-
Notifications
You must be signed in to change notification settings - Fork 114
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial skeleton for fuzzing infrastructure #699
Conversation
This commit introduces the initial skeleton for Javy's fuzzing infrastructure. This commit focuses on the `json-differential` target, to check Javy's SIMD-based, custom `JSON.parse` and `JSON.stringify` implementations. The implementation aims to take full advantage of libfuzzer's coverage capabilities and that's the reason why it uses the native version of QuickJS instead of the Wasm version.
@@ -9,6 +9,7 @@ members = [ | |||
"crates/test-macros", | |||
"crates/config", | |||
"crates/runner", | |||
"fuzz", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is intentional. Added it outside of the crates
directory, given the infrastructure nature of this crate.
.github/workflows/check-fuzz.yml
Outdated
- uses: actions/checkout@v4 | ||
- name: Install nightly | ||
|
||
run: rustup install nightly-2024-07-07 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pinning to the most recent nightly version, and the one that I used locally for testing.
.github/workflows/check-fuzz.yml
Outdated
|
||
run: rustup install nightly-2024-07-07 | ||
- name: Install cargo fuzz | ||
run: cargo install cargo-fuzz --version=0.12.0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here.
Decided to drop clippy lints for fuzz targets in 7d94ba8. Originally I wanted to use clippy + nightly to ensure that fuzz targets are linted correctly, but I was not able to figure out a clean way to have clippy only lint the package and not its dependencies. I don't want to spend too much cycles on this, we can revisit if we think that linting the fuzz targets is crucial. See rust-lang/rust-clippy#3837 (comment) for more details. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just have the one question but it's pretty minor
id: nightly_version | ||
shell: bash | ||
run: | | ||
NIGHTLY_VERSION=$(cat pinned-nightly-version) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What was the reason for putting this and the cargo fuzz version in a file instead of using a top-level env
for both? I don't see them referenced outside this file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The reason is very subjective: I feel that's easier to update the version when it's defined at the root rather than having to modify the action itself.
This set of commits introduce the initial skeleton for Javy's fuzzing
infrastructure.
This commit focuses on the
json-differential
target, to check Javy'sSIMD-based, custom
JSON.parse
andJSON.stringify
implementations.The implementation aims to take full advantage of libfuzzer's coverage
capabilities and that's the reason why it uses the native version of
QuickJS instead of the Wasm version.
Checklist
javy-cli
andjavy-core
do not require updating CHANGELOG files.