addisoncrump
commented
4 months ago Hey, if this isn't done in the next week, feel free to ping me -- this is something I've been meaning to do for a while.
Open KaminariOS opened 4 months ago
addisoncrump
commented
4 months ago Hey, if this isn't done in the next week, feel free to ping me -- this is something I've been meaning to do for a while.
KaminariOS
commented
4 months ago I have something working already. This is in my config.toml for the harness:
rustflags = "-Cpasses=sancov-module -Cllvm-args=-sanitizer-coverage-level=4 -Cllvm-args=-sanitizer-coverage-inline-8bit-counters -Cllvm-args=-sanitizer-coverage-pc-table -Cinstrument-coverage -Zsanitizer=address -Clink-arg=-Wl,--allow-multiple-definition"
And I have a build.rs to link the fuzzer as a staticlib.
It is kinda weird: harness main calls fuzzer afl_main calls harness LLVMFuzzerTestOneInput
addisoncrump
commented
4 months ago Yeah, there are more elegant ways to do this which definitely justifies having an example.
KaminariOS
commented
4 months ago @addisoncrump Hey, how is it going with the example?
addisoncrump
commented
4 months ago Hey, haven't gotten to it yet. Thanks for the reminder.
AzimMuradov
commented
2 weeks ago @addisoncrump Add a rust instrumentation example, please :)
Is your feature request related to a problem? Please describe. I know that I can use libcc to instrument a C program but I am not sure how to instrument a Rust program and get the coverage data.
Describe the solution you'd like A simple example of coverage-guided Rust program fuzzing