NAME
Perl::Critic - Critique Perl source code for style and standards
SYNOPSIS
use Perl::Critic;
my $file = shift;
my $critic = Perl::Critic->new();
my @violations = $critic->critique($file);
print @violations;
DESCRIPTION
Perl::Critic is an extensible framework for creating and applying coding
standards to Perl source code. Essentially, it is a static source code
analysis engine. Perl::Critic is distributed with a number of
Perl::Critic::Policy modules that attempt to enforce various coding
guidelines. Most Policy modules are based on Damian Conway's book Perl
Best Practices. You can enable, disable, and customize those Polices
through the Perl::Critic interface. You can also create new Policy
modules that suit your own tastes.
For a convenient command-line interface to Perl::Critic, see the
documentation for perlcritic. If you want to integrate Perl::Critic with
your build process, Test::Perl::Critic provides an interface that is
suitable for test scripts. For the ultimate convenience (at the expense
of some flexibility) see the criticism pragma.
Win32 and ActvePerl users can find PPM distributions of Perl::Critic at
.
CONSTRUCTOR
"new( -profile => $FILE, -severity => $N, -include => \@PATTERNS,
-exclude => \@PATTERNS, -force => 1 )"
Returns a reference to a new Perl::Critic object. Most arguments
are just passed directly into Perl::Critic::Config, but I have
described them here as well. All arguments are optional
key-value pairs as follows:
-profile is a path to a configuration file. If $FILE is not
defined, Perl::Critic::Config attempts to find a .perlcriticrc
configuration file in the current directory, and then in your
home directory. Alternatively, you can set the "PERLCRITIC"
environment variable to point to a file in another location. If
a configuration file can't be found, or if $FILE is an empty
string, then all Policies will be loaded with their default
configuration. See "CONFIGURATION" for more information.
-severity is the minimum severity level. Only Policy modules
that have a severity greater than $N will be loaded. Severity
values are integers ranging from 1 (least severe) to 5 (most
severe). The default is 5. For a given "-profile", decreasing
the "-severity" will usually result in more Policy violations.
Users can redefine the severity level for any Policy in their
.perlcriticrc file. See "CONFIGURATION" for more information.
-include is a reference to a list of string @PATTERNS. Policy
modules that match at least one "m/$PATTERN/imx" will always be
loaded, irrespective of the severity settings. For example:
my $critic = Perl::Critic->new(-include => ['layout'] -severity => 4);
This would cause Perl::Critic to load all the "CodeLayout::*"
Policy modules even though they have a severity level that is
less than 4. You can use "-include" in conjunction with the
"-exclude" option. Note that "-exclude" takes precedence over
"-include" when a Policy matches both patterns.
-exclude is a reference to a list of string @PATTERNS. Policy
modules that match at least one "m/$PATTERN/imx" will not be
loaded, irrespective of the severity settings. For example:
my $critic = Perl::Critic->new(-exclude => ['strict'] -severity => 1);
This would cause Perl::Critic to not load the "RequireUseStrict"
and "ProhibitNoStrict" Policy modules even though they have a
severity level that is greater than 1. You can use "-exclude" in
conjunction with the "-include" option. Note that "-exclude"
takes precedence over "-include" when a Policy matches both
patterns.
-force controls whether Perl::Critic observes the magical ""##
no critic"" pseudo-pragmas in your code. If set to a true value,
Perl::Critic will analyze all code. If set to a false value
(which is the default) Perl::Critic will ignore code that is
tagged with these comments. See "BENDING THE RULES" for more
information.
-config is a reference to a Perl::Critic::Config object. If you
have created your own Config object for some reason, you can
pass it in here instead of having Perl::Critic create one for
you. Using the "-config" option causes all the other options to
be silently ignored.
METHODS
"critique( $source_code )"
Runs the $source_code through the Perl::Critic engine using all
the Policies that have been loaded into this engine. If
$source_code is a scalar reference, then it is treated as string
of actual Perl code. Otherwise, it is treated as a path to a
file containing Perl code. Returns a list of
Perl::Critic::Violation objects for each violation of the loaded
Policies. The list is sorted in the order that the Violations
appear in the code. If there are no violations, returns an empty
list.
