search

semgrep / pfff

pfff is mainly an OCaml API to write static analysis, dynamic analysis, code visualizations, code navigations, or style-preserving source-to-source transformations such as refactorings on source code.
https://semgrep.dev
Other
186 stars 27 forks source link

cleanup README #358

Open dmitris opened 3 years ago

dmitris commented 3 years ago

https://github.com/returntocorp/pfff/blob/develop/changes.txt#039-q4-2019-real-python-parser-a-generic-ast-a-generic-sgrepscheck split off several tools:

* 0.39 (Q4 2019) (real Python parser, a generic AST, a generic sgrep/scheck)
10 years of Pfff! Started in November 2009 (while at Facebook).

** big split! move sgrep/spatch, codemap, codegraph, the lang_xxx bytecode
related, mini, and scheck in separate repositories
either under github.com/returntocorp (pfff, sgrep, check_generic)
or under github.com/aryx

It would be good to reflect those changes in README.md to avoid confusion - currently it says: https://github.com/returntocorp/pfff/blob/develop/README.md#pfff

pfff is also made of few tools:
 - `pfff`, which allows to test the different parsers on a single file
 - `scheck`, a bug finder
 - `stags`, an Emacs tag generator
 - `sgrep`, a syntactical grep
 - `spatch`, a syntactical patch
 - `codequery`, an interactive tool a la SQL to query information
   about the structure of a codebase using Prolog as the query engine
 - `pfff_db`, which does some global analysis on a set of source files and
   store the data in a marshalled form in a file somewhere (e.g. `/tmp/db.json`)
gordonwoodhull commented 3 years ago

Agree. I managed to install pfff but was sad not to find spatch.

(I wanted to give it a test on a Java project since I could not get Coccinelle4J to work on any examples of my own.)

Haven't found it yet!

Update: We got Coccinelle4J to work. There is also this PR to Spoon for SmPL.

aryx commented 3 years ago

@gordonwoodhull you should look at the spatch spinoff semgrep.dev, with source at https://github.com/returntocorp/semgrep/ It does not have the full power of spatch for program transformation, but it has an autofix feature that can fullfill some of the spatch requirements. See https://semgrep.dev/docs/experiments/overview/#autofix

gordonwoodhull commented 3 years ago

Thanks for the pointer!

I am looking for a tool for applying fuzzy patches (syntactic or semantic) but it kind of looks like I am a few years too early and these tools aren’t solid yet.

semgrep looks very interesting - will consider for future projects!

voldyman commented 3 years ago

An updated README would be really useful, i am trying to build codequery/codegraph and don't understand how to.

aryx commented 3 years ago

I'll try to make a new OPAM release of pfff, codegraph, codequery, so things will be simpler to install, but I don't have that much free time these days as I'm working full-time on semgrep.dev

voldyman commented 3 years ago

thanks @aryx i discovered this tool through semgrep!

I'll try to learn ocaml/opam build process and send a PR with the changes.

aryx commented 3 years ago

Pfff went through some big refactoring (all the tools used to be in the pfff monorepo) to faciltate the semgrep decelopment workflow, but it complicated the workflow a bit for the other tools