afl.rs
afl.rs copied to clipboard
Published
20 hours ago •
rust-fuzz
rust-fuzz
Cannot combine afl.rs with asan when testing real world programs
Hi, I'v stuck with a problem that I cannot combine afl.rs with asan when it deals with real world programs without any use of 'fuzz' macro that afl.rs serves.
let mut rustflags = format!(
"--cfg fuzzing \
-C debug-assertions \
-C overflow_checks \
-C passes={} \
-C codegen-units=1 \
-C llvm-args=-sanitizer-coverage-level=3 \
-C llvm-args=-sanitizer-coverage-trace-pc-guard \
-C llvm-args=-sanitizer-coverage-prune-blocks=0 \
-C opt-level=3 \
-C target-cpu=native \
-C debuginfo=0 \
-l afl-llvm-rt \
-L {} ",
passes,
common::afl_llvm_rt_dir(None).display()
);
This is the flags which are afl.rs is using. And if I build the program using "RUSTFLAGS="-Zsanitizer=address" cargo afl build" and run the afl fuzzing by "cargo afl fuzz -i in -o out target/debug/exectuable" it shows a problem like below
I think the pass (sancov-module) that afl.rs use is not compatible with asan with those flag options
let mut rustflags = format!(
"--cfg fuzzing \
-C debug-assertions \
-C overflow_checks \
-C passes={} \
-C codegen-units=1 \
-C llvm-args=-sanitizer-coverage-level=3 \
-C llvm-args=-sanitizer-coverage-trace-pc-guard \
-C llvm-args=-sanitizer-coverage-prune-blocks=0 \
-C opt-level=3 \
-C target-cpu=native \
-C debuginfo=0 \
-l afl-llvm-rt \
-L {} ",
I've tried changing opt-level to 0, but it still does not solve the problem. Is there any way to use afl.rs with asan ?
