• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Listen afup 2010

on

  • 1,644 views

 

Statistics

Views

Total Views
1,644
Views on SlideShare
1,644
Embed Views
0

Actions

Likes
1
Downloads
23
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Listen afup 2010 Listen afup 2010 Presentation Transcript

    • Listen and lookatyour PHP CODE!
      Gabriele SantiniForum AFUP 2010
    • Gabriele Santini
      Architect/Consultant at SQLI
      Contributor to PHP_CodeSniffer
      So expect a special focus on this…
      Sonar PHP Plugin
      I have to show you!
      Ex-mathematician :
      love business modelling
      love architectures
      love quality assurance
    • StaticAnalysis
      All youcansay about your program withoutactuallyexecute the code
      The restisalsointeresting, let’s talk about itanother time !
      Examples ?
      Syntax check, coding style, anti-patterns, metrics, OO design analysis, …
      What PHP doesbeforeexecuting the code ?
    • Levels of analysis
      Lexical analysis
      Read sources linearlysearching for known patterns
      Convertthem to a sequence of tokens
    • Levels of analysis
      Lexical analysis
      Read sources linearlysearching for known patterns
      Convertthem to a sequence of tokens
      SyntacticAnalysis
      Parse the tokens to findtheirlogical structure
    • Levels of analysis
      Lexical analysis
      Read sources linearlysearching for known patterns
      Convertthem to a sequence of tokens
      SyntacticAnalysis
      Parse the tokens to findtheirlogical structure
      Opcode (Bytecode) Generation
      Generates an intermediary code that the Zend Enginewillbe able to execute
    • Lexical Analysis
      Tokenizer
    • SyntacticAnalysis
      Produces an AST
      Abstract SyntaxTree
      Decompose code in a tree-likeform
      Can beexecuted once a contextisgiven
      Used in compilers
    • SyntacticAnalysis
    • OpcodesGeneration
      Misterytool…
    • GIVE US THE TOOLS !
    • PHP_CodeSniffer
      By Greg Sherwood
      PEAR library
      Venerableproject
      Code Style
      But also a lot more
      Works at lexical analysislevel
      Heavily use the tokenizer extension
    • PHP_CodeSniffer
      • Hands on
    • PHP_CodeSniffer
      Sniffs
      Classes thatdetect Violations
      One or more type per class
      Grouped in folders by subject:
      Commenting, Formatting, WhiteSpace
      Files, ControlStructures, Strings
      Functions, Classes, NamingConventions
      CodeAnalysis, Metrics
      You cancreateyourown!
    • PHP_CodeSniffer
      Standards
      Sets of Sniffsthatdefineyourcoding style
      Installed :
      PEAR,
      Generic,
      Zend*,
      Squiz, MySource
      PHPCS
    • PHP_CodeSniffer 1.3
      Rulesets XML!
    • Inside PHP_CodeSniffer
      Sniff class main methods
      register()
      Make the sniff a listener for the declaredtokens
      process($phpcsFile, $stackPtr)
      Called by the file duringparsingwhen a declaredtokenisfound
      File
      Represents a parsed file
      Holds the tokens structure and offersconveniencemethods
    • Inside PHP_CodeSniffer
      Life of a Sniff
      DisallowMultipleStatementsSniff
    • Inside PHP_CodeSniffer
      Life of a Sniff
      DisallowMultipleStatementsSniff
    • Inside PHP_CodeSniffer
      Life of a Sniff
      DisallowMultipleStatementsSniff
    • Inside PHP_CodeSniffer
      Life of a Sniff
      DisallowMultipleStatementsSniff
      $stackPtr
    • Inside PHP_CodeSniffer
      Life of a Sniff
      DisallowMultipleStatementsSniff
    • Inside PHP_CodeSniffer
      Life of a Sniff (2)
    • PHP_CodeSniffer
      At SQLI we have some framework standards
      Zend Framework
      Based on Thomas Weidnerwork
      Symfony
      In collaboration with Fabien Potencier
      Waiting for a serious release after 1.3 release
    • PHP_CodeSniffer
      At SQLI we have some framework standards
      Zend Framework
      Based on Thomas Weidnerwork
      Symfony
      In collaboration with Fabien Potencier
      Waiting for a serious release after 1.3 release
      That’snice, but…
      Where are the standards for the othertools ?
      I’ldexpect a Drupal, Wordpress, Cake official standard
    • PHP_CodeSniffer
      How far a standard can go in detection ?
    • PHP_CodeSniffer
      How far a standard can go in detection ?
      Interestingly far for generic PHP Code
    • PHP_CodeSniffer
      How far a standard can go in detection ?
      Interestingly far for generic PHP Code
      Very far if you know yourtool’s structure
      Imagine for example forcing PHP alternative syntax in Symfonyviews…
      Or checking for escaping in Zend Views !
    • PHP_Depend
      By Manuel Pichler
      Functional port of JDepend
      OO design analysis
      Metrics visualisation
      Dependencyanalyzer
      Works at the syntacticanalysislevel
    • PHP_Depend
      How itworks
      PHP_Depend first makes an AST off your code
      A « personal » one, made by PHP objects
      ASTComment, ASTClosure, ASTEvalExpression, …
      This is made by the Builder/Parser component
      Using PHP Reflection
    • PHP_Depend
      How itworks (2)
      ThenPHP_Dependcananswer questions by « visiting » the AST
      Task of MetricsAnalyzers, thatextendAbstractVisitor
      IOC, the visitordecideswhat to do according to AST Class : visitMethod, visitForStatement(), …
      Analyzerscanfirelistenersduringanalyze() call
      To getongoing informations about the visitprocess
    • PHP_Depend
      Whatitgives:
      The Abstraction/Instability graph
    • PHP_Depend
      Whatitgives:
      The Abstraction/Instability graph
    • PHP_Depend
      Whatitgives:
      The Pyramid !!
    • PHPMD
      By Manuel Pichler
      Detectsrules violations
      Analog to PHP_Codesniffer
      Works atsyntacticanalysislevel
      Actually on the same AST
      Depends on PHP_Depend
      Has rulesets !
    • PHPMD
      Whatitgives:
      Code Size Rules
      complexities, lengths, toomany, …
      Design Rules
      OO, exit, eval
      NamingRules
      Too short/long identifiers, oldconstructors, …
      Unused Code Rules
      Methods, members, parameters
    • phploc
      By SebastianBergmann
      Simple tool to give basic metrics
      Fast, direct to the goal
      Works mostly on lexical level
      But use bytekit for ELOC if itcan
    • phpcpd
      By SebastianBergmann
      Simple tool to detectduplicated code
      Works at lexical analysislevel
      Use the tokenizer to minimizedifferences
      Comments, whitespaces, …
      Takes a minimum number of lines and tokens
      Encodes according to this
      Uses an hash table to find duplicates
    • vld
      Vulcan LogicDisassembler
      By Derick Rethans
      Works atbytecodelevel
      Shows generatedbytecodes
      Calculates possible paths (CFG)
      Findunreachable code
      Couldbeused for code coveragepathmetrics
    • vld
      Output
    • vld
      Output
    • Bytekit
      By Stefan Esser (SektionEins)
      Works at … bytecodelevel
      Similar to vld
      Exposes opcodes to a PHP array
      bytekit_disassemble_file($filename)
      Can beuseddirectly for a custom script
    • Bytekit
      CFG visualisation
    • Bytekit-cli
      By SebastianBergmann
      PHP Interface to use bytekit to spot violation rules
      Initial state
      Implementedrules :
      Check for disallowedopcodes (exampleeval, exit)
      Check for direct output of variables
      In svn, check for unescapedZendView
    • Padawan
      By Florian Anderiasch
      Focus on anti-pattern detection
      alpha (?)
      Works on syntacticanalysislevel
      Based on PHC (PHP compiler)
      Use an XML dump of the AST PHC generates
      Makesxpathsearches on it
    • Padawan
      Interestingapproach
      Rules are fairly simple to write
      Alreadymanyinteresting tests :
      Emptyconstructs (if, else, try,..), unsafetypecasts, looprepeated calls, unusedkeys in foreach, …
      PHC not easy to install
      Risk on PHC manteinance
    • Phantm
      By Etienne Kneuss
      Highlyexperimental
      Severe limitation on PHP dynamicfeatures
      False positives
      Works on syntaxanalysislevel
      Based on Java tools (Jflex, CUP, Scala)
      Reports violations
      Non top-leveldeclarations, call-time pass-by-ref, nontrivialinclude calls, assign in conditional, …
      Exploring Type Flow Analysis
      Tries to infer types and check for type safety
    • Conclusion
      Use the right tool for the right job
      Coding style isbetteranalysedat the lexical level
      OO design isbetterviewedaftersyntactic analyses
      Unreachable code afterbytecoding
      Contribute !
      Plenty of thingsstill to implement
      Easy to have new ideas
      At least use them (youshould!) and give feedback
    • Restitution
      Once all thisiscollectedwhat to do withit ?
      At least, show it in a suitableform
      At best, integratethis in your CI system
    • phpUnderControl
      By Manuel Pichler
      CI for PHP
      Based on CruiseControl
      Integratesnativelyvarioustools :
      PHPUnit (+XDebug for code coverage),
      PHP_CodeSniffer
      PHPDocumentor
      PMD via PHPUnit (now PHPMD)
    • phpUnderControl
      Whatitgives : metrics graphs
    • phpUnderControl
      Whatitgives : report lists
    • phpUnderControl
      Whatitgives : PHPCodeBrowser
    • Arbit
      By Qafoo (with Manuel Pichler)
      Basically a projectmulti-servicestool
      Ticketing system
      Repository browser
      Continuousintegration
      As Manuel is in it, somegraphicalpresentations are unique for thistool
      Still alpha
    • Arbit
      Whatitgives : more metrics graphs
    • Arbit
      Whatitgives : PHP_Dependoverview
    • Arbit
      Whatitgives : Annotated sources
    • Plugins Sonar for PHP
      By me 
      Really by the Java guysat SQLI
      Frédéric Leroy, Akram Ben Aissi, Jérôme Tama
      Sonar is the state of the art for Open Source QA Reporting in Java
      Thought for multilanguage
      Can easelyintegrate all PHP reportingsportedfrom Java tools
      Junit => PHPUnit
      JDepend => PHPDepend
      Java PMD => PHPMD
    • Plugins Sonar for PHP
      Ok, not alwayssoeasely
      CheckStyleis not PHP_CodeSniffer
      Formats are not identical
      Multi-languagedoesn’tmean no work to add one
      First release on May 2010
      0.2 Alpha state, but workable
      Easy to install : giveit a try !
      Last version demo : sonar-php.sqli.com
      Ok, enough, here are the screenshots
    • Plugins Sonar for PHP
      Dashboard
    • Plugins Sonar for PHP
      Components : treemaps
    • Plugins Sonar for PHP
      Time machine
    • Plugins Sonar for PHP
      Hotspots
    • Plugins Sonar for PHP
      Violations
    • Plugins Sonar for PHP
      Editing Code Profile
    • Conclusion
      Sonar reallygoesfurther
      Best integrateswith Hudson
      Stillis java…
      But SonarSourcereallycooperates
      How to interactwithphpUnderControl, Arbit ?
      (actuallyour solution – PIC PHP SQLI- isbased on phpUC + Sonar)
      This needs to evolve