By now hopefully everybody has heard about Dmitry Vyukov's go-fuzz: https://github.com/dvyukov/go-fuzz
This randomized testing tool has found a huge number of bugs in the standard library. But it has been used in relatively few third-party packages.
In the week or so leading up to the release of 1.5, we as a community should turn out attention to the rest of the ecosystem. Go is already known for reliability due to the ingrained habit of error checking. Gracefully handling unexpected inputs is another area in which we ought to excel.
Getting started is straight forward -- the README file lays out the steps: https://github.com/dvyukov/go-fuzz/blob/master/README.md
You can start with your own packages, a dependency you use, or just pick a random one from https://github.com/avelino/awesome-go . Good candidates are file formats, protocols, and parsers. Basically anything that's dealing with user input in some form.
For the bugs you find, file a bug to the repository, preferably with a fix. And don't forget to file one to update go-fuzz's trophy case.
It doens't take a lot of time, either. Dmitry has obviously expended lots of CPU time across all the packages he tested, but even 30 minutes of fuzzing on a laptop is enough to generally shake out a few crashers.
Tweet your successes tagging it with #golangfuzz
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to