//===- FuzzerFlags.def - Run-time flags -------------------------*- C++ -* ===// // // The LLVM Compiler Infrastructure // // This file is distributed under the University of Illinois Open Source // License. See LICENSE.TXT for details. // //===----------------------------------------------------------------------===// // Flags. FUZZER_FLAG_INT/FUZZER_FLAG_STRING macros should be defined at the // point of inclusion. We are not using any flag parsing library for better // portability and independence. //===----------------------------------------------------------------------===// FUZZER_FLAG_INT(verbosity, 1, "Verbosity level.") FUZZER_FLAG_INT(seed, 0, "Random seed. If 0, seed is generated.") FUZZER_FLAG_INT(runs, -1, "Number of individual test runs (-1 for infinite runs).") FUZZER_FLAG_INT(max_len, 64, "Maximum length of the test input.") FUZZER_FLAG_INT(cross_over, 1, "If 1, cross over inputs.") FUZZER_FLAG_INT(mutate_depth, 5, "Apply this number of consecutive mutations to each input.") FUZZER_FLAG_INT(shuffle, 1, "Shuffle inputs at startup") FUZZER_FLAG_INT( prefer_small_during_initial_shuffle, -1, "If 1, always prefer smaller inputs during the initial corpus shuffle." " If 0, never do that. If -1, do it sometimes.") FUZZER_FLAG_INT(exit_on_first, 0, "If 1, exit after the first new interesting input is found.") FUZZER_FLAG_INT( timeout, 1200, "Timeout in seconds (if positive). " "If one unit runs more than this number of seconds the process will abort.") FUZZER_FLAG_INT(max_total_time, 0, "If positive, indicates the maximal total " "time in seconds to run the fuzzer.") FUZZER_FLAG_INT(help, 0, "Print help.") FUZZER_FLAG_INT( save_minimized_corpus, 0, "If 1, the minimized corpus is saved into the first input directory. " "Example: ./fuzzer -save_minimized_corpus=1 NEW_EMPTY_DIR OLD_CORPUS") FUZZER_FLAG_INT(merge, 0, "If 1, the 2-nd, 3-rd, etc corpora will be " "merged into the 1-st corpus. Only interesting units will be taken.") FUZZER_FLAG_INT(use_counters, 1, "Use coverage counters") FUZZER_FLAG_INT(use_indir_calls, 1, "Use indirect caller-callee counters") FUZZER_FLAG_INT(use_traces, 0, "Experimental: use instruction traces") FUZZER_FLAG_INT(jobs, 0, "Number of jobs to run. If jobs >= 1 we spawn" " this number of jobs in separate worker processes" " with stdout/stderr redirected to fuzz-JOB.log.") FUZZER_FLAG_INT(workers, 0, "Number of simultaneous worker processes to run the jobs." " If zero, \"min(jobs,NumberOfCpuCores()/2)\" is used.") FUZZER_FLAG_INT(reload, 1, "Reload the main corpus periodically to get new units" " discovered by other processes.") FUZZER_FLAG_STRING(sync_command, "Execute an external command " "\" \" " "to synchronize the test corpus.") FUZZER_FLAG_INT(sync_timeout, 600, "Minimum timeout between syncs.") FUZZER_FLAG_INT(report_slow_units, 10, "Report slowest units if they run for more than this number of seconds.") FUZZER_FLAG_INT(only_ascii, 0, "If 1, generate only ASCII (isprint+isspace) inputs.") FUZZER_FLAG_STRING(dict, "Experimental. Use the dictionary file.") FUZZER_FLAG_INT(tbm_depth, 5, "Apply at most this number of consecutive" "trace-based-mutations (tbm).") FUZZER_FLAG_INT(tbm_width, 5, "Apply at most this number of independent" "trace-based-mutations (tbm)") FUZZER_FLAG_STRING(test_single_input, "Use specified file as test input.") FUZZER_FLAG_STRING(artifact_prefix, "Write fuzzing artifacts (crash, " "timeout, or slow inputs) as " "$(artifact_prefix)file") FUZZER_FLAG_INT(drill, 0, "Experimental: fuzz using a single unit as the seed " "corpus, then merge with the initial corpus") FUZZER_FLAG_INT(output_csv, 0, "Enable pulse output in CSV format.")