bkdotcom/PHPDebugConsole

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

If you throw a general exception type, such as ErrorException, RuntimeException, or Exception in a library or framework, it forces consumers to catch all exceptions, including unknown exceptions that they do not know how to handle.

Instead, either throw a subtype that already exists in the Standard PHP Library, or create your own type that derives from Exception.

Noncompliant Code Example

throw new Exception();  // Noncompliant

Compliant Solution

throw new InvalidArgumentException();
// or
throw new UnexpectedValueException();

See

• MITRE, CWE-397 - Declaration of Throws for Generic Exception
• CERT, ERR07-J. - Do not throw RuntimeException, Exception, or Throwable

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Unused parameters are misleading. Whatever the value passed to such parameters is, the behavior will be the same.

Noncompliant Code Example

function doSomething($a, $b) { // "$a" is unused
  return compute($b);
}

Compliant Solution

function doSomething($b) {
  return compute($b);
}

Exceptions

Functions in classes that override a class or implement interfaces are ignored.

class C extends B {

  function doSomething($a, $b) {     // no issue reported on $b
    compute($a);
  }

}

See

• MISRA C++:2008, 0-1-11 - There shall be no unused parameters (named or unnamed) in nonvirtual functions.
• MISRA C:2012, 2.7 - There should be no unused parameters in functions
• CERT, MSC12-C. - Detect and remove code that has no effect or is never executed
• CERT, MSC12-CPP. - Detect and remove code that has no effect

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Having too many return statements in a function increases the function's essential complexity because the flow of execution is broken each time a return statement is encountered. This makes it harder to read and understand the logic of the function.

Noncompliant Code Example

With the default threshold of 3:

function myFunction(){ // Noncompliant as there are 4 return statements
  if (condition1) {
    return true;
  } else {
    if (condition2) {
      return false;
    } else {
      return true;
    }
  }
  return false;
}

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Having too many return statements in a function increases the function's essential complexity because the flow of execution is broken each time a return statement is encountered. This makes it harder to read and understand the logic of the function.

Noncompliant Code Example

With the default threshold of 3:

function myFunction(){ // Noncompliant as there are 4 return statements
  if (condition1) {
    return true;
  } else {
    if (condition2) {
      return false;
    } else {
      return true;
    }
  }
  return false;
}

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

The requirement for a final case default clause is defensive programming. The clause should either take appropriate action, or contain a suitable comment as to why no action is taken. Even when the switch covers all current values of an enum, a default case should still be used because there is no guarantee that the enum won't be extended.

Noncompliant Code Example

switch ($param) {  //missing default clause
  case 0:
    do_something();
    break;
  case 1:
    do_something_else();
    break;
}

switch ($param) {
  default: // default clause should be the last one
    error();
    break;
  case 0:
    do_something();
    break;
  case 1:
    do_something_else();
    break;
}

Compliant Solution

switch ($param) {
  case 0:
    do_something();
    break;
  case 1:
    do_something_else();
    break;
  default:
    error();
    break;
}

See

• MISRA C:2004, 15.0 - The MISRA C switch syntax shall be used.
• MISRA C:2004, 15.3 - The final clause of a switch statement shall be the default clause
• MISRA C++:2008, 6-4-3 - A switch statement shall be a well-formed switch statement.
• MISRA C++:2008, 6-4-6 - The final clause of a switch statement shall be the default-clause
• MISRA C:2012, 16.1 - All switch statements shall be well-formed
• MISRA C:2012, 16.4 - Every switch statement shall have a default label
• MISRA C:2012, 16.5 - A default label shall appear as either the first or the last switch label of a switch statement
• MITRE, CWE-478 - Missing Default Case in Switch Statement
• CERT, MSC01-C. - Strive for logical completeness
• CERT, MSC01-CPP. - Strive for logical completeness

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Duplicated string literals make the process of refactoring error-prone, since you must be sure to update all occurrences.

On the other hand, constants can be referenced from many places, but only need to be updated in a single place.

Noncompliant Code Example

With the default threshold of 3:

function run() {
  prepare('action1');                              // Non-Compliant - 'action1' is duplicated 3 times
  execute('action1');
  release('action1');
}

Compliant Solution

ACTION_1 = 'action1';

function run() {
  prepare(ACTION_1);
  execute(ACTION_1);
  release(ACTION_1);
}

Exceptions

To prevent generating some false-positives, literals having less than 5 characters are excluded.

Having two cases in a switch statement or two branches in an if chain with the same implementation is at best duplicate code, and at worst a coding error. If the same logic is truly needed for both instances, then in an if chain they should be combined, or for a switch, one should fall through to the other.

Noncompliant Code Example

switch ($i) {
  case 1:
    doSomething();
    break;
  case 2:
    doSomethingDifferent();
    break;
  case 3:  // Noncompliant; duplicates case 1's implementation
    doSomething();
    break;
  default:
    doTheRest();
}

if ($a >= 0 && $a < 10) {
  doTheThing();
else if ($a >= 10 && $a < 20) {
  doTheOtherThing();
}
else if ($a >= 20 && $a < 50) {
  doTheThing();  // Noncompliant; duplicates first condition
}
else {
  doTheRest();
}

if ($b == 0) {
  doOneMoreThing();
}
else {
  doOneMoreThing(); // Noncompliant; duplicates then-branch
}

var b = a ? 12 > 4 : 4;  // Noncompliant; always results in the same value

Compliant Solution

switch ($i) {
  case 1:
  case 3:
    doSomething();
    break;
  case 2:
    doSomethingDifferent();
    break;
  default:
    doTheRest();
}

if (($a >= 0 && $a < 10) || ($a >= 20 && $a < 50)) {
  doTheThing();
else if ($a >= 10 && $a < 20) {
  doTheOtherThing();
}
else {
  doTheRest();
}

doOneMoreThing();

b = 4;

or

switch ($i) {
  case 1:
    doSomething();
    break;
  case 2:
    doSomethingDifferent();
    break;
  case 3:
    doThirdThing();
    break;
  default:
    doTheRest();
}

if ($a >= 0 && $a < 10) {
  doTheThing();
else if ($a >= 10 && $a < 20) {
  doTheOtherThing();
}
else if ($a >= 20 && $a < 50) {
  doTheThirdThing();
}
else {
  doTheRest();
}

if ($b == 0) {
  doOneMoreThing();
}
else {
  doTheRest();
}

int b = a ? 12 > 4 : 8;

Exceptions

Blocks in an if chain that contain a single line of code are ignored, as are blocks in a switch statement that contain a single line of code with or without a following break.

Having two cases in a switch statement or two branches in an if chain with the same implementation is at best duplicate code, and at worst a coding error. If the same logic is truly needed for both instances, then in an if chain they should be combined, or for a switch, one should fall through to the other.

Noncompliant Code Example

switch ($i) {
  case 1:
    doSomething();
    break;
  case 2:
    doSomethingDifferent();
    break;
  case 3:  // Noncompliant; duplicates case 1's implementation
    doSomething();
    break;
  default:
    doTheRest();
}

if ($a >= 0 && $a < 10) {
  doTheThing();
else if ($a >= 10 && $a < 20) {
  doTheOtherThing();
}
else if ($a >= 20 && $a < 50) {
  doTheThing();  // Noncompliant; duplicates first condition
}
else {
  doTheRest();
}

if ($b == 0) {
  doOneMoreThing();
}
else {
  doOneMoreThing(); // Noncompliant; duplicates then-branch
}

var b = a ? 12 > 4 : 4;  // Noncompliant; always results in the same value

Compliant Solution

switch ($i) {
  case 1:
  case 3:
    doSomething();
    break;
  case 2:
    doSomethingDifferent();
    break;
  default:
    doTheRest();
}

if (($a >= 0 && $a < 10) || ($a >= 20 && $a < 50)) {
  doTheThing();
else if ($a >= 10 && $a < 20) {
  doTheOtherThing();
}
else {
  doTheRest();
}

doOneMoreThing();

b = 4;

or

switch ($i) {
  case 1:
    doSomething();
    break;
  case 2:
    doSomethingDifferent();
    break;
  case 3:
    doThirdThing();
    break;
  default:
    doTheRest();
}

if ($a >= 0 && $a < 10) {
  doTheThing();
else if ($a >= 10 && $a < 20) {
  doTheOtherThing();
}
else if ($a >= 20 && $a < 50) {
  doTheThirdThing();
}
else {
  doTheRest();
}

if ($b == 0) {
  doOneMoreThing();
}
else {
  doTheRest();
}

int b = a ? 12 > 4 : 8;

Exceptions

Blocks in an if chain that contain a single line of code are ignored, as are blocks in a switch statement that contain a single line of code with or without a following break.

Most of the time a block of code is empty when a piece of code is really missing. So such empty block must be either filled or removed.

Noncompliant Code Example

for ($i = 0; $i < 42; $i++){}  // Empty on purpose or missing piece of code ?

Exceptions

When a block contains a comment, this block is not considered to be empty.

The requirement for a final case default clause is defensive programming. The clause should either take appropriate action, or contain a suitable comment as to why no action is taken. Even when the switch covers all current values of an enum, a default case should still be used because there is no guarantee that the enum won't be extended.

Noncompliant Code Example

switch ($param) {  //missing default clause
  case 0:
    do_something();
    break;
  case 1:
    do_something_else();
    break;
}

switch ($param) {
  default: // default clause should be the last one
    error();
    break;
  case 0:
    do_something();
    break;
  case 1:
    do_something_else();
    break;
}

Compliant Solution

switch ($param) {
  case 0:
    do_something();
    break;
  case 1:
    do_something_else();
    break;
  default:
    error();
    break;
}

See

• MISRA C:2004, 15.0 - The MISRA C switch syntax shall be used.
• MISRA C:2004, 15.3 - The final clause of a switch statement shall be the default clause
• MISRA C++:2008, 6-4-3 - A switch statement shall be a well-formed switch statement.
• MISRA C++:2008, 6-4-6 - The final clause of a switch statement shall be the default-clause
• MISRA C:2012, 16.1 - All switch statements shall be well-formed
• MISRA C:2012, 16.4 - Every switch statement shall have a default label
• MISRA C:2012, 16.5 - A default label shall appear as either the first or the last switch label of a switch statement
• MITRE, CWE-478 - Missing Default Case in Switch Statement
• CERT, MSC01-C. - Strive for logical completeness
• CERT, MSC01-CPP. - Strive for logical completeness