Update help message

README.md

@@ -249,10 +249,18 @@ The `cargo test-fuzz` command is used to interact with fuzz targets, and to mani
 
 ```
       --backtrace             Display backtraces
-      --consolidate           Move one target's crashes, hangs, and work queue to its corpus; to consolidate all targets, use --consolidate-all
-      --display <OBJECT>      Display concretizations, corpus, crashes, `impl` concretizations, hangs, or work queue. By default, corpus uses an uninstrumented fuzz target; the others use an instrumented fuzz target. To display the corpus with instrumentation, use --display corpus-instrumented. [possible values: concretizations, corpus, corpus-instrumented, crashes, hangs, impl-concretizations, queue]
+      --consolidate           Move one target's crashes, hangs, and work queue to its corpus; to
+                              consolidate all targets, use --consolidate-all
+      --display <OBJECT>      Display concretizations, corpus, crashes, `impl` concretizations,
+                              hangs, or work queue. By default, corpus uses an uninstrumented fuzz
+                              target; the others use an instrumented fuzz target. To display the
+                              corpus with instrumentation, use --display corpus-instrumented. [possible
+                              values: concretizations, corpus, corpus-instrumented, crashes, hangs,
+                              impl-concretizations, queue]
       --exact                 Target name is an exact name rather than a substring
-      --exit-code             Exit with 0 if the time limit was reached, 1 for other programmatic aborts, and 2 if an error occurred; implies --no-ui, does not imply --run-until-crash or -- -V <SECONDS>
+      --exit-code             Exit with 0 if the time limit was reached, 1 for other programmatic
+                              aborts, and 2 if an error occurred; implies --no-ui, does not imply
+                              --run-until-crash or -- -V <SECONDS>
       --features <FEATURES>   Space or comma separated list of features to activate
       --list                  List fuzz targets
       --manifest-path <PATH>  Path to Cargo.toml
@@ -263,15 +271,27 @@ The `cargo test-fuzz` command is used to interact with fuzz targets, and to mani
   -p, --package <PACKAGE>     Package containing fuzz target
       --persistent            Enable persistent mode fuzzing
       --pretty-print          Pretty-print debug output when displaying/replaying
-      --replay <OBJECT>       Replay corpus, crashes, hangs, or work queue. By default, corpus uses an uninstrumented fuzz target; the others use an instrumented fuzz target. To replay the corpus with instrumentation, use --replay corpus-instrumented. [possible values: concretizations, corpus, corpus-instrumented, crashes, hangs, impl-concretizations, queue]
-      --reset                 Clear fuzzing data for one target, but leave corpus intact; to reset all targets, use --reset-all
+      --replay <OBJECT>       Replay corpus, crashes, hangs, or work queue. By default, corpus uses
+                              an uninstrumented fuzz target; the others use an instrumented fuzz
+                              target. To replay the corpus with instrumentation, use --replay
+                              corpus-instrumented. [possible values: concretizations, corpus,
+                              corpus-instrumented, crashes, hangs, impl-concretizations, queue]
+      --reset                 Clear fuzzing data for one target, but leave corpus intact; to reset
+                              all targets, use --reset-all
       --resume                Resume target's last fuzzing session
       --run-until-crash       Stop fuzzing once a crash is found
       --test <NAME>           Integration test containing fuzz target
-      --timeout <TIMEOUT>     Number of milliseconds to consider a hang when fuzzing or replaying (equivalent to -- -t <TIMEOUT> when fuzzing)
+      --timeout <TIMEOUT>     Number of milliseconds to consider a hang when fuzzing or replaying
+                              (equivalent to -- -t <TIMEOUT> when fuzzing)
       --verbose               Show build output when displaying/replaying
   -h, --help                  Print help information
   -V, --version               Print version information
+
+To fuzz at most <SECONDS> of time, use:
+
+    cargo test-fuzz ... -- -V <SECONDS>
+
+Try `cargo afl fuzz --help` to see additional fuzzer options.
 ```
 
 ### Convenience functions and macros

cargo-test-fuzz/Cargo.toml

@@ -20,7 +20,7 @@ doctest = false
 anyhow = "1.0.66"
 bitflags = "1.3.2"
 cargo_metadata = "0.15.0"
-clap = { version = "4.0.18", features = ["cargo", "derive"] }
+clap = { version = "4.0.18", features = ["cargo", "derive", "wrap_help"] }
 env_logger = "0.9.1"
 heck = "0.4.0"
 lazy_static = "1.4.0"

cargo-test-fuzz/patches/solana.patch

@@ -180,10 +180,10 @@ index c61d8e2..ffad007 100644
  pub struct ExecuteDetailsTimings {
      pub serialize_us: u64,
 diff --git a/programs/bpf_loader/Cargo.toml b/programs/bpf_loader/Cargo.toml
-index 0765e78..b1fe289 100644
+index d95a4ab..a86b1d1 100644
 --- a/programs/bpf_loader/Cargo.toml
 +++ b/programs/bpf_loader/Cargo.toml
-@@ -23,4 +23,7 @@ solana_rbpf = "=0.2.34"
+@@ -23,4 +23,7 @@ solana_rbpf = "=0.2.35"
  thiserror = "1.0"
 
 +serde = "1.0"
@@ -192,7 +192,7 @@ index 0765e78..b1fe289 100644
  [dev-dependencies]
  rand = "0.7.3"
 diff --git a/programs/bpf_loader/src/lib.rs b/programs/bpf_loader/src/lib.rs
-index f9835b7..8963a0c 100644
+index e9f2bad..6aece84 100644
 --- a/programs/bpf_loader/src/lib.rs
 +++ b/programs/bpf_loader/src/lib.rs
 @@ -392,7 +392,8 @@ pub fn create_vm<'a, 'b>(
@@ -225,10 +225,10 @@ index 660b46a..7ffc5ef 100644
  [target.'cfg(target_arch = "wasm32")'.dependencies]
  js-sys = "0.3.59"
 diff --git a/sdk/src/feature_set.rs b/sdk/src/feature_set.rs
-index c7fe655..e414d60 100644
+index 8671ee3..6ea7453 100644
 --- a/sdk/src/feature_set.rs
 +++ b/sdk/src/feature_set.rs
-@@ -691,5 +691,5 @@ lazy_static! {
+@@ -696,5 +696,5 @@ lazy_static! {
 
  /// `FeatureSet` holds the set of currently active/inactive runtime features
 -#[derive(AbiExample, Debug, Clone, Eq, PartialEq)]

cargo-test-fuzz/src/transition.rs

@@ -20,7 +20,12 @@ enum SubCommand {
 
 // smoelius: Wherever possible, try to reuse cargo test and libtest option names.
 #[derive(Clone, Debug, Deserialize, Parser, Serialize)]
-#[clap(version = crate_version!())]
+#[clap(version = crate_version!(), after_help = "To fuzz at most <SECONDS> of time, use:
+
+    cargo test-fuzz ... -- -V <SECONDS>
+
+Try `cargo afl fuzz --help` to see additional fuzzer options.
+")]
 #[remain::sorted]
 struct TestFuzzWithDeprecations {
     #[clap(long, help = "Display backtraces")]