From 297a56a4e46aa1dbcef3c7521d12b2e39ba63072 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 09:40:07 -0400 Subject: [PATCH 01/18] Initial fuzzing skeleton This commit introduces the initial skeleton for Javy's fuzzing infrastructure. This commit focuses on the `json-differential` target, to check Javy's SIMD-based, custom `JSON.parse` and `JSON.stringify` implementations. The implementation aims to take full advantage of libfuzzer's coverage capabilities and that's the reason why it uses the native version of QuickJS instead of the Wasm version. --- Cargo.lock | 606 +++++++++---------------- Cargo.toml | 1 + crates/core/src/runtime.rs | 4 +- fuzz/.gitignore | 4 + fuzz/Cargo.toml | 22 + fuzz/fuzz_targets/json.js | 1 + fuzz/fuzz_targets/json_differential.rs | 82 ++++ supply-chain/config.toml | 86 ++-- supply-chain/imports.lock | 403 ++++++---------- 9 files changed, 494 insertions(+), 715 deletions(-) create mode 100644 fuzz/.gitignore create mode 100644 fuzz/Cargo.toml create mode 100644 fuzz/fuzz_targets/json.js create mode 100644 fuzz/fuzz_targets/json_differential.rs diff --git a/Cargo.lock b/Cargo.lock index 69db41ac..bce5c1bd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -160,6 +160,16 @@ version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7d5a26814d8dcb93b0e5a0ff3c6d80a8843bafb21b39e8e18a6f05471870e110" +[[package]] +name = "arbitrary-json" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08117a235f4bfba33f065e5f6941838fa9f77436c1823fca9c93c9b4a34a40e0" +dependencies = [ + "arbitrary", + "serde_json", +] + [[package]] name = "arrayvec" version = "0.7.4" @@ -175,18 +185,18 @@ dependencies = [ "proc-macro2", "quote", "swc_macros_common", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] name = "async-trait" -version = "0.1.80" +version = "0.1.81" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c6fa2087f2753a7da8cc1c0dbfcf89579dd57458e36769de5ac750b4671737ca" +checksum = "6e0c28dcc82d7c8ead5cb13beb15405b57b8546e93215673ff8ca0349a028107" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -197,16 +207,16 @@ checksum = "0c4b4d0bd25bd0b74681c0ad21497610ce1b7c91b1022cd21c80c6fbdd9476b0" [[package]] name = "backtrace" -version = "0.3.72" +version = "0.3.73" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "17c6a35df3749d2e8bb1b7b21a976d82b15548788d2735b9d82f329268f71a11" +checksum = "5cc23269a4f8976d0a4d2e7109211a419fe30e8d88d677cd60b6bc79c5732e0a" dependencies = [ "addr2line 0.22.0", "cc", "cfg-if", "libc", "miniz_oxide", - "object 0.35.0", + "object 0.36.1", "rustc-demangle", ] @@ -262,7 +272,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.68", + "syn 2.0.70", "which", ] @@ -343,9 +353,9 @@ dependencies = [ [[package]] name = "cap-fs-ext" -version = "3.1.0" +version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fc2d2954524be4866aaa720f008fba9995de54784957a1b0e0119992d6d5e52" +checksum = "eb23061fc1c4ead4e45ca713080fe768e6234e959f5a5c399c39eb41aa34e56e" dependencies = [ "cap-primitives", "cap-std", @@ -355,9 +365,9 @@ dependencies = [ [[package]] name = "cap-net-ext" -version = "3.1.0" +version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "799c81d79ea9c71a1438efd417c788214bc9e7986046d3710b6bbe60da4d8275" +checksum = "f83ae11f116bcbafc5327c6af250341db96b5930046732e1905f7dc65887e0e1" dependencies = [ "cap-primitives", "cap-std", @@ -367,9 +377,9 @@ dependencies = [ [[package]] name = "cap-primitives" -version = "3.1.0" +version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "00172660727e2d7f808e7cc2bfffd093fdb3ea2ff2ef819289418a3c3ffab5ac" +checksum = "6d00bd8d26c4270d950eaaa837387964a2089a1c3c349a690a1fa03221d29531" dependencies = [ "ambient-authority", "fs-set-times", @@ -384,9 +394,9 @@ dependencies = [ [[package]] name = "cap-rand" -version = "3.1.0" +version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "270f1d341a2afc62604f8f688bee4e444d052b7a74c1458dd3aa7efb47d4077f" +checksum = "dbcb16a619d8b8211ed61f42bd290d2a1ac71277a69cf8417ec0996fa92f5211" dependencies = [ "ambient-authority", "rand", @@ -394,9 +404,9 @@ dependencies = [ [[package]] name = "cap-std" -version = "3.1.0" +version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8cd9187bb3f7478a4c135ea10473a41a5f029d2ac800c1adf64f35ec7d4c8603" +checksum = "19eb8e3d71996828751c1ed3908a439639752ac6bdc874e41469ef7fc15fbd7f" dependencies = [ "cap-primitives", "io-extras", @@ -406,9 +416,9 @@ dependencies = [ [[package]] name = "cap-time-ext" -version = "3.1.0" +version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91666f31e30c85b1d2ee8432c90987f752c45f5821f5638027b41e73e16a395b" +checksum = "61142dc51e25b7acc970ca578ce2c3695eac22bbba46c1073f5f583e78957725" dependencies = [ "ambient-authority", "cap-primitives", @@ -449,9 +459,9 @@ checksum = "37b2a672a2cb129a2e41c10b1224bb368f9f37a2b16b612598138befd7b37eb5" [[package]] name = "cc" -version = "1.0.104" +version = "1.0.106" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74b6a57f98764a267ff415d50a25e6e166f3831a5071af4995296ea97d210490" +checksum = "066fce287b1d4eafef758e89e09d724a24808a9196fe9756b8ca90e86d0719a2" dependencies = [ "jobserver", "libc", @@ -542,7 +552,7 @@ dependencies = [ "heck 0.5.0", "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -807,9 +817,9 @@ dependencies = [ [[package]] name = "cxx" -version = "1.0.123" +version = "1.0.124" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8194f089b6da4751d6c1da1ef37c17255df51f9346cdb160f8b096562ae4a85c" +checksum = "273dcfd3acd4e1e276af13ed2a43eea7001318823e7a726a6b3ed39b4acc0b82" dependencies = [ "cc", "cxxbridge-flags", @@ -819,9 +829,9 @@ dependencies = [ [[package]] name = "cxx-build" -version = "1.0.123" +version = "1.0.124" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e8df9a089caae66634d754672d5f909395f30f38af6ff19366980d8a8b57501" +checksum = "d8b2766fbd92be34e9ed143898fce6c572dc009de39506ed6903e5a05b68914e" dependencies = [ "cc", "codespan-reporting", @@ -829,24 +839,24 @@ dependencies = [ "proc-macro2", "quote", "scratch", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] name = "cxxbridge-flags" -version = "1.0.123" +version = "1.0.124" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25290be4751803672a70b98c68b51c1e7d0a640ab5a4377f240f9d2e70054cd1" +checksum = "839fcd5e43464614ffaa989eaf1c139ef1f0c51672a1ed08023307fa1b909ccd" [[package]] name = "cxxbridge-macro" -version = "1.0.123" +version = "1.0.124" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b8cb317cb13604b4752416783bb25070381c36e844743e4146b7f8e55de7d140" +checksum = "4b2c1c1776b986979be68bb2285da855f8d8a35851a769fca8740df7c3d07877" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -916,22 +926,11 @@ dependencies = [ "winapi", ] -[[package]] -name = "displaydoc" -version = "0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.68", -] - [[package]] name = "either" -version = "1.12.0" +version = "1.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3dca9240753cf90908d7e4aac30f630662b02aebaa1b58a3cadabdb23385b58b" +checksum = "60b1af1c220855b6ceac025d3f6ecdd2b7c4894bfe9cd9bda4fbb4bc7c0d4cf0" [[package]] name = "encoding_rs" @@ -1044,7 +1043,7 @@ checksum = "fdc9cc75639b041067353b9bce2450d6847e547276c6fbe4487d7407980e07db" dependencies = [ "proc-macro2", "swc_macros_common", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -1336,9 +1335,9 @@ dependencies = [ [[package]] name = "httparse" -version = "1.9.2" +version = "1.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9f3935c160d00ac752e09787e6e6bfc26494c2183cc922f1bc678a60d4733bc2" +checksum = "0fcc0b4a115bf80b728eb8ea024ad5bd707b615bfed49e0665b6e0f86fd082d9" [[package]] name = "hyper" @@ -1418,124 +1417,6 @@ dependencies = [ "cc", ] -[[package]] -name = "icu_collections" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db2fa452206ebee18c4b5c2274dbf1de17008e874b4dc4f0aea9d01ca79e4526" -dependencies = [ - "displaydoc", - "yoke", - "zerofrom", - "zerovec", -] - -[[package]] -name = "icu_locid" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13acbb8371917fc971be86fc8057c41a64b521c184808a698c02acc242dbf637" -dependencies = [ - "displaydoc", - "litemap", - "tinystr", - "writeable", - "zerovec", -] - -[[package]] -name = "icu_locid_transform" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01d11ac35de8e40fdeda00d9e1e9d92525f3f9d887cdd7aa81d727596788b54e" -dependencies = [ - "displaydoc", - "icu_locid", - "icu_locid_transform_data", - "icu_provider", - "tinystr", - "zerovec", -] - -[[package]] -name = "icu_locid_transform_data" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fdc8ff3388f852bede6b579ad4e978ab004f139284d7b28715f773507b946f6e" - -[[package]] -name = "icu_normalizer" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "19ce3e0da2ec68599d193c93d088142efd7f9c5d6fc9b803774855747dc6a84f" -dependencies = [ - "displaydoc", - "icu_collections", - "icu_normalizer_data", - "icu_properties", - "icu_provider", - "smallvec", - "utf16_iter", - "utf8_iter", - "write16", - "zerovec", -] - -[[package]] -name = "icu_normalizer_data" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8cafbf7aa791e9b22bec55a167906f9e1215fd475cd22adfcf660e03e989516" - -[[package]] -name = "icu_properties" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f8ac670d7422d7f76b32e17a5db556510825b29ec9154f235977c9caba61036" -dependencies = [ - "displaydoc", - "icu_collections", - "icu_locid_transform", - "icu_properties_data", - "icu_provider", - "tinystr", - "zerovec", -] - -[[package]] -name = "icu_properties_data" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67a8effbc3dd3e4ba1afa8ad918d5684b8868b3b26500753effea8d2eed19569" - -[[package]] -name = "icu_provider" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6ed421c8a8ef78d3e2dbc98a973be2f3770cb42b606e3ab18d6237c4dfde68d9" -dependencies = [ - "displaydoc", - "icu_locid", - "icu_provider_macros", - "stable_deref_trait", - "tinystr", - "writeable", - "yoke", - "zerofrom", - "zerovec", -] - -[[package]] -name = "icu_provider_macros" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ec89e9337638ecdc08744df490b221a7399bf8d164eb52a665454e60e075ad6" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.68", -] - [[package]] name = "id-arena" version = "2.2.1" @@ -1550,14 +1431,12 @@ checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" [[package]] name = "idna" -version = "1.0.0" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4716a3a0933a1d01c2f72450e89596eb51dd34ef3c211ccd875acdf1f8fe47ed" +checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6" dependencies = [ - "icu_normalizer", - "icu_properties", - "smallvec", - "utf8_iter", + "unicode-bidi", + "unicode-normalization", ] [[package]] @@ -1618,7 +1497,7 @@ dependencies = [ "Inflector", "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -1750,6 +1629,17 @@ dependencies = [ "once_cell", ] +[[package]] +name = "javy-fuzz" +version = "0.0.0" +dependencies = [ + "anyhow", + "arbitrary-json", + "javy", + "libfuzzer-sys", + "serde_json", +] + [[package]] name = "javy-runner" version = "3.0.1" @@ -1769,7 +1659,7 @@ dependencies = [ "anyhow", "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -1878,14 +1768,25 @@ version = "0.2.155" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "97b3888a4aecf77e811145cadf6eef5901f4782c53886191b2f693f24761847c" +[[package]] +name = "libfuzzer-sys" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a96cfd5557eb82f2b83fed4955246c988d331975a002961b07c81584d107e7f7" +dependencies = [ + "arbitrary", + "cc", + "once_cell", +] + [[package]] name = "libloading" -version = "0.8.3" +version = "0.8.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c2a198fb6b0eada2a8df47933734e6d35d350665a33a3593d7164fa52c75c19" +checksum = "e310b3a6b5907f99202fcdb4960ff45b93735d7c7d96b760fcff8db2dc0e103d" dependencies = [ "cfg-if", - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -1913,17 +1814,11 @@ version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" -[[package]] -name = "litemap" -version = "0.7.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "643cb0b8d4fcc284004d5fd0d67ccf61dfffadb7f75e1e71bc420f4688a3a704" - [[package]] name = "log" -version = "0.4.21" +version = "0.4.22" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" +checksum = "a7a70ba024b9dc04c27ea2f0c0548feb474ec5c54bba33a7f72f873a39d07b24" [[package]] name = "mach" @@ -1942,9 +1837,9 @@ checksum = "4facc753ae494aeb6e3c22f839b158aebd4f9270f55cd3c79906c45476c47ab4" [[package]] name = "memchr" -version = "2.7.2" +version = "2.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c8640c5d730cb13ebd907d8d04b52f55ac9a2eec55b440c8892f40d56c76c1d" +checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" [[package]] name = "memfd" @@ -1972,9 +1867,9 @@ checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" [[package]] name = "miniz_oxide" -version = "0.7.3" +version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87dfd01fe195c66b572b37921ad8803d010623c0aca821bea2302239d155cdae" +checksum = "b8a240ddb74feaf34a79a7add65a741f3167852fba007066dcac1ca548d89c08" dependencies = [ "adler", ] @@ -2025,9 +1920,9 @@ dependencies = [ [[package]] name = "num-bigint" -version = "0.4.5" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c165a9ab64cf766f73521c0dd2cfdff64f488b8f0b3e621face3462d3db536d7" +checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9" dependencies = [ "num-integer", "num-traits", @@ -2086,9 +1981,9 @@ dependencies = [ [[package]] name = "object" -version = "0.35.0" +version = "0.36.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b8ec7ab813848ba4522158d5517a6093db1ded27575b070f4177b8d12b41db5e" +checksum = "081b846d1d56ddfc18fdf1a922e4f6e07a11768ea1b92dec44e42b72712ccfce" dependencies = [ "memchr", ] @@ -2101,9 +1996,9 @@ checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "oorandom" -version = "11.1.3" +version = "11.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" +checksum = "b410bbe7e14ab526a0e86877eb47c6996a2bd7746f027ba551028c925390e4e9" [[package]] name = "openssl" @@ -2128,7 +2023,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -2197,7 +2092,7 @@ dependencies = [ "phf_shared", "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -2226,7 +2121,7 @@ checksum = "2f38a4412a78282e09a2cf38d195ea5420d15ba0602cb375210efbc877243965" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -2288,7 +2183,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5f12335488a2f3b0a83b14edad48dca9879ce89b2edd10e80237e4e852dd645e" dependencies = [ "proc-macro2", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -2474,7 +2369,7 @@ checksum = "bcc303e793d3734489387d205e9b186fac9c6cfacedd98cbb2e8a5943595f3e6" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -2582,7 +2477,7 @@ dependencies = [ "proc-macro2", "quote", "rquickjs-core", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -2728,9 +2623,9 @@ checksum = "388a1df253eca08550bef6c72392cfe7c30914bf41df5269b68cbd6ff8f570a3" [[package]] name = "serde" -version = "1.0.203" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7253ab4de971e72fb7be983802300c30b5a7f0c2e56fab8abfc6a214307c0094" +checksum = "bc76f558e0cbb2a839d37354c575f1dc3fdc6546b5be373ba43d95f231bf7c12" dependencies = [ "serde_derive", ] @@ -2755,13 +2650,13 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.203" +version = "1.0.204" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "500cbc0ebeb6f46627f50f3f5811ccf6bf00643be300b4c3eabc0ef55dc5b5ba" +checksum = "e0cd7e117be63d3c3678776753929474f3b04a43a080c744d6b0ae2a8c28e222" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -2939,7 +2834,7 @@ dependencies = [ "proc-macro2", "quote", "swc_macros_common", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -2981,9 +2876,9 @@ dependencies = [ [[package]] name = "swc_common" -version = "0.34.3" +version = "0.34.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b0d7bcbd9faf61cec1a552cbdaec57faefbb10be7cc5f959613c6f91b5a9254" +checksum = "9087befec6b63911f9d2f239e4f91c9b21589c169b86ed2d616944d23cf4a243" dependencies = [ "ast_node", "better_scoped_tls", @@ -3007,9 +2902,9 @@ dependencies = [ [[package]] name = "swc_core" -version = "0.96.0" +version = "0.96.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "397aa4b60ac7eed394d0c1f9634ff0cf9dd5841bf1cd4ed2ef7f45955a40cb99" +checksum = "de60918c09a10e55b659b4e70029d283da815e3107b22f79ec9fac280d4d8843" dependencies = [ "swc_atoms", "swc_common", @@ -3038,12 +2933,11 @@ dependencies = [ [[package]] name = "swc_ecma_parser" -version = "0.146.7" +version = "0.146.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "417d95a184c1872bc4e4db82c721c20c38bdf01214a65ee512c37b9985b78c01" +checksum = "0a4e0c2e85f12c63b85c805e923079b04d1fb3e25edd069d638eed5f2098de74" dependencies = [ "either", - "memchr", "new_debug_unreachable", "num-bigint", "num-traits", @@ -3061,9 +2955,9 @@ dependencies = [ [[package]] name = "swc_ecma_transforms_base" -version = "0.140.1" +version = "0.140.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4341c6272c4feaaf22cc8104f65ebcadac8ad2098dfacb6eb62e8c053698a40d" +checksum = "d37dc505c92af56d0f77cf6f31a6ccd37ac40cad1e01ff77277e0b1c70e8f8ff" dependencies = [ "better_scoped_tls", "bitflags", @@ -3084,9 +2978,9 @@ dependencies = [ [[package]] name = "swc_ecma_utils" -version = "0.130.1" +version = "0.130.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ca6a7f430bd83e14f3bf39f01e25806a5c403af73ff2cf94b647132594ddd63c" +checksum = "13e62b199454a576c5fdbd7e1bef8ab88a395427456d8a713d994b7d469833aa" dependencies = [ "indexmap 2.2.6", "num_cpus", @@ -3123,7 +3017,7 @@ checksum = "695a1d8b461033d32429b5befbf0ad4d7a2c4d6ba9cd5ba4e0645c615839e8e4" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -3134,7 +3028,7 @@ checksum = "91745f3561057493d2da768437c427c0e979dff7396507ae02f16c981c4a8466" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -3157,7 +3051,7 @@ dependencies = [ "proc-macro2", "quote", "swc_macros_common", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -3173,26 +3067,15 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.68" +version = "2.0.70" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "901fa70d88b9d6c98022e23b4136f9f3e54e4662c3bc1bd1d84a42a9a0f0c1e9" +checksum = "2f0209b68b3613b093e0ec905354eccaedcfe83b8cb37cbdeae64026c3064c16" dependencies = [ "proc-macro2", "quote", "unicode-ident", ] -[[package]] -name = "synstructure" -version = "0.13.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8af7666ab7b6390ab78131fb5b0fce11d6b7a6951602017c35fa82800708971" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.68", -] - [[package]] name = "system-interface" version = "0.27.2" @@ -3217,9 +3100,9 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" [[package]] name = "target-lexicon" -version = "0.12.14" +version = "0.12.