Fuchsia‘s Go toolchain supports fuzzing Go packages using LLVM’s libFuzzer. Most of the information in C/C++ fuzzing guide still applies. This document only focuses on the details specific to Go.
You need to implement a fuzz target function that accepts a slice of bytes and does something interesting with these bytes using the API under test. libFuzzer then searches for inputs that cause the function to panic.
Example:
func Fuzz(s []byte) { DoSomethingInterestingWithMyAPI(s) }
This is directly analogous to a fuzz target function in C.
The go_fuzzer
GN template generates a GN target that compiles the Go fuzz target function into a C object file that it then links with libFuzzer.
To build a Go fuzzer:
func Fuzz(s []byte)
to a Go package and export it. Alternatively, you may create new Go package if no existing package is a good fit.go_library
GN target.go_fuzzer
(//build/go/go_fuzzer.gni
) GN target to build the package containing the fuzz target function. Make sure to include the go_library
in [deps
](gn deps).fuzzers_package
(//build/fuzzing/fuzzer.gni
) GN target that bundles the fuzzer into a deployable package. This is explained further in the [fuzzers_package documentation](fuzzers_package docs).After this, you can continue following Fuzz testing in Fuchsia with LibFuzzer's generic instructions. For example, see its Quick-start guide for how to use the fx fuzz
commands.
For a complete example, see the example Go fuzzer in //examples/fuzzer/go/BUILD.gn.