intoduce -F sync option

examples/asan/src/main.rs

@@ -1,17 +1,11 @@
 fn main() {
  ziggy::fuzz!(|data: &[u8]| {
  if data.len() < 4 {
- return 
+ return;
  }
- if data[0] == b'f' {
- if data[1] == b'u' {
- if data[2] == b'z' {
- if data[3] == b'z' {
- let xs = [0, 1, 2, 3];
- let _y = unsafe { *xs.as_ptr().offset(4) };
- }
- }
- }
+ if data[0] == b'f' && data[1] == b'u' && data[2] == b'z' && data[3] == b'z' {
+ let xs = [0, 1, 2, 3];
+ let _y = unsafe { *xs.as_ptr().offset(4) };
  }
  });
 }

src/bin/cargo-ziggy/build.rs

@@ -31,7 +31,7 @@ impl Build {
 
  // Add the --release argument if self.release is true
  if self.release {
- assert_eq!(self.release, false, "cannot use --release for ASAN builds");
+ assert!(!self.release, "cannot use --release for ASAN builds");
  afl_args.push("--release");
  info!("Building in release mode");
  }

src/bin/cargo-ziggy/fuzz.rs

@@ -1,5 +1,5 @@
-use crate::*;
 use crate::build::ASAN_TARGET;
+use crate::*;
 use anyhow::{anyhow, Error};
 use console::{style, Term};
 use glob::glob;
@@ -297,10 +297,11 @@ impl Fuzz {
  ];
 
  for job_num in 0..afl_jobs {
+ let is_main_instance = job_num == 0;
  // We set the fuzzer name, and if it's the main or a secondary fuzzer
- let fuzzer_name = match job_num {
- 0 => String::from("-Mmainaflfuzzer"),
- n => format!("-Ssecondaryfuzzer{n}"),
+ let fuzzer_name = match is_main_instance {
+ true => String::from("-Mmainaflfuzzer"),
+ false => format!("-Ssecondaryfuzzer{job_num}"),
  };
  // We only sync to the shared corpus if Honggfuzz is also running
  let use_shared_corpus = match (self.no_honggfuzz, job_num) {
@@ -368,15 +369,21 @@ impl Fuzz {
  false => {
  if self.release {
  format!("./target/afl/release/{}", self.target)
+ } else if self.asan {
+ format!("./target/afl/{ASAN_TARGET}/debug/{}", self.target)
  } else {
- if self.asan {
- format!("./target/afl/{ASAN_TARGET}/debug/{}", self.target)
- } else {
- format!("./target/afl/debug/{}", self.target)
- }
+ format!("./target/afl/debug/{}", self.target)
  }
  }
  };
+
+ let mut afl_flags = self.afl_flags.clone();
+ if is_main_instance {
+ for path in &self.foreign_sync_dirs {
+ afl_flags.push(format!("-F {}", path.display()))
+ }
+ }
+
  fuzzer_handles.push(
  process::Command::new(cargo.clone())
  .args(
@@ -402,7 +409,7 @@ impl Fuzz {
  .iter()
  .filter(|a| a != &&""),
  )
- .args(self.afl_flags.clone())
+ .args(afl_flags)
  .arg(target_path)
  .env("AFL_AUTORESUME", "1")
  .env("AFL_TESTCACHE_SIZE", "100")

src/bin/cargo-ziggy/main.rs

@@ -180,6 +180,10 @@ pub struct Fuzz {
  /// Build with ASAN
  #[clap(long = "asan", action)]
  asan: bool,
+
+ /// Foreign fuzzer directories to sync with (AFL++ -F option)
+ #[clap(long = "foreign-sync", short = 'F', action)]
+ foreign_sync_dirs: Vec<PathBuf>,
 }
 
 #[derive(Args)]
@@ -205,7 +209,7 @@ pub struct Run {
  short, long, env = "ZIGGY_OUTPUT", value_parser, value_name = "DIR", default_value = DEFAULT_OUTPUT_DIR
  )]
  ziggy_output: PathBuf,
- 
+
  /// Build with ASAN
  #[clap(long = "asan", action)]
  asan: bool,
@@ -358,7 +362,6 @@ fn main() -> Result<(), anyhow::Error> {
 }
 
 pub fn find_target(target: &String) -> Result<String, anyhow::Error> {
-
  // If the target is already set, we're done here
  if target != DEFAULT_UNMODIFIED_TARGET {
  info!(" Using given target {target}");

src/bin/cargo-ziggy/run.rs

@@ -16,9 +16,9 @@ impl Run {
 
  let mut args = vec!["rustc", "--target-dir=target/runner"];
  let asan_target_str = format!("--target={ASAN_TARGET}");
- let mut rust_flags =  env::var("RUSTFLAGS").unwrap_or_default();
+ let mut rust_flags = env::var("RUSTFLAGS").unwrap_or_default();
  let mut rust_doc_flags = env::var("RUSTDOCFLAGS").unwrap_or_default();
- 
+
  if self.asan {
  info!("Building runner with ASAN");
  args.push(&asan_target_str);
@@ -75,10 +75,10 @@ impl Run {
  .replace("{target_name}", &target)
  })
  .collect();
- 
+
  let runner_path = match self.asan {
  true => format!("./target/runner/{ASAN_TARGET}/debug/{}", target),
- false => format!("./target/runner/debug/{}", target)
+ false => format!("./target/runner/debug/{}", target),
  };
 
  process::Command::new(runner_path)