Boost logo

Boost :

From: Robert Ramey (ramey_at_[hidden])
Date: 2019-10-22 20:36:02


On 10/22/19 1:21 PM, Vinnie Falco via Boost wrote:
> On Tue, Oct 22, 2019 at 12:55 PM Mateusz Loskot via Boost
> <boost_at_[hidden]> wrote:
>> I'd consider covering the thing with https://google.github.io/oss-fuzz/ instead.
>
> My strategy for ensuring correctness is two-fold.

<snip>

I read all that. I'm not convinced but I'm sure that's just me.

The basic problem is that there's huge amount of manual labor to verify
that the test strings are parsed correctly. This issue isn't addressed
by giving it to some auditing company or running more test cases.

With my method, one specifies and verifies the grammar as a separate
entity. It's not a huge job for something like JSON. (for xml - a
different kettle of fish). Then for each test string - wherever you get
them, the results of the hand generated parse MUST be identical to the
spirit generated one. If in the future some question arises regarding
a particular case, just at it to the list and re-run tests. If someone
"fixes" the hand rolled parser, it's trivial to re-run all the tests again.

My real point is that specifying one's grammar using a version of spirit
is an activity which can be done in a way that is in a real sense
provably correct - which the other methods you cite aren't. I really
believe that using this approach will save thousands of man hours. And
it's not difficult to try out - probably a couple of days learning
spirit and one day writing the JSON grammar in spirit template code. If
that - it's quite likely that someone has already writen the parser for
JSON in terms of spirit.

My argument is basically one of the most economical method to guarantee
correct results.

Robert Ramey


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk