Preview

Proceedings of the Institute for System Programming of the RAS (Proceedings of ISP RAS)

Advanced search

Rust and Go Directed Fuzzing with LibAFL-DiFuzz

https://doi.org/10.15514/ISPRAS-2026-38(2)-5

Abstract

In modern SSDLC, program analysis and automated testing are essential for minimizing vulnerabilities before software release, with fuzzing being a fast and widely used dynamic testing method. However, traditional coverage-guided fuzzing may be less effective in specific tasks like verifying static analysis reports or reproducing crashes, while directed fuzzing, focusing on targeted program locations using proximity metrics, proves to be more effective. Some of the earliest directed fuzzers are, for example, AFLGo and BEACON, which use different proximity metric approaches. Although most automated testing tools focus on C/C++ code, the growing popularity of Rust and Go causes the need for precise and efficient testing solutions for these languages. This work expands the applicability of directed fuzzing beyond traditional analysis of C/C++ software. We present a novel approach to directed greybox fuzzing tailored specifically for Rust and Go applications. We introduce advanced preprocessing techniques, rustc compiler customizations, and elaborate graph construction and instrumentation methods to enable effective targeting of specific program locations. Our implemented fuzzing tools, based on LibAFL-DiFuzz backend, demonstrate competitive advantages compared to popular existing fuzzers like afl.rs, cargo-fuzz, and go-fuzz. According to TTE (Time to Exposure) experiments, Rust-LibAFL-DiFuzz outperforms other tools by the best TTE result. Some stability issues can be explained by different mutation approaches. Go-LibAFL-DiFuzz outperforms its opponent by the best and, in the majority of cases, by average result, having two cases with orders of magnitude difference. These results prove better efficiency and accuracy of our approach.

About the Authors

Timofey Pavlovich MEZHUEV
Ivannikov Institute for System Programming of the Russian Academy of Sciences, Lomonosov Moscow State University
Russian Federation

Master of Lomonosov Moscow State University, senior laborant of the Institute for System Programming of the RAS. Research interests: symbolic execution, hybrid fuzzing, directed fuzzing.



Darya Alekseevna PARYGINA
Lomonosov Moscow State University
Russian Federation

Postgraduate student at Lomonosov Moscow State University. Research interests: symbolic execution, hybrid fuzzing, directed fuzzing.



Daniil Olegovich KUTZ
Ivannikov Institute for System Programming of the Russian Academy of Sciences
Russian Federation

Cand. Sci. (Tech.), junior research assistant of the Institute for System Programming of the RAS. Research interests: dynamic analysis, fuzzing, symbolic execution, hybrid fuzzing.



References

1. Howard M., Lipner S. The security development lifecycle. Microsoft Press Redmond (online), vol. 8, 2006. Available at: http://msdn.microsoft.com/en-us/library/ms995349.aspx, accessed 22.05.2025.

2. ISO/IEC 15408-3:2008: Information technology – Security techniques – Evaluation criteria for IT security – Part 3: Security assurance components. ISO Geneva (online), 2008. Available at: https://www.iso.org/standard/46413.html, accessed 22.05.2025.

3. GOST R 56939-2016: Information protection. Secure software development. General requirements. National Standard of Russian Federation (online), 2016. Available at: http://protect.gost.ru/document.aspx?control=7&id=203548, accessed 22.05.2025.

4. Serebryany K. Continuous fuzzing with libFuzzer and AddressSanitizer. 2016 IEEE Cybersecurity Development (SecDev), 2016, p. 157. DOI: 10.1109/secdev.2016.043.

5. Fioraldi A., Maier D., Eißfeldt H., Heuse M. AFL++: Combining incremental steps of fuzzing research. 14th USENIX Workshop on Offensive Technologies (WOOT 20), 2020.

6. Bohme M., Pham V.-T., Nguyen M.-D., Roychoudhury A. Directed greybox fuzzing. Proceedings of the 2017 ACM SIGSAC conference on computer and communications security, 2017, pp. 2329-2344.

7. Parygina D., Mezhuev T., Kuts D. LibAFL-DiFuzz: Advanced Architecture Enabling Directed Fuzzing. 2024 Ivannikov Ispras Open Conference (ISPRAS), 2024.

