Metaprogramming and symbolic execution for detecting runtime errors in Erlang programs

Similar documents
Verification of Array Manipulating Programs: A Transformational Approach

Semantics-based generation of verification conditions via program specialization

Semantics-based generation of verification conditions by program specialization

Relational Verification through Horn Clause Transformation

Erlang. Types, Abstract Form & Core. Salvador Tamarit Muñoz. Universitat Politècnica de València

LFE - a lisp on the Erlang VM

A Rule-based Verification Strategy for Array Manipulating Programs

CHC-COMP Arie Gurfinkel. Philipp Ruemmer, Grigory Fedyukovich, Adrien Champion. 1 st Competition on Solving Constrained Horn Clauses

Programming Paradigms

Erlang. Functional Concurrent Distributed Soft real-time OTP (fault-tolerance, hot code update ) Open. Check the source code of generic behaviours

Reversible Computing in Concurrent Interacting Systems

Transforming Constrained Horn Clauses for Program Verification

A Language for Specifying Type Contracts in Erlang and its Interaction with Success Typings

Generation of Test Data Structures Using Constraint Logic Programming

Lecture 5: Declarative Programming. The Declarative Kernel Language Machine. September 12th, 2011

Erlang 101. Google Doc

ERLANG BITS AND PIECES

Implementation of Axiomatic Language

HANDBOOK OF LOGIC IN ARTIFICIAL INTELLIGENCE AND LOGIC PROGRAMMING

Detecting and Visualising Process Relationships in Erlang

CS 4240: Compilers and Interpreters Project Phase 1: Scanner and Parser Due Date: October 4 th 2015 (11:59 pm) (via T-square)

The SMT-LIB 2 Standard: Overview and Proposed New Theories

Introduction to Erlang. Franck Petit / Sebastien Tixeuil

UNIVERSITY OF TORONTO Faculty of Arts and Science. Midterm Sample Solutions CSC324H1 Duration: 50 minutes Instructor(s): David Liu.

Runtime Checking for Program Verification Systems

All you need is fun. Cons T Åhs Keeper of The Code

Erlang. Functional Concurrent Distributed Soft real-time OTP (fault-tolerance, hot code update ) Open. Check the source code of generic behaviours

Objectives for this class meeting. 1. Conduct review of core concepts concerning contracts and pre/post conditions

Piqi-RPC. Exposing Erlang services via JSON, XML and Google Protocol Buffers over HTTP. Friday, March 25, 2011

Range Restriction for General Formulas

Finding and Fixing Bugs in Liquid Haskell. Anish Tondwalkar

CauDEr A Causal-Consistent Debugger for Erlang

CMSC 330: Organization of Programming Languages. Operational Semantics

CS558 Programming Languages

Formally Certified Satisfiability Solving

Dynamic Types, Concurrency, Type and effect system Section and Practice Problems Apr 24 27, 2018

Chapter 9: Constraint Logic Programming

3.Constructors and Destructors. Develop cpp program to implement constructor and destructor.

A CutEr Tool. Kostis Sagonas

Type systems. Static typing

COMP520 - GoLite Type Checking Specification

On Academic Dishonesty. Declarative Computation Model. Single assignment store. Single assignment store (2) Single assignment store (3)

Principles of Programming Languages

Introduction to Programming Using Java (98-388)

CS321 Languages and Compiler Design I Winter 2012 Lecture 13

Verification of Imperative Programs by Transforming Constraint Logic Programs

4. Functional Programming Language-Oriented Programming

COS 320. Compiling Techniques

CS 11 Ocaml track: lecture 2

Programming Languages Lecture 15: Recursive Types & Subtyping

Core Erlang language specification

Database. Università degli Studi di Roma Tor Vergata. ICT and Internet Engineering. Instructor: Andrea Giglio

Begin at the beginning

CS558 Programming Languages

Using LNT Formal Descriptions for Model-Based Diagnosis

CSE507. Practical Applications of SAT. Computer-Aided Reasoning for Software. Emina Torlak

Closures. Mooly Sagiv. Michael Clarkson, Cornell CS 3110 Data Structures and Functional Programming

Tilburg University. Metacasanova di Giacomo, Francesco; Abbadi, Mohamed; Cortesi, Agostino; Spronck, Pieter; Maggiore, G.

Kafka Streams: Hands-on Session A.A. 2017/18

ffl The textual representation should be easy for humans to read and edit, in case the developer wants to check what the Erlang source looks like in C

COSC441. Lecture 8 Introduction to Erlang

CSE341: Programming Languages Lecture 17 Implementing Languages Including Closures. Dan Grossman Autumn 2018

Lecture Notes on Real-world SMT

CS321 Languages and Compiler Design I. Winter 2012 Lecture 1

A Type is a Set of Values. Here we declare n to be a variable of type int; what we mean, n can take on any value from the set of all integer values.

