Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dialyzer – a DIscrepancy AnaLYZer of ERlang programs Tobias Lindahl and Kostis Sagonas Dept of Information Technology Uppsala University.

Published byMarissa Thackston Modified over 9 years ago

Similar presentations

Presentation on theme: "Dialyzer – a DIscrepancy AnaLYZer of ERlang programs Tobias Lindahl and Kostis Sagonas Dept of Information Technology Uppsala University."— Presentation transcript:

1 Dialyzer – a DIscrepancy AnaLYZer of ERlang programs Tobias Lindahl and Kostis Sagonas Dept of Information Technology Uppsala University

2 What is the Dialyzer? The short answer: It is a user-friendly tool that can help you find bugs with little more effort than pressing a button. The somewhat longer answer:... will take something like half an hour

3 What does Dialyzer report? Dialyzer reports discrepancies in Erlang code Discrepancies come in different flavours: Calls to primitive operations or built-in functions that will always fail Pattern matching clauses that cannot match Guards that always will silently fail...

4 Properties of Dialyzer v1.0 1.No false warnings 2.Automatic: Dialyzer requests the user to press a button 1. No user annotations required 2. No changes to existing code or the characteristics of Erlang 3.Analysis works starting from bytecode 4.Analysis is quite fast

5 What kind of analysis is used? Intra-procedural, forward dataflow analysis using type inference. The Dialyzer: – Builds a static callgraph for intra-modular function calls. – Analyses its strongly connected components in a bottom-up fashion (using the information from already analysed functions) until fixpoint. – Builds a similar callgraph for inter-modular calls. – With the help of this callgraph, analyses all modules until fixpoint.

6 The core of the analysis: Local analysis Performed on the internal language Icode, an idealised assembly language. Icode is represented as a Control Flow Graph (CFG) and is converted to Static Single Assignment (SSA) form. Type information is available: – Explicitly in guards and pattern matching – Implicitly in calls to primops and bifs (e.g., '+'/2)

7 if is_binary(v0) truefalse v2 := mktuple(list, v1) return(v2) v3 := mktuple(tuple, v1) return(v3) v4 := mktuple(binary, v1) return(v4) if is_tuple(v0) v5 := gazonk return(v5) v1 := erlang:size(v0) if is_list(v0) falsetrue falsetrue Example test(X) -> case size(X) of N when is_list(X) -> {list, N}; N when is_tuple(X) -> {tuple, N}; N when is_binary(X) -> {binary, N}; _ -> gazonk end. size(tuple() | binary()) -> integer() v0 ::= tuple() | binary() v0 ::= any() v0 ::= tuple() | binary() v0 ::= binary() v0 ::= tuple()v0 ::= binary()

8 Dialyzer in action

9 Example of discrepancies (1) In snmp: snmp_user_based_sm_mib.erl case is_crypto_supported(sha_mac_96) of true -> ok; fasle ->...

10 remote_dirty_select(Tab, [{HeadPat,_,_}] = Spec, [Pos|Tail]) when tuple(HeadPat), size(HeadPat) > 2, Pos =... Example of discrepancies (2) In mnesia: mnesia.erl

11 case snmp_pdus:enc_scoped_pdu(ScopedPDU) of {'EXIT', Reason} ->... Example of discrepancies (3) In snmp: snmp_mpd.erl

12 case Options of {wrap, T, WrapSize, WrapCnt, WrapTime} ->... nowrap -> … end,... case Options of {wrap, _, _, _} ->... _Other ->... Example of discrepancies (4) In snmp: snmp_mpd.erl

13 merge_data(Queue, Header) -> Data = list_to_binary(Queue),... {B1, B2} = split_binary(Header, Data),... Example of discrepancies (5) In kernel: sock5_udp.erl

14 read_trailer_end(Info,Timeout,MaxHdrSz,Trailers) ->... Fields0 = regexp:split(Trailers,”\r\n"), [_Last | Fields] = lists:reverse(Fields0),... Example of discrepancies (6) In inets: httpd_request_handler.erl

15 handle_connection(Manager, ConfigDb, SocketType, Socket) -> case httpd_request_handler:start_link(Manager, ConfigDb) of {ok, Pid} ->... {error, Reason} ->... Example of discrepancies (7) In inets: httpd_acceptor.erl and httpd_request_handler.erl start_link(Manager, ConfigDB) ->... {ok, Pid}.

16 Future work Analyse starting from source code. Make a command line version for automated use. Provide annotations in edoc format based on the result from the analysis. Let the user provide more information by annotations. Allow the user to relax the 'no false warnings' guideline to find more discrepancies. Extend the analysis to check for other properties (e.g., the concurrent part of Erlang).

