Corpus management update

test/fuzz-libghostty/.gitattributes

@@ -0,0 +1,6 @@
+# Hand-written seed corpus: binary files, track as-is
+corpus/initial/** binary
+
+# Generated/minimized corpora: binary, mark as generated
+corpus/vt-parser-cmin/** binary linguist-generated=true
+corpus/vt-parser-min/** binary linguist-generated=true

test/fuzz-libghostty/AGENTS.md

@@ -2,3 +2,34 @@
 
 - `ghostty-fuzz` is a binary built with `afl-cc`
 - Build `ghostty-fuzz` with `zig build`
+
+## Important: stdin-based input
+
+The instrumented binary (`afl.c` harness) reads fuzz input from **stdin**,
+not from a file argument. This affects how you invoke AFL++ tools:
+
+- **`afl-fuzz`**: Uses shared-memory fuzzing automatically; `@@` works
+  because AFL writes directly to shared memory, bypassing file I/O.
+- **`afl-showmap`**: Must pipe input via stdin, **not** `@@`:
+
+  ```sh
+  cat testcase | afl-showmap -o map.txt -- zig-out/bin/ghostty-fuzz
+  ```
+
+- **`afl-cmin`**: Do **not** use `@@`. Requires `AFL_NO_FORKSRV=1` with
+  the bash version due to a bug in the Python `afl-cmin` (AFL++ 4.35c):
+
+  ```sh
+  AFL_NO_FORKSRV=1 /opt/homebrew/Cellar/afl++/4.35c/libexec/afl-cmin.bash \
+    -i afl-out/default/queue -o corpus/vt-parser-cmin \
+    -- zig-out/bin/ghostty-fuzz
+  ```
+
+- **`afl-tmin`**: Also requires `AFL_NO_FORKSRV=1`, no `@@`:
+
+  ```sh
+  AFL_NO_FORKSRV=1 afl-tmin -i <input> -o <output> -- zig-out/bin/ghostty-fuzz
+  ```
+
+If you pass `@@` or a filename argument, `afl-showmap`/`afl-cmin`/`afl-tmin`
+will see only ~4 tuples (the C main paths) and produce useless results.

test/fuzz-libghostty/README.md

@@ -66,9 +66,62 @@ issue. The filename encodes metadata about how it was found (e.g.
 
 ## Reproducing a Crash
 
-Replay any crashing input by passing it directly to the harness:
+Replay any crashing input by piping it into the harness:
 
 ```sh
-# Via command-line argument
-zig-out/bin/ghostty-fuzz afl-out/default/crashes/<filename>
+cat afl-out/default/crashes/<filename> | zig-out/bin/ghostty-fuzz
 ```
+
+## Corpus Management
+
+After a fuzzing run, the queue in `afl-out/default/queue/` typically
+contains many redundant inputs. Use `afl-cmin` to find the smallest
+subset that preserves full edge coverage, and `afl-tmin` to shrink
+individual test cases.
+
+> **Important:** The instrumented binary reads input from **stdin**, not
+> from file arguments. Do **not** use `@@` with `afl-cmin`, `afl-tmin`,
+> or `afl-showmap` — it will cause them to see only the C harness
+> coverage (~4 tuples) instead of the Zig VT parser coverage.
+
+### Corpus minimization (`afl-cmin`)
+
+Reduce the evolved queue to a minimal set covering all discovered edges:
+
+```sh
+AFL_NO_FORKSRV=1 afl-cmin.bash \
+  -i afl-out/default/queue \
+  -o corpus/vt-parser-cmin \
+  -- zig-out/bin/ghostty-fuzz
+```
+
+`AFL_NO_FORKSRV=1` is required because the Python `afl-cmin` wrapper has
+a bug in AFL++ 4.35c. Use the `afl-cmin.bash` script instead (typically
+found in AFL++'s `libexec` directory).
+
+### Test case minimization (`afl-tmin`)
+
+Shrink each file in the minimized corpus to the smallest input that
+preserves its unique coverage:
+
+```sh
+mkdir -p corpus/vt-parser-min
+for f in corpus/vt-parser-cmin/*; do
+  AFL_NO_FORKSRV=1 afl-tmin \
+    -i "$f" \
+    -o "corpus/vt-parser-min/$(basename "$f")" \
+    -- zig-out/bin/ghostty-fuzz
+done
+```
+
+This is slow (hundreds of executions per file) but produces the most
+compact corpus. It can be skipped if you only need edge-level
+deduplication from `afl-cmin`.
+
+### Corpus directories
+
+| Directory              | Contents                                         |
+|------------------------|--------------------------------------------------|
+| `corpus/initial/`      | Hand-written seed inputs for `afl-fuzz -i`       |
+| `corpus/vt-parser-cmin/` | Output of `afl-cmin` (edge-deduplicated corpus) |
+| `corpus/vt-parser-min/`  | Output of `afl-tmin` (individually minimized)   |

