Perl::Critic - Critique Perl source code for style and standards
use Perl::Critic; my $file = shift; my $critic = Perl::Critic->new(); my @violations = $critic->critique($file); print @violations;
Perl::Critic is an extensible framework for creating and applying coding standards to Perl source code. Essentially, it is a static source code analysis engine. Perl::Critic is distributed with a number of Perl::Critic::Policy modules that attempt to enforce various coding guidelines. Most Policy modules are based on Damian Conway's book Perl Best Practices. You can enable, disable, and customize those Polices through the Perl::Critic interface. You can also create new Policy modules that suit your own tastes.
For a convenient command-line interface to Perl::Critic, see the documentation for perlcritic. If you want to integrate Perl::Critic with your build process, Test::Perl::Critic provides an interface that is suitable for test scripts. Win32 and ActvePerl users can find PPM distributions of Perl::Critic at http://theoryx5.uwinnipeg.ca/ppms/.
Returns a reference to a new Perl::Critic object. Most arguments are just passed directly into Perl::Critic::Config, but I have described them here as well. All arguments are optional key-value pairs as follows:
-profile is a path to a configuration file. If $FILE is not defined, Perl::Critic::Config attempts to find a .perlcriticrc configuration file in the current directory, and then in your home directory. Alternatively, you can set the PERLCRITIC environment variable to point to a file in another location. If a configuration file can't be found, or if $FILE is an empty string, then all Policies will be loaded with their default configuration. See "CONFIGURATION" for more information.
$FILE
PERLCRITIC
-severity is the minimum severity level. Only Policy modules that have a severity greater than $N will be loaded. Severity values are integers ranging from 1 (least severe) to 5 (most severe). The default is 5. For a given -profile, decreasing the -severity will usually result in more Policy violations. Users can redefine the severity level for any Policy in their .perlcriticrc file. See "CONFIGURATION" for more information.
$N
-profile
-severity
-include is a reference to a list of string @PATTERNS. Policy modules that match at least one m/$PATTERN/imx will always be loaded, irrespective of the severity settings. For example:
@PATTERNS
m/$PATTERN/imx
my $critic = Perl::Critic->new(-include => ['layout'] -severity => 4);
This would cause Perl::Critic to load all the CodeLayout::* Policy modules even though they have a severity level that is less than 4. You can use -include in conjunction with the -exclude option. Note that -exclude takes precedence over -include when a Policy matches both patterns.
CodeLayout::*
-include
-exclude
-exclude is a reference to a list of string @PATTERNS. Policy modules that match at least one m/$PATTERN/imx will not be loaded, irrespective of the severity settings. For example:
my $critic = Perl::Critic->new(-exclude => ['strict'] -severity => 1);
This would cause Perl::Critic to not load the RequireUseStrict and ProhibitNoStrict Policy modules even though they have a severity level that is greater than 1. You can use -exclude in conjunction with the -include option. Note that -exclude takes precedence over -include when a Policy matches both patterns.
RequireUseStrict
ProhibitNoStrict
-force controls whether Perl::Critic observes the magical "## no critic" pseudo-pragmas in your code. If set to a true value, Perl::Critic will analyze all code. If set to a false value (which is the default) Perl::Critic will ignore code that is tagged with these comments. See "BENDING THE RULES" for more information.
"## no critic"
-config is a reference to a Perl::Critic::Config object. If you have created your own Config object for some reason, you can pass it in here instead of having Perl::Critic create one for you. Using the -config option causes the -profile and -noprofile options to be silently ignored.
-config
-noprofile
Runs the $source_code through the Perl::Critic engine using all the Policies that have been loaded into this engine. If $source_code is a scalar reference, then it is treated as string of actual Perl code. Otherwise, it is treated as a path to a file containing Perl code. Returns a list of Perl::Critic::Violation objects for each violation of the loaded Policies. The list is sorted in the order that the Violations appear in the code. If there are no violations, returns an empty list.
$source_code
Loads Policy object and adds into this Critic. If the object cannot be instantiated, it will throw a warning and return a false value. Otherwise, it returns a reference to this Critic.
-policy is the name of a Perl::Critic::Policy subclass module. The 'Perl::Critic::Policy' portion of the name can be omitted for brevity. This argument is required.
'Perl::Critic::Policy'
-config is an optional reference to a hash of Policy configuration parameters (Note that this is not a Perl::Critic::Config object). The contents of this hash reference will be passed into to the constructor of the Policy module. See the documentation in the relevant Policy module for a description of the arguments it supports.
Returns a list containing references to all the Policy objects that have been loaded into this engine. Objects will be in the order that they were loaded.
Returns the Perl::Critic::Config object that was created for this Critic.
The default configuration file is called .perlcriticrc. Perl::Critic will look for this file in the current directory first, and then in your home directory. Alternatively, you can set the PERLCRITIC environment variable to explicitly point to a different file in another location. If none of these files exist, and the -profile option is not given to the constructor, then all the modules that are found in the Perl::Critic::Policy namespace will be loaded with their default configuration.
The format of the configuration file is a series of INI-style sections that contain key-value pairs separated by '='. Comments should start with '#' and can be placed on a separate line or after the name-value pairs if you desire. The general recipe is a series of blocks like this:
[Perl::Critic::Policy::Category::PolicyName] severity = 1 arg1 = value1 arg2 = value2
Perl::Critic::Policy::Category::PolicyName is the full name of a module that implements the policy. The Policy modules distributed with Perl::Critic have been grouped into categories according to the table of contents in Damian Conway's book Perl Best Practices. For brevity, you can ommit the 'Perl::Critic::Policy' part of the module name.
Perl::Critic::Policy::Category::PolicyName
severity is the level of importance you wish to assign to the Policy. All Policy modules are defined with a default severity value ranging from 1 (least severe) to 5 (most severe). However, you may disagree with the default severity and choose to give it a higher or lower severity, based on your own coding philosophy.
severity
The remaining key-value pairs are configuration parameters for that will be passed into the constructor that Policy. The constructors for most Policy modules do not support arguments, and those that do should have reasonable defaults. See the documentation on the appropriate Policy module for more details.
Instead of redefining the severity for a given Policy, you can completely disable a Policy by prepending a '-' to the name of the module in your configuration file. In this manner, the Policy will never be loaded, regardless of the -severity given to the Perl::Critic constructor.
A simple configuration might look like this:
#-------------------------------------------------------------- # I think these are really important, so always load them [TestingAndDebugging::RequireUseStrict] severity = 5 [TestingAndDebugging::RequireUseWarnings] severity = 5 #-------------------------------------------------------------- # I think these are less important, so only load when asked [Variables::ProhibitPackageVars] severity = 2 [ControlStructures::ProhibitPostfixControls] allow = if unless #My custom configuration severity = 2 #-------------------------------------------------------------- # I do not agree with these at all, so never load them [-NamingConventions::ProhibitMixedCaseVars] [-NamingConventions::ProhibitMixedCaseSubs] #-------------------------------------------------------------- # For all other Policies, I accept the default severity, # so no additional configuration is required for them.
A few sample configuration files are included in this distribution under the t/samples directory. The perlcriticrc.none file demonstrates how to disable Policy modules. The perlcriticrc.levels file demonstrates how to redefine the severity level for any given Policy module. The perlcriticrc.pbp file configures Perl::Critic to load only Policies described in Damian Conway's book "Perl Best Practice."
The following Policy modules are distributed with Perl::Critic. The Policy modules have been categorized according to the table of contents in Damian Conway's book Perl Best Practices. Since most coding standards take the form "do this..." or "don't do that...", I have adopted the convention of naming each module RequireSomething or ProhibitSomething. Each Policy is listed here with it's default severity. If you don't agree with the default severity, you can change it in your .perlcriticrc file. See the documentation of each module for it's specific details.
