SlideShare una empresa de Scribd logo

FlawDetector - Rubykaigi2013 LT

G
ginriki

rubykaigi2013 の LTで発表した FlawDetectorの資料です。 https://github.com/ginriki/flaw_detector 補足: タイトル等のレイアウトは"RubyKaigi 2013 Team"から頂いたテンプレ(CCライセンス: (http://creativecommons.org/licenses/by-nc-sa/2.1/jp/)を使ってます。

Tecnología
1 de 17
Descargar para leer sin conexión
Rikiya Ayukawa / Software developer FlawDetector – finding ruby code’s flaw by static analysis
Agenda •  Self Introduction - 自己紹介 •  About FlawDetector – ソフト紹介 •  Implementation of FlawDetector – 実装 •  Future Work – 追加開発について
Self-­‐Introduc.on •  2009〜2013  Fujitsu  Limited.   –   developed  cloud  system    (using  Ruby)   •  2013                            Digital  Iden.ty  Inc.   –  develop  web  api for  smart  phone  app  (using  Ruby)     •  Rikiya  Ayukawa  (@twginriki)  –  hobbies   –  Thinking  and  Making  something  for  effec.ve  soOware   developing   –  Equity  investment  –  Thank  you  Abenomics!   3
About FlawDetector - It’s my hobby -
Have you ever seen “flaw” codes such as •  Determine if a variable is not nil or false twice. This confuses us a little. •  Typo a variable name. This will causes an exception. bar = nil begin … rescue puts ba # raise NoMethodError end def foo(bar) return unless bar … # no_assignemnt_bar if bar # <- redundant check … end end
FlawDetector is a tool that can (will) detect these “flaw” codes by static analysis def foo(bar) return unless bar … # no_assignemnt_bar if bar # <- redundant check … end end $ flaw_detector file.rb msgid,file,line,short_desc,long_desc,details RCN_REDUNDANT_FALSECHECK_OF_TRUE_VALUE,file.rb,4, … I will make the tool detect typo within this year.
You can try it: $ gem install flaw_detector $ flaw_detector <rb file> ※ It only works on ruby-1.9 . I will release next version for ruby 2.0 this weekend.
Cases to gems ・gem json (pull request #170) depth = state.depth -= 1 result << state.object_nl - result << state.indent * depth if indent if indent + result << state.indent * depth if indent result << '}' result ・gem diff-lcs (pull request #19) return 0 unless diffs - if (@format == :report) and diffs + if @format == :report output << "Files #{file_old} and #{file_new} differn" return 1 end I run FlawDetector for 15 OSS and found flaw code in 2 OSS. I sent pull requests and these were merged.
Implementation of FlawDetector
Just like FindBugs… FindBugs •  Is a static analysis tool of java bytecode •  Detects bugs with 400 bug patterns These patterns ideas are very useful Bug pattern list: http://findbugs.sourceforge.net/ bugDescriptions.html
FindBugs vs FlawDetector ・ ・ ・ 400 patterns only 3 patterns
FlawDetector works 1.  Compile rbfile to RubyVM bytecodes •  RubyVM::InstructionSequence.compile 2.  Construct code flow information as BasicBlock, CFG, Dominator tree. 3.  Calculate value of variables and regard a bytecode which raise error or is redundant as flaw
Technical references YARV (RubyVM) bytecode http://www.atdot.net/yarv/ FindBugs http://www.cs.nyu.edu/~lharris/papers/ findbugsPaper.pdf
Future Work
I will implement bug patterns close to FindBugs It requires below features: •  Support to detect “flaw” in block (such as each, map, collect, etc…) •  Static analysis for code pathes by using result of already tested another path by RSpec exmaple •  Type assertion with yard annotation (ex: @param varname [Type] …)
Need your help 協力者募集中! •  Issue Reporting •  Implementation •  Documentation •  …etc Twitter: @twginriki Github: ginriki

Recomendados

How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malware
zynamics GmbH
 
Swift, a quick overview
Swift, a quick overviewSwift, a quick overview
Swift, a quick overview
Julian Król
 
