FlawDetector - Rubykaigi2013 LT

457 views

Published on

rubykaigi2013 の LTで発表した FlawDetectorの資料です。

https://github.com/ginriki/flaw_detector

補足:
タイトル等のレイアウトは"RubyKaigi 2013 Team"から頂いたテンプレ(CCライセンス: (http://creativecommons.org/licenses/by-nc-sa/2.1/jp/)を使ってます。

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
457
On SlideShare
0
From Embeds
0
Number of Embeds
30
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Contact me をどっかに入れる。
  • I worked for
  • FlawDetector…
  • FlawDetector - Rubykaigi2013 LT

    1. 1. Rikiya Ayukawa / Software developerFlawDetector – finding ruby code’s flaw by static analysis
    2. 2. Agenda•  Self Introduction - 自己紹介•  About FlawDetector – ソフト紹介•  Implementation of FlawDetector– 実装•  Future Work – 追加開発について
    3. 3. Self-­‐Introduc.on •  2009〜2013  Fujitsu  Limited.  –   developed  cloud  system    (using  Ruby)  •  2013                            Digital  Iden.ty  Inc.  –  develop  web  api for  smart  phone  app  (using  Ruby)    •  Rikiya  Ayukawa  (@twginriki)  –  hobbies  –  Thinking  and  Making  something  for  effec.ve  soOware  developing  –  Equity  investment  –  Thank  you  Abenomics!  3
    4. 4. AboutFlawDetector- It’s my hobby -
    5. 5. Have you ever seen“flaw” codes such as•  Determine if a variable is not nil orfalse twice. This confuses us a little.•  Typo a variable name. This will causesan exception.bar = nilbegin…rescueputs ba # raise NoMethodErrorenddef foo(bar)return unless bar… # no_assignemnt_barif bar # <- redundant check…endend
    6. 6. FlawDetector is a tool that can (will) detectthese “flaw” codes by static analysisdef foo(bar)return unless bar… # no_assignemnt_barif bar # <- redundant check…endend$ flaw_detector file.rbmsgid,file,line,short_desc,long_desc,detailsRCN_REDUNDANT_FALSECHECK_OF_TRUE_VALUE,file.rb,4, …I will make the tool detect typowithin this year.
    7. 7. You can try it:$ gem install flaw_detector$ flaw_detector <rb file>※ It only works on ruby-1.9 .I will release next version for ruby 2.0this weekend.
    8. 8. Cases to gems・gem json (pull request #170) depth = state.depth -= 1 result << state.object_nl - result << state.indent * depth if indent if indent + result << state.indent * depth if indent result << } result ・gem diff-lcs (pull request #19) return 0 unless diffs - if (@format == :report) and diffs + if @format == :report output << "Files #{file_old} and #{file_new} differn" return 1 end I run FlawDetector for 15 OSS and found flaw codein 2 OSS. I sent pull requests and these were merged.
    9. 9. ImplementationofFlawDetector
    10. 10. Just likeFindBugs…FindBugs•  Is a static analysis tool of javabytecode•  Detects bugs with 400 bug patternsThese patterns ideas are very usefulBug pattern list:http://findbugs.sourceforge.net/bugDescriptions.html
    11. 11. FindBugsvs FlawDetector・・・400 patternsonly 3 patterns
    12. 12. FlawDetectorworks1.  Compile rbfile to RubyVM bytecodes•  RubyVM::InstructionSequence.compile2.  Construct code flow information asBasicBlock, CFG, Dominator tree.3.  Calculate value of variables andregard a bytecode which raise erroror is redundant as flaw
    13. 13. TechnicalreferencesYARV (RubyVM) bytecodehttp://www.atdot.net/yarv/FindBugshttp://www.cs.nyu.edu/~lharris/papers/findbugsPaper.pdf
    14. 14. Future Work
    15. 15. I will implement bug patterns closeto FindBugsIt requires below features:•  Support to detect “flaw” in block (such aseach, map, collect, etc…)•  Static analysis for code pathes by usingresult of already tested another path byRSpec exmaple•  Type assertion with yard annotation(ex: @param varname [Type] …)
    16. 16. Need your help協力者募集中!•  Issue Reporting•  Implementation•  Documentation•  …etcTwitter: @twginrikiGithub: ginriki

    ×