如何在Go 1.18中模糊化一个nil值?

huangapple go评论89阅读模式
英文:

How do I fuzz a nil value in Go 1.18?

问题

我正在尝试使用Go 1.18的go test -fuzz命令对空值进行模糊测试,以确保在尝试解引用指向字符串的指针之前,我没有忘记进行安全检查。

以下是我的尝试:

// main.go
package main

import (
	"fmt"
)

func HandleString(s *string) {
	// 最常见的程序员错误是在没有进行安全检查的情况下解引用空指针
	fmt.Println(*s)
}

func main() {
	s := "Hello, world"
	HandleString(&s)
}
// main_test.go
package main

import "testing"

func FuzzHandleString(f *testing.F) {
	h := "hello world"
	for _, seed := range []*string{nil, new(string), &h} {
		f.Add(seed)
	}
	f.Fuzz(func(t *testing.T, in *string) {
		HandleString(in)
	})
}

不幸的是,我收到一个错误,说go fuzz不支持指针,只支持字符串数据类型。

我找到了一个解决方法,将我的测试代码写成这样:

package main

import "testing"

func FuzzHandleString(f *testing.F) {
	h := "hello world"
	for _, seed := range []string{"-1", "", h} {
		f.Add(seed)
	}
	f.Fuzz(func(t *testing.T, in string) {
		if in == "-1" {
			HandleString(nil)
		} else {
			HandleString(&in)
		}
	})
}

这是一个糟糕的设计,使得种子数据数组不容易重用,并且需要在每个模糊函数中添加逻辑来欺骗我的方法接受空值。

肯定有我没有想到的更好的方法吧?

谢谢。

英文:

I am trying to use Go 1.18 go test -fuzz command to fuzz nil values so that I can ensure I didn't forget safety checks before attempting to dereference a pointer to a string.

Here is my attempt:

// main.go
package main

import (
	"fmt"
)

func HandleString(s *string) {
	// most common programmer error is dereferencing nil pointers without safety checks
	fmt.Println(*s)
}

func main() {
	s := "Hello, world"
	HandleString(&s)
}
// main_test.go
package main

import "testing"

func FuzzHandleString(f *testing.F) {
	h := "hello world"
	for _, seed := range []*string{nil, new(string), &h} {
		f.Add(seed)
	}
	f.Fuzz(func(t *testing.T, in *string) {
		HandleString(in)
	})
}

Unfortunately i get an error saying go fuzz doesn't support pointers and only supports the string datatype.

I found a workaround by writing my test like this:

package main

import "testing"

func FuzzHandleString(f *testing.F) {
	h := "hello world"
	for _, seed := range []string{"-1", "", h} {
		f.Add(seed)
	}
	f.Fuzz(func(t *testing.T, in string) {
		if in == "-1" {
			HandleString(nil)
		} else {
			HandleString(&in)
		}
	})
}

This is a horrible design, and makes the seed data array not easily reusable , and requires logic in every fuzz function to trick my method into taking a nil value.

Surely there has to be a better way I didn't think of?

Thanks

答案1

得分: 3

你的代码有些尴尬,因为这不是fuzzing的用途。Fuzzing是为了在函数中输入随机值,以测试可能没有考虑到的边界情况。

你所做的更像是边界测试。你有一些已知的棘手输入,比如nil、空字符串或空数组。应该在它们自己的单元测试中进行测试。

最后,我要质疑为什么nilhandleString的有效输入。nil不是一个字符串。除非有充分的理由,否则它应该是一个错误,并且你应该对该错误进行测试。

英文:

Your code is awkward because this is not what fuzzing is for. Fuzzing is to throw random values at your functions to test edge cases you may not have thought about.

What you're doing is more like bounds testing. You have a known tricky inputs like nil, or empty string, or an empty array. Test them in their own unit tests.

Finally, I'd question why nil is a valid input to handleString. nil is not a string. It should be an error, unless there's a good reason otherwise, and you should be testing for that error.

huangapple
  • 本文由 发表于 2022年3月19日 04:54:35
  • 转载请务必保留本文链接:https://go.coder-hub.com/71533100.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定