 
                            The @ISA variable is a package variable that is used by all classes to indicate the class's parent (or parents). While this variable can be safely read to learn a class's inheritance hierarchy, it must not be modified at runtime [Conway 2005].
Noncompliant Code Example (@ISA)
This noncompliant code example defines a base class and an object class with simple methods:
| Code Block | ||||
|---|---|---|---|---|
| 
 | ||||
| {
  package Base;
  sub new {
    my $class = shift;
    my $self = {}; # no parent
    bless $self, $class;
    print "new Base\n";
    return $self;
  };
  sub base_value {return 1;}
}
{
  package Derived;
  our @ISA = qw(Base);  # establishes inheritance
  sub new {
    my $class = shift;
    my $self = $class->SUPER::new(@_);  # relies on established inheritance
    print "new Derived\n";
    return $self;
  };
  sub derived_value {return 2;}
}
BEGIN {
  my $derived = Derived->new();
  my $b = $derived->base_value();
  my $d = $derived->derived_value();
  print "base_value = $d\n";
  print "derived_value = $d\n";
}
 | 
When the code is run, we get a program error:
| Code Block | 
|---|
| Can't locate object method "new" via package "Derived::SUPER" at ... | 
This error occurs because the BEGIN block is evaluated at the beginning of runtime, before the @ISA statement can be evaluated. Consequently, when the Derived::new() constructor is invoked, the Derived class has an empty parents list and therefore fails to invoke Base::new().
Compliant Solution (parent)
This compliant solution uses the parent module rather than directly modifying the @ISA variable.
| Code Block | ||||
|---|---|---|---|---|
| 
 | ||||
| # ... package Base is unchanged
{
  package Derived;
  use parent qw(Base);
  sub new {
    my $class = shift;
    my $self = $class->SUPER::new(@_);  # relies on established inheritance
    print "new Derived\n";
    return $self;
  };
  sub derived_value {return 2;}
}
# ... The rest of the code is unchanged
 | 
The parent module establishes the inheritance hierarchy at parse time, before any runtime code, including the BEGIN block, is evaluated. When the Derived::new() constructor is invoked, Perl knows that Derived is an instance of Base, and the program produces the correct output:
| Code Block | 
|---|
| new Base new Derived derived_value = 2 base_value = 1 | 
Risk Assessment
Modifying class inheritance at runtime can introduce subtle bugs and is usually a sign of poor design.
| Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| OOP00-PL | Low | Unlikely | Low | P3 | L3 | 
Automated Detection
| Tool | Diagnostic | 
|---|---|
| Perl::Critic | ClassHierarchies::ProhibitExplicitISA | 
Bibliography
| [Conway 2005] | "Inheritance," p. 360 | 
|---|---|
| [CPAN] | Maischein, Max, parent | 
| [CPAN] | Shank, Elliot, Perl-Critic-1.116 ClassHierarchies::ProhibitExplicitISA |