| Start...End time | Track name |
|---|---|
|
01:30 - 02:30 UTC |
|
|
04:30 - 05:00 UTC |
Lang: ja
Track: TrackLarge Hall
The future vision of Ruby ParserRecently maintainability and usability of ruby's parser have been discussed. There are several approaches for these problems, however I believe LR parser is the best solution for supporting Ruby's elegant syntax. When using parser generators, we write a grammar description file like "parse.y". In a grammar file, many DSL, e.g. %parse-param, %initial-action, %left, %right ..., are used to control the behavior of generated parser. Even so Push Down Automaton has potential to solve these problems, parser generator's DSL is not enough to represent it. Such impedance mismatches between DSL and PDA requires us to use hacks like lex state. This talk will cover redesigning the responsibility of lexer and parser, how to expand DSL for grammar files and introduction to Lrama parser generator. Memo |
|
05:10 - 05:40 UTC |
Lang: ja
Track: TrackLarge Hall
Make Regexp#match much fasterRegular expressions (Regexp) are the fundamental text-processing tool for programmers. Ruby also has Regexp functions as the standard feature. Regexp is helpful, but it may cause some problems. The typical issue is ReDoS (Regular expression Denial of Service), a vulnerability in Regexp matching. When Regexp matching is implemented by back-tracking, a matching time could explode. This explosion overloads a service and makes it hard to provide the service. Such a DoS attack using Regexp matching is called ReDoS. For example, it caused [damage to Cloudflare](https://blog.cloudflare.com/). Previous Ruby's Regexp implementation could cause ReDoS. In Ruby 3.2.0, Regexp matching has been optimized to prevent ReDoS. This optimization makes Regexp, which previously took exponential matching time, be matched in linear time. In this talk, I will describe a Regexp matching implementation and the details of the Regexp matching optimization implemented in Ruby 3.2.0. Memo |
|
05:50 - 06:20 UTC |
Lang: ja
Track: TrackOpen Studio
UTF-8 is coming to mruby/cmruby/c could only use ASCII (binary), but it will support UTF-8. In this talk I will explain how I implemented UTF-8 support available in mruby/c. Memo |
|
07:00 - 07:30 UTC |
Lang: ja
Track: TrackLarge Hall
Power up your REPL life with typesNowadays, we can use the power of types when writing code in an editor or IDE. But how about in IRB? What if the auto completion of IRB gets more accurate using type information? Wouldn’t it be happy? In this talk, I will show how to implement type based auto completion and make your own customized IRB. Memo |
01:30 - 02:30
04:30 - 05:00
Recently maintainability and usability of ruby's parser have been discussed. There are several approaches for these problems, however I believe LR parser is the best solution for supporting Ruby's elegant syntax. When using parser generators, we write a grammar description file like "parse.y". In a grammar file, many DSL, e.g. %parse-param, %initial-action, %left, %right ..., are used to control the behavior of generated parser. Even so Push Down Automaton has potential to solve these problems, parser generator's DSL is not enough to represent it. Such impedance mismatches between DSL and PDA requires us to use hacks like lex state. This talk will cover redesigning the responsibility of lexer and parser, how to expand DSL for grammar files and introduction to Lrama parser generator.
05:10 - 05:40
Regular expressions (Regexp) are the fundamental text-processing tool for programmers. Ruby also has Regexp functions as the standard feature. Regexp is helpful, but it may cause some problems. The typical issue is ReDoS (Regular expression Denial of Service), a vulnerability in Regexp matching. When Regexp matching is implemented by back-tracking, a matching time could explode. This explosion overloads a service and makes it hard to provide the service. Such a DoS attack using Regexp matching is called ReDoS. For example, it caused [damage to Cloudflare](https://blog.cloudflare.com/). Previous Ruby's Regexp implementation could cause ReDoS. In Ruby 3.2.0, Regexp matching has been optimized to prevent ReDoS. This optimization makes Regexp, which previously took exponential matching time, be matched in linear time. In this talk, I will describe a Regexp matching implementation and the details of the Regexp matching optimization implemented in Ruby 3.2.0.
05:50 - 06:20
mruby/c could only use ASCII (binary), but it will support UTF-8. In this talk I will explain how I implemented UTF-8 support available in mruby/c.
