|
LLVM
4.0.0
|
#include "FuzzerCorpus.h"#include "FuzzerInterface.h"#include "FuzzerInternal.h"#include "FuzzerIO.h"#include "FuzzerMutate.h"#include "FuzzerRandom.h"#include "FuzzerTracePC.h"#include <algorithm>#include <atomic>#include <chrono>#include <cstring>#include <mutex>#include <string>#include <thread>#include "FuzzerFlags.def"Go to the source code of this file.
Classes | |
| struct | fuzzer::FlagDescription |
Namespaces | |
| fuzzer | |
Macros | |
| #define | FUZZER_DEPRECATED_FLAG(Name) |
| #define | FUZZER_FLAG_INT(Name, Default, Description) int Name; |
| #define | FUZZER_FLAG_UNSIGNED(Name, Default, Description) unsigned int Name; |
| #define | FUZZER_FLAG_STRING(Name, Description) const char *Name; |
| #define | FUZZER_DEPRECATED_FLAG(Name) {#Name, "Deprecated; don't use", 0, nullptr, nullptr, nullptr}, |
| #define | FUZZER_FLAG_INT(Name, Default, Description) {#Name, Description, Default, &Flags.Name, nullptr, nullptr}, |
| #define | FUZZER_FLAG_UNSIGNED(Name, Default, Description) |
| #define | FUZZER_FLAG_STRING(Name, Description) {#Name, Description, 0, nullptr, &Flags.Name, nullptr}, |
Functions | |
| __attribute__ ((used)) void __libfuzzer_is_present() | |
| fuzzer::FUZZER_FLAG_INT (runs,-1,"Number of individual test runs (-1 for infinite runs).") FUZZER_FLAG_INT(max_len | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it | fuzzer::FUZZER_FLAG_INT (mutate_depth, 5,"Apply this number of consecutive mutations to each input.") FUZZER_FLAG_INT(prefer_small |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle | fuzzer::FUZZER_FLAG_INT (timeout, 1200,"Timeout in seconds (if positive). ""If one unit runs more than this number of seconds the process will abort.") FUZZER_FLAG_INT(error_exitcode |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used | fuzzer::FUZZER_FLAG_INT (timeout_exitcode, 77,"When libFuzzer reports a timeout ""this exit code will be used.") FUZZER_FLAG_INT(max_total_time |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer | fuzzer::FUZZER_FLAG_INT (merge, 0,"If 1, the 2-nd, 3-rd, etc corpora will be ""merged into the 1-st corpus. Only interesting units will be taken. ""This flag can be used to minimize a corpus.") FUZZER_FLAG_INT(minimize_crash |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc | fuzzer::FUZZER_FLAG_INT (use_memmem, 1,"Use hints from intercepting memmem, strstr, etc") FUZZER_FLAG_INT(use_value_profile |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing | fuzzer::FUZZER_FLAG_UNSIGNED (jobs, 0,"Number of jobs to run. If jobs >= 1 we spawn"" this number of jobs in separate worker processes"" with stdout/stderr redirected to fuzz-JOB.log.") FUZZER_FLAG_UNSIGNED(workers |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If | fuzzer::min (jobs, NumberOfCpuCores()/2)\" is used.") FUZZER_FLAG_INT(reload |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled | fuzzer::FUZZER_FLAG_INT (report_slow_units, 10,"Report slowest units if they run for more than this number of seconds.") FUZZER_FLAG_INT(only_ascii |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only | fuzzer::ASCII (isprint+isspace) inputs.") FUZZER_FLAG_STRING(artifact_prefix |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing | fuzzer::artifacts (crash," "timeout, or slow inputs) as" "$(artifact_prefix) file") FUZZER_FLAG_STRING(exact_artifact_path |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on | fuzzer::failure (crash, timeout)" "as $(exact_artifact_path).This override s-artifact_prefix" "and will not use checksum in the file name.Do not" "use the same path for several parallel processes.") FUZZER_FLAG_INT(print_corpus_stats |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit | fuzzer::FUZZER_FLAG_INT (print_coverage, 0,"If 1, print coverage information at exit."" Experimental, only with trace-pc-guard") FUZZER_FLAG_INT(dump_coverage |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit dump coverage information at exit only with trace pc guard | fuzzer::FUZZER_FLAG_INT (close_fd_mask, 0,"If 1, close stdout at startup; ""if 2, close stderr; if 3, close both. ""Be careful, this will also close e.g. asan's stderr/stdout.") FUZZER_FLAG_INT(detect_leaks |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit dump coverage information at exit only with trace pc guard and if LeakSanitizer is enabled try to detect memory leaks during | fuzzer::fuzzing (i.e.not only at shut down).") FUZZER_FLAG_INT(trace_malloc |
Variables | |
| struct { | |
| Maximum length of the test input fuzzer::If | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it fuzzer::If | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If fuzzer::positive | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer fuzzer::If | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with fuzzer::runs | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with fuzzer::strcmp | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If fuzzer::zero | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes fuzzer::If | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled fuzzer::If | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on fuzzer::If | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit fuzzer::If | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit dump coverage information at exit fuzzer::Experimental | |
| Maximum length of the test input libFuzzer tries to guess a good value based on the corpus and reports it always prefer smaller inputs during the corpus shuffle When libFuzzer itself reports a bug this exit code will be used If indicates the maximal total time in seconds to run the fuzzer minimizes the provided crash input Use with etc Experimental Use value profile to guide fuzzing Number of simultaneous worker processes to run the jobs If Reload the main corpus every< N > seconds to get new units discovered by other processes disabled generate only Write fuzzing Write the single artifact on print statistics on corpus elements at exit dump coverage information at exit only with trace pc guard fuzzer::If | |
| } | fuzzer::Flags |
| #define FUZZER_DEPRECATED_FLAG | ( | Name | ) |
Definition at line 56 of file FuzzerDriver.cpp.
| #define FUZZER_DEPRECATED_FLAG | ( | Name | ) | {#Name, "Deprecated; don't use", 0, nullptr, nullptr, nullptr}, |
Definition at line 56 of file FuzzerDriver.cpp.
Definition at line 58 of file FuzzerDriver.cpp.
| #define FUZZER_FLAG_INT | ( | Name, | |
| Default, | |||
| Description | |||
| ) | {#Name, Description, Default, &Flags.Name, nullptr, nullptr}, |
Definition at line 58 of file FuzzerDriver.cpp.
Definition at line 63 of file FuzzerDriver.cpp.
| #define FUZZER_FLAG_STRING | ( | Name, | |
| Description | |||
| ) | {#Name, Description, 0, nullptr, &Flags.Name, nullptr}, |
Definition at line 63 of file FuzzerDriver.cpp.
Definition at line 60 of file FuzzerDriver.cpp.
| #define FUZZER_FLAG_UNSIGNED | ( | Name, | |
| Default, | |||
| Description | |||
| ) |
Definition at line 60 of file FuzzerDriver.cpp.
| __attribute__ | ( | (used) | ) |
Definition at line 29 of file FuzzerDriver.cpp.
1.8.6