static analysis for perl
TRANSCRIPT
![Page 1: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/1.jpg)
Static Code Analysis for Perl
@moznion
![Page 2: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/2.jpg)
Taiki Kawakami a.k.a @moznion
Sever side engineer (Java and Perl)
Author of - Perl::Lint - go-setlock
![Page 3: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/3.jpg)
Taiki Kawakami a.k.a @moznion
Sever side engineer (Java and Perl)
Author of - Perl::Lint - go-setlock
![Page 4: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/4.jpg)
Taiki Kawakami a.k.a @moznion
Sever side engineer (Java and Perl)
Author of - Perl::Lint - go-setlock
![Page 5: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/5.jpg)
Fundamental of Static Analysis
![Page 6: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/6.jpg)
Static Analysis
A method of analysis source code WITHOUT execution
![Page 7: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/7.jpg)
Static AnalysisExample of advantages: - Easy to detect - unused vars - irregular coding styles - Analyze dependencies between modules/classes
![Page 8: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/8.jpg)
Static AnalysisExample of advantages: - Easy to detect - unused vars - irregular coding styles - Analyze dependencies between modules/classes
BORING!
![Page 9: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/9.jpg)
Static AnalysisExample of advantages: - Easy to detect - unused vars - irregular coding styles - Analyze dependencies between modules/classes
Difficult…
![Page 10: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/10.jpg)
Let's Exercise
![Page 11: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/11.jpg)
This code has 5 traps
![Page 12: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/12.jpg)
This code has 5 traps
![Page 13: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/13.jpg)
This code has 5 traps
![Page 14: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/14.jpg)
This code has 5 traps
![Page 15: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/15.jpg)
This code has 5 traps
![Page 16: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/16.jpg)
This code has 5 traps
![Page 17: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/17.jpg)
It was fun?
![Page 18: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/18.jpg)
This is ridiculous code ceview
![Page 19: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/19.jpg)
Probably human overlooks
![Page 20: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/20.jpg)
We should focus on advanced topic on code review
![Page 21: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/21.jpg)
How?
![Page 22: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/22.jpg)
It is necessary clean code
![Page 23: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/23.jpg)
Destroy these
![Page 24: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/24.jpg)
Be maintainable code!
![Page 25: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/25.jpg)
Make computer analyze them!
![Page 26: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/26.jpg)
How to make static analyzer?
![Page 27: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/27.jpg)
Pre-Process
Lexical Analyze
Syntactic Analyze
Source code (String)
Result
Analyze
![Page 28: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/28.jpg)
Pre-Process
Lexical Analyze
Syntactic Analyze
Source code (String)
Result
Analyze
![Page 29: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/29.jpg)
![Page 30: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/30.jpg)
PPI::Tokenizer
![Page 31: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/31.jpg)
Pre-Process
Lexical Analyze
Syntactic Analyze
Source code (String)
Result
Analyze
![Page 32: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/32.jpg)
PPI::Document
Provides PDOM Structure
![Page 33: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/33.jpg)
Pre-Process
Lexical Analyze
Syntactic Analyze
Source code (String)
Result
Analyze
![Page 34: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/34.jpg)
“Analyze” phase checks code with using AST and tokens in accordance with rules
![Page 35: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/35.jpg)
Method of some languages are different; they look byte code (e.g. Java:findbugs)
![Page 36: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/36.jpg)
Perl::Critic
![Page 37: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/37.jpg)
Perl::Critic is the great tool!
![Page 38: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/38.jpg)
Perl::Critic checks the code conform to PBP style or not
![Page 39: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/39.jpg)
Perl::Critic uses PPI as a Lexer and Parser
![Page 40: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/40.jpg)
Pre-Process
Lexical Analyze
Syntactic Analyze
Source code (String)
Result
Analyze
PPI
![Page 41: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/41.jpg)
Perl::Lint
![Page 42: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/42.jpg)
Perl::Lint is a yet another static analyser for perl
![Page 43: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/43.jpg)
This project supported by TPF
![Page 44: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/44.jpg)
Perl::Critic is enough. Why Perl::Lint?
![Page 45: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/45.jpg)
I want to make it faster!!!
