静的解析の育て方 / How to make your static analysis strong

Transcript

1. ੩తղੳͷҭͯํ PHPerKaigi 2020 Yuichi Sugiyama @oogFranz

2. Whoami • ਿࢁ ༞Ұ @oogFranz • αΠϘ΢ζ5೥໨ΤϯδχΞ • ෳۀδϟζϛϡʔδγϟϯ@MASHݭָஂ •

   Spotify, Apple MusicͳͲͰ഑৴தʂ 

3. αΠϘ΢ζ Garoon • େن໛޲͚ͷάϧʔϓ΢ΣΞ • ੜ࢈ੑɾνʔϜϫʔΫ޲্ͷࢧԉ 

4. αΠϘ΢ζ Garoon • PHPͱMySQLͰͰ͖ͯΔWebΞϓϦέʔγϣϯ • ։ൃ18೥໨ • PHP͸ 4͔Β7.2ʹ •

   PHPͷίʔυ͸180ສߦ͘Β͍ 

5. αΠϘ΢ζ Garoon • PHPͱMySQLͰͰ͖ͯΔWebΞϓϦέʔγϣϯ • ։ൃ18೥໨ • PHP͸ 4͔Β7.2ʹ •

   PHPͷίʔυ͸180ສߦ͘Β͍  ͳ͔ͳ͔ϨΨγʔʂ

6. ϨΨγʔίʔυΛ៉ྷʹͯ͠΍Δʂ ·ͣ͸طଘ࣮૷ΛΑ͘ಡΜͰΈΑ͏ʂ ϨΨγʔʹཱͪ޲͔͓͏ʂ 

7. খੴʹͭ·ͣ͘ PHPDoc͕ͳͯ͘
 ίʔυ͕௥͑ͳ͍ɻɻɻ ͜͜ͷίʔυͣͬͱಡΜͰ͚ͨͲɺ
 ͦ΋ͦ΋୭΋ݺͼग़ͯ͠ͳ͍ɻɻɻʁ ͜͜ͷίʔυTypo͹͔ͬΓɻɻɻ 

8. খੴʹͭ·ͣ͘ PHPDoc͕ͳͯ͘
 ίʔυ͕௥͑ͳ͍ɻɻɻ ͜͜ͷίʔυͣͬͱಡΜͰ͚ͨͲɺ
 ͦ΋ͦ΋୭΋ݺͼग़ͯ͠ͳ͍ɻɻɻʁ ͜͜ͷίʔυTypo͹͔ͬΓɻɻɻ  ຊ࣭తͳ໰୊ʢઃܭͳͲʣʹͨͲΓண͘લʹɺ
 খ͞ͳ໰୊͕ؾʹͳͬͯίʔυϦʔσΟϯά͕ਐ·ͳ͍

9. খੴʹͭ·ͣ͘ PHPDoc͕ͳͯ͘
 ίʔυ͕௥͑ͳ͍ɻɻɻ ͜͜ͷίʔυͣͬͱಡΜͰ͚ͨͲɺ
 ͦ΋ͦ΋୭΋ݺͼग़ͯ͠ͳ͍ɻɻɻʁ ͜͜ͷίʔυTypo͹͔ͬΓɻɻɻ  ·ͣ͸খੴΛআڈ͢Δɻ
 ੩తղੳπʔϧΛೖΕΑ͏ʂ

10. ੩తղੳͱ͸ʁ • ίʔυΛ࣮ߦͤͣʹߦ͏ݕূ • ಈతղੳɿUnit TestɺϚχϡΞϧςετ • ςετ͕ͳ͍ϨΨγʔϓϩμΫτͰ΋ಋೖՄೳ

11. Phan • https://github.com/phan/phan • PHPDocͰܕਪ࿦΋͢Δ੩తղੳπʔϧ • Etsyࣾͷ։ൃ͕ݩ • ※PHPStan΍PHPMDͱͷൺֱ͸ࠓճ͸͠·ͤΜ 

12. ΍ͬͯΈͨ

13. ਘৗ͡Όͳ͍issue਺ 

14. ਘৗ͡Όͳ͍issue਺ ղੳ݁ՌΛॖখදࣔͨ͠΋ͷʢҰ෦ʣ 

15. ਘৗ͡Όͳ͍issue਺ • ͦΕ·Ͱ੩తղੳͰอޢ͞Ε͍ͯͳ͍ίʔυ͸
 جຊతʹແ਺ͷissue͕ใࠂ͞ΕΔ • ·ͱ΋ʹऔΓ߹͏ͱ৺͕ંΕΔ • Τϥʔͷใࠂ͕গͳͯ͘΋·ͣ͸CIʹೖΕ͍ͨ 

