Upcoming SlideShare
Loading in...5




A short lightning talk rant on why you should use Perl::Critic as a supplemental tool to code/peer review

A short lightning talk rant on why you should use Perl::Critic as a supplemental tool to code/peer review



Total Views
Views on SlideShare
Embed Views



1 Embed 1 1


Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Perl-Critic Perl-Critic Presentation Transcript

  • Perl::Critic Why (and how) you should write your own Perl::Critic policies By @jonasbn for Nordic Perl Workshop 2013
  • this should have been: how (and why) but…
  • So this is why and not so much how
  • • peer/code review is (by far IMHO) the best way to ensure quality, security and integrity of your code • exchange the word code for another term like product, deliverable, article, solution, creation aso. • Don’t you get these reviewed by your peers/ teachers/mentors/colleagues/spouse?
  • • peer/code reviewing is hard work • it is time consuming (AFK time) • not always understood or accepted by managers/peers (AFK time) • but so are meetings?? • it does take you out of your comfort zone (AFK?) • non-issue for open source developers
  • • The recommendation is that peer/code review sessions should not take longer that 2 hours • So lets make the most of these
  • • We do not want to waste time on unnecessary details • • curly braces, indentation, tabs vs. spaces We do not want to argue over unnecessary details during the review process • anti-patterns, common idioms, coding guidelines
  • • A true war story • malicious code got injected in our system as a POC by a security consultant • The problem was presented to security • The comment was that the attack was really creative • YES!
  • • Coding is done by humans and it is therefor very creative • Even attacks can be very creative • Too “creative” code can be hard to test, hard to debug and hard to maintain • We need to boost creativity to identify the above pitfalls • So in order to make room for this we let the machines take care of the trivial parts
  • Enter Perl::Critic
  • Perl::Critic • Perl::Critic policies are document based • Perl::Critic policies are simply Perl modules implementing a required interface • Perl::Critic is based on PPI (Parse Perl Isolated or I Parse Perl in reverse)
  • Tip 1 % ppidump
  • % tools/ppidump '$VERSION = "0.01";'! PPI::Document! PPI::Statement! [ 1, 1, 1 ] PPI::Token::Symbol '$VERSION'! [ 1, 10, 10 ] PPI::Token::Operator '='! [ 1, 12, 12 ] PPI::Token::Quote::Double '"0.01"'! [ 1, 18, 18 ] PPI::Token::Structure ';'
  • TODO • Formulate your coding guidelines • Implement Perl::Critic policies for your common anti-patterns and promoted patterns or coding style • Comply or Explain
  • • Your code/peer review sessions will add more value and can focus on what is important • You can unleash creativity and identify the hard issues related to security and integrity