Fuzz

.github/workflows/linux.yml

@@ -34,7 +34,7 @@
             - build_type: Debug
               sanitize: ON
             - build_type: Coverage
-              compiler: gcc
+              compiler: clang-18
               protoc: compile
               sanitize: OFF
 
@@ -89,7 +89,7 @@
             ctest --build-config ${{ matrix.build_type }} --output-on-failure
 
         - name: Upload coverage to Codecov
-          uses: codecov/codecov-action@v4
+          uses: codecov/codecov-action@v5
           if: matrix.build_type == 'Coverage'
           with:
             token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/macos.yml

@@ -25,6 +25,7 @@ jobs:
     runs-on: macos-latest
     strategy:
         matrix:
+          build_type: [Release, Debug, Coverage]
           protoc: ["find"]
 
     steps:
@@ -47,14 +48,20 @@ jobs:
       - name: configure
         shell: bash
         run: |
-          cmake -S . -B build -G Ninja -DHPP_PROTO_PROTOC=${{ matrix.protoc }} -DCMAKE_BUILD_TYPE=Debug \
+          cmake -S . -B build -G Ninja -DHPP_PROTO_PROTOC=${{ matrix.protoc }} -DCMAKE_BUILD_TYPE=${{ matrix.build_type }} \
             -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache
 
       - name: build
         run: cmake --build build
 
       - name: test
-        shell: bash
+        working-directory: ./build
         run: |
-          cd build
-          ctest --build-config Debug --output-on-failure
+          ctest --build-config ${{ matrix.build_type }} --output-on-failure
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v5
+        if: matrix.build_type == 'Coverage'
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          verbose: true

CMakeLists.txt

@@ -33,7 +33,7 @@ if(MSVC)
     set(HPP_PROTO_DISABLE_GLAZE ON)
   endif()
 else()
-  set(HPP_PROTO_COMPILE_OPTIONS "-Wall" "-Wall" "-Wextra")
+  set(HPP_PROTO_COMPILE_OPTIONS "-Wall" "-Wall" "-Wextra" "-Werror=sign-conversion")
 endif()
 
 if(CMAKE_GENERATOR MATCHES "Visual Studio" AND CMAKE_CXX_COMPILER_LAUNCHER STREQUAL "ccache")
@@ -106,6 +106,9 @@ if(HPP_PROTO_PROTOC_PLUGIN)
   if(HPP_PROTO_TESTS)
     add_subdirectory(tests)
     add_subdirectory(tutorial)
+    if (HPP_PROTO_ENABLE_SANITIZER AND CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
+      add_subdirectory(fuzz)
+    endif()
   endif()
 
   if(HPP_PROTO_BENCHMARKS)

README.md

@@ -33,7 +33,7 @@ Compared to Google’s implementation, hpp-proto adopts a minimalistic design th
 |   CPU    | M1 Pro/MK193LL/A   |  Intel Core i9-11950H @ 2.60GHz |
 | Compiler | Apple clang 16.0.0 |           gcc 12.3.0            |
 