16. ਘৗ͡Όͳ͍issue਺ • ͦΕ·Ͱ੩తղੳͰอޢ͞Ε͍ͯͳ͍ίʔυ͸
 جຊతʹແ਺ͷissue͕ใࠂ͞ΕΔ • ·ͱ΋ʹऔΓ߹͏ͱ৺͕ંΕΔ • Τϥʔͷใࠂ͕গͳͯ͘΋·ͣ͸CIʹೖΕ͍ͨ  ग़ͯΔJTTVFͷछྨ͝ͱʹରॲͯ͠


    ͻͱ·ͣ$*Λಋೖ͢Δ

17. Phanͷ৔߹ʢconfig.phpʣ 

18. Phanͷ৔߹ʢconfig.phpʣ TVQQSFTT@JTTVF@UZQFT
    ཈੍͍ͨ͠*TTVF
    5ZQFΛ
 ྻڍ͢Δ 

19. • Phanͷ࣮ߦ݁Ռ͔Βੜ੒Ͱ͖Δ suppress_issue_types $cat analysis.txt | cut -f 2 -d

    ' '|\ sort -u | sed "s/^/'/g" | sed "s/$/',/g"

20. • Phanͷ࣮ߦ݁Ռ͔Βੜ੒Ͱ͖Δ suppress_issue_types $cat analysis.txt | cut -f 2 -d

    ' '|\ sort -u | sed "s/^/'/g" | sed "s/$/',/g" $*͕ಋೖͰ͖ͨʂ

21. • Phanͷ࣮ߦ݁Ռ͔Βੜ੒Ͱ͖Δ suppress_issue_types $cat analysis.txt | cut -f 2 -d

    ' '|\ sort -u | sed "s/^/'/g" | sed "s/$/',/g" ͕ɺ΄΅Τϥʔใࠂ͸͞Εͳ͍ɻɻɻ

22. • Phanͷ࣮ߦ݁Ռ͔Βੜ੒Ͱ͖Δ suppress_issue_types $cat analysis.txt | cut -f 2 -d

    ' '|\ sort -u | sed "s/^/'/g" | sed "s/$/',/g" ͔͜͜Β੩తղੳΛҭͯΑ͏ʂ

23. ੩తղੳͷҭͯํ

24. ੩తղੳΛҭͯΔϧʔϓ ௚͢Issue TypeΛ
 ܾΊΔ ͥΜͿ௚͢ CIʹ൓ө͢Δ ʢsuppress_issue_types͔Βͳ͘͢ʣ

25. ੩తղੳΛҭͯΔϧʔϓ ௚͢Issue TypeΛ
 ܾΊΔ ͥΜͿ௚͢ CIʹ൓ө͢Δ ʢsuppress_issue_types͔Βͳ͘͢ʣ ΍Έ͘΋ʹରॲͩ͢͠ͱͭΒ͍ͷͰɺ
 ҭ͕͍ͯͷ͋Δ*TTVF
    5ZQFΛޮ཰Α͘୳͍ͯ͜͠͏

26. ҭ͕͍ͯͷ͋ΔIssue TypeΛ୳࣠͢ ΤϥʔͷՄೳੑ͕ߴ͍͔ ϦεΫ ίετ ؆୯ʹ௚ͤΔ͔ 

27. ҭ͕͍ͯͷ͋ΔIssue TypeΛ୳࣠͢ ΤϥʔͷՄೳੑ͕ߴ͍͔ ϦεΫ ίετ ؆୯ʹ௚ͤΔ͔ 

28. ϦεΫ: ΤϥʔͷՄೳੑ͕ߴ͍͔ • ࠓ͸ۮવಈ͍͍ͯΔ • ݺͼग़͠ํʹΑͬͯ͸࣮ߦ࣌ΤϥʔʹͳΔ • ࣅͨΑ͏ͳίʔυ͕૿͑Δલʹஅͪ੾Γ͍ͨ • ΤϥʔϨϕϧΛઃఆͯ͠੩తղੳ͢Δ

    

