Struct libafl_bolts::cli::FuzzerOptions
source · pub struct FuzzerOptions {Show 31 fields
pub timeout: Duration,
pub verbose: bool,
pub stdout: String,
pub configuration: String,
pub asan: bool,
pub asan_cores: Cores,
pub iterations: usize,
pub harness: Option<PathBuf>,
pub harness_function: String,
pub libs_to_instrument: Vec<String>,
pub cmplog: bool,
pub cmplog_cores: Cores,
pub detect_leaks: bool,
pub continue_on_error: bool,
pub allocation_backtraces: bool,
pub max_allocation: usize,
pub max_total_allocation: usize,
pub max_allocation_panics: bool,
pub disable_coverage: bool,
pub drcov: bool,
pub disable_excludes: bool,
pub dont_instrument: Vec<(String, usize)>,
pub qemu_args: Vec<String>,
pub tokens: Vec<PathBuf>,
pub input: Vec<PathBuf>,
pub output: PathBuf,
pub cores: Cores,
pub broker_port: u16,
pub remote_broker_addr: Option<SocketAddr>,
pub replay: Option<PathBuf>,
pub repeat: Option<usize>,
}
Expand description
Top-level container for cli options/arguments/subcommands
Fields§
§timeout: Duration
Timeout for each target execution (milliseconds)
verbose: bool
Whether or not to print debug info
stdout: String
File to which all client output should be written
configuration: String
The name of the configuration to use
asan: bool
Enable Address Sanitizer (ASan
)
asan_cores: Cores
Enable ASan
on each of the provided cores. Use ‘all’ to select all available
cores. ‘none’ to run a client without binding to any core.
ex: ‘1,2-4,6’ selects the cores 1, 2, 3, 4, and 6.
iterations: usize
Number of fuzz iterations to perform
harness: Option<PathBuf>
Path to the harness
harness_function: String
Harness function to call
libs_to_instrument: Vec<String>
Additional libraries to instrument
cmplog: bool
Enable CmpLog
instrumentation
cmplog_cores: Cores
Enable CmpLog
on each of the provided cores. Use ‘all’ to select all available
cores. ‘none’ to run a client without binding to any core.
ex: ‘1,2-4,6’ selects the cores 1, 2, 3, 4, and 6.
detect_leaks: bool
Enable ASan
leak detection
continue_on_error: bool
Instruct ASan
to continue after a memory error is detected
allocation_backtraces: bool
Instruct ASan
to gather (and report) allocation-/free-site backtraces
max_allocation: usize
The maximum size that the ASan
allocator should allocate
max_total_allocation: usize
The maximum total allocation size that the ASan
allocator should allocate
max_allocation_panics: bool
Instruct ASan
to panic if the max ASan
allocation size is exceeded
disable_coverage: bool
Disable coverage
drcov: bool
Enable DrCov
(aarch64 only)
disable_excludes: bool
Disable stalker.exclude()
if true
It’s better to disable this on Windows or your harness uses c++ exception handling
See https://github.com/AFLplusplus/LibAFL/issues/830
dont_instrument: Vec<(String, usize)>
Locations which will not be instrumented for ASan
or coverage purposes (ex: mod_name@0x12345
)
qemu_args: Vec<String>
Trailing arguments (after “--
”); can be passed directly to QEMU
tokens: Vec<PathBuf>
Paths to fuzzer token files (aka ‘dictionaries’)
input: Vec<PathBuf>
Input corpus directories
output: PathBuf
Output solutions directory
cores: Cores
Spawn a client in each of the provided cores. Use ‘all’ to select all available cores. ‘none’ to run a client without binding to any core. ex: ‘1,2-4,6’ selects the cores 1, 2, 3, 4, and 6.
