Merge pull request dtolnay#375 from dtolnay/afl

dtolnay · web-flow · commit e9e5eb8a2ebf · 2023-03-26T17:52:12.000-07:00
Add AFL++ support to fuzz target
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -97,6 +97,9 @@ jobs:
       - uses: dtolnay/rust-toolchain@nightly
       - uses: dtolnay/install@cargo-fuzz
       - run: cargo fuzz check
+      - run: cargo check --no-default-features --features afl
+        working-directory: fuzz
+
 
   clippy:
     name: Clippy
diff --git a/fuzz/.gitignore b/fuzz/.gitignore
@@ -1,4 +1,6 @@
 artifacts/
 corpus/
 coverage/
+in/
+out/
 target/
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
@@ -9,10 +9,14 @@ publish = false
 cargo-fuzz = true
 
 [dependencies]
-libfuzzer-sys = "0.4"
+afl = { version = "0.12", optional = true }
+libfuzzer-sys = { version = "0.4", optional = true }
 proc-macro2 = { path = "..", default-features = false }
 
 [features]
+default = ["libfuzzer"]
+afl = ["dep:afl"]
+libfuzzer = ["dep:libfuzzer-sys"]
 span-locations = ["proc-macro2/span-locations"]
 
 [[bin]]
diff --git a/fuzz/fuzz_targets/parse_token_stream.rs b/fuzz/fuzz_targets/parse_token_stream.rs
@@ -1,12 +1,41 @@
-#![no_main]
+// libfuzzer:
+//
+//     cargo install cargo-fuzz
+//     cargo fuzz run parse_token_stream -j $(nproc) -- -max_len=200 -timeout=1
+//
+// afl++:
+//
+//     cargo install afl
+//     cargo afl build --no-default-features --features afl --release
+//     cargo afl fuzz -i in -o out target/release/parse_token_stream
+
+#![cfg_attr(feature = "libfuzzer", no_main)]
 
-use libfuzzer_sys::fuzz_target;
 use std::str;
 
-fuzz_target!(|bytes: &[u8]| {
+#[cfg(not(any(
+    all(feature = "libfuzzer", not(feature = "afl")),
+    all(not(feature = "libfuzzer"), feature = "afl"),
+)))]
+fn main() {
+    compile_error! {
+        r#"exactly one of feature="libfuzzer" and feature="afl" must be enabled"#
+    }
+}
+
+#[cfg(feature = "libfuzzer")]
+libfuzzer_sys::fuzz_target!(|bytes: &[u8]| { do_fuzz(bytes) });
+
+#[cfg(feature = "afl")]
+fn main() {
+    let hook = true; // turn panic into crashes
+    afl::fuzz(hook, do_fuzz);
+}
+
+fn do_fuzz(bytes: &[u8]) {
     if bytes.len() < 200 {
         if let Ok(string) = str::from_utf8(bytes) {
             _ = string.parse::<proc_macro2::TokenStream>();
         }
     }
-});
+}

-Original file line number
+Diff line change
@@ @@ -1,4 +1,6 @@ @@
 artifacts/
 corpus/
 coverage/
 +in/
 +out/
 target/