SlideShare une entreprise Scribd logo

FlawDetector - Rubykaigi2013 LT

G
ginriki

rubykaigi2013 の LTで発表した FlawDetectorの資料です。 https://github.com/ginriki/flaw_detector 補足: タイトル等のレイアウトは"RubyKaigi 2013 Team"から頂いたテンプレ(CCライセンス: (http://creativecommons.org/licenses/by-nc-sa/2.1/jp/)を使ってます。

Technologie
1  sur  17
Télécharger pour lire hors ligne
Rikiya Ayukawa / Software developer FlawDetector – finding ruby code’s flaw by static analysis
Agenda •  Self Introduction - 自己紹介 •  About FlawDetector – ソフト紹介 •  Implementation of FlawDetector – 実装 •  Future Work – 追加開発について
Self-­‐Introduc.on •  2009〜2013  Fujitsu  Limited.   –   developed  cloud  system    (using  Ruby)   •  2013                            Digital  Iden.ty  Inc.   –  develop  web  api for  smart  phone  app  (using  Ruby)     •  Rikiya  Ayukawa  (@twginriki)  –  hobbies   –  Thinking  and  Making  something  for  effec.ve  soOware   developing   –  Equity  investment  –  Thank  you  Abenomics!   3
About FlawDetector - It’s my hobby -
Have you ever seen “flaw” codes such as •  Determine if a variable is not nil or false twice. This confuses us a little. •  Typo a variable name. This will causes an exception. bar = nil begin … rescue puts ba # raise NoMethodError end def foo(bar) return unless bar … # no_assignemnt_bar if bar # <- redundant check … end end
FlawDetector is a tool that can (will) detect these “flaw” codes by static analysis def foo(bar) return unless bar … # no_assignemnt_bar if bar # <- redundant check … end end $ flaw_detector file.rb msgid,file,line,short_desc,long_desc,details RCN_REDUNDANT_FALSECHECK_OF_TRUE_VALUE,file.rb,4, … I will make the tool detect typo within this year.
You can try it: $ gem install flaw_detector $ flaw_detector <rb file> ※ It only works on ruby-1.9 . I will release next version for ruby 2.0 this weekend.
Cases to gems ・gem json (pull request #170) depth = state.depth -= 1 result << state.object_nl - result << state.indent * depth if indent if indent + result << state.indent * depth if indent result << '}' result ・gem diff-lcs (pull request #19) return 0 unless diffs - if (@format == :report) and diffs + if @format == :report output << "Files #{file_old} and #{file_new} differn" return 1 end I run FlawDetector for 15 OSS and found flaw code in 2 OSS. I sent pull requests and these were merged.
Implementation of FlawDetector
Just like FindBugs… FindBugs •  Is a static analysis tool of java bytecode •  Detects bugs with 400 bug patterns These patterns ideas are very useful Bug pattern list: http://findbugs.sourceforge.net/ bugDescriptions.html
FindBugs vs FlawDetector ・ ・ ・ 400 patterns only 3 patterns
FlawDetector works 1.  Compile rbfile to RubyVM bytecodes •  RubyVM::InstructionSequence.compile 2.  Construct code flow information as BasicBlock, CFG, Dominator tree. 3.  Calculate value of variables and regard a bytecode which raise error or is redundant as flaw
Technical references YARV (RubyVM) bytecode http://www.atdot.net/yarv/ FindBugs http://www.cs.nyu.edu/~lharris/papers/ findbugsPaper.pdf
Future Work
I will implement bug patterns close to FindBugs It requires below features: •  Support to detect “flaw” in block (such as each, map, collect, etc…) •  Static analysis for code pathes by using result of already tested another path by RSpec exmaple •  Type assertion with yard annotation (ex: @param varname [Type] …)
Need your help 協力者募集中! •  Issue Reporting •  Implementation •  Documentation •  …etc Twitter: @twginriki Github: ginriki

Recommandé

How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malwarezynamics GmbH
 
Swift, a quick overview
Swift, a quick overviewSwift, a quick overview
Swift, a quick overviewJulian Król
 
