Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[dev.fuzz] x/website: write a guide for fuzzing #48255

Open
jayconrod opened this issue Sep 8, 2021 · 1 comment
Open

[dev.fuzz] x/website: write a guide for fuzzing #48255

jayconrod opened this issue Sep 8, 2021 · 1 comment

Comments

@jayconrod
Copy link
Contributor

@jayconrod jayconrod commented Sep 8, 2021

We expect to have many users that are encountering fuzzing for the first time. We should write a thorough guide on how to use fuzzing effectively with that audience in mind.

An introductory guide should cover, at minimum:

  • What fuzzing is.
  • What fuzzing is good for (and not good for).
  • How to write a fuzz target.
  • How to run fuzzing with go test -fuzz=target, with information about relevant flags.
  • What to do with a crasher if one is found
  • Strategies for helping the fuzzer if it isn't finding any crashers after running for a while
  • Current limitations of the native fuzzing support (e.g. it stops running after the first crash is found, it isn't currently supported to easily integrate with CI)

Some advanced topics that could be covered in other guides:

  • Choosing a good seed corpus.
  • Measuring coverage.
  • Differential fuzzing.
  • Fuzzing continuously.
@jayconrod
Copy link
Contributor Author

@jayconrod jayconrod commented Sep 15, 2021

We should reconsider what documentation should be part of the go command and where that should be located. Currently, I'm thinking:

  • The testing package documentation should have a section on writing a fuzz target. It should explain the signature for the fuzz target (must take a *testing.F), what it must do (call F.Add then F.Fuzz), and what testing will do with it when fuzzing is enabled and disabled. This is meant to be reference documentation.
  • go help test and go help testflag should explain all flags, including those related to fuzzing. They should be kept brief, pointing to other sources for more explanation.
  • One or more guides on the website should tie this all together. Most users should read those first.
  • We should delete go help fuzz. It will be redundant with the guides.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants