Need examples for instrumenting and fuzzing Rust program

[KaminariOS]

Is your feature request related to a problem? Please describe. I know that I can use libcc to instrument a C program but I am not sure how to instrument a Rust program and get the coverage data.

Describe the solution you'd like A simple example of coverage-guided Rust program fuzzing

[addisoncrump]

Hey, if this isn't done in the next week, feel free to ping me -- this is something I've been meaning to do for a while.

[KaminariOS]

I have something working already. This is in my config.toml for the harness:

rustflags = "-Cpasses=sancov-module -Cllvm-args=-sanitizer-coverage-level=4 -Cllvm-args=-sanitizer-coverage-inline-8bit-counters -Cllvm-args=-sanitizer-coverage-pc-table -Cinstrument-coverage -Zsanitizer=address -Clink-arg=-Wl,--allow-multiple-definition"

And I have a build.rs to link the fuzzer as a staticlib.

It is kinda weird: harness main calls fuzzer afl_main calls harness LLVMFuzzerTestOneInput

[addisoncrump]

Yeah, there are more elegant ways to do this which definitely justifies having an example.

[KaminariOS]

@addisoncrump Hey, how is it going with the example?

[addisoncrump]

Hey, haven't gotten to it yet. Thanks for the reminder.

[AzimMuradov]

@addisoncrump Add a rust instrumentation example, please :)