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e1fc403891a21bcfb7c37834ba66a547a8f402146eba7265b5a6d88059c9ff2f" +checksum = "4873307b7c257eddcb50c9bedf158eb669578359fb28428bef438fec8e6ba7c2" [[package]] name = "tempfile" @@ -3259,17 +3142,7 @@ checksum = "46c3384250002a6d5af4d114f2845d37b57521033f30d5c3f46c4d70e1197533" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", -] - -[[package]] -name = "tinystr" -version = "0.7.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9117f5d4db391c1cf6927e7bea3db74b9a1c1add8f7eda9ffd5364f40f57b82f" -dependencies = [ - "displaydoc", - "zerovec", + "syn 2.0.70", ] [[package]] @@ -3282,6 +3155,21 @@ dependencies = [ "serde_json", ] +[[package]] +name = "tinyvec" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "445e881f4f6d382d5f27c034e25eb92edd7c784ceab92a0937db7f2e9471b938" +dependencies = [ + "tinyvec_macros", +] + +[[package]] +name = "tinyvec_macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" + [[package]] name = "tokio" version = "1.38.0" @@ -3307,7 +3195,7 @@ checksum = "5f5ae998a069d4b5aba8ee9dad856af7d520c3699e6159b185c2acd48155d39a" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -3412,7 +3300,7 @@ checksum = "34704c8d6ebcbc939824180af020566b01a7c01f80641264eba0999f6c2b6be7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -3426,9 +3314,9 @@ dependencies = [ [[package]] name = "triomphe" -version = "0.1.12" +version = "0.1.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1b2cb4fbb9995eeb36ac86fadf24031ccd58f99d6b4b2d7b911db70bddb80d90" +checksum = "e6631e42e10b40c0690bf92f404ebcfe6e1fdb480391d15f17cc8e96eeed5369" dependencies = [ "serde", "stable_deref_trait", @@ -3452,6 +3340,12 @@ version = "1.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" +[[package]] +name = "unicode-bidi" +version = "0.3.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08f95100a766bf4f8f28f90d77e0a5461bbdb219042e7679bebe79004fed8d75" + [[package]] name = "unicode-id" version = "0.3.4" @@ -3470,6 +3364,15 @@ version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +[[package]] +name = "unicode-normalization" +version = "0.1.23" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a56d1686db2308d901306f92a263857ef59ea39678a5458e7cb17f01415101f5" +dependencies = [ + "tinyvec", +] + [[package]] name = "unicode-segmentation" version = "1.11.0" @@ -3490,27 +3393,15 @@ checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" [[package]] name = "url" -version = "2.5.1" +version = "2.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f7c25da092f0a868cdf09e8674cd3b7ef3a7d92a24253e663a2fb85e2496de56" +checksum = "22784dbdf76fdde8af1aeda5622b546b422b6fc585325248a2bf9f5e41e94d6c" dependencies = [ "form_urlencoded", "idna", "percent-encoding", ] -[[package]] -name = "utf16_iter" -version = "1.0.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c8232dd3cdaed5356e0f716d285e4b40b932ac434100fe9b7e0e8e935b9e6246" - -[[package]] -name = "utf8_iter" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be" - [[package]] name = "utf8parse" version = "0.2.2" @@ -3662,7 +3553,7 @@ dependencies = [ "once_cell", "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", "wasm-bindgen-shared", ] @@ -3684,7 +3575,7 @@ checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -3724,9 +3615,9 @@ dependencies = [ [[package]] name = "wasm-encoder" -version = "0.210.0" +version = "0.212.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7e3764d9d6edabd8c9e16195e177be0d20f6ab942ad18af52860f12f82bc59a" +checksum = "501940df4418b8929eb6d52f1aade1fdd15a5b86c92453cb696e3c906bd3fc33" dependencies = [ "leb128", ] @@ -3918,7 +3809,7 @@ dependencies = [ "anyhow", "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", "wasmtime-component-util", "wasmtime-wit-bindgen", "wit-parser 0.201.0", @@ -4092,7 +3983,7 @@ checksum = "ffaafa5c12355b1a9ee068e9295d50c4ca0a400c721950cdae4f5b54391a2da5" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] @@ -4172,24 +4063,24 @@ dependencies = [ [[package]] name = "wast" -version = "210.0.0" +version = "212.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa835c59bd615e00f16be65705d85517d40b44b3c831d724e450244685176c3c" +checksum = "4606a05fb0aae5d11dd7d8280a640d88a63ee019360ba9be552da3d294b8d1f5" dependencies = [ "bumpalo", "leb128", "memchr", "unicode-width", - "wasm-encoder 0.210.0", + "wasm-encoder 0.212.0", ] [[package]] name = "wat" -version = "1.210.0" +version = "1.212.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "67faece8487996430c6812be7f8776dc563ca0efcd3db77f8839070480c0d1a6" +checksum = "c74ca7f93f11a5d6eed8499f2a8daaad6e225cab0151bc25a091fff3b987532f" dependencies = [ - "wast 210.0.0", + "wast 212.0.0", ] [[package]] @@ -4240,7 +4131,7 @@ dependencies = [ "proc-macro2", "quote", "shellexpand", - "syn 2.0.68", + "syn 2.0.70", "witx", ] @@ -4252,7 +4143,7 @@ checksum = "acdb12de36507498abaa3a042f895a43ee00a2f6125b6901b9a27edf72bfdbe7" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", + "syn 2.0.70", "wiggle-generate", ] @@ -4309,7 +4200,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33ab640c8d7e35bf8ba19b884ba838ceb4fba93a4e8c65a9059d08afcfc683d9" dependencies = [ - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -4327,7 +4218,7 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" dependencies = [ - "windows-targets 0.52.5", + "windows-targets 0.52.6", ] [[package]] @@ -4347,18 +4238,18 @@ dependencies = [ [[package]] name = "windows-targets" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f0713a46559409d202e70e28227288446bf7841d3211583a4b53e3f6d96e7eb" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" dependencies = [ - "windows_aarch64_gnullvm 0.52.5", - "windows_aarch64_msvc 0.52.5", - "windows_i686_gnu 0.52.5", + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", "windows_i686_gnullvm", - "windows_i686_msvc 0.52.5", - "windows_x86_64_gnu 0.52.5", - "windows_x86_64_gnullvm 0.52.5", - "windows_x86_64_msvc 0.52.5", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", ] [[package]] @@ -4369,9 +4260,9 @@ checksum = "2b38e32f0abccf9987a4e3079dfb67dcd799fb61361e53e2882c3cbaf0d905d8" [[package]] name = "windows_aarch64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7088eed71e8b8dda258ecc8bac5fb1153c5cffaf2578fc8ff5d61e23578d3263" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" [[package]] name = "windows_aarch64_msvc" @@ -4381,9 +4272,9 @@ checksum = "dc35310971f3b2dbbf3f0690a219f40e2d9afcf64f9ab7cc1be722937c26b4bc" [[package]] name = "windows_aarch64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9985fd1504e250c615ca5f281c3f7a6da76213ebd5ccc9561496568a2752afb6" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" [[package]] name = "windows_i686_gnu" @@ -4393,15 +4284,15 @@ checksum = "a75915e7def60c94dcef72200b9a8e58e5091744960da64ec734a6c6e9b3743e" [[package]] name = "windows_i686_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "88ba073cf16d5372720ec942a8ccbf61626074c6d4dd2e745299726ce8b89670" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" [[package]] name = "windows_i686_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "87f4261229030a858f36b459e748ae97545d6f1ec60e5e0d6a3d32e0dc232ee9" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" [[package]] name = "windows_i686_msvc" @@ -4411,9 +4302,9 @@ checksum = "8f55c233f70c4b27f66c523580f78f1004e8b5a8b659e05a4eb49d4166cca406" [[package]] name = "windows_i686_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "db3c2bf3d13d5b658be73463284eaf12830ac9a26a90c717b7f771dfe97487bf" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" [[package]] name = "windows_x86_64_gnu" @@ -4423,9 +4314,9 @@ checksum = "53d40abd2583d23e4718fddf1ebec84dbff8381c07cae67ff7768bbf19c6718e" [[package]] name = "windows_x86_64_gnu" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e4246f76bdeff09eb48875a0fd3e2af6aada79d409d33011886d3e1581517d9" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" [[package]] name = "windows_x86_64_gnullvm" @@ -4435,9 +4326,9 @@ checksum = "0b7b52767868a23d5bab768e390dc5f5c55825b6d30b86c844ff2dc7414044cc" [[package]] name = "windows_x86_64_gnullvm" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "852298e482cd67c356ddd9570386e2862b5673c85bd5f88df9ab6802b334c596" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" [[package]] name = "windows_x86_64_msvc" @@ -4447,9 +4338,9 @@ checksum = "ed94fce61571a4006852b7389a063ab983c02eb1bb37b47f8272ce92d06d9538" [[package]] name = "windows_x86_64_msvc" -version = "0.52.5" +version = "0.52.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bec47e5bfd1bff0eeaf6d8b485cc1074891a197ab4225d504cb7a1ab88b02bf0" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" [[package]] name = "winnow" @@ -4543,18 +4434,6 @@ dependencies = [ "wasmtime", ] -[[package]] -name = "write16" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d1890f4022759daae28ed4fe62859b1236caebfc61ede2f63ed4e695f3f6d936" - -[[package]] -name = "writeable" -version = "0.5.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1e9df38ee2d2c3c5948ea468a8406ff0db0b29ae1ffde1bcf20ef305bcc95c51" - [[package]] name = "wyz" version = "0.5.1" @@ -4564,116 +4443,49 @@ dependencies = [ "tap", ] -[[package]] -name = "yoke" -version = "0.7.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6c5b1314b079b0930c31e3af543d8ee1757b1951ae1e1565ec704403a7240ca5" -dependencies = [ - "serde", - "stable_deref_trait", - "yoke-derive", - "zerofrom", -] - -[[package]] -name = "yoke-derive" -version = "0.7.