High level conclusions

Fuzzers reach 72.48% of cyclomatic complexity.

Fuzzers reach 63.03% of all functions.

Fuzzer http_message_fuzzer is blocked:

The runtime code coverage of http_message_fuzzer covers 0.0% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Fuzzer evtag_fuzzer is blocked:

The runtime code coverage of evtag_fuzzer covers 0.0% of its statically reachable code. This means there is some place that blocks the fuzzer to continue exploring more code at run time.

Reachability and coverage overview

Functions statically reachable by fuzzers

718 / 1139

Cyclomatic complexity statically reachable by fuzzers

5059 / 6979

Runtime code coverage of functions

363 / 1139

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzzer: utils_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	27	24.1%
gold	[1:9]	11	9.82%
yellow	[10:29]	5	4.46%
greenyellow	[30:49]	16	14.2%
lawngreen	50+	53	47.3%
All colors	112	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
6	100	evutil_getaddrinfo	call site: 00100	apply_socktype_protocol_hack
4	95	evutil_getaddrinfo	call site: 00095	apply_numeric_port_hack
2	21	evutil_inet_pton_scope	call site: 00021	__errno_location
2	41	evutil_inet_ntop	call site: 00041	event_strlcpy_
2	74	evutil_new_addrinfo_	call site: 00074	evutil_freeaddrinfo
2	92	evutil_getaddrinfo	call site: 00092	test_for_getaddrinfo_hacks
1	7	evutil_parse_sockaddr_port	call site: 00007	evutil_inet_pton
1	24	event_mm_strdup_	call site: 00024	__errno_location
1	48	evutil_format_sockaddr_port_	call site: 00048	evutil_snprintf
1	59	test_for_getaddrinfo_hacks	call site: 00059	parse_numeric_servname
1	61	parse_numeric_servname	call site: 00061	evutil_getaddrinfo_common_
1	64	evutil_getaddrinfo_common_	call site: 00064	getprotobynumber

Runtime coverage analysis

Covered functions

27

Functions that are reachable but not covered

20

Reachable functions

47

Percentage of reachable functions covered

57.45%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/utils_fuzzer.cc	1
/src/libevent/evutil.c	24
/usr/include/x86_64-linux-gnu/bits/byteswap.h	2
/src/libevent/event.c	4
/src/libevent/strlcpy.c	1

Fuzzer: evtag_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	239	100.%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	0	0.0%
All colors	239	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
238	0	EP	call site: 00000	evtag_unmarshal

Runtime coverage analysis

Covered functions

0

Functions that are reachable but not covered

108

Reachable functions

108

Percentage of reachable functions covered

0.0%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/evtag_fuzzer.cc	1
/src/libevent/buffer.c	31
/src/libevent/event.c	26
/src/libevent/log.c	6
/src/libevent/evutil.c	2
/src/libevent/minheap-internal.h	4
/src/libevent/evmap.c	2
/src/libevent/bufferevent.c	1
/src/libevent/event_tagging.c	24

Fuzzer: listener_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	207	59.1%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	6	1.71%
lawngreen	50+	137	39.1%
All colors	350	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
22	200	event_add_nolock_	call site: 00200	common_timeout_schedule
15	135	event_base_priority_init	call site: 00135	evthread_make_base_notifiable
13	168	event_assign	call site: 00168	event_err
11	151	evutil_make_internal_pipe_	call site: 00151	event_assign
10	51	event_del_nolock_	call site: 00051	event_queue_remove_timeout
10	67	event_del_nolock_	call site: 00067	event_errx
9	334	event_process_active_single_queue	call site: 00334	event_process_active_single_queue
8	105	event_base_free_	call site: 00105	event_base_cancel_single_callback_
6	98	event_base_free_	call site: 00098	event_del
6	267	evutil_accept4_	call site: 00267	evutil_fast_socket_closeonexec
6	312	timeout_process	call site: 00312	event_del_nolock_
5	7	event_base_new_with_config	call site: 00007	event_warn

Runtime coverage analysis

Covered functions

110

Functions that are reachable but not covered

84

Reachable functions

174

Percentage of reachable functions covered

51.72%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/listener_fuzzer.cc	3
/src/libevent/event.c	67
/src/libevent/log.c	10
/src/libevent/evutil.c	20
/src/libevent/evutil_time.c	3
/src/libevent/minheap-internal.h	12
/src/libevent/evmap.c	19
/src/libevent/listener.c	8
/src/libevent/signal.c	1

