docs: add --fork and fuzz-clean-dbus-proxy usage to README and CLAUDE.md

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-25 22:24:43 +00:00 · 2026-03-25 22:24:43 +00:00 · ef5e320cfc
commit ef5e320cfc
parent 869abed1b0
2 changed files with 24 additions and 0 deletions
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -33,6 +33,12 @@ cd vmsilo-dbus-proxy && cargo fuzz run <target>

 # Or one-liner
 nix run .#fuzz-dbus-proxy -- <target>
+
+# Parallel fuzzing (restarts automatically on crash)
+nix run .#fuzz-dbus-proxy -- <target> --fork=4
+
+# Re-test artifacts after a fix, delete those that no longer crash
+nix run .#fuzz-clean-dbus-proxy -- <target>
 ```

 Fuzz targets live in `vmsilo-dbus-proxy/fuzz/`. Protocol types have `Arbitrary` derives behind the `fuzz` feature flag. Invariant assertions are in `src/fuzz_helpers.rs`.
--- a/README.md
+++ b/README.md
@ -635,6 +635,24 @@ cd vmsilo-dbus-proxy
 cargo fuzz run fuzz_sanitize_snapshot
 ```

+### Parallel fuzzing
+
+Use `--fork=N` to run N parallel workers. The wrapper automatically restarts the fuzzer when it exits (e.g., after finding a crash), so artifacts accumulate:
+
+```bash
+nix run .#fuzz-dbus-proxy -- fuzz_sanitize_snapshot --fork=4
+```
+
+### Cleaning fixed artifacts
+
+After fixing a bug, re-test saved crash/oom/timeout artifacts and delete those that no longer reproduce:
+
+```bash
+nix run .#fuzz-clean-dbus-proxy -- fuzz_sanitize_snapshot
+```
+
+This builds the target first (aborts without deleting if the build fails), tests each artifact with a 30s timeout, and removes the ones that pass.
+
 ### Targets

 | Target | Input | What it tests |