07:00 - 07:30
Nowadays, we can use the power of types when writing code in an editor or IDE. But how about in IRB? What if the auto completion of IRB gets more accurate using type information? Wouldn’t it be happy? In this talk, I will show how to implement type based auto completion and make your own customized IRB.
| Start...End time | Track name |
|---|---|
|
00:40 - 01:10 UTC |
Lang: ja
Track: TrackLarge Hall
How resolve Gem dependencies in your code?I maintain the RubyGems, Bundler and the standard libraries of the Ruby language. I've finished to work that standard libraries promote to the default gems until Ruby 3.1. I've promote some gems like net-smtp, net-imap to the bundled gems. And we released rbs and debug gems as the bundled gems. So, we can provide the best developer experience at the release day. On the other hands, the default gems and bundled gems have a lot of problems especially dependency resolution. I'll describe what are problems related default gems and bundled gems in maintainer's view. I'd like to get more feedback to Gemification for the future with this session. In Ruby 3.2, Bundler 2.4 have new dependency resolver named PubGrub. RubyGems team have a plan to introduce this resolver for RubyGems. I describe the feature of dependency resolution of gem dependencies. Finaly, I introduce how RubyGems and Bundler resolve gem dependencies in your code with the default gems and bundled gems. Memo |
|
01:20 - 01:50 UTC |
Lang: ja
Track: TrackOpen Studio
Implementing "++" operator, stepping into parse.yThe fact that there is no increment/decrement operator in Ruby is known to many Rubyists. Currently, if you try to write code like `i = 0; i++` in Ruby, MRI's parser considers it syntactically invalid. Still, if we want them that means adding a new syntax for `++` operator to Ruby. This seems like a simple syntax at first glance, but to achieve this we need to dig a little deeper into MRI, and explore parse.y - the parser file called "魔窟" (the maze), and consider the compatibility with existing specifications of Ruby. This talk will show you some ideas to obtain `++` with the trial-and-error process of a programmer who is not an expert in a parser, thereby making the interesting topics, lexical analysis, and parsing more familiar to you. Memo |
|
02:00 - 02:30 UTC |
Lang: en
Track: TrackSmall Hall
RubyGems on the watchDid you know that in 2022, over 400 malicious packages were released to RubyGems? That's more than one per day! Our packages ecosystem may not be the biggest, but sure it is being actively exploited! Are you worried? Don't be! You are not alone! RubyGems has a security team actively monitoring and mitigating various threats to ensure that the gems ecosystem is safe and sound. The previous year was when the RubyGems security team would have to issue critical CVEs related to RubyGems security. Still, at the same time, we spent days and nights making sure that the discovered vulnerabilities were not actively exploited. Join me on an adventure from one critical vulnerability to another. Let's explore the world of malicious packages together and learn how you can ensure your safety in this world full of threats and bad actors. Memo |
|
04:30 - 05:00 UTC |
Lang: ja
Track: TrackLarge Hall
Revisiting TypeProf - IDE support as a primary featureTypeProf is a type analyzer for Ruby code that has been bundled since Ruby 3.0. It has provided type inference of non-type-annotated Ruby code as a primary feature, and IDE support via Language Server as a secondary feature. This year, we are trying to reverse this; Let IDE a primary target. We're redesigning the analyzer to help achieving this. To speed up the response to edits in the IDE, we plan to make the analysis modular and incremental and reduce the amount of re-analysis per edit. We also plan to implement showing analyzed types as mouse hover hint by changing the analysis from bytecode-based to AST based. In this talk, we will present the new design of TypeProf and its prototype. Memo |
|
05:10 - 05:40 UTC |
Lang: en
Track: TrackSmall Hall
Ruby Implementation of QUIC: Progress and ChallengesI am working on a Ruby implementation of the QUIC protocol with support from the Ruby Association Grant. I started by porting the aioquic code from Python to Ruby and then developing a version of QUIC that is more suited to the Ruby language. In this presentation, I will summarize my progress and discuss some challenges I faced during the code transition. Memo |
|
05:50 - 06:20 UTC |
Lang: ja
Track: TrackOpen Studio
Introduction of new features for VS Code debuggingruby/debug, which is a replacement for traditional lib/debug.rb standard library has been developed for two years. Also, many improvements are still being made. In this talk, I'll introduce new features to improve the user experience in VS Code debugging. VS Code Debug Visualizer: Would it be helpful if we could see the Active Record object as a table? Debug Visualizer allows you to visualize many objects in many ways, such as bar charts and line charts! Demo: https://www.youtube.com/watch?v=9vLVCrpzlDQ Trace Inspector: Trace Inspector is useful when tracing in VS Code. Users can search tracing logs easily and get a lot of helpful information by using Rdbg Trace Inspector. For example, users can know which method is called, which line is executed, local variables at some point, and so on. Memo |
|
07:00 - 07:30 UTC |
Lang: ja
Track: TrackOpen Studio
