Skip to content

ci: add debug and FFI fuzz guards #103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
membphis merged 1 commit into from
May 30, 2026
Merged

ci: add debug and FFI fuzz guards #103

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,9 @@ jobs:
- name: Test scalar-only (no AVX2/NEON feature)
run: cargo test --release --no-default-features

- name: Test debug scalar-only
run: cargo test --no-default-features

- name: Test with test-panic feature
run: cargo test --features test-panic --release

Expand Down Expand Up @@ -98,6 +101,7 @@ jobs:
run: |
cargo +nightly fuzz run fuzz_parse_eager -- -max_total_time=60
cargo +nightly fuzz run fuzz_depth -- -max_total_time=60
cargo +nightly fuzz run fuzz_ffi_ops -- -max_total_time=60

- name: Run lazy parse fuzz target
run: cargo +nightly fuzz run fuzz_parse_lazy -- -max_total_time=60
Expand Down
7 changes: 7 additions & 0 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,7 @@ Run the PR-length regression guard:
```sh
cargo +nightly fuzz run fuzz_parse_eager -- -max_total_time=60
cargo +nightly fuzz run fuzz_depth -- -max_total_time=60
cargo +nightly fuzz run fuzz_ffi_ops -- -max_total_time=60
cargo +nightly fuzz run fuzz_parse_lazy -- -max_total_time=60
```

Expand All @@ -170,6 +171,11 @@ default depth (`1024`) and the clamped ceiling (`4096`). Accepted boundary
inputs are also walked through the FFI cursor API to exercise Phase 2 without
recursive descent.

The `fuzz_ffi_ops` target drives the public FFI surface with arbitrary
parse/get/cursor/free operation sequences. It focuses on panic-barrier and
pointer-safety regressions around null docs/cursors, path/key bytes, repeated
parses/frees, and mixed root/cursor accessors.

The `fuzz_parse_lazy` target compares serde-accepted inputs by reconstructing a
whole `serde_json::Value` through qjson's public cursor FFI APIs. It normalizes
numbers through qjson's `f64` getter semantics, with serde_json's
Expand All @@ -187,6 +193,7 @@ Before releases, run the same target much longer than the CI guard, for example:
```sh
cargo +nightly fuzz run fuzz_parse_eager -- -max_total_time=3600
cargo +nightly fuzz run fuzz_depth -- -max_total_time=3600
cargo +nightly fuzz run fuzz_ffi_ops -- -max_total_time=3600
cargo +nightly fuzz run fuzz_parse_lazy -- -max_total_time=3600
```

Expand Down
Loading