New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Resolves #334 - Bumping Deserializer's default recursion limit to 1024 #346
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! From the issue you filed, it sounds like you are interested in increasing the recursion limit for your use case. If this is going to be configurable, we need to evaluate whether u8 is the right type. How do you know 255 is enough for your use case?
I do not have enough samples to be sure, but you are right, I suspect that 255 might not be sufficient. |
Is there any advantage to using a small integer? The value is stored right next to a |
Fine by me. |
Usize seems fine. But we will need to check benchmarks before merging because such a change would affect even users who do not change the recursion limit. |
@dtolnay How do you check this? Do you have benchmarks at hand? |
I would look at
|
Benchmark results on my machine: Before change:
Changing
There's apparently a regression of 0.3ms on parsing Changing
which looks like a 0.1ms improvement on canada.json and citm_catalog.json. So, I'd go ahead with |
Yes let's go with usize. Thanks for taking care of that! |
@dtolnay Ready when you are :) |
I think the remaining things to figure out here are:
|
|
src/de.rs
Outdated
} | ||
|
||
impl<'de, R> Deserializer<R> | ||
where | ||
R: read::Read<'de>, | ||
{ | ||
/// Create a JSON deserializer from one of the possible serde_json input | ||
/// sources. | ||
/// sources. By default, it has a recursion limit of 128. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should say 1024.
Could you check on the failing test case? |
Benchmarks indicate that changing `remaining_depth` from `u8` to `usize` doesn't cause any performance regression (on my computer, it actually marginally improves performance), so we perform this change and take the opportunity to bump the value to a more generous depth of 1024. Resolves serde-rs#334 - Implementing Serializer::with_recursion_limit
@dtolnay Ah, I hadn't seen that test. Fixed. |
Of course, I realize that this since the default value of 1024 actually blows up Rust's stack, the patch may be problematic. |
Yes, the whole point of the recursion limit is to limit the ability of untrusted JSON input to crash your program. 😿 Are you able to get by for now with a fork of serde_json that exposes this setting? I can try to get things moving on serde-rs/serde#644 again. |
Let's continue to track this in #334. |
No description provided.