High level conclusions

Fuzzers reach 56.82% of cyclomatic complexity.

Fuzzers reach 48.41% of all functions.

Fuzzer dns_config_fuzzer is blocked:

The runtime code coverage of dns_config_fuzzer covers 27.70% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer buffer_add_file_fuzzer is blocked:

The runtime code coverage of buffer_add_file_fuzzer covers 29.26% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Reachability and coverage overview

Functions statically reachable by fuzzers

533 / 1101

Cyclomatic complexity statically reachable by fuzzers

3878 / 6824

Runtime code coverage of functions

322 / 1101

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzzer: utils_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	27	23.8%
gold	[1:9]	16	14.1%
yellow	[10:29]	2	1.76%
greenyellow	[30:49]	15	13.2%
lawngreen	50+	53	46.9%
All colors	113	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
6	101	evutil_getaddrinfo	call site: 00101	apply_socktype_protocol_hack
4	96	evutil_getaddrinfo	call site: 00096	apply_numeric_port_hack
2	21	evutil_inet_pton_scope	call site: 00021	__errno_location
2	42	evutil_inet_ntop	call site: 00042	event_strlcpy_
2	75	evutil_new_addrinfo_	call site: 00075	evutil_freeaddrinfo
2	93	evutil_getaddrinfo	call site: 00093	test_for_getaddrinfo_hacks
1	7	evutil_parse_sockaddr_port	call site: 00007	evutil_inet_pton
1	24	event_mm_strdup_	call site: 00024	__errno_location
1	49	evutil_format_sockaddr_port_	call site: 00049	evutil_snprintf
1	60	test_for_getaddrinfo_hacks	call site: 00060	parse_numeric_servname
1	62	parse_numeric_servname	call site: 00062	evutil_getaddrinfo_common_
1	65	evutil_getaddrinfo_common_	call site: 00065	getprotobynumber

Runtime coverage analysis

Covered functions

27

Functions that are reachable but not covered

20

Reachable functions

47

Percentage of reachable functions covered

57.45%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/utils_fuzzer.cc	1
evutil.c	24
/usr/include/x86_64-linux-gnu/bits/byteswap.h	2
event.c	4
strlcpy.c	1

Fuzzer: buffer_add_file_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	60	53.5%
gold	[1:9]	0	0.0%
yellow	[10:29]	12	10.7%
greenyellow	[30:49]	1	0.89%
lawngreen	50+	39	34.8%
All colors	112	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
34	57	evbuffer_decref_and_unlock_	call site: 00057	event_deferred_cb_cancel_
11	93	evbuffer_add_file_segment	call site: 00093	event_deferred_cb_schedule_
4	16	evbuffer_file_segment_new	call site: 00016	evbuffer_file_segment_materialize
3	34	evbuffer_file_segment_materialize	call site: 00034	event_mm_free_
3	42	evbuffer_add_file_segment	call site: 00042	evbuffer_free_trailing_empty_chains
2	48	evbuffer_file_segment_free	call site: 00048	event_warn
2	52	evbuffer_file_segment_free	call site: 00052	evbuffer_chain_free
1	11	event_mm_calloc_	call site: 00011	__errno_location

Runtime coverage analysis

Covered functions

24

Functions that are reachable but not covered

58

Reachable functions

82

Percentage of reachable functions covered

29.27%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/buffer_add_file_fuzzer.cc	1
buffer.c	19
event.c	25
evutil.c	3
log.c	6
minheap-internal.h	4
evmap.c	2
bufferevent.c	1

Fuzzer: bufferevent_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	491	71.3%
gold	[1:9]	7	1.01%
yellow	[10:29]	10	1.45%
greenyellow	[30:49]	2	0.29%
lawngreen	50+	178	25.8%
All colors	688	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
63	616	LLVMFuzzerTestOneInput	call site: 00616	bufferevent_rate_limit_group_new
50	464	bufferevent_socket_new	call site: 00464	bufferevent_decrement_write_buckets_
47	415	bufferevent_socket_new	call site: 00415	bufferevent_decrement_read_buckets_
26	277	be_pair_wants_to_talk	call site: 00277	be_pair_transfer
24	304	event_callback_activate_nolock_	call site: 00304	evbuffer_add_buffer
22	197	event_add_nolock_	call site: 00197	common_timeout_schedule
22	590	LLVMFuzzerTestOneInput	call site: 00590	bev_refill_callback_
19	329	event_add	call site: 00329	bufferevent_trigger_nolock_
15	133	event_base_priority_init	call site: 00133	evthread_make_base_notifiable
15	166	event_assign	call site: 00166	event_priority_set
13	542	bufferevent_filter_new	call site: 00542	be_filter_process_output
11	67	event_del_nolock_	call site: 00067	event_errx

Runtime coverage analysis

Covered functions

135

Functions that are reachable but not covered

188

Reachable functions

300

Percentage of reachable functions covered

37.33%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/bufferevent_fuzzer.cc	1
event.c	71
log.c	9
evutil.c	15
evutil_time.c	3
minheap-internal.h	11
evmap.c	19
bufferevent_pair.c	8
bufferevent.c	35
buffer.c	49
bufferevent_ratelim.c	26
bufferevent-internal.h	1
bufferevent_sock.c	6
evthread-internal.h	1
bufferevent_filter.c	11

Fuzzer: parse_query_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	34	26.7%
gold	[1:9]	1	0.78%
yellow	[10:29]	1	0.78%
greenyellow	[30:49]	2	1.57%
lawngreen	50+	89	70.0%
All colors	127	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
11	20	parse_authority	call site: 00020	event_warn
3	111	evhttp_add_header_internal	call site: 00111	event_warn
2	8	evhttp_uri_parse_with_flags	call site: 00008	__errno_location
2	38	parse_authority	call site: 00038	event_mm_strdup_
2	47	bracket_addr_ok	call site: 00047	__isoc99_sscanf
2	71	evhttp_uri_parse_with_flags	call site: 00071	event_warn
2	108	evhttp_add_header_internal	call site: 00108	event_warn
1	6	event_mm_calloc_	call site: 00006	__errno_location
1	11	event_mm_strdup_	call site: 00011	__errno_location
1	36	parse_authority	call site: 00036	event_warn
1	59	parse_authority	call site: 00059	event_warn
1	63	end_of_path	call site: 00063	strlen

Runtime coverage analysis

Covered functions

32

Functions that are reachable but not covered

19

Reachable functions

51

Percentage of reachable functions covered

62.75%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/parse_query_fuzzer.cc	1
http.c	20
event.c	4
evutil.c	9
log.c	4
/usr/include/x86_64-linux-gnu/bits/byteswap.h	1

