Afl.rs: Fuzzing Rust code with american-fuzzy-lop

Randomly looking at the &quot;Trophy Case&quot;, it looks like most of these errors are run-time &quot;panics&quot;. We can break Rust errors down into three main categories:<p>1. Compile-time errors. This includes most memory-related errors, which are mostly caught by the borrow checker. These are very serious errors, often with ugly security consequences. Rust&#x27;s big selling point is that it can catch many different kinds of errors at compile time—but <i>not</i> all.<p>2. Run-time panics. This includes &quot;index out of bound&quot; errors, integer overflow errors (in debug builds only), and assertions inserted by the programmer. This is Rust&#x27;s second line of defense, so to speak.<p>3. Expected run-time errors. These are mostly reported using return values of type Error, which is the normal way to handle errors in Rust.<p>Most of the errors caught by AFL seem to be errors in group (2) that ought to be in group (3). In most cases, these errors couldn&#x27;t be moved into group (1), because they&#x27;re not the kind of thing that&#x27;s easily caught at compile-time.<p>So this is a really cool tool for Rust developers, especially ones working on libraries that parse untrusted input. I was especially impressed by the fact that AFL could discover overflow errors, which Rust normally only protects against in Debug mode.

Any idea as to why the following requirement? This will limit Afl.rs users quite a bit.<p><pre><code> afl.rs needs to compile against a version of LLVM that matches rustc&#x27;s. The easy solution (if you can wait on a slow build) is to build rustc from source and put it in your PATH. Then afl.rs&#x27;s build script will find llvm-config automatically. Otherwise, the environment variable LLVM_CONFIG should hold the path to llvm-config when you build afl.rs. </code></pre> I was under the impression that Afl can test any application that takes stdin. I&#x27;m underinformed for sure, so what&#x27;s the idea behind explicitly adding code to support Afl fuzzing?

Nice! It’s already proven to be useful: <a href="https:&#x2F;&#x2F;github.com&#x2F;frewsxcv&#x2F;afl.rs#trophy-case" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;frewsxcv&#x2F;afl.rs#trophy-case</a>

&gt; Nightly build of Rust<p>Oh well....

I expected this to be something about Australian football, but this is pretty good too