appendix FFuzzing

Testing plays a crucial role in software development. We’ve already explored unit tests, test-driven development, and benchmarks, so in this appendix, we’ll introduce fuzz testing.

F.1 A new testing method

Fuzzing is a testing technique where smartly generated random input data is fed into the function under test. Fuzzers try to guess what input will cover new code paths. Fuzz tests complement traditional unit tests rather than replace them. They are particularly powerful for uncovering new bugs, crashes, and edge cases that might be missed otherwise. Fuzz testing was introduced in Go 1.18 as a built-in feature of the standard toolbox, simplifying our lives as developers. In real-world applications, fuzzing is instrumental in discovering critical problems such as security vulnerabilities, SQL injection flaws, and other potential breaches that could be exploited by malicious actors. By rigorously testing your code with a wide range of inputs, you ensure not only its correctness but also its resilience against real-world attacks. Fuzzing is also an amazing tool to ensure that two functions behave the same for identical inputs, which is great when we have to refactor some code and write a new version of a function.

F.2 How it works

F.3 Writing a first test

F.3.1 Function under test

F.3.2 Fuzz test

F.4 Running and interpreting fuzz tests

F.5 Fixing the breach

F.6 Best practices and common pitfalls