New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cmd/compile: coverage instrumentation for fuzzing #14565

Open
dvyukov opened this Issue Feb 29, 2016 · 1 comment

Comments

Projects
None yet
1 participant
@dvyukov
Member

dvyukov commented Feb 29, 2016

Go-fuzz (https://github.com/dvyukov/go-fuzz) is quite successful at finding bugs in Go code and reasonably widely used in Go community. However there are several problems with the current go-fuzz implementation that hinder wider adoption (in particular internal adoption at Google):

  1. go-fuzz mimics go tool build logic, which leads to constant breakages.
  2. go-fuzz-build does not handle cgo, and it is hard to implement.
  3. coverage instrumentation is source-to-source, which makes it very difficult to integrate with other build systems.
  4. source-to-source transformation can't handle all cases and has limited transformation capabilities (e.g. instrumenting && is tough). Some code patterns can be mishandled or lead to build failures.
  5. source-to-source transformation produces slow code (lots of closures).

Ideally we have coverage instrumentation in compiler, and corresponding support in go tool. Something similar to -race flag, which triggers compiler instrumentation and adds race build tag.

@dvyukov dvyukov added this to the Unplanned milestone Feb 29, 2016

@dvyukov

This comment has been minimized.

Member

dvyukov commented Feb 29, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment