Exakat code index Exakat PHP Index of coding

Not using @ is the poster child of good practices. It’s also looked upon, as an impossible goal. Did you know that the @ operator is only merely used by 50% of PHP applications ? Same for parenthesis with include and co : don’t use them, like 50% of the developers. This is how the Exakat PHP Index of coding was born.

Every month, Exakat runs thousands of analysis on half a million lines of PHP code. This is primarily for testing purpose, a kind of torture test that checks the engine run on any kind of code. And it is very useful to ensure all situations are correctly handled.

We also extracted the following stats out of 1700+ projects, analysis by analysis. This way, any issue may be ranked from ‘wide spread’ to ‘very unusual’. In fact, ‘wide spread’ may also be understood as : ‘almost a feature’. May be we can suggest a few of them to wiki.php.net.

Each analysis is ranked below, with its frequency of appearance in code, its progression. If you want to test your own code, just install exakat and run an audit.

is for a newly developed analysis, and is for analysis getting obsolete.

Nov 17 Oct 17 Prog. Name Rating Change
1 1 Uses Default Values   94.49 % -3.30 %
2 2 Used Once Variables (In Scope)   92.58 % 28.10 %
3 3 Unused Methods   89.69 % -0.20 %
4 4 Should Use Local Class   89.05 % -1.20 %
5 5 Overwriting Variable   87.60 % -3.90 %
6 6 Could Be Protected Method   87.31 % -3.80 %
7 8 Property Could Be Private Method   86.56 % -1.20 %
8 7 Unused Arguments   86.33 % -3.50 %
9 9 Overwritten Literals   83.96 % -3.40 %
10 10 PHP Keywords As Names   81.81 % -2.30 %
11 11 Unresolved Classes   78.40 % -1.90 %
12 12 Nested Ifthen   76.37 % -4.40 %
13 13 Undefined Classes   76.14 % -1.30 %
14 15 Unitialized Properties   75.85 % 1.10 %
15 14 Long Arguments   75.79 % -0.10 %
16 17 Unused Classes   75.21 % -0.50 %
17 18 Relay Function   75.04 % 4.30 %
18 16 Not Definitions Only   74.98 % -4.60 %
19 19 Useless Parenthesis   73.82 % -4.30 %
20 20 Should Make Ternary   73.71 % -0.10 %
21 21 Used Once Variables   72.55 % -3.90 %
22 23 Buried Assignation   71.16 % -0.60 %
23 24 Use Positive Condition   69.94 % -3.30 %
24 22 Preprocessable   69.83 % -24.60 %
25 25 Property Variable Confusion   69.19 % -0.10 %
26 26 Avoid Optional Properties   68.73 % -2.90 %
27 27 Pre-increment   65.66 % -3.90 %
28 29 Property Could Be Private Property   65.54 % -2.70 %
29 28 Locally Unused Property   65.43 % -3.80 %
30 30 No Need For Else   64.96 % -6.70 %
31 32 Could Make A Function   64.50 % -2.40 %
32 31 Property Used In One Method Only   64.44 % -3.60 %
33 33 Randomly Sorted Arrays   64.44 % -0.60 %
34 35 Used Once Property   63.23 % 0.40 %
35 311 No Boolean As Default   63.17 % 631.70 %
36 34 Switch To Switch   62.99 % -2.60 %
37 36 Bail Out Early   62.82 % -0.20 %
38 39 No Class As Typehint   62.59 % 5.30 %
39 37 Iffectations   62.24 % -2.40 %
40 41 Assigned Twice   61.60 % 1.30 %
41 38 Use Class Operator   61.55 % -6.30 %
42 40 No Class In Global   61.08 % -5.10 %
43 42 Never Used Properties   60.97 % -2.00 %
44 43 Empty Function   60.04 % -1.80 %
45 44 Drop Else After Return   59.98 % -1.20 %
46 45 Constant Class   59.87 % 1.80 %
47 N/A Too Complex Expression   59.75 % 597.50 %
48 46 Could Use Alias   59.17 % 6.10 %
49 48 Check All Types   58.01 % -1.90 %
50 49 Altering Foreach Without Reference   57.73 % -0.50 %
51 47 Else If Versus Elseif   57.67 % -5.90 %
52 52 Could Be Private Class Constant   57.38 % 3.10 %
53 53 Could Be Protected Class Constant   57.38 % 3.10 %
54 50 Wrong Number Of Arguments   57.20 % -3.50 %
55 51 Dont Change The Blind Var   57.20 % -1.10 %
56 54 Undefined Constants   57.03 % 7.30 %
57 57 Unresolved Use   55.58 % 7.10 %
58 55 include_once() Usage   55.41 % -4.70 %
59 56 No Parenthesis For Language Construct   55.12 % -7.60 %
60 58 Method Used Below   54.25 % -0.90 %
61 59 @ Operator   52.98 % -1.70 %
62 60 Undefined Functions   52.63 % -3.40 %
63 61 Exit() Usage   52.28 % -4.50 %
64 62 Switch Without Default   52.11 % 1.50 %
65 63 Echo With Concat   51.47 % -3.10 %
66 65 Uncaught Exceptions   51.41 % 4.00 %
67 64 Could Be Protected Property   51.12 % -1.20 %
68 66 Static Loop   50.72 % -1.10 %
69 67 Aliases Usage   50.20 % -3.30 %
70 68 Empty Classes   50.14 % 0.90 %
71 69 Common Alternatives   49.21 % -1.30 %
72 71 Use Instanceof   48.98 % 0.60 %
73 70 Mixed Concat And Interpolation   48.92 % -1.20 %
74 72 Function Subscripting, Old Style   48.75 % -0.60 %
75 74 Several Instructions On The Same Line   48.00 % -2.70 %
76 73 Use === null   47.94 % -6.90 %
77 77 No array_merge() In Loops   47.65 % 0.90 %
78 75 Empty Instructions   47.48 % -3.20 %
79 78 Could Typehint   47.19 % 1.10 %
80 76 Repeated Regex   46.67 % -10.70 %
81 86 Logical To in_array   46.49 % 33.30 %
82 79 Strpos()-like Comparison   46.38 % 0.10 %
83 80 String May Hold A Variable   45.22 % 1.00 %
84 81 Could Use Short Assignation   44.64 % -1.80 %
85 82 Mismatched Ternary Alternatives   44.29 % -1.80 %
86 83 Use const   43.71 % -5.20 %
87 85 Undefined Properties   43.48 % -3.30 %
88 87 Static Methods Called From Object   42.73 % -3.10 %
89 90 Useless Interfaces   42.61 % 4.60 %
90 88 Should Use array_column()   42.21 % -1.20 %
91 89 Should Typecast   42.15 % -0.60 %
92 92 Undefined Interfaces   41.74 % 6.60 %
93 91 Unused Functions   41.11 % -1.50 %
94 93 Could Be Class Constant   41.05 % 0.90 %
95 94 Return True False   40.76 % -1.40 %
96 95 Use random_int()   40.53 % -1.30 %
97 98 Empty Blocks   40.41 % 3.40 %
98 96 Undefined Class Constants   40.35 % 1.10 %
99 97 Preprocess Arrays   40.24 % 1.70 %
100 100 Unused Use   39.95 % 1.80 %
101 99 No Substr() One   39.89 % -0.60 %
102 152 Confusing Names   39.49 % 142.90 %
103 101 Double Instructions   39.37 % 1.40 %
104 103 Double Assignation   38.91 % -0.90 %
105 102 Forgotten Visibility   38.67 % -3.30 %
106 104 Unreachable Code   38.50 % 1.00 %
107 105 Could Be Typehinted Callable   38.39 % 2.90 %
108 106 Strict Comparison With Booleans   37.63 % -2.40 %
109 107 Timestamp Difference   36.30 % -1.40 %
110 110 Logical Should Use Symbolic Operators   35.78 % -0.70 %
111 109 For Using Functioncall   35.55 % -3.00 %
112 108 Global Usage   35.55 % -5.30 %
113 111 Useless Check   35.37 % -2.40 %
114 112 Useless Instructions   35.26 % 1.30 %
115 113 If With Same Conditions   34.85 % -2.20 %
116 114 Could Use self   34.68 % -3.30 %
117 84 Modernize Empty With Expression   34.56 % -96.70 %
118 120 Unresolved Instanceof   34.27 % 6.20 %
119 115 Could Use __DIR__   34.16 % -4.40 %
120 116 Unused Static Methods   34.10 % 1.60 %
121 123 No Public Access   33.75 % 10.60 %
122 117 Repeated print()   33.52 % -3.00 %
123 118 Wrong Parameter Type   33.52 % -1.80 %
124 122 Htmlentities Calls   33.41 % 3.60 %
125 121 No Return Used   33.35 % 0.60 %
126 119 Unused Constants   33.29 % -3.60 %
127 124 Don’t Change Incomings   32.42 % 0.20 %