8. afl.rs: Fuzzing Rust code with American Fuzzy Lop. [Online]. Available at: https://github.com/rust-fuzz/afl.rs, accessed 01.11.2025.

9. afl.rs DeepWiki. [Online]. Available at: https://deepwiki.com/rust-fuzz/afl.rs/4.1-component-overview, accessed 01.11.2025.

10. cargo-fuzz: a cargo subcommand for fuzzing with libFuzzer. [Online]. Available at: https://github.com/rust-fuzz/cargo-fuzz, accessed 01.11.2025.

11. go-fuzz: randomized testing for Go. [Online]. Available at: https://github.com/dvyukov/go-fuzz, accessed 01.11.2025.

12. Crump, A., Zhang, D., Asif, S. M., Maier, D., Fioraldi, A., Holz, T., & Balzarotti, D. CrabSandwich: Fuzzing Rust with Rust (Registered Report). Proceedings of the 2nd International Fuzzing Workshop, 2023.

13. GoLibAFL. [Online]. Available at: https://github.com/srlabs/golibafl, accessed 01.11.2025.

14. Fuzzing Made Easy Part #3: GoLibAFL – Fuzzing Go binaries using LibAFL. [Online]. Available at: https://srlabs.de/blog/golibafl---fuzzing-go-binaries-using-libafl, accessed 01.11.2025.

15. Huang H., Guo Y., Shi Q., Yao P., Wu R., Zhang C. Beacon: Directed grey-box fuzzing with provable path pruning. 2022 IEEE Symposium on Security and Privacy (SP), 2022, pp. 36-50.

16. Sargsyan S., Kurmangaleev S., Hakobyan J., Mehrabyan M., Asryan S., Movsisyan H. "Directed Fuzzing Based on Program Dynamic Instrumentation", Proceedings of International Conference on Engineering Technologies and Computer Science (EnT), 2019.

17. Sargsyan S., Hakobyan J., Mehrabyan M., Mkoyan R., Sahakyan V., Melkonyan V., Arutunian M., Fahradyan A., Avetisyan A. "Advanced Grammar-Based Fuzzing", Proceedings of Ivannikov Memorial Workshop, 2022.

18. The LLVM Compiler Infrastructure. [Online]. Available at: https://llvm.org, accessed 01.11.2025.

19. The cargo book. [Online]. Available at: https://doc.rust-lang.org/cargo/, accessed 01.11.2025.

20. Sanitizer Coverage. [Online]. Available at: https://clang.llvm.org/docs/SanitizerCoverage.html, accessed 01.11.2025.

21. Crate libfuzzer_sys. [Online]. Available at: https://docs.rs/libfuzzer-sys/latest/libfuzzer_sys/, accessed 01.11.2025.

22. Fioraldi, A., Maier, D. C., Zhang, D., & Balzarotti, D. Libafl: A framework to build modular and reusable fuzzers. Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022.

23. Kirkpatrick S., Gelatt Jr C. D., Vecchi M. P. Optimization by simulated annealing. Science, 1983, vol. 220, no. 4598, pp. 671–680.

24. Cerny V. Thermodynamical approach to the traveling salesman problem: An efficient simulation algorithm. Journal of optimization theory and applications, 1985, vol. 45, pp. 41-51.

25. Parygina, D., Mezhuev, T. and Kuts, D., 2025. Hybrid Approach to Directed Fuzzing. arXiv preprint arXiv:2507.04855, Available at: https://arxiv.org/pdf/2507.04855, accessed 01.11.2025.

26. SSA package in Golang. [Online]. Available at: https://pkg.go.dev/golang.org/x/tools/go/ssa, accessed 01.11.2025.


Review

For citations:


MEZHUEV T.P., PARYGINA D.A., KUTZ D.O. Rust and Go Directed Fuzzing with LibAFL-DiFuzz. Proceedings of the Institute for System Programming of the RAS (Proceedings of ISP RAS). 2026;38(2):69-82. https://doi.org/10.15514/ISPRAS-2026-38(2)-5



Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.


ISSN 2079-8156 (Print)
ISSN 2220-6426 (Online)