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28cc31741b18cb6f1d5ff12f5b7523e3d6eb0852bbbad19d73905511d9849b95" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.68", - "synstructure", -] - [[package]] name = "zerocopy" -version = "0.7.34" +version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae87e3fcd617500e5d106f0380cf7b77f3c6092aae37191433159dda23cfb087" +checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" dependencies = [ "zerocopy-derive", ] [[package]] name = "zerocopy-derive" -version = "0.7.34" +version = "0.7.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "15e934569e47891f7d9411f1a451d947a60e000ab3bd24fbb970f000387d1b3b" +checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.68", -] - -[[package]] -name = "zerofrom" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91ec111ce797d0e0784a1116d0ddcdbea84322cd79e5d5ad173daeba4f93ab55" -dependencies = [ - "zerofrom-derive", -] - -[[package]] -name = "zerofrom-derive" -version = "0.1.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0ea7b4a3637ea8669cedf0f1fd5c286a17f3de97b8dd5a70a6c167a1730e63a5" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.68", - "synstructure", -] - -[[package]] -name = "zerovec" -version = "0.10.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "aa2b893d79df23bfb12d5461018d408ea19dfafe76c2c7ef6d4eba614f8ff079" -dependencies = [ - "yoke", - "zerofrom", - "zerovec-derive", -] - -[[package]] -name = "zerovec-derive" -version = "0.10.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97cf56601ee5052b4417d90c8755c6683473c926039908196cf35d99f893ebe7" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.68", + "syn 2.0.70", ] [[package]] name = "zstd" -version = "0.13.1" +version = "0.13.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2d789b1514203a1120ad2429eae43a7bd32b90976a7bb8a05f7ec02fa88cc23a" +checksum = "fcf2b778a664581e31e389454a7072dab1647606d44f7feea22cd5abb9c9f3f9" dependencies = [ "zstd-safe", ] [[package]] name = "zstd-safe" -version = "7.1.0" +version = "7.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1cd99b45c6bc03a018c8b8a86025678c87e55526064e38f9df301989dce7ec0a" +checksum = "fa556e971e7b568dc775c136fc9de8c779b1c2fc3a63defaafadffdbd3181afa" dependencies = [ "zstd-sys", ] [[package]] name = "zstd-sys" -version = "2.0.10+zstd.1.5.6" +version = "2.0.12+zstd.1.5.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c253a4914af5bafc8fa8c86ee400827e83cf6ec01195ec1f1ed8441bf00d65aa" +checksum = "0a4e40c320c3cb459d9a9ff6de98cff88f4751ee9275d140e2be94a2b74e4c13" dependencies = [ "cc", "pkg-config", diff --git a/Cargo.toml b/Cargo.toml index d4cefa73..dabd4d33 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -9,6 +9,7 @@ members = [ "crates/test-macros", "crates/config", "crates/runner", + "fuzz", ] resolver = "2" diff --git a/crates/core/src/runtime.rs b/crates/core/src/runtime.rs index b973bd7b..3bd4a8a8 100644 --- a/crates/core/src/runtime.rs +++ b/crates/core/src/runtime.rs @@ -11,8 +11,8 @@ pub(crate) fn new(shared_config: SharedConfig) -> Result { // Due to an issue with our custom serializer and property accesses // we're disabling this temporarily. It will be enabled once we have a // fix forward. - .override_json_parse_and_stringify(false) - .javy_json(false); + .override_json_parse_and_stringify(true) + .javy_json(true); Runtime::new(std::mem::take(config)) } diff --git a/fuzz/.gitignore b/fuzz/.gitignore new file mode 100644 index 00000000..1a45eee7 --- /dev/null +++ b/fuzz/.gitignore @@ -0,0 +1,4 @@ +target +corpus +artifacts +coverage diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml new file mode 100644 index 00000000..b35196ee --- /dev/null +++ b/fuzz/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "javy-fuzz" +version = "0.0.0" +publish = false +edition = "2021" + +[package.metadata] +cargo-fuzz = true + +[dependencies] +arbitrary-json = "0.1.1" +libfuzzer-sys = "0.4" +serde_json = "1.0" +javy = { path = "../crates/javy/", features = ["json"] } +anyhow = { workspace = true } + +[[bin]] +name = "json-differential" +path = "fuzz_targets/json_differential.rs" +test = false +doc = false +bench = false diff --git a/fuzz/fuzz_targets/json.js b/fuzz/fuzz_targets/json.js new file mode 100644 index 00000000..c9c409c5 --- /dev/null +++ b/fuzz/fuzz_targets/json.js @@ -0,0 +1 @@ +globalThis.OUTPUT = JSON.stringify(JSON.parse(INPUT)) diff --git a/fuzz/fuzz_targets/json_differential.rs b/fuzz/fuzz_targets/json_differential.rs new file mode 100644 index 00000000..7341acef --- /dev/null +++ b/fuzz/fuzz_targets/json_differential.rs @@ -0,0 +1,82 @@ +#![no_main] + +use anyhow::Result; +use arbitrary_json::ArbitraryValue; +use javy::{ + from_js_error, + quickjs::{Error, String as JSString}, + Config, Runtime, +}; +use libfuzzer_sys::fuzz_target; +use std::sync::Once; + +static JSON_PROGRAM: &[u8] = include_bytes!("json.js"); +static mut RT: Option = None; +static mut REF_RT: Option = None; +static SETUP: Once = Once::new(); + +fuzz_target!(|data: ArbitraryValue| { + SETUP.call_once(|| { + let mut config = Config::default(); + config + .override_json_parse_and_stringify(true) + .javy_json(true); + + unsafe { + RT = Some(Runtime::new(std::mem::take(&mut config)).expect("Runtime to be created")); + REF_RT = + Some(Runtime::new(Config::default()).expect("Reference runtime to be created")); + }; + }); + + let _ = exec(&data); +}); + +fn exec(data: &ArbitraryValue) -> Result<()> { + let rt = unsafe { RT.as_ref().unwrap() }; + let ref_rt = unsafe { REF_RT.as_ref().unwrap() }; + let mut output: Option = None; + let mut ref_output: Option = None; + + rt.context().with(|cx| { + let globals = cx.globals(); + globals.set("INPUT", JSString::from_str(cx.clone(), &data.to_string())?)?; + + let result: Result<(), _> = cx.eval(JSON_PROGRAM); + + if let Err(e) = result { + panic!( + "{}\n{}", + from_js_error(cx.clone(), e).to_string(), + data.to_string() + ); + } + + output = globals.get("OUTPUT")?; + + Ok::<(), Error>(()) + })?; + + ref_rt.context().with(|cx| { + let globals = cx.globals(); + globals.set("INPUT", JSString::from_str(cx.clone(), &data.to_string())?)?; + + let result: Result<(), _> = cx.eval(JSON_PROGRAM); + + if let Err(e) = result { + panic!( + "{}\n{}", + from_js_error(cx.clone(), e).to_string(), + data.to_string() + ); + } + + ref_output = globals.get("OUTPUT")?; + + Ok::<(), Error>(()) + })?; + + assert_eq!(output, ref_output); + + Ok(()) +} diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 716a5e42..a9d54faa 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -62,6 +62,10 @@ criteria = "safe-to-deploy" version = "0.2.18" criteria = "safe-to-deploy" +[[exemptions.arbitrary-json]] +version = "0.1.1" +criteria = "safe-to-deploy" + [[exemptions.ast_node]] version = "0.9.8" criteria = "safe-to-deploy" @@ -71,7 +75,7 @@ version = "1.3.0" criteria = "safe-to-deploy" [[exemptions.backtrace]] -version = "0.3.72" +version = "0.3.73" criteria = "safe-to-deploy" [[exemptions.base64]] @@ -123,7 +127,7 @@ version = "0.1.8" criteria = "safe-to-deploy" [[exemptions.cc]] -version = "1.0.104" +version = "1.0.106" criteria = "safe-to-deploy" [[exemptions.ciborium]] @@ -203,7 +207,7 @@ version = "0.1.2" criteria = "safe-to-deploy" [[exemptions.either]] -version = "1.12.0" +version = "1.13.0" criteria = "safe-to-deploy" [[exemptions.env_logger]] @@ -306,18 +310,6 @@ criteria = "safe-to-deploy" version = "0.1.60" criteria = "safe-to-deploy" -[[exemptions.icu_normalizer]] -version = "1.5.0" -criteria = "safe-to-deploy" - -[[exemptions.icu_normalizer_data]] -version = "1.5.0" -criteria = "safe-to-deploy" - -[[exemptions.idna]] -version = "1.0.0" -criteria = "safe-to-deploy" - [[exemptions.if_chain]] version = "1.0.2" criteria = "safe-to-deploy" @@ -378,8 +370,12 @@ criteria = "safe-to-deploy" version = "0.2.155" criteria = "safe-to-deploy" +[[exemptions.libfuzzer-sys]] +version = "0.4.7" +criteria = "safe-to-deploy" + [[exemptions.libloading]] -version = "0.8.3" +version = "0.8.4" criteria = "safe-to-deploy" [[exemptions.libredox]] @@ -387,7 +383,7 @@ version = "0.1.3" criteria = "safe-to-deploy" [[exemptions.log]] -version = "0.4.21" +version = "0.4.22" criteria = "safe-to-deploy" [[exemptions.mach]] @@ -407,7 +403,7 @@ version = "0.2.1" criteria = "safe-to-deploy" [[exemptions.miniz_oxide]] -version = "0.7.3" +version = "0.7.4" criteria = "safe-to-deploy" [[exemptions.mio]] @@ -423,7 +419,7 @@ version = "1.0.6" criteria = "safe-to-deploy" [[exemptions.num-bigint]] -version = "0.4.5" +version = "0.4.6" criteria = "safe-to-deploy" [[exemptions.num-format]] @@ -435,13 +431,17 @@ version = "0.32.2" criteria = "safe-to-deploy" [[exemptions.object]] -version = "0.35.0" +version = "0.36.1" criteria = "safe-to-deploy" [[exemptions.once_cell]] version = "1.16.0" criteria = "safe-to-deploy" +[[exemptions.oorandom]] +version = "11.1.4" +criteria = "safe-to-run" + [[exemptions.openssl]] version = "0.10.64" criteria = "safe-to-deploy" @@ -671,11 +671,11 @@ version = "0.6.7" criteria = "safe-to-deploy" [[exemptions.swc_common]] -version = "0.34.3" +version = "0.34.4" criteria = "safe-to-deploy" [[exemptions.swc_core]] -version = "0.96.0" +version = "0.96.9" criteria = "safe-to-deploy" [[exemptions.swc_ecma_ast]] @@ -683,15 +683,15 @@ version = "0.115.1" criteria = "safe-to-deploy" [[exemptions.swc_ecma_parser]] -version = "0.146.7" +version = "0.146.12" criteria = "safe-to-deploy" [[exemptions.swc_ecma_transforms_base]] -version = "0.140.1" +version = "0.140.3" criteria = "safe-to-deploy" [[exemptions.swc_ecma_utils]] -version = "0.130.1" +version = "0.130.3" criteria = "safe-to-deploy" [[exemptions.swc_ecma_visit]] @@ -718,6 +718,14 @@ criteria = "safe-to-deploy" version = "3.10.1" criteria = "safe-to-deploy" +[[exemptions.tinyvec]] +version = "1.8.0" +criteria = "safe-to-deploy" + +[[exemptions.tinyvec_macros]] +version = "0.1.1" +criteria = "safe-to-deploy" + [[exemptions.tower]] version = "0.4.13" criteria = "safe-to-deploy" @@ -743,7 +751,7 @@ version = "0.1.32" criteria = "safe-to-deploy" [[exemptions.triomphe]] -version = "0.1.12" +version = "0.1.13" criteria = "safe-to-deploy" [[exemptions.try-lock]] @@ -771,11 +779,7 @@ version = "0.1.13" criteria = "safe-to-deploy" [[exemptions.url]] -version = "2.5.1" -criteria = "safe-to-deploy" - -[[exemptions.utf16_iter]] -version = "1.0.5" +version = "2.5.2" criteria = "safe-to-deploy" [[exemptions.utf8parse]] @@ -843,31 +847,23 @@ version = "0.4.0" criteria = "safe-to-deploy" [[exemptions.windows_i686_gnullvm]] -version = "0.52.5" +version = "0.52.6" criteria = "safe-to-deploy" [[exemptions.witx]] version = "0.9.1" criteria = "safe-to-deploy" -[[exemptions.write16]] -version = "1.0.0" -criteria = "safe-to-deploy" - [[exemptions.wyz]] version = "0.5.1" criteria = "safe-to-deploy" [[exemptions.zerocopy]] -version = "0.7.34" +version = "0.7.35" criteria = "safe-to-deploy" [[exemptions.zerocopy-derive]] -version = "0.7.34" -criteria = "safe-to-deploy" - -[[exemptions.zerofrom-derive]] -version = "0.1.4" +version = "0.7.35" criteria = "safe-to-deploy" [[exemptions.zerovec]] @@ -875,13 +871,13 @@ version = "0.10.4" criteria = "safe-to-deploy" [[exemptions.zstd]] -version = "0.13.1" +version = "0.13.2" criteria = "safe-to-deploy" [[exemptions.zstd-safe]] -version = "7.1.0" +version = "7.2.0" criteria = "safe-to-deploy" [[exemptions.zstd-sys]] -version = "2.0.10+zstd.1.5.6" +version = "2.0.12+zstd.1.5.6" criteria = "safe-to-deploy" diff --git a/supply-chain/imports.lock b/supply-chain/imports.lock index 943004b4..8c6ce1dc 100644 --- a/supply-chain/imports.lock +++ b/supply-chain/imports.lock @@ -58,8 +58,8 @@ user-login = "fitzgen" user-name = "Nick Fitzgerald" [[publisher.async-trait]] -version = "0.1.80" -when = "2024-04-11" +version = "0.1.81" +when = "2024-07-07" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -72,43 +72,43 @@ user-login = "BurntSushi" user-name = "Andrew Gallant" [[publisher.cap-fs-ext]] -version = "3.1.0" -when = "2024-05-16" +version = "3.2.0" +when = "2024-07-08" user-id = 6825 user-login = "sunfishcode" user-name = "Dan Gohman" [[publisher.cap-net-ext]] -version = "3.1.0" -when = "2024-05-16" +version = "3.2.0" +when = "2024-07-08" user-id = 6825 user-login = "sunfishcode" user-name = "Dan Gohman" [[publisher.cap-primitives]] -version = "3.1.0" -when = "2024-05-16" +version = "3.2.0" +when = "2024-07-08" user-id = 6825 user-login = "sunfishcode" user-name = "Dan Gohman" [[publisher.cap-rand]] -version = "3.1.0" -when = "2024-05-16" +version = "3.2.0" +when = "2024-07-08" user-id = 6825 user-login = "sunfishcode" user-name = "Dan Gohman" [[publisher.cap-std]] -version = "3.1.0" -when = "2024-05-16" +version = "3.2.0" +when = "2024-07-08" user-id = 6825 user-login = "sunfishcode" user-name = "Dan Gohman" [[publisher.cap-time-ext]] -version = "3.1.0" -when = "2024-05-16" +version = "3.2.0" +when = "2024-07-08" user-id = 6825 user-login = "sunfishcode" user-name = "Dan Gohman" @@ -230,29 +230,29 @@ user-id = 73222 user-login = "wasmtime-publish" [[publisher.cxx]] -version = "1.0.123" -when = "2024-06-05" +version = "1.0.124" +when = "2024-06-14" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.cxx-build]] -version = "1.0.123" -when = "2024-06-05" +version = "1.0.124" +when = "2024-06-14" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.cxxbridge-flags]] -version = "1.0.123" -when = "2024-06-05" +version = "1.0.124" +when = "2024-06-14" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" [[publisher.cxxbridge-macro]] -version = "1.0.123" -when = "2024-06-05" +version = "1.0.124" +when = "2024-06-14" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -314,8 +314,8 @@ user-login = "seanmonstar" user-name = "Sean McArthur" [[publisher.httparse]] -version = "1.9.2" -when = "2024-06-10" +version = "1.9.4" +when = "2024-06-17" user-id = 359 user-login = "seanmonstar" user-name = "Sean McArthur" @@ -391,8 +391,8 @@ user-login = "sunfishcode" user-name = "Dan Gohman" [[publisher.memchr]] -version = "2.7.2" -when = "2024-03-27" +version = "2.7.4" +when = "2024-06-14" user-id = 189 user-login = "BurntSushi" user-name = "Andrew Gallant" @@ -517,8 +517,8 @@ user-login = "dtolnay" user-name = "David Tolnay" [[publisher.serde]] -version = "1.0.203" -when = "2024-05-25" +version = "1.0.204" +when = "2024-07-06" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -531,8 +531,8 @@ user-login = "dtolnay" user-name = "David Tolnay" [[publisher.serde_derive]] -version = "1.0.203" -when = "2024-05-25" +version = "1.0.204" +when = "2024-07-06" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -566,8 +566,8 @@ user-login = "dtolnay" user-name = "David Tolnay" [[publisher.syn]] -version = "2.0.68" -when = "2024-06-23" +version = "2.0.70" +when = "2024-07-08" user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" @@ -580,8 +580,8 @@ user-login = "sunfishcode" user-name = "Dan Gohman" [[publisher.target-lexicon]] -version = "0.12.14" -when = "2024-02-22" +version = "0.12.15" +when = "2024-07-08" user-id = 6825 user-login = "sunfishcode" user-name = "Dan Gohman" @@ -656,6 +656,13 @@ user-id = 3618 user-login = "dtolnay" user-name = "David Tolnay" +[[publisher.unicode-normalization]] +version = "0.1.23" +when = "2024-02-20" +user-id = 1139 +user-login = "Manishearth" +user-name = "Manish Goregaokar" + [[publisher.unicode-segmentation]] version = "1.11.0" when = "2024-02-07" @@ -670,13 +677,6 @@ user-id = 1139 user-login = "Manishearth" user-name = "Manish Goregaokar" -[[publisher.utf8_iter]] -version = "1.0.4" -when = "2023-12-01" -user-id = 4484 -user-login = "hsivonen" -user-name = "Henri Sivonen" - [[publisher.walkdir]] version = "2.5.0" when = "2024-03-01" @@ -738,8 +738,8 @@ user-id = 73222 user-login = "wasmtime-publish" [[publisher.wasm-encoder]] -version = "0.210.0" -when = "2024-06-10" +version = "0.212.0" +when = "2024-06-27" user-id = 73222 user-login = "wasmtime-publish" @@ -895,14 +895,14 @@ user-id = 73222 user-login = "wasmtime-publish" [[publisher.wast]] -version = "210.0.0" -when = "2024-06-10" +version = "212.0.0" +when = "2024-06-27" user-id = 73222 user-login = "wasmtime-publish" [[publisher.wat]] -version = "1.210.0" -when = "2024-06-10" +version = "1.212.0" +when = "2024-06-27" user-id = 73222 user-login = "wasmtime-publish" @@ -973,8 +973,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows-targets]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -987,8 +987,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_gnullvm]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -1001,8 +1001,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_aarch64_msvc]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -1015,8 +1015,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_gnu]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -1029,8 +1029,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_i686_msvc]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -1043,8 +1043,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnu]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -1057,8 +1057,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_gnullvm]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -1071,8 +1071,8 @@ user-login = "kennykerr" user-name = "Kenny Kerr" [[publisher.windows_x86_64_msvc]] -version = "0.52.5" -when = "2024-04-12" +version = "0.52.6" +when = "2024-07-03" user-id = 64539 user-login = "kennykerr" user-name = "Kenny Kerr" @@ -1648,6 +1648,17 @@ criteria = "safe-to-deploy" version = "2.2.1" notes = "I am the author of this crate." +[[audits.bytecode-alliance.audits.idna]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "0.3.0" +notes = """ +This is a crate without unsafe code or usage of the standard library. The large +size of this crate comes from the large generated unicode tables file. This +crate is broadly used throughout the ecosystem and does not contain anything +suspicious. +""" + [[audits.bytecode-alliance.audits.itertools]] who = "Nick Fitzgerald " criteria = "safe-to-deploy" @@ -1762,6 +1773,15 @@ criteria = "safe-to-deploy" version = "0.3.1" notes = "unsafety is used for smuggling std::task::Context as a raw pointer. Lifetime and type safety appears to be taken care of correctly." +[[audits.bytecode-alliance.audits.unicode-bidi]] +who = "Alex Crichton " +criteria = "safe-to-deploy" +version = "0.3.8" +notes = """ +This crate has no unsafe code and does not use `std::*`. Skimming the crate it +does not attempt to out of the bounds of what it's already supposed to be doing. +""" + [[audits.bytecode-alliance.audits.vcpkg]] who = "Pat Hickey " criteria = "safe-to-deploy" @@ -1792,6 +1812,12 @@ criteria = "safe-to-deploy" version = "1.0.1" notes = "No unsafe usage or ambient capabilities" +[[audits.embark-studios.audits.idna]] +who = "Johan Andersson " +criteria = "safe-to-deploy" +delta = "0.3.0 -> 0.4.0" +notes = "No unsafe usage or ambient capabilities" + [[audits.embark-studios.audits.strum]] who = "Johan Andersson " criteria = "safe-to-deploy" @@ -1810,10 +1836,7 @@ criteria = "safe-to-deploy" version = "1.0.1" notes = "No unsafe usage or ambient capabilities" -[[audits.fermyon.audits.oorandom]] -who = "Radu Matei " -criteria = "safe-to-run" -version = "11.1.3" +[audits.fermyon.audits] [[audits.google.audits.arrayvec]] who = "Nicholas Bishop " @@ -2058,6 +2081,15 @@ end = "2024-08-28" notes = "I, Henri Sivonen, wrote encoding_rs for Gecko and have reviewed contributions by others. There are two caveats to the certification: 1) The crate does things that are documented to be UB but that do not appear to actually be UB due to integer types differing from the general rule; https://github.com/hsivonen/encoding_rs/issues/79 . 