rustc fuzzing

From vegard.wiki
Revision as of 08:36, 29 January 2020 by Vegard (talk | contribs) (fix typo)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Here is how to build rustc with AFL instrumentation:

  • Install AFL:
cargo install afl
This will compile AFL and the LLVM plugins needed to build rust with AFL instrumentation.
LIBRARY_PATH="$(realpath ~/.local/share/afl.rs/rustc-*/afl.rs-*/afl-llvm-rt)"
  • Change the options used to compile rustc:
RUSTFLAGS="-C llvm-args=-sanitizer-coverage-level=3 \
    -C llvm-args=-sanitizer-coverage-trace-pc-guard \
    -C passes=sancov \
    -l afl-llvm-rt \
    -L $(realpath ~/.local/share/afl.rs/rustc-*/afl.rs-*/afl-llvm-rt)"
  • Build rustc: 
    ./x.py build
  • Test that it works:
cargo afl showmap -o trace.txt -m 1024 -- \
    build/x86_64-unknown-linux-gnu/stage2/bin/rustc \
    --emit asm \ input.rs
cat trace.txt
Retrieved from "http://vegard.wiki/mediawiki/index.php?title=rustc_fuzzing&oldid=133"