SlideShare uma empresa Scribd logo

FlawDetector - Rubykaigi2013 LT

G
ginriki

rubykaigi2013 の LTで発表した FlawDetectorの資料です。 https://github.com/ginriki/flaw_detector 補足: タイトル等のレイアウトは"RubyKaigi 2013 Team"から頂いたテンプレ(CCライセンス: (http://creativecommons.org/licenses/by-nc-sa/2.1/jp/)を使ってます。

Tecnologia
1 de 17
Baixar para ler offline
Rikiya Ayukawa / Software developer FlawDetector – finding ruby code’s flaw by static analysis
Agenda •  Self Introduction - 自己紹介 •  About FlawDetector – ソフト紹介 •  Implementation of FlawDetector – 実装 •  Future Work – 追加開発について
Self-­‐Introduc.on •  2009〜2013  Fujitsu  Limited.   –   developed  cloud  system    (using  Ruby)   •  2013                            Digital  Iden.ty  Inc.   –  develop  web  api for  smart  phone  app  (using  Ruby)     •  Rikiya  Ayukawa  (@twginriki)  –  hobbies   –  Thinking  and  Making  something  for  effec.ve  soOware   developing   –  Equity  investment  –  Thank  you  Abenomics!   3
About FlawDetector - It’s my hobby -
Have you ever seen “flaw” codes such as •  Determine if a variable is not nil or false twice. This confuses us a little. •  Typo a variable name. This will causes an exception. bar = nil begin … rescue puts ba # raise NoMethodError end def foo(bar) return unless bar … # no_assignemnt_bar if bar # <- redundant check … end end
FlawDetector is a tool that can (will) detect these “flaw” codes by static analysis def foo(bar) return unless bar … # no_assignemnt_bar if bar # <- redundant check … end end $ flaw_detector file.rb msgid,file,line,short_desc,long_desc,details RCN_REDUNDANT_FALSECHECK_OF_TRUE_VALUE,file.rb,4, … I will make the tool detect typo within this year.
You can try it: $ gem install flaw_detector $ flaw_detector <rb file> ※ It only works on ruby-1.9 . I will release next version for ruby 2.0 this weekend.
Cases to gems ・gem json (pull request #170) depth = state.depth -= 1 result << state.object_nl - result << state.indent * depth if indent if indent + result << state.indent * depth if indent result << '}' result ・gem diff-lcs (pull request #19) return 0 unless diffs - if (@format == :report) and diffs + if @format == :report output << "Files #{file_old} and #{file_new} differn" return 1 end I run FlawDetector for 15 OSS and found flaw code in 2 OSS. I sent pull requests and these were merged.
Implementation of FlawDetector
Just like FindBugs… FindBugs •  Is a static analysis tool of java bytecode •  Detects bugs with 400 bug patterns These patterns ideas are very useful Bug pattern list: http://findbugs.sourceforge.net/ bugDescriptions.html
FindBugs vs FlawDetector ・ ・ ・ 400 patterns only 3 patterns
FlawDetector works 1.  Compile rbfile to RubyVM bytecodes •  RubyVM::InstructionSequence.compile 2.  Construct code flow information as BasicBlock, CFG, Dominator tree. 3.  Calculate value of variables and regard a bytecode which raise error or is redundant as flaw
Technical references YARV (RubyVM) bytecode http://www.atdot.net/yarv/ FindBugs http://www.cs.nyu.edu/~lharris/papers/ findbugsPaper.pdf
Future Work
I will implement bug patterns close to FindBugs It requires below features: •  Support to detect “flaw” in block (such as each, map, collect, etc…) •  Static analysis for code pathes by using result of already tested another path by RSpec exmaple •  Type assertion with yard annotation (ex: @param varname [Type] …)
Need your help 協力者募集中! •  Issue Reporting •  Implementation •  Documentation •  …etc Twitter: @twginriki Github: ginriki

Recomendados

How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malwarezynamics GmbH
 
Swift, a quick overview
Swift, a quick overviewSwift, a quick overview
Swift, a quick overviewJulian Król
 
Introduction to mobile reversing
Introduction to mobile reversingIntroduction to mobile reversing
Introduction to mobile reversingjduart
 
