RubyPolish

saucecopywriterInternet και Εφαρμογές Web

2 Φεβ 2013 (πριν από 4 χρόνια και 7 μήνες)

135 εμφανίσεις

RubyPolish: Static Bug
Detection in Ruby Programs

John Locke

Alex Mont

Background


FindBugs is a static analysis tool used to
identify common bugs in Java programs


Ruby is a dynamic, interpreted programming
language


Idea: Develop a FindBugs
-
type tool which
operates on Ruby programs


DRuby provides a means to do this

DRuby


DRuby adds static typing to the standard
Ruby language


To accomplish this, DRuby boils down Ruby
code to “Ruby Intermediate Language (RIL)”
to allow for simple static analysis


RIL provides an easier way to parse Ruby
code and identify common programming
mistakes

Project Plan


Examine FindBugs to determine which
detectors are useful for Ruby


Implement extensible framework for static
analysis using DRuby


Implement bug detectors using the
framework


Test results on existing open
-
sourceRuby
programs


Framework


Dataflow Analyses


Specified by transfer function


Bug Detectors


Pattern match based on RIL code structure for
common mistakes


Takes state and dataflow facts, determines if bug
is detected


Time permitting: Pluggable interface


Conveniently add bug detectors on the fly

Example: Null Pointer Analysis

Warning if:

-
Dereference of
NULL or NSP

-
Nullcheck of NULL
or NONNULL

NONNULL

NSP

NCP

NULL

Bug Detectors


FindBugs has 131 correctness detectors


Identified 15 to potentially implement for this
project


2 require dataflow analysis


13 require only pattern matching


Examples


Incompatible bit masks


Duplicate conditional tests


Useless control flow

Project Progress


Compiled and installed DRuby, examined
existing code, learned about its operation


Implemented prototypes of framework and
detectors


To do:


Continue to fix bugs in the CFG logic


Finish implementation of bug detectors


Test detectors on existing code

Future Directions


Compare with other static analysis tools


Extend framework


Alias analysis


Interprocedural and field analysis


Implement additional bug detectors (There’s
always something else to detect!


).
Possibly implement detectors not present in
FindBugs