Skip to content

AFL Configuration#

run_time#

  • Number of seconds this fuzzing session will last.

(default: 0 [no limit])

[afl]
run_time = 0

iterations#

  • Number of fuzzing iterations.

(default: 0 [no limit])

[afl]
iterations = 0

cargo_target_dir#

  • Target compilation directory, to not clash with cargo build's default target directory.

(default: "" ["trident-tests/fuzz_tests/fuzzing/afl/afl_target"])

[afl]
cargo_target_dir = ""

afl_workspace_in#

  • AFL working input directory.

(default: "" ["trident-tests/fuzz_tests/fuzzing/afl/afl_workspace/in"])

[afl]
afl_workspace_in = ""

afl_workspace_out#

  • AFL working output directory.

(default: "" ["trident-tests/fuzz_tests/fuzzing/afl/afl_workspace/out"])

[afl]
afl_workspace_out = ""

seeds#

  • Predefined inputs to the AFL. You can specify multiple input seeds.

Seed Generation Priority

bytes_count has precedence before seed, in that case if both are specified. Seed is generated as random array of bytes_count bytes.

  • file_name

    • Filename under which the test input is generated, the location of file is afl_workspace_in directory.

    (default: "" ["trident-seed"])

  • seed

    • String used as seed.

    (default: "" ["trident"])

  • override_file

    • If the file already exists at specific location, select if override.

    (default: false)

  • bytes_count

    • Number of randomly generated bytes.
[[afl.seeds]]
file_name = ""
seed = ""
override_file = true
bytes_count = 20

fuzzer_loopcount#

  • The fuzzer loopcount represents a number of iterations each fuzzer-created process needs to execute before it finishes and generates a profraw file.

Impact on performance and code coverage accuracy

If the loopcount is too low, the fuzzer will be slower because new processes will need to be created more often. However, the higher the loopcount, the higher the chance that the process will crash and not generate any profraw file, thus reducing the code coverage accuracy.

(default: 20)

[afl]
fuzzer_loopcount = 20