Upgrade to Pro — share decks privately, control downloads, hide ads and more …

静的解析の育て方 / How to make your static analysis strong

Yuichi Sugiyama
PRO
February 10, 2020
3
2.3k

静的解析の育て方 / How to make your static analysis strong

#PHPerKaigi 2020 での発表資料です。
https://fortee.jp/phperkaigi-2020/proposal/8f41e23f-69ef-4f93-8625-db64be39248f

Yuichi Sugiyama
PRO

February 10, 2020
Tweet

More Decks by Yuichi Sugiyama

See All by Yuichi Sugiyama
サイボウズ と Garoon と The PHP Foundation と 私 / Cybozu and Garoon and The PHP Foundation and me
oogfranz
PRO
1
240
可能な限り確実にmkdirを成功させるには / Make mkdir
oogfranz
PRO
0
220
サイボウズ #Garoon 開発チームの
「 完成度低いの歓迎LT大会 」 PHPerKaigi出張版 / Low quality LT in PHPerKaigi 2023
oogfranz
PRO
0
280
20年ものの巨大プロダクトをKubernetesに移行している話 後日談/Garoon on Kubernetes after talk
oogfranz
PRO
0
250
20年ものの巨大プロダクトをKubernetesに移行している話/Garoon on Kubernetes
oogfranz
PRO
0
200
PHPアプリケーションだってモニタリングしたい / Monitoring PHP application
oogfranz
PRO
1
400
効果的な静的解析の CI導入パターンを求めて / Great static analysis with CI
oogfranz
PRO
3
3k
Dev-meets-Ops
oogfranz
PRO
1
750
GitHub力の低い僕でも、
OSSコントリビュートできたワケ / GitHub Power
oogfranz
PRO
1
360

Featured

See All Featured
Rails Girls Zürich Keynote
gr2m
90
12k
Reflections from 52 weeks, 52 projects
jeffersonlam
342
18k
Intergalactic Javascript Robots from Outer Space
tanoku
263
26k
The Pragmatic Product Professional
lauravandoore
23
4k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
657
120k
Typedesign – Prime Four
hannesfritz
35
1.7k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
49
15k
Fantastic passwords and where to find them - at NoRuKo
philnash
34
2.1k
Principles of Awesome APIs and How to Build Them.
keavy
119
16k
Building an army of robots
kneath
300
41k
Design by the Numbers
sachag
272
18k
Creatively Recalculating Your Daily Design Routine
revolveconf
208
11k

Transcript

  1. ੩తղੳͷҭͯํ
    PHPerKaigi 2020
    Yuichi Sugiyama
    @oogFranz

    View Slide

  2. Whoami
    • ਿࢁ ༞Ұ @oogFranz
    • αΠϘ΢ζ5೥໨ΤϯδχΞ
    • ෳۀδϟζϛϡʔδγϟϯ@MASHݭָஂ
    • Spotify, Apple MusicͳͲͰ഑৴தʂ

    View Slide

  3. αΠϘ΢ζ Garoon
    • େن໛޲͚ͷάϧʔϓ΢ΣΞ
    • ੜ࢈ੑɾνʔϜϫʔΫ޲্ͷࢧԉ

    View Slide

  4. αΠϘ΢ζ Garoon
    • PHPͱMySQLͰͰ͖ͯΔWebΞϓϦέʔγϣϯ
    • ։ൃ18೥໨
    • PHP͸ 4͔Β7.2ʹ
    • PHPͷίʔυ͸180ສߦ͘Β͍

    View Slide

  5. αΠϘ΢ζ Garoon
    • PHPͱMySQLͰͰ͖ͯΔWebΞϓϦέʔγϣϯ
    • ։ൃ18೥໨
    • PHP͸ 4͔Β7.2ʹ
    • PHPͷίʔυ͸180ສߦ͘Β͍

