Appendix: Commands, Flags, And Gotchas

This post is part of the Input Coverage > Code Coverage series.

Install:

cargo install cargo-fuzz
cargo install cargo-afl
rustup toolchain install nightly

libFuzzer run:

cargo +nightly fuzz run <target> -max_total_time=60

AFL++ run (panic abort):

export RUSTFLAGS="-C panic=abort"
cargo afl build --bin <bin>
mkdir -p afl_in afl_out && printf "seed" > afl_in/seed
cargo afl fuzz -i afl_in -o afl_out target/debug/<bin> @@

Gotchas:

• Panics are not crashes unless you abort.
• libFuzzer is in-process; beware global state.
• AFL++ stdin vs libFuzzer byte slice. Wire both if needed.
• Keep harnesses tiny. The fuzzer should exercise your code, not itself.

Next: Wrap-Up: An Input Coverage Playbook