Honggfuzz Configuration#
run_time#
- Number of seconds this fuzzing session will last.
(default: 0 [no limit])
iterations#
- Number of fuzzing iterations.
(default: 0 [no limit])
threads#
- Number of concurrent fuzzing threads.
(default: 0 [number of CPUs / 2])
keep_output#
- Don't close children's stdin, stdout, stderr; can be noisy.
(default: false)
verbose#
- Disable ANSI console; use simple log output.
(default: false)
exit_upon_crash#
- Exit upon seeing the first crash.
(default: false)
mutations_per_run#
- Maximal number of mutations per one run.
(default: 6)
cargo_target_dir#
- Target compilation directory, to not clash with cargo build's default target directory.
(default: "" ["trident-tests/fuzzing/honggfuzz/hfuzz_target"])
hfuzz_workspace#
- Honggfuzz working directory.
(default: "" ["trident-tests/fuzzing/honggfuzz/hfuzz_workspace"])
crashdir#
- Directory where crashes are saved to.
(default: "" [workspace directory])
extension#
- Input file extension.
(default: "" ['fuzz'])
timeout#
- Timeout in seconds. This will terminate the fuzzing thread if it's running for more than this time.
(default: 10)
max_file_size#
- Maximal size of files processed by the fuzzer in bytes.
(default: 1048576 = 1MB)
save_all#
- Save all test-cases (not only the unique ones) by appending the current time-stamp to the filenames.
(default: false)
fuzzer_loopcount#
- The fuzzer loopcount represents a number of iterations each fuzzer-created process needs to execute before it finishes and generates a profraw file.
Impact on performance and code coverage accuracy
If the loopcount is too low, the fuzzer will be slower because new processes will need to be created more often. However, the higher the loopcount, the higher the chance that the process will crash and not generate any profraw file, thus reducing the code coverage accuracy.
(default: 10)