"add_policy( -policy => $policy_name, -config => \%config_hash )"
Creates a Policy object and loads it into this Critic. If the
object cannot be instantiated, it will throw a warning and
return a false value. Otherwise, it returns a reference to this
Critic.
-policy is the name of a Perl::Critic::Policy subclass module.
The 'Perl::Critic::Policy' portion of the name can be omitted
for brevity. This argument is required.
-config is an optional reference to a hash of Policy
configuration parameters. Note that this is not the same thing
as a "Perl::Critic::Config object". The contents of this hash
reference will be passed into to the constructor of the Policy
module. See the documentation in the relevant Policy module for
a description of the arguments it supports.
"policies()"
Returns a list containing references to all the Policy objects
that have been loaded into this engine. Objects will be in the
order that they were loaded.
"config()"
Returns the Perl::Critic::Config object that was created for or
given to this Critic.
CONFIGURATION
The default configuration file is called .perlcriticrc. Perl::Critic
will look for this file in the current directory first, and then in your
home directory. Alternatively, you can set the PERLCRITIC environment
variable to explicitly point to a different file in another location. If
none of these files exist, and the "-profile" option is not given to the
constructor, then all the modules that are found in the
Perl::Critic::Policy namespace will be loaded with their default
configuration.
The format of the configuration file is a series of INI-style sections
that contain key-value pairs separated by '='. Comments should start
with '#' and can be placed on a separate line or after the name-value
pairs if you desire. The general recipe is a series of blocks like this:
[Perl::Critic::Policy::Category::PolicyName]
severity = 1
arg1 = value1
arg2 = value2
"Perl::Critic::Policy::Category::PolicyName" is the full name of a
module that implements the policy. The Policy modules distributed with
Perl::Critic have been grouped into categories according to the table of
contents in Damian Conway's book Perl Best Practices. For brevity, you
can omit the 'Perl::Critic::Policy' part of the module name.
"severity" is the level of importance you wish to assign to the Policy.
All Policy modules are defined with a default severity value ranging
from 1 (least severe) to 5 (most severe). However, you may disagree with
the default severity and choose to give it a higher or lower severity,
based on your own coding philosophy.
The remaining key-value pairs are configuration parameters for that will
be passed into the constructor that Policy. The constructors for most
Policy modules do not support arguments, and those that do should have
reasonable defaults. See the documentation on the appropriate Policy
module for more details.
Instead of redefining the severity for a given Policy, you can
completely disable a Policy by prepending a '-' to the name of the
module in your configuration file. In this manner, the Policy will never
be loaded, regardless of the "-severity" given to the Perl::Critic
constructor.
A simple configuration might look like this:
#--------------------------------------------------------------
# I think these are really important, so always load them
[TestingAndDebugging::RequireUseStrict]
severity = 5
[TestingAndDebugging::RequireUseWarnings]
severity = 5
#--------------------------------------------------------------
# I think these are less important, so only load when asked
[Variables::ProhibitPackageVars]
severity = 2
[ControlStructures::ProhibitPostfixControls]
allow = if unless #My custom configuration
severity = 2
#--------------------------------------------------------------
# I do not agree with these at all, so never load them
[-NamingConventions::ProhibitMixedCaseVars]
[-NamingConventions::ProhibitMixedCaseSubs]
#--------------------------------------------------------------
# For all other Policies, I accept the default severity,
# so no additional configuration is required for them.
A few sample configuration files are included in this distribution under
the t/samples directory. The perlcriticrc.none file demonstrates how to
disable Policy modules. The perlcriticrc.levels file demonstrates how to
redefine the severity level for any given Policy module. The
perlcriticrc.pbp file configures Perl::Critic to load only Policies
described in Damian Conway's book "Perl Best Practice."
THE POLICIES
The following Policy modules are distributed with Perl::Critic. The
Policy modules have been categorized according to the table of contents
in Damian Conway's book Perl Best Practices. Since most coding standards
take the form "do this..." or "don't do that...", I have adopted the
convention of naming each module "RequireSomething" or
"ProhibitSomething". Each Policy is listed here with it's default
severity. If you don't agree with the default severity, you can change
it in your .perlcriticrc file. See the documentation of each module for
it's specific details.