17 Conclusions Dialyzer really works: It has been applied to literally millions of lines of code in well tested, commercial projects. What others say: “Goddamn bloody excellent tool”

Download ppt "Dialyzer – a DIscrepancy AnaLYZer of ERlang programs Tobias Lindahl and Kostis Sagonas Dept of Information Technology Uppsala University."

Similar presentations

Chapter 2.2 – More about Ruby Maciej Mensfeld Presented by: Maciej Mensfeld More about Ruby dev.mensfeld.pl github.com/mensfeld senior.

Chapter 2.2 – More about Ruby Maciej Mensfeld Presented by: Maciej Mensfeld More about Ruby dev.mensfeld.pl github.com/mensfeld senior.
De necessariis pre condiciones consequentia sine machina P. Consobrinus, R. Consobrinus M. Aquilifer, F. Oratio.

De necessariis pre condiciones consequentia sine machina P. Consobrinus, R. Consobrinus M. Aquilifer, F. Oratio.
Exercise 1 Generics and Assignments. Language with Generics and Lots of Type Annotations Simple language with this syntax types:T ::= Int | Bool | T =>

Exercise 1 Generics and Assignments. Language with Generics and Lots of Type Annotations Simple language with this syntax types:T ::= Int | Bool | T =>
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.

Pointer Analysis – Part I Mayur Naik Intel Research, Berkeley CS294 Lecture March 17, 2009.
Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.

Data-Flow Analysis Framework Domain – What kind of solution is the analysis looking for? Ex. Variables have not yet been defined – Algorithm assigns a.
Program Representations. Representing programs Goals.

Program Representations. Representing programs Goals.
MS Excel: Interface CSE1520 Erich Leung Fall 2009 The functionality of MS Excel 2003 and Excel 2007 are similar as far as the lab assignments are concerned.

MS Excel: Interface CSE1520 Erich Leung Fall 2009 The functionality of MS Excel 2003 and Excel 2007 are similar as far as the lab assignments are concerned.
Feature requests for Case Manager By Spar Nord Bank A/S IBM Insight 2014 Spar Nord Bank A/S1.

Feature requests for Case Manager By Spar Nord Bank A/S IBM Insight 2014 Spar Nord Bank A/S1.
CIS 101: Computer Programming and Problem Solving Lecture 8 Usman Roshan Department of Computer Science NJIT.

CIS 101: Computer Programming and Problem Solving Lecture 8 Usman Roshan Department of Computer Science NJIT.
Common Sub-expression Elim Want to compute when an expression is available in a var Domain:

Common Sub-expression Elim Want to compute when an expression is available in a var Domain:
Lecture 3: Topics If-then-else Operator precedence While loops Static methods Recursion.

Lecture 3: Topics If-then-else Operator precedence While loops Static methods Recursion.
Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.

Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.
From last time: live variables Set D = 2 Vars Lattice: (D, v, ?, >, t, u ) = (2 Vars, µ, ;,Vars, [, Å ) x := y op z in out F x := y op z (out) = out –

From last time: live variables Set D = 2 Vars Lattice: (D, v, ?, >, t, u ) = (2 Vars, µ, ;,Vars, [, Å ) x := y op z in out F x := y op z (out) = out –
Chapter 15 Other Functional Languages. Copyright © 2007 Addison-Wesley. All rights reserved. Functional Languages Scheme and LISP have a simple syntax.

Chapter 15 Other Functional Languages. Copyright © 2007 Addison-Wesley. All rights reserved. Functional Languages Scheme and LISP have a simple syntax.
Lecture 19 Distributed Programming (Ch. 10) Other message-passing programming models  Channels vs mailboxes  Synchronous vs asynchronous.

Lecture 19 Distributed Programming (Ch. 10) Other message-passing programming models  Channels vs mailboxes  Synchronous vs asynchronous.
Another example p := &x; *p := 5 y := x + 1;. Another example p := &x; *p := 5 y := x + 1; x := 5; *p := 3 y := x + 1; ???

Another example p := &x; *p := 5 y := x + 1;. Another example p := &x; *p := 5 y := x + 1; x := 5; *p := 3 y := x + 1; ???
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?

Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
Direction of analysis Although constraints are not directional, flow functions are All flow functions we have seen so far are in the forward direction.

Direction of analysis Although constraints are not directional, flow functions are All flow functions we have seen so far are in the forward direction.
TCP/IP Protocol Suite 1 Chapter 11 Upon completion you will be able to: User Datagram Protocol Be able to explain process-to-process communication Know.

TCP/IP Protocol Suite 1 Chapter 11 Upon completion you will be able to: User Datagram Protocol Be able to explain process-to-process communication Know.

Similar presentations

Ads by Google