Static Kotlin bug hunting Devoxx Morocco.pdf

©2023, SonarSource S.A, Switzerland.
Static Kotlin bug hunting
12.10.2023

Margarita Nedzelska
Software Engineer
Conferences speaker & organizer
Java/Kotlin/Scala/TS/...
@jMargaritaN

https://www.freepik.com/vectors/ukraine-war
Ukraine war vector created by starline - www.freepik.com

Agenda
● History
● Why Kotlin?
● sonar-kotlin 2.0
● Feedback
● Achievements
● Takeaways
5

SonarQube 8.9 (previous LTS)
6

SonarQube 9.9 (LTS)
7

What happened?

Static
Analysis

class HelloWorld {
fun f() {
println("Hello, World!")
}
}

SLang
AST
Kotlin Scala
Go Ruby

PROs
● 1 rule - many languages
● Fast new languages
adoption
● Maintenance
● Rules precision
● Language speciﬁc rules
● Testing
● Semantic
● …
CONs

Semantic
Model
21

class HelloWorld {
fun f() {
}
}
fun g(x: HelloWorld) {
x.f()
}

Why Kotlin?

Why
● Growing popularity of Kotlin
● User feedback
● We wanted to use Kotlin
● Android and Security
● SLang is limited
27

sonar-kotlin 2.0

class HelloWorld {
fun f() {
}
}
We had

class HelloWorld {
fun f() {
}
}
We wanted

class HelloWorld {
fun f() {
}
}
We implemented

class HelloWorld {
fun f() {
}
}
Technical debt

What’s wrong with Kotlin AST
34

● Nullability hell
35

36
override fun visitBinaryExpression(expression: KtBinaryExpression, ...) {
val rightExpression = expression. right // Nullable
val leftExpression = expression. left // Nullable
...
}

37
override fun visitBinaryExpression(expression: KtBinaryExpression,...) {
val rightExpression = expression. right?.let {
val leftExpression = expression. left?.let {
...
}
}
...
}

38
val rightExpression = expression. right ?: return
val leftExpression = expression. left ?: return
...
}

39
val rightExpression = expression. right!!
val leftExpression = expression. left!!
...
}

40
// Valid KtBinaryExpression should always have right & left
val rightExpression = expression. right!!
val leftExpression = expression. left!!
...
}

● Lack of Documentation & naming
41

What is
KtNamedFunction?

Bad Function Name rule
43
fun visitNamedFunction
(f: KtNamedFunction, …){
// Named functions always have name
val name = f.name!!
if (!name.matches(formatRegex)) {
reportIssue(
f.nameIdentifier!!,
"Message"
)
}
}

val name = f.name!!
reportIssue(
f.nameIdentifier!!,
"Message"
)
}
}
44
val function = fun() {}

45
java.lang.NullPointerException
val name = f.name!!
reportIssue(
f.nameIdentifier!!,
"Message"
)
}
}

46
fun visitNamedFunction(f: KtNamedFunction
, …){
val name = f.name!!
reportIssue(
f.nameIdentifier!!,
"Message"
)
}
}

47
fun visitNamedFunction(f: KtNamedFunction
, …){
val name = f.name!!
reportIssue(
f.nameIdentifier!!,
"Message"
)
}
}
KtNamedFunction
is
declared with
“fun”

● Lack of Documentation & naming
● Compiler diagnostics
48

Deprecated Code Used Rule
49

50
fun visitKtFile(file: KtFile, ctx: Context) {
ctx.diagnostics
.filter {
it.factory == Errors.DEPRECATION
}.forEach {
ctx.reportIssue(
it.psiElement,"Message"
)
}
}

51
ctx.diagnostics
.filter {
}.forEach {
ctx.reportIssue(
)
}
}
@Deprecated("Some text")
enum class
MyEnum(val s:String) {
ENTRY1(""),
}

52
ctx.diagnostics
.filter {
}.forEach {
ctx.reportIssue(
)
}
}
enum class
ENTRY1(""),
}
java.lang.IndexOutOfBoundsException: (5:11,5:10)

53
ctx.diagnostics
.filter {
}.forEach {
ctx.reportIssue(
)
}
}
enum class
ENTRY1(""),
}

54
fun visitKtFile(file: KtFile
, ctx: Context) {
ctx.diagnostics
.filter {
it.factory == Errors.
DEPRECATION
}.forEach {
ctx.reportIssue(
)
}
}
enum class
ENTRY1[MyEnum](""),
}

