trianglesphere
commented
2 years ago The two things I found when doing some brief research where https://google.github.io/clusterfuzz/ and clusterfuzzlite. The lite version could kinda be hacked into CI, but currently we just use golang's tooling to run a very brief fuzz in CI (probably worth pulling out as it doesn't get deep coverage, just shallow coverage).
We use Go 1.18 fuzzing for encoding/decoding tests primarily now, but this will expand and become more important once we get closer to Bedrock launch.
Fuzzing should run for longer, outside of CI, and maintain a persistent fuzzing corpus + regression tests (The
**/testdata/fuzz/files that we don't check into this git repo).Ideally we host a fuzzing cluster on dedicated hardware, and maintain a separate repository to store a fuzzing corpus.