{"id":46062121,"url":"https://github.com/vusec/libaflgo","last_synced_at":"2026-03-01T11:35:06.382Z","repository":{"id":341035743,"uuid":"624782463","full_name":"vusec/libaflgo","owner":"vusec","description":"LibAFLGo: Evaluating and Advancing Directed Greybox Fuzzing","archived":false,"fork":false,"pushed_at":"2026-02-27T17:38:18.000Z","size":220,"stargazers_count":23,"open_issues_count":2,"forks_count":2,"subscribers_count":15,"default_branch":"master","last_synced_at":"2026-02-27T21:24:31.619Z","etag":null,"topics":["directed-fuzzing","fuzzing","libafl","llvm"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/vusec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-04-07T08:43:38.000Z","updated_at":"2026-02-27T17:38:22.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/vusec/libaflgo","commit_stats":null,"previous_names":["vusec/libaflgo"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/vusec/libaflgo","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vusec%2Flibaflgo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vusec%2Flibaflgo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vusec%2Flibaflgo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vusec%2Flibaflgo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/vusec","download_url":"https://codeload.github.com/vusec/libaflgo/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/vusec%2Flibaflgo/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29968568,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T10:55:55.490Z","status":"ssl_error","status_checked_at":"2026-03-01T10:55:55.175Z","response_time":124,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["directed-fuzzing","fuzzing","libafl","llvm"],"created_at":"2026-03-01T11:35:05.776Z","updated_at":"2026-03-01T11:35:06.354Z","avatar_url":"https://github.com/vusec.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# LibAFLGo\n\n\u003cimg src=\"logo.png\" width=\"340\" align=\"right\" /\u003e\n\n_LibAFLGo: Evaluating and Advancing Directed Greybox Fuzzing_\n(\u003ca href=\"https://download.vusec.net/papers/libaflgo_eurosp25.pdf\" target=\"_blank\"\u003epaper\u003c/a\u003e).\n\nLibAFLGo extends [LibAFL](https://github.com/AFLplusplus/LibAFL) for directed fuzzing. It\nre-implements three directed fuzzing policies in a modular fashion: AFLGo, Hawkeye, and DAFL. The\nLLVM-based compiler passes integrate with [SVF](https://github.com/SVF-tools/SVF), which provides a\nplethora of analyses out-of-the-box.\n\nThe research artifacts are split across three repositories:\n\n- this repository contains directed fuzzing extensions for LibAFL, re-implemented fuzzers\n- [MAGMA-directed](https://github.com/vusec/magma-directed) extends MAGMA for directed fuzzing\n- [LibAFL-directed](https://github.com/vusec/LibAFL-directed) contains minor patches to LibAFL\n\nWe aim to upstream LibAFLGo to LibAFL.\n\n## Project Structure\n\n```\n.\n├── fuzzers                                             \u003c- contains re-implemented fuzzers\n│   ├── aflgo\n│   ├── dafl\n│   └── hawkeye\n├── include                                             \u003c- header files for LLVM passes\n│   ├── AFLGoCompiler                                   \u003c-   compile-time plugin\n│   │   └── TargetInjection.hpp                         \u003c-     instruments target locations\n│   ├── AFLGoLinker                                     \u003c-   link-time plugin\n│   │   ├── DAFL.hpp                                    \u003c-     DAFL instrumentation\n│   │   ├── DistanceInstrumentation.hpp                 \u003c-     AFLGo distance instrumentation\n│   │   ├── DuplicateTargetRemoval.hpp                  \u003c-     supporting target instrumentation\n│   │   ├── FunctionDistanceInstrumentation.hpp         \u003c-     Hawkeye distance instrumentation\n│   │   └── TargetInjectionFixup.hpp                    \u003c-     supporting target instrumentation\n│   └── Analysis                                        \u003c-   analyses used by plugins\n│       ├── BasicBlockDistance.hpp                      \u003c-     AFLGo basic block distance analysis\n│       ├── DAFL.hpp                                    \u003c-     DAFL data-flow distance\n│       ├── ExtendedCallGraph.hpp                       \u003c-     enhance CFG with PTA\n│       ├── FunctionDistance.hpp                        \u003c-     Hawkeye function distance analysis\n│       └── TargetDetection.hpp                         \u003c-     supporting target instrumentation\n├── libaflgo                                            \u003c- LibAFL fuzzer components\n├── libaflgo_targets                                    \u003c- LibAFL target instrumentation components\n├── passes                                              \u003c- implementation of LLVM passes\n├── test                                                \u003c- tests for LLVM passes\n├── wrapper                                             \u003c- compiler wrapper libaflgo_cc\n├── Cargo.lock\n├── Cargo.toml\n├── CMakeLists.txt                                      \u003c- cmake build entrypoint\n├── README.md\n├── rust-toolchain.toml\n├── SVF-1282.patch                                      \u003c- patch SVF for ASan compatibility\n```\n\n## Building\n\nYou can use `cmake` to build LLVM passes and LibAFL components. After opening the project in our devcontainer with your editor (we recommend VSCode), you can build the project with the following commands:\n\n```\ncmake -S /workspaces/libaflgo \\\n      -B /workspaces/libaflgo/build \\\n      -G Ninja \\\n      -DCMAKE_BUILD_TYPE=RelWithDebInfo \\\n      -DCMAKE_EXPORT_COMPILE_COMMANDS=TRUE \\\n      -DCMAKE_C_COMPILER=/usr/bin/clang-15 \\\n      -DCMAKE_CXX_COMPILER=/usr/bin/clang++-15 \\\n      -DBUILD_TESTING=ON \\\n      --no-warn-unused-cli\n\ncmake --build /workspaces/libaflgo/build \\\n      --config RelWithDebInfo \\\n      --target all \\\n      --\n```\n\nYou can then run the tests with the check target\n\n## MAGMA Integration (mileage may vary, as this was not tested recently)\n\nWe extended [MAGMA](https://github.com/vusec/magma-directed) for directed fuzzing. The original\ndocumentation applies also to our fork. The easiest way to get up and running to fuzz targets is to\nlook at the LibAFLGo integrations in the `fuzzers` folder in that repository.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvusec%2Flibaflgo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvusec%2Flibaflgo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvusec%2Flibaflgo/lists"}