Implement `LibAFL`-based fuzzer by gtrepta · Pull Request #77 · runtimeverification/skribe

gtrepta · 2026-05-12T01:20:30Z

Introduces skribe-fuzz, a LibAFL-based fuzzer binary with stubs for coverage.

Changes:

Add libafl and libafl_bolts version 0.15.4 as workspace dependencies
Add skribe-fuzz binary with --fuzz-spec, --contract-name, --function-name, --workspace, and --iterations flags
Add stubs for get_coverage_size and write_coverage_data
As a workaround for increased K configuration term depth due to coverage tracking, spawn fuzzer on a thread with 64 MB stack size
Extract FuzzConfig, SignatureFuzzer, and extract_template_and_signature into dedicated modules
Bump kframework-rs from 73c4986 to a3ca113
Add rust-toolchain.toml, pinning to Rust 1.95.0

This is a workaround for increased term depth in the K configuration caused by the representation of coverage results.

tothtamas28 mentioned this pull request May 12, 2026

skribe-fuzz: Implementation Plan runtimeverification/skribe-advanced-fuzzing#1

Open

31 tasks

gtrepta mentioned this pull request May 14, 2026

feat: Add skribe-fuzz binary for LibAFL fuzzer to the nix derivation #80

Draft

gtrepta added 5 commits May 15, 2026 09:11

feat: Add rust-toolchain.toml

57eeb9c

refactoring: Extract module fuzz_config

3a2367d

feat: Add binary skribe-fuzz

9bd9734

feat: Use LibAFL to fuzz

04067b9

feat: Add stubs for coverage reporting

15bacab

tothtamas28 force-pushed the fuzzer-libafl branch 2 times, most recently from cfb00d0 to e5a6baa Compare May 15, 2026 14:29

tothtamas28 and others added 4 commits May 15, 2026 18:54

workaround: Spawn thread with increased stack size

a3bdcea

This is a workaround for increased term depth in the K configuration caused by the representation of coverage results.

fix: Add a single corpus entry to the state

b4f6b83

feat: Add --iterations to skribe-fuzz

0c74029

fix: Update kframework-rs to version a3ca113

54db36b

tothtamas28 force-pushed the fuzzer-libafl branch from 331ce1a to 8368f21 Compare May 15, 2026 18:56

tothtamas28 changed the title ~~feat: Start LibAFL fuzz loop implementation~~ Implement fuzzer using LibAFL May 15, 2026

Set Version: 0.1.40

9655a0b

tothtamas28 force-pushed the fuzzer-libafl branch from 8368f21 to 9655a0b Compare May 15, 2026 19:16

tothtamas28 marked this pull request as ready for review May 15, 2026 19:16

tothtamas28 changed the title ~~Implement fuzzer using LibAFL~~ Implement LibAFL-based fuzzer May 15, 2026

tothtamas28 self-requested a review May 15, 2026 19:57

tothtamas28 approved these changes May 15, 2026

View reviewed changes

tothtamas28 merged commit 583aa63 into master May 15, 2026
5 checks passed

tothtamas28 deleted the fuzzer-libafl branch May 15, 2026 19:58

gtrepta mentioned this pull request May 15, 2026

Milestone 3: Report runtimeverification/skribe-advanced-fuzzing#13

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Implement `LibAFL`-based fuzzer#77

Implement `LibAFL`-based fuzzer#77
tothtamas28 merged 10 commits into
masterfrom
fuzzer-libafl

gtrepta commented May 12, 2026 •

edited by tothtamas28

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

gtrepta commented May 12, 2026 • edited by tothtamas28 Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

gtrepta commented May 12, 2026 •

edited by tothtamas28

Loading