    ͳ͔ͳ͔ϨΨγʔʂ

    View Slide

  6. ϨΨγʔίʔυΛ៉ྷʹͯ͠΍Δʂ
    ·ͣ͸طଘ࣮૷ΛΑ͘ಡΜͰΈΑ͏ʂ
    ϨΨγʔʹཱͪ޲͔͓͏ʂ

    View Slide

  7. খੴʹͭ·ͣ͘
    PHPDoc͕ͳͯ͘

    ίʔυ͕௥͑ͳ͍ɻɻɻ
    ͜͜ͷίʔυͣͬͱಡΜͰ͚ͨͲɺ

    ͦ΋ͦ΋୭΋ݺͼग़ͯ͠ͳ͍ɻɻɻʁ
    ͜͜ͷίʔυTypo͹͔ͬΓɻɻɻ

    View Slide

  8. খੴʹͭ·ͣ͘
    PHPDoc͕ͳͯ͘

    ίʔυ͕௥͑ͳ͍ɻɻɻ
    ͜͜ͷίʔυͣͬͱಡΜͰ͚ͨͲɺ

    ͦ΋ͦ΋୭΋ݺͼग़ͯ͠ͳ͍ɻɻɻʁ
    ͜͜ͷίʔυTypo͹͔ͬΓɻɻɻ

    ຊ࣭తͳ໰୊ʢઃܭͳͲʣʹͨͲΓண͘લʹɺ

    খ͞ͳ໰୊͕ؾʹͳͬͯίʔυϦʔσΟϯά͕ਐ·ͳ͍

    View Slide

  9. খੴʹͭ·ͣ͘
    PHPDoc͕ͳͯ͘

    ίʔυ͕௥͑ͳ͍ɻɻɻ
    ͜͜ͷίʔυͣͬͱಡΜͰ͚ͨͲɺ

    ͦ΋ͦ΋୭΋ݺͼग़ͯ͠ͳ͍ɻɻɻʁ
    ͜͜ͷίʔυTypo͹͔ͬΓɻɻɻ

    ·ͣ͸খੴΛআڈ͢Δɻ

    ੩తղੳπʔϧΛೖΕΑ͏ʂ

    View Slide

  10. ੩తղੳͱ͸ʁ
    • ίʔυΛ࣮ߦͤͣʹߦ͏ݕূ
    • ಈతղੳɿUnit TestɺϚχϡΞϧςετ
    • ςετ͕ͳ͍ϨΨγʔϓϩμΫτͰ΋ಋೖՄೳ

    View Slide

  11. Phan
    • https://github.com/phan/phan
    • PHPDocͰܕਪ࿦΋͢Δ੩తղੳπʔϧ
    • Etsyࣾͷ։ൃ͕ݩ
    • ※PHPStan΍PHPMDͱͷൺֱ͸ࠓճ͸͠·ͤΜ

    View Slide

  12. ΍ͬͯΈͨ

    View Slide

  13. ਘৗ͡Όͳ͍issue਺

    View Slide

  14. ਘৗ͡Όͳ͍issue਺
    ղੳ݁ՌΛॖখදࣔͨ͠΋ͷʢҰ෦ʣ

    View Slide

  15. ਘৗ͡Όͳ͍issue਺
    • ͦΕ·Ͱ੩తղੳͰอޢ͞Ε͍ͯͳ͍ίʔυ͸

    جຊతʹແ਺ͷissue͕ใࠂ͞ΕΔ
    • ·ͱ΋ʹऔΓ߹͏ͱ৺͕ંΕΔ
    • Τϥʔͷใࠂ͕গͳͯ͘΋·ͣ͸CIʹೖΕ͍ͨ

    View Slide

  16. ਘৗ͡Όͳ͍issue਺
    • ͦΕ·Ͱ੩తղੳͰอޢ͞Ε͍ͯͳ͍ίʔυ͸

    جຊతʹແ਺ͷissue͕ใࠂ͞ΕΔ
    • ·ͱ΋ʹऔΓ߹͏ͱ৺͕ંΕΔ
    • Τϥʔͷใࠂ͕গͳͯ͘΋·ͣ͸CIʹೖΕ͍ͨ

    ग़ͯΔJTTVFͷछྨ͝ͱʹରॲͯ͠

    ͻͱ·ͣ$*Λಋೖ͢Δ

    View Slide

  17. Phanͷ৔߹ʢconfig.phpʣ

    View Slide

  18. Phanͷ৔߹ʢconfig.phpʣ
    TVQQSFTT@JTTVF@UZQFT
    ཈੍͍ͨ͠*TTVF5ZQFΛ

    ྻڍ͢Δ

    View Slide

  19. • Phanͷ࣮ߦ݁Ռ͔Βੜ੒Ͱ͖Δ
    suppress_issue_types
    $cat analysis.txt | cut -f 2 -d ' '|\
    sort -u | sed "s/^/'/g" | sed "s/$/',/g"