Fuzzer: dns_config_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	924	72.8%
gold	[1:9]	1	0.07%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	344	27.1%
All colors	1269	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
219	820	evutil_sockaddr_cmp	call site: 00820	evdns_getaddrinfo_gotresolve
127	454	search_state_decref	call site: 00454	evdns_requests_pump_waiting_queue
123	329	evutil_inet_pton_scope	call site: 00329	evdns_base_resolve_ipv4
103	582	event_add	call site: 00582	bufferevent_writecb
72	686	evutil_socket_	call site: 00686	client_tcp_read_packet_cb
37	272	evdns_base_new	call site: 00272	evutil_getaddrinfo
36	783	evutil_sockaddr_is_loopback_	call site: 00783	nameserver_ready_callback
22	197	event_add_nolock_	call site: 00197	common_timeout_schedule
15	133	event_base_priority_init	call site: 00133	evthread_make_base_notifiable
13	166	event_assign	call site: 00166	event_err
11	67	event_del_nolock_	call site: 00067	event_errx
11	149	evutil_make_internal_pipe_	call site: 00149	event_assign

Runtime coverage analysis

Covered functions

138

Functions that are reachable but not covered

334

Reachable functions

462

Percentage of reachable functions covered

27.71%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/dns_config_fuzzer.cc	1
event.c	70
log.c	9
evutil.c	62
evutil_time.c	3
minheap-internal.h	11
evmap.c	19
evdns.c	106
evutil_rand.c	3
./arc4random.c	13
/usr/include/x86_64-linux-gnu/bits/byteswap.h	2
bufferevent.c	31
buffer.c	42
bufferevent_ratelim.c	15
bufferevent_sock.c	7
evthread-internal.h	1
bufferevent-internal.h	1
strlcpy.c	1

Fuzzer: /src/inspector/light/source_files/src/utils_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	29	25.6%
gold	[1:9]	10	8.84%
yellow	[10:29]	1	0.88%
greenyellow	[30:49]	7	6.19%
lawngreen	50+	66	58.4%
All colors	113	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
6	101	evutil_getaddrinfo	call site: 00101	apply_socktype_protocol_hack
4	96	evutil_getaddrinfo	call site: 00096	apply_numeric_port_hack
2	21	evutil_inet_pton_scope	call site: 00021	__errno_location
2	42	evutil_inet_ntop	call site: 00042	event_strlcpy_
2	49	evutil_format_sockaddr_port_	call site: 00049	evutil_getaddrinfo
2	75	evutil_new_addrinfo_	call site: 00075	evutil_freeaddrinfo
2	93	evutil_getaddrinfo	call site: 00093	test_for_getaddrinfo_hacks
1	7	evutil_parse_sockaddr_port	call site: 00007	evutil_inet_pton
1	24	event_mm_strdup_	call site: 00024	__errno_location
1	60	test_for_getaddrinfo_hacks	call site: 00060	parse_numeric_servname
1	62	parse_numeric_servname	call site: 00062	evutil_getaddrinfo_common_
1	65	evutil_getaddrinfo_common_	call site: 00065	getprotobynumber

Runtime coverage analysis

Covered functions

326

Functions that are reachable but not covered

19

Reachable functions

47

Percentage of reachable functions covered

59.57%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/light/source_files/src/utils_fuzzer.cc	1
evutil.c	24
/usr/include/x86_64-linux-gnu/bits/byteswap.h	2
event.c	4
strlcpy.c	1

Fuzzer: buffer_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	103	54.7%
gold	[1:9]	1	0.53%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	84	44.6%
All colors	188	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
34	36	evbuffer_decref_and_unlock_	call site: 00036	event_deferred_cb_cancel_
20	13	evbuffer_free_all_chains	call site: 00013	evbuffer_chain_free
11	76	evbuffer_add	call site: 00076	event_deferred_cb_schedule_
9	97	evbuffer_search_range	call site: 00097	evbuffer_ptr_subtract
8	168	LLVMFuzzerTestOneInput	call site: 00168	APPEND_CHAIN_MULTICAST
7	154	LLVMFuzzerTestOneInput	call site: 00154	evbuffer_free_all_chains
2	73	evbuffer_add	call site: 00073	evbuffer_chain_insert
2	94	evbuffer_search_eol	call site: 00094	evbuffer_search
2	165	LLVMFuzzerTestOneInput	call site: 00165	evbuffer_invoke_callbacks_
1	3	event_mm_calloc_	call site: 00003	__errno_location
1	107	evbuffer_readln	call site: 00107	event_warn
1	114	evbuffer_drain	call site: 00114	evbuffer_chain_free

Runtime coverage analysis

Covered functions

48

Functions that are reachable but not covered

63

Reachable functions

111

Percentage of reachable functions covered

43.24%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/buffer_fuzzer.cc	1
buffer.c	57
event.c	25
log.c	6
evutil.c	2
minheap-internal.h	4
evmap.c	2
bufferevent.c	1

Fuzzer: http_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	185	43.5%
gold	[1:9]	7	1.64%
yellow	[10:29]	7	1.64%
greenyellow	[30:49]	1	0.23%
lawngreen	50+	225	52.9%
All colors	425	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
61	362	LLVMFuzzerTestOneInput	call site: 00362	evhttp_free
34	44	evbuffer_decref_and_unlock_	call site: 00044	event_deferred_cb_cancel_
11	84	evbuffer_add	call site: 00084	event_deferred_cb_schedule_
10	31	evbuffer_free_all_chains	call site: 00031	evbuffer_chain_free
10	131	evbuffer_readln	call site: 00131	evbuffer_search
6	4	event_mm_calloc_	call site: 00004	event_warn
5	11	evutil_vsnprintf	call site: 00011	evutil_snprintf
4	101	evhttp_request_new	call site: 00101	evhttp_request_free
4	278	evhttp_add_header_internal	call site: 00278	event_warn
4	339	evhttp_uri_join	call site: 00339	evbuffer_add
3	334	evhttp_uri_join	call site: 00334	evbuffer_add_printf
2	146	evbuffer_search_eol	call site: 00146	evbuffer_strchr

Runtime coverage analysis

Covered functions

86

Functions that are reachable but not covered

101

Reachable functions

187

Percentage of reachable functions covered

45.99%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/http_fuzzer.cc	1
http.c	46
event.c	36
log.c	6
evutil.c	10
buffer.c	42
minheap-internal.h	4
evmap.c	2
bufferevent.c	10
/usr/include/x86_64-linux-gnu/bits/byteswap.h	1
listener.c	2
bufferevent_ratelim.c	1
ws.c	1

Fuzzer: /src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	50	44.6%
gold	[1:9]	0	0.0%
yellow	[10:29]	14	12.5%
greenyellow	[30:49]	1	0.89%
lawngreen	50+	47	41.9%
All colors	112	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
12	79	event_del_nolock_	call site: 00079	event_errx
10	63	event_del_nolock_	call site: 00063	event_queue_remove_timeout
6	93	evbuffer_add_file_segment	call site: 00093	event_deferred_cb_schedule_
4	57	evbuffer_decref_and_unlock_	call site: 00057	event_deferred_cb_cancel_
4	100	event_callback_activate_nolock_	call site: 00100	evbuffer_run_callbacks
3	34	evbuffer_file_segment_materialize	call site: 00034	event_mm_free_
2	18	evutil_fd_filesize	call site: 00018	evbuffer_file_segment_materialize
2	48	evbuffer_file_segment_free	call site: 00048	event_warn
2	52	evbuffer_file_segment_free	call site: 00052	evbuffer_chain_free
1	11	event_mm_calloc_	call site: 00011	__errno_location
1	16	evbuffer_file_segment_new	call site: 00016	evutil_fd_filesize
1	42	evbuffer_add_file_segment	call site: 00042	evbuffer_free_trailing_empty_chains

Runtime coverage analysis

Covered functions

326

Functions that are reachable but not covered

44

Reachable functions

82

Percentage of reachable functions covered

46.34%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc	1
buffer.c	19
event.c	25
evutil.c	3
log.c	6
minheap-internal.h	4
evmap.c	2
bufferevent.c	1

Fuzzer: /src/inspector/source-code/src/bufferevent_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	457	66.4%
gold	[1:9]	5	0.72%
yellow	[10:29]	17	2.47%
greenyellow	[30:49]	3	0.43%
lawngreen	50+	206	29.9%
All colors	688	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
70	587	event_get_priority	call site: 00587	bufferevent_set_rate_limit
47	415	bufferevent_socket_new	call site: 00415	bufferevent_decrement_read_buckets_
28	659	evbuffer_remove	call site: 00659	bufferevent_free
23	464	bufferevent_socket_new	call site: 00464	evbuffer_write_atmost
22	197	event_add_nolock_	call site: 00197	common_timeout_schedule
22	492	evbuffer_drain	call site: 00492	bufferevent_decrement_write_buckets_
19	329	event_add	call site: 00329	bufferevent_trigger_nolock_
15	133	event_base_priority_init	call site: 00133	evthread_make_base_notifiable
13	166	event_assign	call site: 00166	event_err
13	542	bufferevent_filter_new	call site: 00542	be_filter_process_output
11	67	event_del_nolock_	call site: 00067	event_errx
11	149	evutil_make_internal_pipe_	call site: 00149	event_assign

Runtime coverage analysis

Covered functions

326

Functions that are reachable but not covered

156

Reachable functions

300

Percentage of reachable functions covered

48.0%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/source-code/src/bufferevent_fuzzer.cc	1
event.c	71
log.c	9
evutil.c	15
evutil_time.c	3
minheap-internal.h	11
evmap.c	19
bufferevent_pair.c	8
bufferevent.c	35
buffer.c	49
bufferevent_ratelim.c	26
bufferevent-internal.h	1
bufferevent_sock.c	6
evthread-internal.h	1
bufferevent_filter.c	11

Fuzzer: /src/inspector/source-code/src/dns_config_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	812	63.9%
gold	[1:9]	12	0.94%
yellow	[10:29]	13	1.02%
greenyellow	[30:49]	9	0.70%
lawngreen	50+	423	33.3%
All colors	1269	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
125	820	evutil_sockaddr_cmp	call site: 00820	reply_parse
83	956	bufferevent_enable	call site: 00956	evdns_getaddrinfo_gotresolve
46	383	evutil_ascii_strcasecmp	call site: 00383	evdns_base_resolve_ipv4
40	718	evbuffer_remove	call site: 00718	reply_parse
38	343	evutil_getaddrinfo	call site: 00343	evutil_getaddrinfo_common_
36	783	evutil_sockaddr_is_loopback_	call site: 00783	nameserver_ready_callback
33	582	event_add	call site: 00582	bufferevent_trigger_nolock_
23	617	bufferevent_socket_new	call site: 00617	evbuffer_write_atmost
22	197	event_add_nolock_	call site: 00197	common_timeout_schedule
22	645	evbuffer_drain	call site: 00645	bufferevent_decrement_write_buckets_
19	538	bufferevent_socket_new	call site: 00538	evbuffer_read
17	564	evbuffer_free_all_chains	call site: 00564	bufferevent_decrement_read_buckets_

Runtime coverage analysis

Covered functions

326

Functions that are reachable but not covered

257

Reachable functions

462

Percentage of reachable functions covered

44.37%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/source-code/src/dns_config_fuzzer.cc	1
event.c	70
log.c	9
evutil.c	62
evutil_time.c	3
minheap-internal.h	11
evmap.c	19
evdns.c	106
evutil_rand.c	3
./arc4random.c	13
/usr/include/x86_64-linux-gnu/bits/byteswap.h	2
bufferevent.c	31
buffer.c	42
bufferevent_ratelim.c	15
bufferevent_sock.c	7
evthread-internal.h	1
bufferevent-internal.h	1
strlcpy.c	1

Fuzzer: /src/inspector/source-code/src/buffer_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	86	45.7%
gold	[1:9]	1	0.53%
yellow	[10:29]	11	5.85%
greenyellow	[30:49]	1	0.53%
lawngreen	50+	89	47.3%
All colors	188	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
12	58	event_del_nolock_	call site: 00058	event_errx
11	165	LLVMFuzzerTestOneInput	call site: 00165	evbuffer_add_buffer_reference
10	42	event_del_nolock_	call site: 00042	event_queue_remove_timeout
7	154	LLVMFuzzerTestOneInput	call site: 00154	evbuffer_free_all_chains
6	76	evbuffer_add	call site: 00076	event_deferred_cb_schedule_
4	36	evbuffer_decref_and_unlock_	call site: 00036	event_deferred_cb_cancel_
4	83	event_callback_activate_nolock_	call site: 00083	evbuffer_run_callbacks
3	93	find_eol_char	call site: 00093	evbuffer_search
3	118	LLVMFuzzerTestOneInput	call site: 00118	evbuffer_add
2	3	event_mm_calloc_	call site: 00003	evbuffer_add
2	31	evbuffer_file_segment_free	call site: 00031	evbuffer_chain_free
2	97	evbuffer_search_range	call site: 00097	evbuffer_ptr_memcmp