Introduction to mobile reversing
Introduction to mobile reversingIntroduction to mobile reversing
Introduction to mobile reversing
jduart
 
Why Static Type Checking is Better
Why Static Type Checking is BetterWhy Static Type Checking is Better
Why Static Type Checking is Better
Andrew Rota
 
TypeScript: Angular's Secret Weapon
TypeScript: Angular's Secret WeaponTypeScript: Angular's Secret Weapon
TypeScript: Angular's Secret Weapon
Laurent Duveau
 
New c sharp4_features_part_v
New c sharp4_features_part_vNew c sharp4_features_part_v
New c sharp4_features_part_v
Nico Ludwig
 
TypeScript for Java Developers
TypeScript for Java DevelopersTypeScript for Java Developers
TypeScript for Java Developers
Yakov Fain
 
Variables in Pharo5
Variables in Pharo5Variables in Pharo5
Variables in Pharo5
Marcus Denker
 

Recomendados

How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malware
zynamics GmbH
 
Swift, a quick overview
Swift, a quick overviewSwift, a quick overview
Swift, a quick overview
Julian Król
 
Introduction to mobile reversing
Introduction to mobile reversingIntroduction to mobile reversing
Introduction to mobile reversing
jduart
 
Why Static Type Checking is Better
Why Static Type Checking is BetterWhy Static Type Checking is Better
Why Static Type Checking is Better
Andrew Rota
 
TypeScript: Angular's Secret Weapon
TypeScript: Angular's Secret WeaponTypeScript: Angular's Secret Weapon
TypeScript: Angular's Secret Weapon
Laurent Duveau
 
New c sharp4_features_part_v
New c sharp4_features_part_vNew c sharp4_features_part_v
New c sharp4_features_part_v
Nico Ludwig
 
TypeScript for Java Developers
TypeScript for Java DevelopersTypeScript for Java Developers
TypeScript for Java Developers
Yakov Fain
 
Variables in Pharo5
Variables in Pharo5Variables in Pharo5
Variables in Pharo5
Marcus Denker
 
Objectivec vs swift
Objectivec vs swiftObjectivec vs swift
Objectivec vs swift
Nisr Mohamed
 
C++ to java
C++ to javaC++ to java
C++ to java
Ajmal Ak
 
CSharp 5 Async
CSharp 5 AsyncCSharp 5 Async
CSharp 5 Async
Valdis Iljuconoks
 
Reactive programming
Reactive programmingReactive programming
Reactive programming
BeauLiu
 
Program Verification / Automated Theorem Proving
Program Verification / Automated Theorem ProvingProgram Verification / Automated Theorem Proving
Program Verification / Automated Theorem Proving
lokeshwer2
 
C++vs java
C++vs javaC++vs java
C++vs java
Pradeep wolf king
 
A Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - ChromeinfotechA Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - Chromeinfotech
ChromeInfo Technologies
 
Effective c# part1
Effective c# part1Effective c# part1
Effective c# part1
Yuriy Seniuk
 
C# 9 and 10 - What's cool?
C# 9 and 10 - What's cool?C# 9 and 10 - What's cool?
C# 9 and 10 - What's cool?
Christian Nagel
 
TypeScript and Angular workshop
TypeScript and Angular workshopTypeScript and Angular workshop
TypeScript and Angular workshop
José Manuel García García
 
Swift vs Objective-C
Swift vs Objective-CSwift vs Objective-C
Swift vs Objective-C
Mindfire Solutions
 
Introduction to TypeScript by Winston Levi
Introduction to TypeScript by Winston LeviIntroduction to TypeScript by Winston Levi
Introduction to TypeScript by Winston Levi
Winston Levi
 
Angular directives and pipes
Angular directives and pipesAngular directives and pipes
Angular directives and pipes
Knoldus Inc.
 
