What is static analysis
Static analysis is the way to automatically audit a code without execute it.
READ THE CODE
$x = source();
if ($x > 10) {
$y = $x + 1;
$x = corrige($y);
} else {
$y = $x;}
?>
[/php]
Turn PHP code into millions of semantic terms
The discovery is the phase where exakat deconstruct the code and prepares it for analysis. Initially, the code is a vast amount of text file. What developpers consider code, is actually nothing more than text file. And a lot of them. Exakat needs to make extract meaning from those files first.
Exakat makes use of the tokenizer of PHP : this is the part of the Zend Engine responsible to turn the above text files into tokens. Tokens are like atoms for PHP : it will combine them to execute the code as intended. They are also the smallest unit of meaningful text : the tokenizer knows the difference between the string ‘die’ and the function name die.
Create a syntax Tree
Then, the tokens are organized one in relation with the other. One token represents Addition (T_PLUS), and it requires at least two other tokens to execute correctly. Besides, T_PLUS is also used for specifying the sign of a number (+ 1), so this token may also appear alone. On top of that, some more remote connexion must be established in the code, like the link between a class and its instantiations : this depends on the namespace and on use expressions.
After that, the tokens are loaded in a graph database. It provides a wide range tools to search for specific tokens and navigate the various links they have with each other. Such syntax network fits extremely well code source representation.
ASSESS THE CODE
Artificial intelligence at work
At that point, this is the secret sauce of Exakat. The analysis uses a lot of different patterns to search for specific situations. During the analysis, our technologie detect automaticaaly all external library, vendors or framework to keep consistance of the anlysis and avoird unecessary noise
EXPLOITE THE ANALYSIS
ISSUES
Exakat provides for each issue or flaw detected a deep documentation to fix the issue surch as: code localisation, compulsary explaination, remedation approach and codes exemples.
METRICS
Exakat provides metrics in order to gain deeper understanding of PHP Application in the aera of Quality, Coding Standards, Bugs fixing, Security, Code Smells, Performance and Documentation needs. We provide more 30 reports out-of-the-box.