`ok bsr ok` crashes erl_eval:do_apply/7

[RobinMorisset]

Running gradualizer on the following erlang code:

f(<<_:(ok bsr ok)/bytes>>) ->
    ok.

results in the following crash:

escript: exception error: an error occurred when evaluating an arithmetic expression
  in operator  bsr/2
     called as ok bsr ok
  in call from erl_eval:do_apply/7 (erl_eval.erl, line 744)
  in call from gradualizer_bin:bin_element_view/1 (src/gradualizer_bin.erl, line 71)
  in call from gradualizer_bin:'-bin_view/1-lc$^0/1-0-'/1 (src/gradualizer_bin.erl, line 35)
  in call from gradualizer_bin:bin_view/1 (src/gradualizer_bin.erl, line 35)
  in call from gradualizer_bin:compute_type/1 (src/gradualizer_bin.erl, line 14)
  in call from typechecker:add_type_pat/3 (src/typechecker.erl, line 4949)
  in call from typechecker:add_types_pats/6 (src/typechecker.erl, line 4820)

While it is not very useful Erlang code, I would expect gradualizer to be able to run without crashing on all syntactically valid Erlang code.

[erszcz]

Thanks, @RobinMorisset, indeed it's a good point that Gradualizer should not crash in such cases. Thanks for all the raised issues 👍

[zuiderkwast]

@RobinMorisset how did you find these issues? Property based tests or something more fancy? Just curious.

[RobinMorisset]

@zuiderkwast I wrote a fuzzer for Erlang: https://github.com/WhatsApp/erlfuzz. See https://erlangforums.com/t/open-sourcing-erlfuzz/2562 for a longer introduction, and some examples of the kind of bugs it has been finding in tools like erlc. It found these 4 issues (and half a dozen more) in roughly 30s when I started running it on gradualizer yesterday (I'll try to commit the script to do so today).

[RobinMorisset]

The script has been committed: https://github.com/WhatsApp/erlfuzz/commit/1f770e43b2be1fc3db382afd871e15f1f0ff693a