Setup
At the time of writing, the recommended approach when using afl.rs is to use a prebuilt Docker image. For more information about why this necessary, read the section following this one.
To install Docker, see the instructions in the following link:
Once you have installed Docker, retrieve the afl.rs image:
docker pull corey/afl.rs
Why is Docker necessary?
Note: This is optional reading. Don't worry if you're confused by anything in this section.
AFL is a form of coverage-guided fuzzing (i.e. AFL requires insight into what code branches have been hit). In order to accomplish this, afl.rs includes a plugin for LLVM called an LLVM pass. This is accomplished via a C++ file that afl.rs compiles and links against LLVM. Since Rust does not expose its LLVM internals, the user of afl.rs will have to either: compile the pass using tools that are ABI compatible with the Rust binary they're using or compile Rust from source. Neither of these options are trivial for the user. This guide used to recommend the former strategy, but this caused issues. To get around this, this guide now recommends a Dockerfile which has rustc and afl.rs that are ABI-compatible.