Why Static Type Checking is Better
Why Static Type Checking is BetterWhy Static Type Checking is Better
Why Static Type Checking is BetterAndrew Rota
 
TypeScript: Angular's Secret Weapon
TypeScript: Angular's Secret WeaponTypeScript: Angular's Secret Weapon
TypeScript: Angular's Secret WeaponLaurent Duveau
 
New c sharp4_features_part_v
New c sharp4_features_part_vNew c sharp4_features_part_v
New c sharp4_features_part_vNico Ludwig
 
TypeScript for Java Developers
TypeScript for Java DevelopersTypeScript for Java Developers
TypeScript for Java DevelopersYakov Fain
 
Variables in Pharo5
Variables in Pharo5Variables in Pharo5
Variables in Pharo5Marcus Denker
 

Recomendados

How to really obfuscate your pdf malware
How to really obfuscate your pdf malwareHow to really obfuscate your pdf malware
How to really obfuscate your pdf malwarezynamics GmbH
 
Swift, a quick overview
Swift, a quick overviewSwift, a quick overview
Swift, a quick overviewJulian Król
 
Introduction to mobile reversing
Introduction to mobile reversingIntroduction to mobile reversing
Introduction to mobile reversingjduart
 
Why Static Type Checking is Better
Why Static Type Checking is BetterWhy Static Type Checking is Better
Why Static Type Checking is BetterAndrew Rota
 
TypeScript: Angular's Secret Weapon
TypeScript: Angular's Secret WeaponTypeScript: Angular's Secret Weapon
TypeScript: Angular's Secret WeaponLaurent Duveau
 
New c sharp4_features_part_v
New c sharp4_features_part_vNew c sharp4_features_part_v
New c sharp4_features_part_vNico Ludwig
 
TypeScript for Java Developers
TypeScript for Java DevelopersTypeScript for Java Developers
TypeScript for Java DevelopersYakov Fain
 
Variables in Pharo5
Variables in Pharo5Variables in Pharo5
Variables in Pharo5Marcus Denker
 
Objectivec vs swift
Objectivec vs swiftObjectivec vs swift
Objectivec vs swiftNisr Mohamed
 
C++ to java
C++ to javaC++ to java
C++ to javaAjmal Ak
 
CSharp 5 Async
CSharp 5 AsyncCSharp 5 Async
CSharp 5 AsyncValdis Iljuconoks
 
Reactive programming
Reactive programmingReactive programming
Reactive programmingBeauLiu
 
Program Verification / Automated Theorem Proving
Program Verification / Automated Theorem ProvingProgram Verification / Automated Theorem Proving
Program Verification / Automated Theorem Provinglokeshwer2
 
C++vs java
C++vs javaC++vs java
C++vs javaPradeep wolf king
 
A Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - ChromeinfotechA Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - ChromeinfotechChromeInfo Technologies
 
Effective c# part1
Effective c# part1Effective c# part1
Effective c# part1Yuriy Seniuk
 
C# 9 and 10 - What's cool?
C# 9 and 10 - What's cool?C# 9 and 10 - What's cool?
C# 9 and 10 - What's cool?Christian Nagel
 
TypeScript and Angular workshop
TypeScript and Angular workshopTypeScript and Angular workshop
TypeScript and Angular workshopJosé Manuel García García
 
Swift vs Objective-C
Swift vs Objective-CSwift vs Objective-C
Swift vs Objective-CMindfire Solutions
 
Introduction to TypeScript by Winston Levi
Introduction to TypeScript by Winston LeviIntroduction to TypeScript by Winston Levi
Introduction to TypeScript by Winston LeviWinston Levi
 
Angular directives and pipes
Angular directives and pipesAngular directives and pipes
Angular directives and pipesKnoldus Inc.
 