55
, ctx: Context) {
ctx.diagnostics
.filter {
DEPRECATION
}.forEach {
ctx.reportIssue(
)
}
}
enum class
ENTRY1[MyEnum](""),
}
Let’s ﬁx it

56
, ctx: Context) {
ctx.diagnostics
.filter {
DEPRECATION
}.forEach {
ctx.reportIssue(
adjust(it.psiElement),"Message"
)
}
}
enum class
ENTRY1(""),
}

sonar-kotlin 2.0 released (24.06.2021)
● Improved 42 existing rules
● 10 new rules
● Semantic
● Detekt, AndroidLint, Ktlint rules sets
57

Feedback

Expectations

Reality

Commented out code
check

64
import java.util.Random
import kotlin.random.Random as KotlinRandom
fun f(x: Long) {
val random = Random()
// val javaRandom = java.util.Random()
val kotlinRandom = kotlin.random. Random(0)
// Named import is used here
val kotlinRandom1 = KotlinRandom(1000L)
// x - parameter, no constraints
val kotlinRandomLong = kotlin.random. Random(x)
/*
val xx = 0L
val kotlinRandomLongZero = kotlin.random.Random(xx)
*/
}

65
import java.util.Random
import kotlin.random.Random as KotlinRandom
fun f(x: Long) {
val random = Random()
// val javaRandom = java.util.Random()
val kotlinRandom = kotlin.random. Random(0)
// Named import is used here
val kotlinRandom1 = KotlinRandom(1000L)
// x - parameter, no constraints
val kotlinRandomLong = kotlin.random. Random(x)
/*
val xx = 0L
val kotlinRandomLongZero = kotlin.random.Random(xx)
*/
}

Before 2.0

foreach { comment ->
when (comment.parse()) {
is Success -> reportIssue()
is Error -> doNothing()
}
}
Commented out code rule
67

// Hello World here
68
}
}

“World” could be an infix function
69
}
}
// Hello World here

After 2.0

when (comment.parseAndSemantic()) {
}
}
71

when (comment.parseAndSemantic()) {
}
}
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣾⣦⠀⢀⠀⠀
⠀⠀⠀⠀⠀⠀⢀⣤⣶⣶⣿⣿⣷⣶⣦⣄⠀⠀⠀⠀⠀⠀⢰⡟⠈⠁⣰⣿⡗⠀
⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣦⡀⠀⠀⠀⢸⡇⠀⢠⡟⠀⠀⠀
⠀⠀⠀⣰⣿⣿⣿⣿⠟⠋⣉⣉⣉⠙⠻⣿⣿⣿⣷⡀⠀⠀⢸⡇⠀⢸⠃⠀⠀⠀
⠀⠀⢀⣿⣿⣿⣿⡇⢠⣿⣿⣿⢿⣿⣆⠘⣿⣿⣿⣷⡀⠀⢸⣧⠀⢸⡇⠀⠀⠀
⠀⠀⢸⣿⣿⣿⣿⡇⠸⣿⣿⣿⠆⣿⣿⡄⢸⣿⣿⣿⣧⠀⣼⣿⣿⣿⣇⠀⠀⠀
⠀⠀⠀⣿⣿⣿⣿⣿⣦⣈⣉⣁⣴⣿⣿⠁⣼⣿⣿⣿⣿⠀⣿⣿⣿⣿⣿⠀⠀⠀
⠀⠀⠀⠸⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠃⣰⣿⣿⣿⣿⡿⠀⣿⣿⣿⣿⡿⠀⠀⠀
⠀⠀⠀⠀⠈⠻⠿⣿⣿⣿⠿⠟⠋⠀⠾⢿⣿⣿⠿⠟⢁⣼⣿⣿⣿⣿⡇⠀⠀⠀
⠀⠀⠀⠀⣀⣤⣤⣤⣤⣤⣤⣶⣿⣷⣦⣤⣤⣤⣴⣾⣿⣿⣿⣿⣿⡿⠀⠀⠀⠀
⠀⢀⣴⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠋⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
72

Problems
● Compiler bugs
● Code with mistakes
● Code not in Kotlin
● Semantic - VERY SLOW
73

0
Complaints

1
Complaint

1. Probably not a KDoc?
2. Heuristics: does it look like code?
- Keywords
- if(, for(, catch(, when(, apply{, …
- ++, ||, &&, +=, …
- Contains lambdas, var/val declarations, …
- camelCase, ends with } or {, …
3. Try to parse
78

What is the most
reported rule?

