Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Static analysis for perl

2,725 views

Published on

YAPC::EU 2015
Talking about static analysis for perl and Perl::Lint.

Published in: Technology
  • Be the first to comment

Static analysis for perl

  1. 1. Static Code Analysis for Perl @moznion
  2. 2. Taiki Kawakami a.k.a @moznion Sever side engineer (Java and Perl) Author of - Perl::Lint - go-setlock
  3. 3. Taiki Kawakami a.k.a @moznion Sever side engineer (Java and Perl) Author of - Perl::Lint - go-setlock
  4. 4. Taiki Kawakami a.k.a @moznion Sever side engineer (Java and Perl) Author of - Perl::Lint - go-setlock
  5. 5. Fundamental of Static Analysis
  6. 6. Static Analysis A method of analysis source code WITHOUT execution
  7. 7. Static Analysis Example of advantages: - Easy to detect - unused vars - irregular coding styles - Analyze dependencies between modules/classes
  8. 8. Static Analysis Example of advantages: - Easy to detect - unused vars - irregular coding styles - Analyze dependencies between modules/classes BORING!
  9. 9. Static Analysis Example of advantages: - Easy to detect - unused vars - irregular coding styles - Analyze dependencies between modules/classes Difficult…
  10. 10. Let's Exercise
  11. 11. This code has 5 traps
  12. 12. This code has 5 traps
  13. 13. This code has 5 traps
  14. 14. This code has 5 traps
  15. 15. This code has 5 traps
  16. 16. This code has 5 traps
  17. 17. It was fun?
  18. 18. This is ridiculous code ceview
  19. 19. Probably human overlooks
  20. 20. We should focus on advanced topic on code review
  21. 21. How?
  22. 22. It is necessary clean code
  23. 23. Destroy these
  24. 24. Be maintainable code!
  25. 25. Make computer analyze them!
  26. 26. How to make static analyzer?
  27. 27. Pre-Process Lexical Analyze Syntactic Analyze Source code (String) Result Analyze
  28. 28. Pre-Process Lexical Analyze Syntactic Analyze Source code (String) Result Analyze
  29. 29. PPI::Tokenizer
  30. 30. Pre-Process Lexical Analyze Syntactic Analyze Source code (String) Result Analyze
  31. 31. PPI::Document Provides PDOM Structure
  32. 32. Pre-Process Lexical Analyze Syntactic Analyze Source code (String) Result Analyze
  33. 33. “Analyze” phase checks code with using AST and tokens in accordance with rules
  34. 34. Method of some languages are different; they look byte code (e.g. Java:findbugs)
  35. 35. Perl::Critic
  36. 36. Perl::Critic is the great tool!
  37. 37. Perl::Critic checks the code conform to PBP style or not
  38. 38. Perl::Critic uses PPI as a Lexer and Parser
  39. 39. Pre-Process Lexical Analyze Syntactic Analyze Source code (String) Result Analyze PPI
  40. 40. Perl::Lint
  41. 41. Perl::Lint is a yet another static analyser for perl
  42. 42. This project supported by TPF
  43. 43. Perl::Critic is enough. Why Perl::Lint?
  44. 44. I want to make it faster!!!
  45. 45. Mechanism of Perl::Lint
  46. 46. Pre-Process Lexical Analyze Syntactic Analyze Source code (String) Result Analyze Regex Compiler::Lexer Perl::Lint::Policy
  47. 47. Pre-Process Lexical Analyze Syntactic Analyze Source code (String) Result Analyze Regex Compiler::Lexer Perl::Lint::Policy
  48. 48. Pre-Processing
  49. 49. ## no lint
  50. 50. ## no lint To retrieve this
  51. 51. Find where (what line) is “## no lint” by regex
  52. 52. Find where (what line) is “## no lint” by regex And compare between line number of “## no lint” and violation’s one, if match them, ignore form result!
  53. 53. Compiler::Lexer can retrieve comments by verbose mode, but it makes slower about 4 times😢 So using regex
  54. 54. Pre-Process Lexical Analyze Syntactic Analyze Source code (String) Result Analyze Regex Compiler::Lexer Perl::Lint::Policy
  55. 55. Tokenize source code by Compiler::Lexer
  56. 56. Compiler::Lexer made of C++ Really fast!
  57. 57. Stable (nowadays)
  58. 58. But…
  59. 59. Perl-5.22………………
  60. 60. Pre-Process Lexical Analyze Syntactic Analyze Source code (String) Result Analyze Regex Compiler::Lexer Perl::Lint::Policy
  61. 61. Compiler::Parser exists, but that doesn’t work as expected
  62. 62. Pre-Process Lexical Analyze Syntactic Analyze Source code (String) Result Analyze Regex Compiler::Lexer Perl::Lint::Policy
  63. 63. Read token list sequentially and evaluate them. Each policies are responsible for those.
  64. 64. Like this
  65. 65. Like this
  66. 66. Like this…
  67. 67. And it is necessary to analyze contents of regex (m/here!/)
  68. 68. Using Regexp::Lexer This is a module to tokenize regex
  69. 69. Example;
  70. 70. Each policies are independent, so easy to write new policy (You can write your own policy)
  71. 71. Easy and Simple: Scan tokens and write validation processing according to scanned token sequentially
  72. 72. Perl::Lint has filter system
  73. 73. Perl::Lint executes all of the policies by default. Write a black list to ignore any policy.
  74. 74. Current Status
  75. 75. Almost policies of Perl::Critic are available on Perl::Lint
  76. 76. 現状のステータス
  77. 77. Documentation is lacked…
  78. 78. Application
  79. 79. Test::Perl::Lint Testing module like a Test::Perl::Critic
  80. 80. Perl::Lint::Git Connect git and Perl::Lint to blame the right people for violations.Connect git and Perl::Lint to blame the right people for violations.
  81. 81. Future works
  82. 82. I should have written a parser… Compiler::Lexer::PP (?)
  83. 83. Enhance documentation
  84. 84. Bug fix
  85. 85. Support new perl notations
  86. 86. Support code climate
  87. 87. CHEATING: Run each policies with pre-fork model
  88. 88. Any Q? (If I can answer…)

×