    View Slide

  20. • Phanͷ࣮ߦ݁Ռ͔Βੜ੒Ͱ͖Δ
    suppress_issue_types
    $cat analysis.txt | cut -f 2 -d ' '|\
    sort -u | sed "s/^/'/g" | sed "s/$/',/g"
    $*͕ಋೖͰ͖ͨʂ

    View Slide

  21. • Phanͷ࣮ߦ݁Ռ͔Βੜ੒Ͱ͖Δ
    suppress_issue_types
    $cat analysis.txt | cut -f 2 -d ' '|\
    sort -u | sed "s/^/'/g" | sed "s/$/',/g"
    ͕ɺ΄΅Τϥʔใࠂ͸͞Εͳ͍ɻɻɻ

    View Slide

  22. • Phanͷ࣮ߦ݁Ռ͔Βੜ੒Ͱ͖Δ
    suppress_issue_types
    $cat analysis.txt | cut -f 2 -d ' '|\
    sort -u | sed "s/^/'/g" | sed "s/$/',/g"
    ͔͜͜Β੩తղੳΛҭͯΑ͏ʂ

    View Slide

  23. ੩తղੳͷҭͯํ

    View Slide

  24. ੩తղੳΛҭͯΔϧʔϓ
    ௚͢Issue TypeΛ

    ܾΊΔ
    ͥΜͿ௚͢
    CIʹ൓ө͢Δ
    ʢsuppress_issue_types͔Βͳ͘͢ʣ

    View Slide

  25. ੩తղੳΛҭͯΔϧʔϓ
    ௚͢Issue TypeΛ

    ܾΊΔ
    ͥΜͿ௚͢
    CIʹ൓ө͢Δ
    ʢsuppress_issue_types͔Βͳ͘͢ʣ
    ΍Έ͘΋ʹରॲͩ͢͠ͱͭΒ͍ͷͰɺ

    ҭ͕͍ͯͷ͋Δ*TTVF5ZQFΛޮ཰Α͘୳͍ͯ͜͠͏

    View Slide

  26. ҭ͕͍ͯͷ͋ΔIssue TypeΛ୳࣠͢
    ΤϥʔͷՄೳੑ͕ߴ͍͔
    ϦεΫ
    ίετ ؆୯ʹ௚ͤΔ͔

    View Slide

  27. ҭ͕͍ͯͷ͋ΔIssue TypeΛ୳࣠͢
    ΤϥʔͷՄೳੑ͕ߴ͍͔
    ϦεΫ
    ίετ ؆୯ʹ௚ͤΔ͔

    View Slide

  28. ϦεΫ: ΤϥʔͷՄೳੑ͕ߴ͍͔
    • ࠓ͸ۮવಈ͍͍ͯΔ
    • ݺͼग़͠ํʹΑͬͯ͸࣮ߦ࣌ΤϥʔʹͳΔ
    • ࣅͨΑ͏ͳίʔυ͕૿͑Δલʹஅͪ੾Γ͍ͨ
    • ΤϥʔϨϕϧΛઃఆͯ͠੩తղੳ͢Δ

    View Slide

  29. Phanͷ৔߹ʢconfig.phpʣ

    View Slide

  30. Phanͷ৔߹ʢconfig.phpʣ
    NJOJNVN@TFWFSJUZ
    ൃੜͤ͞ΔΤϥʔϨϕϧͷઃఆ

    View Slide

  31. Phanͷ৔߹ʢconfig.phpʣ
    ҰԠஈ֊͕ͩɺ࣮࣭
    Issue::SEVERITY_LOW;
    Issue::SEVERITY_NORMAL;
    Issue::SEVERITY_CRITICAL;
    ͷ̏ஈ֊
    NJOJNVN@TFWFSJUZ
    ൃੜͤ͞ΔΤϥʔϨϕϧͷઃఆ

    View Slide

  32. PhpStormͷ৔߹: Inspect Code
    • PhpStorm https://www.jetbrains.com/ja-jp/phpstorm/
    • ΈΜͳେ޷͖PHPͷIDE
    • ϓϩδΣΫτ಺ͷҟৗίʔυΛ

