remove .nosideEffect

2022-09-06 16:58:22 +03:00 · 2022-09-06 16:58:22 +03:00 · f7633cbb8c
parent 87e4abf7e8
commit f7633cbb8c
3 changed files with 19 additions and 19 deletions
--- a/README.md
+++ b/README.md
@ -35,6 +35,9 @@ func fuzzTarget(data: (string, int32, int32, int32)) =
 defaultMutator(fuzzTarget)
 ```

+> **WARNING**: Fuzz targets must not modify the input variable. This can be ensured by using `.noSideEffect`
+> and {.experimental: "strictFuncs".}
+
 Or complex as shown bellow:

 ```nim
@ -67,7 +70,7 @@ Dr. Chaos will generate millions of inputs and run `fuzzTarget` under a few seco
 More articulate examples, such as fuzzing a graph library are in the `examples/` directory.

 Defining a `==` proc for the input type is necessary. `proc default(_: typedesc[T]): T` can also
-be overloaded.
+be overloaded. Which is especially useful when `nil` for `ref` is not an acceptable value.

 ### Post-processors

@ -149,7 +152,7 @@ This is only necessary for destructor-based types. `mutate`, `default` and `==`
 ### Dos and don'ts

 - Don't `echo`  in a fuzz target as it slows down execution speed.
- Prefer `-d:danger` for maximum performance.
+- Prefer `-d:danger|release` for maximum performance.
 - Once you have a crash you can recompile with `-d:debug` and pass the crashing test case as parameter.
 - With this line `when defined(dumpFuzzInput): debugEcho(x)` in a target and `-d:dumpFuzzInput`, observe the crashing input.
 - You could compile without sanitizers, AddressSanitizer slows down by 2x, but it's not recommended.
--- a/drchaos/mutator.nim
+++ b/drchaos/mutator.nim
@ -570,7 +570,7 @@ template mutatorImpl*(target, mutator, typ: untyped) =
  {.pragma: nosan, codegenDecl: "__attribute__((disable_sanitizer_instrumentation)) $# $#$#".}

  type
-    FuzzTarget = proc (x: typ) {.nimcall, noSideEffect.}
+    FuzzTarget = proc (x: typ) {.nimcall.}
    FuzzMutator = proc (x: var typ; sizeIncreaseHint: Natural, r: var Rand) {.nimcall.}

  var
--- a/examples/fuzz_html.nim
+++ b/examples/fuzz_html.nim
@ -14,6 +14,17 @@ proc newTextNode(s: sink string): HtmlNode =
 proc newTree(tag: TagWithKids; kids: varargs[HtmlNode]): HtmlNode =
  HtmlNode(tag: tag, kids: @kids)

+func `==`(a, b: HtmlNode): bool =
+  if a.isNil:
+    if b.isNil: return true
+    return false
+  elif b.isNil or a.tag != b.tag:
+    return false
+  else:
+    case a.tag
+    of text: return a.s == b.s
+    else: return a.kids == b.kids
+
 proc add(parent: HtmlNode; kid: sink HtmlNode) = parent.kids.add kid

 from std/xmltree import addEscaped
@ -41,26 +52,12 @@ when isMainModule:
  proc default(_: typedesc[HtmlNode]): HtmlNode =
    HtmlNode(tag: text, s: "")

-  func `==`(a, b: HtmlNode): bool =
-    if a.isNil:
-      if b.isNil: return true
-      return false
-    elif b.isNil or a.tag != b.tag:
-      return false
-    else:
-      case a.tag
-      of text: return a.s == b.s
-      else: return a.kids == b.kids
-
  func fuzzTarget(x: HtmlNode) =
    when defined(dumpFuzzInput): debugEcho(x)
-    let data = HtmlNode(tag: head, kids: @[
-      HtmlNode(tag: text, s: "Hello World!"),
-    ])
    # Here you could feed `$x` to htmlparser.parseHtml and make sure it doesn't crash.
    #var errors: seq[string] = @[]
-    #let tree = parseHtml($x, "unknown_html_doc", errors)
+    #let tree = parseHtml(newStringStream($x), "unknown_html_doc", errors)
    #doAssert errors.len == 0
-    doAssert $x != $data
+    doAssert $x != "<head>\n\n</head>"

  defaultMutator(fuzzTarget)