## Fuzzing with AFL++ (https://aflplus.plus/)

1. In the top directory rebuild passt with AFL instrumentation, Clang
   and ASAN:

```
make clean
AFL_USE_ASAN=1 make CC=/usr/bin/afl-clang-fast passt
```

2. In the fuzzing/ subdirectory, build the fuzzing wrapper *without*
   instrumentation:

```
cd fuzzing
make fuzz-wrapper
```

3. Run AFL++

Create `fuzzing/sync_dir` and run multiple copies of afl-fuzz.
Usually you should run 1 master (-M) and as many slaves (-S) as you
can.

Master:

```
cd fuzzing
mkdir -p sync_dir
export AFL_SKIP_BIN_CHECK=1
export AFL_NO_FORKSRV=1
afl-fuzz -i testcase_dir -o sync_dir -M fuzz01 ./fuzz-wrapper @@
```

Slaves:

```
cd fuzzing
export AFL_SKIP_BIN_CHECK=1
export AFL_NO_FORKSRV=1
# replace fuzzNN with fuzz02, fuzz03, etc.
afl-fuzz -i testcase_dir -o sync_dir -S fuzzNN ./fuzz-wrapper @@
```