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVMITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
Istanbul Tech Talks
 
java in Aartificial intelligent by virat andodariya
java in Aartificial intelligent by virat andodariyajava in Aartificial intelligent by virat andodariya
java in Aartificial intelligent by virat andodariya
viratandodariya
 
Migration Objective-C to Swift
Migration Objective-C to SwiftMigration Objective-C to Swift
Migration Objective-C to Swift
Nattapon Nimakul
 
15 Minutes Null
15 Minutes Null15 Minutes Null
15 Minutes Null
andrei.pamula
 
TypeScript 101
TypeScript 101TypeScript 101
TypeScript 101
rachelterman
 
Inline functions & macros
Inline functions & macrosInline functions & macros
Inline functions & macros
Anand Kumar
 
Acmar trucos de visual basic(2)
Acmar trucos de visual basic(2)Acmar trucos de visual basic(2)
Acmar trucos de visual basic(2)
Ivan Ramirez Iglesias
 
Food & Nutrition in America
Food & Nutrition in AmericaFood & Nutrition in America
Food & Nutrition in America
Jennifer Dowe
 
The 4 types of ENTREPRENEUR who will save our World
The 4 types of ENTREPRENEUR who will save our WorldThe 4 types of ENTREPRENEUR who will save our World
The 4 types of ENTREPRENEUR who will save our World
Stephanie Vilner
 

Más contenido relacionado

La actualidad más candente

Objectivec vs swift
Objectivec vs swiftObjectivec vs swift
Objectivec vs swift
Nisr Mohamed
 
Reactive programming
Reactive programmingReactive programming
Reactive programming
BeauLiu
 
A Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - ChromeinfotechA Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - Chromeinfotech
ChromeInfo Technologies
 

La actualidad más candente (19)

Objectivec vs swift
Objectivec vs swiftObjectivec vs swift
Objectivec vs swift
 
C++ to java
C++ to javaC++ to java
C++ to java
 
CSharp 5 Async
CSharp 5 AsyncCSharp 5 Async
CSharp 5 Async
 
Reactive programming
Reactive programmingReactive programming
Reactive programming
 
Program Verification / Automated Theorem Proving
Program Verification / Automated Theorem ProvingProgram Verification / Automated Theorem Proving
Program Verification / Automated Theorem Proving
 
C++vs java
C++vs javaC++vs java
C++vs java
 
A Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - ChromeinfotechA Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - Chromeinfotech
 
Effective c# part1
Effective c# part1Effective c# part1
Effective c# part1
 
C# 9 and 10 - What's cool?
C# 9 and 10 - What's cool?C# 9 and 10 - What's cool?
C# 9 and 10 - What's cool?
 
TypeScript and Angular workshop
TypeScript and Angular workshopTypeScript and Angular workshop
TypeScript and Angular workshop
 
Swift vs Objective-C
Swift vs Objective-CSwift vs Objective-C
Swift vs Objective-C
 
Introduction to TypeScript by Winston Levi
Introduction to TypeScript by Winston LeviIntroduction to TypeScript by Winston Levi
Introduction to TypeScript by Winston Levi
 
Angular directives and pipes
Angular directives and pipesAngular directives and pipes
Angular directives and pipes
 
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVMITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
 
java in Aartificial intelligent by virat andodariya
java in Aartificial intelligent by virat andodariyajava in Aartificial intelligent by virat andodariya
java in Aartificial intelligent by virat andodariya
 
Migration Objective-C to Swift
Migration Objective-C to SwiftMigration Objective-C to Swift
Migration Objective-C to Swift
 
15 Minutes Null
15 Minutes Null15 Minutes Null
15 Minutes Null
 
TypeScript 101
TypeScript 101TypeScript 101
TypeScript 101
 
Inline functions & macros
Inline functions & macrosInline functions & macros
Inline functions & macros
 

Destacado

2. szkolenie biznesowe
2. szkolenie biznesowe2. szkolenie biznesowe
2. szkolenie biznesowe
fabianbystry
 
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]
Stephanie Vilner
 

Destacado (7)

