Exakat 0.11.2 review
Exakat 0.11.2 is out. It is a stability release: exakat was run on 800 projects during the week, to weed out some rare situations and keep all the analysis running on any kind of code. This is how we decided to add a new analysis: empty regex. Also this week, the ‘difference preference’ was added to the recipe of ‘favorites’. They are now fourteen! Here is the exakat 0.11.2 review.
Empty regex
There are a few analysis covering PCRE in exakat:
- Repeated regex, that suggest to pack successive calls into one
- Simplify regex, that spots searches that may be replaced with strpos()
- Undefined regex options that check for option used
- Option e, that reports usage of the e option for pcre and mbstring, for forward compatibility
- preg_match_all() options that suggests the right parameter for the functioncall, instead of juggling with results.
We ran into a piece of code that actually used an empty regex :
<?php
$Value = preg_replace(”, $Format[‘Currency’], $Value);
?>
Such code do lint, but cannot be executed, as PCRE needs a real regex to be able to run. It is not a script stopper, but it may fill your logs with warnings. Later, the same analysis was upgraded to report wrong delimiters. PCRE delimiters must be a non-alphanumeric characters.
This is one of those easy check : who could input an empty regex and hope it works ? So this is possibly a quick fix that was forgotten, and that is, hopefully, never used in production.
Now fourteen PHP syntax you can choose
Back in December, I wrote an article about ‘Seven syntax you can choose in PHP‘. There are often several ways to do the same thing in PHP. For example, using die or exit: they almost behave the same, and achieve the same result. Choosing one makes the code consistent.
Exakat now report another four new syntax that are almost identical.
- Echo or print
- die or exit
- array() or []
- true, FALSE or Else
- $GLOBALS or global
- array_push() or $array[]
- $a == 1 or 1 == $a
The new favorites are:
- Regex delimiters
- new Class or new Class()
- bracket for one instruction block
- \n or PHP_EOL
- Array ends on empty, or not
- != or <>
- (unset) or unset()
For each favorite, all the situations are counted. Whenever one of the alternative covers more than 90% of the occurrences, the other one is reported. For example, when != is used 111 times, and <> is used 7 times, then, all the <> are reported for fixing. When the usage is balanced, or when one of the alternative is never used (and thus, a standard is enforced), the code is deemed consistent.
You may take a look at phpMyAdmin’s choices.
Do you know other alternative syntax? Just ping us on twitter, and we’ll add it next week.
Happy PHP code reviews
Exakat 0.11.2 brings more stability, and two new analysis. With every release, new analysis and situations are added. Capitalization is important for exakat : it keeps learning more every day, from your feedback and your codes. Each extra review is build from source code observation, and may catch a nasty bug, however rare it is. Running an audit every day is just daily hygiene.
All the 310+ analyzers are presented in the docs, including the classic ‘Timestamp difference‘ that raises bugs every six months. Download Exakat on exakat.io, upgrade it with ‘exakat.phar upgrade -u’ and like us on github