Difference between revisions of "rustc fuzzing"

From vegard.wiki
Jump to navigation Jump to search
(new page)
 
(fix typo)
 
Line 9: Line 9:
 
* Set <tt>LD_LIBRARY_PATH</tt>:
 
* Set <tt>LD_LIBRARY_PATH</tt>:
 
:<source lang="Bash">
 
:<source lang="Bash">
LIBRARY_PATH="$(realpath ~/.local/share/afl.rs/rustc-*/afl.rs-*/afl-llvm-rt"
+
LIBRARY_PATH="$(realpath ~/.local/share/afl.rs/rustc-*/afl.rs-*/afl-llvm-rt)"
 
</source>
 
</source>
 
* Change the options used to compile rustc:
 
* Change the options used to compile rustc:

Latest revision as of 08:36, 29 January 2020

Here is how to build rustc with AFL instrumentation:

  • Install AFL:
cargo install afl
This will compile AFL and the LLVM plugins needed to build rust with AFL instrumentation.
LIBRARY_PATH="$(realpath ~/.local/share/afl.rs/rustc-*/afl.rs-*/afl-llvm-rt)"
  • Change the options used to compile rustc:
RUSTFLAGS="-C llvm-args=-sanitizer-coverage-level=3 \
    -C llvm-args=-sanitizer-coverage-trace-pc-guard \
    -C passes=sancov \
    -l afl-llvm-rt \
    -L $(realpath ~/.local/share/afl.rs/rustc-*/afl.rs-*/afl-llvm-rt)"
  • Build rustc:
    ./x.py build
    
  • Test that it works:
cargo afl showmap -o trace.txt -m 1024 -- \
    build/x86_64-unknown-linux-gnu/stage2/bin/rustc \
    --emit asm \ input.rs
cat trace.txt