29. Phanͷ৔߹ʢconfig.phpʣ 

30. Phanͷ৔߹ʢconfig.phpʣ NJOJNVN@TFWFSJUZ
    ൃੜͤ͞ΔΤϥʔϨϕϧͷઃఆ 

31. Phanͷ৔߹ʢconfig.phpʣ ҰԠஈ֊͕ͩɺ࣮࣭
    Issue::SEVERITY_LOW; Issue::SEVERITY_NORMAL; Issue::SEVERITY_CRITICAL; ͷ̏ஈ֊ NJOJNVN@TFWFSJUZ
    ൃੜͤ͞ΔΤϥʔϨϕϧͷઃఆ 

32. PhpStormͷ৔߹: Inspect Code • PhpStorm https://www.jetbrains.com/ja-jp/phpstorm/ • ΈΜͳେ޷͖PHPͷIDE • ϓϩδΣΫτ಺ͷҟৗίʔυΛ


    ϑΝΠϧΛ։͚ͩ͘Ͱݕग़ͯ͘͠ΕΔʂ • ϓϩδΣΫτશମͷInspectionϨϙʔτΛ
 ग़ྗͰ͖Δ 

33. Inspect Code • Find Action (Ctrl + Shift + A,

    ⌘+⇧+A )ʹ
 “Inspect”ͱೖΕͯΈΔ 

34. • ॏཁ౓ผʹInspection ݁Ռ͕ग़ྗ͞ΕΔ Inspect Code 

35. খωλ • Inspection͕࣮ߦͰ͖ͳ͍ͱ͖͸ϝϞϦΛ଍͢ • Help -> Change Memory Setting͔ΒมߋͰ͖Δ 

36. ҭ͕͍ͯͷ͋ΔIssue TypeΛ୳࣠͢ ΤϥʔͷՄೳੑ͕ߴ͍͔ ϦεΫ ίετ ؆୯ʹ௚ͤΔ͔ 

37. ίετ: ؆୯ʹ௚ͤΔ͔ • ָʹमਖ਼Ͱ͖Δ͜ͱ͔Β࢝ΊΑ͏ • ਺ͷগͳ͍Issue TypeΛ୳͢ • ػցతʹमਖ਼Ͱ͖ΔIssueΛ୳͢ •

    ෆཁίʔυ࡟আ 

38. • Phanͷ࣮ߦ݁Ռ͔Βݟસ͏ • PhanͷWikiʹ͋ΔίϚϯυ ਺ͷগͳ͍Issue Type https://github.com/phan/phan/wiki/Tutorial-for-Analyzing-a-Large-Sloppy-Code-Base $cat analysis.txt |

    cut -d ' ' -f2 |\ sort | uniq -c | sort -n -r 

39. • Phanͷ࣮ߦ݁Ռ͔Βݟસ͏ • PhanͷWikiʹ΋ॻ͍ͯ͋ΔίϚϯυ ਺ͷগͳ͍Issue Type https://github.com/phan/phan/wiki/Tutorial-for-Analyzing-a-Large-Sloppy-Code-Base $cat analysis.txt |

