Ruby on Rails [ Ruby On Rails.ppt ] - [Ruby - [Ruby-Doc.org ...
Towards Tooling; A Look at What is Missing From the Ruby Toolbox
-
Upload
loren-segal -
Category
Technology
-
view
109 -
download
1
description
Transcript of Towards Tooling; A Look at What is Missing From the Ruby Toolbox
Towards Toolingwhat is missing
from our toolbox?Loren Segal
@lsegal
Friday, November 8, 13
Are Rubyists good at testing because they
have good tools?Friday, November 8, 13
Do Rubyists have good tools
because they are good at testing?
Friday, November 8, 13
Do Rubyists have good tools
because they are good at testing?
Friday, November 8, 13
Friday, November 8, 13
Tools are important
Friday, November 8, 13
We have good tools
Friday, November 8, 13
...sometimes.
Friday, November 8, 13
This talk is about the
not-so-good tools
Friday, November 8, 13
GoalsFriday, November 8, 13
1. Introduce
different toolsFriday, November 8, 13
2. Find out which
tools we are missing
Friday, November 8, 13
3. Write these
tools plz thx!Be a garbage collector
Friday, November 8, 13
Note:
GoogleTOOL NAME + LANGUAGE
You should find the tools referenced in this talk
Friday, November 8, 13
Kinds of Tools
Friday, November 8, 13
Deployment / OpsDocumentation
TestingVisualization
DebuggingLinting
Static Analysis
High Level
Low Level
Friday, November 8, 13
Visualization
Friday, November 8, 13
Some ofthe most
important toolsare visualization tools
Friday, November 8, 13
Know what your code
is doingFriday, November 8, 13
Thread in a sealed box.Is it dead or alive?
Friday, November 8, 13
Visual Studio
Friday, November 8, 13
Visual Studio
Friday, November 8, 13
XCode
Friday, November 8, 13
VisualVM
Friday, November 8, 13
Discoverability
Friday, November 8, 13
Call references
Implementors ECLIPSE
Friday, November 8, 13
Not just IDEs
Friday, November 8, 13
I’ll prove it...
Friday, November 8, 13
Firebug
Friday, November 8, 13
Do you remember web development before Firebug?
Friday, November 8, 13
Before: no visibility.
Friday, November 8, 13
Ember Inspector
Friday, November 8, 13
SmalltalkFriday, November 8, 13
Friday, November 8, 13
InherentlyVisual
Friday, November 8, 13
Where isRuby viz?
Friday, November 8, 13
RubyMine
Friday, November 8, 13
Profilers?Friday, November 8, 13
memprofJoe Damato
github/ice799/memprofFriday, November 8, 13
perftools.rb
Friday, November 8, 13
NetBeans / JRuby
Friday, November 8, 13
Use theJVM
Friday, November 8, 13
Lintng��
Friday, November 8, 13
Lintdivide by zero: checkinitialized vars: check
...style: check (last!)
Friday, November 8, 13
Ruby?
Friday, November 8, 13
Reek/Flog/FlayDoes: detect code smellsDoes not: find common errors
Friday, November 8, 13
Assumption:Pretty code iscorrect code
Friday, November 8, 13
Friday, November 8, 13
Ugly.Not “correct”.
Friday, November 8, 13
github.com/lsegal/my_fake_project
Friday, November 8, 13
PS. I ♡Code
ClimateFriday, November 8, 13
Understandyour tools
Friday, November 8, 13
Code Climate does not replace testing
Friday, November 8, 13
ruby-lintYorick Peterse
but it’s newFriday, November 8, 13
Nothing comes
standardFriday, November 8, 13
Other languages?
Friday, November 8, 13
JSHint (JavaScript)pylint (Python)
FindBugs (Java)FxCop (C#)
Friday, November 8, 13
Widely used.
Friday, November 8, 13
Why notRuby?
Friday, November 8, 13
Friday, November 8, 13
StaticAnalysis
lint++Friday, November 8, 13
is ahuge field
Friday, November 8, 13
Friday, November 8, 13
Types of “static analysis”- Defect Finding
- Memory Checking / Fuzz Testing
- Extended Static Checking
- Model Checking / Data Flow Analysis
- Symbolic ExecutionFriday, November 8, 13
Defect Finding
Friday, November 8, 13
is basically lint,
Friday, November 8, 13
but with less emphasis on syntax.
Friday, November 8, 13
The Usual Suspects
Friday, November 8, 13
BrakemanJustin Collins
brakemanscanner.org(Ruby on Rails)
Friday, November 8, 13
Finds common flawsin Rails code
XSS, SQL injection, mass assignment
Friday, November 8, 13
Friday, November 8, 13
Static detection of security vulnerabilitiesin scripting languages
https://www.usenix.org/legacy/event/sec06/tech/full_papers/xie/xie_html/
Friday, November 8, 13
Fuzz Testing
Friday, November 8, 13
garbage in...
Friday, November 8, 13
Lots of tools.
C, Java, JS, Python, etc.
Friday, November 8, 13
Lots of papers.
Friday, November 8, 13
“Automated Whitebox Fuzz Testing”
Microsoft Research(used in SAGE)
http://research.microsoft.com/en-us/um/people/pg/public_psfiles/ndss2008.pdf
Friday, November 8, 13
What about us?
Friday, November 8, 13
HeckleRyan Davis, Kevin Clark
Friday, November 8, 13
Friday, November 8, 13
MutantMarkus Schirp
github/mbj/mutantFriday, November 8, 13
We could use a real fuzz testing tool.
Friday, November 8, 13
FuzzBert?Martin Bosslet
github/krypt/FuzzBertFriday, November 8, 13
lots of papers out therewith algorithms to implement
Friday, November 8, 13
LET’S GET
Friday, November 8, 13
Symbolic Execution
Friday, November 8, 13
Run your codewith no immediate values
Friday, November 8, 13
Similar to Extended Static Checking
but...
Friday, November 8, 13
Contracts not required
and
Can tell you which inputs generated valid or invalid state
Friday, November 8, 13
Think:
Automatic Test Case Generation
Friday, November 8, 13
// @example pow(2, 8) == 256 int pow(int x, int n) { int v[32] = {x}, result = 0; for (int i = 1; i < n; i++) { v[i] = x * v[i-1]; } return v[n-1]; }
Friday, November 8, 13
SymExe report:
x=1,n=5,result=1x=2,n=8,result=256x=1,n=0,error: array out of bounds ← x=1,n=33,error: array out of bounds ←
Friday, November 8, 13
// @example pow(2, 8) == 256 // @requires n > 0 // @requires n < 32 int pow(int x, int n) { int v[32] = {x}, result = 0; for (int i = 1; i < n; i++) { v[i] = x * v[i-1]; } return v[n-1]; }
Friday, November 8, 13
Tools?
Friday, November 8, 13
KLEE (LLVM)Kudzu (JavaScript)
Kiasan (Java, SPARK)
Friday, November 8, 13
Nothing for Ruby*
(*) “Automatic Program Verification and Test Case Generation of Ruby Programs”
Friday, November 8, 13
Ruby doesn’t really have a scientific community.
Friday, November 8, 13
Chicken and egg.
Friday, November 8, 13
Python vs Ruby?Big boy language?
Friday, November 8, 13
RECAP
Friday, November 8, 13
We are greatat testing,
deployment,web frameworks
Friday, November 8, 13
Not so good atvisualization,
linting,static analysis
Friday, November 8, 13
We attractweb developersbecause we have good
web tools
Friday, November 8, 13
Could webuild toolsfor other
communities?science, engineering, math
Friday, November 8, 13
Take responsibility.
Friday, November 8, 13
Great tool ideas arewaiting to be implemented
Friday, November 8, 13
Tons of research papersin fields I mentioned
scholar.google.com
Friday, November 8, 13
I had a whole section on my favourite research papers.
Friday, November 8, 13
Come find me if you want titles.
Friday, November 8, 13
Thank you.
Slides will be linked on Twitter@lsegal
Friday, November 8, 13