On 10/22/19 1:21 PM, Vinnie Falco via Boost wrote:
On Tue, Oct 22, 2019 at 12:55 PM Mateusz Loskot via Boost
wrote: I'd consider covering the thing with https://google.github.io/oss-fuzz/ instead.
My strategy for ensuring correctness is two-fold.
<snip> I read all that. I'm not convinced but I'm sure that's just me. The basic problem is that there's huge amount of manual labor to verify that the test strings are parsed correctly. This issue isn't addressed by giving it to some auditing company or running more test cases. With my method, one specifies and verifies the grammar as a separate entity. It's not a huge job for something like JSON. (for xml - a different kettle of fish). Then for each test string - wherever you get them, the results of the hand generated parse MUST be identical to the spirit generated one. If in the future some question arises regarding a particular case, just at it to the list and re-run tests. If someone "fixes" the hand rolled parser, it's trivial to re-run all the tests again. My real point is that specifying one's grammar using a version of spirit is an activity which can be done in a way that is in a real sense provably correct - which the other methods you cite aren't. I really believe that using this approach will save thousands of man hours. And it's not difficult to try out - probably a couple of days learning spirit and one day writing the JSON grammar in spirit template code. If that - it's quite likely that someone has already writen the parser for JSON in terms of spirit. My argument is basically one of the most economical method to guarantee correct results. Robert Ramey