Runtime coverage analysis

Covered functions

326

Functions that are reachable but not covered

42

Reachable functions

111

Percentage of reachable functions covered

62.16%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/source-code/src/buffer_fuzzer.cc	1
buffer.c	57
event.c	25
log.c	6
evutil.c	2
minheap-internal.h	4
evmap.c	2
bufferevent.c	1

Fuzzer: /src/inspector/source-code/src/http_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	150	35.2%
gold	[1:9]	7	1.64%
yellow	[10:29]	16	3.76%
greenyellow	[30:49]	2	0.47%
lawngreen	50+	250	58.8%
All colors	425	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
16	357	evhttp_uri_join	call site: 00357	evhttp_free
14	409	bufferevent_decref	call site: 00409	evhttp_free
12	66	event_del_nolock_	call site: 00066	event_errx
10	50	event_del_nolock_	call site: 00050	event_queue_remove_timeout
6	84	evbuffer_add	call site: 00084	event_deferred_cb_schedule_
5	91	event_callback_activate_nolock_	call site: 00091	evhttp_request_new
4	44	evbuffer_decref_and_unlock_	call site: 00044	event_deferred_cb_cancel_
4	101	evhttp_request_new	call site: 00101	evhttp_request_free
4	278	evhttp_add_header_internal	call site: 00278	event_warn
4	339	evhttp_uri_join	call site: 00339	evbuffer_add
4	380	event_debug_unassign	call site: 00380	bufferevent_free
4	402	bufferevent_finalize_cb_	call site: 00402	bufferevent_remove_from_rate_limit_group_internal_

Runtime coverage analysis

Covered functions

326

Functions that are reachable but not covered

61

Reachable functions

187

Percentage of reachable functions covered

67.38%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/source-code/src/http_fuzzer.cc	1
http.c	46
event.c	36
log.c	6
evutil.c	10
buffer.c	42
minheap-internal.h	4
evmap.c	2
bufferevent.c	10
/usr/include/x86_64-linux-gnu/bits/byteswap.h	1
listener.c	2
bufferevent_ratelim.c	1
ws.c	1

Fuzzer: /src/inspector/source-code/src/utils_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	29	25.6%
gold	[1:9]	10	8.84%
yellow	[10:29]	1	0.88%
greenyellow	[30:49]	7	6.19%
lawngreen	50+	66	58.4%
All colors	113	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
6	101	evutil_getaddrinfo	call site: 00101	apply_socktype_protocol_hack
4	96	evutil_getaddrinfo	call site: 00096	apply_numeric_port_hack
2	21	evutil_inet_pton_scope	call site: 00021	__errno_location
2	42	evutil_inet_ntop	call site: 00042	event_strlcpy_
2	49	evutil_format_sockaddr_port_	call site: 00049	evutil_getaddrinfo
2	75	evutil_new_addrinfo_	call site: 00075	evutil_freeaddrinfo
2	93	evutil_getaddrinfo	call site: 00093	test_for_getaddrinfo_hacks
1	7	evutil_parse_sockaddr_port	call site: 00007	evutil_inet_pton
1	24	event_mm_strdup_	call site: 00024	__errno_location
1	60	test_for_getaddrinfo_hacks	call site: 00060	parse_numeric_servname
1	62	parse_numeric_servname	call site: 00062	evutil_getaddrinfo_common_
1	65	evutil_getaddrinfo_common_	call site: 00065	getprotobynumber

Runtime coverage analysis

Covered functions

326

Functions that are reachable but not covered

19

Reachable functions

47

Percentage of reachable functions covered

59.57%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/source-code/src/utils_fuzzer.cc	1
evutil.c	24
/usr/include/x86_64-linux-gnu/bits/byteswap.h	2
event.c	4
strlcpy.c	1

Fuzzer: /src/inspector/source-code/src/buffer_add_file_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	50	44.6%
gold	[1:9]	0	0.0%
yellow	[10:29]	14	12.5%
greenyellow	[30:49]	1	0.89%
lawngreen	50+	47	41.9%
All colors	112	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
12	79	event_del_nolock_	call site: 00079	event_errx
10	63	event_del_nolock_	call site: 00063	event_queue_remove_timeout
6	93	evbuffer_add_file_segment	call site: 00093	event_deferred_cb_schedule_
4	57	evbuffer_decref_and_unlock_	call site: 00057	event_deferred_cb_cancel_
4	100	event_callback_activate_nolock_	call site: 00100	evbuffer_run_callbacks
3	34	evbuffer_file_segment_materialize	call site: 00034	event_mm_free_
2	18	evutil_fd_filesize	call site: 00018	evbuffer_file_segment_materialize
2	48	evbuffer_file_segment_free	call site: 00048	event_warn
2	52	evbuffer_file_segment_free	call site: 00052	evbuffer_chain_free
1	11	event_mm_calloc_	call site: 00011	__errno_location
1	16	evbuffer_file_segment_new	call site: 00016	evutil_fd_filesize
1	42	evbuffer_add_file_segment	call site: 00042	evbuffer_free_trailing_empty_chains

Runtime coverage analysis

Covered functions

326

Functions that are reachable but not covered

44

Reachable functions

82

Percentage of reachable functions covered

46.34%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/source-code/src/buffer_add_file_fuzzer.cc	1
buffer.c	19
event.c	25
evutil.c	3
log.c	6
minheap-internal.h	4
evmap.c	2
bufferevent.c	1

Fuzzer: /src/inspector/light/source_files/src/buffer_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	86	45.7%
gold	[1:9]	1	0.53%
yellow	[10:29]	11	5.85%
greenyellow	[30:49]	1	0.53%
lawngreen	50+	89	47.3%
All colors	188	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
12	58	event_del_nolock_	call site: 00058	event_errx
11	165	LLVMFuzzerTestOneInput	call site: 00165	evbuffer_add_buffer_reference
10	42	event_del_nolock_	call site: 00042	event_queue_remove_timeout
7	154	LLVMFuzzerTestOneInput	call site: 00154	evbuffer_free_all_chains
6	76	evbuffer_add	call site: 00076	event_deferred_cb_schedule_
4	36	evbuffer_decref_and_unlock_	call site: 00036	event_deferred_cb_cancel_
4	83	event_callback_activate_nolock_	call site: 00083	evbuffer_run_callbacks
3	93	find_eol_char	call site: 00093	evbuffer_search
3	118	LLVMFuzzerTestOneInput	call site: 00118	evbuffer_add
2	3	event_mm_calloc_	call site: 00003	evbuffer_add
2	31	evbuffer_file_segment_free	call site: 00031	evbuffer_chain_free
2	97	evbuffer_search_range	call site: 00097	evbuffer_ptr_memcmp

