Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Do recursive shrinking without recursive function calls #294

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

neithernut
Copy link

@neithernut neithernut commented Jun 12, 2021

We try to shrink values recursively, i.e. when a shrunk value witnesses a failure, we'd shrink that value further. Previously, this recursion would be implemented via actual control flow recursion, i.e. a function calling itself. Since the recursion could not be unrolled by the compiler, this could result in stack overflows in some situations.

Albeit such an overflow would often hint at a faulty shrinker (e.g. a shrinker yielding the original value), the stack overflow could also occur in other situations.

Fixes #285.

We try to shrink values recursively, i.e. when a shrunk value witnesses
a failure, we'd shrink that value further. Previously, this recursion
would be implemented via actual control flow recursion, i.e. a function
calling itself. Since the recursion could not be unrolled by the
compiler, this could result in stack overflows in some situations.

Albeit such an overflow would often hint at a faulty shrinker (e.g. a
shrinker yielding the original value), the stack overflow could also
occur in other situations.

This change switches from a recursive control flow to explicitly
swapping out the shrinking iterator during the iteration.
@neithernut
Copy link
Author

This change is not yet tested. Also, I'm not sure whether or not the shrink_failure function should be integrated into the final match. I suspect the primary reason to have a separate function in the first place was the recursion (although it doesn't say so explicitly in 5b19e7c).

In the past, shrinking was implemented using recursion in the control
flow. `shrink_failure` would call itself. That function was introduced
originally in

        5b19e7c

presumably in order to implement recursive shrinking. However, we
recently choose an approach which would not rely on recursive control
flow but on swapping out an iterator. Thus, the reason why
`shrink_failure` existed in the first place doesn't exist any more.
This change moves the logic in its original place, but also replaces the
`match` which enclosed the call to `shrink_failure` with an `if`.
@neithernut
Copy link
Author

Sadly, I couldn't reproduce the failure using the reproducer from #285 (because the probability of hitting integer overflows is much higher). Hence, I used the following artificial test-case:

#[derive(Clone, Debug)]
struct Num(u32);

impl Arbitrary for Num {
    fn arbitrary(g: &mut Gen) -> Self {
        Num(u32::arbitrary(g) & 0x00ffffff) // Replace with contrete num if needed
    }

    fn shrink(&self) -> Box<dyn Iterator<Item = Self>> {
        Box::new(self.0.checked_sub(1).map(Num).into_iter())
    }
}

fn fail(n: Num) -> bool {
    n.0 < 3
}

quickcheck(fail as fn (Num) -> bool)

While this would provoke a stack overflow on defde6f I'd get the expected '[quickcheck] TEST FAILED. Arguments: (Num(3)) with these changes.

@neithernut neithernut marked this pull request as ready for review June 12, 2021 14:00
@neithernut
Copy link
Author

Just wanted to note: with these changes, faulty shrinkers which would previously provoke a stack-overflow may now produce endless repetition of a test for a small set of values (e.g. a single value).

It would thus be a good idea to bound the number of reproductions. We could introduce another setting to Gen which could be configured through an environment variable (e.g. QUICKCHECK_REPRODUCTIONS). I decided to hold off crafting such changes for now, as they would conflict with #287.

@jonhoo
Copy link

jonhoo commented Oct 24, 2023

Just came across a use-case where I hit the recursion limit (and where I actually don't think a bug is involved), and this PR looks reasonable to me. @BurntSushi given your comment in #285 (comment), it'd be useful to get your guidance on whether you think this is an acceptable path to take, or if not, what kind of shape you'd like to see an acceptable solution take.

@Velnbur
Copy link

Velnbur commented Oct 7, 2024

+, @BurntSushi encountered this issue too

wrsturgeon added a commit to wrsturgeon/quickcheck-without-recursion that referenced this pull request Dec 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Stack overflow in quickcheck case shrinking
3 participants