refactor: Update fuzz scripts

Use cargo-fuzz instead of hongfuzz. Make the scripts more readable.
BlockstreamResearch · Jan 23, 2025 · 60ae527 · 60ae527
1 parent 2e9747b
commit 60ae527
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 46 deletions.
diff --git a/fuzz/cycle.sh b/fuzz/cycle.sh
@@ -2,10 +2,10 @@
 
 # Continuosly cycle over fuzz targets running each for 1 hour.
 # It uses chrt SCHED_IDLE so that other process takes priority.
-#
-# For hfuzz options see https://github.com/google/honggfuzz/blob/master/docs/USAGE.md
 
-set -e
+set -o errexit # exit immediately if any command fails
+set -o xtrace # print trace of executed commands
+
 REPO_DIR=$(git rev-parse --show-toplevel)
 # shellcheck source=./fuzz-util.sh
 source "$REPO_DIR/fuzz/fuzz-util.sh"
@@ -14,12 +14,11 @@ while :
 do
   for targetFile in $(listTargetFiles); do
     targetName=$(targetFileToName "$targetFile")
-    echo "Fuzzing target $targetName ($targetFile)"
 
     # fuzz for one hour
-    HFUZZ_RUN_ARGS='--run_time 3600' chrt -i 0 cargo hfuzz run "$targetName"
+    chrt -i 0 cargo-fuzz run "$targetName" -- -max_total_time=3600
     # minimize the corpus
-    HFUZZ_RUN_ARGS="-i hfuzz_workspace/$targetName/input/ -P -M" chrt -i 0 cargo hfuzz run "$targetName"
+    cargo-fuzz cmin "$targetName"
   done
 done
 
diff --git a/fuzz/fuzz-util.sh b/fuzz/fuzz-util.sh
@@ -15,14 +15,6 @@ targetFileToName() {
     | sed 's/\//_/g'
 }
 
-targetFileToHFuzzInputArg() {
-  baseName=$(basename "$1")
-  dirName="${baseName%.*}"
-  if [ -d "hfuzz_input/$dirName" ]; then
-    echo "HFUZZ_INPUT_ARGS=\"-f hfuzz_input/$FILE/input\""
-  fi
-}
-
 listTargetNames() {
   for target in $(listTargetFiles); do
     targetFileToName "$target"
@@ -37,23 +29,3 @@ checkWindowsFiles() {
     exit 2
   fi
 }
-
-# Checks whether a fuzz case output some report, and dumps it in hex
-getReport() {
-  reportFile="hfuzz_workspace/$1/HONGGFUZZ.REPORT.TXT"
-  if [ -f "$reportFile" ]; then
-    cat "$reportFile"
-    for CASE in "hfuzz_workspace/$1/SIG"*; do
-      xxd -p -c10000 < "$CASE"
-    done
-    return 1
-  fi
-  return 0
-}
-
-# Check for reports and exit if there are any
-checkReport() {
-  if ! getReport "$1"; then
-    exit 1
-  fi
-}
diff --git a/fuzz/fuzz.sh b/fuzz/fuzz.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
-set -ex
+set -o errexit # exit immediately if any command fails
+set -o xtrace # print trace of executed commands
 
 REPO_DIR=$(git rev-parse --show-toplevel)
 
@@ -18,17 +19,8 @@ fi
 cargo --version
 rustc --version
 
-# Testing
-cargo install --force honggfuzz --no-default-features
+# Run fuzz target
 for targetFile in $targetFiles; do
   targetName=$(targetFileToName "$targetFile")
-  echo "Fuzzing target $targetName ($targetFile)"
-  if [ -d "hfuzz_input/$targetName" ]; then
-    HFUZZ_INPUT_ARGS="-f hfuzz_input/$targetName/input\""
-  else
-    HFUZZ_INPUT_ARGS=""
-  fi
-  HFUZZ_RUN_ARGS="--run_time 30 --exit_upon_crash -v $HFUZZ_INPUT_ARGS" cargo hfuzz run "$targetName"
-
-  checkReport "$targetName"
+  cargo-fuzz run "$targetName" -- -max_total_time=30
 done