Use aflplusplus not cargo-afl

Author: benalleng

flake.nix

@@ -177,10 +177,27 @@
                 cargo-watch
                 rust-analyzer
                 dart
+                cargo-fuzz
+                cargo-honggfuzz
+                aflplusplus
+                lldb
+                clang
               ]
               ++ pkgs.lib.optionals (!pkgs.stdenv.isDarwin) [
                 cargo-llvm-cov
               ];
+
+            buildInputs = with pkgs; [
+              libbfd_2_38
+              libunwind.dev
+              libopcodes_2_38
+              pkgsStatic.libblocksruntime
+            ];
+
+            shellHook = ''
+              export UNSCREW_WERROR_ORIG=$(which clang)
+              export PATH="$(pwd)/scripts/dev/unscrew-werror/:$PATH"
+            '';
           }
         ) craneLibVersions;
 
@@ -210,35 +227,6 @@
         };
         devShells = devShells // {
           default = devShells.nightly;
-
-          fuzz = pkgs.mkShell {
-            nativeBuildInputs =
-              with pkgs;
-              [
-                cargo-edit
-                cargo-nextest
-                cargo-watch
-                rust-analyzer
-                dart
-                cargo-honggfuzz
-                lldb
-                clang
-              ]
-              ++ pkgs.lib.optionals (!pkgs.stdenv.isDarwin) [ cargo-llvm-cov ];
-
-            buildInputs = with pkgs; [
-              libbfd_2_38
-              libunwind.dev
-              libopcodes_2_38
-              pkgsStatic.libblocksruntime
-            ];
-
-            shellHook = ''
-              export UNSCREW_WERROR_ORIG=$(which clang)
-              export PATH="$(pwd)/scripts/dev/unscrew-werror/:$PATH"
-            '';
-          };
-
         };
         formatter = treefmtEval.config.build.wrapper;
         checks =

fuzz/cycle.sh

@@ -43,10 +43,8 @@ elif [[ $ENGINE == "afl" ]]; then
         for targetFile in $(listTargetFiles); do
             targetName=$(targetFileToName "$targetFile")
             echo "Fuzzing target $targetName ($targetFile)"
-            cargo afl config --build --force
-            cargo afl build --bin "$targetName" --features afl_fuzz
             # fuzz for one hour
-            cargo afl fuzz -i corpus -o afl_target -V 30 target/debug/"$targetName" --features afl_fuzz
+            afl-fuzz -i corpus/"$targetName"/ -o afl_target -V 3600 target/debug/"$targetName" --features afl_fuzz
             # minimize the corpus
             find afl_target/default/crashes -type f -name 'id:*' | while read -r CRASH; do
                 BASE=$(basename "$CRASH")
@@ -55,7 +53,7 @@ elif [[ $ENGINE == "afl" ]]; then
                 # skip if already minimized
                 [ -f "$MIN_FILE" ] && continue
 
-                cargo afl tmin \
+                afl-tmin \
                     -i "$CRASH" \
                     -o "$MIN_FILE" \
                     -- target/debug/"$targetName" --features afl_fuzz

fuzz/fuzz.sh

@@ -52,9 +52,7 @@ elif [[ $ENGINE == "afl" ]]; then
     for targetFile in $targetFiles; do
         targetName=$(targetFileToName "$targetFile")
         echo "Fuzzing target $targetName ($targetFile)"
-        cargo afl config --build --force
-        cargo afl build --bin "$targetName" --features afl_fuzz
-        cargo afl fuzz -i corpus -o afl_target -V 30 target/debug/"$targetName" --features afl_fuzz
+        afl-fuzz -i corpus/"$targetName"/ -o afl_target -V 30 target/debug/"$targetName" --features afl_fuzz
     done
 else
     for targetFile in $targetFiles; do