Introduction to mobile reversing
Introduction to mobile reversingIntroduction to mobile reversing
Introduction to mobile reversingjduart
 
Why Static Type Checking is Better
Why Static Type Checking is BetterWhy Static Type Checking is Better
Why Static Type Checking is BetterAndrew Rota
 
TypeScript: Angular's Secret Weapon
TypeScript: Angular's Secret WeaponTypeScript: Angular's Secret Weapon
TypeScript: Angular's Secret WeaponLaurent Duveau
 
New c sharp4_features_part_v
New c sharp4_features_part_vNew c sharp4_features_part_v
New c sharp4_features_part_vNico Ludwig
 
TypeScript for Java Developers
TypeScript for Java DevelopersTypeScript for Java Developers
TypeScript for Java DevelopersYakov Fain
 
Variables in Pharo5
Variables in Pharo5Variables in Pharo5
Variables in Pharo5Marcus Denker
 

Recommandé

How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malwarezynamics GmbH
 
Swift, a quick overview
Swift, a quick overviewSwift, a quick overview
Swift, a quick overviewJulian Król
 
Introduction to mobile reversing
Introduction to mobile reversingIntroduction to mobile reversing
Introduction to mobile reversingjduart
 
Why Static Type Checking is Better
Why Static Type Checking is BetterWhy Static Type Checking is Better
Why Static Type Checking is BetterAndrew Rota
 
TypeScript: Angular's Secret Weapon
TypeScript: Angular's Secret WeaponTypeScript: Angular's Secret Weapon
TypeScript: Angular's Secret WeaponLaurent Duveau
 
New c sharp4_features_part_v
New c sharp4_features_part_vNew c sharp4_features_part_v
New c sharp4_features_part_vNico Ludwig
 
TypeScript for Java Developers
TypeScript for Java DevelopersTypeScript for Java Developers
TypeScript for Java DevelopersYakov Fain
 
Variables in Pharo5
Variables in Pharo5Variables in Pharo5
Variables in Pharo5Marcus Denker
 
Objectivec vs swift
Objectivec vs swiftObjectivec vs swift
Objectivec vs swiftNisr Mohamed
 
C++ to java
C++ to javaC++ to java
C++ to javaAjmal Ak
 
CSharp 5 Async
CSharp 5 AsyncCSharp 5 Async
CSharp 5 AsyncValdis Iljuconoks
 
Reactive programming
Reactive programmingReactive programming
Reactive programmingBeauLiu
 
Program Verification / Automated Theorem Proving
Program Verification / Automated Theorem ProvingProgram Verification / Automated Theorem Proving
Program Verification / Automated Theorem Provinglokeshwer2
 
C++vs java
C++vs javaC++vs java
C++vs javaPradeep wolf king
 
A Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - ChromeinfotechA Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - ChromeinfotechChromeInfo Technologies
 
Effective c# part1
Effective c# part1Effective c# part1
Effective c# part1Yuriy Seniuk
 
C# 9 and 10 - What's cool?
C# 9 and 10 - What's cool?C# 9 and 10 - What's cool?
C# 9 and 10 - What's cool?Christian Nagel
 
TypeScript and Angular workshop
TypeScript and Angular workshopTypeScript and Angular workshop
TypeScript and Angular workshopJosé Manuel García García
 
Swift vs Objective-C
Swift vs Objective-CSwift vs Objective-C
Swift vs Objective-CMindfire Solutions
 
Introduction to TypeScript by Winston Levi
Introduction to TypeScript by Winston LeviIntroduction to TypeScript by Winston Levi
Introduction to TypeScript by Winston LeviWinston Levi
 
Angular directives and pipes
Angular directives and pipesAngular directives and pipes
Angular directives and pipesKnoldus Inc.
 