Runtime coverage analysis

Covered functions

326

Functions that are reachable but not covered

42

Reachable functions

111

Percentage of reachable functions covered

62.16%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/light/source_files/src/buffer_fuzzer.cc	1
buffer.c	57
event.c	25
log.c	6
evutil.c	2
minheap-internal.h	4
evmap.c	2
bufferevent.c	1

Fuzzer: /src/inspector/light/source_files/src/dns_config_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	812	63.9%
gold	[1:9]	12	0.94%
yellow	[10:29]	13	1.02%
greenyellow	[30:49]	9	0.70%
lawngreen	50+	423	33.3%
All colors	1269	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
125	820	evutil_sockaddr_cmp	call site: 00820	reply_parse
83	956	bufferevent_enable	call site: 00956	evdns_getaddrinfo_gotresolve
46	383	evutil_ascii_strcasecmp	call site: 00383	evdns_base_resolve_ipv4
40	718	evbuffer_remove	call site: 00718	reply_parse
38	343	evutil_getaddrinfo	call site: 00343	evutil_getaddrinfo_common_
36	783	evutil_sockaddr_is_loopback_	call site: 00783	nameserver_ready_callback
33	582	event_add	call site: 00582	bufferevent_trigger_nolock_
23	617	bufferevent_socket_new	call site: 00617	evbuffer_write_atmost
22	197	event_add_nolock_	call site: 00197	common_timeout_schedule
22	645	evbuffer_drain	call site: 00645	bufferevent_decrement_write_buckets_
19	538	bufferevent_socket_new	call site: 00538	evbuffer_read
17	564	evbuffer_free_all_chains	call site: 00564	bufferevent_decrement_read_buckets_

Runtime coverage analysis

Covered functions

326

Functions that are reachable but not covered

257

Reachable functions

462

Percentage of reachable functions covered

44.37%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/light/source_files/src/dns_config_fuzzer.cc	1
event.c	70
log.c	9
evutil.c	62
evutil_time.c	3
minheap-internal.h	11
evmap.c	19
evdns.c	106
evutil_rand.c	3
./arc4random.c	13
/usr/include/x86_64-linux-gnu/bits/byteswap.h	2
bufferevent.c	31
buffer.c	42
bufferevent_ratelim.c	15
bufferevent_sock.c	7
evthread-internal.h	1
bufferevent-internal.h	1
strlcpy.c	1

Fuzzer: /src/inspector/light/source_files/src/http_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	150	35.2%
gold	[1:9]	7	1.64%
yellow	[10:29]	16	3.76%
greenyellow	[30:49]	2	0.47%
lawngreen	50+	250	58.8%
All colors	425	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
16	357	evhttp_uri_join	call site: 00357	evhttp_free
14	409	bufferevent_decref	call site: 00409	evhttp_free
12	66	event_del_nolock_	call site: 00066	event_errx
10	50	event_del_nolock_	call site: 00050	event_queue_remove_timeout
6	84	evbuffer_add	call site: 00084	event_deferred_cb_schedule_
5	91	event_callback_activate_nolock_	call site: 00091	evhttp_request_new
4	44	evbuffer_decref_and_unlock_	call site: 00044	event_deferred_cb_cancel_
4	101	evhttp_request_new	call site: 00101	evhttp_request_free
4	278	evhttp_add_header_internal	call site: 00278	event_warn
4	339	evhttp_uri_join	call site: 00339	evbuffer_add
4	380	event_debug_unassign	call site: 00380	bufferevent_free
4	402	bufferevent_finalize_cb_	call site: 00402	bufferevent_remove_from_rate_limit_group_internal_

Runtime coverage analysis

Covered functions

326

Functions that are reachable but not covered

61

Reachable functions

187

Percentage of reachable functions covered

67.38%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/light/source_files/src/http_fuzzer.cc	1
http.c	46
event.c	36
log.c	6
evutil.c	10
buffer.c	42
minheap-internal.h	4
evmap.c	2
bufferevent.c	10
/usr/include/x86_64-linux-gnu/bits/byteswap.h	1
listener.c	2
bufferevent_ratelim.c	1
ws.c	1

Fuzzer: /src/inspector/light/source_files/src/parse_query_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	24	18.8%
gold	[1:9]	2	1.57%
yellow	[10:29]	9	7.08%
greenyellow	[30:49]	1	0.78%
lawngreen	50+	91	71.6%
All colors	127	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
3	111	evhttp_add_header_internal	call site: 00111	event_warn
2	8	evhttp_uri_parse_with_flags	call site: 00008	__errno_location
2	38	parse_authority	call site: 00038	event_mm_strdup_
2	71	evhttp_uri_parse_with_flags	call site: 00071	event_warn
2	108	evhttp_add_header_internal	call site: 00108	event_warn
2	122	evhttp_parse_query_impl	call site: 00122	evhttp_parse_query_str_flags
1	0	EP	call site: 00000	evhttp_parse_query
1	6	event_mm_calloc_	call site: 00006	__errno_location
1	11	event_mm_strdup_	call site: 00011	__errno_location
1	20	parse_authority	call site: 00020	event_warn
1	36	parse_authority	call site: 00036	event_warn
1	59	parse_authority	call site: 00059	event_warn

Runtime coverage analysis

Covered functions

326

Functions that are reachable but not covered

14

Reachable functions

51

Percentage of reachable functions covered

72.55%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/light/source_files/src/parse_query_fuzzer.cc	1
http.c	20
event.c	4
evutil.c	9
log.c	4
/usr/include/x86_64-linux-gnu/bits/byteswap.h	1

Fuzzer: /src/inspector/source-code/src/parse_query_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	24	18.8%
gold	[1:9]	2	1.57%
yellow	[10:29]	9	7.08%
greenyellow	[30:49]	1	0.78%
lawngreen	50+	91	71.6%
All colors	127	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
3	111	evhttp_add_header_internal	call site: 00111	event_warn
2	8	evhttp_uri_parse_with_flags	call site: 00008	__errno_location
2	38	parse_authority	call site: 00038	event_mm_strdup_
2	71	evhttp_uri_parse_with_flags	call site: 00071	event_warn
2	108	evhttp_add_header_internal	call site: 00108	event_warn
2	122	evhttp_parse_query_impl	call site: 00122	evhttp_parse_query_str_flags
1	0	EP	call site: 00000	evhttp_parse_query
1	6	event_mm_calloc_	call site: 00006	__errno_location
1	11	event_mm_strdup_	call site: 00011	__errno_location
1	20	parse_authority	call site: 00020	event_warn
1	36	parse_authority	call site: 00036	event_warn
1	59	parse_authority	call site: 00059	event_warn