Fuzzer: /src/inspector/light/source_files/src/buffer_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	106	48.1%
gold	[1:9]	3	1.36%
yellow	[10:29]	9	4.09%
greenyellow	[30:49]	5	2.27%
lawngreen	50+	97	44.0%
All colors	220	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
12	165	evbuffer_find	call site: 00165	evbuffer_add_buffer_reference
10	58	event_del_nolock_	call site: 00058	event_errx
9	98	evbuffer_search_range	call site: 00098	evbuffer_ptr_subtract
7	155	LLVMFuzzerTestOneInput	call site: 00155	evbuffer_free_all_chains
6	51	event_del_nolock_	call site: 00051	evmap_io_del_
4	77	evbuffer_add	call site: 00077	event_deferred_cb_schedule_
4	141	evbuffer_expand	call site: 00141	evbuffer_chain_free
4	196	evbuffer_file_segment_new	call site: 00196	evbuffer_file_segment_materialize
3	11	evbuffer_chain_insert	call site: 00011	evbuffer_free_all_chains
3	42	event_del_nolock_	call site: 00042	event_queue_remove_timeout
3	84	event_callback_activate_nolock_	call site: 00084	evthread_notify_base
3	119	LLVMFuzzerTestOneInput	call site: 00119	evbuffer_add

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

48

Reachable functions

128

Percentage of reachable functions covered

62.5%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/light/source_files/src/buffer_fuzzer.cc	1
/src/libevent/buffer.c	62
/src/libevent/event.c	26
/src/libevent/log.c	6
/src/libevent/evutil.c	3
/src/libevent/minheap-internal.h	4
/src/libevent/evmap.c	2
/src/libevent/bufferevent.c	1

Fuzzer: /src/inspector/source-code/src/buffer_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	106	48.1%
gold	[1:9]	3	1.36%
yellow	[10:29]	9	4.09%
greenyellow	[30:49]	5	2.27%
lawngreen	50+	97	44.0%
All colors	220	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
12	165	evbuffer_find	call site: 00165	evbuffer_add_buffer_reference
10	58	event_del_nolock_	call site: 00058	event_errx
9	98	evbuffer_search_range	call site: 00098	evbuffer_ptr_subtract
7	155	LLVMFuzzerTestOneInput	call site: 00155	evbuffer_free_all_chains
6	51	event_del_nolock_	call site: 00051	evmap_io_del_
4	77	evbuffer_add	call site: 00077	event_deferred_cb_schedule_
4	141	evbuffer_expand	call site: 00141	evbuffer_chain_free
4	196	evbuffer_file_segment_new	call site: 00196	evbuffer_file_segment_materialize
3	11	evbuffer_chain_insert	call site: 00011	evbuffer_free_all_chains
3	42	event_del_nolock_	call site: 00042	event_queue_remove_timeout
3	84	event_callback_activate_nolock_	call site: 00084	evthread_notify_base
3	119	LLVMFuzzerTestOneInput	call site: 00119	evbuffer_add

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

48

Reachable functions

128

Percentage of reachable functions covered

62.5%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/source-code/src/buffer_fuzzer.cc	1
/src/libevent/buffer.c	62
/src/libevent/event.c	26
/src/libevent/log.c	6
/src/libevent/evutil.c	3
/src/libevent/minheap-internal.h	4
/src/libevent/evmap.c	2
/src/libevent/bufferevent.c	1

Fuzzer: /src/inspector/light/source_files/src/evtag_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	166	69.4%
gold	[1:9]	0	0.0%
yellow	[10:29]	3	1.25%
greenyellow	[30:49]	2	0.83%
lawngreen	50+	68	28.4%
All colors	239	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
68	153	evbuffer_remove	call site: 00153	evtag_unmarshal
16	136	LLVMFuzzerTestOneInput	call site: 00136	evtag_unmarshal_string
10	58	event_del_nolock_	call site: 00058	event_errx
10	101	evbuffer_drain	call site: 00101	evtag_peek_length
10	113	LLVMFuzzerTestOneInput	call site: 00113	evtag_unmarshal_header
7	128	LLVMFuzzerTestOneInput	call site: 00128	decode_tag_internal
6	51	event_del_nolock_	call site: 00051	evmap_io_del_
6	232	evbuffer_add_buffer	call site: 00232	evtag_unmarshal
4	77	evbuffer_add	call site: 00077	event_deferred_cb_schedule_
4	88	evbuffer_invoke_callbacks_	call site: 00088	evtag_peek
3	11	evbuffer_chain_insert	call site: 00011	evbuffer_free_all_chains
3	42	event_del_nolock_	call site: 00042	event_queue_remove_timeout