Eliminating ReDoS with Ruby 3.2Just evaluating inefficient regular expressions may break your service - one with an exponential time complexity may cause a denial-of-service (ReDoS), depending on engines. Ruby had adopted a native algorithm like some of the major languages, leaving a risk of ReDoS. However, Ruby 3.2 introduced drastic updates to the Regexp engine internals to reduce the risk. Ruby developers no longer need to be afraid of it for basic usage. To confirm the effectiveness of the language-level changes in addressing ReDoS, this talk will provide a case study by highlighting real ReDoS vulnerabilities in GitLab. Each was resolved in app-level approaches, but this talk will show how the vulnerabilities relate to the old engine's characteristics and how the new engine contributes to eliminating it at scale. The talk will also present recommended coding practices for Ruby users to avoid ReDoS vulnerabilities, considering attack vectors uncovered by the updates and the appropriate usage of timeouts. Memo |
|
07:40 - 08:40 UTC |
Lang: en
Track: TrackLarge Hall
Optimizing YJIT’s Performance, from Inception to ProductionThe release of Ruby 3.2 brought many improvements to YJIT, both in terms of performance and memory usage. Importantly, the reduced memory footprint makes YJIT much more viable for real-world production deployments. Enough so that YJIT is no longer marked as experimental, and Shopify has chosen to deploy it on its worldwide StoreFront renderer infrastructure. Making YJIT suitable for production is not just a matter of getting the highest performance numbers possible. In this talk, I want to go over the story and the process that has enabled us to bring YJIT to a state where we consider it to be production-ready, all the way from the original research ideas that lead to the creation of YJIT, to the choice of benchmarks and the curation of our benchmark suite, to the methodology used to benchmark YJIT, but also discussing specific key performance optimizations that YJIT performs, and how we were able to optimize YJIT for a real production workload using a data-driven approach. Memo |
00:40 - 01:10
I maintain the RubyGems, Bundler and the standard libraries of the Ruby language. I've finished to work that standard libraries promote to the default gems until Ruby 3.1. I've promote some gems like net-smtp, net-imap to the bundled gems. And we released rbs and debug gems as the bundled gems. So, we can provide the best developer experience at the release day. On the other hands, the default gems and bundled gems have a lot of problems especially dependency resolution. I'll describe what are problems related default gems and bundled gems in maintainer's view. I'd like to get more feedback to Gemification for the future with this session. In Ruby 3.2, Bundler 2.4 have new dependency resolver named PubGrub. RubyGems team have a plan to introduce this resolver for RubyGems. I describe the feature of dependency resolution of gem dependencies. Finaly, I introduce how RubyGems and Bundler resolve gem dependencies in your code with the default gems and bundled gems.
01:20 - 01:50
The fact that there is no increment/decrement operator in Ruby is known to many Rubyists. Currently, if you try to write code like `i = 0; i++` in Ruby, MRI's parser considers it syntactically invalid. Still, if we want them that means adding a new syntax for `++` operator to Ruby. This seems like a simple syntax at first glance, but to achieve this we need to dig a little deeper into MRI, and explore parse.y - the parser file called "魔窟" (the maze), and consider the compatibility with existing specifications of Ruby. This talk will show you some ideas to obtain `++` with the trial-and-error process of a programmer who is not an expert in a parser, thereby making the interesting topics, lexical analysis, and parsing more familiar to you.
02:00 - 02:30
Did you know that in 2022, over 400 malicious packages were released to RubyGems? That's more than one per day! Our packages ecosystem may not be the biggest, but sure it is being actively exploited! Are you worried? Don't be! You are not alone! RubyGems has a security team actively monitoring and mitigating various threats to ensure that the gems ecosystem is safe and sound. The previous year was when the RubyGems security team would have to issue critical CVEs related to RubyGems security. Still, at the same time, we spent days and nights making sure that the discovered vulnerabilities were not actively exploited. Join me on an adventure from one critical vulnerability to another. Let's explore the world of malicious packages together and learn how you can ensure your safety in this world full of threats and bad actors.
04:30 - 05:00
TypeProf is a type analyzer for Ruby code that has been bundled since Ruby 3.0. It has provided type inference of non-type-annotated Ruby code as a primary feature, and IDE support via Language Server as a secondary feature. This year, we are trying to reverse this; Let IDE a primary target. We're redesigning the analyzer to help achieving this. To speed up the response to edits in the IDE, we plan to make the analysis modular and incremental and reduce the amount of re-analysis per edit. We also plan to implement showing analyzed types as mouse hover hint by changing the analysis from bytecode-based to AST based. In this talk, we will present the new design of TypeProf and its prototype.
