ci(fuzz): Switch to alf for faster fuzzing

.github/workflows/ci.yaml

@@ -65,7 +65,10 @@ jobs:
           override: true
           components: rustfmt
       - name: fmt
-        run: cargo fmt --all -- --check
+        uses: actions-rs/cargo@v1
+        with:
+          command: fmt
+          args: --all -- --check
 
   style_and_docs:
     if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
@@ -105,38 +108,61 @@ jobs:
           profile: minimal
           toolchain: nightly
           override: true
-      - uses: actions-rs/cargo@v1
+      - name: Install afl
+        uses: actions-rs/cargo@v1
         with:
           command: install
-          args: cargo-fuzz
+          args: cargo-afl
+      - name: cargo afl system-config
+        uses: actions-rs/cargo@v1
+        with:
+          command: afl
+          args: system-config
       - name: compile fuzz
         uses: actions-rs/cargo@v1
         with:
-          command: fuzz
-          args: build --all-features fuzz_read
+          command: afl
+          args: build --all-features --manifest-path ${{ github.workspace }}/fuzz_read/Cargo.toml
       - name: run fuzz
-        timeout-minutes: 350
+        timeout-minutes: 70
         uses: actions-rs/cargo@v1
         with:
-          command: fuzz
-          args: run --all-features fuzz_read -- fuzz/corpus/fuzz_read -timeout=10s -rss_limit_mb=8192 -fork=2 -runs=25000000 -max_len=1000 -max_total_time=20700 -dict=fuzz/fuzz.dict
+          command: afl
+          args: fuzz -i ${{ github.workspace }}/fuzz_read/in -o out -V 3600 -a binary -- ${{ github.workspace }}/fuzz_read/target/debug/fuzz_read
+      - name: Minimize corpus
+        uses: actions-rs/cargo@v1
+        with:
+          command: afl
+          args: cmin -i out/default/queue -o out_cmin -- ${{ github.workspace }}/fuzz_read/target/debug/fuzz_read
+      - name: Report coverage
+        uses: actions-rs/cargo@v1
+        with:
+          command: afl
+          args: showmap -C -i out -o map -- ${{ github.workspace }}/fuzz_read/target/debug/fuzz_read
+      - run: sudo apt install rename
+      - name: Rename files
+        run: |
+            rename 's/:/-/g' map/*
+            rename 's/:/-/g' out_cmin/*
+            rename 's/:/-/g' out/default/crashes/*
+      - name: Upload updated corpus
+        uses: actions/upload-artifact@v4
+        with:
+          name: fuzz_read_corpus
+          path: out_cmin/*
       - name: Upload any failure inputs
         if: always()
         uses: actions/upload-artifact@v4
         with:
           name: fuzz_read_bad_inputs
-          path: fuzz/artifacts/fuzz_read/crash-*
+          path: out/default/crashes/*
           if-no-files-found: ignore
-      - name: Minimize seed corpus
-        if: always()
-        run: ./recursive-fuzz-cmin.sh read 70000
-        shell: bash
-      - name: Upload updated seed corpus
+      - name: Upload coverage report
         if: always()
         uses: actions/upload-artifact@v4
         with:
-          name: fuzz_read_corpus
-          path: fuzz/corpus/fuzz_read/*
+          name: fuzz_read_coverage
+          path: map
 