![Page 46: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/46.jpg)
Mechanism of Perl::Lint
![Page 47: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/47.jpg)
Pre-Process
Lexical Analyze
Syntactic Analyze
Source code (String)
Result
Analyze
Regex
Compiler::Lexer
Perl::Lint::Policy
![Page 48: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/48.jpg)
Pre-Process
Lexical Analyze
Syntactic Analyze
Source code (String)
Result
Analyze
Regex
Compiler::Lexer
Perl::Lint::Policy
![Page 49: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/49.jpg)
Pre-Processing
![Page 50: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/50.jpg)
## no lint
![Page 51: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/51.jpg)
## no lintTo retrieve this
![Page 52: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/52.jpg)
Find where (what line) is “## no lint” by regex
![Page 53: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/53.jpg)
Find where (what line) is “## no lint” by regex
And compare between line number of “## no lint” and violation’s one, if match them, ignore form result!
![Page 54: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/54.jpg)
Compiler::Lexer can retrieve comments by verbose mode, but it makes slower about 4 times😢 So using regex
![Page 55: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/55.jpg)
Pre-Process
Lexical Analyze
Syntactic Analyze
Source code (String)
Result
Analyze
Regex
Compiler::Lexer
Perl::Lint::Policy
![Page 56: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/56.jpg)
Tokenize source code by Compiler::Lexer
![Page 57: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/57.jpg)
![Page 58: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/58.jpg)
![Page 59: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/59.jpg)
Compiler::Lexer made of C++ Really fast!
![Page 60: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/60.jpg)
Stable (nowadays)
![Page 61: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/61.jpg)
But…
![Page 62: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/62.jpg)
![Page 63: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/63.jpg)
Perl-5.22………………
![Page 64: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/64.jpg)
Pre-Process
Lexical Analyze
Syntactic Analyze
Source code (String)
Result
Analyze
Regex
Compiler::Lexer
Perl::Lint::Policy
![Page 65: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/65.jpg)
Compiler::Parser exists, but that doesn’t work as expected
![Page 66: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/66.jpg)
Pre-Process
Lexical Analyze
Syntactic Analyze
Source code (String)
Result
Analyze
Regex
Compiler::Lexer
Perl::Lint::Policy
![Page 67: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/67.jpg)
Read token list sequentially and evaluate them. Each policies are responsible for those.
![Page 68: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/68.jpg)
Like this
![Page 69: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/69.jpg)
Like this
![Page 70: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/70.jpg)
Like this…
![Page 71: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/71.jpg)
And it is necessary to analyze contents of regex (m/here!/)
![Page 72: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/72.jpg)
Using Regexp::Lexer This is a module to tokenize regex
![Page 73: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/73.jpg)
Example;
![Page 74: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/74.jpg)
Each policies are independent, so easy to write new policy (You can write your own policy)
![Page 75: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/75.jpg)
Easy and Simple: Scan tokens and write validation processing according to scanned token sequentially
![Page 76: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/76.jpg)
Perl::Lint has filter system
![Page 77: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/77.jpg)
Perl::Lint executes all of the policies by default. Write a black list to ignore any policy.
![Page 78: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/78.jpg)
Current Status
![Page 79: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/79.jpg)
Almost policies of Perl::Critic are available on Perl::Lint
![Page 80: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/80.jpg)
現状のステータス
![Page 81: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/81.jpg)
Documentation is lacked…
![Page 82: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/82.jpg)
Application
![Page 83: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/83.jpg)
Test::Perl::Lint
Testing module like a Test::Perl::Critic
![Page 84: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/84.jpg)
Perl::Lint::Git
Connect git and Perl::Lint to blame the right people for violations.Connect git and Perl::Lint to blame
the right people for violations.
![Page 85: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/85.jpg)
Future works
![Page 86: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/86.jpg)
I should have written a parser… Compiler::Lexer::PP (?)
![Page 87: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/87.jpg)
Enhance documentation
![Page 88: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/88.jpg)
Bug fix
![Page 89: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/89.jpg)
Support new perl notations
![Page 90: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/90.jpg)
Support code climate
![Page 91: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/91.jpg)
CHEATING: Run each policies with pre-fork model
![Page 92: Static analysis for perl](https://reader031.vdocuments.net/reader031/viewer/2022030308/58ec9af21a28aba0758b4585/html5/thumbnails/92.jpg)
Any Q? (If I can answer…)