code is not text! how graph technologies can help us to understand our code better
TRANSCRIPT
Code Is Not Text!
How graph technologies can help us to understand our code better
Andreas Dewes (@japh44)
21.07.2015
EuroPython 2015 – Bilbao
About
Physicist and Python enthusiast
We are a spin-off of the
University of Munich (LMU):
We develop software for data-driven code analysis.
How we ussually think about code
But code can also look like this...
Our Journey
1. Why graphs are interesting
2. How we can store code in a graph
3. What we can learn from the graph
4. How programmers can profit from this
Graphs explained in 30 seconds
node / vertex
edge
node_type: classsdefname: Foo
label: classsdefdata: {...}
node_type: functiondefname: foo
Old idea, many new solutions: Neo4j, OrientDB, ArangoDB, TitanDB, ... (+SQL, key/value stores)
Graphs in Programming
Used mostly within the interpreter/compiler.
Use cases
• Code Optimization• Code Annotation• Rewriting of Code• As Intermediate Language
Building the Code Graph
def encode(obj): """ Encode a (possibly nested) dictionary containing complex values into a form that can be serialized using JSON. """ e = {} for key,value in obj.items(): if isinstance(value,dict): e[key] = encode(value) elif isinstance(value,complex): e[key] = {'type' : 'complex', 'r' : value.real, 'i' : value.imag} return e
dict
name
nameassign
functiondef
body
body
targets
forbody iterator
value
import asttree = ast.parse(" ")...
Storing the Graph: Merkle Trees
https://en.wikipedia.org/wiki/Merkle_treehttps://git-scm.com/book/en/v2/Git-Internals-Git-Objects
https://en.bitcoin.it/wiki/Protocol_documentation#Merkle_Trees
/ 4a7ef...
/flask 79fe4...
/docsa77be...
/docs/conf.py9fa5a../flask/app.py
7fa2a.....
...
tree
blob
Example: git(also Bitcoin)
{i : 1}
{id : 'e'}
{name: 'encode', args : [...]}
{i:0}
AST Example
e4fa76b...
a76fbc41...
c51fa291...
name
nameassign
body
body
targets
for
body iterator
value
dict
functiondef
{i : 1}
{id : 'f'}
{i:0}
5afacc...
ba4ffac...
7faec44...
name
assign
body body
targets
value
dict
functiondef
{name: 'decode', args : [...]}
74af219...
Efficieny of this Approach
What this enables
• Store everything, not just condensed meta-data (like e.g. IDEs do)
• Store multiple projects together, to reveal connections and similarities
• Store the whole git commit history of a given project, to see changes across time.
Modules
ClassesFunctions
The Flask project(30.000 vertices)
Working with Graphs
Querying & Navigation
1. Perform a query over some indexed field(s) to retrieve an initial set of nodes or edges.
graph.filter({'node_type' : 'functiondef',...})
2. Traverse the resulting graph along its edges.
for child in node.outV('body'): if child['node_type'] == ...
Examples
Show all symbol names, sorted by usage.
graph.filter({'node_type' : {$in : ['functiondef','...']}})
.groupby('name',as = 'cnt').orderby('-cnt')
index 79...foo 7...bar 5
Examples (contd.)
Show all versions of a given function.
graph.get_by_path('flask.helpers.url_for')
def url_for(endpoint, **values): """Generates a URL to the given endpoint with the method provided. Variable arguments that are unknown to the target endpoint are appended to the generated URL as query arguments. If the value of a query argument is ``None``, the whole pair is skipped. In case blueprints are active you can shortcut references to the same blueprint by prefixing the local endpoint with a dot (``.``). This will reference the index function local to the current blueprint:: url_for('.index')
def url_for(endpoint, **values): """Generates a URL to the given endpoint with the method provided. Variable arguments that are unknown to the target endpoint are appended to the generated URL as query arguments. If the value of a query argument is ``None``, the whole pair is skipped. In case blueprints are active you can shortcut references to the same blueprint by prefixing the local endpoint with a dot (``.``). This will reference the index function local to the current blueprint:: url_for('.index')
def url_for(endpoint, **values): """Generates a URL to the given endpoint with the method provided. Variable arguments that are unknown to the target endpoint are appended to the generated URL as query arguments. If the value of a query argument is ``None``, the whole pair is skipped. In case blueprints are active you can shortcut references to the same blueprint by prefixing the local endpoint with a dot (``.``). This will reference the index function local to the current blueprint:: url_for('.index')
def url_for(endpoint, **values): """Generates a URL to the given endpoint with the method provided. Variable arguments that are unknown to the target endpoint are appended to the generated URL as query arguments. If the value of a query argument is ``None``, the whole pair is skipped. In case blueprints are active you can shortcut references to the same blueprint by prefixing the local endpoint with a dot (``.``). This will reference the index function local to the current blueprint:: url_for('.index')
fa7fca...
