Google is committed to advancing racial equity for Black communities. See how.

Fuzz testing Go in Fuchsia

Fuchsia's Go toolchain supports fuzzing Go packages using LLVM's libFuzzer. Most of the information in C/C++ fuzzing guide still applies. This document only focuses on the details specific to Go.

Write a Go fuzzer

You need to implement a fuzz target function that accepts a slice of bytes and does something interesting with these bytes using the API under test. libFuzzer then searches for inputs that cause the function to panic.

Example:

func Fuzz(s []byte) {
    DoSomethingInterestingWithMyAPI(s)
}

This is directly analogous to a fuzz target function in C.

Build a Go fuzzer

The go_fuzzer GN template generates a GN target that compiles the Go fuzz target function into a C object file that it then links with libFuzzer.

To build a Go fuzzer:

  1. Add a function func Fuzz(s []byte) to a Go package and export it. Alternatively, you may create new Go package if no existing package is a good fit.
  2. Ensure the Go package in the previous step is available as a go_library GN target.
  3. Write a go_fuzzer (//build/go/go_fuzzer.gni) GN target to build the package containing the fuzz target function. Make sure to include the go_library in deps.
  4. Write a fuzzers_package (//build/fuzzing/fuzzer.gni) GN target that bundles the fuzzer into a deployable package. This is explained further in the fuzzers_package documentation.

After this, you can continue following Fuzz testing in Fuchsia with LibFuzzer's generic instructions. For example, see its Quick-start guide for how to use the fx fuzz commands.

For a complete example, see the example Go fuzzer in //examples/fuzzer/go/BUILD.gn.