Exakat PHP Index of Coding : August 2018

Exakat PHP Index of Coding : August 2018

Exakat PHP Index of coding

Not using @ is the poster child of good practices. It’s also looked upon, as an impossible goal. Did you know that the @ operator is only merely used by 50% of PHP applications ? Same for parenthesis with include and co : don’t use them, like 50% of the developpers. This is how the Exakat PHP Index of coding was born.

Every month, Exakat runs thousands of analysis on half a million lines of PHP code. This is primarily for testing purpose, a kind of torture test that checks the engine run on any kind of code. And it is very useful to ensure all situations are correctly handled.

We also extracted the following stats out of 1700+ projects, analysis by analysis. This way, any issue may be ranked from ‘wide spread’ to ‘very unusual’. In fact, ‘wide spread’ may also be understood as : ‘almost a feature’. May be we can suggest a few of them to wiki.php.net.

Each analysis is ranked below, with its frequency of appearance in code, its progression. If you want to test your own code, just install exakat and run an audit.

is for new analysis, and is for old one.

May 2018 Aug 2018 Prog. Name Rating Change
1 1 Uses Default Values   94.44 % -0.22 %
2 2 Used Once Variables (In Scope)   92.05 % 0.58 %
3 5 Should Use Local Class   91.95 % 1.37 %
4 3 Unused Methods   91.59 % 0.53 %
5 7 Overwriting Variable   87.57 % -0.29 %
6 39 Bail Out Early   85.68 % 22.90 %
7 17 Used Once Variables   85.63 % 11.58 %
8 8 PHP Keywords As Names   84.46 % 2.13 %
9 160 Written Only Variables   84.10 % 57.54 %
10 9 Unresolved Classes   81.35 % 1.06 %
11 10 Property Used In One Method Only   81.04 % 2.23 %
12 100 Empty Blocks   80.99 % 38.81 %
13 12 Unused Classes   80.69 % 2.39 %
14 11 Undefined Classes   79.87 % 1.15 %
15 13 Unitialized Properties   79.62 % 2.52 %
16 15 Relay Function   78.24 % 2.34 %
17 14 Nested Ifthen   77.58 % 0.59 %
18 19 Unused Arguments   76.51 % 3.44 %
19 18 Should Make Ternary   74.83 % 0.87 %
20 20 Useless Parenthesis   74.42 % 1.57 %
21 26 Preprocessable   74.22 % 4.51 %
22 21 Mark Callable   73.81 % 1.83 %
23 22 No Boolean As Default   73.45 % 1.59 %
24 23 Use Named Boolean In Argument Definition   73.30 % 1.69 %
25 30 Long Arguments   72.64 % 3.92 %
26 25 Strict Comparison With Booleans   72.23 % 1.30 %
27 27 Avoid Optional Properties   72.18 % 2.94 %
28 29 Overwritten Literals   71.11 % 2.27 %
29 24 Buried Assignation   70.91 % -0.16 %
30 44 Assigned Twice   69.38 % 7.98 %
31 28 Property Variable Confusion   69.28 % 0.34 %
32 32 Pre-increment   68.46 % 1.97 %
33 34 Constant Class   68.36 % 2.66 %
34 31 Use Positive Condition   67.90 % 0.05 %
35 16 Locally Unused Property   67.80 % -7.21 %
36 37 Could Make A Function   67.14 % 3.08 %
37 36 Used Once Property   67.09 % 2.87 %
38 71 Undefined Parent   66.98 % 15.76 %
39 35 No Need For Else   66.07 % 1.48 %
40 73 Property Could Be Local   65.41 % 14.97 %
41 42 Never Used Properties   64.23 % 2.57 %
42 53 Drop Else After Return   64.18 % 6.63 %
43 46 No Class In Global   64.08 % 3.10 %
44 40 Switch To Switch   63.93 % 1.62 %
45 41 Iffectations   63.72 % 1.52 %
46 45 No Class As Typehint   63.42 % 2.28 %
47 56 Empty Function   62.91 % 5.88 %
48 49 Local Globals   61.94 % 3.14 %
49 51 Undefined Interfaces   60.72 % 2.65 %
50 38 Use Class Operator   60.46 % -2.73 %
51 80 Missing Include   60.21 % 11.50 %
52 55 Dont Change The Blind Var   59.65 % 2.31 %
53 50 Check All Types   59.55 % 1.40 %
54 58 include_once() Usage   59.50 % 3.47 %
55 54 Else If Versus Elseif   58.68 % 1.18 %
56 61 Method Used Below   57.31 % 3.58 %
57 59 No Parenthesis For Language Construct   57.20 % 1.38 %
58 N/A Check JSON   56.90 % 56.90 %
59 63 Exit() Usage   55.37 % 2.16 %
60 62 @ Operator   55.32 % 1.95 %
61 N/A Ambiguous Visibilities   54.86 % 54.86 %
62 65 Echo With Concat   54.81 % 2.67 %
63 66 Switch Without Default   54.71 % 2.60 %
64 72 Unresolved Use   53.84 % 3.03 %
65 69 Uncaught Exceptions   53.74 % 2.23 %
66 308 Non Ascii Variables   53.64 % 52.34 %
67 76 Logical To in_array   52.16 % 2.56 %
68 77 Use Instanceof   51.70 % 2.31 %
69 67 Static Loop   51.65 % 0.06 %
70 200 Too Many Local Variables   51.55 % 32.37 %
71 163 Hardcoded Passwords   51.50 % 25.21 %
72 74 Common Alternatives   51.50 % 1.69 %
73 176 Useless Abstract Class   51.34 % 26.93 %
74 84 No Public Access   51.09 % 3.47 %
75 83 Use random_int()   50.89 % 3.01 %
76 78 Several Instructions On The Same Line   50.28 % 1.15 %
77 81 Use === null   50.07 % 1.88 %
78 131 Should Use Coalesce   50.02 % 15.82 %
79 68 Empty Classes   49.36 % -2.15 %
80 91 Undefined Properties   49.31 % 4.36 %
81 79 Empty Instructions   49.26 % 0.44 %
82 75 Function Subscripting, Old Style   48.75 % -0.85 %
83 87 Mismatched Ternary Alternatives   48.75 % 2.28 %
84 88 Useless Referenced Argument   48.65 % 2.50 %
85 114 Useless Instructions   48.39 % 11.33 %
86 70 Undefined Functions   48.34 % -2.99 %
87 90 String May Hold A Variable   48.24 % 2.85 %
88 89 Could Use Short Assignation   48.19 % 2.25 %
89 57 Undefined Constants   47.27 % -9.23 %
90 N/A Mismatch Type And Default   47.07 % 47.07 %
91 85 Could Typehint   46.91 % -0.26 %
92 96 Ambiguous Static   46.66 % 2.96 %
93 94 Use const   46.51 % 2.08 %
94 60 Class Name Case Difference   46.35 % -9.00 %
95 93 No Substr() One   46.20 % 1.72 %
96 82 Identical Consecutive Expression   46.15 % -1.78 %
97 204 Strange Name For Variables   45.23 % 26.62 %
98 109 Double Instructions   45.18 % 5.20 %
99 95 Useless Interfaces   45.08 % 1.23 %
100 101 Aliases Usage   44.88 % 2.75 %
101 103 Unused Use   44.47 % 2.71 %
102 99 Should Typecast   43.81 % 1.53 %
103 106 Double Assignation   43.81 % 3.30 %
104 104 Undefined Class Constants   43.65 % 1.94 %
105 102 No array_merge() In Loops   43.55 % 1.77 %
106 108 Repeated print()   42.43 % 2.39 %
107 115 Cast To Boolean   42.33 % 5.38 %
108 117 Forgotten Visibility   41.97 % 5.26 %
109 110 Parent First   41.97 % 1.99 %
110 105 Return True False   41.26 % 0.16 %
111 86 Strpos()-like Comparison   41.11 % -5.57 %
112 111 Unreachable Code   40.70 % 1.85 %
113 92 Could Be Typehinted Callable   40.14 % -4.36 %
114 113 Timestamp Difference   39.68 % 2.36 %
115 52 Altering Foreach Without Reference   38.86 % -18.69 %
116 118 Global Usage   38.51 % 2.29 %
117 N/A Strpos Too Much   38.15 % 38.15 %
118 119 Useless Check   38.05 % 1.83 %
119 121 Logical Should Use Symbolic Operators   37.79 % 2.09 %
120 140 Unused Private Methods   37.74 % 6.38 %
121 150 Assign Default To Properties   37.44 % 8.75 %
122 124 Could Use self   37.08 % 2.11 %
123 250 Unknown Directive Name   36.93 % 27.06 %
124 123 Modernize Empty With Expression   36.93 % 1.75 %
125 127 Could Use __DIR__   36.88 % 2.31 %
126 122 If With Same Conditions   36.83 % 1.50 %
127 126 Same Conditions In Condition   36.67 % 1.89 %
128 130 Could Be Else   36.62 % 2.39 %
129 N/A Method Signature Must Be Compatible   36.47 % 36.47 %
130 97 Mixed Concat And Interpolation   36.01 % -7.40 %
131 112 Unused Functions   35.86 % -1.82 %
132 137 Don’t Change Incomings   35.86 % 3.40 %
133 128 Unresolved Instanceof   35.65 % 1.14 %
134 138 var_dump()… Usage   35.35 % 3.10 %
135 136 Useless Catch   35.04 % 2.43 %
136 134 Htmlentities Calls   34.99 % 1.70 %
137 144 Too Many Native Calls   34.69 % 4.27 %
138 139 Should Make Alias   34.64 % 3.23 %
139 125 Repeated Regex   34.38 % -0.55 %
140 135 Wrong Parameter Type   33.92 % 0.68 %
141 107 Class Should Be Final By Ocramius   33.92 % -6.17 %
142 141 Empty Try Catch   33.82 % 2.72 %
143 142 Unchecked Resources   33.82 % 3.14 %
144 148 Never Used Parameter   33.67 % 4.14 %
145 145 Unconditional Break In Loop   33.41 % 3.20 %
146 43 Could Use Alias   32.80 % -28.72 %
147 288 Callback Needs Return   32.70 % 28.68 %
148 146 No Choice   32.60 % 2.44 %
149 157 Avoid Using stdClass   32.39 % 5.26 %
150 143 Multiple Type Variable   32.09 % 1.57 %
151 133 No Return Used   31.83 % -2.32 %
152 149 Multiple Alias Definitions   31.78 % 2.56 %
153 199 Don’t Unset Properties   31.73 % 12.50 %
154 155 Randomly Sorted Arrays   31.12 % 3.82 %
155 129 Unused Constants   31.02 % -3.42 %
156 147 Unthrown Exception   30.87 % 1.27 %
157 153 Printf Number Of Arguments   30.41 % 2.71 %
158 165 No Hardcoded Hash   30.31 % 4.13 %
159 151 Implicit Global   30.05 % 1.62 %
160 161 No Direct Call To Magic Method   30.05 % 3.54 %
161 N/A Incompatible Signature Methods   29.69 % 29.69 %
162 154 Make Global A Property   29.49 % 1.89 %
163 N/A Weak Typing   29.34 % 29.34 %
164 156 Wrong Number Of Arguments   29.19 % 1.96 %
165 N/A Dont Mix ++   29.13 % 29.13 %
166 158 Eval() Usage   28.88 % 2.07 %
167 159 Multiple Constant Definition   28.83 % 2.12 %
168 166 list() May Omit Variables   28.73 % 2.74 %
169 162 Wrong Optional Parameter   28.62 % 2.12 %
170 168 Static Methods Called From Object   28.37 % 2.80 %
171 167 Sequences In For   28.27 % 2.49 %
172 213 Don’t Echo Error   28.22 % 10.71 %
173 164 Don’t Send This In Constructor   28.17 % 1.88 %
174 152 Only Variable Passed By Reference   27.96 % 0.04 %
175 170 Unused Returned Value   27.15 % 2.12 %
176 175 Useless Constructor   26.84 % 2.38 %
177 171 One Variable String   26.69 % 1.71 %
178 116 Unused Private Properties   26.54 % -10.31 %
179 169 Objects Don’t Need References   26.49 % 1.14 %
180 182 Incompilable Files   26.18 % 2.77 %
181 180 Dangling Array References   26.03 % 1.78 %
