Thanks to visit codestin.com
Credit goes to lib.rs

Lib.rs

Development toolsTesting
#lib-fuzzer #security

autarkie_libfuzzer

libFuzzer shim which uses LibAFL with common defaults

Owned by Aarnav.

10 releases (6 breaking)

0.9.4 Nov 22, 2025
0.9.2 Nov 22, 2025
0.8.0 Nov 22, 2025
0.7.0 Nov 22, 2025
0.1.0 Nov 22, 2025

#537 in Testing

MIT/Apache

30KB
528 lines

Autarkie - Instant Grammar Fuzzing Using Rust Macros

LibAFL logo

Autarkie is a native grammar fuzzer built in Rust. Using procedural macros, it (almost completely) automatically creates a grammar fuzzer. Autarkie is heavily inspired by nautilus.

Features

  • Essentially a drop-in replacement for arbitrary
  • Actual grammar fuzzing - not "structure aware"
  • Supports both AFL++ (Forkserver) and cargo-fuzz (Inprocess).
  • As long as the grammar is defined using Rust, you can fuzz C/C++ too (using AFL++ forkserver)
  • Really easy to use, complexity is abstracted for you.
  • Trivial to integrate with other fuzzers.

Niche features

Autarkie has several features that other grammar fuzzers do not have:

  • No grammar maintenance; because the grammar is part of the code, if the project is updated, the grammar updates too.
  • Grammar is completely exhaustive; the compiler will make sure that every necessary type is included. No more guesswork.
  • Corpus is re-usable. If you stop the fuzzer, you can re-start it and it will be able to re-use the corpus!
  • Can learn from other fuzzers! use -F to sync
  • Has native cmplog support.

How to Use

There are two main walkthroughs:

  1. Fuzz AFL++ instrumented C/C++ project

This example fuzzes sqlite3 by using grammar defined in datafusion-sqlparser-rs. Personal favourite as it shows Autarkie's magic: you can build a highly sophisticated grammar fuzzer covering a language as complex as SQL in under 5 minutes. This example also shows how you can render the internal structure into a different format for the harness

Go to the walkthrough

  1. Fuzz a Rust project using cargo-fuzz

This example fuzzes Solana's sbpf interpreter which is implemented in Rust. Autarkie has cargo-fuzz integration, so it is trivial to fuzz native Rust projects.

Go to the walkthrough

Limitations and Caveats

Beta

Autarkie is in beta - expect issues, do not tread lightly.

Static Lifetimes

The type MUST own all it's data; it cannot use lifetimes. This is due to the use of std::any::type_id which require types to have a 'static lifetime.

Note: that you can simply write a wrapper type that owns all the data and converts it to the native type

Contributions

Contributions, questions and feedback welcome. Please engage!

Dependencies

~0.5–1MB
~20K SLoC