Runtime coverage analysis

Covered functions

326

Functions that are reachable but not covered

14

Reachable functions

51

Percentage of reachable functions covered

72.55%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/source-code/src/parse_query_fuzzer.cc	1
http.c	20
event.c	4
evutil.c	9
log.c	4
/usr/include/x86_64-linux-gnu/bits/byteswap.h	1

Fuzzer: /src/inspector/light/source_files/src/bufferevent_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	457	66.4%
gold	[1:9]	5	0.72%
yellow	[10:29]	17	2.47%
greenyellow	[30:49]	3	0.43%
lawngreen	50+	206	29.9%
All colors	688	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
70	587	event_get_priority	call site: 00587	bufferevent_set_rate_limit
47	415	bufferevent_socket_new	call site: 00415	bufferevent_decrement_read_buckets_
28	659	evbuffer_remove	call site: 00659	bufferevent_free
23	464	bufferevent_socket_new	call site: 00464	evbuffer_write_atmost
22	197	event_add_nolock_	call site: 00197	common_timeout_schedule
22	492	evbuffer_drain	call site: 00492	bufferevent_decrement_write_buckets_
19	329	event_add	call site: 00329	bufferevent_trigger_nolock_
15	133	event_base_priority_init	call site: 00133	evthread_make_base_notifiable
13	166	event_assign	call site: 00166	event_err
13	542	bufferevent_filter_new	call site: 00542	be_filter_process_output
11	67	event_del_nolock_	call site: 00067	event_errx
11	149	evutil_make_internal_pipe_	call site: 00149	event_assign

Runtime coverage analysis

Covered functions

326

Functions that are reachable but not covered

156

Reachable functions

300

Percentage of reachable functions covered

48.0%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/light/source_files/src/bufferevent_fuzzer.cc	1
event.c	71
log.c	9
evutil.c	15
evutil_time.c	3
minheap-internal.h	11
evmap.c	19
bufferevent_pair.c	8
bufferevent.c	35
buffer.c	49
bufferevent_ratelim.c	26
bufferevent-internal.h	1
bufferevent_sock.c	6
evthread-internal.h	1
bufferevent_filter.c	11

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name	Functions filename	Arg count	Args	Function depth	hitcount	instr count	bb count	cyclomatic complexity	Reachable functions	Incoming references	total cyclomatic complexity	Unreached complexity
evhttp_start	/src/libevent/http.c	2	['N/A', 'short']	37	0	32	8	4	430	0	2675	651
evdns_server_request_respond	/src/libevent/evdns.c	2	['N/A', 'int']	18	0	167	32	14	153	0	910	179
event_base_dispatch	/src/libevent/event.c	1	['N/A']	11	0	12	3	2	77	0	476	134
evws_new_session	/src/libevent/ws.c	4	['N/A', 'N/A', 'N/A', 'int']	30	0	138	28	12	370	0	2313	90
epoll_dispatch	/src/libevent/epoll.c	2	['N/A', 'N/A']	7	0	319	71	28	29	0	136	77
event_reinit	/src/libevent/event.c	1	['N/A']	9	0	240	51	19	103	0	544	65
evthread_set_lock_callbacks	/src/libevent/evthread.c	1	['N/A']	7	0	157	37	16	24	0	95	48
event_base_dump_events	/src/libevent/event.c	2	['N/A', 'N/A']	3	0	46	9	4	11	0	62	46
sigfd_add	/src/libevent/signalfd.c	5	['N/A', 'int', 'short', 'short', 'N/A']	8	0	128	26	11	88	0	452	36
epoll_init	/src/libevent/epoll.c	1	['N/A']	9	0	193	43	18	66	0	260	35

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers

722 / 1101

Cyclomatic complexity statically reachable by fuzzers

5193 / 6824

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

/src/utils_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evutil_getaddrinfo', 'evutil_inet_pton_scope', 'evutil_inet_ntop', 'evutil_new_addrinfo_', 'evutil_parse_sockaddr_port', 'event_mm_strdup_', 'evutil_format_sockaddr_port_', 'test_for_getaddrinfo_hacks']

/src/buffer_add_file_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evbuffer_decref_and_unlock_', 'evbuffer_add_file_segment', 'evbuffer_file_segment_new', 'evbuffer_file_segment_materialize', 'evbuffer_file_segment_free', 'event_mm_calloc_']

/src/bufferevent_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['LLVMFuzzerTestOneInput', 'bufferevent_socket_new', 'be_pair_wants_to_talk', 'event_callback_activate_nolock_', 'event_add_nolock_', 'event_add', 'event_base_priority_init', 'event_assign']

/src/parse_query_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['parse_authority', 'evhttp_add_header_internal', 'evhttp_uri_parse_with_flags', 'bracket_addr_ok', 'event_mm_calloc_', 'event_mm_strdup_']

/src/dns_config_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evutil_sockaddr_cmp', 'search_state_decref', 'evutil_inet_pton_scope', 'event_add', 'evutil_socket_', 'evdns_base_new', 'evutil_sockaddr_is_loopback_', 'event_add_nolock_', 'event_base_priority_init', 'event_assign']

/src/inspector/light/source_files/src/utils_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evutil_getaddrinfo', 'evutil_inet_pton_scope', 'evutil_inet_ntop', 'evutil_format_sockaddr_port_', 'evutil_new_addrinfo_', 'evutil_parse_sockaddr_port', 'event_mm_strdup_', 'test_for_getaddrinfo_hacks']

/src/buffer_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evbuffer_decref_and_unlock_', 'evbuffer_free_all_chains', 'evbuffer_add', 'evbuffer_search_range', 'LLVMFuzzerTestOneInput', 'evbuffer_search_eol', 'event_mm_calloc_']

/src/http_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['LLVMFuzzerTestOneInput', 'evbuffer_decref_and_unlock_', 'evbuffer_add', 'evbuffer_free_all_chains', 'evbuffer_readln', 'event_mm_calloc_', 'evutil_vsnprintf', 'evhttp_request_new', 'evhttp_add_header_internal', 'evhttp_uri_join']

/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['event_del_nolock_', 'evbuffer_add_file_segment', 'evbuffer_decref_and_unlock_', 'event_callback_activate_nolock_', 'evbuffer_file_segment_materialize', 'evutil_fd_filesize', 'evbuffer_file_segment_free', 'event_mm_calloc_']

/src/inspector/source-code/src/bufferevent_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['event_get_priority', 'bufferevent_socket_new', 'evbuffer_remove', 'event_add_nolock_', 'evbuffer_drain', 'event_add', 'event_base_priority_init', 'event_assign', 'bufferevent_filter_new']

