Rikiya Ayukawa / Software developer FlawDetector – finding ruby code’s flaw by static analysis

Agenda •  Self Introduction - 自己紹介

•  About FlawDetector – ソフト紹介

•  Implementation of FlawDetector – 実装

•  Future Work – 追加開発について

Self-­‐Introduc.on

•  2009〜2013  Fujitsu  Limited.  –   developed  cloud  system    (using  Ruby）  

•  2013                            Digital  Iden.ty  Inc.  –  develop  web  api for  smart  phone  app  (using  Ruby）  

 •  Rikiya  Ayukawa  (@twginriki)  –  hobbies  –  Thinking  and  Making  something  for  effec.ve  soOware  developing  

–  Equity  investment  –  Thank  you  Abenomics!  

3

About FlawDetector

- It’s my hobby -

Have you ever seen “flaw” codes such as

•  Determine if a variable is not nil or false twice. This confuses us a little.

•  Typo a variable name. This will causes an exception.

bar = nil begin … rescue puts ba # raise NoMethodError end

def foo(bar) return unless bar … # no_assignemnt_bar if bar # <- redundant check … end end

FlawDetector is a tool that can (will) detect these “flaw” codes by static analysis

def foo(bar) return unless bar … # no_assignemnt_bar if bar # <- redundant check … end end

$ flaw_detector file.rb msgid,file,line,short_desc,long_desc,details RCN_REDUNDANT_FALSECHECK_OF_TRUE_VALUE,file.rb,4, …

I will make the tool detect typo within this year.

You can try it: $ gem install flaw_detector $ flaw_detector <rb file> ※ It only works on ruby-1.9 . I will release next version for ruby 2.0 this weekend.

Cases to gems ・gem json (pull request #170) depth = state.depth -= 1 result << state.object_nl - result << state.indent * depth if indent if indent + result << state.indent * depth if indent result << '}' result

・gem diff-lcs (pull request #19) return 0 unless diffs - if (@format == :report) and diffs + if @format == :report output << "Files #{file_old} and #{file_new} differ\n" return 1 end

I run FlawDetector for 15 OSS and found “flaw” code in 2 OSS. I sent pull requests and these were merged.

Implementation of

FlawDetector

Just like FindBugs…

FindBugs •  Is a static analysis tool of java bytecode

•  Detects bugs with 400 bug patterns These patterns ideas are very useful Bug pattern list: http://findbugs.sourceforge.net/bugDescriptions.html

FindBugs vs FlawDetector

・・・

400 patterns

only 3 patterns

FlawDetector works

1.  Compile rbfile to RubyVM bytecodes •  RubyVM::InstructionSequence.compile

2.  Construct code flow information as BasicBlock, CFG, Dominator tree.

3.  Calculate value of variables and regard a bytecode which raise error or is redundant as flaw

Technical references

YARV (RubyVM) bytecode http://www.atdot.net/yarv/

FindBugs

http://www.cs.nyu.edu/~lharris/papers/findbugsPaper.pdf

Future Work

I will implement bug patterns close to FindBugs It requires below features: •  Support to detect “flaw” in block (such as

each, map, collect, etc…)

•  Static analysis for code pathes by using result of already tested another path by RSpec exmaple

•  Type assertion with yard annotation (ex: @param varname [Type] …)

Need your help 協力者募集中!

•  Issue Reporting •  Implementation •  Documentation •  …etc

Twitter: @twginriki Github: ginriki