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVMITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVMIstanbul Tech Talks
 
java in Aartificial intelligent by virat andodariya
java in Aartificial intelligent by virat andodariyajava in Aartificial intelligent by virat andodariya
java in Aartificial intelligent by virat andodariyaviratandodariya
 
Migration Objective-C to Swift
Migration Objective-C to SwiftMigration Objective-C to Swift
Migration Objective-C to SwiftNattapon Nimakul
 
15 Minutes Null
15 Minutes Null15 Minutes Null
15 Minutes Nullandrei.pamula
 
TypeScript 101
TypeScript 101TypeScript 101
TypeScript 101rachelterman
 
Inline functions & macros
Inline functions & macrosInline functions & macros
Inline functions & macrosAnand Kumar
 
Acmar trucos de visual basic(2)
Acmar trucos de visual basic(2)Acmar trucos de visual basic(2)
Acmar trucos de visual basic(2)Ivan Ramirez Iglesias
 
Food & Nutrition in America
Food & Nutrition in AmericaFood & Nutrition in America
Food & Nutrition in AmericaJennifer Dowe
 
The 4 types of ENTREPRENEUR who will save our World
The 4 types of ENTREPRENEUR who will save our WorldThe 4 types of ENTREPRENEUR who will save our World
The 4 types of ENTREPRENEUR who will save our WorldStephanie Vilner
 

Mais conteúdo relacionado

Mais procurados

Objectivec vs swift
Objectivec vs swiftObjectivec vs swift
Objectivec vs swiftNisr Mohamed
 
C++ to java
C++ to javaC++ to java
C++ to javaAjmal Ak
 
Reactive programming
Reactive programmingReactive programming
Reactive programmingBeauLiu
 
Program Verification / Automated Theorem Proving
Program Verification / Automated Theorem ProvingProgram Verification / Automated Theorem Proving
Program Verification / Automated Theorem Provinglokeshwer2
 
A Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - ChromeinfotechA Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - ChromeinfotechChromeInfo Technologies
 
Effective c# part1
Effective c# part1Effective c# part1
Effective c# part1Yuriy Seniuk
 
C# 9 and 10 - What's cool?
C# 9 and 10 - What's cool?C# 9 and 10 - What's cool?
C# 9 and 10 - What's cool?Christian Nagel
 
Introduction to TypeScript by Winston Levi
Introduction to TypeScript by Winston LeviIntroduction to TypeScript by Winston Levi
Introduction to TypeScript by Winston LeviWinston Levi
 
Angular directives and pipes
Angular directives and pipesAngular directives and pipes
Angular directives and pipesKnoldus Inc.
 
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVMITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVMIstanbul Tech Talks
 
java in Aartificial intelligent by virat andodariya
java in Aartificial intelligent by virat andodariyajava in Aartificial intelligent by virat andodariya
java in Aartificial intelligent by virat andodariyaviratandodariya
 
Migration Objective-C to Swift
Migration Objective-C to SwiftMigration Objective-C to Swift
Migration Objective-C to SwiftNattapon Nimakul
 
Inline functions & macros
Inline functions & macrosInline functions & macros
Inline functions & macrosAnand Kumar
 

Mais procurados (19)

Objectivec vs swift
Objectivec vs swiftObjectivec vs swift
Objectivec vs swift
 
C++ to java
C++ to javaC++ to java
C++ to java
 
CSharp 5 Async
CSharp 5 AsyncCSharp 5 Async
CSharp 5 Async
 
Reactive programming
Reactive programmingReactive programming
Reactive programming
 
Program Verification / Automated Theorem Proving
Program Verification / Automated Theorem ProvingProgram Verification / Automated Theorem Proving
Program Verification / Automated Theorem Proving
 
C++vs java
C++vs javaC++vs java
C++vs java
 
A Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - ChromeinfotechA Journey From Objective C to Swift - Chromeinfotech
A Journey From Objective C to Swift - Chromeinfotech
 
Effective c# part1
Effective c# part1Effective c# part1
Effective c# part1
 
C# 9 and 10 - What's cool?
C# 9 and 10 - What's cool?C# 9 and 10 - What's cool?
C# 9 and 10 - What's cool?
 
