dfinity · venkkatesh-sekar · Jan 30, 2026 · Jan 30, 2026
@@ -3,7 +3,6 @@
 members = [
     "build_canister",
     "canfuzz",
-    "canfuzz_derive",
     "canisters/rust/decode_candid",
     "canisters/rust/ledger",
     "canisters/rust/stable_memory",

@@ -15,10 +15,8 @@ use canfuzz::libafl::executors::ExitKind;
 use canfuzz::libafl::inputs::BytesInput;
 use candid::Principal;
 
-// 1. Define a struct for the fuzzer state and derive FuzzerState
-// Requires features = ["derive"] in Cargo.toml
-#[derive(canfuzz::FuzzerState)]
-struct MyFuzzer(FuzzerState);
+// 1. Define a struct for the fuzzer state using the macro
+canfuzz::define_fuzzer_state!(MyFuzzer);
 
 // 2. Implement the core fuzzing logic
 impl FuzzerOrchestrator for MyFuzzer {

@@ -30,11 +30,6 @@ wirm = { workspace = true }
 num-traits = { workspace = true }
 num-bigint = { workspace = true }
 naughty-strings = { workspace =  true }
-canfuzz_derive = { path = "../canfuzz_derive", optional = true }
-
-[features]
-default = []
-derive = ["dep:canfuzz_derive"]
 
 [dev-dependencies]
 wat = { workspace = true }

@@ -17,20 +17,8 @@
 //! use canfuzz::libafl::inputs::BytesInput;
 //! use std::path::PathBuf;
 //!
-//! // 1. Define a struct for your fuzzer and derive FuzzerState.
-//! // Note: Requires the "derive" feature enabled for canfuzz.
-//! #[cfg_attr(feature = "derive", derive(canfuzz::FuzzerState))]
-//! struct MyFuzzer(FuzzerState);
-//!
-//! // Manual implementation if "derive" feature is not used:
-//! #[cfg(not(feature = "derive"))]
-//! impl AsRef<FuzzerState> for MyFuzzer {
-//!     fn as_ref(&self) -> &FuzzerState { &self.0 }
-//! }
-//! #[cfg(not(feature = "derive"))]
-//! impl AsMut<FuzzerState> for MyFuzzer {
-//!     fn as_mut(&mut self) -> &mut FuzzerState { &mut self.0 }
-//! }
+//! // 1. Define a struct for your fuzzer using the macro.
+//! canfuzz::define_fuzzer_state!(MyFuzzer);
 //!
 //! // 2. Implement the fuzzing logic.
 //! impl FuzzerOrchestrator for MyFuzzer {
@@ -82,5 +70,21 @@ pub mod custom;
 pub use libafl;
 pub use libafl_bolts;
 
-#[cfg(feature = "derive")]
-pub use canfuzz_derive::FuzzerState;
+#[macro_export]
+macro_rules! define_fuzzer_state {
+    ($name:ident) => {
+        pub struct $name(pub canfuzz::fuzzer::FuzzerState);
+
+        impl AsRef<canfuzz::fuzzer::FuzzerState> for $name {
+            fn as_ref(&self) -> &canfuzz::fuzzer::FuzzerState {
+                &self.0
+            }
+        }
+
+        impl AsMut<canfuzz::fuzzer::FuzzerState> for $name {
+            fn as_mut(&mut self) -> &mut canfuzz::fuzzer::FuzzerState {
+                &mut self.0
+            }
+        }
+    };
+}
@@ -14,7 +14,7 @@ path = "src/decode_candid_by_instructions.rs"
 
 [dependencies]
 candid = { workspace = true }
-canfuzz = { path = "../../canfuzz/", features = ["derive"] }
+canfuzz = { path = "../../canfuzz/" }
 once_cell = { workspace = true }
 pocket-ic = { workspace = true }
 serde = { workspace = true }

@@ -1,7 +1,7 @@
-use canfuzz::FuzzerState;
 use canfuzz::custom::feedback::oom_exit_kind::OomLogic;
 use canfuzz::custom::observer::decode_map::{DECODING_MAP_OBSERVER_NAME, DecodingMapFeedback, MAP};
-use canfuzz::fuzzer::{CanisterBuilder, FuzzerBuilder, FuzzerState};
+use canfuzz::define_fuzzer_state;
+use canfuzz::fuzzer::{CanisterBuilder, FuzzerBuilder};
 use canfuzz::instrumentation::{InstrumentationArgs, Seed, instrument_wasm_for_fuzzing};
 use canfuzz::orchestrator::FuzzerOrchestrator;
 use canfuzz::util::{parse_canister_result_for_trap, read_canister_bytes};
@@ -39,6 +39,8 @@ use canfuzz::libafl::monitors::SimpleMonitor;
 // use libafl::monitors::tui::{ui::TuiUI, TuiMonitor};
 use canfuzz::libafl_bolts::{current_nanos, rands::StdRand, tuples::tuple_list};
 