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

50

Reachable functions

108

Percentage of reachable functions covered

53.7%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/light/source_files/src/evtag_fuzzer.cc	1
/src/libevent/buffer.c	31
/src/libevent/event.c	26
/src/libevent/log.c	6
/src/libevent/evutil.c	2
/src/libevent/minheap-internal.h	4
/src/libevent/evmap.c	2
/src/libevent/bufferevent.c	1
/src/libevent/event_tagging.c	24

Fuzzer: /src/inspector/light/source_files/src/utils_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	29	25.8%
gold	[1:9]	11	9.82%
yellow	[10:29]	4	3.57%
greenyellow	[30:49]	15	13.3%
lawngreen	50+	53	47.3%
All colors	112	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
8	100	evutil_getaddrinfo	call site: 00100	evutil_getaddrinfo_common_
4	95	evutil_getaddrinfo	call site: 00095	apply_numeric_port_hack
2	21	evutil_inet_pton_scope	call site: 00021	__errno_location
2	41	evutil_inet_ntop	call site: 00041	event_strlcpy_
2	74	evutil_new_addrinfo_	call site: 00074	evutil_freeaddrinfo
2	92	evutil_getaddrinfo	call site: 00092	test_for_getaddrinfo_hacks
1	7	evutil_parse_sockaddr_port	call site: 00007	evutil_inet_pton
1	24	event_mm_strdup_	call site: 00024	__errno_location
1	48	evutil_format_sockaddr_port_	call site: 00048	evutil_snprintf
1	59	test_for_getaddrinfo_hacks	call site: 00059	parse_numeric_servname
1	61	parse_numeric_servname	call site: 00061	evutil_getaddrinfo_common_
1	64	evutil_getaddrinfo_common_	call site: 00064	getprotobynumber

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

19

Reachable functions

47

Percentage of reachable functions covered

59.57%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/light/source_files/src/utils_fuzzer.cc	1
/src/libevent/evutil.c	24
/usr/include/x86_64-linux-gnu/bits/byteswap.h	2
/src/libevent/event.c	4
/src/libevent/strlcpy.c	1

Fuzzer: /src/inspector/source-code/src/listener_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	192	54.8%
gold	[1:9]	5	1.42%
yellow	[10:29]	1	0.28%
greenyellow	[30:49]	5	1.42%
lawngreen	50+	147	42.0%
All colors	350	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
15	135	event_base_priority_init	call site: 00135	evthread_make_base_notifiable
13	168	event_assign	call site: 00168	event_err
11	151	evutil_make_internal_pipe_	call site: 00151	event_assign
10	67	event_del_nolock_	call site: 00067	event_errx
7	337	event_persist_closure	call site: 00337	event_process_active_single_queue
6	60	event_del_nolock_	call site: 00060	evmap_io_del_
6	98	event_base_free_	call site: 00098	event_del
6	200	event_add_nolock_	call site: 00200	evmap_signal_add_
6	267	evutil_accept4_	call site: 00267	evutil_fast_socket_closeonexec
6	312	timeout_process	call site: 00312	event_del_nolock_
5	275	listener_read_cb	call site: 00275	event_sock_warn
5	300	event_base_loop	call site: 00300	timeout_next

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

67

Reachable functions

174

Percentage of reachable functions covered

61.49%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/source-code/src/listener_fuzzer.cc	3
/src/libevent/event.c	67
/src/libevent/log.c	10
/src/libevent/evutil.c	20
/src/libevent/evutil_time.c	3
/src/libevent/minheap-internal.h	12
/src/libevent/evmap.c	19
/src/libevent/listener.c	8
/src/libevent/signal.c	1

Fuzzer: dns_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	1162	78.8%
gold	[1:9]	16	1.08%
yellow	[10:29]	9	0.61%
greenyellow	[30:49]	18	1.22%
lawngreen	50+	269	18.2%
All colors	1474	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
163	1084	evutil_parse_sockaddr_port	call site: 01084	resolv_conf_parse_line
142	777	evutil_format_sockaddr_port_	call site: 00777	nameserver_ready_callback
117	959	bufferevent_enable	call site: 00959	evdns_base_resolv_conf_parse
90	1300	listener_decref_and_unlock	call site: 01300	evdns_server_request_respond
46	386	evutil_ascii_strcasecmp	call site: 00386	evdns_base_resolve_ipv4
45	233	event_config_free	call site: 00233	evdns_base_new
41	720	evbuffer_remove	call site: 00720	reply_parse
41	1432	event_base_loop	call site: 01432	evdns_base_new
38	346	evutil_getaddrinfo	call site: 00346	evutil_getaddrinfo_common_
30	1268	LLVMFuzzerTestOneInput	call site: 01268	evdns_base_free_and_unlock
28	445	event_callback_activate_nolock_	call site: 00445	request_finished
23	620	bufferevent_socket_new	call site: 00620	evbuffer_write_atmost