/src/inspector/source-code/src/dns_config_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evutil_sockaddr_cmp', 'bufferevent_enable', 'evutil_ascii_strcasecmp', 'evbuffer_remove', 'evutil_getaddrinfo', 'evutil_sockaddr_is_loopback_', 'event_add', 'bufferevent_socket_new', 'event_add_nolock_', 'evbuffer_drain']

/src/inspector/source-code/src/buffer_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['event_del_nolock_', 'LLVMFuzzerTestOneInput', 'evbuffer_add', 'evbuffer_decref_and_unlock_', 'event_callback_activate_nolock_', 'find_eol_char', 'event_mm_calloc_']

/src/inspector/source-code/src/http_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evhttp_uri_join', 'bufferevent_decref', 'event_del_nolock_', 'evbuffer_add', 'event_callback_activate_nolock_', 'evbuffer_decref_and_unlock_', 'evhttp_request_new', 'evhttp_add_header_internal']

/src/inspector/source-code/src/utils_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evutil_getaddrinfo', 'evutil_inet_pton_scope', 'evutil_inet_ntop', 'evutil_format_sockaddr_port_', 'evutil_new_addrinfo_', 'evutil_parse_sockaddr_port', 'event_mm_strdup_', 'test_for_getaddrinfo_hacks']

/src/inspector/source-code/src/buffer_add_file_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['event_del_nolock_', 'evbuffer_add_file_segment', 'evbuffer_decref_and_unlock_', 'event_callback_activate_nolock_', 'evbuffer_file_segment_materialize', 'evutil_fd_filesize', 'evbuffer_file_segment_free', 'event_mm_calloc_']

/src/inspector/light/source_files/src/buffer_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['event_del_nolock_', 'LLVMFuzzerTestOneInput', 'evbuffer_add', 'evbuffer_decref_and_unlock_', 'event_callback_activate_nolock_', 'find_eol_char', 'event_mm_calloc_']

/src/inspector/light/source_files/src/dns_config_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evutil_sockaddr_cmp', 'bufferevent_enable', 'evutil_ascii_strcasecmp', 'evbuffer_remove', 'evutil_getaddrinfo', 'evutil_sockaddr_is_loopback_', 'event_add', 'bufferevent_socket_new', 'event_add_nolock_', 'evbuffer_drain']

/src/inspector/light/source_files/src/http_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evhttp_uri_join', 'bufferevent_decref', 'event_del_nolock_', 'evbuffer_add', 'event_callback_activate_nolock_', 'evbuffer_decref_and_unlock_', 'evhttp_request_new', 'evhttp_add_header_internal']

/src/inspector/light/source_files/src/parse_query_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evhttp_add_header_internal', 'evhttp_uri_parse_with_flags', 'parse_authority', 'evhttp_parse_query_impl', 'event_mm_calloc_', 'event_mm_strdup_']

/src/inspector/source-code/src/parse_query_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evhttp_add_header_internal', 'evhttp_uri_parse_with_flags', 'parse_authority', 'evhttp_parse_query_impl', 'event_mm_calloc_', 'event_mm_strdup_']

/src/inspector/light/source_files/src/bufferevent_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['event_get_priority', 'bufferevent_socket_new', 'evbuffer_remove', 'event_add_nolock_', 'evbuffer_drain', 'event_add', 'event_base_priority_init', 'event_assign', 'bufferevent_filter_new']

