Go: Fuzzing Is Beta Ready

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Our great sponsors
  • Sonar - Write Clean Python Code. Always.
  • InfluxDB - Access the most powerful time series database as a service
  • SaaSHub - Software Alternatives and Reviews
  • go

    The Go programming language

    IIRC there was this [1] issue that some people pushed for a couple of years. Then at some point, this other one [2] became the new one for it (which has Kate Hockman as the issue creator).

    It's been a multi-year effort, so congrats to those who've made it happen.

    [1] https://github.com/golang/go/issues/19109

    [2] https://github.com/golang/go/issues/44551

  • hypothesis

    Hypothesis is a powerful, flexible, and easy to use library for property-based testing.

    People can have different definitions and still communicate usefully, and I think there is not 100% agreement on the exact boundaries between the two.

    That said, for me: they are distinct but related, and that distinction is useful.

    For example, Hypothesis is a popular property testing framework. The authors have more recently created HypoFuzz, which includes this sentence in the introduction:

    “HypoFuzz runs your property-based test suite, using cutting-edge fuzzing techniques and coverage instrumentation to find even the rarest inputs which trigger an error.”

    Being able to talk about fuzzing and property testing as distinct things seems useful — saying something like “We added fuzzing techniques to our property testing framework“ is more meaningful than “We added property testing techniques to our property testing framework“ ;-)

    My personal hope is there will be more convergence, and work to add first-class fuzzing support in a popular language like Go will hopefully help move the primary use case for fuzzing to be about correctness, with security moving to an important but secondary use case.

    [0] https://hypothesis.works

  • Sonar

    Write Clean Python Code. Always.. Sonar helps you commit clean code every time. With over 225 unique rules to find Python bugs, code smells & vulnerabilities, Sonar finds the issues while you focus on the work.

  • deepstate

    A unit test-like interface for fuzzing and symbolic execution

    DeepState [1] is a tool that lets you write Google Test-style unit tests, as well as property tests, in either C or C++, and plug in fuzzers and symbolic executors. That is, DeepState bridges this gap between fuzz testing and property testing.

    [1] https://github.com/trailofbits/deepstate

  • go-fuzz

    Randomized testing for Go

    > it shows the limitations of the language that you can't just build this inside the language.

    Not sure why you'd make that assumption. https://github.com/dvyukov/go-fuzz

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts