fuzzpackage is organized into subpackages which are named after the
lndpackage they test. Each subpackage has its own set of fuzz targets.
go-fuzzwill print out log lines every couple of seconds. Example output:
go-fuzzmay add valid inputs to the corpus in an attempt to gain more coverage. Crashers is the number of inputs resulting in a crash. The inputs, and their outputs are logged by default in:
go-fuzzalso creates a
suppressionsdirectory of stacktraces to ignore so that it doesn't create duplicate stacktraces. Cover is a number representing edge coverage of the program being fuzzed.
run_timespecifies how long each fuzz harness runs for. The default is 30 seconds.
timeoutspecifies how long an individual testcase can run before raising an error. The default is 20 seconds.
processesspecifies the number of parallel processes to use while running the harnesses.
lndpackages to build or fuzz. The default is to build and run all available packages (
brontide lnwire wtwire zpay32). This can be changed to build/run against individual packages.
base_workdirspecifies the workspace of the fuzzer. This folder will contain the corpus, crashers, and suppressions.
go-fuzzautomatically minimizes the corpus in-memory before fuzzing so a large corpus shouldn't make a difference.