static analysis for perl

Report

Post on 11-Apr-2017

1.288 Views

Category:

Technology

0 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Static Code Analysis for Perl

@moznion

Taiki Kawakami a.k.a @moznion

Sever side engineer (Java and Perl)

Author of - Perl::Lint - go-setlock

Taiki Kawakami a.k.a @moznion

Sever side engineer (Java and Perl)

Author of - Perl::Lint - go-setlock

Taiki Kawakami a.k.a @moznion

Sever side engineer (Java and Perl)

Author of - Perl::Lint - go-setlock

Fundamental of Static Analysis

Static Analysis

A method of analysis source code WITHOUT execution

Static AnalysisExample of advantages: - Easy to detect - unused vars - irregular coding styles - Analyze dependencies between modules/classes

Static AnalysisExample of advantages: - Easy to detect - unused vars - irregular coding styles - Analyze dependencies between modules/classes

BORING!

Static AnalysisExample of advantages: - Easy to detect - unused vars - irregular coding styles - Analyze dependencies between modules/classes

Difficult…

Let's Exercise

This code has 5 traps

This code has 5 traps

This code has 5 traps

This code has 5 traps

This code has 5 traps

This code has 5 traps

It was fun?

This is ridiculous code ceview

Probably human overlooks

We should focus on advanced topic on code review

How?

It is necessary clean code

Destroy these

Be maintainable code!

Make computer analyze them!

How to make static analyzer?

Pre-Process

Lexical Analyze

Syntactic Analyze

Source code (String)

Result

Analyze

Pre-Process

Lexical Analyze

Syntactic Analyze

Source code (String)

Result

Analyze

PPI::Tokenizer

Pre-Process

Lexical Analyze

Syntactic Analyze

Source code (String)

Result

Analyze

PPI::Document

Provides PDOM Structure

Pre-Process

Lexical Analyze

Syntactic Analyze

Source code (String)

Result

Analyze

“Analyze” phase checks code with using AST and tokens in accordance with rules

Method of some languages are different; they look byte code (e.g. Java:findbugs)

Perl::Critic

Perl::Critic is the great tool!

Perl::Critic checks the code conform to PBP style or not

Perl::Critic uses PPI as a Lexer and Parser

Pre-Process

Lexical Analyze

Syntactic Analyze

Source code (String)

Result

Analyze

PPI

Perl::Lint

Perl::Lint is a yet another static analyser for perl

This project supported by TPF

Perl::Critic is enough. Why Perl::Lint?

I want to make it faster!!!

Mechanism of Perl::Lint

Pre-Process

Lexical Analyze

Syntactic Analyze

Source code (String)

Result

Analyze

Regex

Compiler::Lexer

Perl::Lint::Policy

Pre-Process

Lexical Analyze

Syntactic Analyze

Source code (String)

Result

Analyze

Regex

Compiler::Lexer

Perl::Lint::Policy

Pre-Processing

## no lint

## no lintTo retrieve this

Find where (what line) is “## no lint” by regex

Find where (what line) is “## no lint” by regex

And compare between line number of “## no lint” and violation’s one, if match them, ignore form result!

Compiler::Lexer can retrieve comments by verbose mode, but it makes slower about 4 times😢 So using regex

Pre-Process

Lexical Analyze

Syntactic Analyze

Source code (String)

Result

Analyze

Regex

Compiler::Lexer

Perl::Lint::Policy

Tokenize source code by Compiler::Lexer

Compiler::Lexer made of C++ Really fast!

Stable (nowadays)

But…

Perl-5.22………………

Pre-Process

Lexical Analyze

Syntactic Analyze

Source code (String)

Result

Analyze

Regex

Compiler::Lexer

Perl::Lint::Policy

Compiler::Parser exists, but that doesn’t work as expected

Pre-Process

Lexical Analyze

Syntactic Analyze

Source code (String)

Result

Analyze

Regex

Compiler::Lexer

Perl::Lint::Policy

Read token list sequentially and evaluate them. Each policies are responsible for those.

Like this

Like this

Like this…

And it is necessary to analyze contents of regex (m/here!/)

Using Regexp::Lexer This is a module to tokenize regex

Example;

Each policies are independent, so easy to write new policy (You can write your own policy)

Easy and Simple: Scan tokens and write validation processing according to scanned token sequentially

Perl::Lint has filter system

Perl::Lint executes all of the policies by default. Write a black list to ignore any policy.

Current Status

Almost policies of Perl::Critic are available on Perl::Lint

現状のステータス

Documentation is lacked…

Application

Test::Perl::Lint

Testing module like a Test::Perl::Critic

Perl::Lint::Git

Connect git and Perl::Lint to blame the right people for violations.Connect git and Perl::Lint to blame

the right people for violations.

Future works

I should have written a parser… Compiler::Lexer::PP (?)

Enhance documentation

Bug fix

Support new perl notations

Support code climate

CHEATING: Run each policies with pre-fork model

Any Q? (If I can answer…)

top related

static analysis: natural frequency analysis
Documents
qa: static analysis
Documents
static analysis & tools static analysis
Documents
chassis static analysis
Documents
static analysis: load factor analysis
Documents
quasi static analysis
Documents
static analysis comparison
Documents
static analysis 4x
Documents
coverity static analysis€¦ · currently using our free...
Documents
software static analysis
Documents
static analysis tools
Data & Analytics
13 january 2011 geant4 data analysis j. perl 1 trivial data...
Documents
static timing analysis
Documents
static time analysis
Documents
static analysis using the cloud - arxiv on our experience...
Documents
static analysis: data-flow analysis i
Documents
static analysis static analysis, internal forces, stresses:...
Documents
static source code metrics and static analysis warnings
Documents
getting beyond static vs....
Documents
static analysis
Documents