Acmar trucos de visual basic(2)
Acmar trucos de visual basic(2)Acmar trucos de visual basic(2)
Acmar trucos de visual basic(2)
 
Food & Nutrition in America
Food & Nutrition in AmericaFood & Nutrition in America
Food & Nutrition in America
 
The 4 types of ENTREPRENEUR who will save our World
The 4 types of ENTREPRENEUR who will save our WorldThe 4 types of ENTREPRENEUR who will save our World
The 4 types of ENTREPRENEUR who will save our World
 
Natal plum
Natal plumNatal plum
Natal plum
 
2. szkolenie biznesowe
2. szkolenie biznesowe2. szkolenie biznesowe
2. szkolenie biznesowe
 
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]
 
Pagbabagong Morpoponemiko
Pagbabagong MorpoponemikoPagbabagong Morpoponemiko
Pagbabagong Morpoponemiko
 

Similar a FlawDetector - Rubykaigi2013 LT

Here Be Dragons – Advanced JavaScript Debugging
Here Be Dragons – Advanced JavaScript DebuggingHere Be Dragons – Advanced JavaScript Debugging
Here Be Dragons – Advanced JavaScript Debugging
FITC
 
FITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript DebuggingFITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript Debugging
Rami Sayar
 
Codemotion 2013 - Designing complex applications using html5 and knockoutjs
Codemotion 2013 - Designing complex applications using html5 and knockoutjsCodemotion 2013 - Designing complex applications using html5 and knockoutjs
Codemotion 2013 - Designing complex applications using html5 and knockoutjs
Fabio Franzini
 
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...
Malin Weiss
 
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...
Speedment, Inc.
 
Philip Shurpik "Architecting React Native app"
Philip Shurpik "Architecting React Native app"Philip Shurpik "Architecting React Native app"
Philip Shurpik "Architecting React Native app"
Fwdays
 

Similar a FlawDetector - Rubykaigi2013 LT (20)

Here Be Dragons – Advanced JavaScript Debugging
Here Be Dragons – Advanced JavaScript DebuggingHere Be Dragons – Advanced JavaScript Debugging
Here Be Dragons – Advanced JavaScript Debugging
 
FITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript DebuggingFITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript Debugging
 
Web a Quebec - JS Debugging
Web a Quebec - JS DebuggingWeb a Quebec - JS Debugging
Web a Quebec - JS Debugging
 
Codemotion 2013 - Designing complex applications using html5 and knockoutjs
Codemotion 2013 - Designing complex applications using html5 and knockoutjsCodemotion 2013 - Designing complex applications using html5 and knockoutjs
Codemotion 2013 - Designing complex applications using html5 and knockoutjs
 
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...
 
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
 
Building static libraries for iOS with CocoaPods
Building static libraries for iOS with CocoaPodsBuilding static libraries for iOS with CocoaPods
Building static libraries for iOS with CocoaPods
 
“One man” development process model
“One man” development process model“One man” development process model
“One man” development process model
 
Angular js
Angular jsAngular js
Angular js
 
Rspec and Capybara Intro Tutorial at RailsConf 2013
Rspec and Capybara Intro Tutorial at RailsConf 2013Rspec and Capybara Intro Tutorial at RailsConf 2013
Rspec and Capybara Intro Tutorial at RailsConf 2013
 
Philip Shurpik "Architecting React Native app"
Philip Shurpik "Architecting React Native app"Philip Shurpik "Architecting React Native app"
Philip Shurpik "Architecting React Native app"
 
Introducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsIntroducing systems analysis, design & development Concepts
Introducing systems analysis, design & development Concepts
 
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage FuzzerThe Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
 
Presentation 3 software developer in rfid
Presentation 3 software developer in rfidPresentation 3 software developer in rfid
Presentation 3 software developer in rfid
 
High Productivity Web Development Workflow
High Productivity Web Development WorkflowHigh Productivity Web Development Workflow
High Productivity Web Development Workflow
 