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000024,time:0,execs:0,orig:25-osc-hyperlink

@@ -0,0 +1 @@
+]8;;https://example.comlink]8;;

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000030,time:0,execs:0,orig:31-c1-dcs

@@ -0,0 +1 @@
+<EFBFBD>test<EFBFBD>

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000038,time:0,execs:0,orig:39-csi-many-params

@@ -0,0 +1 @@
+

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000039,time:0,execs:0,orig:40-csi-subparams

@@ -0,0 +1 @@
+[4:3m

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000040,time:0,execs:0,orig:41-incomplete-csi

@@ -0,0 +1 @@
+[

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000041,time:0,execs:0,orig:42-incomplete-esc

@@ -0,0 +1 @@
+

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000046,time:0,execs:0,orig:48-csi-da2

@@ -0,0 +1 @@
+[>c

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000102,src:000003,time:124,execs:6075,op:havoc,rep:5

@@ -0,0 +1 @@
+beforeredafte\ore831mredafte\

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000121,src:000003,time:174,execs:10187,op:havoc,rep:6

@@ -0,0 +1 @@
+<EFBFBD><EFBFBD>2(((((((((((

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000124,src:000003,time:184,execs:11036,op:havoc,rep:5

@@ -0,0 +1 @@
+oo<ereda<ereda

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000134,src:000003,time:229,execs:14591,op:havoc,rep:4,+cov

@@ -0,0 +1 @@
+]9

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000135,src:000003,time:232,execs:14809,op:havoc,rep:5

@@ -0,0 +1 @@
+<07><><EFBFBD><07>]0;Tit:<0F><>]0;Tit]0;Tit

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000138,src:000003,time:256,execs:16794,op:havoc,rep:8

@@ -0,0 +1 @@
+<0E><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>$$$$4$<07><06>$$$$3$$$$$$$$$$$$$$$$<24><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000153,src:000003,time:313,execs:21467,op:havoc,rep:7

@@ -0,0 +1 @@
+(d(d$;]5;]5
;]5;]5
$;
$;]5;]5
;]5;]5
;

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000163,src:000003,time:371,execs:26219,op:havoc,rep:4

@@ -0,0 +1 @@
+[(((((((((((((((((((((((((((((((((((((((((4;

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000184,src:000003,time:523,execs:36637,op:havoc,rep:3

@@ -0,0 +1 @@
+;2<>2<EFBFBD><32>2G<0E>0G

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000186,src:000003,time:529,execs:37174,op:havoc,rep:5

@@ -0,0 +1 @@
+<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;]4
<0E><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;]4

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000198,src:000003,time:642,execs:44154,op:havoc,rep:7

@@ -0,0 +1 @@
+[;2;<>4;5;7;8;9m;5;7;8;9m[;2;3;4;5;7;8T0T0

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000200,src:000003,time:649,execs:44782,op:havoc,rep:8,+cov

@@ -0,0 +1 @@
+[4::::::::::::::::::::9:::::::::::3<33>[:S4:3<33>

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000202,src:000003,time:662,execs:45844,op:havoc,rep:3

@@ -0,0 +1 @@
+[1;<3B>cG<63>col[1;<3B>col(1;2<><32>2<EFBFBD><32>ol81;2<><32>

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000205,src:000003,time:688,execs:47967,op:havoc,rep:8,+cov

@@ -0,0 +1 @@
+<EFBFBD>[4:---------------------------lm<07>

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000209,src:000003,time:728,execs:50895,op:havoc,rep:6

@@ -0,0 +1 @@
+]0;Tit(<28>]0;T]0;Tit(<28>]0;Tt

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000220,src:000022,time:775,execs:53377,op:havoc,rep:15,+cov

