Merge bitcoin#28480: fuzz: Don't use afl++ deferred forkserver mode

508d05f [fuzz] Don't use afl++ deferred forkserver mode (dergoegge)

Pull request description:

  Fixes bitcoin#28469

  This makes our afl++ harness essentially behave like libFuzzer, with the exception that the whole program does fully reset every 100000 iterations. 100000 is somewhat arbitrary and we could also go with `std::numeric_limits<unsigned in>::max()` but a smaller limit does allow for the occasional reset to counter act some amount of instability in the fuzzing loop (e.g. non-determinism, statefulness).

  It's a bit of a shame to do this just for the targets whose initial state can't be forked (e.g. threads) because other targets do benefit from not having to redo the state setup. An alternative would be bitcoin#28469 (comment):
  ```
  If the goal is to be maximally performant, the fork would need to happen for each fuzz target specifically.
  I guess it can be achieved by wrapping __AFL_INIT(); into a helper function and then require all fuzz
  target initialize() to call it?
  ```

ACKs for top commit:
  MarcoFalke:
    lgtm ACK 508d05f

Tree-SHA512: d9fe94e2e3198795f8fb58f67eb383531a534bcd4ec75a1f0ae6ccb5531863dbc09800bb7d77536417745c4c8bc49a4f84dcc959918b27d4997a270eeacb0e7e

Author: fanquake

src/test/fuzz/fuzz.cpp

@@ -192,17 +192,11 @@ int main(int argc, char** argv)
 {
     initialize();
     static const auto& test_one_input = *Assert(g_test_one_input);
-#ifdef __AFL_HAVE_MANUAL_CONTROL
-    // Enable AFL deferred forkserver mode. Requires compilation using
-    // afl-clang-fast++. See fuzzing.md for details.
-    __AFL_INIT();
-#endif
-
 #ifdef __AFL_LOOP
     // Enable AFL persistent mode. Requires compilation using afl-clang-fast++.
     // See fuzzing.md for details.
     const uint8_t* buffer = __AFL_FUZZ_TESTCASE_BUF;
-    while (__AFL_LOOP(1000)) {
+    while (__AFL_LOOP(100000)) {
         size_t buffer_len = __AFL_FUZZ_TESTCASE_LEN;
         test_one_input({buffer, buffer_len});
     }