switch to pkg/afl++ for fuzz

2026-04-06 07:38:21 +00:00 · 2026-02-28 20:04:07 -08:00
parent 4e47c225b1
commit 3294621430
5 changed files with 19 additions and 17 deletions
--- a/pkg/afl++/afl.c
+++ b/pkg/afl++/afl.c
@@ -22,8 +22,15 @@ void zig_fuzz_test(unsigned char *, ssize_t);
 // Linker-provided symbols marking the boundaries of the __sancov_guards section.
 // These must be declared extern so the linker provides the actual section boundaries
 // from the instrumented code, rather than creating new variables that shadow them.
+// On macOS (Mach-O), the linker uses a different naming convention for section
+// boundaries than Linux (ELF), so we use asm labels to reference them.
+#ifdef __APPLE__
+extern uint32_t __start___sancov_guards __asm("section$start$__DATA$__sancov_guards");
+extern uint32_t __stop___sancov_guards __asm("section$end$__DATA$__sancov_guards");
+#else
 extern uint32_t __start___sancov_guards;
 extern uint32_t __stop___sancov_guards;
+#endif
 void __sanitizer_cov_trace_pc_guard_init(uint32_t*, uint32_t*);


--- a/pkg/afl++/build.zig
+++ b/pkg/afl++/build.zig
@@ -3,7 +3,7 @@ const std = @import("std");
 pub fn addInstrumentedExe(
    b: *std.Build,
    obj: *std.Build.Step.Compile,
-) ?std.Build.LazyPath {
+) std.Build.LazyPath {
    const pkg = b.dependencyFromBuildZig(@This(), .{});

    const run_afl_cc = b.addSystemCommand(&.{
--- a/test/fuzz-libghostty/build.zig
+++ b/test/fuzz-libghostty/build.zig
@@ -1,4 +1,5 @@
 const std = @import("std");
+const afl = @import("afl");

 pub fn build(b: *std.Build) void {
    const target = b.standardTargetOptions(.{});
@@ -31,29 +32,15 @@ pub fn build(b: *std.Build) void {
        });

        // Required to build properly with afl-cc
-        lib.bundle_compiler_rt = true;
-        lib.bundle_ubsan_rt = true;
        lib.root_module.stack_check = false;
+        lib.root_module.fuzz = true;

        break :lib lib;
    };

    // Build a C entrypoint with afl-cc that links against the generated
    // static Zig library. afl-cc is expecte to be on the PATH.
-    const exe = exe: {
-        const cc = b.addSystemCommand(&.{"afl-cc"});
-        cc.addArgs(&.{
-            "-std=c11",
-            "-O2",
-            "-g",
-            "-o",
-        });
-        const output = cc.addOutputFileArg("ghostty-fuzz");
-        cc.addFileArg(b.path("src/main.c"));
-        cc.addFileArg(lib.getEmittedBin());
-
-        break :exe output;
-    };
+    const exe = afl.addInstrumentedExe(b, lib);

    // Install
    b.installArtifact(lib);
--- a/test/fuzz-libghostty/build.zig.zon
+++ b/test/fuzz-libghostty/build.zig.zon
@@ -5,6 +5,7 @@
    .minimum_zig_version = "0.15.1",
    .dependencies = .{
        .ghostty = .{ .path = "../../" },
+        .afl = .{ .path = "../../pkg/afl++" },
    },
    .paths = .{
        "build.zig",
--- a/test/fuzz-libghostty/src/lib.zig
+++ b/test/fuzz-libghostty/src/lib.zig
@@ -1,6 +1,13 @@
 const std = @import("std");
 const ghostty_vt = @import("ghostty-vt");

+pub export fn zig_fuzz_init() callconv(.c) void {}
+
+pub export fn zig_fuzz_test(buf: [*]const u8, len: isize) callconv(.c) void {
+    if (len <= 0) return;
+    ghostty_fuzz_parser(buf, @intCast(len));
+}
+
 pub export fn ghostty_fuzz_parser(
    input_ptr: [*]const u8,
    input_len: usize,