[Serde generate] runtimes: negative fuzzing + UTF8 validation + max container depth #61

ma2bd · 2020-09-18T03:23:59Z

Summary

Use Rust as a baseline to test that supported languages reject incorrect byte strings during LCS deserialization
Introduce a generated list of "negative" samples for this purpose. Samples are typically obtained by flipping the highest bit of a byte in a valid sample, and testing if Rust can deserialize.
In all languages, we now also mutate "positive samples" and check that they always decode to a different value (by canonicity)
The new testing approach covers exceeding input bytes, UTF8 validation, boolean decoding, map key ordering, the length limit of sequences, and the limit on container depth.
Also, fix a codegen issue in golang for containers of the form struct Foo(Option<T>)

Test Plan

CI

…to 1.0.116

…egative samples)

…f container depth limit

…on types

…es everywhere

serde-generate/runtime/golang/serde/binary_deserializer.go

…validation, add maximum container depth

…container depth

…eb decoding

ma2bd added 7 commits September 17, 2020 12:15

upgrade bincode dependency to 1.3.1

88782be

[serde generate] upgrade LCS dev-dependency to branch "auto" + serde …

7ce7f76

…to 1.0.116

[serde generate] automatic testing of deserialization (positive and n…

9f53bcc

…egative samples)

[serde generate] python: add "negative" fuzzing, fix implementation o…

1b593de

…f container depth limit

[serde generate] C++: implement maximum container depth

2ccf870

[serde generate] golang: fix newtype optimization in the case of opti…

bce5cf1

…on types

[serde generate] test cleanup (removing hex) + use new positive sampl…

fd543c3

…es everywhere

facebook-github-bot added the CLA Signed This label is managed by the Facebook bot. Authors need to sign the CLA before a PR can be reviewed. label Sep 18, 2020

ma2bd marked this pull request as ready for review September 18, 2020 03:46

ma2bd requested a review from xli September 18, 2020 03:46

xli reviewed Sep 18, 2020

View reviewed changes

serde-generate/runtime/golang/serde/binary_deserializer.go Outdated Show resolved Hide resolved

xli approved these changes Sep 18, 2020

View reviewed changes

ma2bd added 4 commits September 18, 2020 11:44

[serde generate] golang: activate negative fuzzing, add missing UTF8 …

21c30e0

…validation, add maximum container depth

[serde generate] clippy

3aca9e3

[serde generate] java: add negative fuzzing + utf-8 validation + max …

0325f18

…container depth

[serde generate] c++: add negative fuzzing + utf8 validation + fix ul…

f41368e

…eb decoding

ma2bd merged commit 9d7cfd1 into novifinancial:master Sep 19, 2020

ma2bd deleted the serdegen_testing_plus branch September 19, 2020 01:15

ma2bd mentioned this pull request Sep 19, 2020

[transaction builder generator] update serde-generate diem/diem#6111

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Serde generate] runtimes: negative fuzzing + UTF8 validation + max container depth #61

[Serde generate] runtimes: negative fuzzing + UTF8 validation + max container depth #61

ma2bd commented Sep 18, 2020 •

edited

Loading

[Serde generate] runtimes: negative fuzzing + UTF8 validation + max container depth #61

[Serde generate] runtimes: negative fuzzing + UTF8 validation + max container depth #61

Conversation

ma2bd commented Sep 18, 2020 • edited Loading

Summary

Test Plan

ma2bd commented Sep 18, 2020 •

edited

Loading