-Google protobuf version 28.3
+Google protobuf version 29.3
 
 ### Runtime Performance 
 
@@ -61,30 +61,30 @@ We measured the runtime performance using the dataset and the benchmarks.proto d
   </tr>
  <tr>
    <td>google CPU time</td>
-   <td><div align="right">475.0&nbsp;ns</div></td>
-   <td><div align="right">366.0&nbsp;ns</div></td>
-   <td><div align="right">382.0&nbsp;ns</div></td>
-   <td><div align="right">268.0&nbsp;ns</div></td>
-   <td><div align="right">509.0&nbsp;ns</div></td>
-   <td><div align="right">426.0&nbsp;ns</div></td>
+   <td><div align="right">472.0&nbsp;ns</div></td>
+   <td><div align="right">346.0&nbsp;ns</div></td>
+   <td><div align="right">372.0&nbsp;ns</div></td>
+   <td><div align="right">250.0&nbsp;ns</div></td>
+   <td><div align="right">516.0&nbsp;ns</div></td>
+   <td><div align="right">398.0&nbsp;ns</div></td>
  </tr>
  <tr>
    <td>hpp_proto CPU time</td>
-   <td><div align="right">283.0&nbsp;ns</div></td>
-   <td><div align="right">170.0&nbsp;ns</div></td>
-   <td><div align="right">81.0&nbsp;ns</div></td>
+   <td><div align="right">294.0&nbsp;ns</div></td>
+   <td><div align="right">177.0&nbsp;ns</div></td>
+   <td><div align="right">72.6&nbsp;ns</div></td>
    <td><div align="right">8.38&nbsp;ns</div></td>
-   <td><div align="right">285.0&nbsp;ns</div></td>
-   <td><div align="right">182.0&nbsp;ns</div></td>
+   <td><div align="right">275.0&nbsp;ns</div></td>
+   <td><div align="right">181.0&nbsp;ns</div></td>
  </tr>
  <tr>
    <td>hpp_proto speedup factor</td>
-   <td><div align="right">1.67</div></td>
-   <td><div align="right">2.15</div></td>
-   <td><div align="right">4.71</div></td>
-   <td><div align="right">31.98</div></td>
-   <td><div align="right">1.78</div></td>
-   <td><div align="right">2.34</div></td>
+   <td><div align="right">1.61</div></td>
+   <td><div align="right">1.95</div></td>
+   <td><div align="right">5.12</div></td>
+   <td><div align="right">29.83</div></td>
+   <td><div align="right">1.88</div></td>
+   <td><div align="right">2.20</div></td>
  </tr>
 </tbody>
 </table>
@@ -111,30 +111,30 @@ We measured the runtime performance using the dataset and the benchmarks.proto d
   </tr>
  <tr>
    <td>google CPU time</td>
-   <td><div align="right">250.0&nbsp;ns</div></td>
+   <td><div align="right">253.0&nbsp;ns</div></td>
    <td><div align="right">257.0&nbsp;ns</div></td>
-   <td><div align="right">114.0&nbsp;ns</div></td>
-   <td><div align="right">108.0&nbsp;ns</div></td>
-   <td><div align="right">225.0&nbsp;ns</div></td>
-   <td><div align="right">229.0&nbsp;ns</div></td>
+   <td><div align="right">117.0&nbsp;ns</div></td>
+   <td><div align="right">111.0&nbsp;ns</div></td>
+   <td><div align="right">220.0&nbsp;ns</div></td>
+   <td><div align="right">224.0&nbsp;ns</div></td>
  </tr>
  <tr>
    <td>hpp_proto CPU time</td>
-   <td><div align="right">198.0&nbsp;ns</div></td>
-   <td><div align="right">142.0&nbsp;ns</div></td>
-   <td><div align="right">34.6&nbsp;ns</div></td>
+   <td><div align="right">202.0&nbsp;ns</div></td>
+   <td><div align="right">144.0&nbsp;ns</div></td>
+   <td><div align="right">33.6&nbsp;ns</div></td>
    <td><div align="right">10.9&nbsp;ns</div></td>
-   <td><div align="right">146.0&nbsp;ns</div></td>
-   <td><div align="right">116.0&nbsp;ns</div></td>
+   <td><div align="right">140.0&nbsp;ns</div></td>
+   <td><div align="right">115.0&nbsp;ns</div></td>
  </tr>
  <tr>
    <td>hpp_proto speedup factor</td>
-   <td><div align="right">1.26</div></td>
-   <td><div align="right">1.81</div></td>
-   <td><div align="right">3.29</div></td>
-   <td><div align="right">9.91</div></td>
-   <td><div align="right">1.54</div></td>
-   <td><div align="right">1.97</div></td>
+   <td><div align="right">1.25</div></td>
+   <td><div align="right">1.78</div></td>
+   <td><div align="right">3.48</div></td>
+   <td><div align="right">10.18</div></td>
+   <td><div align="right">1.57</div></td>
+   <td><div align="right">1.95</div></td>
  </tr>
 </tbody>
 </table>
@@ -161,23 +161,23 @@ We compared the code sizes of three equivalent programs: [hpp_proto_decode_encod
   </tr>
   <tr>
     <td> google_decode_encode </td>
-    <td><div align="right">2624344</div></td>
-    <td><div align="right">3410088</div></td>
+    <td><div align="right">2683720</div></td>
+    <td><div align="right">3467520</div></td>
   </tr>
   <tr>
     <td> google_decode_encode_lite </td>
-    <td><div align="right">1106408</div></td>
-    <td><div align="right">1474208</div></td>
+    <td><div align="right">1128296</div></td>
+    <td><div align="right">1505200</div></td>
   </tr>
   <tr>
     <td> hpp_proto_decode_encoded </td>
-    <td><div align="right">121208</div></td>
-    <td><div align="right">92520</div></td>
+    <td><div align="right">139608</div></td>
+    <td><div align="right">100640</div></td>
   </tr>
 </tbody>
 </table>
 
-The comparison highlights a significant reduction in code size when using hpp-proto compared to Google’s Protocol Buffers implementations. On macOS, hpp-proto offers a 21.65x reduction in size compared to google_decode_encode and a 9.13x reduction compared to google_decode_encode_lite. The reduction is even more pronounced on Linux, where hpp-proto reduces the code size by 36.86x compared to google_decode_encode and by 15.93x compared to google_decode_encode_lite.
+The comparison highlights a significant reduction in code size when using hpp-proto compared to Google’s Protocol Buffers implementations. On macOS, hpp-proto offers a 19.22x reduction in size compared to google_decode_encode and a 8.08x reduction compared to google_decode_encode_lite. The reduction is even more pronounced on Linux, where hpp-proto reduces the code size by 34.45x compared to google_decode_encode and by 14.96x compared to google_decode_encode_lite.
 
 
 ## Getting Started

cspell.json

@@ -84,7 +84,22 @@
         "bigobj",
         "libprotoc",
         "ASAN",
-        "libhpp"
+        "libhpp",
+        "Wsign",
+        "Wextra",
+        "freea",
+        "binpb",
+        "ccache",
+        "fsanitize",
+        "Werror",
+        "STREQUAL",
+        "unittests",
+        "INLINES",
+        "PROTOFILES",
+        "COPYONLY",
+        "endforeach",
+        "endfunction",
+        "ARGN"
     ],
     // flagWords - list of words to be always considered incorrect
     // This is useful for offensive words and common spelling errors.

fuzz/CMakeLists.txt

@@ -0,0 +1,18 @@
+
+function(add_fuzz_target target source)
+  add_executable(${target} ${source})
+  target_link_libraries(${target} PRIVATE hpp_proto::libhpp_proto ${ARGN})
+  target_compile_options(${target} PRIVATE -fsanitize=fuzzer,address,undefined -fsanitize=undefined -fno-sanitize-recover=all)
+  target_link_options(${target} PRIVATE -fsanitize=fuzzer,address,undefined)
+
+  add_executable(${target}_debug_case ${source} fuzz_case_main.cpp)
+  target_compile_options(${target}_debug_case PRIVATE -fsanitize=undefined -fno-sanitize-recover=all)
+  target_link_libraries(${target}_debug_case PRIVATE hpp_proto::libhpp_proto ${ARGN})
+endfunction()
+
+add_fuzz_target(fuzz_pb_serializer fuzz_pb_serializer.cpp unittest_proto_lib)
+add_fuzz_target(fuzz_dynamic_serializer fuzz_dynamic_serializer.cpp)    
+file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/corpus)            
+
+
+

fuzz/fuzz_case_main.cpp

@@ -0,0 +1,23 @@
+#include <fstream>
+#include <fuzzer/FuzzedDataProvider.h>
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+inline std::string read_file(const char *filename) {
+  std::ifstream in(filename, std::ios::in | std::ios::binary);
+  std::string contents;
+  in.seekg(0, std::ios::end);
+  contents.resize(in.tellg());
+  in.seekg(0, std::ios::beg);
+  in.read(contents.data(), static_cast<std::streamsize>(contents.size()));
+  return contents;
+}
+
+int main(int argc, const char **argv) {
+  if (argc != 2) {
+    return 1;
+  }
+  // NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-pointer-arithmetic)
+  std::string data = read_file(argv[1]);
+  // NOLINTNEXTLINE(cppcoreguidelines-pro-type-reinterpret-cast)
+  return LLVMFuzzerTestOneInput(reinterpret_cast<const uint8_t *>(data.data()), data.size());
+}

fuzz/fuzz_dynamic_serializer.cpp

@@ -0,0 +1,30 @@
+#include <fstream>
+#include <fuzzer/FuzzedDataProvider.h>
+#include <hpp_proto/dynamic_serializer.hpp>
+
+using namespace std::string_view_literals;
+
+const std::array messages_names = {"proto3_unittest.TestAllTypes"sv,      "proto3_unittest.TestUnpackedTypes"sv,
+                                   "protobuf_unittest.TestAllTypes"sv,    "protobuf_unittest.TestMap"sv,
+                                   "protobuf_unittest.TestPackedTypes"sv, "protobuf_unittest.TestUnpackedTypes"sv};
+
+inline std::string read_file(const std::string &filename) {
+  std::ifstream in(filename.c_str(), std::ios::in | std::ios::binary);
+  std::string contents;
+  in.seekg(0, std::ios::end);
+  contents.resize(static_cast<std::string::size_type>(in.tellg()));
+  in.seekg(0, std::ios::beg);
+  in.read(contents.data(), static_cast<std::streamsize>(contents.size()));
+  return contents;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  auto descriptors = read_file("../tests/unittest.desc.binpb");
+  auto ser = hpp::proto::dynamic_serializer::make(descriptors);
+
+  FuzzedDataProvider fdp(data, size);
+  // NOLINTNEXTLINE(cppcoreguidelines-pro-bounds-constant-array-index)
+  auto message_name = messages_names[fdp.ConsumeIntegralInRange<unsigned>(0, messages_names.size() - 1)];
+  auto status = ser->proto_to_json(message_name, fdp.ConsumeRemainingBytes<char>());
+  return status.has_value() ? 0 : 1;
+}

fuzz/fuzz_pb_serializer.cpp

@@ -0,0 +1,56 @@
+#include <fuzzer/FuzzedDataProvider.h>
+#include <google/protobuf/map_unittest.pb.hpp>
+#include <google/protobuf/unittest.pb.hpp>
+#include <google/protobuf/unittest_proto3.pb.hpp>
+#include <non_owning/google/protobuf/map_unittest.pb.hpp>
+#include <non_owning/google/protobuf/unittest.pb.hpp>
+#include <non_owning/google/protobuf/unittest_proto3.pb.hpp>
+
+std::vector<std::vector<char>> split_input(FuzzedDataProvider &provider) {
+  std::vector<std::vector<char>> result;
+  while (result.size() < 9) {
+    auto v = provider.ConsumeBytes<char>(provider.ConsumeIntegralInRange<int>(10, 128));
+    if (v.empty()) {
+      break;
+    }
+    result.push_back(std::move(v));
+  };
+
+  auto v = provider.ConsumeRemainingBytes<char>();
+  if (!v.empty())
+    result.push_back(std::move(v));
+  return result;
+}
+
+using messages_t = std::tuple<proto3_unittest::TestAllTypes, protobuf_unittest::TestAllTypes,
+                              protobuf_unittest::TestMap, non_owning::proto3_unittest::TestAllTypes,
+                              non_owning::protobuf_unittest::TestAllTypes, non_owning::protobuf_unittest::TestMap>;
+
+hpp::proto::status deserialize_data(FuzzedDataProvider &provider, uint32_t choice, std::index_sequence<>) { return {}; }
+
+template <std::size_t FirstIndex, std::size_t... Indices>
+hpp::proto::status deserialize_data(FuzzedDataProvider &provider, uint32_t choice,
+                                    std::index_sequence<FirstIndex, Indices...>) {
+  auto message_index = choice % std::tuple_size_v<messages_t>;
+  auto deserialize_message = [&] {
+    bool to_split = choice / std::tuple_size_v<messages_t>;
+    std::pmr::monotonic_buffer_resource mr;
+    typename std::tuple_element<FirstIndex, messages_t>::type message;
+    if (to_split) {
+      return hpp::proto::read_proto(message, split_input(provider), hpp::proto::strictly_alloc_from{mr});
+    } else {
+      return hpp::proto::read_proto(message, provider.ConsumeRemainingBytes<char>(),
+                                    hpp::proto::strictly_alloc_from{mr});
+    }
+  };
+
+  return (message_index == FirstIndex) ? deserialize_message()
+                                       : deserialize_data(provider, choice, std::index_sequence<Indices...>{});
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  FuzzedDataProvider provider(data, size);
+  auto choice = provider.ConsumeIntegralInRange<unsigned>(0, std::tuple_size_v<messages_t> * 2 - 1);
+  auto status = deserialize_data(provider, choice, std::make_index_sequence<std::tuple_size_v<messages_t>>{});
+  return status.ok() ? 0 : 1;
+}

include/hpp_proto/duration_codec.hpp

@@ -40,7 +40,7 @@ struct duration_codec {
     assert(b.size() >= max_encode_size(value));
 
     auto *buf = std::data(b);
-    auto ix = std::distance(buf, glz::to_chars(buf, value.seconds));
+    auto ix = static_cast<std::size_t>(std::distance(buf, glz::to_chars(buf, value.seconds)));
 
     if (value.nanos != 0) {
       int32_t nanos = std::abs(value.nanos);
@@ -51,7 +51,7 @@ struct duration_codec {
       ix += 8;
     }
     glz::detail::dump_unchecked<'s'>(b, ix);
-    return ix;
+    return static_cast<int64_t>(ix);
   }
 
   // NOLINTNEXTLINE(bugprone-easily-swappable-parameters)