    ϑΝΠϧΛ։͚ͩ͘Ͱݕग़ͯ͘͠ΕΔʂ
    • ϓϩδΣΫτશମͷInspectionϨϙʔτΛ

    ग़ྗͰ͖Δ

    View Slide

  33. Inspect Code
    • Find Action (Ctrl + Shift + A, ⌘+⇧+A )ʹ

    “Inspect”ͱೖΕͯΈΔ

    View Slide

  34. • ॏཁ౓ผʹInspection ݁Ռ͕ग़ྗ͞ΕΔ
    Inspect Code

    View Slide

  35. খωλ
    • Inspection͕࣮ߦͰ͖ͳ͍ͱ͖͸ϝϞϦΛ଍͢
    • Help -> Change Memory Setting͔ΒมߋͰ͖Δ

    View Slide

  36. ҭ͕͍ͯͷ͋ΔIssue TypeΛ୳࣠͢
    ΤϥʔͷՄೳੑ͕ߴ͍͔
    ϦεΫ
    ίετ ؆୯ʹ௚ͤΔ͔

    View Slide

  37. ίετ: ؆୯ʹ௚ͤΔ͔
    • ָʹमਖ਼Ͱ͖Δ͜ͱ͔Β࢝ΊΑ͏
    • ਺ͷগͳ͍Issue TypeΛ୳͢
    • ػցతʹमਖ਼Ͱ͖ΔIssueΛ୳͢
    • ෆཁίʔυ࡟আ

    View Slide

  38. • Phanͷ࣮ߦ݁Ռ͔Βݟસ͏
    • PhanͷWikiʹ͋ΔίϚϯυ
    ਺ͷগͳ͍Issue Type
    https://github.com/phan/phan/wiki/Tutorial-for-Analyzing-a-Large-Sloppy-Code-Base
    $cat analysis.txt | cut -d ' ' -f2 |\
    sort | uniq -c | sort -n -r

    View Slide

  39. • Phanͷ࣮ߦ݁Ռ͔Βݟસ͏
    • PhanͷWikiʹ΋ॻ͍ͯ͋ΔίϚϯυ
    ਺ͷগͳ͍Issue Type
    https://github.com/phan/phan/wiki/Tutorial-for-Analyzing-a-Large-Sloppy-Code-Base
    $cat analysis.txt | cut -d ' ' -f2 |\
    sort | uniq -c | sort -n -r

    ؤுΕ͹௚ͤͦ͏

    View Slide

  40. ਺ͷଟ͍Issue Type
    • 1ߦमਖ਼͢Δ͚ͩͰɺ਺ඦͷIssueΛ

    ফ͢͜ͱ͕Ͱ͖Δ৔߹΋͋Δ
    • PHPDoc͕͓͔͍͠ͱ͔

    View Slide

  41. ਺ͷଟ͍Issue Type
    • 1ߦमਖ਼͢Δ͚ͩͰɺ਺ඦͷIssueΛ

    ফ͢͜ͱ͕Ͱ͖Δ৔߹΋͋Δ
    • PHPDoc͕͓͔͍͠ͱ͔

    /**
    * @return Barɺ઀ଓʹࣦഊͨ͠৔߹͸false
    */
    public function foo()
    {
    ɹ…
    }

    View Slide

  42. ਺ͷଟ͍Issue Type
    • 1ߦमਖ਼͢Δ͚ͩͰɺ਺ඦͷIssueΛ

    ফ͢͜ͱ͕Ͱ͖Δ৔߹΋͋Δ
    • PHPDoc͕͓͔͍͠ͱ͔

    /**
    * @return Barɺ઀ଓʹࣦഊͨ͠৔߹͸false
    */
    public function foo()
    {
    ɹ…
    }
    ϊΠζʹͳΔͷͰαΫοͱ௚ͦ͏