Cost of Substitution

Relation Overriding. Syntax and Semantics. Simple Semantic Domains. Operational Semantics

Functions, Conditionals & Predicates

THEATR An actor based language

Symbolic and Concolic Execution of Programs

Dedication. To the departed souls of my parents & father-in-law.

CSE 413 Languages & Implementation. Hal Perkins Winter 2019 Structs, Implementing Languages (credits: Dan Grossman, CSE 341)

Language to Specify Syntax-Guided Synthesis Problems

Index. object lifetimes, and ownership, use after change by an alias errors, use after drop errors, BTreeMap, 309

CS390 Principles of Concurrency and Parallelism. Lecture Notes for Lecture #5 2/2/2012. Author: Jared Hall

Large-Scale Key-Value Stores Eventual Consistency Marco Serafini

Debugger Copyright Ericsson AB. All Rights Reserved. Debugger September 24, 2018

CS558 Programming Languages

Automatic Software Verification

Implementing languages on the Erlang VM

Homework #3 CS2255 Fall 2012

Combining Static and Dynamic Contract Checking for Curry

CS 360: Programming Languages Lecture 12: More Haskell

Closures. Mooly Sagiv. Michael Clarkson, Cornell CS 3110 Data Structures and Functional Programming

Taking the Derivative

Recap. Recap. If-then-else expressions. If-then-else expressions. If-then-else expressions. If-then-else expressions

Egy Erlang Refaktor Lépés: Függvényparaméterek Összevonása Tuple-ba

arxiv: v1 [cs.pl] 22 May 2014

Integer Representation

Deductive Methods, Bounded Model Checking

Shared state model. April 3, / 29

Programming Paradigms

A Deterministic Concurrent Language for Embedded Systems

Symbolic Computation via Program Transformation

AIMMS Function Reference - Error Handling Related Identifiers

Specification of Zinc and MiniZinc. Nicholas Nethercote Kim Marriott Reza Rafeh Mark Wallace María García de la Banda Version 0.8

A Brief Introduction to Scheme (II)

Pierce Ch. 3, 8, 11, 15. Type Systems

Baby Steps Toward an Implementation of Axiomatic Language

Recap: Functions as first-class values

Transcription:

Metaprogramming and symbolic execution for detecting runtime errors in Erlang programs Emanuele De Angelis 1, Fabio Fioravanti 1, Adrián Palacios 2, Alberto Pettorossi 3 and Maurizio Proietti 4 1 University of Chieti-Pescara, Italy 2 Technical University of Valencia, Spain 3 Università di Roma Tor Vergata, Italy 4 CNR - IASI of Rome, Italy CILC 2018 Bolzano, 21 settembre 2018 Emanuele De Angelis Metaprogramming and symbolic execution for Erlang programs 1 / 14

The Erlang language Erlang is a dynamically typed functional language supporting concurrency (based on asynchronous message-passing) and hot code loading These features make it appropiate for distributed, fault-tolerant applications (Facebook, WhatsApp) + Dynamically typed languages allow rapid development Many errors are not detected until the program is run on a particular input a particular interleaving of processes is performed Emanuele De Angelis Metaprogramming and symbolic execution for Erlang programs 2 / 14

Motivation Some tools mitigate these problems Dialyzer: DIscrepancy AnaLYZer for ERlang (included in the Erlang/OTP development environment) PropEr: PROPerty-based testing tool for ERlang CutER: Concolic Unit Testing tool for ERlang Our proposal: Bounded verifier based on Constraint Logic Programming (CLP) Erlang programs automatically translated into CLP + CLP interpreter to run them using symbolic inputs Emanuele De Angelis Metaprogramming and symbolic execution for Erlang programs 3 / 14

Erlang subset We consider a first-order subset of Erlang and sequential programs A module is a set of function definitions fun (X 1,..., X n ) -> expr end The function body expr includes literals (atoms, integers, float numbers) variables, list constructors, tuples match (=), case-of and try-catch expressions function applications calls to built-in functions (BIFs) Emanuele De Angelis Metaprogramming and symbolic execution for Erlang programs 4 / 14

Example program This code compiles without warnings crashes when the input is not a list (of numbers) Our tool is able to list all potential runtime errors provide information about input types that cause them Emanuele De Angelis Metaprogramming and symbolic execution for Erlang programs 5 / 14

Bounded Verification for Erlang programs using CLP The translation from Erlang to Core Erlang simplifies the program pattern matching in case-of expressions only explicit catch-all clauses in case-of expressions function applications with variables and literals only The CLP encoding is automatically obtained from Core Erlang Emanuele De Angelis Metaprogramming and symbolic execution for Erlang programs 6 / 14

