Differential Fuzzing between multiple languages

[DragonDev1906]

I have two implementations of the same logic, one in Go and one in Rust, and would like to use differential fuzzing to compare them.

Is there a better way to compare against a binary you cannot easily call in-process from Rust, other than spawning it in a separate process in every single fuzzing run?
I thought about having it in a single longer-running process (using inter process communication) to reduce overhead from spawning processes, but I couldn't find a good way to start/shutdown that process automatically whenever cargo-fuzz runs a target (given that there is no main function).

Another option I can think of is writing a Fuzzer in Go and calling the Rust code from there (using CGo). As far as I can tell both options are only aware and only use instrumentation/coverage on one of the two languages.

Any input on this would be welcome.

P.S. I've seen POLYFUZZ, but it unfortunately does not support Go.

[fitzgen]

libfuzzer is really designed for fuzz targets where you can directly link and call all the code inside the fuzz target. FWIW, we do differential fuzzing quite extensively in Wasmtime and Cranelift, but we link everything into the same binary.

If you really can't link your oracle into your binary, then I'd suggest writing a little python harness or something.

[DragonDev1906]

I see, it does make sense that libfuzzer expects everything to be in the binary. Guess I will have to find a way to link Go code into a Rust binary then or go with an external harness.

Thank you