Skip to content

Use libfuzzer instead of honggfuzz#5315

Merged
apoelstra merged 1 commit intorust-bitcoin:masterfrom
shinghim:cargo-fuzz
Mar 15, 2026
Merged

Use libfuzzer instead of honggfuzz#5315
apoelstra merged 1 commit intorust-bitcoin:masterfrom
shinghim:cargo-fuzz

Conversation

@shinghim
Copy link
Copy Markdown
Contributor

@shinghim shinghim commented Nov 22, 2025
edited
Loading

This commit has a few main parts:

  • Update CI to install required dependencies for libfuzzer
    The default Cross s390x image uses an older version of GCC (Ubuntu
    20.04), which lacks std::clamp needed by libfuzzer-sys. The s390x
    Dockerfile provides Cross with a container with GCC 13, native build
    tools, and QEMU for running s390x tests. Cross.toml configures Cross to
    use this custom image instead of the default.

  • Update the lock files

  • Update the fuzz targets to use libfuzzer

  • Update the fuzz helper scripts and documentation

  • Update the duplicate dependency whitelist to include libc

I was able to test that the fuzz scripts were working locally on my Mac and on a Docker container running Ubuntu.

Closes #3265

@github-actions github-actions bot added ci C-hashes PRs modifying the hashes crate test doc labels Nov 22, 2025
@apoelstra
Copy link
Copy Markdown
Member

apoelstra commented Nov 25, 2025

Can you PR separately to delete the fuzz seeds? It will make it easier to review this.

Later we should make a qa-assets repo in this org to hold all these seeds so that CI systems can deal with them rather than making all users of the repo have them laying around, slowing down git status etc.

@shinghim
Copy link
Copy Markdown
Contributor Author

shinghim commented Dec 10, 2025

Sorry, was out for a bit on vacation but removed the files. I'm gonna keep it as a draft as I work through fixing the tests hopefully this week/weekend

@shinghim shinghim force-pushed the cargo-fuzz branch 3 times, most recently from 3567ce3 to 9922cfc Compare December 11, 2025 13:41
@github-actions github-actions bot removed the C-hashes PRs modifying the hashes crate label Dec 11, 2025
@shinghim shinghim force-pushed the cargo-fuzz branch 2 times, most recently from 54a7ecc to 40938b3 Compare December 11, 2025 14:03
@github-actions github-actions bot added C-bitcoin PRs modifying the bitcoin crate C-hashes PRs modifying the hashes crate C-units PRs modifying the units crate C-consensus_encoding PRs modifying the consensus-encoding crate C-internals PRs modifying the internals crate C-io PRs modifying the io crate C-primitives C-base58 PRs modifying the base58 crate C-addresses PRs modifying the addresses crate C-crypto C-p2p C-chacha20_poly1305 PRs modifying the chacha20_poly1305 crate C-bip158 labels Dec 21, 2025
@github-actions github-actions bot removed C-bitcoin PRs modifying the bitcoin crate C-hashes PRs modifying the hashes crate labels Dec 21, 2025
@apoelstra
Copy link
Copy Markdown
Member

apoelstra commented Jan 27, 2026

It would be very difficult -- probably I would need to fork crate2nix. Basically, either I set runTests = true and then it will hit this bug, or I set runTests = false and then it (a) won't even build the fuzz crate with cfg(test); (b) won't run any of my custom code, including linters and fuzzers.

@shinghim shinghim force-pushed the cargo-fuzz branch 8 times, most recently from ef8bebf to 17eccb3 Compare February 1, 2026 15:30
@shinghim
Copy link
Copy Markdown
Contributor Author

shinghim commented Feb 1, 2026

@apoelstra ok, i added the fuzzing feature and gated main(). Didn't mean to be a pain in the ass about this, but just wanted to make sure there wasnt another way around adding boilerplate code.

@tcharding
Copy link
Copy Markdown
Member

tcharding commented Feb 3, 2026

17eccb3 looks reasonable to me.

genereate_files.sh fails for me with

./generate-files.sh
error: no such command: `fuzz`

help: a command with a similar name exists: `hfuzz`

help: view all installed commands with `cargo --list`
help: find a package to install `fuzz` with `cargo search cargo-fuzz`

@shinghim
Copy link
Copy Markdown
Contributor Author

shinghim commented Feb 3, 2026

@tcharding i think you will need to have cargo fuzz installed via cargo install cargo-fuzz so that the script can run cargo fuzz list

@tcharding
Copy link
Copy Markdown
Member

tcharding commented Feb 4, 2026

Indeed - face palm. Thanks mate.

tcharding
tcharding approved these changes Feb 4, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@tcharding tcharding left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 17eccb3

@apoelstra apoelstra mentioned this pull request Feb 10, 2026
Open
@shinghim
Copy link
Copy Markdown
Contributor Author

shinghim commented Feb 18, 2026

@apoelstra were you able to run your local CI against this branch after i added the fuzzing flag?

@apoelstra
Copy link
Copy Markdown
Member

apoelstra commented Feb 27, 2026

I didn't try because it fell to the back of my queue, sorry.

Can you rebase it?

apoelstra
apoelstra reviewed Feb 27, 2026
View reviewed changes
@shinghim
Copy link
Copy Markdown
Contributor Author

shinghim commented Mar 3, 2026

Rebased

tcharding
tcharding approved these changes Mar 3, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@tcharding tcharding left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 3c55f64

@shinghim shinghim force-pushed the cargo-fuzz branch 2 times, most recently from af1423b to 3ad3f35 Compare March 8, 2026 21:08
@apoelstra
Copy link
Copy Markdown
Member

apoelstra commented Mar 14, 2026

Heh, these Zizimor errors are pretty interesting. Unsure why they're showing up here and not elsewhere.

In 3ad3f35:

This still adds [features] to fuzz/generate-files.sh.

@shinghim
Migrate from Honggfuzz to libfuzzer
35c0b9d 
This commit has a few main parts:

- Update CI to install required dependencies for libfuzzer
The default Cross s390x image uses an older version of GCC (Ubuntu
20.04), which lacks std::clamp needed by libfuzzer-sys. The s390x
Dockerfile provides Cross with a container with GCC 13, native build
tools, and QEMU for running s390x tests. Cross.toml configures Cross to
use this custom image instead of the default.

- Update the lock files
- Update the fuzz targets to use libfuzzer
- Update the fuzz helper scripts and documentation
- Update the duplicate dependency whitelist to include libc
- Move `fuzz` into a nested workspace
@shinghim
Copy link
Copy Markdown
Contributor Author

shinghim commented Mar 14, 2026
edited
Loading

Removed from fuzz/generate-files.sh

It looks like the zizmor stuff is popping up cause this is updating CI. They aren't related to this PR, but I created #5833 to track

@shinghim shinghim mentioned this pull request Mar 14, 2026
Closed
apoelstra
apoelstra approved these changes Mar 15, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@apoelstra apoelstra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 35c0b9d; successfully ran local tests; gonna one-ACK merge since there is little change since tcharding's last review, other than my technical complaining

@shinghim shinghim mentioned this pull request Mar 16, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@apoelstra apoelstra apoelstra approved these changes

@tcharding tcharding tcharding approved these changes

+2 more reviewers

@nyonson nyonson nyonson left review comments

@benalleng benalleng benalleng left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

ci doc test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Switch to Libfuzzer

5 participants

@shinghim @apoelstra @nyonson @tcharding @benalleng