   fuzz_read_with_no_features:
     runs-on: ubuntu-latest
@@ -151,28 +177,50 @@ jobs:
           profile: minimal
           toolchain: nightly
           override: true
-      - uses: actions-rs/cargo@v1
+      - name: Install afl
+        uses: actions-rs/cargo@v1
         with:
           command: install
-          args: cargo-fuzz
+          args: cargo-afl
+      - name: cargo afl system-config
+        uses: actions-rs/cargo@v1
+        with:
+          command: afl
+          args: system-config
       - name: compile fuzz
         uses: actions-rs/cargo@v1
         with:
-          command: fuzz
-          args: build --no-default-features fuzz_read
+          command: afl
+          args: build --manifest-path ${{ github.workspace }}/fuzz_read/Cargo.toml
       - name: run fuzz
-        timeout-minutes: 350
+        timeout-minutes: 70
+        uses: actions-rs/cargo@v1
+        with:
+          command: afl
+          args: fuzz -i ${{ github.workspace }}/fuzz_read/in -o out -V 3600 -a binary -- ${{ github.workspace }}/fuzz_read/target/debug/fuzz_read
+      - name: Report coverage
         uses: actions-rs/cargo@v1
         with:
-          command: fuzz
-          args: run --no-default-features fuzz_read fuzz/corpus/fuzz_read -- -rss_limit_mb=8192 -timeout=10s -fork=2 -runs=40000000 -max_total_time=20700 -max_len=70000 -dict=fuzz/fuzz.dict
+          command: afl
+          args: showmap -C -i out -o map -- ${{ github.workspace }}/fuzz_read/target/debug/fuzz_read
+      - run: sudo apt install rename
+      - name: Rename files
+        run: |
+            rename 's/:/-/g' map/*
+            rename 's/:/-/g' out/default/crashes/*
       - name: Upload any failure inputs
         if: always()
         uses: actions/upload-artifact@v4
         with:
-          name: fuzz_read_no_features_bad_inputs
-          path: fuzz/artifacts/fuzz_read/crash-*
+          name: fuzz_read_bad_inputs_no_features
+          path: out/default/crashes/*
           if-no-files-found: ignore
+      - name: Upload coverage report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: fuzz_read_coverage_no_features
+          path: map
 
   fuzz_write:
     runs-on: ubuntu-latest
@@ -187,41 +235,61 @@ jobs:
           profile: minimal
           toolchain: nightly
           override: true
-      - uses: actions-rs/cargo@v1
+      - name: Install afl
+        uses: actions-rs/cargo@v1
         with:
           command: install
-          args: cargo-fuzz
+          args: cargo-afl
+      - name: cargo afl system-config
+        uses: actions-rs/cargo@v1
+        with:
+          command: afl
+          args: system-config
       - name: compile fuzz
         uses: actions-rs/cargo@v1
         with:
-          command: fuzz
-          args: build --all-features fuzz_write
+          command: afl
+          args: build --all-features --manifest-path ${{ github.workspace }}/fuzz_write/Cargo.toml
       - name: run fuzz
-        timeout-minutes: 350
+        timeout-minutes: 70
+        uses: actions-rs/cargo@v1
+        with:
+          command: afl
+          args: fuzz -i ${{ github.workspace }}/fuzz_write/in -o out -V 3600 -a binary -x ${{ github.workspace }}/fuzz_write/fuzz.dict -- ${{ github.workspace }}/fuzz_write/target/debug/fuzz_write
+      - name: Minimize corpus
         uses: actions-rs/cargo@v1
         with:
-          command: fuzz
-          args: run --all-features fuzz_write fuzz/corpus/fuzz_write -- -rss_limit_mb=8192 -timeout=2s -fork=2 -runs=5000000 -max_len=160 -max_total_time=20700 -dict=fuzz/fuzz.dict
+          command: afl
+          args: cmin -i out/default/queue -o out_cmin -- ${{ github.workspace }}/fuzz_write/target/debug/fuzz_write
+      - name: Report coverage
+        uses: actions-rs/cargo@v1
+        with:
+          command: afl
+          args: showmap -C -i out -o map -- ${{ github.workspace }}/fuzz_write/target/debug/fuzz_write
+      - run: sudo apt install rename
+      - name: Rename files
+        run: |
+            rename 's/:/-/g' map/*
+            rename 's/:/-/g' out_cmin/*
+            rename 's/:/-/g' out/default/crashes/*
+      - name: Upload updated corpus
+        uses: actions/upload-artifact@v4
+        with:
+          name: fuzz_write_corpus
+          path: out_cmin/*
       - name: Upload any failure inputs
         if: always()
         uses: actions/upload-artifact@v4
         with:
           name: fuzz_write_bad_inputs
-          path: |
-            fuzz/artifacts/fuzz_write/crash-*
-            fuzz/artifacts/fuzz_write/leak-*
-            fuzz/artifacts/fuzz_write/timeout-*
+          path: out/default/crashes/*
           if-no-files-found: ignore
-      - name: Minimize seed corpus
-        if: always()
-        run: ./recursive-fuzz-cmin.sh write 500
-        shell: bash
-      - name: Upload updated seed corpus
+      - name: Upload coverage report
         if: always()
         uses: actions/upload-artifact@v4
         with:
-          name: fuzz_write_corpus
-          path: fuzz/corpus/fuzz_write/*
+          name: fuzz_write_coverage
+          path: map
 
