Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(Unstructured)!: don't produce meaningless data if exhausted #108

Closed
wants to merge 2 commits into from
Closed

fix(Unstructured)!: don't produce meaningless data if exhausted #108

wants to merge 2 commits into from

Conversation

Xiretza
Copy link
Contributor

@Xiretza Xiretza commented Jun 9, 2022

If the Unstructured is completely exhausted, returning a buffer completely filled with zeroes instead of indicating failure does not
make sense. It also causes issues for any users of Arbitrary implementations for integers (which are based on this method) who rely on eventually getting a nonzero result to e.g. break recursion.

Fixes #107.

Xiretza added 2 commits June 9, 2022 16:46
@Xiretza
fix(Unstructured)!: don't produce meaningless data if exhausted
a621041 
If the Unstructured is completely exhausted, returning a buffer
completely filled with zeroes instead of indicating failure does not
make sense. It also causes issues for any users of Arbitrary
implementations for integers (which are based on this method) who rely
on eventually getting a nonzero result to e.g. break recursion.
@Xiretza
tests: add test for unbounded recursion on exhaustion
7bfd684 
Because the enum variant is decided based on an integer, and integers'
Arbitrary implementations always returned 0 if the Unstructured was
exhausted, an enum with a recursing first variant would lead to
unbounded recursion.
@nagisa
Copy link
Member

nagisa commented Jun 9, 2022

Do you have any measurements of how this affects fuzzing quality? Failing to produce any data sounds like we'd end up running a huge number of test runs that fail at producing a type out of input bytes.

@Xiretza
Copy link
Contributor Author

Xiretza commented Jun 9, 2022

No, I don't have any data on this. Instinctively I would say that returning "fake" data instead of erroring may be faster in the short term, but would mean that the fuzzer takes a long time until it finds an input long enough to actually produce useful mutations.

This just seemed like the most obvious culprit for #107, though I supposed it could be worked around in other ways as well.

@fitzgen
Copy link
Member

fitzgen commented Jun 13, 2022

We intentionally chose this behavior because empirically it helped Arbitrary implementations produce better test cases / increase fuzzing throughput.

See the commit message in 1d2f653 for some more details.

@fitzgen fitzgen closed this Jun 13, 2022
@Xiretza
Copy link
Contributor Author

Xiretza commented Jun 13, 2022

Do you have a better idea for a fix for #107 then?

@jcaesar
Copy link
Contributor

jcaesar commented Jun 17, 2022

@fitzgen
Should this paragraph be deleted from the docs, then?

@fitzgen
Copy link
Member

fitzgen commented Jun 21, 2022

#113

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Stack overflow for recursive type
4 participants
@Xiretza @nagisa @fitzgen @jcaesar