broker_port: u16
Port on which the broker should listen
remote_broker_addr: Option<SocketAddr>
ip:port
where a remote broker is already listening
replay: Option<PathBuf>
Path to file that should be sent to the harness for crash reproduction
repeat: Option<usize>
Run the same replay input multiple times
Implementations§
source§impl FuzzerOptions
impl FuzzerOptions
sourcepub fn with_subcommand(mode: Command) -> Command
pub fn with_subcommand(mode: Command) -> Command
Given an App
, add it to FuzzerOptions
as a subcommand and return the resulting App
Examples
use clap::{App, IntoApp, Parser};
use libafl_bolts::cli::FuzzerOptions;
fn custom_func(_: &str) {} // not relevant; just for illustrative purposes
#[derive(Parser, Debug)]
#[arg(name = "custom")] // the name of the new subcommand
struct CustomFooParser {
/// a very cromulent option
#[arg(short, long)]
bar: String,
}
fn main() {
// example command line invocation:
// ./path-to-bin custom --bar stuff
// clap's builder syntax to define the parser would be fine as well, but here we
// show the derive option
let cmd: App = CustomFooParser::into_app();
// `with_subcommand` takes an `App`, and returns an `App`
let parser = FuzzerOptions::with_subcommand(cmd);
// use the `App` to parse everything
let matches = parser.get_matches();
// process the results
if let Some(("custom", sub_matches)) = matches.subcommand() {
custom_func(sub_matches.get_one::<String>("bar").unwrap())
}
log::info!("{:?}", matches);
}
Trait Implementations§
source§impl Args for FuzzerOptions
impl Args for FuzzerOptions
source§fn group_id() -> Option<Id>
fn group_id() -> Option<Id>
ArgGroup::id
][crate::ArgGroup::id] for this set of argumentssource§fn augment_args<'b>(__clap_app: Command) -> Command
fn augment_args<'b>(__clap_app: Command) -> Command
source§fn augment_args_for_update<'b>(__clap_app: Command) -> Command
fn augment_args_for_update<'b>(__clap_app: Command) -> Command
source§impl Clone for FuzzerOptions
impl Clone for FuzzerOptions
source§fn clone(&self) -> FuzzerOptions
fn clone(&self) -> FuzzerOptions
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read moresource§impl CommandFactory for FuzzerOptions
impl CommandFactory for FuzzerOptions
source§impl Debug for FuzzerOptions
impl Debug for FuzzerOptions
source§impl<'de> Deserialize<'de> for FuzzerOptions
impl<'de> Deserialize<'de> for FuzzerOptions
source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
source§impl FromArgMatches for FuzzerOptions
impl FromArgMatches for FuzzerOptions
source§fn from_arg_matches(__clap_arg_matches: &ArgMatches) -> Result<Self, Error>
fn from_arg_matches(__clap_arg_matches: &ArgMatches) -> Result<Self, Error>
source§fn from_arg_matches_mut(
__clap_arg_matches: &mut ArgMatches
) -> Result<Self, Error>
fn from_arg_matches_mut( __clap_arg_matches: &mut ArgMatches ) -> Result<Self, Error>
source§fn update_from_arg_matches(
&mut self,
__clap_arg_matches: &ArgMatches
) -> Result<(), Error>
fn update_from_arg_matches( &mut self, __clap_arg_matches: &ArgMatches ) -> Result<(), Error>
ArgMatches
to self
.source§fn update_from_arg_matches_mut(
&mut self,
__clap_arg_matches: &mut ArgMatches
) -> Result<(), Error>
fn update_from_arg_matches_mut( &mut self, __clap_arg_matches: &mut ArgMatches ) -> Result<(), Error>
ArgMatches
to self
.source§impl Parser for FuzzerOptions
impl Parser for FuzzerOptions
§fn parse_from<I, T>(itr: I) -> Self
fn parse_from<I, T>(itr: I) -> Self
§fn try_parse_from<I, T>(itr: I) -> Result<Self, Error>
fn try_parse_from<I, T>(itr: I) -> Result<Self, Error>
§fn update_from<I, T>(&mut self, itr: I)
fn update_from<I, T>(&mut self, itr: I)
§fn try_update_from<I, T>(&mut self, itr: I) -> Result<(), Error>
fn try_update_from<I, T>(&mut self, itr: I) -> Result<(), Error>
Auto Trait Implementations§
impl RefUnwindSafe for FuzzerOptions
impl Send for FuzzerOptions
impl Sync for FuzzerOptions
impl Unpin for FuzzerOptions
impl UnwindSafe for FuzzerOptions
Blanket Implementations§
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<Tail, T> Prepend<T> for Tail
impl<Tail, T> Prepend<T> for Tail
§type PreprendResult = Tail
type PreprendResult = Tail
TupleList
, of an Prepend::prepend()
call,
including the prepended entry.