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVMITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVMIstanbul Tech Talks
 
java in Aartificial intelligent by virat andodariya
java in Aartificial intelligent by virat andodariyajava in Aartificial intelligent by virat andodariya
java in Aartificial intelligent by virat andodariyaviratandodariya
 
Migration Objective-C to Swift
Migration Objective-C to SwiftMigration Objective-C to Swift
Migration Objective-C to SwiftNattapon Nimakul
 
15 Minutes Null
15 Minutes Null15 Minutes Null
15 Minutes Nullandrei.pamula
 
TypeScript 101
TypeScript 101TypeScript 101
TypeScript 101rachelterman
 
Inline functions & macros
Inline functions & macrosInline functions & macros
Inline functions & macrosAnand Kumar
 
Acmar trucos de visual basic(2)
Acmar trucos de visual basic(2)Acmar trucos de visual basic(2)
Acmar trucos de visual basic(2)Ivan Ramirez Iglesias
 
Food & Nutrition in America
Food & Nutrition in AmericaFood & Nutrition in America
Food & Nutrition in AmericaJennifer Dowe
 
The 4 types of ENTREPRENEUR who will save our World
The 4 types of ENTREPRENEUR who will save our WorldThe 4 types of ENTREPRENEUR who will save our World
The 4 types of ENTREPRENEUR who will save our WorldStephanie Vilner
 

Contenu connexe

Tendances

Objectivec vs swift
Objectivec vs swiftObjectivec vs swift
Objectivec vs swiftNisr Mohamed
 
C++ to java
C++ to javaC++ to java
C++ to javaAjmal Ak
 
Reactive programming
Reactive programmingReactive programming
Reactive programmingBeauLiu
 
Program Verification / Automated Theorem Proving
Program Verification / Automated Theorem ProvingProgram Verification / Automated Theorem Proving
Program Verification / Automated Theorem Provinglokeshwer2
 
A Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - ChromeinfotechA Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - ChromeinfotechChromeInfo Technologies
 
Effective c# part1
Effective c# part1Effective c# part1
Effective c# part1Yuriy Seniuk
 
C# 9 and 10 - What's cool?
C# 9 and 10 - What's cool?C# 9 and 10 - What's cool?
C# 9 and 10 - What's cool?Christian Nagel
 
Introduction to TypeScript by Winston Levi
Introduction to TypeScript by Winston LeviIntroduction to TypeScript by Winston Levi
Introduction to TypeScript by Winston LeviWinston Levi
 
Angular directives and pipes
Angular directives and pipesAngular directives and pipes
Angular directives and pipesKnoldus Inc.
 
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVMITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVMIstanbul Tech Talks
 
java in Aartificial intelligent by virat andodariya
java in Aartificial intelligent by virat andodariyajava in Aartificial intelligent by virat andodariya
java in Aartificial intelligent by virat andodariyaviratandodariya
 
Migration Objective-C to Swift
Migration Objective-C to SwiftMigration Objective-C to Swift
Migration Objective-C to SwiftNattapon Nimakul
 
Inline functions & macros
Inline functions & macrosInline functions & macros
Inline functions & macrosAnand Kumar
 

Tendances (19)

Objectivec vs swift
Objectivec vs swiftObjectivec vs swift
Objectivec vs swift
 
C++ to java
C++ to javaC++ to java
C++ to java
 
CSharp 5 Async
CSharp 5 AsyncCSharp 5 Async
CSharp 5 Async
 
Reactive programming
Reactive programmingReactive programming
Reactive programming
 
Program Verification / Automated Theorem Proving
Program Verification / Automated Theorem ProvingProgram Verification / Automated Theorem Proving
Program Verification / Automated Theorem Proving
 
C++vs java
C++vs javaC++vs java
C++vs java
 
A Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - ChromeinfotechA Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - Chromeinfotech
 
Effective c# part1
Effective c# part1Effective c# part1
Effective c# part1
 
C# 9 and 10 - What's cool?
C# 9 and 10 - What's cool?C# 9 and 10 - What's cool?
C# 9 and 10 - What's cool?
 