05:10 - 05:40
I am working on a Ruby implementation of the QUIC protocol with support from the Ruby Association Grant. I started by porting the aioquic code from Python to Ruby and then developing a version of QUIC that is more suited to the Ruby language. In this presentation, I will summarize my progress and discuss some challenges I faced during the code transition.
05:50 - 06:20
ruby/debug, which is a replacement for traditional lib/debug.rb standard library has been developed for two years. Also, many improvements are still being made. In this talk, I'll introduce new features to improve the user experience in VS Code debugging. VS Code Debug Visualizer: Would it be helpful if we could see the Active Record object as a table? Debug Visualizer allows you to visualize many objects in many ways, such as bar charts and line charts! Demo: https://www.youtube.com/watch?v=9vLVCrpzlDQ Trace Inspector: Trace Inspector is useful when tracing in VS Code. Users can search tracing logs easily and get a lot of helpful information by using Rdbg Trace Inspector. For example, users can know which method is called, which line is executed, local variables at some point, and so on.
07:00 - 07:30
Just evaluating inefficient regular expressions may break your service - one with an exponential time complexity may cause a denial-of-service (ReDoS), depending on engines. Ruby had adopted a native algorithm like some of the major languages, leaving a risk of ReDoS. However, Ruby 3.2 introduced drastic updates to the Regexp engine internals to reduce the risk. Ruby developers no longer need to be afraid of it for basic usage. To confirm the effectiveness of the language-level changes in addressing ReDoS, this talk will provide a case study by highlighting real ReDoS vulnerabilities in GitLab. Each was resolved in app-level approaches, but this talk will show how the vulnerabilities relate to the old engine's characteristics and how the new engine contributes to eliminating it at scale. The talk will also present recommended coding practices for Ruby users to avoid ReDoS vulnerabilities, considering attack vectors uncovered by the updates and the appropriate usage of timeouts.
07:40 - 08:40
The release of Ruby 3.2 brought many improvements to YJIT, both in terms of performance and memory usage. Importantly, the reduced memory footprint makes YJIT much more viable for real-world production deployments. Enough so that YJIT is no longer marked as experimental, and Shopify has chosen to deploy it on its worldwide StoreFront renderer infrastructure. Making YJIT suitable for production is not just a matter of getting the highest performance numbers possible. In this talk, I want to go over the story and the process that has enabled us to bring YJIT to a state where we consider it to be production-ready, all the way from the original research ideas that lead to the creation of YJIT, to the choice of benchmarks and the curation of our benchmark suite, to the methodology used to benchmark YJIT, but also discussing specific key performance optimizations that YJIT performs, and how we were able to optimize YJIT for a real production workload using a data-driven approach.
| Start...End time | Track name |
|---|---|
|
00:40 - 01:50 UTC |
Lang: en
Track: TrackLarge Hall
Ruby Committers and The WorldCRuby committers on stage! Memo |
|
02:00 - 02:30 UTC |
Lang: ja
Track: TrackLarge Hall
Build Your Own SQLite3SQLite3 runs on any OS or bare metal by providing a VFS functions layer. This talk shows you a real example of an SQLite3 application for a DIY keyboard. Memo |
|
04:30 - 05:00 UTC |
Lang: en
Track: TrackOpen Studio
Building RubyfmtIn this talk, we'll cover how Rubyfmt was built. This will include a breakdown of the technical details of how the Rubyfmt binary is built, embedding Ruby in Rust, calling Ruby from Rust, and how we built the data structures for the parse tree, as well as how we ended up building the formatting system itself. You should attend this talk if you are already fluent in Ruby and want to learn how underlying C of Ruby's parser works, and how you can call it from Rust. Memo |
|
05:10 - 05:40 UTC |
Lang: en
Track: TrackSmall Hall
Find and Replace Code based on ASTWhen we want to find and replace code, we usually search by plain text or regular expression, it's quick for simple cases, but I'd like to share with you how to do a much more powerful and accurate find and replace based on AST. I have built [synvert](https://synvert.net/) for years, it allows you to write snippet code to rewrite ruby code, it provides CLI, GUI, and VSCode extension, and it can automatically generate snippets, so even junior developers can rewrite code based on AST at will. You'll learn how to query and mutate code based on AST node. You'll also learn how to use synvert GUI to rewrite your code even if you don't have any idea about AST. Memo |
|
05:50 - 06:20 UTC |
Lang: en
Track: TrackLarge Hall
