Exakat 1.6.3 Review

Exakat 1.6.3 Review

Exakat 1.6.3 Review

This is the Exakat 1.6.3 review for the 2019 new year! New analyzers focus on the upcoming speed boost for array_key_exists(), and the sometimes missing capturing subpatterns from preg_match(). The Ambassador report now includes a ‘new issues’ section, which displays only the most recently found issues in the code, since the last audit. The Exakat 1.6.1 is back!

Assign and compare

Assign and compare are two native PHP operators, which differ by their usage (doh) but also by their precedence. And it is not always obvious which operator is first, and which is second.


$a = $b == $c;

if ($a = $b == $c) {  


In the above example, the interesting expression is the same : literally the same. In the firs instance, it is easy to read that $a will contain the result of the comparison between $b and $c. While, in the second, it is easy to misread that $a will be assigned with $b, and their value will be compared to $c. Try your eyes on this second example :


while ($dir = readdir('.') !== false) {  
   // use $dir 

As such, assignation at condition time, also called iffectations, should be equipped with parentheses, to ensure the proper order of execution, or simply avoided.

Implemented methods are public

When a class x implements an interface y, then the implemented methods, a.k.a. the methods that are actually holding code, must be public. As the manual states it, in “Object interfaces” : “All methods declared in an interface must be public; this is the nature of an interface.”

Yet, it also happens that the implementing classes don’t pay attention to those details, and eventually use a protected or private visibility. This is particularly true when the implementing class and the original interface are far one from the other.This is leading to a PHP Fatal Error, at execution time.


interface i {   
   function foo() ;

class x implements i {  
   private function foo() {} 


This is a classic situation where PHP lint the code above, but stops during execution with a Fatal Error. Those errors may be caught by unit testing, unless some cowboy coding happens.

Exakat 1.6.3 detects the mis-configuration of visibility for implemented methods. It refines the previous analysis, where too many methods were found.

Object Reference omits arguments that are wholly assigned

Methods and functions may declare an argument as a reference, with the & operator before the argument name. This way, the value passed at call time is passed by reference : modifications on that value will also happen in the calling scope.

References are necessary for primary types, like strings or integers, as PHP would pass them by value, by default. Adding the & makes them more available.

On the other hand, objects do not require any &, as they are always passed by reference. So, any type hinted non-scalar argument is automatically a reference. As such, using & and an object is actually superfluous.


function foo($object, &$integer) {  
   $integer = 3;  
   $object->b = 4; 

$o = new stdClass();
$i = 5;

foo($o, $i);
// $i == 3;
// $o->b = 4;


Yet, one situation occurs where the & is also necessary for objects : you see, when passing the object, the modifications in the object are reported to the calling scope, but the modification of the object as a whole are not. This requires a reference to the object, and not just the object itself.


function foo(&$object) {  
   $object = new Stclass();

// $o is now a stdClass object


Exakat reports those situations, and has been refined to handle cleanly the situations where the argument is actually assigned with a new value. In other cases, the & is superfluous.

The Weekly Audits : 2019, Week #05

Exakat includes a ‘weekly’ report : this report is built with a selection of five analyses. This means a short audit report, with few issues to review. This is not a lot to read them, and review them in your code. Everyone in the PHP community can focus on one of the classic coding problems and fix it. Talk about the weekly audit around you : you’ll find programmers facing the same challenges.

To obtain the ‘weekly’ audit, run an audit, and request the ‘Weekly’ report.

# Init the project (skip when it is already done)    
php exakat.phar init -p <yourproject> -R https://github.com/Seldaek/monolog.git -git 

# Run the project (skip when it is already done)    
php exakat.phar project -p <yourproject> 

# Export the weekly project (every monday)    
php exakat.phar report -p <yourproject> -format Weekly 

# Open projects/<yourproject>/weekly/index.html in your browser    

Every week, you can find here 5 new analysis to review in your code. In fact, when your code is clean, you can also take a quick look at the upcoming

Weekly recommendations for PHP code review : 2018, week 2019-04

Happy PHP Code Reviews

All the 352 analyzers are presented in the docs, including the slight : Undefined Variable: Variable that is used before any creation. That is a very frequent bug (74%)

You can check all of the Exakat reports at the gallery: exakat gallery.

Download Exakat on exakat.io, install it with Docker, upgrade it with ‘exakat.phar upgrade -u’ and like us on github.