flawdetector - rubykaigi2013 lt
DESCRIPTION
rubykaigi2013 の LTで発表した FlawDetectorの資料です。 https://github.com/ginriki/flaw_detector 補足: タイトル等のレイアウトは"RubyKaigi 2013 Team"から頂いたテンプレ(CCライセンス: (http://creativecommons.org/licenses/by-nc-sa/2.1/jp/)を使ってます。TRANSCRIPT
Rikiya Ayukawa / Software developer FlawDetector – finding ruby code’s flaw by static analysis
Agenda • Self Introduction - 自己紹介
• About FlawDetector – ソフト紹介
• Implementation of FlawDetector – 実装
• Future Work – 追加開発について
Self-‐Introduc.on
• 2009〜2013 Fujitsu Limited. – developed cloud system (using Ruby)
• 2013 Digital Iden.ty Inc. – develop web api for smart phone app (using Ruby)
• Rikiya Ayukawa (@twginriki) – hobbies – Thinking and Making something for effec.ve soOware developing
– Equity investment – Thank you Abenomics!
3
About FlawDetector
- It’s my hobby -
Have you ever seen “flaw” codes such as
• Determine if a variable is not nil or false twice. This confuses us a little.
• Typo a variable name. This will causes an exception.
bar = nil begin … rescue puts ba # raise NoMethodError end
def foo(bar) return unless bar … # no_assignemnt_bar if bar # <- redundant check … end end
FlawDetector is a tool that can (will) detect these “flaw” codes by static analysis
def foo(bar) return unless bar … # no_assignemnt_bar if bar # <- redundant check … end end
$ flaw_detector file.rb msgid,file,line,short_desc,long_desc,details RCN_REDUNDANT_FALSECHECK_OF_TRUE_VALUE,file.rb,4, …
I will make the tool detect typo within this year.
You can try it: $ gem install flaw_detector $ flaw_detector <rb file> ※ It only works on ruby-1.9 . I will release next version for ruby 2.0 this weekend.
Cases to gems ・gem json (pull request #170) depth = state.depth -= 1 result << state.object_nl - result << state.indent * depth if indent if indent + result << state.indent * depth if indent result << '}' result
・gem diff-lcs (pull request #19) return 0 unless diffs - if (@format == :report) and diffs + if @format == :report output << "Files #{file_old} and #{file_new} differ\n" return 1 end
I run FlawDetector for 15 OSS and found “flaw” code in 2 OSS. I sent pull requests and these were merged.
Implementation of
FlawDetector
Just like FindBugs…
FindBugs • Is a static analysis tool of java bytecode
• Detects bugs with 400 bug patterns These patterns ideas are very useful Bug pattern list: http://findbugs.sourceforge.net/bugDescriptions.html
FindBugs vs FlawDetector
・・・
400 patterns
only 3 patterns
FlawDetector works
1. Compile rbfile to RubyVM bytecodes • RubyVM::InstructionSequence.compile
2. Construct code flow information as BasicBlock, CFG, Dominator tree.
3. Calculate value of variables and regard a bytecode which raise error or is redundant as flaw
Technical references
YARV (RubyVM) bytecode http://www.atdot.net/yarv/
FindBugs
http://www.cs.nyu.edu/~lharris/papers/findbugsPaper.pdf
Future Work
I will implement bug patterns close to FindBugs It requires below features: • Support to detect “flaw” in block (such as
each, map, collect, etc…)
• Static analysis for code pathes by using result of already tested another path by RSpec exmaple
• Type assertion with yard annotation (ex: @param varname [Type] …)
Need your help 協力者募集中!
• Issue Reporting • Implementation • Documentation • …etc
Twitter: @twginriki Github: ginriki