Robin Morisset

WhatsApp's Compiler, Types, and Tooling Team

Robin Morisset did his PhD on the interaction between compiler optimizations and the C++ memory model. This included some work fuzzing GCC to find optimisations that are right for a single-threaded program but wrong for a multi-threaded one. Afterwards he worked for 4 years at Apple in the JavaScriptCore team, which is responsible for the JITs at the heart of Safari. During that time he observed the unreasonable effectiveness of having a fuzzer as part of a compiler’s CI. He’s been working at WhatsApp for a year on a team dedicated to the Erlang ecosystem, and one of his first contributions is erlfuzz which is the topic of his talk at Code BEAM.

Fuzzing the Erlang Ecosystem

Erlfuzz is a recently open-sourced tool that produces random valid Erlang programs, used to test erlc, the BEAM VM, and a variety of other tools (dialyzer, eqWAlizer, erlfmt, infer, etc..). It has found more than 80 bugs to date, including more than 60 bugs in erlc. In this talk I’ll explain how erlfuzz works, what tricks were used to detect subtle VM bugs, and how to use it for any tool you may want to test. I’ll also mention some of the dark corners of the language that it revealed, mostly around the Erlang scoping rules.

Key Takeaways:

  • Fuzzing is a very generic bug-finding technique that can be used to find many kinds of bugs in most tools.
  • Various important points to make fuzzing work in practice, e.g. having a good test case minimizer, avoiding trivially invalid inputs, finding good correctness oracles.
  • Erlang scoping rules are weird and inconsistent, but they are now documented.

Target Audience:

  • people interested in fuzzing tricks and bug-finding techniques in general
  • people who work on any tool ingesting Erlang code
  • people who are simply curious about dark corners of the language, such as its scoping rules.