TypeScript and Angular workshop
TypeScript and Angular workshopTypeScript and Angular workshop
TypeScript and Angular workshop
 
Swift vs Objective-C
Swift vs Objective-CSwift vs Objective-C
Swift vs Objective-C
 
Introduction to TypeScript by Winston Levi
Introduction to TypeScript by Winston LeviIntroduction to TypeScript by Winston Levi
Introduction to TypeScript by Winston Levi
 
Angular directives and pipes
Angular directives and pipesAngular directives and pipes
Angular directives and pipes
 
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVMITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
 
java in Aartificial intelligent by virat andodariya
java in Aartificial intelligent by virat andodariyajava in Aartificial intelligent by virat andodariya
java in Aartificial intelligent by virat andodariya
 
Migration Objective-C to Swift
Migration Objective-C to SwiftMigration Objective-C to Swift
Migration Objective-C to Swift
 
15 Minutes Null
15 Minutes Null15 Minutes Null
15 Minutes Null
 
TypeScript 101
TypeScript 101TypeScript 101
TypeScript 101
 
Inline functions & macros
Inline functions & macrosInline functions & macros
Inline functions & macros
 

En vedette

Food & Nutrition in America
Food & Nutrition in AmericaFood & Nutrition in America
Food & Nutrition in AmericaJennifer Dowe
 
The 4 types of ENTREPRENEUR who will save our World
The 4 types of ENTREPRENEUR who will save our WorldThe 4 types of ENTREPRENEUR who will save our World
The 4 types of ENTREPRENEUR who will save our WorldStephanie Vilner
 
2. szkolenie biznesowe
2. szkolenie biznesowe2. szkolenie biznesowe
2. szkolenie biznesowefabianbystry
 
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]Stephanie Vilner
 

En vedette (7)

Acmar trucos de visual basic(2)
Acmar trucos de visual basic(2)Acmar trucos de visual basic(2)
Acmar trucos de visual basic(2)
 
Food & Nutrition in America
Food & Nutrition in AmericaFood & Nutrition in America
Food & Nutrition in America
 
The 4 types of ENTREPRENEUR who will save our World
The 4 types of ENTREPRENEUR who will save our WorldThe 4 types of ENTREPRENEUR who will save our World
The 4 types of ENTREPRENEUR who will save our World
 
Natal plum
Natal plumNatal plum
Natal plum
 
2. szkolenie biznesowe
2. szkolenie biznesowe2. szkolenie biznesowe
2. szkolenie biznesowe
 
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]
 
Pagbabagong Morpoponemiko
Pagbabagong MorpoponemikoPagbabagong Morpoponemiko
Pagbabagong Morpoponemiko
 

Similaire à FlawDetector - Rubykaigi2013 LT

Here Be Dragons – Advanced JavaScript Debugging
Here Be Dragons – Advanced JavaScript DebuggingHere Be Dragons – Advanced JavaScript Debugging
Here Be Dragons – Advanced JavaScript DebuggingFITC
 
FITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript DebuggingFITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript DebuggingRami Sayar
 
Web a Quebec - JS Debugging
Web a Quebec - JS DebuggingWeb a Quebec - JS Debugging
Web a Quebec - JS DebuggingRami Sayar
 
Codemotion 2013 - Designing complex applications using html5 and knockoutjs
Codemotion 2013 - Designing complex applications using html5 and knockoutjsCodemotion 2013 - Designing complex applications using html5 and knockoutjs
Codemotion 2013 - Designing complex applications using html5 and knockoutjsFabio Franzini
 
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...Malin Weiss
 
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...Speedment, Inc.
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality ToolsAnju ML
 
Building static libraries for iOS with CocoaPods
Building static libraries for iOS with CocoaPodsBuilding static libraries for iOS with CocoaPods
Building static libraries for iOS with CocoaPodsSigmapoint
 
“One man” development process model
“One man” development process model“One man” development process model
“One man” development process modelSilicon Straits
 
Rspec and Capybara Intro Tutorial at RailsConf 2013
Rspec and Capybara Intro Tutorial at RailsConf 2013Rspec and Capybara Intro Tutorial at RailsConf 2013
Rspec and Capybara Intro Tutorial at RailsConf 2013Brian Sam-Bodden
 
Philip Shurpik "Architecting React Native app"
Philip Shurpik "Architecting React Native app"Philip Shurpik "Architecting React Native app"
Philip Shurpik "Architecting React Native app"Fwdays
 
Introducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsIntroducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsShafiul Azam Chowdhury
 
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage FuzzerThe Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage FuzzerJoxean Koret
 
Presentation 3 software developer in rfid
Presentation 3 software developer in rfidPresentation 3 software developer in rfid
Presentation 3 software developer in rfidMouhanad Alkhaldi
 
High Productivity Web Development Workflow
High Productivity Web Development WorkflowHigh Productivity Web Development Workflow
High Productivity Web Development WorkflowVũ Nguyễn
 
High productivity web development workflow - JavaScript Meetup Saigon 2014
High productivity web development workflow - JavaScript Meetup Saigon 2014High productivity web development workflow - JavaScript Meetup Saigon 2014
High productivity web development workflow - JavaScript Meetup Saigon 2014Oliver N
 
Philly CocoaHeads 20160414 - Building Your App SDK With Swift
Philly CocoaHeads 20160414 - Building Your App SDK With SwiftPhilly CocoaHeads 20160414 - Building Your App SDK With Swift
Philly CocoaHeads 20160414 - Building Your App SDK With SwiftJordan Yaker
 
12 Step Guide to Lotuscript
12 Step Guide to Lotuscript12 Step Guide to Lotuscript
12 Step Guide to LotuscriptBill Buchan
 
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...Maarten Balliauw
 

Similaire à FlawDetector - Rubykaigi2013 LT (20)

Here Be Dragons – Advanced JavaScript Debugging
Here Be Dragons – Advanced JavaScript DebuggingHere Be Dragons – Advanced JavaScript Debugging
Here Be Dragons – Advanced JavaScript Debugging
 
FITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript DebuggingFITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript Debugging
 
Web a Quebec - JS Debugging
Web a Quebec - JS DebuggingWeb a Quebec - JS Debugging
Web a Quebec - JS Debugging
 
Codemotion 2013 - Designing complex applications using html5 and knockoutjs
Codemotion 2013 - Designing complex applications using html5 and knockoutjsCodemotion 2013 - Designing complex applications using html5 and knockoutjs
Codemotion 2013 - Designing complex applications using html5 and knockoutjs
 
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...
 
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
 
Building static libraries for iOS with CocoaPods
Building static libraries for iOS with CocoaPodsBuilding static libraries for iOS with CocoaPods
Building static libraries for iOS with CocoaPods
 
“One man” development process model
“One man” development process model“One man” development process model
“One man” development process model
 
Angular js
Angular jsAngular js
Angular js
 
Rspec and Capybara Intro Tutorial at RailsConf 2013
Rspec and Capybara Intro Tutorial at RailsConf 2013Rspec and Capybara Intro Tutorial at RailsConf 2013
Rspec and Capybara Intro Tutorial at RailsConf 2013
 
Philip Shurpik "Architecting React Native app"
Philip Shurpik "Architecting React Native app"Philip Shurpik "Architecting React Native app"
Philip Shurpik "Architecting React Native app"
 
Introducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsIntroducing systems analysis, design & development Concepts
Introducing systems analysis, design & development Concepts
 
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage FuzzerThe Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
 
Presentation 3 software developer in rfid
Presentation 3 software developer in rfidPresentation 3 software developer in rfid
Presentation 3 software developer in rfid
 
High Productivity Web Development Workflow
High Productivity Web Development WorkflowHigh Productivity Web Development Workflow
High Productivity Web Development Workflow
 
High productivity web development workflow - JavaScript Meetup Saigon 2014
High productivity web development workflow - JavaScript Meetup Saigon 2014High productivity web development workflow - JavaScript Meetup Saigon 2014
High productivity web development workflow - JavaScript Meetup Saigon 2014
 
