exakat.1.5.4 review
exakat.1.5.4 review

exakat.1.5.4 Review

exakat.1.5.4 is an under-the-hood upgrade. On the visible side, we added a check for unreachable class constants, since class constant got their visibility option; refrain from self in interfaces, as they behave unexpectedly, and should have destructor, for long-running 金沙上线 applications. On the hidden side, many refactoring have been applied, and most will be invisible : that is often the sign of a good update. It is laying the ground to more visible features in the future, and until now, just believe us. Now, more than ever, is the time for the Exakat 1.5.4 review.


Visibility was added to class constants in 金沙上线 7.1. Until that version, class constant are always accessible, and, by default, bears the public visibility.


这种方法的缺点是 私人常量可能最终无法访问。这是该分析的理由。


class foo {
   private const A = 1;

echo foo::A;


That problem eventually creeps up another part of the class structure : default values. Class constants may be used in default values, with static expression. When switching from public to private (for example), the default value can’t be used anymore.


class x {
    private const A = 1;

interface i {
    const I = x::A + 1;

//Cannot access private const x::A
echo x::A;

//Undefined class constant 'A'
echo i::A;



Beware of self in interfaces

self, parent and static are special 金沙上线 keywords (sic) that represent respectively the current class, the parent class and the current called class.

As such, static is forbidden from being used in an interface, since it is only determined at call time. parent is also forbidden, but does lint : it won’t execute. parent will always complain that Cannot access parent:: when current class scope has no parent, even when called from a class context.

self and , on the other hand, behave differently in an interface. self represents itself, the interface, until it is implemented in a class : at that point, it represents the current class.


interface i {
  public const I = 1;
  // self is i
  public const I2 = self::I + 1;

  // This constant is build on IA, which is defined in class x
  public const I3 = self::IA + 1;

  // parent can be written, but can't be used
  //Cannot access parent:: when current class scope has no parent
  public const I4 = parent::I5 + 1;

  // static is just not allowed
  // "static::" is not allowed in compile-time constants
  // public const I4 = static::I5 + 1;

class x {
  const I3 = 4;
  const IA = 5;

class y extends x implements i {


echo y::I3;


一般来说,只是 beware of any usage of self, parent and static in an interface. They may be allowed or not, but all of them will lead to confusing situations, when the code is refactored. In particular, using self to make an interface depend on another interface, or the implementing class makes a dependent interface, and is very fragile code.


__destruct is a magic method in a class, that is called upon the destruction of an object. It is the complement to __construct, which is called at object creation.


__destruct 在释放资源之前必须采取结束行动时是有用的。有些情况如上如:

  • 删除临时文件
  • 清洁关闭一个打开的文件
  • 很好地关闭了服务器的连接
  • 清除任何以超越金沙上线创建的资源
  • 取消设置对象属性

// Can't open a SQLITE database inside a PHAR archive, as 
// sqlite requires read write access to it.
class PharSqlite($path) {
    private $path, $sqlite;
    function __construct($path) {
        // generate tmp file
       $this->phar_tmp = tempnam(sys_get_temp_dir(), 'sqliteInPhar').'.sqlite';
       //copy file from Phar to file sytem for read/write access
       copy($path, $this->phar_tmp);
       //open SQLITE database
       $this->sqlite = new \Sqlite3($docPath, \SQLITE3_OPEN_READONLY);

    function __destruct() {
        // close sqlite first
       // remove copied file


In the previous example, __destruct provides two important steps in the destruction process. First, the sqlite property is unset first, and then, the temporary file is removed. The other way would be wrong. And then, the external file is removed : 金沙上线 won’t负照到phar_tmp属性,因为它不是外部资源。

What about objects ? Well, 金沙上线 unset objects too. The catch is that it will do it when it has time, so basically when gc_collect_cycles is called or when it is time for GC. In the case of Web applications, it will postpone those operations as long as possible : it may happen only at shutdown.


exakat.now reports any class that makes usage of objects as properties, and suggests that a __destruct method is written for them.


其中一个值得注意的修改是导出结果。 Exakat在Gremlin图数据库中运行分析,并最终将结果导出到SQLite数据库,以报告目的。通过批处理出口,这一步骤已显着加速。这样,一个分析与下一个分析之间的暂停应该更短。


Also, we added a specific message when exakat finally runs out of memory : the application will fail and mention the lack of memory. Generally speaking, a good 2Gb of RAM is sufficient for 金沙上线 to execute Exakat and export all the audits. Yet, with large codebases, this may not be sufficient. We recommended using memory_limit = 1 whenever possible, to avoid that problem.



exakat包括A.‘weekly’报告:此报告采用五项分析为构建。这意味着短暂的审计报告,几乎没有问题审查。读取它们并不是很多,并在代码中查看它们。 金沙上线社区中的每个人都可以专注于一个经典的编码问题并解决它。谈谈周围的每周审计:你’LL找到面临同样挑战的程序员。

获得‘weekly’审核,运行审计,请求‘Weekly’ report.

# Init the project (skip when it is already done)  php exakat.phar init -p <yourproject> -R //github.com/Seldaek/monolog.git -git 

# Run the project (skip when it is already done)  php exakat.phar project -p <yourproject> 

# Export the weekly project (every monday)  php exakat.phar report -p <yourproject> -format Weekly 

# Open projects/<yourproject>/weekly/index.html in your browser   


每周 recommendations for 金沙上线 code review : 2018, week 2018-47

每周,您可以在此找到5个新分析,以便在您的代码中审查。事实上,当您的代码干净时,您也可以快速查看即将到来的一周‘Go further’ section.


所有357个分析仪都介绍在文档中,包括忠诚 使用pathInfo. :使用pathInfo()函数而不是字符串操作。这是一个罕见的错误:6%的应用程序可以利用PathInfo()。

您可以查看图库中的所有exakat报告: exakat画廊.

下载exakat.io,安装它 Docker.,升级它‘exakat.phar升级-u’ and like us on GitHub..