High productivity web development workflow - JavaScript Meetup Saigon 2014
High productivity web development workflow - JavaScript Meetup Saigon 2014High productivity web development workflow - JavaScript Meetup Saigon 2014
High productivity web development workflow - JavaScript Meetup Saigon 2014
 
Philly CocoaHeads 20160414 - Building Your App SDK With Swift
Philly CocoaHeads 20160414 - Building Your App SDK With SwiftPhilly CocoaHeads 20160414 - Building Your App SDK With Swift
Philly CocoaHeads 20160414 - Building Your App SDK With Swift
 
12 Step Guide to Lotuscript
12 Step Guide to Lotuscript12 Step Guide to Lotuscript
12 Step Guide to Lotuscript
 
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
 

Último

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Último (20)

Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 

FlawDetector - Rubykaigi2013 LT

  • 1. Rikiya Ayukawa / Software developer FlawDetector – finding ruby code’s flaw by static analysis
  • 2. Agenda •  Self Introduction - 自己紹介 •  About FlawDetector – ソフト紹介 •  Implementation of FlawDetector – 実装 •  Future Work – 追加開発について
  • 3. Self-­‐Introduc.on •  2009〜2013  Fujitsu  Limited.   –   developed  cloud  system    (using  Ruby)   •  2013                            Digital  Iden.ty  Inc.   –  develop  web  api for  smart  phone  app  (using  Ruby)     •  Rikiya  Ayukawa  (@twginriki)  –  hobbies   –  Thinking  and  Making  something  for  effec.ve  soOware   developing   –  Equity  investment  –  Thank  you  Abenomics!   3
  • 4.
  • 6. Have you ever seen “flaw” codes such as •  Determine if a variable is not nil or false twice. This confuses us a little. •  Typo a variable name. This will causes an exception. bar = nil begin … rescue puts ba # raise NoMethodError end def foo(bar) return unless bar … # no_assignemnt_bar if bar # <- redundant check … end end
  • 7. FlawDetector is a tool that can (will) detect these “flaw” codes by static analysis def foo(bar) return unless bar … # no_assignemnt_bar if bar # <- redundant check … end end $ flaw_detector file.rb msgid,file,line,short_desc,long_desc,details RCN_REDUNDANT_FALSECHECK_OF_TRUE_VALUE,file.rb,4, … I will make the tool detect typo within this year.
  • 8. You can try it: $ gem install flaw_detector $ flaw_detector <rb file> ※ It only works on ruby-1.9 . I will release next version for ruby 2.0 this weekend.
  • 9. Cases to gems ・gem json (pull request #170) depth = state.depth -= 1 result << state.object_nl - result << state.indent * depth if indent if indent + result << state.indent * depth if indent result << '}' result ・gem diff-lcs (pull request #19) return 0 unless diffs - if (@format == :report) and diffs + if @format == :report output << "Files #{file_old} and #{file_new} differn" return 1 end I run FlawDetector for 15 OSS and found flaw code in 2 OSS. I sent pull requests and these were merged.
  • 11. Just like FindBugs… FindBugs •  Is a static analysis tool of java bytecode •  Detects bugs with 400 bug patterns These patterns ideas are very useful Bug pattern list: http://findbugs.sourceforge.net/ bugDescriptions.html
  • 13. FlawDetector works 1.  Compile rbfile to RubyVM bytecodes •  RubyVM::InstructionSequence.compile 2.  Construct code flow information as BasicBlock, CFG, Dominator tree. 3.  Calculate value of variables and regard a bytecode which raise error or is redundant as flaw
  • 16. I will implement bug patterns close to FindBugs It requires below features: •  Support to detect “flaw” in block (such as each, map, collect, etc…) •  Static analysis for code pathes by using result of already tested another path by RSpec exmaple •  Type assertion with yard annotation (ex: @param varname [Type] …)
  • 17. Need your help 協力者募集中! •  Issue Reporting •  Implementation •  Documentation •  …etc Twitter: @twginriki Github: ginriki

Notas del editor

  1. Contact me をどっかに入れる。
  2. I worked for
  3. FlawDetector…