@@ -0,0 +1,2 @@
+!W2;]2;]52]5<10><EFBFBD>;]5 ;;]5;52;x;SG>
+c <20>

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000227,src:000022,time:781,execs:53812,op:havoc,rep:2,+cov

@@ -0,0 +1 @@
+]111;icon'

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000234,src:000022,time:791,execs:54574,op:havoc,rep:1,+cov

@@ -0,0 +1 @@
+]11;ico

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000241,src:000022,time:803,execs:55418,op:havoc,rep:6

@@ -0,0 +1 @@
+]1icon]555555551]55(5555511<17>L15L

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000252,src:000022,time:830,execs:57497,op:havoc,rep:13,+cov

@@ -0,0 +1 @@
+]112+12<15><>[3le<S]2;]A2+12;x;24eine3(

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000255,src:000022,time:834,execs:57788,op:havoc,rep:12

@@ -0,0 +1 @@
+]2;]52;$$$]2;]52;$$$$$$le[$$$le[

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000260,src:000022,time:838,execs:58066,op:havoc,rep:11

@@ -0,0 +1 @@
+1;iu]C1n<07>]C[1ink]8;b]1;icc[1ink]8;b1inn]8;b]@;]@iccon

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000263,src:000022,time:841,execs:58278,op:havoc,rep:16

@@ -0,0 +1 @@
+i]1Ricfi<1B>]1Rin]1xicon]1Rico@]1

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000267,src:000022,time:857,execs:59551,op:havoc,rep:13

@@ -0,0 +1,2 @@
+n]1Y]c;;]5;G<><47><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;]5;x;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;]5;x;SG52;x;SG>
+c<EFBFBD><EFBFBD>o

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000268,src:000022,time:862,execs:59954,op:havoc,rep:16

@@ -0,0 +1 @@
+}<7D>j(<28>?o;<3B>1}P1000p\lBo;<3B>1}<7D>Bo^

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000295,src:000022,time:920,execs:64403,op:havoc,rep:16

@@ -0,0 +1 @@
+<EFBFBD><EFBFBD><EFBFBD>31m<EFBFBD>7;1;1;;8b\8b<1B>7;1;;gW<67>`\8"1m<31>7g

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000301,src:000022,time:960,execs:65850,op:havoc,rep:14

@@ -0,0 +1 @@
+]1;iRonS7<53><37><EFBFBD>nS(7!;n+<2B>7iPn';6<>771	c77cU <20>7iPn';-<2D>771	c77cU

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000358,src:000221,time:1119,execs:73743,op:havoc,rep:12

@@ -0,0 +1 @@
+]<>ic;>]10;r]3<>]10;r]10;];ic]i[1

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000359,src:000221,time:1120,execs:73758,op:havoc,rep:12

@@ -0,0 +1 @@
+W<>6;i
]@>]12]12];>i
]4<><0E>883@>]12]12]<>ic11

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000364,src:000221,time:1151,execs:74409,op:havoc,rep:15

@@ -0,0 +1 @@
+<1B>1b<31>7;831m<31>7<1B>1b<31>7;831m<31>7;8b<>7;;8b<>

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000367,src:000221,time:1159,execs:74958,op:havoc,rep:13

@@ -0,0 +1 @@
+]<>]<>j;1]9
;9>iq<71>ic/c;1]9
;9>%1<17>.c;>11ic^4<0F>

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000374,src:000221,time:1170,execs:75845,op:havoc,rep:11,+cov

@@ -0,0 +1 @@
+Bs+@]10BG<42>G@]10BG<42>G@]104rgf<0E>]104rgf<0E>

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000389,src:000025,time:1249,execs:80134,op:havoc,rep:1

@@ -0,0 +1 @@
+]4;1;rgb:]4;1;rgb:ff/00/00ff/00/00

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000391,src:000025,time:1251,execs:80249,op:havoc,rep:3

@@ -0,0 +1 @@
+]5551]5551]55(4;1;rgb:ff/00/00]55(4;1;rgb:ff/00/00 

test/fuzz-libghostty/corpus/vt-parser-cmin/id:000392,src:000025,time:1251,execs:80277,op:havoc,rep:2,+cov

@@ -0,0 +1,2 @@
+]1 >]c;i1]4<0E>8<EFBFBD>1#9	;
+]9
;11;rgb:ff/00/00