Documentation ¶
Overview ¶
Package fuzzer supports fuzzing rich signatures via the Fill method, as well as the ability to automatically chain Steps together under the control of the fuzzer using the Chain method.
Package fuzzer can be used completely independently from the fzgen command by manually constructing fuzzing functions, or the fzgen command can be used to automatically create wrappers that use package fuzzer.
See the project README for additional information:
https://github.com/thepudds/fzgen
Index ¶
Constants ¶
This section is empty.
Variables ¶
var SupportedInterfaces = randparam.SupportedInterfaces
SupportedInterfaces enumerates interfaces that can be filled by Fill(&obj).
Functions ¶
func ChainParallel ¶
ChainParallel indicates the Fuzzer is allowed to run the defined set of Steps in parallel. The Fuzzer can choose to run all selected Steps in parallel, though most often prefers to run only a portion of Steps in parallel in a single Chain execution in order to increase deterministic behavior and help the underlying fuzzing engine evolve interesting inputs. Care is taken so that a given corpus will result in the same Steps executing with the same arguments regardless of whether or not ChainParallel is set.
ChainParallel is most often useful with the race detector, such as 'go test -fuzz=. -race', though because the race detector can have 10x-20x performance impact, one approach is to run for a period of time with ChainParallel set but without the race detector to build up a larger corpus faster, and then later run with the race detector enabled.
Types ¶
type Fuzzer ¶
type Fuzzer struct {
// contains filtered or unexported fields
}
Fuzzer is a utility object that can fill in many types such as io.Reader, structs, maps, and so on, as well as supports chaining over a set of functions in sequence, including connecting output to inputs and re-using inputs (e.g., to help exercise APIs like a Store followed by a Load). Conventially called 'fz'.
func NewFuzzer ¶
NewFuzzer returns a Fuzzer, which relies on the input data []byte to control its subsequent operations. In the future, NewFuzzer may take options, though currently does not.
func (*Fuzzer) Chain ¶
Chain invokes a set of Steps, looking for problematic sequences and input arguments. The Fuzzer chooses which Steps to calls and how often to call them, then creates any needed arguments, and calls the Steps in a sequence selected by the fuzzer. The only current option is ChainOptParallel. If the last return value of a Step is of type error and a non-nil value is returned, this indicates a sequence of Steps should stop execution, The only current option is ChainOptParallel.
func (*Fuzzer) Fill ¶
func (fz *Fuzzer) Fill(x ...interface{})
Fill fills in most simple types, maps, slices, arrays, and recursively fills any public members of x. It supports about 20 or so common interfaces, such as io.Reader, io.Writer, or io.ReadWriter. See SupportedInterfaces for current list of supported interfaces. Callers pass in a pointer to the object to fill, such as:
var i int Fill(&i) var r io.Reader Fill(&r) var s1, s2 string Fill(&s1, &s2)
Fill ignores channels, func pointers, complex64, complex128, and uintptr, For number, string, and []byte types, it tries to populate the obj value with literals found in the initial input []byte.
In order to maximize deterministic behavior, help guide the fuzzing engine, and allow for generation of reproducers, Fill must not be called from within the Steps used with Chain. If you need additional values within a Step, add them as parameters to the Step, and Chain will fill those parameters.