Erlang-to-CLP translation: An example fundef( lit(atom, sum list ), var( sum,1), fun([var( @c0 )], case(var( @c0 ), [ ) ). ] ) clause( [lit(list,nil)], lit(atom, true ), lit(int,0)), clause( [cons(var( H ),var( T ))], lit(atom, true ), let([var( @c1 )],apply(var( main,1),[var( T )]), call(lit(atom, erlang ),lit(atom, + ), [var( H ),var( @c1 )]))), clause( [var( @c2 )], lit(atom, true ), primop(lit(atom, match fail ), [tuple([lit(atom, case clause ),var( @c2 )])])) Emanuele De Angelis Metaprogramming and symbolic execution for Erlang programs 7 / 14

CLP interpreter The operational semantics is given in terms of a transition relation tr(bound,cf(ienv,iexp),cf(fenv,fexp)) between configurations of the form cf(environment, Expression) which defines how to get the final configuration cf(fenv,fexp) from the initial configuration cf(ienv,iexp) in Bound computation steps Emanuele De Angelis Metaprogramming and symbolic execution for Erlang programs 8 / 14

Transition rules: An example tr(bound,cf(ienv,iexp),cf(fenv,fexp)) :- IExp = apply(fname/arity,iexps), lookup error flag(ienv,false), Bound>0, Bound1 is Bound-1, fun(fname/arity,fpars,fbody), tr(bound1,cf(ienv,tuple(iexps)), cf(eenv,tuple(eexps))), bind(fpars,eexps,aenv), lookup error flag(eenv,f1), update error flag(aenv,f1,benv), tr(bound1,cf(benv,fbody),cf(cenv,fexp)), lookup error flag(cenv,f2), update error flag(eenv,f2,fenv). Emanuele De Angelis Metaprogramming and symbolic execution for Erlang programs 9 / 14

Error detection with run/4 The interpreter provides the predicate run(fname/arity,bound,in,out) whose execution evaluates the application of the function FName of arity Arity to the input arguments In in at most Bound steps. Out is the result of the function application. If an error is found, then Out is bound to a term of the form error(reason) where Reason represents the error type: match fail: evaluation of a match expression failed badarith: bad argument in an arithmetic expression Emanuele De Angelis Metaprogramming and symbolic execution for Erlang programs 10 / 14

Error detection with run/4 Bounded verification of Erlang programs can be performed by executing a query of the form?- run(fname/arity,bound,in,error(reason)). No answer: the program is error-free up to Bound 1+ answer(s): error(s) detected, each answer provides the error type (the Reason) the input that causes the error some constraints on the computation that raises the error Emanuele De Angelis Metaprogramming and symbolic execution for Erlang programs 11 / 14

Error detection with run/4: An example By executing?- run(sum/1,20,in,error(reason)). we obtain some answers (error detected) In = [cons(lit(type, V),lit(list,nil))], Reason = badarith, dif(type,int), dif(type,float) In = [L], Reason = match fail, dif(l,cons( Head, Tail)), dif(l,lit(list,nil)) Emanuele De Angelis Metaprogramming and symbolic execution for Erlang programs 12 / 14

Error detection with run/4: An example A generator for the program input(s), such as: int list(n,l) can be used to generate lists of integers L of length N L = cons(lit(int,n1),cons(lit(int,n2),...)) By using L to constrain the input of sum/1 in the query?- int list(l,100), run(sum/1,100,l,error(reason)). we get no answer, meaning that sum/1 is error-free up-to 100 Emanuele De Angelis Metaprogramming and symbolic execution for Erlang programs 13 / 14

Conclusions & Future work Bounded verifier for sequential Erlang programs: Translator from Core Erlang to CLP CLP Interpreter Extend the CLP interpreter to support higher-order functions handle concurrent programs Specialize the CLP interpreter to improve the efficiency of the verification process apply to the specialized interpreter other tools for analysis and verification (e.g., constraint-based analyzers or SMT solvers) Thanks for your attention! Emanuele De Angelis Metaprogramming and symbolic execution for Erlang programs 14 / 14

Conclusions & Future work Bounded verifier for sequential Erlang programs: Translator from Core Erlang to CLP CLP Interpreter Extend the CLP interpreter to support higher-order functions handle concurrent programs Specialize the CLP interpreter to improve the efficiency of the verification process apply to the specialized interpreter other tools for analysis and verification (e.g., constraint-based analyzers or SMT solvers) Thanks for your attention! Emanuele De Angelis Metaprogramming and symbolic execution for Erlang programs 14 / 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback