Exakat 1.6.1 Review
This is the Exakat 1.6.1 review for the 2019 new year! New analyzers focus on the upcoming speed boost for array_key_exists(), and the sometimes missing capturing subpatterns from preg_match(). The Ambassador report now includes a ‘new issues’ section, which displays only the most recently found issues in the code, since the last audit. The Exakat 1.6.1 is back!
array_key_exists() gets a speed boost in PHP 7.4
There are still lingering questions about using isset() or arraykeyexists. In particular, isset() is faster, but it also confuses null with the absence of value. arraykeyexists() is slower, but do find values that hold null. To solve the paradox, using both is often a good idea, performance-wise.
<?php
$foo = [123 => 456];
// This is sufficient and efficient since PHP 7.4
if (array_search_key($foo[123])) {
// do something
}
// taking advantages of performances for PHP 7.4 and older
if (isset($foo[123]) || array_search_key($foo[123])) {
// do something
}
?>
This is a micro-optimisation, with measured and small impact on the code. Implement ZEND_ARRAY_KEY_EXISTS opcode to speed up array_key_exists() .
Partial results with preg_match()
preg_match() applies a regex to a string, and reports capturing sub-patterns in the third argument, when provided. This is a great way to check that a string satisfy some complex format, and collect important parts of the string when the regex succeeds.
<?php
// displays a full array, from 0 to 2 preg_match('/(a)(b)?/', 'abc', $r);
print_r($r);
/*
Array ( [0] => ab
[1] => a
[2] => b )
*/
?>
The trick is that preg_match() skips sub-patterns that are optional, when they are at the end. Thus, the resulting array doesn’t have always the same index :
<?php
// displays a partial array, from 0 to 1 preg_match('/(a)(b)?d/', 'adc', $r);
print_r($r);
/*
Array ( [0] => ad
[1] => a )
*/
?>
One of the trick here is to make sure that the regex doesn’t end on an optional sub-pattern. This is achieved by adding a dummy permanent sub-pattern at the end.
<?php
// displays a partial array, from 0 to 1 preg_match('/(a)(b)?(d)/', 'adc', $r);
print_r($r);
/*
Array ( [0] => ad
[1] => a
[2] =>
[3] => d )
*/
?>
Exakat 1.6.1 detects regex that ends with an optional sub-patterns, and suggest the upgrade to avoid missing index or half-empty returned arrays.
Focusing on the latest code issues
In the ‘Ambassador’ report, a new section was added at the end of December : new issues. This section presents the issues with a faceted engine, like the ‘Issue’ section : it also limits the issues to the one that are new since the previous audit. Only new issues are listed.
The difference between the current version and the previous is made, based on the file, line and type of issue that was found. When a ‘$a + 0′ is found on file ‘a.php’, on line 33, for the analyzer ‘Structures/AddZero’, it will only be displayed in this section when the same error is not already mentioned in the previous audit.
In particular, Exakat keeps track of line changes between audits : if the code on the issue was left untouched, but was moved due to refactoring happening on previous lines, then the line number has changed. Using skillfully diffs from the VCS, it is possible to keep track of the evolution of the code, and calculate where the old line will end up.
Focusing on new issues is a good filter to reduce the number of issues to review. It gives a shorter set of results, and it also focuses attention on code that is fresh and recent : this should lead you to better audit of your code.
This feature is automatic, and doesn’t need any installation. If you already have run an audit on a repository, the section will be filled at the next update. If you run a new audit, with a newer version of Exakat on the same code, it is probable that the ‘new’ section will be empty : no code change, no new issues.
The Weekly Audits : 2019, Week #02
Exakat includes a ‘weekly’ report : this report is built with a selection of five analyses. This means a short audit report, with few issues to review. This is not a lot to read them, and review them in your code. Everyone in the PHP community can focus on one of the classic coding problems and fix it. Talk about the weekly audit around you : you’ll find programmers facing the same challenges.
To obtain the ‘weekly’ audit, run an audit, and request the ‘Weekly’ report.
# Init the project (skip when it is already done)
php exakat.phar init -p <yourproject> -R https://github.com/Seldaek/monolog.git -git
# Run the project (skip when it is already done)
php exakat.phar project -p <yourproject>
# Export the weekly project (every monday)
php exakat.phar report -p <yourproject> -format Weekly
# Open projects/<yourproject>/weekly/index.html in your browser Every week, you can find here 5 new analysis to review in your code. In fact, when your code is clean, you can also take a quick look at the upcoming
Weekly recommendations for PHP code review : 2019, week 2019-02
- Unused Arguments : Those arguments are not used in the method or function.
- Throws An Assignement : It is possible to throw an exception, and, in the same time, assign this exception to a variable.
- Hardcoded Passwords : Hardcoded passwords in the code.
- Strange Name For Variables : Variables with strange names.
- Phpinfo : phpinfo() is a great function to learn about the current configuration of the server.
Happy PHP Code Reviews
All the 352 analyzers are presented in the docs, including the representative : Useless Global : Global are useless in two cases : with superglobals, like $_GET or $GLOBALS, and with variables that are not used.
It is a common bug : 23% applications include global but don’t use them.
You can check all of the Exakat reports at the gallery: exakat gallery.
Download Exakat on exakat.io, install it with Docker, upgrade it with ‘exakat.phar upgrade -u’ and like us on github.