128 126 Class Should Be Final By Ocramius   32.13 % 5.70 %
129 125 var_dump()… Usage   32.02 % -0.80 %
130 128 Should Make Alias   31.44 % 5.30 %
131 129 Adding Zero   31.32 % 5.30 %
132 130 Should Use Coalesce   30.74 % 1.90 %
133 127 Unchecked Resources   30.45 % -4.60 %
134 132 Should Use Foreach   30.39 % 3.10 %
135 133 Undefined Parent   29.76 % -2.60 %
136 134 Empty Try Catch   29.70 % 1.60 %
137 135 No Choice   29.58 % 1.00 %
138 136 Cast To Boolean   29.24 % 1.70 %
139 137 Forgotten Interface   29.12 % 0.50 %
140 138 Only Variable Passed By Reference   28.66 % 0.70 %
141 142 Unthrown Exception   28.25 % 4.90 %
142 141 Multiple Alias Definitions   28.14 % 3.20 %
143 140 Assign Default To Properties   28.02 % 1.40 %
144 139 Implicit Global   27.62 % -5.60 %
145 143 Make Global A Property   27.15 % -3.70 %
146 N/A Unconditional Break In Loop   27.04 % 270.40 %
147 145 Eval() Usage   26.69 % 1.80 %
148 144 Multiple Constant Definition   26.34 % -3.50 %
149 147 Print And Die   26.17 % -1.60 %
150 149 Avoid Using stdClass   26.17 % 1.90 %
151 146 Written Only Variables   25.94 % -4.50 %
152 150 Sequences In For   25.65 % -0.30 %
153 153 No Direct Call To Magic Method   25.65 % 5.70 %
154 154 Wrong Optional Parameter   25.47 % 6.20 %
155 148 No Hardcoded Hash   25.47 % -5.10 %
156 166 list() May Omit Variables   25.36 % 25.90 %
157 151 Useless Constructor   24.84 % -3.60 %
158 155 Could Use str_repeat()   24.84 % -0.10 %
159 156 Useless Abstract Class   24.78 % 1.70 %
160 157 Mismatched Default Arguments   24.37 % 0.60 %
161 158 Objects Don’t Need References   24.31 % 1.80 %
162 159 One Variable String   24.08 % 1.80 %
163 160 Dangling Array References   23.85 % -0.50 %
164 161 No Implied If   23.79 % 0.10 %
165 164 Use Constant As Arguments   23.56 % 3.80 %
166 163 Unused Private Properties   23.50 % 3.20 %
167 165 Should Chain Exception   23.27 % 4.50 %
168 162 Unused Returned Value   23.10 % -3.20 %
169 167 No Direct Usage   22.29 % -1.20 %
170 168 No Hardcoded Path   22.06 % -2.30 %
171 170 Empty Interfaces   21.94 % 1.30 %
172 169 Incompilable Files   21.82 % -1.10 %
173 171 Useless Global   21.25 % -4.50 %
174 173 Useless Return   20.61 % -0.70 %
175 174 Undefined static:: Or self::   20.09 % -1.20 %
176 178 Unset In Foreach   19.97 % 2.40 %
177 177 Var   19.62 % -1.70 %
178 175 Could Be Static   19.62 % -4.70 %
179 180 Useless Switch   19.45 % -0.50 %
180 188 Forgotten Thrown   19.45 % 10.20 %
181 179 Multiple Index Definition   19.39 % -1.70 %
182 176 Multiple Class Declarations   19.22 % -6.90 %
183 186 Class Name Case Difference   19.05 % 3.90 %
184 183 Should Use Prepared Statement   18.99 % -0.30 %
185 181 Too Many Local Variables   18.99 % -3.30 %
186 187 Useless Casting   18.87 % 2.10 %
187 185 No Isset With Empty   18.70 % -0.20 %
188 184 Deprecated Functions   18.12 % -6.60 %
189 198 Alternative Syntax Consistence   17.95 % 20.80 %
190 191 Avoid get_class()   17.89 % 1.20 %
191 189 Useless Unset   17.77 % -1.80 %
192 190 No Hardcoded Ip   17.77 % 0.00 %
193 192 Logical Mistakes   17.60 % 0.10 %
194 194 Unused Interfaces   17.19 % 6.10 %
195 182 Missing Cases In Switch   16.79 % -22.90 %
196 195 Redefined Default   16.73 % 1.50 %
197 193 Use Object Api   16.44 % -3.20 %
198 196 Non-constant Index In Array   16.38 % -0.20 %
199 197 Unused Global   15.92 % -2.50 %
200 172 $this Belongs To Classes Or Traits   15.28 % -61.20 %
201 264 Dont Echo Error   15.22 % 119.00 %