RequireSomething
ProhibitSomething
Use 4-argument substr instead of writing substr($foo, 2, 6) = $bar [Severity 3]
substr
substr($foo, 2, 6) = $bar
Use Time::HiRes instead of something like select(undef, undef, undef, .05) [Severity 5]
select(undef, undef, undef, .05)
Write eval { my $foo; bar($foo) } instead of eval "my $foo; bar($foo);" [Severity 5]
eval { my $foo; bar($foo) }
eval "my $foo; bar($foo);"
Write grep { $_ =~ /$pattern/ } @list instead of grep /$pattern/, @list [Severity 4]
grep { $_ =~ /$pattern/ } @list
grep /$pattern/, @list
Write map { $_ =~ /$pattern/ } @list instead of map /$pattern/, @list [Severity 4]
map { $_ =~ /$pattern/ } @list
map /$pattern/, @list
Use glob q{*} instead of <*> [Severity 5]
glob q{*}
Write bless {}, $class; instead of just bless {}; [Severity 5]
bless {}, $class;
bless {};
Use spaces instead of tabs. [Severity 3]
Write open $handle, $path instead of open($handle, $path) [Severity 1]
open $handle, $path
open($handle, $path)
Write qw(foo bar baz) instead of ('foo', 'bar', 'baz') [Severity 2]
qw(foo bar baz)
('foo', 'bar', 'baz')
Must run code through perltidy. [Severity 1]
Put a comma at the end of every multi-line list declaration, including the last one. [Severity 1]
Don't write long "if-elsif-elsif-elsif-elsif...else" chains. [Severity 3]
Write for(0..20) instead of for($i=0; $i<=20; $i++) [Severity 2]
for(0..20)
for($i=0; $i<=20; $i++)
Write if($condition){ do_something() } instead of do_something() if $condition [Severity 2]
if($condition){ do_something() }
do_something() if $condition
Write if(! $condition) instead of unless($condition) [Severity 2]
if(! $condition)
unless($condition)
Write while(! $condition) instead of until($condition) [Severity 2]
while(! $condition)
until($condition)
Discourage stuff like @files = `ls $directory` [Severity 3]
@files = `ls $directory`
Write open my $fh, q{<}, $filename; instead of open FH, q{<}, $filename; [Severity 5]
open my $fh, q{<}, $filename;
open FH, q{<}, $filename;
Never write select($fh) [Severity 4]
select($fh)
Write open $fh, q{<}, $filename; instead of open $fh, "<$filename"; [Severity 5]
open $fh, q{<}, $filename;
open $fh, "<$filename";
Put source-control keywords in every file. [Severity 2]
Put packages (especially subclasses) in separate files. [Severity 4]
Write require Module instead of require 'Module.pm' [Severity 5]
require Module
require 'Module.pm'
Ban modules that aren't blessed by your shop. [Severity 5]
Always make the package explicit. [Severity 4]
package
Give every module a $VERSION number. [Severity 2]
$VERSION
End each module with an explicity 1; instead of some funky expression. [Severity 4]
1;
Don't use vague variable or subroutine names like 'last' or 'record'. [Severity 3]
Write sub my_function{} instead of sub MyFunction{} [Severity 1]
sub my_function{}
sub MyFunction{}
Write $my_variable = 42 instead of $MyVariable = 42 [Severity 1]
$my_variable = 42
$MyVariable = 42
Write @{ $array_ref } instead of @$array_ref [Severity 2]
@{ $array_ref }
@$array_ref
Always use the /m modifier with regular expressions. [Severity 3]
/m
Always use the /x modifier with regular expressions. [Severity 2]
/x
Don't call functions with a leading ampersand sigil. [Severity 2]
Don't declare your own open function. [Severity 4]
open
Minimize complexity by factoring code into smaller subroutines. [Severity 3]
Return failure with bare return instead of return undef [Severity 5]
return
return undef
Don't write sub my_function (@@) {} [Severity 5]
sub my_function (@@) {}
End every path through a subroutine with an explicit return statement. [Severity 4]
Prohibit various flavors of no strict [Severity 5]
no strict
Prohibit various flavors of no warnings [Severity 4]
no warnings
Always use strict [Severity 5]
use strict
Always use warnings [Severity 4]
use warnings
Don't use constant $FOO = 15 > [Severity 4]
use constant $FOO =
Write q{} instead of '' [Severity 2]
q{}
''
Always use single quotes for literal strings. [Severity 1]
Write oct(755) instead of 0755 [Severity 5]
oct(755)
0755
Use q{} or qq{} instead of quotes for awkward-looking strings. [Severity 2]
qq{}
Warns that you might have used single quotes when you really wanted double-quotes. [Severity 1]
Write 141_234_397.0145 instead of 141234397.0145 [Severity 2]
141_234_397.0145
141234397.0145
Write print <<'THE_END' or print <<"THE_END" [Severity 3]
print <<'THE_END'
print <<"THE_END"
Write <<'THE_END'; instead of <<'theEnd'; [Severity 1]
<<'THE_END';
<<'theEnd';
Use my instead of local, except when you have to. [Severity 2]
my
local
Eliminate globals declared with our or use vars [Severity 3]
our
use vars
Write $EVAL_ERROR instead of $@ [Severity 2]
$EVAL_ERROR
$@
Perl::Critic takes a hard-line approach to your code: either you comply or you don't. In the real world, it is not always practical (or even possible) to fully comply with coding standards. In such cases, it is wise to show that you are knowingly violating the standards and that you have a Damn Good Reason (DGR) for doing so.
