Skip to content

solana: Add MacOS-compatible fuzz harness #648

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

solana: Add MacOS-compatible fuzz harness #648

wants to merge 8 commits into from

Conversation

@nvsriram
Copy link
Collaborator

@nvsriram nvsriram commented Jul 3, 2025
edited
Loading

This PR is based on #280. However, it uses the honggfuzz library, which does not work on Apple Silicon. Therefore, this PR attempts to make it work on macOS using alternative fuzzing libraries.

There are 3 main commits (corresponding to the 4 different approaches explored - check out this comment for more info) that can be checked out to debug the issues encountered:

  1. Use libfuzzer-sys directly/ via cargo-fuzz
  2. Use afl directly by copying over afl.rs
  3. Use afl via afl crate

@nvsriram
Copy link
Collaborator Author

nvsriram commented Jul 3, 2025

Summary of Approaches Explored:

  • Two main fuzzers - Libfuzzer (via libfuzzer-sys) and AFL (via afl.rs) formed the basis of the approaches.
  • Cargo tools to run these fuzzers - cargo-fuzz and cargo-afl were installed to build and run the fuzzers.

Approaches Explored:

Libfuzzer using libfuzzer-sys directly:

This involves following the Manual Usage section of the libfuzzer-sys README.
To test this, checkout 17d8c5d commit and run the following in the fuzz directory to build:

cargo rustc -- \
   -C passes='sancov-module' \
   -C llvm-args='-sanitizer-coverage-level=3' \
   -C llvm-args='-sanitizer-coverage-inline-8bit-counters' \
   -Z sanitizer=address

Libfuzzer using cargo-fuzz:

This involves following the cargo-fuzz README.
To test this, checkout 17d8c5d commit, install cargo-fuzz, and run the following in the fuzz directory:

cargo fuzz run <target>

AFL directly:

This involves copying over afl.rs src/lib.rs file and using it directly.
To test this, checkout d1689d5 commit, install cargo-afl, and run the following in the fuzz/src directory:

cargo afl build

AFL using afl crate:

This involves adding afl = "*" in Cargo.toml dependencies.
To test this, checkout f4219c1 commit, install cargo-afl, and run the following in the fuzz/src directory:

cargo afl build

Issues Encountered:

  1. Cargo tools installation fails when attempted from within the repo as the rust-toolchain is set to use rustc 1.75.0-nightly while the tools' dependencies seem to require rustc 1.82 or newer. This can be solved by installing outside this repo via a newer rustc version.
  2. Building/fuzzing targets fails with a similar error associated with older rustc version.
  3. Example of the error thrown in the above cases is shown below: 
    error: package `icu_normalizer_data v2.0.0` cannot be built because it requires rustc 1.82 or newer, while the currently active rustc version is 1.75.0-nightly
Either upgrade to rustc 1.82 or newer, or use
cargo update [email protected] --precise ver
where `ver` is the latest version of `icu_normalizer_data` supporting rustc 1.75.0-nightly
    This error repeats for various other packages like backtrace v0.3.75, icu_provider v2.0.0, icu_properties_data v2.0.1 etc. which makes manually installing precise versions to temporarily overcome the error also not possible.

@nvsriram nvsriram mentioned this pull request Jul 15, 2025
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nvsriram @johnsaigle