    View Slide

  43. ػցతʹमਖ਼Ͱ͖ΔIssue
    • PhpStormͷ͍͔ͭ͘ͷInspectionʹ͸

    Auto fixػೳ͕෇͍͍ͯΔ

    View Slide

  44. PhpStormͷAuto fix
    • ͲͷInspectionʹAuto fix͕͋Δ͔͸

    ࣮ࡍʹ΍ͬͯΈΔ͔͠ͳͦ͞͏
    • ΋ͷʹΑͬͯ͸Auto fixͰ΋յΕΔ͜ͱ͕͋ΔͷͰ৻ॏ
    • Auto fix͕෇͍͍ͯΔ͜ͱ͕ଟ͍ͷ͸ɺ
    • Unnecessary ~ܥͷInspection
    • Code StyleܥͷInspection
    • Missing ~ ܥͷPHPDocͷInspection

    View Slide

  45. Run Inspection by Name

    • Inspectionͷ໊લΛࢦఆ࣮ͯ͠ߦͰ͖Δ

    View Slide

  46. ෆཁίʔυ࡟আ
    • ϑΝΠϧɾϝιουɾΫϥε୯ҐͰ͋Ε͹ɺ

    ୯ʹ࡟আ͢Δ͚ͩͰΑ͍
    • ෆཁίʔυ͸ͦ΋ͦ΋࣮ߦ͞Ε͍ͯͳ͍ͷͰɺ

    ෆ۩߹ίʔυ͕࢒͍ͬͯΔ͜ͱ΋ଟ͍
    • ੩తղੳͷअຐʹ΋ͳΔͷͰ

    ·ͣ࡟আ͢Δͷ͕Φεεϝ

    View Slide

  47. ෆཁίʔυͷݟ͚ͭํ
    • PhpStormͷUnused ~ ܥͷInspection
    • Phanͷ--dead-code-detection

    View Slide

  48. ੩తղੳ͕νʔϜΛҭͯΔ

    View Slide

  49. ੩తղੳͰϨϏϡʔ͕͔ΘΔ
    • ϨϏϡʔͰ΋খ͍͞ࢦఠ͕ଟ͘ͳΔͱɺ

    ຊ࣭తͳେ͖ͳ໰୊΁ͷࢦఠ͕೉͘͠ͳΔ
    • ϓϧϦΫͷখੴ͕গͳ͘ͳΕ͹ɺ

    ͦΕ͚ͩຊ࣭తͳ໰୊ͷϨϏϡʔ͕Մೳʹ
    • ؍఺ΛߜΓࠐΜͰͷϨϏϡʔ

    View Slide

  50. ؍఺ΛߜΓࠐΜͰͷϨϏϡʔ
    ৿࡚म࢘ஶؒҧ͍ͩΒ͚ͷઃܭϨϏϡʔ<վగ൛>1ΑΓҾ༻

    View Slide

  51. ੩తղੳ͕νʔϜΛҭͯΔ
    • ϨϏϡʔͰখ͍͞ࢦఠΛ͠ͳͯ͘Α͘ͳΔͷͰ

    ຊ࣭తͳ఺ΛϨϏϡʔͰ͖Δ
    • νʔϜϝϯόʔ͕ࣗવͱྑ͍

    ίʔσΟϯάΛֶ΂Δ
    • طଘίʔυͱҰ؏ੑΛ࣋ͬͯ

    ৽نίʔυΛॻ͖΍͘͢ͳΔ

    View Slide

  52. ·ͱΊ
    • খ͞ͳ໰୊ΛݮΒ͢ɾ૿΍͞ͳ͍ͨΊʹ

    ੩తղੳ͸໾ʹͨͭ
    • ϦεΫͷߴ͍ͱ͜Ζ͔Βɺ੩తղੳΛҭͯΑ͏
    • ίετͷ௿͍ͱ͜Ζ͔Βɺ੩తղੳΛҭͯΑ͏
    • ੩తղੳΛҭͯΔͱνʔϜ͕ҭͭ

    View Slide

  53. Speaker asks…
    • @suppress, @noinspectionͳͲΛ࢖͏ͷ͸

    ͋Γʁͳ͠ʁϧʔϧʁ
    • IDEΛνʔϜͰ౷Ұ͍ͤͨ͞೿ͳΜͰ͕͢ɺ

    Έͳ͞ΜͲ͏Ͱ͔͢ʁ
    • ੩తղੳͷίΞͳػೳʢPhanͷΞϊςʔγϣϯͱ͔ʣ

    ࢖͏ͷ͋Γʁͳ͠ʁ

    View Slide