• Like

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Listen afup 2010

  • 1,393 views
Uploaded on

 

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,393
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
23
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Listen and lookatyour PHP CODE!
    Gabriele SantiniForum AFUP 2010
  • 2. Gabriele Santini
    Architect/Consultant at SQLI
    Contributor to PHP_CodeSniffer
    So expect a special focus on this…
    Sonar PHP Plugin
    I have to show you!
    Ex-mathematician :
    love business modelling
    love architectures
    love quality assurance
  • 3. StaticAnalysis
    All youcansay about your program withoutactuallyexecute the code
    The restisalsointeresting, let’s talk about itanother time !
    Examples ?
    Syntax check, coding style, anti-patterns, metrics, OO design analysis, …
    What PHP doesbeforeexecuting the code ?
  • 4. Levels of analysis
    Lexical analysis
    Read sources linearlysearching for known patterns
    Convertthem to a sequence of tokens
  • 5. Levels of analysis
    Lexical analysis
    Read sources linearlysearching for known patterns
    Convertthem to a sequence of tokens
    SyntacticAnalysis
    Parse the tokens to findtheirlogical structure
  • 6. Levels of analysis
    Lexical analysis
    Read sources linearlysearching for known patterns
    Convertthem to a sequence of tokens
    SyntacticAnalysis
    Parse the tokens to findtheirlogical structure
    Opcode (Bytecode) Generation
    Generates an intermediary code that the Zend Enginewillbe able to execute
  • 7. Lexical Analysis
    Tokenizer
  • 8. SyntacticAnalysis
    Produces an AST
    Abstract SyntaxTree
    Decompose code in a tree-likeform
    Can beexecuted once a contextisgiven
    Used in compilers
  • 9. SyntacticAnalysis
  • 10. OpcodesGeneration
    Misterytool…
  • 11. GIVE US THE TOOLS !
  • 12. PHP_CodeSniffer
    By Greg Sherwood
    PEAR library
    Venerableproject
    Code Style
    But also a lot more
    Works at lexical analysislevel
    Heavily use the tokenizer extension
  • 13. PHP_CodeSniffer
    • Hands on
  • PHP_CodeSniffer
    Sniffs
    Classes thatdetect Violations
    One or more type per class
    Grouped in folders by subject:
    Commenting, Formatting, WhiteSpace
    Files, ControlStructures, Strings
    Functions, Classes, NamingConventions
    CodeAnalysis, Metrics
    You cancreateyourown!
  • 14. PHP_CodeSniffer
    Standards
    Sets of Sniffsthatdefineyourcoding style
    Installed :
    PEAR,
    Generic,
    Zend*,
    Squiz, MySource
    PHPCS
  • 15. PHP_CodeSniffer 1.3
    Rulesets XML!
  • 16. Inside PHP_CodeSniffer
    Sniff class main methods
    register()
    Make the sniff a listener for the declaredtokens
    process($phpcsFile, $stackPtr)
    Called by the file duringparsingwhen a declaredtokenisfound
    File
    Represents a parsed file
    Holds the tokens structure and offersconveniencemethods
  • 17. Inside PHP_CodeSniffer
    Life of a Sniff
    DisallowMultipleStatementsSniff
  • 18. Inside PHP_CodeSniffer
    Life of a Sniff
    DisallowMultipleStatementsSniff
  • 19. Inside PHP_CodeSniffer
    Life of a Sniff
    DisallowMultipleStatementsSniff
  • 20. Inside PHP_CodeSniffer
    Life of a Sniff
    DisallowMultipleStatementsSniff
    $stackPtr
  • 21. Inside PHP_CodeSniffer
    Life of a Sniff
    DisallowMultipleStatementsSniff
  • 22. Inside PHP_CodeSniffer
    Life of a Sniff (2)
  • 23. PHP_CodeSniffer
    At SQLI we have some framework standards
    Zend Framework
    Based on Thomas Weidnerwork
    Symfony
    In collaboration with Fabien Potencier
    Waiting for a serious release after 1.3 release
  • 24. PHP_CodeSniffer
    At SQLI we have some framework standards
    Zend Framework
    Based on Thomas Weidnerwork
    Symfony
    In collaboration with Fabien Potencier
    Waiting for a serious release after 1.3 release
    That’snice, but…
    Where are the standards for the othertools ?