Philly CocoaHeads 20160414 - Building Your App SDK With Swift
Philly CocoaHeads 20160414 - Building Your App SDK With SwiftPhilly CocoaHeads 20160414 - Building Your App SDK With Swift
Philly CocoaHeads 20160414 - Building Your App SDK With Swift
 
12 Step Guide to Lotuscript
12 Step Guide to Lotuscript12 Step Guide to Lotuscript
12 Step Guide to Lotuscript
 
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
 

Dernier

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 

Dernier (20)

Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 

FlawDetector - Rubykaigi2013 LT

  • 1. Rikiya Ayukawa / Software developer FlawDetector – finding ruby code’s flaw by static analysis
  • 2. Agenda •  Self Introduction - 自己紹介 •  About FlawDetector – ソフト紹介 •  Implementation of FlawDetector – 実装 •  Future Work – 追加開発について
  • 3. Self-­‐Introduc.on •  2009〜2013  Fujitsu  Limited.   –   developed  cloud  system    (using  Ruby)   •  2013                            Digital  Iden.ty  Inc.   –  develop  web  api for  smart  phone  app  (using  Ruby)     •  Rikiya  Ayukawa  (@twginriki)  –  hobbies   –  Thinking  and  Making  something  for  effec.ve  soOware   developing   –  Equity  investment  –  Thank  you  Abenomics!   3
  • 4.
  • 6. Have you ever seen “flaw” codes such as •  Determine if a variable is not nil or false twice. This confuses us a little. •  Typo a variable name. This will causes an exception. bar = nil begin … rescue puts ba # raise NoMethodError end def foo(bar) return unless bar … # no_assignemnt_bar if bar # <- redundant check … end end
  • 7. FlawDetector is a tool that can (will) detect these “flaw” codes by static analysis def foo(bar) return unless bar … # no_assignemnt_bar if bar # <- redundant check … end end $ flaw_detector file.rb msgid,file,line,short_desc,long_desc,details RCN_REDUNDANT_FALSECHECK_OF_TRUE_VALUE,file.rb,4, … I will make the tool detect typo within this year.
  • 8. You can try it: $ gem install flaw_detector $ flaw_detector <rb file> ※ It only works on ruby-1.9 . I will release next version for ruby 2.0 this weekend.
  • 9. Cases to gems ・gem json (pull request #170) depth = state.depth -= 1 result << state.object_nl - result << state.indent * depth if indent if indent + result << state.indent * depth if indent result << '}' result ・gem diff-lcs (pull request #19) return 0 unless diffs - if (@format == :report) and diffs + if @format == :report output << "Files #{file_old} and #{file_new} differn" return 1 end I run FlawDetector for 15 OSS and found flaw code in 2 OSS. I sent pull requests and these were merged.
  • 11. Just like FindBugs… FindBugs •  Is a static analysis tool of java bytecode •  Detects bugs with 400 bug patterns These patterns ideas are very useful Bug pattern list: http://findbugs.sourceforge.net/ bugDescriptions.html
  • 13. FlawDetector works 1.  Compile rbfile to RubyVM bytecodes •  RubyVM::InstructionSequence.compile 2.  Construct code flow information as BasicBlock, CFG, Dominator tree. 3.  Calculate value of variables and regard a bytecode which raise error or is redundant as flaw
  • 16. I will implement bug patterns close to FindBugs It requires below features: •  Support to detect “flaw” in block (such as each, map, collect, etc…) •  Static analysis for code pathes by using result of already tested another path by RSpec exmaple •  Type assertion with yard annotation (ex: @param varname [Type] …)
  • 17. Need your help 協力者募集中! •  Issue Reporting •  Implementation •  Documentation •  …etc Twitter: @twginriki Github: ginriki

Notes de l'éditeur

  1. Contact me をどっかに入れる。
  2. I worked for
  3. FlawDetector…