Dialyzer – a DIscrepancy AnaLYZer of ERlang programs Tobias Lindahl and Kostis Sagonas Dept of Information Technology Uppsala University.

Slides:



Advertisements
Similar presentations
Chapter 2.2 – More about Ruby Maciej Mensfeld Presented by: Maciej Mensfeld More about Ruby dev.mensfeld.pl github.com/mensfeld senior.
Advertisements

De necessariis pre condiciones consequentia sine machina P. Consobrinus, R. Consobrinus M. Aquilifer, F. Oratio.
Exercise 1 Generics and Assignments. Language with Generics and Lots of Type Annotations Simple language with this syntax types:T ::= Int | Bool | T =>
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
Program Representations. Representing programs Goals.
MS Excel: Interface CSE1520 Erich Leung Fall 2009 The functionality of MS Excel 2003 and Excel 2007 are similar as far as the lab assignments are concerned.
Feature requests for Case Manager By Spar Nord Bank A/S IBM Insight 2014 Spar Nord Bank A/S1.
CIS 101: Computer Programming and Problem Solving Lecture 8 Usman Roshan Department of Computer Science NJIT.
Common Sub-expression Elim Want to compute when an expression is available in a var Domain:
Lecture 3: Topics If-then-else Operator precedence While loops Static methods Recursion.
Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.
From last time: live variables Set D = 2 Vars Lattice: (D, v, ?, >, t, u ) = (2 Vars, µ, ;,Vars, [, Å ) x := y op z in out F x := y op z (out) = out –
Chapter 15 Other Functional Languages. Copyright © 2007 Addison-Wesley. All rights reserved. Functional Languages Scheme and LISP have a simple syntax.
Lecture 19 Distributed Programming (Ch. 10) Other message-passing programming models  Channels vs mailboxes  Synchronous vs asynchronous.
Another example p := &x; *p := 5 y := x + 1;. Another example p := &x; *p := 5 y := x + 1; x := 5; *p := 3 y := x + 1; ???
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
Direction of analysis Although constraints are not directional, flow functions are All flow functions we have seen so far are in the forward direction.
TCP/IP Protocol Suite 1 Chapter 11 Upon completion you will be able to: User Datagram Protocol Be able to explain process-to-process communication Know.
Projects. Dataflow analysis Dataflow analysis: what is it? A common framework for expressing algorithms that compute information about a program Why.
Macros Tutorial Week 20. Objectives By the end of this tutorial you should understand how to: Create macros Assign macros to events Associate macros with.
Recap from last time: live variables x := 5 y := x + 2 x := x + 1 y := x y...
Direction of analysis Although constraints are not directional, flow functions are All flow functions we have seen so far are in the forward direction.
Abstract Data Types and Encapsulation Concepts
Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.
Chapter Three Using Variables and Constants Programming with Microsoft Visual Basic th Edition.
MS Access Advanced Instructor: Vicki Weidler Assistant:
Apply Sub Procedures/Methods and User Defined Functions
Crystal-izing Sophisticated Code Analyses Ciera Jaspan Kevin Bierhoff Jonathan Aldrich
Database-Driven Web Sites, Second Edition1 Chapter 8 Processing ASP.NET Web Forms and Working With Server Controls.
GENERAL CONCEPTS OF OOPS INTRODUCTION With rapidly changing world and highly competitive and versatile nature of industry, the operations are becoming.
Chapter 4 The If…Then Statement
Software Engineering Prof. Dr. Bertrand Meyer March 2007 – June 2007 Chair of Software Engineering Static program checking and verification Slides: Based.
CSCE 548 Code Review. CSCE Farkas2 Reading This lecture: – McGraw: Chapter 4 – Recommended: Best Practices for Peer Code Review,
University of Maryland Bug Driven Bug Finding Chadd Williams.
CSC-682 Cryptography & Computer Security Sound and Precise Analysis of Web Applications for Injection Vulnerabilities Pompi Rotaru Based on an article.
Excel application for accounting principles. FORMATTING IN EXCEL.
Copyright © Curt Hill First Window Builder Program Easy GUIs in Eclipse.
SYSTEMSDESIGNANALYSIS 1 OO: Chapter 9 Visual Basic: Building Components Jerry Post Copyright © 1999.
Message Analysis-Guided Allocation and Low-Pause Incremental Garbage Collection in a Concurrent Language Konstantinos Sagonas Jesper Wilhelmsson Uppsala.
Exploring Microsoft Access Chapter 8 Creating More Powerful Applications: Introduction to VBA.
Access Forms and Queries. Entering Data in Your Table  You can add data to your table in Datasheet view, by typing in the columns and rows.  This.
Recap form last time How to do for loops map, filter, reduce Next up: dictionaries.
Maria Christakis National Technical University of Athens, Greece Joint work with Kostis Sagonas Detection of Asynchronous Message Passing Errors Using.
Static Detection of Race Conditions in Erlang Maria Christakis National Technical University of Athens, Greece Joint work with Kostis Sagonas.
Reducing Interprocess Communication Overhead in Concurrent Programs Erik Stenman Kostis Sagonas.
Visual Basic for Application - Microsoft Access 2003 Programming applications using Objects.
Programming with Microsoft Visual Basic 2008 Fourth Edition Chapter Three Using Variables and Constants.
Chapter 3 Automating Your Work. It is frustrating when you have to type the same passage of text repeatedly. For example your name and address. Word includes.
Programming with Microsoft Visual Basic th Edition
Lecture 4 Mechanisms & Kernel for NOSs. Mechanisms for Network Operating Systems  Network operating systems provide three basic mechanisms that support.
Introduction to Programming in Corvid EXSYS-Corvid is an intelligent systems programming environment General order of tasks: Enter and define Variables.
What is a compiler? –A program that reads a program written in one language (source language) and translates it into an equivalent program in another language.
Debugging, bug finding and bug avoidance Part 2 Alan Dix
JavaScript and Ajax (Control Structures) Week 4 Web site:
Crystal-izing Sophisticated Code Analyses Ciera Jaspan Kevin Bierhoff Jonathan Aldrich
Erlang - a complete development environment for concurrent programming RTLab. Kim Tae-Hyon.
LLVM Simone Campanoni
A variable is a name for a value stored in memory.
Dataflow analysis.
Administering a Database System
Excel VBA Day 3 of 3 Tom Vorves.
MODULE 7 Microsoft Access 2010
Andy Wang Object Oriented Programming in C++ COP 3330
CGS 3763 Operating Systems Concepts Spring 2013
Guidelines for Microsoft® Office 2013
Andy Wang Object Oriented Programming in C++ COP 3330
Presentation transcript:

Dialyzer – a DIscrepancy AnaLYZer of ERlang programs Tobias Lindahl and Kostis Sagonas Dept of Information Technology Uppsala University

What is the Dialyzer? The short answer: It is a user-friendly tool that can help you find bugs with little more effort than pressing a button. The somewhat longer answer:... will take something like half an hour

What does Dialyzer report? Dialyzer reports discrepancies in Erlang code Discrepancies come in different flavours: Calls to primitive operations or built-in functions that will always fail Pattern matching clauses that cannot match Guards that always will silently fail...

Properties of Dialyzer v1.0 1.No false warnings 2.Automatic: Dialyzer requests the user to press a button 1. No user annotations required 2. No changes to existing code or the characteristics of Erlang 3.Analysis works starting from bytecode 4.Analysis is quite fast

What kind of analysis is used? Intra-procedural, forward dataflow analysis using type inference. The Dialyzer: – Builds a static callgraph for intra-modular function calls. – Analyses its strongly connected components in a bottom-up fashion (using the information from already analysed functions) until fixpoint. – Builds a similar callgraph for inter-modular calls. – With the help of this callgraph, analyses all modules until fixpoint.

The core of the analysis: Local analysis Performed on the internal language Icode, an idealised assembly language. Icode is represented as a Control Flow Graph (CFG) and is converted to Static Single Assignment (SSA) form. Type information is available: – Explicitly in guards and pattern matching – Implicitly in calls to primops and bifs (e.g., '+'/2)

if is_binary(v0) truefalse v2 := mktuple(list, v1) return(v2) v3 := mktuple(tuple, v1) return(v3) v4 := mktuple(binary, v1) return(v4) if is_tuple(v0) v5 := gazonk return(v5) v1 := erlang:size(v0) if is_list(v0) falsetrue falsetrue Example test(X) -> case size(X) of N when is_list(X) -> {list, N}; N when is_tuple(X) -> {tuple, N}; N when is_binary(X) -> {binary, N}; _ -> gazonk end. size(tuple() | binary()) -> integer() v0 ::= tuple() | binary() v0 ::= any() v0 ::= tuple() | binary() v0 ::= binary() v0 ::= tuple()v0 ::= binary()

Dialyzer in action

Example of discrepancies (1) In snmp: snmp_user_based_sm_mib.erl case is_crypto_supported(sha_mac_96) of true -> ok; fasle ->...

remote_dirty_select(Tab, [{HeadPat,_,_}] = Spec, [Pos|Tail]) when tuple(HeadPat), size(HeadPat) > 2, Pos =... Example of discrepancies (2) In mnesia: mnesia.erl

case snmp_pdus:enc_scoped_pdu(ScopedPDU) of {'EXIT', Reason} ->... Example of discrepancies (3) In snmp: snmp_mpd.erl

case Options of {wrap, T, WrapSize, WrapCnt, WrapTime} ->... nowrap -> … end,... case Options of {wrap, _, _, _} ->... _Other ->... Example of discrepancies (4) In snmp: snmp_mpd.erl

merge_data(Queue, Header) -> Data = list_to_binary(Queue),... {B1, B2} = split_binary(Header, Data),... Example of discrepancies (5) In kernel: sock5_udp.erl

read_trailer_end(Info,Timeout,MaxHdrSz,Trailers) ->... Fields0 = regexp:split(Trailers,”\r\n"), [_Last | Fields] = lists:reverse(Fields0),... Example of discrepancies (6) In inets: httpd_request_handler.erl

handle_connection(Manager, ConfigDb, SocketType, Socket) -> case httpd_request_handler:start_link(Manager, ConfigDb) of {ok, Pid} ->... {error, Reason} ->... Example of discrepancies (7) In inets: httpd_acceptor.erl and httpd_request_handler.erl start_link(Manager, ConfigDB) ->... {ok, Pid}.

Future work Analyse starting from source code. Make a command line version for automated use. Provide annotations in edoc format based on the result from the analysis. Let the user provide more information by annotations. Allow the user to relax the 'no false warnings' guideline to find more discrepancies. Extend the analysis to check for other properties (e.g., the concurrent part of Erlang).

Conclusions Dialyzer really works: It has been applied to literally millions of lines of code in well tested, commercial projects. What others say: “Goddamn bloody excellent tool”

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.