Improving Fuzzing in Golang 1.19
Golang was the first programming language to support fuzzing as a first-class experience in version 1.18. This made it really easy for developers to write fuzz tests. Golang 1.14 introduced native compiler instrumentation for libFuzzer, which enables the use of libFuzzer to fuzz Go code. libFuzzer is one of the most advanced and widely used fuzzing engines and provides the most effective method to fuzz Go code.
Below, I want to discuss the various improvements we performed for the libFuzzer mode in Go and show examples of the benefits they bring. In this work, we improved Go’s instrumentation to provide libFuzzer with better signals to guide its mutation and thus explore the tested code more effectively. These improvements are now integrated upstream and will be released in Golang 1.19.
In Go 1.14, native compiler instrumentation for libFuzzer was added. This code coverage instrumentation within the compiler provides the basis for tools that make use of the feedback. Using -gcflags=all=-d=libfuzzer -buildmode=c-archive as arguments to go build, we can produce a C archive file that contains the instrumented code from the main package and all packages it imports. This archive can then be linked in with libFuzzer manually to produce the final fuzzer. go114-fuzz-build can be used as a wrapper to simplify the process of creating the C-archive.