2) It would be prudent to re-review the code that reinterprets buffers of integers as SIMD vectors; see https://github.com/hsivonen/encoding_rs/issues/87 ." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.wildcard-audits.unicode-normalization]] +who = "Manish Goregaokar " +criteria = "safe-to-deploy" +user-id = 1139 # Manish Goregaokar (Manishearth) +start = "2019-11-06" +end = "2024-05-03" +notes = "All code written or reviewed by Manish" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.wildcard-audits.unicode-segmentation]] who = "Manish Goregaokar " criteria = "safe-to-deploy" @@ -2076,15 +2108,6 @@ end = "2024-05-03" notes = "All code written or reviewed by Manish" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.wildcard-audits.utf8_iter]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -user-id = 4484 # Henri Sivonen (hsivonen) -start = "2022-04-19" -end = "2024-06-16" -notes = "Maintained by Henri Sivonen who works at Mozilla." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.android_system_properties]] who = "Nicolas Silva " criteria = "safe-to-deploy" @@ -2173,23 +2196,6 @@ version = "0.8.0" notes = "This crates was written by Sentry and I've fully audited it as Firefox crash reporting machinery relies on it." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.displaydoc]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -version = "0.2.3" -notes = """ -This crate is convenient macros to implement core::fmt::Display trait. -Although `unsafe` is used for test code to call `libc::abort()`, it has no `unsafe` code in this crate. And there is no file access. -It meets the criteria for safe-to-deploy. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.displaydoc]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.2.3 -> 0.2.4" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.fnv]] who = "Bobby Holley " criteria = "safe-to-deploy" @@ -2223,132 +2229,10 @@ version = "0.12.3" notes = "This version is used in rust's libstd, so effectively we're already trusting it" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.icu_collections]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -version = "1.2.0" -notes = "This crate is used by ICU4X for internal data structure. There is no fileaccess and network access. This uses unsafe block, but we confirm data is valid before." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_collections]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "1.2.0 -> 1.4.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_collections]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "1.4.0 -> 1.5.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_locid]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -version = "1.2.0" -notes = "This has unsafe block to handle ascii string in utf-8 string. I've vetted the one instance of unsafe code." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_locid]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "1.2.0 -> 1.4.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_locid]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "1.4.0 -> 1.5.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_locid_transform]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -version = "1.4.0" -notes = "This crate doesn't contain network and file access. Although this has unsafe block, the reason is added in the comment block. I audited code." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_locid_transform]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "1.4.0 -> 1.5.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_locid_transform_data]] -who = "Jonathan Kew " -criteria = "safe-to-deploy" -version = "1.4.0" -notes = "Compile-time static for the icu_locid_transform crate." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_locid_transform_data]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "1.4.0 -> 1.5.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_properties]] -who = "Jonathan Kew " -criteria = "safe-to-deploy" -version = "1.4.0" -notes = "This is used by ICU4X for character property lookup. The few (4) usages of unsafe have comments clarifying their safety." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_properties]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "1.4.0 -> 1.5.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_properties_data]] -who = "Jonathan Kew " -criteria = "safe-to-deploy" -version = "1.4.0" -notes = "Compile-time static data for the icu_properties crate." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_properties_data]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "1.4.0 -> 1.5.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_provider]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -version = "1.2.0" -notes = "Although this has unsafe block, this has a commnet why this is safety and I audited code. Also, this doesn't have file access and network access." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_provider]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "1.2.0 -> 1.4.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_provider]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "1.4.0 -> 1.5.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_provider_macros]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -version = "1.2.0" -notes = "This crate is macros for ICU4X's data provider implementer. This has no unsafe code and uses no ambient capabilities." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_provider_macros]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "1.2.0 -> 1.4.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.icu_provider_macros]] -who = "Makoto Kato " +[[audits.mozilla.audits.idna]] +who = "Valentin Gosu " criteria = "safe-to-deploy" -delta = "1.4.0 -> 1.5.0" +delta = "0.4.0 -> 0.5.0" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.itertools]] @@ -2357,25 +2241,6 @@ criteria = "safe-to-deploy" delta = "0.10.3 -> 0.10.5" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.litemap]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -version = "0.7.0" -notes = "This crete has no unsafe code, no file acceess and no network access." -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.litemap]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "0.7.0 -> 0.7.2" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.litemap]] -who = "Makoto Kato " -criteria = "safe-to-deploy" -delta = "0.7.2 -> 0.7.3" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.num-integer]] who = "Josh Stone " criteria = "safe-to-deploy" @@ -2450,52 +2315,29 @@ criteria = "safe-to-deploy" delta = "0.5.5 -> 0.5.7" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.synstructure]] -who = "Nika Layzell " -criteria = "safe-to-deploy" -version = "0.12.6" -notes = """ -I am the primary author of the `synstructure` crate, and its current -maintainer. The one use of `unsafe` is unnecessary, but documented and -harmless. It will be removed in the next version. -""" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.synstructure]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.12.6 -> 0.13.0" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - -[[audits.mozilla.audits.synstructure]] -who = "Mike Hommey " -criteria = "safe-to-deploy" -delta = "0.13.0 -> 0.13.1" -aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" - [[audits.mozilla.audits.tinystr]] who = "Makoto Kato " criteria = "safe-to-deploy" -version = "0.7.0" -notes = "One of original auther was Zibi Braniecki who worked at Mozilla and maintained by ICU4X developers (Google and Mozilla). I've vetted the one instance of unsafe code." +delta = "0.7.4 -> 0.7.6" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.tinystr]] -who = "Mike Hommey " +[[audits.mozilla.audits.unicode-bidi]] +who = "Makoto Kato " criteria = "safe-to-deploy" -delta = "0.7.0 -> 0.7.1" +delta = "0.3.8 -> 0.3.13" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.tinystr]] -who = "Makoto Kato " +[[audits.mozilla.audits.unicode-bidi]] +who = "Jonathan Kew " criteria = "safe-to-deploy" -delta = "0.7.1 -> 0.7.4" +delta = "0.3.13 -> 0.3.14" +notes = "I am the author of the bulk of the upstream changes in this version, and also checked the remaining post-0.3.13 changes." aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" -[[audits.mozilla.audits.tinystr]] -who = "Makoto Kato " +[[audits.mozilla.audits.unicode-bidi]] +who = "Jonathan Kew " criteria = "safe-to-deploy" -delta = "0.7.4 -> 0.7.6" +delta = "0.3.14 -> 0.3.15" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" [[audits.mozilla.audits.writeable]] @@ -2561,6 +2403,25 @@ criteria = "safe-to-deploy" delta = "0.1.2 -> 0.1.4" aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" +[[audits.mozilla.audits.zerovec]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +version = "0.9.4" +notes = "This crate is zero-copy data structure implmentation. Although this uses unsafe block in several code, it requires for zero-copy. And this has a comment in code why this uses unsafe and I audited code." +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.zerovec]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.9.4 -> 0.10.1" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + +[[audits.mozilla.audits.zerovec]] +who = "Makoto Kato " +criteria = "safe-to-deploy" +delta = "0.10.1 -> 0.10.2" +aggregated-from = "https://hg.mozilla.org/mozilla-central/raw-file/tip/supply-chain/audits.toml" + [[audits.mozilla.audits.zerovec-derive]] who = "Makoto Kato " criteria = "safe-to-deploy" From 2184edec31400be83694f440e30527d5dddaca46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 14:55:26 -0400 Subject: [PATCH 02/18] Add README --- fuzz/README.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 fuzz/README.md diff --git a/fuzz/README.md b/fuzz/README.md new file mode 100644 index 00000000..0292ee39 --- /dev/null +++ b/fuzz/README.md @@ -0,0 +1,25 @@ +
