Spracherkennung für: .def vermutete Sprache: Unknown {[0] [0] [0]} [Methode: Schwerpunktbildung, einfache Gewichte, sechs Dimensionen]
//===- FuzzerFlags.def - Run-time flags -------------------------*- C++ -* ===//
//
// Part of the LLVM Project, under the Apache License v2.
0 with LLVM Exceptions.
// See
https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-
2.
0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
// Flags. FUZZER_FLAG_INT/FUZZER_FLAG_STRING macros should be defined at the
// point of inclusion. We are not using any flag parsing library for better
// portability and independence.
//===----------------------------------------------------------------------===//
FUZZER_FLAG_INT(verbosity,
1, "Verbosity level.")
FUZZER_FLAG_UNSIGNED(seed,
0, "Random seed. If
0, seed is generated.")
FUZZER_FLAG_INT(runs, -
1,
"Number of individual test runs (-
1 for infinite runs).")
FUZZER_FLAG_INT(max_len,
0, "Maximum length of the test input. "
"If
0, libFuzzer tries to guess a good value based on the corpus "
"and reports it. ")
FUZZER_FLAG_INT(len_control,
100, "Try generating small inputs first, "
"then try larger inputs over time. Specifies the rate at which the length "
"limit is increased (smaller == faster). If
0, immediately try inputs with "
"size up to max_len. Default value is
0, if LLVMFuzzerCustomMutator is used.")
FUZZER_FLAG_STRING(seed_inputs, "A comma-separated list of input files "
"to use as an additional seed corpus. Alternatively, an \"@\" followed by "
"the name of a file containing the comma-separated list.")
FUZZER_FLAG_INT(cross_over,
1, "If
1, cross over inputs.")
FUZZER_FLAG_INT(mutate_depth,
5,
"Apply this number of consecutive mutations to each input.")
FUZZER_FLAG_INT(reduce_depth,
0, "Experimental/internal. "
"Reduce depth if mutations lose unique features")
FUZZER_FLAG_INT(shuffle,
1, "Shuffle inputs at startup")
FUZZER_FLAG_INT(prefer_small,
1,
"If
1, always prefer smaller inputs during the corpus shuffle.")
FUZZER_FLAG_INT(
timeout,
1200,
"Timeout in seconds (if positive). "
"If one unit runs more than this number of seconds the process will abort.")
FUZZER_FLAG_INT(error_exitcode,
77, "When libFuzzer itself reports a bug "
"this exit code will be used.")
FUZZER_FLAG_INT(timeout_exitcode,
70, "When libFuzzer reports a timeout "
"this exit code will be used.")
FUZZER_FLAG_INT(max_total_time,
0, "If positive, indicates the maximal total "
"time in seconds to run the fuzzer.")
FUZZER_FLAG_INT(help,
0, "Print help.")
FUZZER_FLAG_INT(fork,
0, "Experimental mode where fuzzing happens "
"in a subprocess")
FUZZER_FLAG_INT(ignore_timeouts,
1, "Ignore timeouts in fork mode")
FUZZER_FLAG_INT(ignore_ooms,
1, "Ignore OOMs in fork mode")
FUZZER_FLAG_INT(ignore_crashes,
0, "Ignore crashes in fork mode")
FUZZER_FLAG_INT(merge,
0, "If
1, the
2-nd,
3-rd, etc corpora will be "
"merged into the
1-st corpus. Only interesting units will be taken. "
"This flag can be used to minimize a corpus.")
FUZZER_FLAG_STRING(stop_file, "Stop fuzzing ASAP if this file exists")
FUZZER_FLAG_STRING(merge_inner, "internal flag")
FUZZER_FLAG_STRING(merge_control_file,
"Specify a control file used for the merge process. "
"If a merge process gets killed it tries to leave this file "
"in a state suitable for resuming the merge. "
"By default a temporary file will be used."
"The same file can be used for multistep merge process.")
FUZZER_FLAG_INT(minimize_crash,
0, "If
1, minimizes the provided"
" crash input. Use with -runs=N or -max_total_time=N to limit "
"the number attempts."
" Use with -exact_artifact_path to specify the output."
" Combine with ASAN_OPTIONS=dedup_token_length=
3 (or similar) to ensure that"
" the minimized input triggers the same crash."
)
FUZZER_FLAG_INT(cleanse_crash,
0, "If
1, tries to cleanse the provided"
" crash input to make it contain fewer original bytes."
" Use with -exact_artifact_path to specify the output."
)
FUZZER_FLAG_INT(minimize_crash_internal_step,
0, "internal flag")
FUZZER_FLAG_STRING(features_dir, "internal flag. Used to dump feature sets on disk."
"Every time a new input is added to the corpus, a corresponding file in the features_dir"
" is created containing the unique features of that input."
" Features are stored in binary format.")
FUZZER_FLAG_INT(use_counters,
1, "Use coverage counters")
FUZZER_FLAG_INT(use_memmem,
1,
"Use hints from intercepting memmem, strstr, etc")
FUZZER_FLAG_INT(use_value_profile,
0,
"Experimental. Use value profile to guide fuzzing.")
FUZZER_FLAG_INT(use_cmp,
1, "Use CMP traces to guide mutations")
FUZZER_FLAG_INT(shrink,
0, "Experimental. Try to shrink corpus inputs.")
FUZZER_FLAG_INT(reduce_inputs,
1,
"Try to reduce the size of inputs while preserving their full feature sets")
FUZZER_FLAG_UNSIGNED(jobs,
0, "Number of jobs to run. If jobs >=
1 we spawn"
" this number of jobs in separate worker processes"
" with stdout/stderr redirected to fuzz-JOB.log.")
FUZZER_FLAG_UNSIGNED(workers,
0,
"Number of simultaneous worker processes to run the jobs."