    I’ldexpect a Drupal, Wordpress, Cake official standard
  • 25. PHP_CodeSniffer
    How far a standard can go in detection ?
  • 26. PHP_CodeSniffer
    How far a standard can go in detection ?
    Interestingly far for generic PHP Code
  • 27. PHP_CodeSniffer
    How far a standard can go in detection ?
    Interestingly far for generic PHP Code
    Very far if you know yourtool’s structure
    Imagine for example forcing PHP alternative syntax in Symfonyviews…
    Or checking for escaping in Zend Views !
  • 28. PHP_Depend
    By Manuel Pichler
    Functional port of JDepend
    OO design analysis
    Metrics visualisation
    Dependencyanalyzer
    Works at the syntacticanalysislevel
  • 29. PHP_Depend
    How itworks
    PHP_Depend first makes an AST off your code
    A « personal » one, made by PHP objects
    ASTComment, ASTClosure, ASTEvalExpression, …
    This is made by the Builder/Parser component
    Using PHP Reflection
  • 30. PHP_Depend
    How itworks (2)
    ThenPHP_Dependcananswer questions by « visiting » the AST
    Task of MetricsAnalyzers, thatextendAbstractVisitor
    IOC, the visitordecideswhat to do according to AST Class : visitMethod, visitForStatement(), …
    Analyzerscanfirelistenersduringanalyze() call
    To getongoing informations about the visitprocess
  • 31. PHP_Depend
    Whatitgives:
    The Abstraction/Instability graph
  • 32. PHP_Depend
    Whatitgives:
    The Abstraction/Instability graph
  • 33. PHP_Depend
    Whatitgives:
    The Pyramid !!
  • 34. PHPMD
    By Manuel Pichler
    Detectsrules violations
    Analog to PHP_Codesniffer
    Works atsyntacticanalysislevel
    Actually on the same AST
    Depends on PHP_Depend
    Has rulesets !
  • 35. PHPMD
    Whatitgives:
    Code Size Rules
    complexities, lengths, toomany, …
    Design Rules
    OO, exit, eval
    NamingRules
    Too short/long identifiers, oldconstructors, …
    Unused Code Rules
    Methods, members, parameters
  • 36. phploc
    By SebastianBergmann
    Simple tool to give basic metrics
    Fast, direct to the goal
    Works mostly on lexical level
    But use bytekit for ELOC if itcan
  • 37. phpcpd
    By SebastianBergmann
    Simple tool to detectduplicated code
    Works at lexical analysislevel
    Use the tokenizer to minimizedifferences
    Comments, whitespaces, …
    Takes a minimum number of lines and tokens
    Encodes according to this
    Uses an hash table to find duplicates
  • 38. vld
    Vulcan LogicDisassembler
    By Derick Rethans
    Works atbytecodelevel
    Shows generatedbytecodes
    Calculates possible paths (CFG)
    Findunreachable code
    Couldbeused for code coveragepathmetrics
  • 39. vld
    Output
  • 40. vld
    Output
  • 41. Bytekit
    By Stefan Esser (SektionEins)
    Works at … bytecodelevel
    Similar to vld
    Exposes opcodes to a PHP array
    bytekit_disassemble_file($filename)
    Can beuseddirectly for a custom script
  • 42. Bytekit
    CFG visualisation
  • 43. Bytekit-cli
    By SebastianBergmann
    PHP Interface to use bytekit to spot violation rules
    Initial state
    Implementedrules :
    Check for disallowedopcodes (exampleeval, exit)
    Check for direct output of variables
    In svn, check for unescapedZendView
  • 44. Padawan
    By Florian Anderiasch
    Focus on anti-pattern detection
    alpha (?)