+

javy-fuzz

+

+ Fuzzing infrastructure for Javy +

+
+ +This crates defines all the fuzzing targets for Javy. + +It uses [`libFuzzer`](https://llvm.org/docs/LibFuzzer.html) through [`cargo fuzz`](https://github.com/rust-fuzz/cargo-fuzz) + +## Running + +```sh +cargo +nightly fuzz run $TARGET +``` + +## Available Targets + +* `json-differential`: Generate valid json and execute `JSON.parse` and + `JSON.stringify` using Javy's custom, SIMD-based implementation and validate + it against QuickJS' native implementation. + + + From e1a8622cd4725d036031d0787ae47f2093e92e5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 14:55:39 -0400 Subject: [PATCH 03/18] Build fuzz targets in CI --- .github/workflows/ci.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fd6b1269..3d4c8063 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -95,3 +95,17 @@ jobs: run: | cargo fmt -- --check CARGO_PROFILE_RELEASE_LTO=off cargo clippy --package=javy-cli --release --all-targets -- -D warnings + + check-fuzz: + name: Build fuzz targets + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Install cargo fuzz + run: cargo install cargo-fuzz --version=0.12.0 + # Smoke test to ensure that the fuzz targets build correctly. + # Build in development mode and without sanitizers to speed up this step. + - name: Build fuzz targets + run: cargo fuzz build --dev -s none + + From 271a286ea1a476b4319552e0a8b628a0d23a972b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 14:56:59 -0400 Subject: [PATCH 04/18] Revert runtime configuration changes --- crates/core/src/runtime.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/crates/core/src/runtime.rs b/crates/core/src/runtime.rs index 3bd4a8a8..b973bd7b 100644 --- a/crates/core/src/runtime.rs +++ b/crates/core/src/runtime.rs @@ -11,8 +11,8 @@ pub(crate) fn new(shared_config: SharedConfig) -> Result { // Due to an issue with our custom serializer and property accesses // we're disabling this temporarily. It will be enabled once we have a // fix forward. - .override_json_parse_and_stringify(true) - .javy_json(true); + .override_json_parse_and_stringify(false) + .javy_json(false); Runtime::new(std::mem::take(config)) } From ed08322bc68c30e9dea7ffa9383c12d0c1922886 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 15:47:34 -0400 Subject: [PATCH 05/18] Add `check-fuzz.yml` --- .github/workflows/check-fuzz.yml | 25 +++++++++++++++++++++++++ .github/workflows/ci.yml | 21 ++++++--------------- 2 files changed, 31 insertions(+), 15 deletions(-) create mode 100644 .github/workflows/check-fuzz.yml diff --git a/.github/workflows/check-fuzz.yml b/.github/workflows/check-fuzz.yml new file mode 100644 index 00000000..02648075 --- /dev/null +++ b/.github/workflows/check-fuzz.yml @@ -0,0 +1,25 @@ +# Smoke test to build fuzz targets. +# Deserves its own action given that it depends on nightly +# and there's currently no way to defined multiple toolchains through the +# `rust-toolchain.toml` configuration file. +name: Build Fuzz Targets + on: + push: + branches: + - main + pull_request: + +jobs: + check-fuzz: + name: Build fuzz targets + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Install nightly + + run: rustup install nightly-2024-07-07 + - name: Install cargo fuzz + run: cargo install cargo-fuzz --version=0.12.0 + - name: Build fuzz targets + run: cargo +nightly fuzz build --dev + diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3d4c8063..469bdc95 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -45,7 +45,12 @@ jobs: run: cargo test --package=javy-runner - name: Lint - run: cargo clippy --workspace --exclude=javy-cli --exclude=javy-runner --target=wasm32-wasi --all-targets -- -D warnings + run: | + cargo clippy --workspace + \ --exclude=javy-cli + \ --exclude=javy-runner + \ --exclude=javy-fuzz + \ --target=wasm32-wasi --all-targets -- -D warnings # We need to specify a different job for linting `javy-runner` given that # it depends on Wasmtime and Cranelift cannot be compiled to `wasm32-wasi` @@ -95,17 +100,3 @@ jobs: run: | cargo fmt -- --check CARGO_PROFILE_RELEASE_LTO=off cargo clippy --package=javy-cli --release --all-targets -- -D warnings - - check-fuzz: - name: Build fuzz targets - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Install cargo fuzz - run: cargo install cargo-fuzz --version=0.12.0 - # Smoke test to ensure that the fuzz targets build correctly. - # Build in development mode and without sanitizers to speed up this step. - - name: Build fuzz targets - run: cargo fuzz build --dev -s none - - From 1de10bd82646e307f50d740ac1e925c24360b18c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 15:48:46 -0400 Subject: [PATCH 06/18] Fix typo --- .github/workflows/check-fuzz.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-fuzz.yml b/.github/workflows/check-fuzz.yml index 02648075..4619cf66 100644 --- a/.github/workflows/check-fuzz.yml +++ b/.github/workflows/check-fuzz.yml @@ -1,6 +1,6 @@ # Smoke test to build fuzz targets. # Deserves its own action given that it depends on nightly -# and there's currently no way to defined multiple toolchains through the +# and there's currently no way to define multiple toolchains through the # `rust-toolchain.toml` configuration file. name: Build Fuzz Targets on: From 0acd255873140a3e7671528539ea403e8f5f705e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 15:52:30 -0400 Subject: [PATCH 07/18] Fix `check-fuzz` format --- .github/workflows/check-fuzz.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/check-fuzz.yml b/.github/workflows/check-fuzz.yml index 4619cf66..958351e0 100644 --- a/.github/workflows/check-fuzz.yml +++ b/.github/workflows/check-fuzz.yml @@ -3,10 +3,10 @@ # and there's currently no way to define multiple toolchains through the # `rust-toolchain.toml` configuration file. name: Build Fuzz Targets - on: - push: - branches: - - main +on: + push: + branches: + - main pull_request: jobs: From eb9e87394538412e6b87f2f7d2d4c4bab470864a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 16:16:13 -0400 Subject: [PATCH 08/18] Add linting --- .github/workflows/check-fuzz.yml | 2 ++ .github/workflows/ci.yml | 10 +++++----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/check-fuzz.yml b/.github/workflows/check-fuzz.yml index 958351e0..e0877708 100644 --- a/.github/workflows/check-fuzz.yml +++ b/.github/workflows/check-fuzz.yml @@ -22,4 +22,6 @@ jobs: run: cargo install cargo-fuzz --version=0.12.0 - name: Build fuzz targets run: cargo +nightly fuzz build --dev + - name: Lint + run: cargo +nightly clippy --package=javy-fuzz -- -D warnings diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 469bdc95..58be1223 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,11 +46,11 @@ jobs: - name: Lint run: | - cargo clippy --workspace - \ --exclude=javy-cli - \ --exclude=javy-runner - \ --exclude=javy-fuzz - \ --target=wasm32-wasi --all-targets -- -D warnings + cargo clippy --workspace \ + --exclude=javy-cli \ + --exclude=javy-runner \ + --exclude=javy-fuzz \ + --target=wasm32-wasi --all-targets -- -D warnings # We need to specify a different job for linting `javy-runner` given that # it depends on Wasmtime and Cranelift cannot be compiled to `wasm32-wasi` From ab9342d667fddd9c310a92317fadf9b0afa1d181 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 16:20:49 -0400 Subject: [PATCH 09/18] Fixes --- fuzz/fuzz_targets/json_differential.rs | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/fuzz/fuzz_targets/json_differential.rs b/fuzz/fuzz_targets/json_differential.rs index 7341acef..d71a7fd3 100644 --- a/fuzz/fuzz_targets/json_differential.rs +++ b/fuzz/fuzz_targets/json_differential.rs @@ -45,11 +45,7 @@ fn exec(data: &ArbitraryValue) -> Result<()> { let result: Result<(), _> = cx.eval(JSON_PROGRAM); if let Err(e) = result { - panic!( - "{}\n{}", - from_js_error(cx.clone(), e).to_string(), - data.to_string() - ); + panic!("{}\n{}", from_js_error(cx.clone(), e), **data,); } output = globals.get("OUTPUT")?; @@ -64,11 +60,7 @@ fn exec(data: &ArbitraryValue) -> Result<()> { let result: Result<(), _> = cx.eval(JSON_PROGRAM); if let Err(e) = result { - panic!( - "{}\n{}", - from_js_error(cx.clone(), e).to_string(), - data.to_string() - ); + panic!("{}\n{}", from_js_error(cx.clone(), e), **data); } ref_output = globals.get("OUTPUT")?; From 97536143dde00fd80c39c7dd58930f60875ac375 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 16:26:26 -0400 Subject: [PATCH 10/18] Fix formatting in check-fuzz.yml --- .github/workflows/check-fuzz.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-fuzz.yml b/.github/workflows/check-fuzz.yml index e0877708..62a7927f 100644 --- a/.github/workflows/check-fuzz.yml +++ b/.github/workflows/check-fuzz.yml @@ -7,7 +7,7 @@ on: push: branches: - main - pull_request: + pull_request: jobs: check-fuzz: From eee0719b605a682bb1d99f8276fb8b0b090bc4b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 16:40:21 -0400 Subject: [PATCH 11/18] Parametrize cargo fuzz and nightly version --- .github/workflows/check-fuzz.yml | 19 +++++++++++++++---- pinned-cargo-fuzz-version | 1 + pinned-nightly-version | 1 + 3 files changed, 17 insertions(+), 4 deletions(-) create mode 100644 pinned-cargo-fuzz-version create mode 100644 pinned-nightly-version diff --git a/.github/workflows/check-fuzz.yml b/.github/workflows/check-fuzz.yml index 62a7927f..1f45b072 100644 --- a/.github/workflows/check-fuzz.yml +++ b/.github/workflows/check-fuzz.yml @@ -15,13 +15,24 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - name: Read pinned nightly version + id: nightly_and_argo_fuzz_version + shell: bash + run: | + NIGHTLY_VERSION=$(cat pinned-nightly-version) + CARGO_FUZZ_VERSION$(cat pinned-cargo-fuzz-version) + echo "::set-output name=nightly_version::$NIGHTLY_VERSION" + echo "::set-output name=cargo_fuzz_version::$CARGO_FUZZ_VERSION" + - name: Install nightly + run: rustup install +${{ steps.nightly_and_cargo_fuzz_version.outputs.nightly_version }} - run: rustup install nightly-2024-07-07 - name: Install cargo fuzz - run: cargo install cargo-fuzz --version=0.12.0 + run: cargo install cargo-fuzz --version=${{ steps.nightly_and_cargo_fuzz_version.output.cargo_fuzz_version }} + - name: Build fuzz targets - run: cargo +nightly fuzz build --dev + run: cargo +${{ steps.nightly_and_cargo_fuzz_version.outputs.nightly_version }} fuzz build --dev + - name: Lint - run: cargo +nightly clippy --package=javy-fuzz -- -D warnings + run: cargo +${{ steps.nightly_and_cargo_fuzz_version.outputs.nightly_version }} clippy --package=javy-fuzz -- -D warnings diff --git a/pinned-cargo-fuzz-version b/pinned-cargo-fuzz-version new file mode 100644 index 00000000..ac454c6a --- /dev/null +++ b/pinned-cargo-fuzz-version @@ -0,0 +1 @@ +0.12.0 diff --git a/pinned-nightly-version b/pinned-nightly-version new file mode 100644 index 00000000..e936f915 --- /dev/null +++ b/pinned-nightly-version @@ -0,0 +1 @@ +nightly-2024-07-07 From 9f4e63c50d9cae72fbf9adcd1b7e95e8484a172a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 16:45:22 -0400 Subject: [PATCH 12/18] Split steps to read versions --- .github/workflows/check-fuzz.yml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/.github/workflows/check-fuzz.yml b/.github/workflows/check-fuzz.yml index 1f45b072..d6d39245 100644 --- a/.github/workflows/check-fuzz.yml +++ b/.github/workflows/check-fuzz.yml @@ -16,23 +16,28 @@ jobs: steps: - uses: actions/checkout@v4 - name: Read pinned nightly version - id: nightly_and_argo_fuzz_version + id: nightly_version shell: bash run: | NIGHTLY_VERSION=$(cat pinned-nightly-version) - CARGO_FUZZ_VERSION$(cat pinned-cargo-fuzz-version) echo "::set-output name=nightly_version::$NIGHTLY_VERSION" + + - name: Read cargo fuzz version + id: cargo_fuzz_version + shell: bash + run: | + CARGO_FUZZ_VERSION=$(cat pinned-cargo-fuzz-version) echo "::set-output name=cargo_fuzz_version::$CARGO_FUZZ_VERSION" - name: Install nightly - run: rustup install +${{ steps.nightly_and_cargo_fuzz_version.outputs.nightly_version }} + run: rustup install +${{ steps.nightly_version.outputs.nightly_version }} - name: Install cargo fuzz - run: cargo install cargo-fuzz --version=${{ steps.nightly_and_cargo_fuzz_version.output.cargo_fuzz_version }} + run: cargo install cargo-fuzz --version=${{ steps.cargo_fuzz_version.output.cargo_fuzz_version }} - name: Build fuzz targets - run: cargo +${{ steps.nightly_and_cargo_fuzz_version.outputs.nightly_version }} fuzz build --dev + run: cargo +${{ steps.nightly_version.outputs.nightly_version }} fuzz build --dev - name: Lint - run: cargo +${{ steps.nightly_and_cargo_fuzz_version.outputs.nightly_version }} clippy --package=javy-fuzz -- -D warnings + run: cargo +${{ steps.nightly_version.outputs.nightly_version }} clippy --package=javy-fuzz -- -D warnings From 43d95ac5ab868cc35831f2b32eda439d3bc6fec8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 16:46:18 -0400 Subject: [PATCH 13/18] Fix typo in rustup install nightly --- .github/workflows/check-fuzz.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-fuzz.yml b/.github/workflows/check-fuzz.yml index d6d39245..c0b8dc08 100644 --- a/.github/workflows/check-fuzz.yml +++ b/.github/workflows/check-fuzz.yml @@ -30,7 +30,7 @@ jobs: echo "::set-output name=cargo_fuzz_version::$CARGO_FUZZ_VERSION" - name: Install nightly - run: rustup install +${{ steps.nightly_version.outputs.nightly_version }} + run: rustup install ${{ steps.nightly_version.outputs.nightly_version }} - name: Install cargo fuzz run: cargo install cargo-fuzz --version=${{ steps.cargo_fuzz_version.output.cargo_fuzz_version }} From 2bb3d4ffba7d913e646ae690f84800d6ef5d92ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 16:48:05 -0400 Subject: [PATCH 14/18] Fix typo in cargo install cargo-fuzz --- .github/workflows/check-fuzz.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-fuzz.yml b/.github/workflows/check-fuzz.yml index c0b8dc08..93385741 100644 --- a/.github/workflows/check-fuzz.yml +++ b/.github/workflows/check-fuzz.yml @@ -33,7 +33,7 @@ jobs: run: rustup install ${{ steps.nightly_version.outputs.nightly_version }} - name: Install cargo fuzz - run: cargo install cargo-fuzz --version=${{ steps.cargo_fuzz_version.output.cargo_fuzz_version }} + run: cargo install cargo-fuzz --version=${{ steps.cargo_fuzz_version.outputs.cargo_fuzz_version }} - name: Build fuzz targets run: cargo +${{ steps.nightly_version.outputs.nightly_version }} fuzz build --dev From 21aec027b33fc52e757d07abaf5cc3816bf77fd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 16:54:01 -0400 Subject: [PATCH 15/18] Improve nightly installation step --- .github/workflows/check-fuzz.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/check-fuzz.yml b/.github/workflows/check-fuzz.yml index 93385741..a399552f 100644 --- a/.github/workflows/check-fuzz.yml +++ b/.github/workflows/check-fuzz.yml @@ -30,14 +30,18 @@ jobs: echo "::set-output name=cargo_fuzz_version::$CARGO_FUZZ_VERSION" - name: Install nightly - run: rustup install ${{ steps.nightly_version.outputs.nightly_version }} + run: | + rustup install ${{ steps.nightly_version.outputs.nightly_version }} + rustup default ${{ steps.nightly_version.outputs.nightly_version }} + rustup component add clippy - name: Install cargo fuzz run: cargo install cargo-fuzz --version=${{ steps.cargo_fuzz_version.outputs.cargo_fuzz_version }} - name: Build fuzz targets - run: cargo +${{ steps.nightly_version.outputs.nightly_version }} fuzz build --dev + run: cargo fuzz build --dev - name: Lint - run: cargo +${{ steps.nightly_version.outputs.nightly_version }} clippy --package=javy-fuzz -- -D warnings + run: | + cargo clippy --package=javy-fuzz -- -D warnings From 84ebc7ef79ede2f1e7510e21d519c794f04b2af6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 17:01:40 -0400 Subject: [PATCH 16/18] Use rustup override --- .github/workflows/check-fuzz.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-fuzz.yml b/.github/workflows/check-fuzz.yml index a399552f..392c92a5 100644 --- a/.github/workflows/check-fuzz.yml +++ b/.github/workflows/check-fuzz.yml @@ -32,7 +32,7 @@ jobs: - name: Install nightly run: | rustup install ${{ steps.nightly_version.outputs.nightly_version }} - rustup default ${{ steps.nightly_version.outputs.nightly_version }} + rustup override set ${{ steps.nightly_version.outputs.nightly_version }} rustup component add clippy - name: Install cargo fuzz From 7d94ba8179c80ef68b6b987ca1c1420aecd5a2e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 17:13:07 -0400 Subject: [PATCH 17/18] Drop clippy from fuzz --- .github/workflows/check-fuzz.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/check-fuzz.yml b/.github/workflows/check-fuzz.yml index 392c92a5..e8e88572 100644 --- a/.github/workflows/check-fuzz.yml +++ b/.github/workflows/check-fuzz.yml @@ -40,8 +40,3 @@ jobs: - name: Build fuzz targets run: cargo fuzz build --dev - - - name: Lint - run: | - cargo clippy --package=javy-fuzz -- -D warnings - From e91e92fa2daf32a6a5552d36eda2f713cd87caa9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sa=C3=BAl=20Cabrera?= Date: Mon, 8 Jul 2024 18:51:18 -0400 Subject: [PATCH 18/18] Fix `lint` newlines --- .github/workflows/ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 58be1223..9d510228 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,11 +46,11 @@ jobs: - name: Lint run: | - cargo clippy --workspace \ - --exclude=javy-cli \ - --exclude=javy-runner \ - --exclude=javy-fuzz \ - --target=wasm32-wasi --all-targets -- -D warnings + cargo clippy --workspace \ + --exclude=javy-cli \ + --exclude=javy-runner \ + --exclude=javy-fuzz \ + --target=wasm32-wasi --all-targets -- -D warnings # We need to specify a different job for linting `javy-runner` given that # it depends on Wasmtime and Cranelift cannot be compiled to `wasm32-wasi`