    cut -d ' ' -f2 |\ sort | uniq -c | sort -n -r  ؤுΕ͹௚ͤͦ͏

40. ਺ͷଟ͍Issue Type • 1ߦमਖ਼͢Δ͚ͩͰɺ਺ඦͷIssueΛ
 ফ͢͜ͱ͕Ͱ͖Δ৔߹΋͋Δ • PHPDoc͕͓͔͍͠ͱ͔ 

41. ਺ͷଟ͍Issue Type • 1ߦमਖ਼͢Δ͚ͩͰɺ਺ඦͷIssueΛ
 ফ͢͜ͱ͕Ͱ͖Δ৔߹΋͋Δ • PHPDoc͕͓͔͍͠ͱ͔  /** *

    @return Barɺ઀ଓʹࣦഊͨ͠৔߹͸false */ public function foo() { ɹ… }

42. ਺ͷଟ͍Issue Type • 1ߦमਖ਼͢Δ͚ͩͰɺ਺ඦͷIssueΛ
 ফ͢͜ͱ͕Ͱ͖Δ৔߹΋͋Δ • PHPDoc͕͓͔͍͠ͱ͔  /** *

    @return Barɺ઀ଓʹࣦഊͨ͠৔߹͸false */ public function foo() { ɹ… } ϊΠζʹͳΔͷͰαΫοͱ௚ͦ͏

43. ػցతʹमਖ਼Ͱ͖ΔIssue • PhpStormͷ͍͔ͭ͘ͷInspectionʹ͸
 Auto fixػೳ͕෇͍͍ͯΔ 

44. PhpStormͷAuto fix • ͲͷInspectionʹAuto fix͕͋Δ͔͸
 ࣮ࡍʹ΍ͬͯΈΔ͔͠ͳͦ͞͏ • ΋ͷʹΑͬͯ͸Auto fixͰ΋յΕΔ͜ͱ͕͋ΔͷͰ৻ॏ •

    Auto fix͕෇͍͍ͯΔ͜ͱ͕ଟ͍ͷ͸ɺ • Unnecessary ~ܥͷInspection • Code StyleܥͷInspection • Missing ~ ܥͷPHPDocͷInspection 

45. Run Inspection by Name  • Inspectionͷ໊લΛࢦఆ࣮ͯ͠ߦͰ͖Δ

46. ෆཁίʔυ࡟আ • ϑΝΠϧɾϝιουɾΫϥε୯ҐͰ͋Ε͹ɺ
 ୯ʹ࡟আ͢Δ͚ͩͰΑ͍ • ෆཁίʔυ͸ͦ΋ͦ΋࣮ߦ͞Ε͍ͯͳ͍ͷͰɺ
 ෆ۩߹ίʔυ͕࢒͍ͬͯΔ͜ͱ΋ଟ͍ • ੩తղੳͷअຐʹ΋ͳΔͷͰ
 ·ͣ࡟আ͢Δͷ͕Φεεϝ

    

47. ෆཁίʔυͷݟ͚ͭํ • PhpStormͷUnused ~ ܥͷInspection • Phanͷ--dead-code-detection 

48. ੩తղੳ͕νʔϜΛҭͯΔ

49. ੩తղੳͰϨϏϡʔ͕͔ΘΔ • ϨϏϡʔͰ΋খ͍͞ࢦఠ͕ଟ͘ͳΔͱɺ
 ຊ࣭తͳେ͖ͳ໰୊΁ͷࢦఠ͕೉͘͠ͳΔ • ϓϧϦΫͷখੴ͕গͳ͘ͳΕ͹ɺ
 ͦΕ͚ͩຊ࣭తͳ໰୊ͷϨϏϡʔ͕Մೳʹ • ؍఺ΛߜΓࠐΜͰͷϨϏϡʔ 

50. ؍఺ΛߜΓࠐΜͰͷϨϏϡʔ ৿࡚
    म࢘ஶ
    ؒҧ͍ͩΒ͚ͷઃܭϨϏϡʔ<վగ൛>
    1
    ΑΓҾ༻ 

51. ੩తղੳ͕νʔϜΛҭͯΔ • ϨϏϡʔͰখ͍͞ࢦఠΛ͠ͳͯ͘Α͘ͳΔͷͰ
 ຊ࣭తͳ఺ΛϨϏϡʔͰ͖Δ • νʔϜϝϯόʔ͕ࣗવͱྑ͍
 ίʔσΟϯάΛֶ΂Δ • طଘίʔυͱҰ؏ੑΛ࣋ͬͯ
 ৽نίʔυΛॻ͖΍͘͢ͳΔ

    

52. ·ͱΊ • খ͞ͳ໰୊ΛݮΒ͢ɾ૿΍͞ͳ͍ͨΊʹ
 ੩తղੳ͸໾ʹͨͭ • ϦεΫͷߴ͍ͱ͜Ζ͔Βɺ੩తղੳΛҭͯΑ͏ • ίετͷ௿͍ͱ͜Ζ͔Βɺ੩తղੳΛҭͯΑ͏ • ੩తղੳΛҭͯΔͱνʔϜ͕ҭͭ

    

53. Speaker asks… • @suppress, @noinspectionͳͲΛ࢖͏ͷ͸
 ͋Γʁͳ͠ʁϧʔϧʁ • IDEΛνʔϜͰ౷Ұ͍ͤͨ͞೿ͳΜͰ͕͢ɺ
 Έͳ͞ΜͲ͏Ͱ͔͢ʁ •

    ੩తղੳͷίΞͳػೳʢPhanͷΞϊςʔγϣϯͱ͔ʣ
 ࢖͏ͷ͋Γʁͳ͠ʁ