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

308

Reachable functions

505

Percentage of reachable functions covered

39.01%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/dns_fuzzer.cc	3
/src/libevent/event.c	82
/src/libevent/log.c	9
/src/libevent/evutil.c	62
/src/libevent/evutil_time.c	3
/src/libevent/minheap-internal.h	12
/src/libevent/evmap.c	19
/src/libevent/evdns.c	125
/src/libevent/evutil_rand.c	3
/src/libevent/./arc4random.c	13
/usr/include/x86_64-linux-gnu/bits/byteswap.h	2
/src/libevent/bufferevent.c	31
/src/libevent/buffer.c	42
/src/libevent/bufferevent_ratelim.c	15
/src/libevent/bufferevent_sock.c	7
/src/libevent/evthread-internal.h	1
/src/libevent/bufferevent-internal.h	1
/src/libevent/strlcpy.c	1
/src/libevent/listener.c	2
/src/libevent/signal.c	1

Fuzzer: /src/inspector/source-code/src/dns_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	1162	78.8%
gold	[1:9]	16	1.08%
yellow	[10:29]	9	0.61%
greenyellow	[30:49]	18	1.22%
lawngreen	50+	269	18.2%
All colors	1474	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
163	1084	evutil_parse_sockaddr_port	call site: 01084	resolv_conf_parse_line
142	777	evutil_format_sockaddr_port_	call site: 00777	nameserver_ready_callback
117	959	bufferevent_enable	call site: 00959	evdns_base_resolv_conf_parse
90	1300	listener_decref_and_unlock	call site: 01300	evdns_server_request_respond
46	386	evutil_ascii_strcasecmp	call site: 00386	evdns_base_resolve_ipv4
45	233	event_config_free	call site: 00233	evdns_base_new
41	720	evbuffer_remove	call site: 00720	reply_parse
41	1432	event_base_loop	call site: 01432	evdns_base_new
38	346	evutil_getaddrinfo	call site: 00346	evutil_getaddrinfo_common_
30	1268	LLVMFuzzerTestOneInput	call site: 01268	evdns_base_free_and_unlock
28	445	event_callback_activate_nolock_	call site: 00445	request_finished
23	620	bufferevent_socket_new	call site: 00620	evbuffer_write_atmost

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

308

Reachable functions

505

Percentage of reachable functions covered

39.01%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/source-code/src/dns_fuzzer.cc	3
/src/libevent/event.c	82
/src/libevent/log.c	9
/src/libevent/evutil.c	62
/src/libevent/evutil_time.c	3
/src/libevent/minheap-internal.h	12
/src/libevent/evmap.c	19
/src/libevent/evdns.c	125
/src/libevent/evutil_rand.c	3
/src/libevent/./arc4random.c	13
/usr/include/x86_64-linux-gnu/bits/byteswap.h	2
/src/libevent/bufferevent.c	31
/src/libevent/buffer.c	42
/src/libevent/bufferevent_ratelim.c	15
/src/libevent/bufferevent_sock.c	7
/src/libevent/evthread-internal.h	1
/src/libevent/bufferevent-internal.h	1
/src/libevent/strlcpy.c	1
/src/libevent/listener.c	2
/src/libevent/signal.c	1

Fuzzer: /src/inspector/source-code/src/bufferevent_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	399	54.2%
gold	[1:9]	12	1.63%
yellow	[10:29]	8	1.08%
greenyellow	[30:49]	3	0.40%
lawngreen	50+	313	42.5%
All colors	735	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
33	431	event_base_gettimeofday_cached	call site: 00431	bufferevent_decrement_read_buckets_
25	596	event_get_priority	call site: 00596	bufferevent_set_rate_limit
23	473	bufferevent_socket_new	call site: 00473	evbuffer_write_atmost
22	501	evbuffer_drain	call site: 00501	bufferevent_decrement_write_buckets_
15	144	event_base_priority_init	call site: 00144	evthread_make_base_notifiable
13	177	event_assign	call site: 00177	event_err
11	160	evutil_make_internal_pipe_	call site: 00160	event_assign
10	76	event_del_nolock_	call site: 00076	event_errx
8	395	bufferevent_init_generic_timeout_cbs_	call site: 00395	bufferevent_decref_and_unlock_
7	647	bufferevent_remove_from_rate_limit_group	call site: 00647	bufferevent_write
7	693	event_persist_closure	call site: 00693	event_process_active_single_queue
6	69	event_del_nolock_	call site: 00069	evmap_io_del_