" If zero, \"min(jobs,NumberOfCpuCores()/
2)\" is used.")
FUZZER_FLAG_INT(reload,
1,
"Reload the main corpus every <N> seconds to get new units"
" discovered by other processes. If
0, disabled")
FUZZER_FLAG_INT(report_slow_units,
10,
"Report slowest units if they run for more than this number of seconds.")
FUZZER_FLAG_INT(only_ascii,
0,
"If
1, generate only ASCII (isprint+isspace) inputs.")
FUZZER_FLAG_STRING(dict, "Experimental. Use the dictionary file.")
FUZZER_FLAG_STRING(artifact_prefix, "Write fuzzing artifacts (crash, "
"timeout, or slow inputs) as "
"$(artifact_prefix)file")
FUZZER_FLAG_STRING(exact_artifact_path,
"Write the single artifact on failure (crash, timeout) "
"as $(exact_artifact_path). This overrides -artifact_prefix "
"and will not use checksum in the file name. Do not "
"use the same path for several parallel processes.")
FUZZER_FLAG_INT(print_pcs,
0, "If
1, print out newly covered PCs.")
FUZZER_FLAG_INT(print_funcs,
2, "If >=
1, print out at most this number of "
"newly covered functions.")
FUZZER_FLAG_INT(print_final_stats,
0, "If
1, print statistics at exit.")
FUZZER_FLAG_INT(print_corpus_stats,
0,
"If
1, print statistics on corpus elements at exit.")
FUZZER_FLAG_INT(print_coverage,
0, "If
1, print coverage information as text"
" at exit.")
FUZZER_FLAG_INT(dump_coverage,
0, "Deprecated.")
FUZZER_FLAG_INT(handle_segv,
1, "If
1, try to intercept SIGSEGV.")
FUZZER_FLAG_INT(handle_bus,
1, "If
1, try to intercept SIGBUS.")
FUZZER_FLAG_INT(handle_abrt,
1, "If
1, try to intercept SIGABRT.")
FUZZER_FLAG_INT(handle_ill,
1, "If
1, try to intercept SIGILL.")
FUZZER_FLAG_INT(handle_fpe,
1, "If
1, try to intercept SIGFPE.")
FUZZER_FLAG_INT(handle_int,
1, "If
1, try to intercept SIGINT.")
FUZZER_FLAG_INT(handle_term,
1, "If
1, try to intercept SIGTERM.")
FUZZER_FLAG_INT(handle_xfsz,
1, "If
1, try to intercept SIGXFSZ.")
FUZZER_FLAG_INT(handle_usr1,
1, "If
1, try to intercept SIGUSR1.")
FUZZER_FLAG_INT(handle_usr2,
1, "If
1, try to intercept SIGUSR2.")
FUZZER_FLAG_INT(close_fd_mask,
0, "If
1, close stdout at startup; "
"if
2, close stderr; if
3, close both. "
"Be careful, this will also close e.g. stderr of asan.")
FUZZER_FLAG_INT(detect_leaks,
1, "If
1, and if LeakSanitizer is enabled "
"try to detect memory leaks during fuzzing (i.e. not only at shut down).")
FUZZER_FLAG_INT(purge_allocator_interval,
1, "Purge allocator caches and "
"quarantines every <N> seconds. When rss_limit_mb is specified (>
0), "
"purging starts when RSS exceeds
50% of rss_limit_mb. Pass "
"purge_allocator_interval=-
1 to disable this functionality.")
FUZZER_FLAG_INT(trace_malloc,
0, "If >=
1 will print all mallocs/frees. "
"If >=
2 will also print stack traces.")
FUZZER_FLAG_INT(rss_limit_mb,
2048, "If non-zero, the fuzzer will exit upon"
"reaching this limit of RSS memory usage.")
FUZZER_FLAG_INT(malloc_limit_mb,
0, "If non-zero, the fuzzer will exit "
"if the target tries to allocate this number of Mb with one malloc call. "
"If zero (default) same limit as rss_limit_mb is applied.")
FUZZER_FLAG_STRING(exit_on_src_pos, "Exit if a newly found PC originates"
" from the given source location. Example: -exit_on_src_pos=foo.cc:
123. "
"Used primarily for testing libFuzzer itself.")
FUZZER_FLAG_STRING(exit_on_item, "Exit if an item with a given sha1 sum"
" was added to the corpus. "
"Used primarily for testing libFuzzer itself.")
FUZZER_FLAG_INT(ignore_remaining_args,
0, "If
1, ignore all arguments passed "
"after this one. Useful for fuzzers that need to do their own "
"argument parsing.")
FUZZER_FLAG_STRING(focus_function, "Experimental. "
"Fuzzing will focus on inputs that trigger calls to this function. "
"If -focus_function=auto and -data_flow_trace is used, libFuzzer "
"will choose the focus functions automatically.")
FUZZER_FLAG_INT(entropic,
0, "Experimental. Enables entropic power schedule.")
FUZZER_FLAG_INT(entropic_feature_frequency_threshold,
0xFF, "Experimental. If "
"entropic is enabled, all features which are observed less often than "
"the specified value are considered as rare.")
FUZZER_FLAG_INT(entropic_number_of_rarest_features,
100, "Experimental. If "
"entropic is enabled, we keep track of the frequencies only for the "
"Top-X least abundant features (union features that are considered as "
"rare).")
FUZZER_FLAG_INT(analyze_dict,
0, "Experimental")
FUZZER_DEPRECATED_FLAG(use_clang_coverage)
FUZZER_FLAG_STRING(data_flow_trace, "Experimental: use the data flow trace")
FUZZER_FLAG_STRING(collect_data_flow,
"Experimental: collect the data flow trace")