182 174 Implied If   25.92 % 1.25 %
183 181 Should Chain Exception   25.92 % 1.98 %
184 178 Empty Interfaces   25.77 % 1.47 %
185 172 Print And Die   25.77 % 1.05 %
186 185 No Hardcoded Path   25.67 % 2.67 %
187 183 No Direct Usage   25.06 % 1.65 %
188 187 Useless Return   24.19 % 2.19 %
189 188 Undefined static:: Or self::   24.09 % 2.35 %
190 177 Forgotten Interface   23.73 % -0.59 %
191 186 Useless Global   23.68 % 1.25 %
192 190 Adding Zero   23.58 % 2.73 %
193 192 Useless Casting   22.97 % 2.38 %
194 191 Multiple Index Definition   22.72 % 2.12 %
195 198 Mistaken Concatenation   22.61 % 3.22 %
196 189 Unset In Foreach   22.56 % 1.08 %
197 193 Useless Switch   22.31 % 1.92 %
198 196 Unused Global   21.80 % 1.98 %
199 217 $this Belongs To Classes Or Traits   21.44 % 6.18 %
200 195 Var Keyword   21.34 % 1.48 %
201 N/A Undefined ::class   21.34 % 21.34 %
202 206 Redefined Default   21.19 % 2.69 %
203 N/A Cant Instantiate Class   21.03 % 21.03 %
204 194 Forgotten Thrown   20.98 % 0.69 %
205 197 Should Use Prepared Statement   20.83 % 1.23 %
206 203 Avoid get_class()   20.78 % 1.97 %
207 229 eval() Without Try   20.73 % 7.25 %
208 202 No Isset With Empty   20.47 % 1.45 %
209 208 Test Then Cast   20.42 % 2.23 %
210 N/A Classes/CouldBeAbstractClass   20.42 % 20.42 %
211 209 Logical Mistakes   20.27 % 2.18 %
212 212 No Hardcoded Ip   20.02 % 2.30 %
213 214 Useless Unset   19.91 % 2.45 %
214 207 Deprecated Functions   19.81 % 1.47 %
215 201 Alternative Syntax Consistence   19.61 % 0.53 %
216 184 Mismatched Default Arguments   19.51 % -3.90 %
217 215 Use Object Api   19.10 % 2.16 %
218 340 Implemented Methods Are Public   19.05 % 19.00 %
219 210 Multiply By One   19.00 % 1.18 %
220 205 Could Be Static   18.79 % 0.24 %
221 216 Non-constant Index In Array   17.37 % 1.48 %
222 219 One Letter Functions   16.76 % 1.71 %
223 220 Foreach Reference Is Not Modified   16.65 % 1.65 %
224 222 Use With Fully Qualified Name   16.35 % 1.93 %
225 223 Should Use Constants   16.35 % 1.93 %
226 218 Non Static Methods Called In A Static   16.30 % 1.14 %
227 179 Use Constant As Arguments   16.04 % -8.26 %
228 230 Identical Conditions   15.94 % 2.51 %
229 221 Results May Be Missing   15.89 % 1.10 %
230 228 Undefined Trait   15.84 % 2.04 %
231 232 Illegal Name For Method   15.69 % 3.04 %
232 132 Unused Inherited Variable In Closure   15.63 % -18.55 %
233 225 Forgotten Whitespace   15.38 % 1.17 %
234 233 Unpreprocessed Values   15.23 % 3.00 %
235 211 Unused Interfaces   15.18 % -2.64 %
236 226 Old Style Constructor   15.07 % 1.16 %
237 240 Strings With Strange Space   14.92 % 3.63 %
238 227 While(List() = Each())   14.26 % 0.46 %
239 241 Dependant Trait   13.70 % 2.57 %
240 238 Redeclared PHP Functions   13.55 % 2.00 %
241 236 Hidden Use Expression   13.55 % 1.79 %
242 235 Indices Are Int Or String   13.24 % 1.12 %
243 239 self, parent, static Outside Class   13.14 % 1.80 %
244 237 Suspicious Comparison   13.14 % 1.38 %
245 242 Catch Overwrite Variable   12.88 % 1.91 %
246 246 Lone Blocks   12.37 % 1.87 %
247 247 Useless Brackets   12.37 % 1.87 %
248 244 Already Parents Interface   12.27 % 1.40 %