202 199 Non Static Methods Called In A Static   14.59 % -1.50 %
203 201 One Letter Functions   14.53 % 2.70 %
204 206 Should Use Constants   14.18 % 2.70 %
205 200 Old Style Constructor   14.12 % -3.20 %
206 203 Use With Fully Qualified Name   14.12 % 0.30 %
207 204 Forgotten Whitespace   14.07 % 1.60 %
208 205 Foreach Reference Is Not Modified   14.07 % 1.60 %
209 202 Results May Be Missing   14.07 % -0.70 %
210 131 Strings With Strange Space   13.43 % -168.30 %
211 209 Identical Conditions   13.37 % 5.90 %
212 207 While(List() = Each())   13.20 % -2.30 %
213 208 Assign With And   13.08 % -2.30 %
214 210 Undefined Trait   12.91 % 3.10 %
215 213 Must Return Methods   12.56 % 7.30 %
216 211 preg_replace With Option e   12.56 % 3.80 %
217 212 Suspicious Comparison   11.98 % -1.40 %
218 214 Unpreprocessed Values   11.92 % 3.30 %
219 217 eval() Without Try   11.58 % 3.50 %
220 216 Illegal Name For Method   11.58 % 2.30 %
221 220 Indices Are Int Or String   11.17 % 3.00 %
222 222 Hidden Use Expression   11.05 % 4.70 %
223 219 Failed Substr Comparison   11.05 % 1.20 %
224 218 Redeclared PHP Functions   11.00 % -1.70 %
225 215 Unknown Directive Name   10.88 % -5.90 %
226 223 Catch Overwrite Variable   10.77 % 3.10 %
227 221 Nested Ternary   10.59 % 0.10 %
228 227 Dependant Trait   10.48 % 2.60 %
229 225 Lone Blocks   10.36 % 1.40 %
230 226 Useless Brackets   10.36 % 1.40 %
231 224 Or Die   10.24 % -1.60 %
232 228 Already Parents Interface   10.07 % -0.30 %
233 271 Hardcoded Passwords   10.01 % 81.10 %
234 229 Phpinfo   9.95 % -0.30 %
235 230 Multiply By One   9.84 % 0.40 %
236 232 Deep Definitions   9.49 % 0.40 %
237 231 Wrong fopen() Mode   9.26 % -2.50 %
238 234 Overwritten Exceptions   9.20 % 1.70 %
239 233 Avoid Parenthesis   9.09 % -2.40 %
240 235 Access Protected Structures   8.62 % 2.40 %
241 236 No Real Comparison   8.51 % 2.50 %
242 237 Redefined Class Constants   8.28 % 2.00 %
243 239 Not Not   7.87 % 1.50 %
244 241 Scalar Or Object Property   7.75 % 2.00 %
245 240 Mismatched Typehint   7.70 % 0.40 %
246 238 Using $this Outside A Class   7.64 % -2.60 %
247 242 Multiples Identical Case   7.06 % -0.10 %
248 243 Same Conditions In Condition   6.94 % -1.30 %
249 245 Unused Traits   6.89 % 3.00 %
250 246 Use Pathinfo   6.42 % 0.60 %
251 244 No Hardcoded Port   6.42 % -3.50 %
252 248 Unkown Regex Options   6.42 % 6.60 %
253 247 Queries In Loops   6.31 % 0.10 %
254 251 Class, Interface Or Trait With Identical Names   5.84 % 4.90 %
255 N/A Multiple Type Variable   5.73 % 57.30 %
256 249 Too Many Injections   5.55 % 0.90 %
257 250 $this Is Not An Array   5.50 % 0.90 %
258 255 self, parent, static Outside Class   5.32 % 3.30 %
259 254 No Magic With Array   5.32 % 1.50 %
260 252 preg_match_all() Flag   5.26 % -0.30 %
261 253 __DIR__ Then Slash   5.09 % -0.80 %
262 258 Instantiating Abstract Class   4.80 % 1.10 %
263 257 Static Methods Can’t Contain $this   4.69 % -1.20 %
264 256 $this Is Not For Static Methods   4.69 % -1.80 %
265 259 No Self Referencing Constant   4.69 % 1.20 %
266 260 Lost References   4.45 % 0.00 %
267 262 Ambiguous Array Index   4.40 % 1.80 %
268 261 Too Many Finds   4.34 % 0.60 %
269 263 Old Style __autoload()   4.22 % 1.20 %
270 302 Strange Name For Variables   4.11 % 40.00 %
271 N/A Could Be Else   3.18 % 31.80 %
272 265 Throw Functioncall   2.95 % -0.80 %
273 266 Empty Traits   2.66 % -0.10 %
274 268 Crc32() Might Be Negative   2.60 % 1.70 %
