you’re at it, why not impress your friends and co-workers by giving names to sub-patterns ?

When using PCRE, sub-patterns get a number for later reference. In fact, you can give those subpatterns a literal name : this way, it is easier to understand what was captured, and in case of regex reorganisation, there is no need to change all the offsets. Look at that, there are even two ways to name a sub-pattern:


$x = 'abc';
preg_match_all('/(?<name>a)/', $x, $r);

preg_match("/(?<name>a)(?'sub'b)/", $x, $s);
print $s[2];
print $s['sub'];


It works with preg_match and preg_match_all. This is not a PHP 7.3 upgrade: this was introduced in PHP 5.2.2. Boy, time flies…

Accessing properties the right way

PHP warns us each time a property is accessed the wrong way : accessing a static property normally, or accessing normally a static property. The two errors are not the same : the first a Notice, while the second is a fatal error.


class a {     
    static public $a = 1;

    function foo() {         
        echo self\:\:$a; // right         
        echo $this-&gt;a; // WRONG     

class b {     
    public $b = 1;

    function foo() {
       echo $this-&gt;$b;  // right
        echo b\:\:$b;      // WRONG     


It is recommended checking all the access, and stick to their definition.

The Weekly Audits : 2018, Week #42

Exakat includes a ‘weekly’ report : this report is built with a selection of five analysis. This means a short audit report, with few issues to review. This is not a lot to read them, and review them in your code. Everyone in the PHP community can focus on one of the classic coding problems and fix it. Talk about the weekly audit around you : you’ll find programmers facing the same challenges.

To obtain the ‘weekly’ audit, run an audit, and request the ‘Weekly’ report.

# Init the project (skip when it is already done)  php exakat.phar init -p <yourproject> -R https://github.com/Seldaek/monolog.git -git 

# Run the project (skip when it is already done)  php exakat.phar project -p <yourproject> 

# Export the weekly project (every monday)  php exakat.phar report -p <yourproject> -format Weekly 

# Open projects/<yourproject>/weekly/index.html in your browser   

Every week, you can find here 5 new analysis to review in your code. In fact, when your code is clean, you can also take a quick look at the upcoming

This week, we focus on five special analysis.

Every week, you can find here 5 new analysis to review in your code. In fact, when your code is clean, you can also take a quick look at the upcoming week with the ‘Go further’ section.

Happy PHP Code Reviews

All the 359 analyzers are presented in the docs, including the fuzzy Strtr arguments : this native PHP call requires strings of the same length to be useful. Although this mostly applies to older code sources, it is a rare bug : 5% applications mishandle strtr().

You can check all of the Exakat reports at the gallery: exakat gallery.

Download Exakat on exakat.io, install it with Docker, upgrade it with ‘exakat.phar upgrade -u’ and like us on github.