249 243 Nested Ternary   12.22 % 1.30 %
250 231 Must Return Methods   12.17 % -0.68 %
251 248 Identical On Both Sides   12.17 % 1.67 %
252 224 Could Use str_repeat()   11.71 % -2.51 %
253 245 Or Die   11.36 % 0.64 %
254 249 Phpinfo   11.25 % 1.11 %
255 257 No Real Comparison   11.10 % 2.21 %
256 173 Invalid Regex   11.00 % -13.72 %
257 251 Overwritten Exceptions   10.95 % 1.18 %
258 253 Wrong fopen() Mode   10.95 % 1.28 %
259 252 Deep Definitions   10.39 % 0.72 %
260 255 Unknown Pcre2 Option   10.39 % 1.14 %
261 256 Avoid Parenthesis   9.98 % 0.84 %
262 258 Redefined Class Constants   9.88 % 1.00 %
263 259 Not Not   9.73 % 1.37 %
264 N/A Typehinted References   9.32 % 9.32 %
265 262 Multiples Identical Case   8.91 % 1.07 %
266 280 Redefined Private Property   8.66 % 3.86 %
267 234 Assign With And   8.50 % -3.67 %
268 261 preg_replace With Option e   8.35 % 0.20 %
269 260 Scalar Or Object Property   8.04 % -0.32 %
270 263 Same Variables Foreach   7.53 % 0.69 %
271 264 No Hardcoded Port   7.38 % 0.64 %
272 273 Class, Interface Or Trait With Identical Names   7.23 % 1.54 %
273 287 Is Actually Zero   7.18 % 2.90 %
274 270 $this Is Not An Array   6.62 % 0.72 %
275 266 Queries In Loops   6.62 % 0.20 %
276 269 Missing Parenthesis   6.62 % 0.51 %
277 275 Missing New ?   6.57 % 0.98 %
278 277 __DIR__ Then Slash   6.52 % 1.19 %
279 265 Use Pathinfo   6.31 % -0.27 %
280 274 Next Month Trap   6.11 % 0.52 %
281 293 Wrong Range Check   6.01 % 3.24 %
282 282 Instantiating Abstract Class   5.96 % 1.26 %
283 279 $this Is Not For Static Methods   5.90 % 0.78 %
284 N/A Continue Is For Loop   5.85 % 5.85 %
285 278 Static Methods Can’t Contain $this   5.80 % 0.68 %
286 281 Ambiguous Array Index   5.75 % 1.05 %
287 254 Access Protected Structures   5.55 % -4.01 %
288 286 Lost References   5.39 % 1.06 %
289 276 Failed Substr Comparison   5.29 % -0.19 %
290 285 Too Many Finds   5.24 % 0.69 %
291 283 No Magic With Array   5.14 % 0.44 %
292 284 Old Style __autoload()   4.99 % 0.34 %
293 290 Empty Traits   4.89 % 1.18 %
294 296 Strtr Arguments   4.73 % 2.33 %
295 289 Multiple Class Declarations   3.87 % 0.01 %
296 291 Throw Functioncall   3.76 % 0.58 %
297 292 Unused Traits   3.56 % 0.59 %
298 295 Crc32() Might Be Negative   3.05 % 0.39 %
299 298 Implement Is For Interface   2.95 % 0.81 %
300 294 Multiple Alias Definitions Per File   2.95 % 0.29 %
301 271 Mismatched Typehint   2.85 % -3.05 %
302 N/A Bad Constants Names   2.80 % 2.80 %
303 297 Only Variable Returned By Reference   2.49 % 0.30 %
304 N/A Abstract Or Implements   2.49 % 2.49 %
305 268 Too Many Injections   2.44 % -3.73 %
306 299 Missing Cases In Switch   2.19 % 0.05 %
307 300 Ternary In Concat   2.03 % 0.10 %
308 303 Use System Tmp   1.98 % 0.21 %
309 309 Empty Namespace   1.93 % 0.63 %
310 301 Accessing Private   1.83 % 0.01 %
311 302 error_reporting() With Integers   1.78 % 0.01 %
312 322 Unused Label   1.78 % 1.16 %
313 304 Silently Cast Integer   1.78 % 0.16 %
314 305 Parent, Static Or Self Outside Class   1.68 % 0.17 %
315 307 Foreach Needs Reference Array   1.42 % 0.01 %
316 316 Inclusion Wrong Case   1.42 % 0.54 %
