afl-c++ - AFL++

The afl-c++ wrapper is a C++-specific version of afl-cc that automatically uses C++ compilers (g++ or clang++).

Synopsis

afl-c++ [compiler options] source_files...

Description

afl-c++ is identical to afl-cc but defaults to C++ compilation. It automatically:

Uses g++ or clang++ instead of gcc/clang
Handles C++ standard library linking
Supports C++-specific instrumentation

Usage

All options and environment variables from afl-cc apply to afl-c++.

Basic Example

afl-c++ -o program program.cpp

With Specific C++ Standard

afl-c++ -std=c++17 -o program program.cpp

Custom C++ Compiler

AFL_CXX=clang++-14 afl-c++ -o program program.cpp

C++ Specific Considerations

Exception Handling

AFL++ instruments exception handling code. For performance-critical fuzzing:

afl-c++ -fno-exceptions -o program program.cpp

RTTI (Runtime Type Information)

Disable if not needed:

afl-c++ -fno-rtti -o program program.cpp

Templates and Inline Functions

LTO mode provides better instrumentation for heavily templated code:

afl-clang-lto++ -o program program.cpp

Coverage Macros in C++

#include <cstdint>
#include <cstddef>

extern "C" {
  __AFL_FUZZ_INIT();
}

int main() {
  #ifdef __AFL_FUZZ_TESTCASE_LEN
  while (__AFL_LOOP(10000)) {
    std::size_t len = __AFL_FUZZ_TESTCASE_LEN;
    uint8_t *buf = __AFL_FUZZ_TESTCASE_BUF;
    
    // Fuzz target
    process_input(buf, len);
  }
  #endif
  return 0;
}

Selective Coverage in C++

Use the __AFL_COVERAGE() macro:

__AFL_COVERAGE();

class MyClass {
public:
  void critical_method() {
    __AFL_COVERAGE_ON();
    // This code will be instrumented
    __AFL_COVERAGE_OFF();
  }
};

Documentation Index

​Synopsis

​Description

​Usage

​Basic Example

​With Specific C++ Standard

​Custom C++ Compiler

​C++ Specific Considerations

​Exception Handling

​RTTI (Runtime Type Information)

​Templates and Inline Functions

​Coverage Macros in C++

​Selective Coverage in C++

​See Also