Go: Fuzz Testing in Go

Vincent
A Journey With Go
Published in
5 min readOct 25, 2019

--

Illustration created for “A Journey With Go”, made from the original Go Gopher, created by Renee French.

Fuzzing is a testing technique that loads our program with random data. It is complementary to the usual testing and allows developers to find bugs that would be hard to find with manual generated input. Fuzzing is quite easy to set up in Go programs and can be adapted to almost all kinds of code.

Fuzzing projects

Two projects are available in the Go community for fuzzing: gofuzz by Google and go-fuzz by Dmitry Vyukov, that also works for Google. Both are useful and applicable for different usage. Let’s review them one by one:

  • gofuzz provides a package that can populate your Go struct with random values. It is now your responsibility to write your tests and call this package to get randomized data. This package is perfect when you want fuzzing structured data. Here is an example with fuzzing a struct 50,000 times with random data where the pointers/slice/map have 50% chance to be set as null:
fuzzing structured data
  • go-fuzz is based on the American Fuzzy Lop that has found hundreds of bugs in the most famous software/libraries. Go-Fuzz will run continuously and generate random strings based on the samples you have provided. Then, you will have to parse those strings and…

--

--

Responses (1)