TypeScript and Angular workshop
TypeScript and Angular workshopTypeScript and Angular workshop
TypeScript and Angular workshop
 
Swift vs Objective-C
Swift vs Objective-CSwift vs Objective-C
Swift vs Objective-C
 
Introduction to TypeScript by Winston Levi
Introduction to TypeScript by Winston LeviIntroduction to TypeScript by Winston Levi
Introduction to TypeScript by Winston Levi
 
Angular directives and pipes
Angular directives and pipesAngular directives and pipes
Angular directives and pipes
 
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVMITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
ITT 2014 - Niklas Therning - Truly Native Java Apps on iOS with RoboVM
 
java in Aartificial intelligent by virat andodariya
java in Aartificial intelligent by virat andodariyajava in Aartificial intelligent by virat andodariya
java in Aartificial intelligent by virat andodariya
 
Migration Objective-C to Swift
Migration Objective-C to SwiftMigration Objective-C to Swift
Migration Objective-C to Swift
 
15 Minutes Null
15 Minutes Null15 Minutes Null
15 Minutes Null
 
TypeScript 101
TypeScript 101TypeScript 101
TypeScript 101
 
Inline functions & macros
Inline functions & macrosInline functions & macros
Inline functions & macros
 

Destaque

Food & Nutrition in America
Food & Nutrition in AmericaFood & Nutrition in America
Food & Nutrition in AmericaJennifer Dowe
 
The 4 types of ENTREPRENEUR who will save our World
The 4 types of ENTREPRENEUR who will save our WorldThe 4 types of ENTREPRENEUR who will save our World
The 4 types of ENTREPRENEUR who will save our WorldStephanie Vilner
 
2. szkolenie biznesowe
2. szkolenie biznesowe2. szkolenie biznesowe
2. szkolenie biznesowefabianbystry
 
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]Stephanie Vilner
 

Destaque (7)

Acmar trucos de visual basic(2)
Acmar trucos de visual basic(2)Acmar trucos de visual basic(2)
Acmar trucos de visual basic(2)
 
Food & Nutrition in America
Food & Nutrition in AmericaFood & Nutrition in America
Food & Nutrition in America
 
The 4 types of ENTREPRENEUR who will save our World
The 4 types of ENTREPRENEUR who will save our WorldThe 4 types of ENTREPRENEUR who will save our World
The 4 types of ENTREPRENEUR who will save our World
 
Natal plum
Natal plumNatal plum
Natal plum
 
2. szkolenie biznesowe
2. szkolenie biznesowe2. szkolenie biznesowe
2. szkolenie biznesowe
 
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]
Stephanie's Story : Chapter 1 [ Slideshare Storytelling ]
 
Pagbabagong Morpoponemiko
Pagbabagong MorpoponemikoPagbabagong Morpoponemiko
Pagbabagong Morpoponemiko
 

Semelhante a FlawDetector - Rubykaigi2013 LT

Here Be Dragons – Advanced JavaScript Debugging
Here Be Dragons – Advanced JavaScript DebuggingHere Be Dragons – Advanced JavaScript Debugging
Here Be Dragons – Advanced JavaScript DebuggingFITC
 
FITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript DebuggingFITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript DebuggingRami Sayar
 
Web a Quebec - JS Debugging
Web a Quebec - JS DebuggingWeb a Quebec - JS Debugging
Web a Quebec - JS DebuggingRami Sayar
 
Codemotion 2013 - Designing complex applications using html5 and knockoutjs
Codemotion 2013 - Designing complex applications using html5 and knockoutjsCodemotion 2013 - Designing complex applications using html5 and knockoutjs
Codemotion 2013 - Designing complex applications using html5 and knockoutjsFabio Franzini
 
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...Malin Weiss
 
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...Speedment, Inc.
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality ToolsAnju ML
 
Building static libraries for iOS with CocoaPods
Building static libraries for iOS with CocoaPodsBuilding static libraries for iOS with CocoaPods
Building static libraries for iOS with CocoaPodsSigmapoint
 
“One man” development process model
“One man” development process model“One man” development process model
“One man” development process modelSilicon Straits
 
Rspec and Capybara Intro Tutorial at RailsConf 2013
Rspec and Capybara Intro Tutorial at RailsConf 2013Rspec and Capybara Intro Tutorial at RailsConf 2013
Rspec and Capybara Intro Tutorial at RailsConf 2013Brian Sam-Bodden
 
