Exakat 1.8.8 Review
Exakat 1.8.8 is out. There are numerous improvements under the hood, and significant work during the testing phase. All this new ground will be useful in the upcoming versions, so just listen and get ready for new features. The speed improvements are massive for the smaller codebase : anything smaller than WordPress will benefit from a 50% speed increase. Then, phpdocs are now loaded with the rest of the code, for further treatment. And the reports have been refactored : they are configurable with a Yaml file, so you can now tailor your HTML report to your needs. The best time to do a code review as yesterday. The second best time is today, with the Exakat 1.8.8 review.
Speed up 50% with tinkergraph engine
Exakat runs with a graph database engine at its core. It is the gremlin server, from the apache software foundation.
In the gremlin server, Gremlin is the navigation language. The server is tinkerpop. The server itself is the host of the gremlin language, and it delegates the storage work to engines. There are a lot of engines nowadays, and Exakat uses two of them : tinkergraph and neo4j.
Neo4j is well suited for large code base, and offer good reliability when it comes to storing the nodes and link on the disk.
Tinkergraph, on the other hand, is a memory only engine. It store all its data in memory. This is a much faster option than the disk based version, since Exakat has no major constraints on data persistence : in case of crashes, it is safer to restart than to fix the data.
Configure tinkergraph or neo4j
To take advantage of the tinkergraph, you have to update the config/exakat.ini file. This file should be in the same directory as the Exakat binary. If you haven’t created it yourself, Exakat has done it for you, at the first call to doctor. In particular, Exakat detected which engine is available, between neo4j and tinkergraph, and used by default neo4j.
; use tinkergraph or gsneo4j
graphdb = 'tinkergraph';
Configure tinkergraph by using the tinkergraph
, or gsneo4j
to use the neo4j plugin.
In case the neo4j plugin is not installed, you can use the optional part of the installation in the Manual to finish the installation.
New engines coming ?
There is a third engine available, called ‘nogremlin’ : it provided a valid driver to gremlin, when no gremlin is installed. This is useful for development purposes, or when Exakat is used only to produce reports from audits. There is always a usage for the null pattern object.
Besides this engine, we have room to use other engines, such as Janusgraph, Amazon Neptune or Orientdb. Get in touch with us if you want to extend the support of Exakat to those engines, so we can help you too.
PHPDoc Support
Since Exakat 1.8.8, phpdocs comments are now loaded in the graph database and are available to support analysis.
Until now, they were ignored like any other comment. Yet, many frameworks and tools use them to annotate the code, extends PHP typing system, or document it.
PHPdoc comments are now loaded with namespaces, classes, traits, interfaces, methods, properties and constants. Other instances, like a phpdocs next to a value or an expression, are ignored. If you have actual usage of such comments, please, send us examples so we can upgrade the support.
At the moment, phpdocs are added to the engine, and are available for manipulation with regex. They will be added to analysis, in particular extension’s analysis, whenever they add details to the audits.
New report : Emissary
Exakat 1.8.8 added a new report : Emissary. This is a report from the Ambassador family : human readable report, with faceted engine, multiple sections and subsections. In fact, other reports, like Diplomat or Owasp, which are based on Ambassador, use the same template, yet display a specific selection of results and metrics.
It is actually a new version of Ambassador, with a special added value : Emissary menu and its content, may be configured. Sections and subsections are available, and may be titled one wishes.
We are currently working on the documentation for this feature.
Adopt an Array_* Function Today
PHP has a long list of Array functions : array_column, array_chunk, array_combine, arraydiffuassoc, just for my own favorites.
There are many situations where one of those native function may replace a whole loop. For example, imagine the following loop :
<pre class="wp-block-syntaxhighlighter-code">
<?php
$valid = [];
foreach($array as $a) {
if (check($a)) {
$valid[] = $a;
}
}
?>
</pre>
You can read, without any code knowledge, that this loop is selecting the valid values, thanks to the check()
function. The valid values are collected in a new array, with an append : $valid
.
This whole loop may be easily replaced with a call to array_filter
, which applies a callback to each element of an array, and build a new array with the values that satisfy the callback : in a word, the callback is returning true.
Moving to PHP native functions is a smart move : those functions are often faster than writing a whole loop, and they are also requiring less code to type. Less code, fewer bugs.
In the long term, such code compacting help with multiple usage : here, check()
may be used again, in another loop. New comers will find it easier to understand, and reuse in their own code. And, last but not least, it keeps the loop focused on one operation : too often, a loop will grow, and get supplementary expressions, until it cannot be broken into smaller pieces.
This analysis covers the following methods :
- array_push() : use array_merge()
- array_slice() : use array_chunk()
- index access : use array_column()
- append
[]
: use array_merge() - addition : use array_sum()
- multiplication : use array_product()
- concatenation : use implode()
- if then : use array_filter()
The Weekly Audits: 2019, Week #26
Exakat includes a ‘weekly’ report: this report is built with a selection of five analyses. This means a short audit report, with few issues to review. This is not a lot to read them, and review them in your code. Everyone in the PHP community can focus on one of the classic coding problems and fix it. Talk about the weekly audit around you: you’ll find programmers facing the same challenges.
To obtain the ‘weekly’ audit, run an audit, and request the ‘Weekly’ report.
# Init the project (skip when it is already done)
php exakat.phar init -p <yourproject> -R https://github.com/Seldaek/monolog.git -git
# Run the project (skip when it is already done)
php exakat.phar project -p <yourproject>
# Export the weekly project (every monday)
php exakat.phar report -p <yourproject> -format Weekly
# Open projects/<yourproject>/weekly/index.html in your browser
Every week, you can find here 5 new analysis to review in your code. In fact, when your code is clean, you can also take a quick look at the upcoming analysis.
Weekly recommendations for PHP code review : 2019, week 2019-29
- Hardcoded Passwords : Hardcoded passwords in the code.
- Same Conditions In Condition : At least two consecutive if/then structures use identical conditions.
- Unused Global : A global keyword is used in a method, yet the variable is not actually used.
- Mismatched Typehint : Relayed arguments don’t have the same typehint.
- Undefined Insteadof :
Insteadof
tries to replace a method with another, but it doesn’t exists.
Happy PHP Code Reviews
All the 360 analyzers are presented in the docs, including the vicious :
: Silently Cast Integer:: Those are integer literals that are cast to a float when executing PHP.
This is a rare bug, with fewer than 3% of chance to appear, but it stings.
You can check all of the Exakat reports at the gallery: exakat gallery.
Download Exakat on exakat.io, install it with Docker, upgrade it with ‘exakat.phar upgrade -u’ and like us on github.