+define_fuzzer_state!(DecodeCandidFuzzer);
+
 fn main() {
     let canister = CanisterBuilder::new("decode_candid")
         .with_wasm_env("DECODE_CANDID_WASM_PATH")
@@ -55,9 +57,6 @@ fn main() {
     fuzzer_state.run();
 }
 
-#[derive(FuzzerState)]
-struct DecodeCandidFuzzer(FuzzerState);
-
 impl FuzzerOrchestrator for DecodeCandidFuzzer {
     fn corpus_dir(&self) -> std::path::PathBuf {
         PathBuf::from(file!())

@@ -14,7 +14,7 @@ path = "src/motoko_diff.rs"
 
 [dependencies]
 candid = { workspace = true }
-canfuzz = { path = "../../canfuzz/", features = ["derive"] }
+canfuzz = { path = "../../canfuzz/" }
 k256 = { workspace = true }
 pocket-ic = { workspace = true }
 sha2 = { workspace = true }

@@ -1,4 +1,5 @@
 use candid::{Decode, Encode, Principal};
+use canfuzz::define_fuzzer_state;
 use canfuzz::libafl::executors::ExitKind;
 use canfuzz::libafl::inputs::ValueInput;
 use k256::U256;
@@ -14,12 +15,13 @@ use std::time::Duration;
 
 use slog::Level;
 
-use canfuzz::FuzzerState;
-use canfuzz::fuzzer::{CanisterBuilder, FuzzerBuilder, FuzzerState};
+use canfuzz::fuzzer::{CanisterBuilder, FuzzerBuilder};
 use canfuzz::instrumentation::{InstrumentationArgs, Seed, instrument_wasm_for_fuzzing};
 use canfuzz::orchestrator::FuzzerOrchestrator;
 use canfuzz::util::{parse_canister_result_for_trap, read_canister_bytes};
 
+define_fuzzer_state!(MotokoDiffFuzzer);
+
 fn main() {
     let canister = CanisterBuilder::new("ecdsa_sign")
         .with_wasm_env("MOTOKO_CANISTER_WASM_PATH")
@@ -35,9 +37,6 @@ fn main() {
     fuzzer_state.run();
 }
 
-#[derive(FuzzerState)]
-struct MotokoDiffFuzzer(FuzzerState);
-
 impl FuzzerOrchestrator for MotokoDiffFuzzer {
     fn corpus_dir(&self) -> std::path::PathBuf {
         PathBuf::from(file!())

@@ -14,7 +14,7 @@ path = "src/motoko_shim.rs"
 
 [dependencies]
 candid = { workspace = true }
-canfuzz = { path = "../../canfuzz/", features = ["derive"] }
+canfuzz = { path = "../../canfuzz/" }
 pocket-ic = { workspace = true }
 slog = { workspace = true }
 

@@ -1,4 +1,5 @@
 use candid::{Encode, Principal};
+use canfuzz::define_fuzzer_state;
 use canfuzz::libafl::executors::ExitKind;
 use canfuzz::libafl::inputs::ValueInput;
 use pocket_ic::PocketIcBuilder;
@@ -7,12 +8,13 @@ use std::time::Duration;
 
 use slog::Level;
 
-use canfuzz::FuzzerState;
-use canfuzz::fuzzer::{CanisterBuilder, FuzzerBuilder, FuzzerState};
+use canfuzz::fuzzer::{CanisterBuilder, FuzzerBuilder};
 use canfuzz::instrumentation::{InstrumentationArgs, Seed, instrument_wasm_for_fuzzing};
 use canfuzz::orchestrator::FuzzerOrchestrator;
 use canfuzz::util::{parse_canister_result_for_trap, read_canister_bytes};
 
+define_fuzzer_state!(MotokoShimFuzzer);
+
 fn main() {
     let canister = CanisterBuilder::new("json_decode")
         .with_wasm_env("MOTOKO_CANISTER_WASM_PATH")
@@ -28,9 +30,6 @@ fn main() {
     fuzzer_state.run();
 }
 
-#[derive(FuzzerState)]
-struct MotokoShimFuzzer(FuzzerState);
-
 impl FuzzerOrchestrator for MotokoShimFuzzer {
     fn corpus_dir(&self) -> std::path::PathBuf {
         PathBuf::from(file!())

@@ -14,7 +14,7 @@ path = "src/stable_memory_ops.rs"
 
 [dependencies]
 candid = { workspace = true }
-canfuzz = { path = "../../canfuzz/", features = ["derive"] }
+canfuzz = { path = "../../canfuzz/" }
 once_cell = { workspace = true }
 pocket-ic = { workspace = true }
 slog = { workspace = true }

@@ -1,5 +1,6 @@
 use candid::Principal;
 use canfuzz::custom::mutator::candid::CandidTypeDefArgs;
+use canfuzz::define_fuzzer_state;
 use canfuzz::libafl::executors::ExitKind;
 use canfuzz::libafl::inputs::ValueInput;
 use once_cell::sync::OnceCell;
@@ -8,13 +9,13 @@ use std::path::PathBuf;
 
 use slog::Level;
 
-use canfuzz::FuzzerState;
-use canfuzz::fuzzer::{CanisterBuilder, FuzzerBuilder, FuzzerState};
+use canfuzz::fuzzer::{CanisterBuilder, FuzzerBuilder};
 use canfuzz::instrumentation::{InstrumentationArgs, Seed, instrument_wasm_for_fuzzing};
 use canfuzz::orchestrator::FuzzerOrchestrator;
 use canfuzz::util::{parse_canister_result_for_trap, read_canister_bytes};
 
 static SNAPSHOT_ID: OnceCell<Vec<u8>> = OnceCell::new();
+define_fuzzer_state!(StableMemoryFuzzer);
 
 fn main() {
     let canister = CanisterBuilder::new("stable_memory")
@@ -32,9 +33,6 @@ fn main() {
     fuzzer_state.run();
 }
 
-#[derive(FuzzerState)]
-struct StableMemoryFuzzer(FuzzerState);
-
 impl FuzzerOrchestrator for StableMemoryFuzzer {
     fn get_candid_args() -> Option<CandidTypeDefArgs> {
         Some(CandidTypeDefArgs {

@@ -14,7 +14,7 @@ path = "src/trap_after_await.rs"
 
 [dependencies]
 candid = { workspace = true }
-canfuzz = { path = "../../canfuzz/", features = ["derive"] }
+canfuzz = { path = "../../canfuzz/" }
 once_cell = { workspace = true }
 pocket-ic = { workspace = true }
 serde = { workspace = true }

@@ -2,22 +2,23 @@ use std::path::PathBuf;
 use std::time::Duration;
 
 use candid::{Decode, Encode, Principal};
+use canfuzz::define_fuzzer_state;
 use canfuzz::libafl::executors::ExitKind;
 use canfuzz::libafl::inputs::ValueInput;
 use once_cell::sync::OnceCell;
 use pocket_ic::PocketIcBuilder;
 use slog::Level;
 
-use canfuzz::FuzzerState;
 use canfuzz::custom::mutator::candid::CandidTypeDefArgs;
-use canfuzz::fuzzer::{CanisterBuilder, FuzzerBuilder, FuzzerState};
+use canfuzz::fuzzer::{CanisterBuilder, FuzzerBuilder};
 use canfuzz::instrumentation::{InstrumentationArgs, Seed, instrument_wasm_for_fuzzing};
 
 use canfuzz::orchestrator::FuzzerOrchestrator;
 use canfuzz::util::read_canister_bytes;
 
 const SYNCHRONOUS_EXECUTION: bool = false;
 static SNAPSHOT: OnceCell<(Vec<u8>, Vec<u8>)> = OnceCell::new();
+define_fuzzer_state!(TrapAfterAwaitFuzzer);
 
 fn main() {
     let ledger = CanisterBuilder::new("ledger")
@@ -41,9 +42,6 @@ fn main() {
     fuzzer_state.run();
 }
 
-#[derive(FuzzerState)]
-struct TrapAfterAwaitFuzzer(FuzzerState);
-
 impl FuzzerOrchestrator for TrapAfterAwaitFuzzer {
     fn get_candid_args() -> Option<CandidTypeDefArgs> {
         Some(CandidTypeDefArgs {