   fuzz_write_with_no_features:
     runs-on: ubuntu-latest
@@ -236,25 +304,47 @@ jobs:
           profile: minimal
           toolchain: nightly
           override: true
-      - uses: actions-rs/cargo@v1
+      - name: Install afl
+        uses: actions-rs/cargo@v1
         with:
           command: install
-          args: cargo-fuzz
+          args: cargo-afl
+      - name: cargo afl system-config
+        uses: actions-rs/cargo@v1
+        with:
+          command: afl
+          args: system-config
       - name: compile fuzz
         uses: actions-rs/cargo@v1
         with:
-          command: fuzz
-          args: build --no-default-features fuzz_write
+          command: afl
+          args: build --all-features --manifest-path ${{ github.workspace }}/fuzz_write/Cargo.toml
       - name: run fuzz
-        timeout-minutes: 350
+        timeout-minutes: 70
         uses: actions-rs/cargo@v1
         with:
-          command: fuzz
-          args: run --no-default-features fuzz_write fuzz/corpus/fuzz_write -- -rss_limit_mb=8192 -timeout=10s -fork=2 -runs=40000000 -max_len=256 -max_total_time=20700 -dict=fuzz/fuzz.dict
+          command: afl
+          args: fuzz -i ${{ github.workspace }}/fuzz_write/in -o out -V 3600 -a binary -x ${{ github.workspace }}/fuzz_write/fuzz.dict -- ${{ github.workspace }}/fuzz_write/target/debug/fuzz_write
+      - name: Report coverage
+        uses: actions-rs/cargo@v1
+        with:
+          command: afl
+          args: showmap -C -i out -o map -- ${{ github.workspace }}/fuzz_write/target/debug/fuzz_write
+      - run: sudo apt install rename
+      - name: Rename files
+        run: |
+            rename 's/:/-/g' map/*
+            rename 's/:/-/g' out/default/crashes/*
       - name: Upload any failure inputs
         if: always()
         uses: actions/upload-artifact@v4
         with:
-          name: fuzz_write_no_features_bad_inputs
-          path: fuzz/artifacts/fuzz_write/crash-*
+          name: fuzz_write_bad_inputs_no_features
+          path: out/default/crashes/*
           if-no-files-found: ignore
+      - name: Upload coverage report
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: fuzz_write_coverage_no_features
+          path: map

.gitignore

@@ -2,3 +2,5 @@ Cargo.lock
 target
 .DS_Store
 \.idea/
+/fuzz_read/out/
+/fuzz_write/out/

Cargo.toml

@@ -15,7 +15,7 @@ description = """
 Library to support the reading and writing of zip files.
 """
 edition = "2021"
-exclude = ["tests/**", "examples/**", ".github/**", "fuzz/**"]
+exclude = ["tests/**", "examples/**", ".github/**", "fuzz_read/**", "fuzz_write/**"]
 build = "src/build.rs"
 
 [package.metadata.docs.rs]
@@ -29,10 +29,10 @@ time = { version = "0.3.36", default-features = false }
 aes = { version = "0.8.4", optional = true }
 bzip2 = { version = "0.4.4", optional = true }
 chrono = { version = "0.4.38", optional = true }
-constant_time_eq = { version = "0.3.0", optional = true }
+constant_time_eq = { version = "0.3.1", optional = true }
 crc32fast = "1.4.2"
 displaydoc = { version = "0.2.5", default-features = false }
-flate2 = { version = "1.0.30", default-features = false, optional = true }
+flate2 = { version = "1.0.33", default-features = false, optional = true }
 indexmap = "2"
 hmac = { version = "0.12.1", optional = true, features = ["reset"] }
 memchr = "2.7.4"
@@ -70,7 +70,7 @@ chrono = ["chrono/default"]
 _deflate-any = []
 _all-features = [] # Detect when --all-features is used
 deflate = ["flate2/rust_backend", "deflate-zopfli", "deflate-flate2"]
-deflate-flate2 = ["flate2/any_impl", "_deflate-any"]
+deflate-flate2 = ["_deflate-any"]
 # DEPRECATED: previously enabled `flate2/miniz_oxide` which is equivalent to `flate2/rust_backend`
 deflate-miniz = ["deflate", "deflate-flate2"]
 deflate-zlib = ["flate2/zlib", "deflate-flate2"]