Ruby JIT Hacking GuideYJIT delivered a significant speedup to various real-world applications. Have you wondered how a Just-In-Time compiler makes your application fast? Ruby 3.2 has a secret backdoor to hook your own Just-In-Time compiler. Using that “feature”, this talk will guide you through how a Ruby JIT can be written in Ruby. You’ll learn the basics of Ruby VM, how to encode native instructions in Ruby, and interesting optimizations that JIT can do with them. Memo |
|
07:00 - 07:30 UTC |
Lang: en
Track: TrackLarge Hall
Rethinking StringsRuby strings serve two distinct purposes: the representation of textual data and the representation of binary data. These two use cases generally require different operations, but today they're both accessible via `String`. Combining the two creates a discoverability issue and can be error-prone. Many `String` operations have no logical meaning for arbitrary binary data. Having to use strings with a special encoding to pass binary data around is a non-obvious solution and hampers Ruby's usability. Moreover, binary data can sometimes look like ASCII text, which may help build false trust in code with logic errors. Such errors are nuanced and difficult to debug. This talk takes a high-level look at Ruby's strings and encodings, highlighting potentially problematic areas and suggesting ways to improve. While the emphasis is on the logical interface for text and binary data, we'll also look at the performance ramifications of the current design and how that might improve as well. Memo |
|
07:40 - 08:40 UTC |
Lang: en
Track: TrackLarge Hall
Parsing RBSDevelopment of advanced IDE features requires parsing broken source code because writing something in editors usually causes intermediate – syntactically incorrect states. This is not only for Ruby code, but also for RBS type definitions. In this talk, I will introduce my error tolerant parser and the tricks that generate better syntax trees from incorrect RBS source code. Memo |
00:40 - 01:50
CRuby committers on stage!
02:00 - 02:30
SQLite3 runs on any OS or bare metal by providing a VFS functions layer. This talk shows you a real example of an SQLite3 application for a DIY keyboard.
04:30 - 05:00
In this talk, we'll cover how Rubyfmt was built. This will include a breakdown of the technical details of how the Rubyfmt binary is built, embedding Ruby in Rust, calling Ruby from Rust, and how we built the data structures for the parse tree, as well as how we ended up building the formatting system itself. You should attend this talk if you are already fluent in Ruby and want to learn how underlying C of Ruby's parser works, and how you can call it from Rust.
05:10 - 05:40
When we want to find and replace code, we usually search by plain text or regular expression, it's quick for simple cases, but I'd like to share with you how to do a much more powerful and accurate find and replace based on AST. I have built [synvert](https://synvert.net/) for years, it allows you to write snippet code to rewrite ruby code, it provides CLI, GUI, and VSCode extension, and it can automatically generate snippets, so even junior developers can rewrite code based on AST at will. You'll learn how to query and mutate code based on AST node. You'll also learn how to use synvert GUI to rewrite your code even if you don't have any idea about AST.
05:50 - 06:20
YJIT delivered a significant speedup to various real-world applications. Have you wondered how a Just-In-Time compiler makes your application fast? Ruby 3.2 has a secret backdoor to hook your own Just-In-Time compiler. Using that “feature”, this talk will guide you through how a Ruby JIT can be written in Ruby. You’ll learn the basics of Ruby VM, how to encode native instructions in Ruby, and interesting optimizations that JIT can do with them.
07:00 - 07:30
Ruby strings serve two distinct purposes: the representation of textual data and the representation of binary data. These two use cases generally require different operations, but today they're both accessible via `String`. Combining the two creates a discoverability issue and can be error-prone. Many `String` operations have no logical meaning for arbitrary binary data. Having to use strings with a special encoding to pass binary data around is a non-obvious solution and hampers Ruby's usability. Moreover, binary data can sometimes look like ASCII text, which may help build false trust in code with logic errors. Such errors are nuanced and difficult to debug. This talk takes a high-level look at Ruby's strings and encodings, highlighting potentially problematic areas and suggesting ways to improve. While the emphasis is on the logical interface for text and binary data, we'll also look at the performance ramifications of the current design and how that might improve as well.
07:40 - 08:40
Development of advanced IDE features requires parsing broken source code because writing something in editors usually causes intermediate – syntactically incorrect states. This is not only for Ruby code, but also for RBS type definitions. In this talk, I will introduce my error tolerant parser and the tricks that generate better syntax trees from incorrect RBS source code.