Web of Things and Rust

### Research, Implementation and Analysis</br>of Source Code Metrics in</br>Rust-Code-Analysis <div style="font-size:0.6em;font-style:italic">Michele Valsesia, Marco Ballario, Luca Ardito</br> Dept. of Control and Computer Engineering</br> Politecnico di Torino</div> --- ## Goals - Implementing static metrics for _Java_ language inside **_rust-code-analysis_** tool. - Computing implemented metrics on various size _Java_ repositories. - Evaluating how results impact codebase maintainability. - Providing metrics explanations for developers. --- ## rust-code-analysis (RCA) - Written by **_Mozilla_** in Rust for performance and safety reasons. - Code analyser tool which computes metrics on the entire **_Firefox_** codebase. - From a source code, _RCA_ constructs an **_Abstract Syntax Tree (AST)_**. --- ## Abstract Syntax Tree (AST) ```rust fn main() { println!("Hello World!"); } ``` ![ast](https://hackmd.io/_uploads/Hk1v5BugT.png =440x350) <div style="font-size:0.7em;font-style:italic;text-transform:none">Source code and AST of a “Hello world” Rust program.</div> --- ## Spaces - On top of an AST, _RCA_ divides a source code into blocks called **_spaces_**. - A **_space_** represents any structure in a source code which might contain a function declaration. --- ## Spaces ```json { "name": "main.rs", "kind": "unit", "metrics": {...}, "spaces": [ { "name": "main", "kind": "function", "metrics": {...}, "spaces": [], ... } ], ... } ``` <div style="font-size:0.7em;font-style:italic;text-transform:none">JSON spaces structure of a “Hello world” Rust program.</div> --- ## Metrics - Academic analysis - Market analysis - Feasibility analysis - Implementation --- ## Metrics - **_ABC_** counts the essential operations performed by a source code. $$ ABC = \sqrt{A^2 + B^2 + C^2} $$ --- ## Metrics - **_WMC_** measures the complexity of a class summing the complexity of its **_methods_**. $$ WMC = \sum_{i=1}^{n} CC_i $$ --- ## Metrics - **_NPM_** counts the **_public methods_** in a class. - **_NM_** counts the **_methods_** in a class. - **_NPA_** counts the **_public attributes_** in a class. - **_NA_** counts the **_attributes_** in a class. --- ## Metrics - **_COA_** performs a security class evaluation, in terms of **_public methods_**, assessing the attack surface for class operations. $$ COA = \frac{NPM}{NM} $$ --- ## Metrics - **_CDA_** performs a security class evaluation, in terms of **_public attributes_**, assessing the attack surface for class data. $$ CDA = \frac{NPA}{NA} $$ --- ## Methodology - Data Production - Spatial Analysis - Temporal Analysis --- ## Selected Repositories <style scoped> table { font-size: 23px; } </style> | Name | Size | Version | Java Files | |:--------------:|:----------:|:-------:|:----------:| | mockito | Very large | 4.7.0 | 949 | | spring-kafka | Large | 2.9.0 | 502 | | gson | Medium | 2.9.1 | 218 | | Java-WebSocket | Medium | 1.5.3 | 175 | | java-jwt | Small | 4.0.0 | 75 | | FastCSV | Small | 2.2.0 | 39 | --- ## Spatial Analysis - Focused on project **size**. - Performed on measures obtained from various-size repositories **_pinned_** to a specific version. --- ## Temporal Analysis - Focused on the evolution of a project over **time**. - Performed on metric values computed over **several** versions of the same codebase. --- ## Results ![size-comparison](https://hackmd.io/_uploads/SyWjawKgT.png =800x470) <div style="font-size:0.8em;font-style:italic;text-transform:none">Size measures comparison.</div> --- ## Results ![complexity-comparison](https://hackmd.io/_uploads/BJ-awYKx6.png =700x460) <div style="font-size:0.8em;font-style:italic;text-transform:none">Complexity measures comparison.</div> --- ## Results ![visibility-npm](https://hackmd.io/_uploads/ByDQ9KYeT.png =700x480) <div style="font-size:0.8em;font-style:italic;text-transform:none">Percentages of public methods.</div> --- ## Results ![visibility-npa](https://hackmd.io/_uploads/BJ_VxcFg6.png =700x480) <div style="font-size:0.8em;font-style:italic;text-transform:none">Percentages of public attributes.</div> --- ## Results ![javawt-temporal](https://hackmd.io/_uploads/S1lAecKlp.png =1000x480) <div style="font-size:0.8em;font-style:italic;text-transform:none">Java JWT averages size and complexity measures over time.</div> --- ## Results ![threshold-percentage](https://hackmd.io/_uploads/ryiH75tea.png =900x480) <div style="font-size:0.8em;font-style:italic;text-transform:none">ABC threshold measures for Spring for Apache Kafka.</div> --- ## Real-case scenario - Metrics computed by **_RCA_** are used as inputs for machine learning algorithms. - These machine learning models evaluate the risk of a patch mergeable into the **_Firefox_** codebase. --- ## Possible real-case scenarios - Integrate **_RCA_** into an _IDE_ as a plugin to inform about code quality level during development. - Insert **_RCA_** into a _CI_ to uniform the code added by different programmers to a determined quality level established by project maintainers. --- ## Future Works - Extending metrics to other object-oriented languages, such as _C++_ and _Python_. - Expanding this research on a greater amount of repositories, hence providing a **_quantitative_** analysis.  --- ## Thank you for your attention!