Philip Shurpik "Architecting React Native app"
Philip Shurpik "Architecting React Native app"Philip Shurpik "Architecting React Native app"
Philip Shurpik "Architecting React Native app"Fwdays
 
Introducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsIntroducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsShafiul Azam Chowdhury
 
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage FuzzerThe Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage FuzzerJoxean Koret
 
Presentation 3 software developer in rfid
Presentation 3 software developer in rfidPresentation 3 software developer in rfid
Presentation 3 software developer in rfidMouhanad Alkhaldi
 
High Productivity Web Development Workflow
High Productivity Web Development WorkflowHigh Productivity Web Development Workflow
High Productivity Web Development WorkflowVũ Nguyễn
 
High productivity web development workflow - JavaScript Meetup Saigon 2014
High productivity web development workflow - JavaScript Meetup Saigon 2014High productivity web development workflow - JavaScript Meetup Saigon 2014
High productivity web development workflow - JavaScript Meetup Saigon 2014Oliver N
 
Philly CocoaHeads 20160414 - Building Your App SDK With Swift
Philly CocoaHeads 20160414 - Building Your App SDK With SwiftPhilly CocoaHeads 20160414 - Building Your App SDK With Swift
Philly CocoaHeads 20160414 - Building Your App SDK With SwiftJordan Yaker
 
12 Step Guide to Lotuscript
12 Step Guide to Lotuscript12 Step Guide to Lotuscript
12 Step Guide to LotuscriptBill Buchan
 
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...Maarten Balliauw
 

Semelhante a FlawDetector - Rubykaigi2013 LT (20)

Here Be Dragons – Advanced JavaScript Debugging
Here Be Dragons – Advanced JavaScript DebuggingHere Be Dragons – Advanced JavaScript Debugging
Here Be Dragons – Advanced JavaScript Debugging
 
FITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript DebuggingFITC - Here Be Dragons: Advanced JavaScript Debugging
FITC - Here Be Dragons: Advanced JavaScript Debugging
 
Web a Quebec - JS Debugging
Web a Quebec - JS DebuggingWeb a Quebec - JS Debugging
Web a Quebec - JS Debugging
 
Codemotion 2013 - Designing complex applications using html5 and knockoutjs
Codemotion 2013 - Designing complex applications using html5 and knockoutjsCodemotion 2013 - Designing complex applications using html5 and knockoutjs
Codemotion 2013 - Designing complex applications using html5 and knockoutjs
 
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...
How to JavaOne 2016 - Generate Customized Java 8 Code from Your Database [TUT...
 
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...
JavaOne2016 - How to Generate Customized Java 8 Code from Your Database [TUT4...
 
Java Code Quality Tools
Java Code Quality ToolsJava Code Quality Tools
Java Code Quality Tools
 
Building static libraries for iOS with CocoaPods
Building static libraries for iOS with CocoaPodsBuilding static libraries for iOS with CocoaPods
Building static libraries for iOS with CocoaPods
 
“One man” development process model
“One man” development process model“One man” development process model
“One man” development process model
 
Angular js
Angular jsAngular js
Angular js
 
Rspec and Capybara Intro Tutorial at RailsConf 2013
Rspec and Capybara Intro Tutorial at RailsConf 2013Rspec and Capybara Intro Tutorial at RailsConf 2013
Rspec and Capybara Intro Tutorial at RailsConf 2013
 
Philip Shurpik "Architecting React Native app"
Philip Shurpik "Architecting React Native app"Philip Shurpik "Architecting React Native app"
Philip Shurpik "Architecting React Native app"
 
Introducing systems analysis, design & development Concepts
Introducing systems analysis, design & development ConceptsIntroducing systems analysis, design & development Concepts
Introducing systems analysis, design & development Concepts
 
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage FuzzerThe Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
The Nightmare Fuzzing Suite and Blind Code Coverage Fuzzer
 
Presentation 3 software developer in rfid
Presentation 3 software developer in rfidPresentation 3 software developer in rfid
Presentation 3 software developer in rfid
 
High Productivity Web Development Workflow
High Productivity Web Development WorkflowHigh Productivity Web Development Workflow
High Productivity Web Development Workflow
 
