Exakat 1.7.3 review
This week, Exakat 1.7.3 version upgrades the reports, with the automated detection of identical files, and the grouping of global variables. We shall never know all the good that a simple Exakat 1.7.3 review can do.
Report of Identical Files
The Ambassador report added a new item on the menu : in the ‘Audit log’ section, there is now the ‘Identical files’ section. This entry of the audit lists all the files that are twice or more in the code base.
The detection is based on a hash taken on the whole file. This means that all the code, including the comments, have to be identical to each other to be detected as a double.
This analysis is based on the observation that many code sources include several times the same files. There are multiple reasons that lead to this situation. There are experiment leftovers, where a new library or a new version was added to the code base, tested but forgotten there; there is templated development, which duplicates a file before modifying it; there are also architectures which have separate part (public / user / admin) and require distinct copies of the code.
This first step will be completed in the upcoming versions of Exakat : we will omit duplicate code, and skip their handling in the base. That way, we’ll process less tokens, and report less issues.
Grouping Global Variables
The Ambassador report now reports the global variables by name, instead of least. All occurrences of a global variable are grouped in a list. This presentation makes it easy to trace all usage of a global variable across the code.
The variables are also sorted by the number of occurrences : the less frequently used global variables are at the top of the list, and the most frequently used are at the bottom of the list. This way, you may start reviewing the easiest variables first, as they incur less work. Later, you will process the most frequently used, but you’ll also have gained valuable experience with them.
Global variables are reported with their respective type : the global variables, declared with the global
keyword (type global), the global variables with the $GLOBALS
variable (type GLOBALS). When a global variable is used with both syntax across the code, aka as global $x
and $GLOBALS['x']
, they are easy to spot with the mention ‘global-GLOBALS’.
Finally, note that all globals are reported : that includes the two types of globals mentioned before, and the ‘implicit globals’ : implicit globals are globals that are left in the global space, outside functions or methods. Even without explicit usage of the global keyword, those are automatically global.
<pre class="wp-block-syntaxhighlighter-code">
<?php
$a = 3;
function foo() { global $a;
echo $a;
}
echo foo();
// displays 3
?>
</pre>
Under the hood
One of the recent upgrades of the Exakat engine is the support of ‘Virtualproperties’. Those are property definitions, for properties that are not defined explicitly.
Properties with definitions are convenient to analyse : they have a central node for definition, typehint (PHP 7.4), default value and links to every usage. This is efficient to browse among usage of the property, and spot various inconsistencies, like a property using multiple types or that maybe undefined at some point.
All this is not available to undefined properties : those are properties that are not defined explicitly, but are used. PHP allows those definitions, and it creates them on the fly. This last-moment creation is actually slower than defining the property, as PHP can’t preallocate memory. For backward compatibility reasons, it is a supported behavior.
Since static analysis is not PHP, we have introduced a Virtualproperty atom in the tree, which mimics the property definition. It is identical to a property definition, and simply carries a different atom name. With it, it is now possible to enjoy the same features as a defined property, and yet, at the same time, report undefined properties.
This concept of virtual structures in the PHP code is very promising : it leads us toward a normalized PHP code, without suggesting any change in the code. We already use it with local variables (which have an explicit definition in the Exakat engine), and we are set to use it with other implicit definitions. Stay tuned for more in the coming weeks.
The Weekly Audits : 2019, Week #14
Exakat includes a ‘weekly’ report : this report is built with a selection of five analyses. This means a short audit report, with few issues to review. This is not a lot to read them, and review them in your code. Everyone in the PHP community can focus on one of the classic coding problems and fix it. Talk about the weekly audit around you : you’ll find programmers facing the same challenges.
To obtain the ‘weekly’ audit, run an audit, and request the ‘Weekly’ report.
# Init the project (skip when it is already done)
php exakat.phar init -p <yourproject> -R https://github.com/Seldaek/monolog.git -git
# Run the project (skip when it is already done)
php exakat.phar project -p <yourproject>
# Export the weekly project (every monday)
php exakat.phar report -p <yourproject> -format Weekly
# Open projects/<yourproject>/weekly/index.html in your browser
Every week, you can find here 5 new analysis to review in your code. In fact, when your code is clean, you can also take a quick look at the upcoming
Weekly recommendations for PHP code review : 2019, week 2019-14
- No Hardcoded Port : When connecting to a remove server, port is an important information.
- Strange Name For Variables : Variables with strange names.
- Crc32() Might Be Negative : crc32() may return a negative number, on 32 bits platforms.
- Method Collision Traits : Two or more traits are included in the same class, and they have methods collisions.
- Repeated Regex : Repeated regex should be centralized.
Happy PHP Code Reviews
All the 356 analyzers are presented in the docs, including the inevitable : Use Constant As Arguments : some methods and functions are defined to be used with constants as arguments. Don’t use literals, as those constants might change, and change the meaning of your commands.
It is an unusual bug : 1 repository out of 4 misuse those constants.
You can check all of the Exakat reports at the gallery: exakat gallery.
Download Exakat on exakat.io, install it with Docker, upgrade it with ‘exakat.phar upgrade -u’ and like us on github.