-
Notifications
You must be signed in to change notification settings - Fork 96
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
direct parsing fuzzing test #1052
Conversation
An automated preview of the documentation is available at https://1052.jsondocs.prtest.cppalliance.org/libs/json/doc/html/index.html |
94e3781
to
ccb3339
Compare
An automated preview of the documentation is available at https://1052.jsondocs.prtest.cppalliance.org/libs/json/doc/html/index.html |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## develop #1052 +/- ##
========================================
Coverage 93.41% 93.41%
========================================
Files 91 91
Lines 8667 8667
========================================
Hits 8096 8096
Misses 571 571 Continue to review full report in Codecov by Sentry.
|
|
An automated preview of the documentation is available at https://1052.jsondocs.prtest.cppalliance.org/libs/json/doc/html/index.html |
|
While the idea is interesting, I am sceptical fuzzing with random strings can be effective when the parser expects a very specific structure of the input. It will probably always fail on the second ( |
According to coverage reports, it works well enough to find valid inputs, these two issues were found quite quickly. We can provide a dictionary for the fuzzer to help it a bit if we want to improve the performance. |
It may be a coincidence. This pull request mentions "detecting memory issues". The drone agent on IBM s390 crashed with out-of-memory errors. I have rebooted the server. |
It's also possible that linking the new fuzzer requires too much memory (variant parsers do do that). |
Just for an experiment: I reverted the fix for #1047 and measured the time required to find that bug. Without a dictionary and with an empty corpus (the worst scenario) it takes about 10 seconds. The reason is the fuzzer doesn't have to find a valid input with all required fields. It's enough to generate a JSON with some fields to verify parser for a specific type only. Adding corpus doesn't improve speed much. But I've added two valid JSONs to seed files, and it gives the fuzzer the ability to reach the "success" point. With this change, the fuzzer finds #1047 in less than one second. Also, I changed C++ version to C++14 to avoid potential OOM. Please let me know if it makes sense |
An automated preview of the documentation is available at https://1052.jsondocs.prtest.cppalliance.org/libs/json/doc/html/index.html |
|
fuzzing/fuzz_direct_parse.cpp
Outdated
std::tuple<std::vector<std::string>, std::vector<double>> t3; | ||
|
||
#ifndef BOOST_NO_CXX17_HDR_VARIANT | ||
std::variant<bool, std::uint64_t, std::int64_t, double, std::string> v; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please, replace with boost::variant2::variant
. It will reduce the amount of macro switching necessary.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
.github/workflows/run_fuzzer.yml
Outdated
@@ -60,6 +60,7 @@ jobs: | |||
buildtype: 'boost' | |||
path: 'head' | |||
toolset: clang-18 | |||
cxxstd: 14 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why have you reduced this from 17 to 14?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wanted to make sure this MR has a chance to be approved and avoid potential OOMs on the drone agent before (although I'm not sure if it's related to the current MR). I reverted to 17; please let me know if there are any issues with it.
An automated preview of the documentation is available at https://1052.jsondocs.prtest.cppalliance.org/libs/json/doc/html/index.html |
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Everything looks good. Can you please squsah and rebase on the current develop (if it's not already). I can also do it manually myself, but then the PR won't be considered merged by GitHub.
c24fd02
to
2fe5f18
Compare
2fe5f18
to
3f88a33
Compare
An automated preview of the documentation is available at https://1052.jsondocs.prtest.cppalliance.org/libs/json/doc/html/index.html |
1 similar comment
An automated preview of the documentation is available at https://1052.jsondocs.prtest.cppalliance.org/libs/json/doc/html/index.html |
Done |
|
Thank you for your contribution. |
Two issues were found by the new fuzzing target: #1047 and #1048
I think detecting memory issues in case of new changes or refactoring might be useful.
I'm not sure about code formatting for the project, I will appreciate your feedback.