mirrors/ghostty
1
0
Fork 0
mirror of https://github.com/ghostty-org/ghostty.git synced 2026-05-23 21:30:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
ae1dd5666dbd024825a988a0d20efa3af22479a0
ghostty/pkg/afl++/build.zig
Mitchell Hashimoto ae1dd5666d fuzz: fix macOS AFL toolchain and linker setup for macOS 26.4 
On macOS 26.4, AFL builds were picking up Nix compiler-wrapper
variables and Apple SDK target settings from the shell environment.
That caused afl-cc to drive the wrong linker and target configuration,
which broke even simple fuzz harness builds. Unset the Nix compiler and 
linker environment in the fuzz dev shell so AFL++ uses the system or 
Homebrew Apple toolchain directly. 

Also force afl-cc to link with lld because the newer Apple linker
asserts on the custom sections emitted by AFL's LLVM
instrumentation. Finally, pin fuzz-libghostty to the host target so the
build does not inherit stray SDK targets from the environment.
2026-04-23 09:06:12 -07:00

67 lines
2.1 KiB
Zig
Raw Blame History

const std = @import("std");
const builtin = @import("builtin");
/// Creates a build step that produces an AFL++-instrumented fuzzing
/// executable.
///
/// Returns a `LazyPath` to the resulting fuzzing executable.
pub fn addInstrumentedExe(
b: *std.Build,
obj: *std.Build.Step.Compile,
) std.Build.LazyPath {
// Force the build system to produce the binary artifact even though we
// only consume the LLVM bitcode below. Without this, the dependency
// tracking doesn't wire up correctly.
_ = obj.getEmittedBin();
const pkg = b.dependencyFromBuildZig(
@This(),
.{},
);
const afl_cc = b.addSystemCommand(&.{
b.findProgram(&.{"afl-cc"}, &.{}) catch
@panic("Could not find 'afl-cc', which is required to build"),
"-O3",
});
if (builtin.target.os.tag.isDarwin()) {
// Apple's newer ld asserts on the custom section names emitted by
// AFL's LLVM instrumentation when linking our Zig-produced bitcode.
// lld links the same inputs without issue.
afl_cc.addArg("-fuse-ld=lld");
}
afl_cc.addArg("-o");
const fuzz_exe = afl_cc.addOutputFileArg(obj.name);
afl_cc.addFileArg(pkg.path("afl.c"));
afl_cc.addFileArg(obj.getEmittedLlvmBc());
return fuzz_exe;
}
/// Creates a run step that invokes `afl-fuzz` with the given instrumented
/// executable, input corpus directory, and output directory.
///
/// Returns the `Run` step so callers can wire it into a build step.
pub fn addFuzzerRun(
b: *std.Build,
exe: std.Build.LazyPath,
corpus_dir: std.Build.LazyPath,
output_dir: std.Build.LazyPath,
) *std.Build.Step.Run {
const run = b.addSystemCommand(&.{
b.findProgram(&.{"afl-fuzz"}, &.{}) catch
@panic("Could not find 'afl-fuzz', which is required to run"),
"-i",
});
run.addDirectoryArg(corpus_dir);
run.addArgs(&.{"-o"});
run.addDirectoryArg(output_dir);
run.addArgs(&.{"--"});
run.addFileArg(exe);
return run;
}
// Required so `zig build` works although it does nothing.
pub fn build(b: *std.Build) !void {
_ = b;
}
Reference in New Issue View Git Blame Copy Permalink