hngopher.com

       [HN Gopher] Add experimental fuzz test support for Go 1.17
       ___________________________________________________________________
        
       Add experimental fuzz test support for Go 1.17
        
       Author : typical182
       Score  : 50 points
       Date   : 2021-02-23 18:21 UTC (4 hours ago)
        
 (HTM) web link (github.com)
 (TXT) w3m dump (github.com)
        
       | sitkack wrote:
       | Does anyone have experience with Gopter, a Golang Property Based
       | testing library? https://github.com/leanovate/gopter
        
         | motiejus wrote:
         | I do.
         | 
         | I implemented a specialized json-patch and tested it with
         | gopter.
         | 
         | My colleague implemented an equivalent of `openssl passwd` in
         | go and used gopter to test it (comparing outputs between his
         | implementation and what openssl returns).
         | 
         | Needless to say, gopter found subtle bugs in both cases.
         | 
         | I came to property-testing from PropEr (erlang), and was
         | pleasantly surprised how well gopter worked for us.
        
           | jacques_chester wrote:
           | > _My colleague implemented an equivalent of `openssl passwd`
           | in go and used gopter to test it (comparing outputs between
           | his implementation and what openssl returns)._
           | 
           | Could you talk more about this? I'd love to see the code or
           | any other docs you might have.
        
             | motiejus wrote:
             | It's a re-implementation of
             | https://akkadia.org/drepper/SHA-crypt.txt in Go. Because
             | Linux does not support shadow in bcrypt or scrypt. Also see
             | https://access.redhat.com/articles/1519843.
             | 
             | Unfortunately, none of that is open source.
        
           | nerpderp82 wrote:
           | I would like to +1 jacque's request. I would also be really
           | interested in a rundown of gopter.
        
       | slaymaker1907 wrote:
       | I really hope this is a trend and randomized testing just becomes
       | part of standard testing tools. I used jqwik extensively at my
       | last job and it was very useful for finding issues with null on
       | objects with lots of fields.
       | 
       | It's much easier to just describe how to construct data rather
       | than coming up with test data and edge cases yourself. Sure you
       | might have test cases for every nullable field, but do you have
       | tests for every pair of nullable fields?
       | 
       | I also found some interesting behavior this way.
       | StringUtils.trimToNull(str) == null is actually not the same as
       | checking if a string is blank due to weird unicode peculiarities.
        
       | shakezula wrote:
       | I like this idea a lot and I think I support adding it directly
       | to the testing library. Fuzz testing has been pretty valuable to
       | me in my time using it with Go and I would love to see it have
       | more widespread support.
        
         | omginternets wrote:
         | Agreed. GoFuzz has been a huge asset for me, but it
         | occasionally suffers bugs due to the fact that it's hacking the
         | runtime to some extent. IMHO that makes fuzzing an excellent
         | candidate for inclusion in the standard toolchain.
        
       | benhoyt wrote:
       | Go tests and benchmarks are so easy to write and run: just add
       | TestFoo and BenchmarkFoo functions to a bar_test.go file, and "go
       | test" does the rest. It's currently doable, but it requires a 3rd
       | party library (go-fuzz) and a bit of fluffing around. This will
       | make fuzz testing an equally first-class citizen with standard Go
       | tooling (just add FuzzFoo), and as such we'll probably see a lot
       | more people testing with fuzzing.
       | 
       | I used go-fuzz in GoAWK and it found several bugs (see
       | https://benhoyt.com/writings/goawk/#fuzz-testing), and almost
       | everyone who's done fuzz testing has similar reports. Certainly
       | go-fuzz has found many, many bugs in Go itself:
       | https://github.com/dvyukov/go-fuzz#trophies
       | 
       | For what it's worth, I wrote an article for LWN about the
       | upcoming support for built-in fuzzing in Go:
       | https://lwn.net/Articles/829242/ (of course, if you want full
       | details, read the full proposal).
        
         | zimpenfish wrote:
         | > and almost everyone who's done fuzz testing has similar
         | reports.
         | 
         | Added fuzzing at a recent place and yep, everything went to
         | hell. About to add fuzzing at current place where everything
         | will almost certainly go to hell but at least there's
         | institutional will to fix the issues and no legacy crippling
         | what fixes can be made.
        
       ___________________________________________________________________
       (page generated 2021-02-23 23:01 UTC)