Perl::Critic::Policy::BuiltinFunctions::ProhibitLvalueSubstr
Use 4-argument "substr" instead of writing "substr($foo, 2, 6) = $bar"
[Severity 3]
Perl::Critic::Policy::BuiltinFunctions::ProhibitSleepViaSelect
Use Time::HiRes instead of something like "select(undef, undef, undef,
.05)" [Severity 5]
Perl::Critic::Policy::BuiltinFunctions::ProhibitStringyEval
Write "eval { my $foo; bar($foo) }" instead of "eval "my $foo;
bar($foo);"" [Severity 5]
Perl::Critic::Policy::BuiltinFunctions::RequireBlockGrep
Write "grep { $_ =~ /$pattern/ } @list" instead of "grep /$pattern/,
@list" [Severity 4]
Perl::Critic::Policy::BuiltinFunctions::RequireBlockMap
Write "map { $_ =~ /$pattern/ } @list" instead of "map /$pattern/,
@list" [Severity 4]
Perl::Critic::Policy::BuiltinFunctions::RequireGlobFunction
Use "glob q{*}" instead of <*> [Severity 5]
Perl::Critic::Policy::ClassHierarchies::ProhibitOneArgBless
Write "bless {}, $class;" instead of just "bless {};" [Severity 5]
Perl::Critic::Policy::CodeLayout::ProhibitHardTabs
Use spaces instead of tabs. [Severity 3]
Perl::Critic::Policy::CodeLayout::ProhibitParensWithBuiltins
Write "open $handle, $path" instead of "open($handle, $path)" [Severity
1]
Perl::Critic::Policy::CodeLayout::ProhibitQuotedWordLists
Write "qw(foo bar baz)" instead of "('foo', 'bar', 'baz')" [Severity 2]
Perl::Critic::Policy::CodeLayout::RequireTidyCode
Must run code through perltidy. [Severity 1]
Perl::Critic::Policy::CodeLayout::RequireTrailingCommas
Put a comma at the end of every multi-line list declaration, including
the last one. [Severity 1]
Perl::Critic::Policy::ControlStructures::ProhibitCascadingIfElse
Don't write long "if-elsif-elsif-elsif-elsif...else" chains. [Severity
3]
Perl::Critic::Policy::ControlStructures::ProhibitCStyleForLoops
Write "for(0..20)" instead of "for($i=0; $i<=20; $i++)" [Severity 2]
Perl::Critic::Policy::ControlStructures::ProhibitPostfixControls
Write "if($condition){ do_something() }" instead of "do_something() if
$condition" [Severity 2]
Perl::Critic::Policy::ControlStructures::ProhibitUnlessBlocks
Write "if(! $condition)" instead of "unless($condition)" [Severity 2]
Perl::Critic::Policy::ControlStructures::ProhibitUntilBlocks
Write "while(! $condition)" instead of "until($condition)" [Severity 2]
Perl::Critic::Policy::InputOutput::ProhibitBacktickOperators
Discourage stuff like "@files = `ls $directory`" [Severity 3]
Perl::Critic::Policy::InputOutput::ProhibitBarewordFileHandles
Write "open my $fh, q{<}, $filename;" instead of "open FH, q{<},
$filename;" [Severity 5]
Perl::Critic::Policy::InputOutput::ProhibitOneArgSelect
Never write "select($fh)" [Severity 4]
Perl::Critic::Policy::InputOutput::ProhibitTwoArgOpen
Write "open $fh, q{<}, $filename;" instead of "open $fh, "<$filename";"
[Severity 5]
Perl::Critic::Policy::Miscellanea::RequireRcsKeywords
Put source-control keywords in every file. [Severity 2]
Perl::Critic::Policy::Modules::ProhibitMultiplePackages
Put packages (especially subclasses) in separate files. [Severity 4]
Perl::Critic::Policy::Modules::RequireBarewordIncludes
Write "require Module" instead of "require 'Module.pm'" [Severity 5]
Perl::Critic::Policy::Modules::ProhibitEvilModules
Ban modules that aren't blessed by your shop. [Severity 5]
Perl::Critic::Policy::Modules::RequireExplicitPackage
Always make the "package" explicit. [Severity 4]
Perl::Critic::Policy::Modules::RequireVersionVar
Give every module a $VERSION number. [Severity 2]
Perl::Critic::Policy::Modules::RequireEndWithOne
End each module with an explicitly "1;" instead of some funky
expression. [Severity 4]
Perl::Critic::Policy::NamingConventions::ProhibitAmbiguousNames
Don't use vague variable or subroutine names like 'last' or 'record'.
[Severity 3]
Perl::Critic::Policy::NamingConventions::ProhibitMixedCaseSubs
Write "sub my_function{}" instead of "sub MyFunction{}" [Severity 1]
Perl::Critic::Policy::NamingConventions::ProhibitMixedCaseVars
Write "$my_variable = 42" instead of "$MyVariable = 42" [Severity 1]
Perl::Critic::Policy::References::ProhibitDoubleSigils
Write "@{ $array_ref }" instead of @$array_ref [Severity 2]
Perl::Critic::Policy::RegularExpressions::RequireLineBoundaryMatching
Always use the "/m" modifier with regular expressions. [Severity 3]
Perl::Critic::Policy::RegularExpressions::RequireExtendedFormatting
Always use the "/x" modifier with regular expressions. [Severity 2]
Perl::Critic::Policy::Subroutines::ProhibitAmpersandSigils
Don't call functions with a leading ampersand sigil. [Severity 2]
Perl::Critic::Policy::Subroutines::ProhibitBuiltinHomonyms
Don't declare your own "open" function. [Severity 4]
Perl::Critic::Policy::Subroutines::ProhibitExcessComplexity
Minimize complexity by factoring code into smaller subroutines.
[Severity 3]
Perl::Critic::Policy::Subroutines::ProhibitExplicitReturnUndef
Return failure with bare "return" instead of "return undef" [Severity 5]
Perl::Critic::Policy::Subroutines::ProhibitSubroutinePrototypes
Don't write "sub my_function (@@) {}" [Severity 5]
Perl::Critic::Policy::Subroutines::RequireFinalReturn
End every path through a subroutine with an explicit "return" statement.
[Severity 4]
Perl::Critic::Policy::TestingAndDebugging::ProhibitNoStrict
Prohibit various flavors of "no strict" [Severity 5]
Perl::Critic::Policy::TestingAndDebugging::ProhibitNoWarnings
Prohibit various flavors of "no warnings" [Severity 4]
Perl::Critic::Policy::TestingAndDebugging::RequireUseStrict
Always "use strict" [Severity 5]
Perl::Critic::Policy::TestingAndDebugging::RequireUseWarnings
Always "use warnings" [Severity 4]
Perl::Critic::Policy::ValuesAndExpressions::ProhibitConstantPragma
Don't " use constant $FOO =" 15 > [Severity 4]
Perl::Critic::Policy::ValuesAndExpressions::ProhibitEmptyQuotes
Write "q{}" instead of '' [Severity 2]
Perl::Critic::Policy::ValuesAndExpressions::ProhibitInterpolationOfLiterals
Always use single quotes for literal strings. [Severity 1]
Perl::Critic::Policy::ValuesAndExpressions::ProhibitLeadingZeros
Write "oct(755)" instead of 0755 [Severity 5]
Perl::Critic::Policy::ValuesAndExpressions::ProhibitNoisyQuotes
Use "q{}" or "qq{}" instead of quotes for awkward-looking strings.
[Severity 2]
Perl::Critic::Policy::ValuesAndExpressions::RequireInterpolationOfMetachars
Warns that you might have used single quotes when you really wanted
double-quotes. [Severity 1]
Perl::Critic::Policy::ValuesAndExpressions::RequireNumberSeparators
Write " 141_234_397.0145 " instead of 141234397.0145 [Severity 2]
Perl::Critic::Policy::ValuesAndExpressions::RequireQuotedHeredocTerminator
Write " print <<'THE_END' " or " print <<"THE_END" " [Severity 3]
Perl::Critic::Policy::ValuesAndExpressions::RequireUpperCaseHeredocTerminator
Write " <<'THE_END'; " instead of " <<'theEnd'; " [Severity 1]
Perl::Critic::Policy::Variables::ProhibitLocalVars
Use "my" instead of "local", except when you have to. [Severity 2]
Perl::Critic::Policy::Variables::ProhibitPackageVars
Eliminate globals declared with "our" or "use vars" [Severity 3]
Perl::Critic::Policy::Variables::ProhibitPunctuationVars
Write $EVAL_ERROR instead of $@ [Severity 2]
BENDING THE RULES
Perl::Critic takes a hard-line approach to your code: either you comply
or you don't. In the real world, it is not always practical (or even
possible) to fully comply with coding standards. In such cases, it is
wise to show that you are knowingly violating the standards and that you
have a Damn Good Reason (DGR) for doing so.
To help with those situations, you can direct Perl::Critic to ignore
certain lines or blocks of code by using pseudo-pragmas:
require 'LegacyLibaray1.pl'; ## no critic
require 'LegacyLibrary2.pl'; ## no critic
for my $element (@list) {
## no critic
$foo = ""; #Violates 'ProhibitEmptyQuotes'
$barf = bar() if $foo; #Violates 'ProhibitPostfixControls'
#Some more evil code...
## use critic
#Some good code...
do_something($_);
}
The "## no critic" comments direct Perl::Critic to ignore the remaining
lines of code until the end of the current block, or until a "## use
critic" comment is found (whichever comes first). If the "## no critic"
comment is on the same line as a code statement, then only that line of
code is overlooked. To direct perlcritic to ignore the "## no critic"
comments, use the "-force" option.
Use this feature wisely. "## no critic" should be used in the smallest
possible scope, or only on individual lines of code. If Perl::Critic
complains about your code, try and find a compliant solution before
resorting to this feature.
IMPORTANT CHANGES
Perl-Critic is evolving rapidly. As such, some of the interfaces have
changed in ways that are not backward-compatible. This will probably
concern you only if you're developing Perl::Critic::Policy modules.
VERSION 0.11
Starting in version 0.11, the internal mechanics of Perl-Critic were
rewritten so that only one traversal of the PPI document tree is
required. Unfortunately, this will break any custom Policy modules that
you might have written for earlier versions. Converting your policies to
work with the new version is pretty easy and actually results in cleaner
code. See DEVELOPER.pod for an up-to-date guide on creating Policy
modules.
VERSION 0.14
Starting in version 0.14, the interface to Perl::Critic::Violation
changed. This will also break any custom Policy modules that you might
have written for ealier modules. See DEVELOPER.pod for an up-to-date
guide on creating Policy modules.
The notion of "priority" was also replaced with "severity" in version
0.14. Consequently, the default behavior of Perl::Critic is to only load
the most "severe" Policy modules, rather than loading all of them. This
decision was based on user-feedback suggesting that Perl-Critic should
be less "critical" for new users, and should steer them toward gradually
increasing the strictness as they adopt better coding practices.
EXTENDING THE CRITIC
The modular design of Perl::Critic is intended to facilitate the
addition of new Policies. You'll need to have some understanding of PPI,
but most Policy modules are pretty straightforward and only require
about 20 lines of code. Please see the Perl::Critic::DEVELOPER file
included in this distribution for a step-by-step demonstration of how to
create new Policy modules.
If you develop any new Policy modules, feel free to send them to
and I'll be happy to put them into the Perl::Critic
distribution. Or if you'd like to work on the Perl::Critic project
directly, check out our repository at . To
subscribe to our mailing list, send a message to
"dev-subscribe@perlcritic.tigris.org".
PREREQUISITES
Perl::Critic requires the following modules:
Config::Tiny
File::Spec
IO::String
List::Util
List::MoreUtils
Module::Pluggable
PPI
Pod::Usage
Pod::PlainText
String::Format
The following modules are optional, but recommended for complete
testing:
Test::Pod
Test::Pod::Coverage
Test::Perl::Critic
BUGS
Scrutinizing Perl code is hard for humans, let alone machines. If you
find any bugs, particularly false-positives or false-negatives from a
Perl::Critic::Policy, please submit them to
. Thanks.
CREDITS
Adam Kennedy - For creating PPI, the heart and soul of Perl::Critic.
Damian Conway - For writing Perl Best Practices
Giuseppe Maxia - For all the great ideas and enhancements.
Chris Dolan - For numerous bug reports and suggestions.
Sharon, my wife - For putting up with my all-night code sessions
AUTHOR
Jeffrey Ryan Thalhammer
COPYRIGHT
Copyright (c) 2005-2006 Jeffrey Ryan Thalhammer. All rights reserved.
This program is free software; you can redistribute it and/or modify it
under the same terms as Perl itself. The full text of this license can
be found in the LICENSE file included with this module.