rustc fuzzing

From vegard.wiki
Revision as of 08:36, 29 January 2020 by Vegard (talk | contribs) (fix typo)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Here is how to build rustc with AFL instrumentation:

  • Install AFL:
cargo install afl
This will compile AFL and the LLVM plugins needed to build rust with AFL instrumentation.
LIBRARY_PATH="$(realpath ~/.local/share/afl.rs/rustc-*/afl.rs-*/afl-llvm-rt)"
  • Change the options used to compile rustc:
RUSTFLAGS="-C llvm-args=-sanitizer-coverage-level=3 \
    -C llvm-args=-sanitizer-coverage-trace-pc-guard \
    -C passes=sancov \
    -l afl-llvm-rt \
    -L $(realpath ~/.local/share/afl.rs/rustc-*/afl.rs-*/afl-llvm-rt)"
  • Build rustc:
    ./x.py build
  • Test that it works:
cargo afl showmap -o trace.txt -m 1024 -- \
    build/x86_64-unknown-linux-gnu/stage2/bin/rustc \
    --emit asm \ input.rs
cat trace.txt