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

101

Reachable functions

311

Percentage of reachable functions covered

67.52%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/source-code/src/bufferevent_fuzzer.cc	1
/src/libevent/event.c	84
/src/libevent/log.c	9
/src/libevent/evutil.c	15
/src/libevent/evutil_time.c	3
/src/libevent/minheap-internal.h	12
/src/libevent/evmap.c	19
/src/libevent/bufferevent_pair.c	7
/src/libevent/bufferevent.c	34
/src/libevent/buffer.c	49
/src/libevent/bufferevent_ratelim.c	26
/src/libevent/bufferevent-internal.h	1
/src/libevent/bufferevent_sock.c	6
/src/libevent/evthread-internal.h	1
/src/libevent/bufferevent_filter.c	11
/src/libevent/signal.c	1

Fuzzer: /src/inspector/source-code/src/utils_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	29	25.8%
gold	[1:9]	11	9.82%
yellow	[10:29]	4	3.57%
greenyellow	[30:49]	15	13.3%
lawngreen	50+	53	47.3%
All colors	112	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
8	100	evutil_getaddrinfo	call site: 00100	evutil_getaddrinfo_common_
4	95	evutil_getaddrinfo	call site: 00095	apply_numeric_port_hack
2	21	evutil_inet_pton_scope	call site: 00021	__errno_location
2	41	evutil_inet_ntop	call site: 00041	event_strlcpy_
2	74	evutil_new_addrinfo_	call site: 00074	evutil_freeaddrinfo
2	92	evutil_getaddrinfo	call site: 00092	test_for_getaddrinfo_hacks
1	7	evutil_parse_sockaddr_port	call site: 00007	evutil_inet_pton
1	24	event_mm_strdup_	call site: 00024	__errno_location
1	48	evutil_format_sockaddr_port_	call site: 00048	evutil_snprintf
1	59	test_for_getaddrinfo_hacks	call site: 00059	parse_numeric_servname
1	61	parse_numeric_servname	call site: 00061	evutil_getaddrinfo_common_
1	64	evutil_getaddrinfo_common_	call site: 00064	getprotobynumber

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

19

Reachable functions

47

Percentage of reachable functions covered

59.57%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/source-code/src/utils_fuzzer.cc	1
/src/libevent/evutil.c	24
/usr/include/x86_64-linux-gnu/bits/byteswap.h	2
/src/libevent/event.c	4
/src/libevent/strlcpy.c	1

Fuzzer: /src/inspector/light/source_files/src/bufferevent_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	399	54.2%
gold	[1:9]	12	1.63%
yellow	[10:29]	8	1.08%
greenyellow	[30:49]	3	0.40%
lawngreen	50+	313	42.5%
All colors	735	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
33	431	event_base_gettimeofday_cached	call site: 00431	bufferevent_decrement_read_buckets_
25	596	event_get_priority	call site: 00596	bufferevent_set_rate_limit
23	473	bufferevent_socket_new	call site: 00473	evbuffer_write_atmost
22	501	evbuffer_drain	call site: 00501	bufferevent_decrement_write_buckets_
15	144	event_base_priority_init	call site: 00144	evthread_make_base_notifiable
13	177	event_assign	call site: 00177	event_err
11	160	evutil_make_internal_pipe_	call site: 00160	event_assign
10	76	event_del_nolock_	call site: 00076	event_errx
8	395	bufferevent_init_generic_timeout_cbs_	call site: 00395	bufferevent_decref_and_unlock_
7	647	bufferevent_remove_from_rate_limit_group	call site: 00647	bufferevent_write
7	693	event_persist_closure	call site: 00693	event_process_active_single_queue
6	69	event_del_nolock_	call site: 00069	evmap_io_del_

