validate circular default values#4253
Merged
andimarek merged 3 commits intoMay 19, 2026
Merged
Conversation
jbellenger
changed the title
viaductbot
pushed a commit
to airbnb/viaduct
that referenced
this pull request
Feb 19, 2026
A recent change to use the IR value generator to produce default values for arbitrary schemas exposed a class of issues related to cyclic input values.
For example, consider this sdl:
```graphql
input A { b: B = {} }
input B { a: A = {} }
```
The spec considers this configuration invalid (see [InputObjectDefaultValueHasCycle](https://spec.graphql.org/draft/#sec-Input-Object-Default-Value-Has-Cycle)), because the coerced default value for `A.b` is an infinitely large object `{a: {b: {a: ...}}}`.
The change introduced in #998226 allowed generating more edge-casey default values in a schema, including invalid types like what's described above.
To make things slightly worse, these invalid schemas were only detected at execution time via a StackOverflow in graphql-java. I've put up a PR for graphql-java to reject these kinds of invalid schemas during the validation phase, which we should get the next time we update:
graphql-java/graphql-java#4253
This PR updates the IR value generator to not generate values like the above. It uses strongly-connected component analysis to generate explicit values for fields where required. This allows us to keep generating interesting edge cases that we can use for testing.
Github-Change-Id: 999823
GitOrigin-RevId: 7e54ef25732b5bb8245d1a86cd828b6fc9d3edda
Contributor
Test ReportTest Results
Code Coverage (Java 25)
Changed Class Coverage (1 class)
|
andimarek
force-pushed
the
jbellenger-circular-input-defaults
branch
from
2c7bfff to
1b6f904
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Input object fields can define default values in ways that form cycles. For example in this schema:
types A and B form a cycle with their default values, such that the coerced default value of
A.bis an infinitely nested ObjectValue like{a: {b: {a: {...}}}Today, this sdl can be parsed into a GraphQLSchema object, though a StackOverflow will be thrown during execution if the system encounters a value for one of these types.
The spec added an InputObjectDefaultValueHasCycle algorithm to handle this case. This PR implements this algorithm as a
NoDefaultValueCircularRefsvalidator which allows these cyclic schemas to be rejected during validation.This behavior matches graphql-js v17, which added a similar validation in this pr