feat: Add AFL++ fuzzing integration with persistent mode (#5932)

feat: add afl integration

Author: vyavdoshenko

.gitignore

@@ -21,3 +21,5 @@ releases
 .secrets
 cmake-build-debug
 .venv/
+fuzz/artifacts/
+fuzz/corpus/

CMakeLists.txt

@@ -7,6 +7,27 @@ enable_testing()
 
 set(CMAKE_EXPORT_COMPILE_COMMANDS 1)
 
+# AFL++ fuzzing support - must be set BEFORE project() command
+option(USE_AFL "Enable AFL++ fuzzing" OFF)
+if(USE_AFL)
+  # Automatically set AFL++ compilers if not already set
+  if(NOT CMAKE_C_COMPILER MATCHES "afl-" AND NOT CMAKE_CXX_COMPILER MATCHES "afl-")
+    # Try to find afl-clang-fast
+    find_program(AFL_CC afl-clang-lto)
+    find_program(AFL_CXX afl-clang-lto++)
+
+    if(AFL_CC AND AFL_CXX)
+      message(STATUS "AFL++ fuzzing enabled - setting compilers")
+      set(CMAKE_C_COMPILER ${AFL_CC})
+      set(CMAKE_CXX_COMPILER ${AFL_CXX})
+    else()
+      message(FATAL_ERROR "USE_AFL=ON but AFL++ compilers not found!\n"
+              "Please install AFL++: apt install afl++ or build from source\n"
+              "https://github.com/AFLplusplus/AFLplusplus")
+    endif()
+  endif()
+endif()
+
 # Set targets in folders
 set_property(GLOBAL PROPERTY USE_FOLDERS ON)
 project(DRAGONFLY C CXX)
@@ -42,6 +63,30 @@ find_package(OpenSSL)
 
 SET(SANITIZERS OFF)
 
+# AFL++ configuration - must be before sanitizer checks
+if(USE_AFL)
+  message(STATUS "AFL++ fuzzing mode active")
+  message(STATUS "  C compiler: ${CMAKE_C_COMPILER}")
+  message(STATUS "  C++ compiler: ${CMAKE_CXX_COMPILER}")
+
+  # Add USE_AFL as compile definition so #ifdef USE_AFL works in code
+  add_compile_definitions(USE_AFL)
+
+  # AFL++ requires specific compiler flags for coverage instrumentation
+  set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g")
+  set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g")
+
+  # Force disable sanitizers when fuzzing (AFL++ incompatible with ASAN/UBSAN)
+  message(STATUS "Disabling sanitizers (incompatible with AFL++ fuzzing)")
+  set(WITH_ASAN OFF CACHE BOOL "Disable ASAN for fuzzing" FORCE)
+  set(WITH_USAN OFF CACHE BOOL "Disable UBSAN for fuzzing" FORCE)
+
+  # Disable AWS and GCP for fuzzing builds (not needed, reduces build time)
+  message(STATUS "Disabling AWS and GCP integrations for fuzzing")
+  set(WITH_AWS OFF CACHE BOOL "Disable AWS for fuzzing" FORCE)
+  set(WITH_GCP OFF CACHE BOOL "Disable GCP for fuzzing" FORCE)
+endif()
+
 option(WITH_ASAN "Enable -fsanitize=address" OFF)
 if (SUPPORT_ASAN AND WITH_ASAN)
   message(STATUS "address sanitizer enabled")

fuzz/FUZZING.md

@@ -0,0 +1,43 @@
+# AFL++ Fuzzing for Dragonfly
+
+## Install AFL++
+
+```bash
+# From package manager (Ubuntu/Debian)
+sudo apt update
+sudo apt install afl++
+
+# Or build from source
+git clone https://github.com/AFLplusplus/AFLplusplus
+cd AFLplusplus
+make distrib
+sudo make install
+```
+
+## Prepare System
+
+```bash
+sudo afl-system-config
+```
+
+Sets core_pattern and CPU governors for optimal AFL++ performance.
+
+## Build
+
+```bash
+cmake -B build-dbg -DUSE_AFL=ON -DCMAKE_BUILD_TYPE=Debug -GNinja
+ninja -C build-dbg dragonfly
+```
+
+## Run
+
+```bash
+cd fuzz
+./run_fuzzer.sh
+```
+
+## Replay Crash on production dragonfly:
+```bash
+./dragonfly --port=6379 &
+nc localhost 6379 < artifacts/resp/default/crashes/id:000000,...
+```

fuzz/dict/resp.dict

@@ -0,0 +1,196 @@
+# AFL++ dictionary for RESP protocol
+# Dragonfly command keywords and common patterns
+
+# RESP protocol markers
+"*"
+"$"
+"+"
+"-"
+":"
+"\x0d\x0a"
+
+# Common commands - String operations
+"GET"
+"SET"
+"MGET"
+"MSET"
+"INCR"
+"DECR"
+"APPEND"
+"STRLEN"
+"SETEX"
+"SETNX"
+"GETSET"
+"GETRANGE"
+"SETRANGE"
+
+# List operations
+"LPUSH"
+"RPUSH"
+"LPOP"
+"RPOP"
+"LLEN"
+"LRANGE"
+"LINDEX"
+"LSET"
+"LTRIM"
+"BLPOP"
+"BRPOP"
+
+# Hash operations
+"HSET"
+"HGET"
+"HMSET"
+"HMGET"
+"HGETALL"
+"HDEL"
+"HEXISTS"
+"HLEN"
+"HKEYS"
+"HVALS"
+"HINCRBY"
+
+# Set operations
+"SADD"
+"SREM"
+"SMEMBERS"
+"SISMEMBER"
+"SCARD"
+"SINTER"
+"SUNION"
+"SDIFF"
+"SPOP"
+
+# Sorted set operations
+"ZADD"
+"ZREM"
+"ZRANGE"
+"ZRANGEBYSCORE"
+"ZRANK"
+"ZSCORE"
+"ZCARD"
+"ZCOUNT"
+"ZINCRBY"
+
+# Key operations
+"DEL"
+"EXISTS"
+"EXPIRE"
+"TTL"
+"PERSIST"
+"KEYS"
+"SCAN"
+"TYPE"
+"RENAME"
+"RENAMENX"
+
+# Transaction commands
+"MULTI"
+"EXEC"
+"DISCARD"
+"WATCH"
+"UNWATCH"
+
+# Pub/Sub commands
+"PUBLISH"
+"SUBSCRIBE"
+"UNSUBSCRIBE"
+"PSUBSCRIBE"
+"PUNSUBSCRIBE"
+
+# Stream commands
+"XADD"
+"XREAD"
+"XRANGE"
+"XLEN"
+"XDEL"
+"XTRIM"
+"XGROUP"
+"XREADGROUP"
+
+# JSON commands
+"JSON.SET"
+"JSON.GET"
+"JSON.DEL"
+"JSON.TYPE"
+"JSON.NUMINCRBY"
+"JSON.ARRAPPEND"
+"JSON.ARRLEN"
+
+# Bloom filter commands
+"BF.ADD"
+"BF.EXISTS"
+"BF.RESERVE"
+"BF.MADD"
+"BF.MEXISTS"
+
+# HyperLogLog commands
+"PFADD"
+"PFCOUNT"
+"PFMERGE"
+
+# Geo commands
+"GEOADD"
+"GEODIST"
+"GEORADIUS"
+"GEOSEARCH"
+
+# Server commands
+"PING"
+"ECHO"
+"INFO"
+"DBSIZE"
+"SELECT"
+
+# Cluster commands
+"CLUSTER"
+"READONLY"
+"READWRITE"
+
+# Common keys for testing
+"key"
+"mykey"
+"key1"
+"key2"
+"test"
+"foo"
+"bar"
+"user:1"
+"session:123"
+
+# Common values
+"value"
+"hello"
+"world"
+"123"
+"0"
+"1"
+"-1"
+
+# Number patterns
+"0"
+"1"
+"100"
+"1000"
+"-1"
+"-100"
+
+# Special arguments
+"NX"
+"XX"
+"EX"
+"PX"
+"GT"
+"LT"
+"WITHSCORES"
+"LIMIT"
+"COUNT"
+"MATCH"
+"BLOCK"
+
+# Common RESP command patterns
+"*1\x0d\x0a$4\x0d\x0aPING\x0d\x0a"
+"*2\x0d\x0a$3\x0d\x0aGET\x0d\x0a$3\x0d\x0akey\x0d\x0a"
+"*3\x0d\x0a$3\x0d\x0aSET\x0d\x0a$3\x0d\x0akey\x0d\x0a$5\x0d\x0avalue\x0d\x0a"
+"*2\x0d\x0a$3\x0d\x0aDEL\x0d\x0a$3\x0d\x0akey\x0d\x0a"
+"*2\x0d\x0a$6\x0d\x0aEXISTS\x0d\x0a$3\x0d\x0akey\x0d\x0a"