275 267 Multiple Alias Definitions Per File   2.43 % -0.60 %
276 269 Implement Is For Interface   2.08 % 0.00 %
277 270 Only Variable Returned By Reference   1.96 % -1.20 %
278 N/A Printf Number Of Arguments   1.91 % 19.10 %
279 274 Accessing Private   1.79 % 1.90 %
280 272 Ternary In Concat   1.79 % -1.10 %
281 N/A Is Actually Zero   1.67 % 16.70 %
282 273 error_reporting() With Integers   1.62 % -1.00 %
283 275 Parent, Static Or Self Outside Class   1.62 % 0.20 %
284 276 Use System Tmp   1.62 % 0.80 %
285 277 Silently Cast Integer   1.44 % 1.40 %
286 278 Empty Namespace   1.27 % 0.30 %
287 279 Useless Final   1.15 % 0.80 %
288 281 Non Ascii Variables   1.04 % 0.90 %
289 280 Constants With Strange Names   0.92 % -0.30 %
290 282 Class Function Confusion   0.92 % -0.30 %
291 283 Invalid Constant Name   0.86 % -0.30 %
292 285 Always Positive Comparison   0.86 % 0.90 %
293 286 No Empty Regex   0.81 % 0.40 %
294 284 Foreach Needs Reference Array   0.75 % -0.20 %
295 287 Should Use SetCookie()   0.75 % 0.40 %
296 291 Throw In Destruct   0.69 % 1.00 %
297 288 __toString() Throws Exception   0.63 % -0.20 %
298 289 Unused Label   0.63 % -0.20 %
299 290 Abstract Static Methods   0.57 % -0.20 %
300 292 Compared Comparison   0.46 % -0.10 %
301 293 Multiple Identical Trait Or Interface   0.46 % -0.10 %
302 294 Throws An Assignement   0.40 % 0.50 %
303 296 Classes Mutually Extending Each Other   0.34 % 0.50 %
304 295 Can’t Extend Final   0.34 % -0.10 %
305 303 Pathinfo() Returns May Vary   0.17 % 0.60 %
306 298 Constants Created Outside Its Namespace   0.11 % 0.00 %
307 299 Fully Qualified Constants   0.11 % 0.00 %
308 300 Hash Algorithms   0.11 % 0.00 %
309 301 Empty List   0.11 % 0.00 %
310 297 No Reference On Left Side   0.11 % -0.60 %
311 N/A Mark Callable   0.05 % 0.50 %
312 304 Negative Power   0.05 % 0.00 %
313 N/A Next Month Trap   0.05 % 0.50 %
314 307 Short Open Tags   0.00 % 0.00 %
315 308 Concrete Visibility   0.00 % 0.00 %
316 309 Break Outside Loop   0.00 % 0.00 %
317 310 func_get_arg() Modified   0.00 % 0.00 %
318 305 Strange Name For Constants   0.00 % -0.50 %
319 312 Implemented Methods Are Public   0.00 % 0.00 %

EPIC Methodology

The “Exakat PHP Index of Coding”, aka EPIC, represents how often an static analysis rule reports results when auditing PHP code. The higher the rating, the higher is the probability to report issues. The lower the rating, the rarer are the issues.

This popularity is built by analyzing 1730 Open Source project, with PHP 7.1. Any issue reported by Exakat makes the project count as affected. Only when a project reports no issues, is it counted as error free.

 

EPIC FAQ

  • Can I reuse those results in an article or in my code?
    Yes. Simply mention ‘https://www.exakat.io’ as the source, and may be the month of publication (Current is 11/2017
  • Is there a computer-readable version ? 
    The Exakat PHP Index of Coding is available as JSON .
  • How does the index handle the false-positives ?
    False positives are only human-detectable. Help us reduce the false positive by reporting bugs and informations to remove them.
  • Why are some rules down to 0 ? Aren’t they useless?
    Some analysis require an old version of PHP, while the Index works with more recent versions of PHP (7.1 at the moment). As such, those analysis will dwindle to the bottom of the ranking and disappear.

 

Tweet about this on TwitterShare on RedditShare on LinkedInEmail this to someone