    Works on syntacticanalysislevel
    Based on PHC (PHP compiler)
    Use an XML dump of the AST PHC generates
    Makesxpathsearches on it
  • 45. Padawan
    Interestingapproach
    Rules are fairly simple to write
    Alreadymanyinteresting tests :
    Emptyconstructs (if, else, try,..), unsafetypecasts, looprepeated calls, unusedkeys in foreach, …
    PHC not easy to install
    Risk on PHC manteinance
  • 46. Phantm
    By Etienne Kneuss
    Highlyexperimental
    Severe limitation on PHP dynamicfeatures
    False positives
    Works on syntaxanalysislevel
    Based on Java tools (Jflex, CUP, Scala)
    Reports violations
    Non top-leveldeclarations, call-time pass-by-ref, nontrivialinclude calls, assign in conditional, …
    Exploring Type Flow Analysis
    Tries to infer types and check for type safety
  • 47. Conclusion
    Use the right tool for the right job
    Coding style isbetteranalysedat the lexical level
    OO design isbetterviewedaftersyntactic analyses
    Unreachable code afterbytecoding
    Contribute !
    Plenty of thingsstill to implement
    Easy to have new ideas
    At least use them (youshould!) and give feedback
  • 48. Restitution
    Once all thisiscollectedwhat to do withit ?
    At least, show it in a suitableform
    At best, integratethis in your CI system
  • 49. phpUnderControl
    By Manuel Pichler
    CI for PHP
    Based on CruiseControl
    Integratesnativelyvarioustools :
    PHPUnit (+XDebug for code coverage),
    PHP_CodeSniffer
    PHPDocumentor
    PMD via PHPUnit (now PHPMD)
  • 50. phpUnderControl
    Whatitgives : metrics graphs
  • 51. phpUnderControl
    Whatitgives : report lists
  • 52. phpUnderControl
    Whatitgives : PHPCodeBrowser
  • 53. Arbit
    By Qafoo (with Manuel Pichler)
    Basically a projectmulti-servicestool
    Ticketing system
    Repository browser
    Continuousintegration
    As Manuel is in it, somegraphicalpresentations are unique for thistool
    Still alpha
  • 54. Arbit
    Whatitgives : more metrics graphs
  • 55. Arbit
    Whatitgives : PHP_Dependoverview
  • 56. Arbit
    Whatitgives : Annotated sources
  • 57. Plugins Sonar for PHP
    By me 
    Really by the Java guysat SQLI
    Frédéric Leroy, Akram Ben Aissi, Jérôme Tama
    Sonar is the state of the art for Open Source QA Reporting in Java
    Thought for multilanguage
    Can easelyintegrate all PHP reportingsportedfrom Java tools
    Junit => PHPUnit
    JDepend => PHPDepend
    Java PMD => PHPMD
  • 58. Plugins Sonar for PHP
    Ok, not alwayssoeasely
    CheckStyleis not PHP_CodeSniffer
    Formats are not identical
    Multi-languagedoesn’tmean no work to add one
    First release on May 2010
    0.2 Alpha state, but workable
    Easy to install : giveit a try !
    Last version demo : sonar-php.sqli.com
    Ok, enough, here are the screenshots
  • 59. Plugins Sonar for PHP
    Dashboard
  • 60. Plugins Sonar for PHP
    Components : treemaps
  • 61. Plugins Sonar for PHP
    Time machine
  • 62. Plugins Sonar for PHP
    Hotspots
  • 63. Plugins Sonar for PHP
    Violations
  • 64. Plugins Sonar for PHP
    Editing Code Profile
  • 65. Conclusion
    Sonar reallygoesfurther
    Best integrateswith Hudson
    Stillis java…
    But SonarSourcereallycooperates
    How to interactwithphpUnderControl, Arbit ?
    (actuallyour solution – PIC PHP SQLI- isbased on phpUC + Sonar)
    This needs to evolve