[fuzz] Use afl++ shared-memory fuzzing

dergoegge · dergoegge · commit 97e2e1d64101 · 2023-09-12T15:07:07.000+01:00
Using shared-memory is faster than reading from stdin, see https://github.com/AFLplusplus/AFLplusplus/blob/7d2122e0596132f9344a5d0896020ebc79cd33db/instrumentation/README.persistent_mode.md
diff --git a/src/test/fuzz/fuzz.cpp b/src/test/fuzz/fuzz.cpp
@@ -29,6 +29,10 @@
 #include <utility>
 #include <vector>
 
+#ifdef __AFL_FUZZ_INIT
+__AFL_FUZZ_INIT();
+#endif
+
 const std::function<void(const std::string&)> G_TEST_LOG_FUN{};
 
 /**
@@ -188,7 +192,7 @@ int main(int argc, char** argv)
 {
     initialize();
     static const auto& test_one_input = *Assert(g_test_one_input);
-#ifdef __AFL_INIT
+#ifdef __AFL_HAVE_MANUAL_CONTROL
     // Enable AFL deferred forkserver mode. Requires compilation using
     // afl-clang-fast++. See fuzzing.md for details.
     __AFL_INIT();
@@ -197,12 +201,10 @@ int main(int argc, char** argv)
 #ifdef __AFL_LOOP
     // Enable AFL persistent mode. Requires compilation using afl-clang-fast++.
     // See fuzzing.md for details.
+    const uint8_t* buffer = __AFL_FUZZ_TESTCASE_BUF;
     while (__AFL_LOOP(1000)) {
-        std::vector<uint8_t> buffer;
-        if (!read_stdin(buffer)) {
-            continue;
-        }
-        test_one_input(buffer);
+        size_t buffer_len = __AFL_FUZZ_TESTCASE_LEN;
+        test_one_input({buffer, buffer_len});
     }
 #else
     std::vector<uint8_t> buffer;
