Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[dialyzer] crash on is_function/2 with large negative arity #7181

Open
RobinMorisset opened this issue Apr 27, 2023 · 1 comment
Open

[dialyzer] crash on is_function/2 with large negative arity #7181

RobinMorisset opened this issue Apr 27, 2023 · 1 comment
Assignees
@bjorng
Labels
bug Issue is reported as a bug team:VM Assigned to OTP team VM

Comments

@RobinMorisset
Copy link
Contributor

Describe the bug
Running dialyzer on the following:

f() when is_function(ok, -9223372036854775808) ->
    ok.

results in the following error:

dialyzer: Analysis failed with error:
{function_clause,[{erl_types,t_fun,
                             [-9223372036854775808,any],
                             [{file,"erl_types.erl"},{line,988}]},
                  {dialyzer_typesig,'-get_bif_constr/4-lc$^9/1-0-',1,
                                    [{file,"dialyzer_typesig.erl"},
                                     {line,1371}]},
                  {dialyzer_typesig,'-get_bif_constr/4-fun-10-',3,
                                    [{file,"dialyzer_typesig.erl"},
                                     {line,1371}]},
                  {dialyzer_typesig,solve_one_c,2,
                                    [{file,"dialyzer_typesig.erl"},
                                     {line,2232}]},
                  {dialyzer_typesig,v2_solve,3,
                                    [{file,"dialyzer_typesig.erl"},
                                     {line,1860}]},
                  {dialyzer_typesig,v2_solve_conj,12,
                                    [{file,"dialyzer_typesig.erl"},
                                     {line,2067}]},
                  {dialyzer_typesig,v2_solve_disj,10,
                                    [{file,"dialyzer_typesig.erl"},
                                     {line,1995}]},
                  {dialyzer_typesig,v2_solve_disjunct,3,
                                    [{file,"dialyzer_typesig.erl"},
                                     {line,1958}]}]}

Affected versions
master

Additional context
Here is an alternate test case that seems to trigger the same bug:

f(_V0) ->
    (is_function(ok, 9223372036854775807) andalso _V0) bor _V0.
@RobinMorisset RobinMorisset added the bug Issue is reported as a bug label Apr 27, 2023
@bjorng bjorng added the team:VM Assigned to OTP team VM label Apr 28, 2023
@bjorng bjorng self-assigned this Apr 28, 2023
@lpgauth
Copy link
Contributor

lpgauth commented Apr 29, 2023

@RobinMorisset you like to keep the OTP team busy eh? 😉 Thanks for your work on erlfuzz!

RobinMorisset added a commit to RobinMorisset/otp that referenced this issue May 26, 2023
@RobinMorisset
[dialyzer] Tolerate is_function/2 with invalid arity
b6c7d43 
Fixes erlang#7181.

Functions in Erlang have a max arity of 255 (see
https://www.erlang.org/doc/reference_manual/typespec.html), so
`is_function(Foo, 999)` will always fail, and obviously no function can
have negative arity so `is_function(Foo, -100)` will also always fail.

This patch just teaches dialyzer to deal with such obviously wrong code
in a more graceful manner (i.e. without crashing).
@RobinMorisset RobinMorisset mentioned this issue May 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bjorng bjorng

Labels
bug Issue is reported as a bug team:VM Assigned to OTP team VM
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[dialyzer] Tolerate is_function/2 with invalid arity RobinMorisset/otp
3 participants
@lpgauth @bjorng @RobinMorisset