3cdaf...
Visualizing Code
Example: Code Complexity
Graph Algorithm for Calculating the Cyclomatic Complexity (the Python variety)
node = root
def walk(node,anchor = None): if node['node_type'] == 'functiondef': anchor=node anchor['cc']=1 #there is always one path elif node['node_type'] in ('for','if','ifexp','while',...): if anchor: anchor['cc']+=1 for subnode in node.outV: walk(subnode,anchor = anchor)
#aggregate by function path to visualize
The cyclomatic complexity is a quantitative measure of the number of linearly independent paths through a program's source code. It was developed by Thomas J. McCabe, Sr. in 1976.
Example: Flaskflask.helpers.send_file (complexity: 22)
flask.helpers.url_for(complexity: 14)
area: AST weight( lines of code)
height: complexitycolor:complexity/weighthttps://quantifiedcode.github.io/code-is-beautiful
Exploring Dependencies in a Code Base
Finding Patterns & Problems
Pattern Matching: Text vs. Graphs
Many other standards: XQuery/XPath, Cypher (Neo4j), Gremlin (e.g. TitanDB), ...
node_type: wordcontent: {$or : [hello, hallo]}#...>followed_by: node_type: word content: {$or : [world, welt]}
Hello, world!
/(hello|hallo),*\s*
(world|welt)/i
word(hello)
punctuation(,)
word(world)
Example: Building a Code Checker
node_type: tryexcept
>handlers:
$contains:
node_type: excepthandler
type: null
>body:
node_type: pass
try:
customer.credit_card.debit(-100)
except:
pass #to-do: implement this!
Adding an exception to the rule
node_type: tryexcept
>handlers:
$contains:
node_type: excepthandler
type: null
>body:
$not:
$anywhere:
node_type: raise
exclude: #we exclude nested try's
node_type:
$or: [tryexcept]
try:
customer.credit_card.debit(-100)
except:
logger.error("This can't be good.")
raise #let someone else deal with
#this
Bonus Chapter: Analyzing Changes
Example: Diff from Django Project
{i : 1}
{id : 'e'}
{name: 'encode', args : [...]}
{i:0}
Basic Problem: Tree Isomorphism (NP-complete!)
name
nameassign
body
body
targets
for
body iterator
value
dict
functiondef
{i : 1}
{id : 'ee'}
{name: '_encode', args : [...]}
{i:0}
name
nameassign
body
body
targets
for
body iterator
value
dict
functiondef
Similar Problem: Chemical Similarity
https://en.wikipedia.org/wiki/Epigallocatechin_gallate
Epigallocatechin gallate
Solution(s):
Jaccard FingerprintsBloom Filters...
Benzene
Applications
Detect duplicated codee.g. "Duplicate code detection using anti-unification", P Bulychev et. al. (CloneDigger)
Generate semantic diffse.g. "Change Distilling:Tree Differencing for Fine-Grained Source Code Change Extraction", Fluri, B. et. al.
Detect plagiarism / copyrighted codee.g. "PDE4Java: Plagiarism Detection Engine For Java Source Code: A Clustering Approach", A. Jadalla et. al.
Example: Semantic Diff
@mock.patch('django.db.migrations.questioner.MigrationQuestioner.ask_not_null_alteration',
return_value='Some Name')
def test_alter_field_to_not_null_oneoff_default(self, mocked_ask_method):
"""
#23609 - Tests autodetection of nullable to non-nullable alterations.
"""
class CustomQuestioner(...)
# Make state
before = self.make_project_state([self.author_name_null])
after = self.make_project_state([self.author_name])
autodetector = MigrationAutodetector(before, after, CustomQuestioner())
changes = autodetector._detect_changes()
self.assertEqual(mocked_ask_method.call_count, 1)
# Right number/type of migrations?
self.assertNumberMigrations(changes, 'testapp', 1)
self.assertOperationTypes(changes, 'testapp', 0, ["AlterField"])
self.assertOperationAttributes(changes, "testapp", 0, 0, name="name", preserve_default=False)
self.assertOperationFieldAttributes(changes, "testapp", 0, 0, default="Some Name")
Summary: Text vs. Graphs
Text+ Easy to write+ Easy to display+ Universal format+ Interoperable- Not normalized- Hard to analyze
Graphs+ Easy to analyze+ Normalized+ Easy to transform- Hard to generate- Not (yet) interoperable
The Future(?): Use text for small-scale manipulation of code, graphs for large-scale visualization, analysis and transformation.
Thanks!
Andreas Dewes (@japh44)[email protected]
www.quantifiedcode.comhttps://github.com/quantifiedcode
@quantifiedcode