rustc fuzzing
Here is how to build rustc with AFL instrumentation:
- Install AFL:
cargo install afl
- This will compile AFL and the LLVM plugins needed to build rust with AFL instrumentation.
- Clone https://github.com/rust-lang/rust.
- Set LD_LIBRARY_PATH:
LIBRARY_PATH="$(realpath ~/.local/share/afl.rs/rustc-*/afl.rs-*/afl-llvm-rt"
- Change the options used to compile rustc:
RUSTFLAGS="-C llvm-args=-sanitizer-coverage-level=3 \ -C llvm-args=-sanitizer-coverage-trace-pc-guard \ -C passes=sancov \ -l afl-llvm-rt \ -L $(realpath ~/.local/share/afl.rs/rustc-*/afl.rs-*/afl-llvm-rt)"
- Build rustc:
./x.py build
- Test that it works:
cargo afl showmap -o trace.txt -m 1024 -- \ build/x86_64-unknown-linux-gnu/stage2/bin/rustc \ --emit asm \ input.rs cat trace.txt
- Clone https://github.com/rust-fuzz/afl.rs. This will give you the AFL version that you can use with the instrumented rustc.