To help with those situations, you can direct Perl::Critic to ignore certain lines or blocks of code by using pseudo-pragmas:
require 'LegacyLibaray1.pl'; ## no critic require 'LegacyLibrary2.pl'; ## no critic for my $element (@list) { ## no critic $foo = ""; #Violates 'ProhibitEmptyQuotes' $barf = bar() if $foo; #Violates 'ProhibitPostfixControls' #Some more evil code... ## use critic #Some good code... do_something($_); }
The "## no critic" comments direct Perl::Critic to ignore the remaining lines of code until the end of the current block, or until a "## use critic" comment is found (whichever comes first). If the "## no critic" comment is on the same line as a code statement, then only that line of code is overlooked. To direct perlcritic to ignore the "## no critic" comments, use the -force option.
"## use critic"
-force
Use this feature wisely. "## no critic" should be used in the smallest possible scope, or only on individual lines of code. If Perl::Critic complains about your code, try and find a compliant solution before resorting to this feature.
The modular design of Perl::Critic is intended to facilitate the addition of new Policies. You'll need to have some understanding of PPI, but most Policy modules are pretty straightforward and only require about 20 lines of code. Please see the DEVELOPER.pod file included in this distribution for a step-by-step demonstration of how to create new Policy modules.
If you develop any new Policy modules, feel free to send them to <thaljef@cpan.org> and I'll be happy to put them into the Perl::Critic distribution. Or if you'd like to work on the Perl::Critic project directly, check out our repository at http://perlcritic.tigris.org.
Perl::Critic requires the following modules:
Config::Tiny
File::Spec
IO::String
List::Util
List::MoreUtils
Module::Pluggable
PPI
Pod::Usage
Pod::PlainText
String::Format
The following modules are optional, but recommended for complete testing:
Test::Pod
Test::Pod::Coverage
Test::Perl::Critic
The repository for the Perl::Critic project is hosted at http://perlcritic.tigris.org. If you have ideas for new Policies or any other suggestions, you're welcome to join the project. To subscribe to our mailing list, send a message to dev-subscribe@perlcritic.tigris.org.
dev-subscribe@perlcritic.tigris.org
Scrutinizing Perl code is hard for humans, let alone machines. If you find any bugs, particularly false-positives or false-negatives from a Perl::Critic::Policy, please submit them to http://rt.cpan.org/NoAuth/Bugs.html?Dist=Perl-Critic. Thanks.
Adam Kennedy - For creating PPI, the heart and soul of Perl::Critic.
Damian Conway - For writing Perl Best Practices
Giuseppe Maxia - For all the great ideas and enhancements.
Chris Dolan - For numerous bug reports and suggestions.
Sharon, my wife - For putting up with my all-night code sessions
Jeffrey Ryan Thalhammer <thaljef@cpan.org>
Copyright (c) 2005 Jeffrey Ryan Thalhammer. All rights reserved.
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. The full text of this license can be found in the LICENSE file included with this module.
To install Perl::Critic, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Perl::Critic
CPAN shell
perl -MCPAN -e shell install Perl::Critic
For more information on module installation, please visit the detailed CPAN module installation guide.