317 306 Classes Mutually Extending Each Other   1.17 % -0.24 %
318 311 Useless Final   1.17 % 0.02 %
319 313 Should Use SetCookie()   1.17 % 0.18 %
320 312 Constants With Strange Names   1.12 % 0.13 %
321 314 Invalid Constant Name   1.06 % 0.18 %
322 315 No Empty Regex   1.01 % 0.13 %
323 320 __toString() Throws Exception   0.86 % 0.19 %
324 318 Always Positive Comparison   0.81 % 0.08 %
325 317 Throw In Destruct   0.81 % 0.03 %
326 319 Class Function Confusion   0.81 % 0.08 %
327 310 Break Outside Loop   0.71 % -0.54 %
328 267 Unkown Regex Options   0.71 % -5.51 %
329 321 Multiple Identical Trait Or Interface   0.66 % -0.01 %
330 N/A Can’t Throw Throwable   0.56 % 0.56 %
331 326 Compared Comparison   0.50 % 0.19 %
332 325 No Reference For Ternary   0.45 % 0.09 %
333 324 Throws An Assignement   0.40 % 0.04 %
334 327 No Reference On Left Side   0.40 % 0.09 %
335 N/A Undefined Variable   0.40 % 0.40 %
336 323 Abstract Static Methods   0.30 % -0.27 %
337 329 Constants Created Outside Its Namespace   0.20 % 0.05 %
338 331 Can’t Extend Final   0.20 % 0.05 %
339 328 Not A Scalar Type   0.20 % 0.00 %
340 330 Hash Algorithms   0.15 % 0.00 %
341 332 Fully Qualified Constants   0.10 % 0.00 %
342 338 Negative Power   0.10 % 0.05 %
343 339 Strange Name For Constants   0.10 % 0.05 %
344 333 Pathinfo() Returns May Vary   0.10 % 0.00 %
345 344 Possible Infinite Loop   0.10 % 0.10 %
346 335 Concrete Visibility   0.05 % 0.00 %
347 272 No Self Referencing Constant   0.05 % -5.70 %
348 337 func_get_arg() Modified   0.05 % 0.00 %
349 341 No get_class() With Null   0.05 % 0.00 %
350 334 Foreach On Object   0.05 % -0.05 %
351 342 Short Open Tags   0.00 % 0.00 %
352 336 Empty List   0.00 % -0.05 %
353 343 Using $this Outside A Class   0.00 % 0.00 %
354 N/A Assert Function Is Reserved   0.00 % 0.00 %
355 N/A Must Call Parent Constructor   0.00 % 0.00 %
356 N/A Undefined Insteadof   0.00 % 0.00 %

EPIC Methodology

The “Exakat PHP Index of Coding”, aka EPIC, represents how often an static analysis rule reports results when auditing PHP code. The higher the rating, the higher is the probability to report issues. The lower the rating, the rarer are the issues.

This popularity is built by analyzing 1730 Open Source project, with PHP 7.1. Any issue reported by Exakat makes the project count as affected. Only when a project reports no issues, is it counted as error free.

 

EPIC FAQ

  • Can I reuse those results in an article or in my code?
    Yes. Simply mention ‘https://www.exakat.io’ as the source, and may be the month of publication (Current is 08/2018
  • Is there a computer-readable version ? 
    The Exakat PHP Index of Coding is available as JSON .
  • How does the index handle the false-positives ?
    False positives are only human-detectable. Help us reduce the false positive by reporting bugs and informations to remove them.
  • Why are some rules down to 0 ? Aren’t they useless?
    Some analysis require an old version of PHP, while the Index works with more recent versions of PHP (7.1 at the moment). As such, those analysis will dwindle to the bottom of the ranking and disappear.