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name	Function total lines	Lines covered at runtime	percentage covered	Reached by fuzzers
evutil_getaddrinfo	35	19	54.28%	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', 'utils_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', 'dns_config_fuzzer', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
evbuffer_chain_free	42	23	54.76%	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', 'http_fuzzer', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', 'bufferevent_fuzzer', 'buffer_fuzzer', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', 'dns_config_fuzzer', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', 'buffer_add_file_fuzzer', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc']
ev_token_bucket_cfg_new	34	10	29.41%	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
bufferevent_set_rate_limit	61	15	24.59%	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
epoll_init	65	27	41.53%	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', 'dns_config_fuzzer', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
event_add_nolock_	102	37	36.27%	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', 'dns_config_fuzzer', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
event_base_free_	82	42	51.21%	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', 'dns_config_fuzzer', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
event_base_cancel_single_callback_	33	18	54.54%	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', 'dns_config_fuzzer', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
epoll_apply_one_change	65	28	43.07%	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', 'dns_config_fuzzer', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
evbuffer_commit_space	54	24	44.44%	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', 'buffer_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
evbuffer_prepend_buffer	32	12	37.5%	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', 'buffer_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
PRESERVE_PINNED	32	7	21.87%	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/dns_config_fuzzer.cc', 'buffer_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
evhttp_free	36	16	44.44%	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', 'http_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
evhttp_request_new	36	18	50.0%	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', 'http_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file	Reached by	Covered by
	[]	[]
/src/inspector/source-code/src/bufferevent_fuzzer.cc	['/src/inspector/source-code/src/bufferevent_fuzzer.cc']	['/src/inspector/source-code/src/bufferevent_fuzzer.cc']
/src/inspector/source-code/src/buffer_fuzzer.cc	['/src/inspector/source-code/src/buffer_fuzzer.cc']	['/src/inspector/source-code/src/buffer_fuzzer.cc']
/src/libevent/listener.c	['http_fuzzer', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc']	[]
/src/dns_config_fuzzer.cc	['dns_config_fuzzer']	['dns_config_fuzzer']
/src/inspector/light/source_files/src/dns_config_fuzzer.cc	['/src/inspector/light/source_files/src/dns_config_fuzzer.cc']	['/src/inspector/light/source_files/src/dns_config_fuzzer.cc']
/src/libevent/poll.c	[]	[]
/src/buffer_add_file_fuzzer.cc	['buffer_add_file_fuzzer']	['buffer_add_file_fuzzer']
/src/bufferevent_fuzzer.cc	['bufferevent_fuzzer']	['bufferevent_fuzzer']
/src/inspector/source-code/src/parse_query_fuzzer.cc	['/src/inspector/source-code/src/parse_query_fuzzer.cc']	['/src/inspector/source-code/src/parse_query_fuzzer.cc']
/src/libevent/evutil.c	['utils_fuzzer', 'buffer_add_file_fuzzer', 'bufferevent_fuzzer', 'parse_query_fuzzer', 'dns_config_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', 'buffer_fuzzer', 'http_fuzzer', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']	['utils_fuzzer', 'buffer_add_file_fuzzer', 'bufferevent_fuzzer', 'parse_query_fuzzer', 'dns_config_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', 'http_fuzzer', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
/src/libevent/bufferevent_filter.c	['bufferevent_fuzzer', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']	['bufferevent_fuzzer', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
/src/inspector/light/source_files/src/http_fuzzer.cc	['/src/inspector/light/source_files/src/http_fuzzer.cc']	['/src/inspector/light/source_files/src/http_fuzzer.cc']
/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc	['/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc']	['/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc']
/src/utils_fuzzer.cc	['utils_fuzzer']	['utils_fuzzer']
/src/libevent/./arc4random.c	['dns_config_fuzzer', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc']	[]
/src/parse_query_fuzzer.cc	['parse_query_fuzzer']	['parse_query_fuzzer']
/src/libevent/select.c	[]	[]
/src/buffer_fuzzer.cc	['buffer_fuzzer']	['buffer_fuzzer']
/src/libevent/signalfd.c	[]	[]
/src/libevent/bufferevent_ratelim.c	['bufferevent_fuzzer', 'dns_config_fuzzer', 'http_fuzzer', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']	['bufferevent_fuzzer', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
/src/libevent/evutil_rand.c	['dns_config_fuzzer', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc']	['dns_config_fuzzer', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc']
/usr/include/x86_64-linux-gnu/bits/byteswap.h	['utils_fuzzer', 'parse_query_fuzzer', 'dns_config_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', 'http_fuzzer', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc']	[]
/src/libevent/buffer.c	['buffer_add_file_fuzzer', 'bufferevent_fuzzer', 'dns_config_fuzzer', 'buffer_fuzzer', 'http_fuzzer', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']	['buffer_add_file_fuzzer', 'bufferevent_fuzzer', 'buffer_fuzzer', 'http_fuzzer', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
/src/libevent/minheap-internal.h	['buffer_add_file_fuzzer', 'bufferevent_fuzzer', 'dns_config_fuzzer', 'buffer_fuzzer', 'http_fuzzer', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']	['bufferevent_fuzzer', 'dns_config_fuzzer', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
/src/inspector/source-code/src/buffer_add_file_fuzzer.cc	['/src/inspector/source-code/src/buffer_add_file_fuzzer.cc']	['/src/inspector/source-code/src/buffer_add_file_fuzzer.cc']
/src/inspector/light/source_files/src/parse_query_fuzzer.cc	['/src/inspector/light/source_files/src/parse_query_fuzzer.cc']	['/src/inspector/light/source_files/src/parse_query_fuzzer.cc']
/src/inspector/light/source_files/src/bufferevent_fuzzer.cc	['/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']	['/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
/src/libevent/ws.c	['http_fuzzer', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc']	[]
/src/libevent/log.c	['buffer_add_file_fuzzer', 'bufferevent_fuzzer', 'parse_query_fuzzer', 'dns_config_fuzzer', 'buffer_fuzzer', 'http_fuzzer', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']	['buffer_add_file_fuzzer', 'bufferevent_fuzzer', 'dns_config_fuzzer', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
/src/libevent/event.c	['utils_fuzzer', 'buffer_add_file_fuzzer', 'bufferevent_fuzzer', 'parse_query_fuzzer', 'dns_config_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', 'buffer_fuzzer', 'http_fuzzer', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']	['utils_fuzzer', 'buffer_add_file_fuzzer', 'bufferevent_fuzzer', 'parse_query_fuzzer', 'dns_config_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', 'buffer_fuzzer', 'http_fuzzer', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
/src/libevent/http.c	['parse_query_fuzzer', 'http_fuzzer', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc']	['parse_query_fuzzer', 'http_fuzzer', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/parse_query_fuzzer.cc', '/src/inspector/source-code/src/parse_query_fuzzer.cc']
/src/libevent/evutil_time.c	['bufferevent_fuzzer', 'dns_config_fuzzer', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']	['bufferevent_fuzzer', 'dns_config_fuzzer', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
/src/inspector/source-code/src/dns_config_fuzzer.cc	['/src/inspector/source-code/src/dns_config_fuzzer.cc']	['/src/inspector/source-code/src/dns_config_fuzzer.cc']
/src/inspector/source-code/src/utils_fuzzer.cc	['/src/inspector/source-code/src/utils_fuzzer.cc']	['/src/inspector/source-code/src/utils_fuzzer.cc']
/src/libevent/bufferevent-internal.h	['bufferevent_fuzzer', 'dns_config_fuzzer', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']	[]
/src/libevent/signal.c	[]	[]
/src/libevent/bufferevent_sock.c	['bufferevent_fuzzer', 'dns_config_fuzzer', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']	['bufferevent_fuzzer', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
/src/inspector/source-code/src/http_fuzzer.cc	['/src/inspector/source-code/src/http_fuzzer.cc']	['/src/inspector/source-code/src/http_fuzzer.cc']
/src/libevent/strlcpy.c	['utils_fuzzer', 'dns_config_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc']	['utils_fuzzer', 'dns_config_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc']
/src/libevent/sha1.c	[]	[]
/src/libevent/evthread-internal.h	['bufferevent_fuzzer', 'dns_config_fuzzer', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']	[]
/src/libevent/epoll.c	[]	[]
/src/libevent/evdns.c	['dns_config_fuzzer', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc']	['dns_config_fuzzer', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc']
/src/inspector/light/source_files/src/utils_fuzzer.cc	['/src/inspector/light/source_files/src/utils_fuzzer.cc']	['/src/inspector/light/source_files/src/utils_fuzzer.cc']
/src/libevent/bufferevent.c	['buffer_add_file_fuzzer', 'bufferevent_fuzzer', 'dns_config_fuzzer', 'buffer_fuzzer', 'http_fuzzer', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']	['bufferevent_fuzzer', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
/src/inspector/light/source_files/src/buffer_fuzzer.cc	['/src/inspector/light/source_files/src/buffer_fuzzer.cc']	['/src/inspector/light/source_files/src/buffer_fuzzer.cc']
/src/libevent/evmap.c	['buffer_add_file_fuzzer', 'bufferevent_fuzzer', 'dns_config_fuzzer', 'buffer_fuzzer', 'http_fuzzer', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']	['bufferevent_fuzzer', 'dns_config_fuzzer', '/src/inspector/light/source_files/src/buffer_add_file_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_config_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/http_fuzzer.cc', '/src/inspector/source-code/src/buffer_add_file_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/dns_config_fuzzer.cc', '/src/inspector/light/source_files/src/http_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
/src/libevent/bufferevent_pair.c	['bufferevent_fuzzer', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']	['bufferevent_fuzzer', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
/src/http_fuzzer.cc	['http_fuzzer']	['http_fuzzer']
/src/libevent/evthread.c	[]	[]

Directories in report

Directory
/src/libevent/./
/src/
/src/inspector/light/source_files/src/
/usr/include/x86_64-linux-gnu/bits/
/src/libevent/
/src/inspector/source-code/src/