From 46164e952fb33a0b1b6045abb3b5b375f70627b7 Mon Sep 17 00:00:00 2001 From: Roman Date: Tue, 26 May 2026 13:51:22 +0800 Subject: [PATCH] fix: use libFuzz binary to calculate AFL coverage --- .github/workflows/fuzz-afl.yml | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/.github/workflows/fuzz-afl.yml b/.github/workflows/fuzz-afl.yml index 50bcba5..ea1e8a6 100644 --- a/.github/workflows/fuzz-afl.yml +++ b/.github/workflows/fuzz-afl.yml @@ -231,10 +231,14 @@ jobs: RUSTFLAGS: "-C instrument-coverage" RISC0_DEV_MODE: "1" run: | + # Build with the libfuzzer harness: libFuzzer accepts corpus files as + # positional arguments, runs each through the fuzz closure once, then + # exits — LLVM coverage counters (-C instrument-coverage) are flushed + # to the .profraw file on exit regardless of the fuzzer runtime used. cargo build \ --manifest-path fuzz/Cargo.toml \ --no-default-features \ - --features fuzzer-afl \ + --features fuzzer-libfuzzer \ --release \ --bin ${{ matrix.target }} @@ -246,17 +250,10 @@ jobs: mkdir -p "$PROFRAW_DIR" idx=0 - # libFuzzer corpus (checked-in) - for f in corpus/libfuzz/${TARGET}/*; do - [ -f "$f" ] || continue - LLVM_PROFILE_FILE="${PROFRAW_DIR}/${idx}.profraw" "$BINARY" < "$f" 2>/dev/null || true - idx=$((idx + 1)) - done - # AFL corpus (checked-in, accumulated from prior runs) for f in corpus/afl/${TARGET}/*; do [ -f "$f" ] || continue - LLVM_PROFILE_FILE="${PROFRAW_DIR}/${idx}.profraw" "$BINARY" < "$f" 2>/dev/null || true + LLVM_PROFILE_FILE="${PROFRAW_DIR}/${idx}.profraw" "$BINARY" "$f" 2>/dev/null || true idx=$((idx + 1)) done @@ -266,7 +263,7 @@ jobs: [ -d "$QUEUE" ] || continue for f in "$QUEUE"/id:*; do [ -f "$f" ] || continue - LLVM_PROFILE_FILE="${PROFRAW_DIR}/${idx}.profraw" "$BINARY" < "$f" 2>/dev/null || true + LLVM_PROFILE_FILE="${PROFRAW_DIR}/${idx}.profraw" "$BINARY" "$f" 2>/dev/null || true idx=$((idx + 1)) done done