High productivity web development workflow - JavaScript Meetup Saigon 2014
High productivity web development workflow - JavaScript Meetup Saigon 2014High productivity web development workflow - JavaScript Meetup Saigon 2014
High productivity web development workflow - JavaScript Meetup Saigon 2014
 
Philly CocoaHeads 20160414 - Building Your App SDK With Swift
Philly CocoaHeads 20160414 - Building Your App SDK With SwiftPhilly CocoaHeads 20160414 - Building Your App SDK With Swift
Philly CocoaHeads 20160414 - Building Your App SDK With Swift
 
12 Step Guide to Lotuscript
12 Step Guide to Lotuscript12 Step Guide to Lotuscript
12 Step Guide to Lotuscript
 
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
ConFoo Montreal - Microservices for building an IDE - The innards of JetBrain...
 

Último

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 

Último (20)

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

FlawDetector - Rubykaigi2013 LT

  • 1. Rikiya Ayukawa / Software developer FlawDetector – finding ruby code’s flaw by static analysis
  • 2. Agenda •  Self Introduction - 自己紹介 •  About FlawDetector – ソフト紹介 •  Implementation of FlawDetector – 実装 •  Future Work – 追加開発について
  • 3. Self-­‐Introduc.on •  2009〜2013  Fujitsu  Limited.   –   developed  cloud  system    (using  Ruby)   •  2013                            Digital  Iden.ty  Inc.   –  develop  web  api for  smart  phone  app  (using  Ruby)     •  Rikiya  Ayukawa  (@twginriki)  –  hobbies   –  Thinking  and  Making  something  for  effec.ve  soOware   developing   –  Equity  investment  –  Thank  you  Abenomics!   3
  • 4.
  • 6. Have you ever seen “flaw” codes such as •  Determine if a variable is not nil or false twice. This confuses us a little. •  Typo a variable name. This will causes an exception. bar = nil begin … rescue puts ba # raise NoMethodError end def foo(bar) return unless bar … # no_assignemnt_bar if bar # <- redundant check … end end
  • 7. FlawDetector is a tool that can (will) detect these “flaw” codes by static analysis def foo(bar) return unless bar … # no_assignemnt_bar if bar # <- redundant check … end end $ flaw_detector file.rb msgid,file,line,short_desc,long_desc,details RCN_REDUNDANT_FALSECHECK_OF_TRUE_VALUE,file.rb,4, … I will make the tool detect typo within this year.
  • 8. You can try it: $ gem install flaw_detector $ flaw_detector <rb file> ※ It only works on ruby-1.9 . I will release next version for ruby 2.0 this weekend.
  • 9. Cases to gems ・gem json (pull request #170) depth = state.depth -= 1 result << state.object_nl - result << state.indent * depth if indent if indent + result << state.indent * depth if indent result << '}' result ・gem diff-lcs (pull request #19) return 0 unless diffs - if (@format == :report) and diffs + if @format == :report output << "Files #{file_old} and #{file_new} differn" return 1 end I run FlawDetector for 15 OSS and found flaw code in 2 OSS. I sent pull requests and these were merged.
  • 11. Just like FindBugs… FindBugs •  Is a static analysis tool of java bytecode •  Detects bugs with 400 bug patterns These patterns ideas are very useful Bug pattern list: http://findbugs.sourceforge.net/ bugDescriptions.html
  • 13. FlawDetector works 1.  Compile rbfile to RubyVM bytecodes •  RubyVM::InstructionSequence.compile 2.  Construct code flow information as BasicBlock, CFG, Dominator tree. 3.  Calculate value of variables and regard a bytecode which raise error or is redundant as flaw
  • 16. I will implement bug patterns close to FindBugs It requires below features: •  Support to detect “flaw” in block (such as each, map, collect, etc…) •  Static analysis for code pathes by using result of already tested another path by RSpec exmaple •  Type assertion with yard annotation (ex: @param varname [Type] …)
  • 17. Need your help 協力者募集中! •  Issue Reporting •  Implementation •  Documentation •  …etc Twitter: @twginriki Github: ginriki

Notas do Editor

  1. Contact me をどっかに入れる。
  2. I worked for
  3. FlawDetector…