Maximum nesting level limit and efficiency (Re: json-stream-read should validate json too) Amirouche Boubekki 23 Jan 2020 18:54 UTC

> to stay safe, it must have nesting level limit.

I agree with my past self.

I am testing json-fold.  The following test file:

  $ wc -c files/n_structure_open_array_object.json
  250001 files/n_structure_open_array_object.json

Put the library under heavy pressure. The JSON file is invalid because
it does not close the arrays and objects it opens. It does NOT crash
the interpreter but the doom of a DOS is looming Earth Scheme software

The implementation in master is much much faster but still it would be
noticeable and can in heavy workloads inflict performance problems.

That is why, I would prefer to add a parameter json-max-nesting-level
that would be 42 by default. Regarding the test suite, there is  at
least i_structure_500_nested_arrays.json for which I will change the
paramter so that it pass.

The trampoline CPS code of the sample implementation has still the
merits to exists and is robust: it does not crash chibi scheme. In the
light of those latest results, it is clear to me that there are more
than nips and tricks: trampoline code is slow. The specification does
not and will not prescribe a trampoline-cps style.  People that prefer
maintainability and efficiency will want to implement the
specification, to implement it in direct style and make sure they try
take into account the parameter.