diff --git a/README.md b/README.md index 18c69cbf..6de907c1 100644 --- a/README.md +++ b/README.md @@ -249,10 +249,18 @@ The `cargo test-fuzz` command is used to interact with fuzz targets, and to mani ``` --backtrace Display backtraces - --consolidate Move one target's crashes, hangs, and work queue to its corpus; to consolidate all targets, use --consolidate-all - --display Display concretizations, corpus, crashes, `impl` concretizations, hangs, or work queue. By default, corpus uses an uninstrumented fuzz target; the others use an instrumented fuzz target. To display the corpus with instrumentation, use --display corpus-instrumented. [possible values: concretizations, corpus, corpus-instrumented, crashes, hangs, impl-concretizations, queue] + --consolidate Move one target's crashes, hangs, and work queue to its corpus; to + consolidate all targets, use --consolidate-all + --display Display concretizations, corpus, crashes, `impl` concretizations, + hangs, or work queue. By default, corpus uses an uninstrumented fuzz + target; the others use an instrumented fuzz target. To display the + corpus with instrumentation, use --display corpus-instrumented. [possible + values: concretizations, corpus, corpus-instrumented, crashes, hangs, + impl-concretizations, queue] --exact Target name is an exact name rather than a substring - --exit-code Exit with 0 if the time limit was reached, 1 for other programmatic aborts, and 2 if an error occurred; implies --no-ui, does not imply --run-until-crash or -- -V + --exit-code Exit with 0 if the time limit was reached, 1 for other programmatic + aborts, and 2 if an error occurred; implies --no-ui, does not imply + --run-until-crash or -- -V --features Space or comma separated list of features to activate --list List fuzz targets --manifest-path Path to Cargo.toml @@ -263,15 +271,27 @@ The `cargo test-fuzz` command is used to interact with fuzz targets, and to mani -p, --package Package containing fuzz target --persistent Enable persistent mode fuzzing --pretty-print Pretty-print debug output when displaying/replaying - --replay Replay corpus, crashes, hangs, or work queue. By default, corpus uses an uninstrumented fuzz target; the others use an instrumented fuzz target. To replay the corpus with instrumentation, use --replay corpus-instrumented. [possible values: concretizations, corpus, corpus-instrumented, crashes, hangs, impl-concretizations, queue] - --reset Clear fuzzing data for one target, but leave corpus intact; to reset all targets, use --reset-all + --replay Replay corpus, crashes, hangs, or work queue. By default, corpus uses + an uninstrumented fuzz target; the others use an instrumented fuzz + target. To replay the corpus with instrumentation, use --replay + corpus-instrumented. [possible values: concretizations, corpus, + corpus-instrumented, crashes, hangs, impl-concretizations, queue] + --reset Clear fuzzing data for one target, but leave corpus intact; to reset + all targets, use --reset-all --resume Resume target's last fuzzing session --run-until-crash Stop fuzzing once a crash is found --test Integration test containing fuzz target - --timeout Number of milliseconds to consider a hang when fuzzing or replaying (equivalent to -- -t when fuzzing) + --timeout Number of milliseconds to consider a hang when fuzzing or replaying + (equivalent to -- -t when fuzzing) --verbose Show build output when displaying/replaying -h, --help Print help information -V, --version Print version information + +To fuzz at most of time, use: + + cargo test-fuzz ... -- -V + +Try `cargo afl fuzz --help` to see additional fuzzer options. ``` ### Convenience functions and macros diff --git a/cargo-test-fuzz/Cargo.toml b/cargo-test-fuzz/Cargo.toml index 28be2adf..73c03247 100644 --- a/cargo-test-fuzz/Cargo.toml +++ b/cargo-test-fuzz/Cargo.toml @@ -20,7 +20,7 @@ doctest = false anyhow = "1.0.66" bitflags = "1.3.2" cargo_metadata = "0.15.0" -clap = { version = "4.0.18", features = ["cargo", "derive"] } +clap = { version = "4.0.18", features = ["cargo", "derive", "wrap_help"] } env_logger = "0.9.1" heck = "0.4.0" lazy_static = "1.4.0" diff --git a/cargo-test-fuzz/patches/solana.patch b/cargo-test-fuzz/patches/solana.patch index 7f5d7740..2c5c5bc1 100644 --- a/cargo-test-fuzz/patches/solana.patch +++ b/cargo-test-fuzz/patches/solana.patch @@ -180,10 +180,10 @@ index c61d8e2..ffad007 100644 pub struct ExecuteDetailsTimings { pub serialize_us: u64, diff --git a/programs/bpf_loader/Cargo.toml b/programs/bpf_loader/Cargo.toml -index 0765e78..b1fe289 100644 +index d95a4ab..a86b1d1 100644 --- a/programs/bpf_loader/Cargo.toml +++ b/programs/bpf_loader/Cargo.toml -@@ -23,4 +23,7 @@ solana_rbpf = "=0.2.34" +@@ -23,4 +23,7 @@ solana_rbpf = "=0.2.35" thiserror = "1.0" +serde = "1.0" @@ -192,7 +192,7 @@ index 0765e78..b1fe289 100644 [dev-dependencies] rand = "0.7.3" diff --git a/programs/bpf_loader/src/lib.rs b/programs/bpf_loader/src/lib.rs -index f9835b7..8963a0c 100644 +index e9f2bad..6aece84 100644 --- a/programs/bpf_loader/src/lib.rs +++ b/programs/bpf_loader/src/lib.rs @@ -392,7 +392,8 @@ pub fn create_vm<'a, 'b>( @@ -225,10 +225,10 @@ index 660b46a..7ffc5ef 100644 [target.'cfg(target_arch = "wasm32")'.dependencies] js-sys = "0.3.59" diff --git a/sdk/src/feature_set.rs b/sdk/src/feature_set.rs -index c7fe655..e414d60 100644 +index 8671ee3..6ea7453 100644 --- a/sdk/src/feature_set.rs +++ b/sdk/src/feature_set.rs -@@ -691,5 +691,5 @@ lazy_static! { +@@ -696,5 +696,5 @@ lazy_static! { /// `FeatureSet` holds the set of currently active/inactive runtime features -#[derive(AbiExample, Debug, Clone, Eq, PartialEq)] diff --git a/cargo-test-fuzz/src/transition.rs b/cargo-test-fuzz/src/transition.rs index f062d391..a425659b 100644 --- a/cargo-test-fuzz/src/transition.rs +++ b/cargo-test-fuzz/src/transition.rs @@ -20,7 +20,12 @@ enum SubCommand { // smoelius: Wherever possible, try to reuse cargo test and libtest option names. #[derive(Clone, Debug, Deserialize, Parser, Serialize)] -#[clap(version = crate_version!())] +#[clap(version = crate_version!(), after_help = "To fuzz at most of time, use: + + cargo test-fuzz ... -- -V + +Try `cargo afl fuzz --help` to see additional fuzzer options. +")] #[remain::sorted] struct TestFuzzWithDeprecations { #[clap(long, help = "Display backtraces")]