fuzz: rework structural fuzzing to have explicit limits#889
Merged
Conversation
This reverts commit 444fa89.
Following advice from rust-fuzz (rust-fuzz/libfuzzer#138) I reworked the `Arbitrary` implementations used by the fuzzer to have explicit caps on size and recursion depth. Arbitrary JSONPath queries have a limit on max number of segments and selectors per segment, as well as a recursion limit for filter expressions and a more restrictive one specifically for recursive queries within filter expressions. The arbitrary JSON generator has a limit on the overall number of nodes. The `arbitrary` feature is removed from `rsonpath-syntax` and the impls are now in the library target of the fuzzer. On my machine I can run all fuzzers for an hour without exceeding the 2560 rss limit. Hopefully, this will resolve our fuzzing oom issues.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Short description
Following advice from rust-fuzz (rust-fuzz/libfuzzer#138) I reworked the
Arbitraryimplementations used by the fuzzer to have explicit caps on size and recursion depth.Arbitrary JSONPath queries have a limit on max number of segments and selectors per segment, as well as a recursion limit for filter expressions and a more restrictive one specifically for recursive queries within filter expressions.
The arbitrary JSON generator has a limit on the overall number of nodes.
The
arbitraryfeature is removed fromrsonpath-syntaxand the impls are now in the library target of the fuzzer.On my machine I can run all fuzzers for an hour without exceeding the 2560 rss limit. Hopefully, this will resolve our fuzzing oom issues.
Issue
Resolves: #749
Checklist
All of these should be ticked off before you submit the PR.
just verifylocally and it succeeded.