Skip to content
master
Go to file
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
etc
 
 
src
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

afl.rs logo
afl.rs

Fuzzing Rust code with AFLplusplus

What is it?

Fuzz testing is a software testing technique used to find security and stability issues by providing pseudo-random data as input to the software. AFLplusplus is a popular, effective, and modern fuzz testing tool based on AFL. This library, afl.rs, allows one to run AFLplusplus on code written in the Rust programming language.

Documentation

Documentation can be found in the Rust Fuzz Book.

What does it look like?

Screen recording of afl

Screen recording of AFL running on Rust code.

lazy_static variables

lazy_static variables present problems for AFL's persistent mode, which afl.rs uses. Such variables can cause AFL to give incorrectly low stability reports, or fail to report timeouts, for example.

To address such problems, rust-fuzz provides a "resettable" version of lazy_static. To use it, make the following two changes to your target's Cargo.toml file.

  1. Add a [patch.crates-io] section and overide the lazy_static dependency with the rust-fuzz version:
    [patch.crates-io]
    lazy_static = { git = "https://github.com/rust-fuzz/resettable-lazy-static.rs" }
    
  2. Enable the reset_lazy_static feature on afl.rs:
    [dependencies]
    afl = { version = "*", features = ["reset_lazy_static"] }