1. Collect potential refs
2. Group by importable name
3. Filter out referenced in KDocs
4. Filter out referenced in code
5. Filter out array access imports
6. Remaining imports are unused
Unnecessary Imports Rule
80

5. FIlter out array access imports
81
Companion
object

import pkg.MyClass
fun foo() {
val c = MyClass.MY_CONSTANT
}
82

import pkg.MyClass
fun foo() {
}
83
False positive!

relevantImports.filter {
it.importedFqName != refName && !(
refName.shortName().asString() == "Companion"
&& it.importedFqName == refName.parent()
)
}
import pkg.MyClass
fun foo() {
}
84
True negative

)
}
import pkg.MyClass
fun foo() {
}
85
True negative
Named
Companion
object

)
}
class MyClass {
companion object Named {
fun myFun(): String {}
}
}
86

import pkg.MyClass
fun foo() {
val c = MyClass.myFun()
}
False positive!
)
}
87

import pkg.MyClass
fun foo() {
}
True negative
refDescriptor.isCompanionObject()
)
}
88

import pkg.MyClass
fun foo() {
}
True negative
refDescriptor.isCompanionObject()
)
}
89
Unresolved
imports

import pkg.MyClass
fun foo() {
}
90

import pkg.MyClass
fun foo() {
}
91
pkg.MyClass not found

1. Filter out unresolved imports
import pkg.MyClass
fun foo() {
}
92
True negative

1. Filter out unresolved imports
import pkg.MyClass
fun foo() {
}
93
True negative
Delegates

import operators.getValue
class My (delegate: D) {
val p by delegate
}
94

val p by delegate
}
False positive!
95

if (noSemantic)
skip "getValue", "setValue", "provideDelegate"
else
val delegateRefs =
delegates.flatMap(::importableNames)
if (import in delegateRefs) skip
val p by delegate
}
False positive!
96

if (noSemantic)
skip "getValue", "setValue", "provideDelegate"
else
val delegateImports =
delegates.flatMap(::importableNames)
if (import in delegateImports) skip
val p by delegate
}
False positive!
97
Overloaded
operators

import operators.contains
import operators.invoke
class My (list: MyList) {
1 in list
2 !in list
list(0)
}
98

package operators
operator fun MyList.contains(i:
Int) = true
operator fun MyList.invoke(i:
Int) = this
99

1 in list
2 !in list
list(0)
}
100
False positive!

1 in list
2 !in list
list(0)
}
101
False positive!
val opRefs = map { operation ->
operation.getReferencedName()
}
imports.filter { import !in opRefs }

1 in list
2 !in list
list(0)
}
102
True negative!
val calls by lazy { collectAllCalls() }
imports.filter { import ->
import.simpleName == “invoke”
}.foreach { import ->
if ( import in calls) skip
}

1 in list
2 !in list
list(0)
}
103
True negative!
val calls by lazy { collectAllCalls() }
imports.filter { import ->
import.simpleName == “invoke”
}.foreach { import ->
if ( import in calls) skip
}
Java 16+

import java.nio.file.Files
import java.nio.file.Path
import java.nio.file.Paths
import kotlin.streams.toList
fun f(x: String): List<Path> {
return Files.list(x).toList()
}
104
False positive!

@SinceKotlin ("1.2")
public fun <T> Stream<T>.toList(): List<T> = ...
}
105
False positive!

@SinceKotlin ("1.2")
public fun <T> Stream<T>.toList(): List<T> = ...
// Since Java 16
public interface Stream<T> {
default List<T> toList() {...}
}
}
106
False positive!

}
107
False positive!

Achievements
● Improved precision
● 133 rules
● 18 releases
● Rules for regex, security, coroutines
● Rules for Kotlin Gradle DSL
● Up-to-date external linters’ mappings
● Fast community handling
109

Takeaways
● Sonar supports Kotlin
● Static analysis for Kotlin is fun
● Be active community member
● Rewrite if needed
110

Special
Thanks

Initial Kotlin squad
Evgeny
Mandrikov
Johann Beleits

Thank you

Questions?
@jMargaritaN

Static Kotlin bug hunting Devoxx Morocco.pdf

Recommended

Recommended

More Related Content

Similar to Static Kotlin bug hunting Devoxx Morocco.pdf

Similar to Static Kotlin bug hunting Devoxx Morocco.pdf (20)

Recently uploaded

Recently uploaded (20)

Static Kotlin bug hunting Devoxx Morocco.pdf