autarkie_libfuzzer
| Crates.io | autarkie_libfuzzer |
| lib.rs | autarkie_libfuzzer |
| version | 0.9.4 |
| created_at | 2025-11-22 04:12:43.374247+00 |
| updated_at | 2025-11-22 15:06:08.126676+00 |
| description | libFuzzer shim which uses LibAFL with common defaults |
| homepage | |
| repository | https://github.com/AFLplusplus/LibAFL/ |
| max_upload_size | |
| id | 1944713 |
| size | 38,642 |
Aarnav (R9295)
documentation
README
Autarkie - Instant Grammar Fuzzing Using Rust Macros
Autarkie is a native grammar fuzzer built in Rust. Using procedural macros, it (almost completely) automatically creates a grammar fuzzer. Autarkie is heavily inspired by nautilus.
Features
- Essentially a drop-in replacement for arbitrary
- Actual grammar fuzzing - not "structure aware"
- Supports both AFL++ (Forkserver) and cargo-fuzz (Inprocess).
- As long as the grammar is defined using Rust, you can fuzz C/C++ too (using AFL++ forkserver)
- Really easy to use, complexity is abstracted for you.
- Trivial to integrate with other fuzzers.
Niche features
Autarkie has several features that other grammar fuzzers do not have:
- No grammar maintenance; because the grammar is part of the code, if the project is updated, the grammar updates too.
- Grammar is completely exhaustive; the compiler will make sure that every necessary type is included. No more guesswork.
- Corpus is re-usable. If you stop the fuzzer, you can re-start it and it will be able to re-use the corpus!
- Can learn from other fuzzers!
use -F to sync - Has native cmplog support.
How to Use
There are two main walkthroughs:
- Fuzz AFL++ instrumented C/C++ project
This example fuzzes sqlite3 by using grammar defined in datafusion-sqlparser-rs.
Personal favourite as it shows Autarkie's magic: you can build a highly sophisticated grammar fuzzer covering a language as complex as SQL in under 5 minutes.
This example also shows how you can render the internal structure into a different format for the harness
- Fuzz a Rust project using cargo-fuzz
This example fuzzes Solana's sbpf interpreter which is implemented in Rust. Autarkie has cargo-fuzz integration, so it is trivial to fuzz native Rust projects.
Limitations and Caveats
Beta
Autarkie is in beta - expect issues, do not tread lightly.
Static Lifetimes
The type MUST own all it's data; it cannot use lifetimes. This is due to the use of std::any::type_id which require types to have a 'static lifetime.
Note: that you can simply write a wrapper type that owns all the data and converts it to the native type
Contributions
Contributions, questions and feedback welcome. Please engage!