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

101

Reachable functions

311

Percentage of reachable functions covered

67.52%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/light/source_files/src/bufferevent_fuzzer.cc	1
/src/libevent/event.c	84
/src/libevent/log.c	9
/src/libevent/evutil.c	15
/src/libevent/evutil_time.c	3
/src/libevent/minheap-internal.h	12
/src/libevent/evmap.c	19
/src/libevent/bufferevent_pair.c	7
/src/libevent/bufferevent.c	34
/src/libevent/buffer.c	49
/src/libevent/bufferevent_ratelim.c	26
/src/libevent/bufferevent-internal.h	1
/src/libevent/bufferevent_sock.c	6
/src/libevent/evthread-internal.h	1
/src/libevent/bufferevent_filter.c	11
/src/libevent/signal.c	1

Fuzzer: bufferevent_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	360	48.9%
gold	[1:9]	24	3.26%
yellow	[10:29]	11	1.49%
greenyellow	[30:49]	2	0.27%
lawngreen	50+	338	45.9%
All colors	735	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
33	431	event_base_gettimeofday_cached	call site: 00431	bufferevent_decrement_read_buckets_
23	473	bufferevent_socket_new	call site: 00473	evbuffer_write_atmost
22	501	evbuffer_drain	call site: 00501	bufferevent_decrement_write_buckets_
22	598	LLVMFuzzerTestOneInput	call site: 00598	bev_refill_callback_
15	144	event_base_priority_init	call site: 00144	evthread_make_base_notifiable
13	177	event_assign	call site: 00177	event_err
11	160	evutil_make_internal_pipe_	call site: 00160	event_assign
10	76	event_del_nolock_	call site: 00076	event_errx
10	263	evbuffer_decref_and_unlock_	call site: 00263	evbuffer_chain_free
8	395	bufferevent_init_generic_timeout_cbs_	call site: 00395	bufferevent_decref_and_unlock_
6	107	event_base_free_	call site: 00107	event_del
6	202	event_add_nolock_	call site: 00202	event_warnx

Runtime coverage analysis

Covered functions

237

Functions that are reachable but not covered

115

Reachable functions

311

Percentage of reachable functions covered

63.02%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/bufferevent_fuzzer.cc	1
/src/libevent/event.c	84
/src/libevent/log.c	9
/src/libevent/evutil.c	15
/src/libevent/evutil_time.c	3
/src/libevent/minheap-internal.h	12
/src/libevent/evmap.c	19
/src/libevent/bufferevent_pair.c	7
/src/libevent/bufferevent.c	34
/src/libevent/buffer.c	49
/src/libevent/bufferevent_ratelim.c	26
/src/libevent/bufferevent-internal.h	1
/src/libevent/bufferevent_sock.c	6
/src/libevent/evthread-internal.h	1
/src/libevent/bufferevent_filter.c	11
/src/libevent/signal.c	1

Fuzzer: http_message_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	538	100.%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	0	0.0%
All colors	538	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
537	0	EP	call site: 00000	evhttp_parse_firstline_

Runtime coverage analysis

Covered functions

0

Functions that are reachable but not covered

211

Reachable functions

211

Percentage of reachable functions covered

0.0%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/http_message_fuzzer.cc	1
/src/libevent/http.c	64
/src/libevent/event.c	37
/src/libevent/log.c	6
/src/libevent/evutil.c	10
/src/libevent/buffer.c	47
/src/libevent/minheap-internal.h	4
/src/libevent/evmap.c	2
/src/libevent/bufferevent.c	10
/usr/include/x86_64-linux-gnu/bits/byteswap.h	1
/src/libevent/listener.c	2
/src/libevent/bufferevent_ratelim.c	1
/src/libevent/ws.c	1

Fuzzer: /src/inspector/source-code/src/ws_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	905	64.5%
gold	[1:9]	15	1.06%
yellow	[10:29]	8	0.57%
greenyellow	[30:49]	12	0.85%
lawngreen	50+	463	33.0%
All colors	1403	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
132	998	evhttp_write_buffer	call site: 00998	evhttp_connection_fail_
84	1158	evhttp_request_new	call site: 01158	evhttp_handle_request
75	666	evutil_inet_pton	call site: 00666	evhttp_connection_fail_
36	865	be_socket_enable	call site: 00865	evhttp_connection_cb_cleanup
33	488	event_base_gettimeofday_cached	call site: 00488	bufferevent_decrement_read_buckets_
27	818	evutil_getaddrinfo	call site: 00818	evhttp_connection_cb
24	634	event_mm_strdup_	call site: 00634	evhttp_uri_parse_authority
23	530	bufferevent_socket_new	call site: 00530	evbuffer_write_atmost
22	558	evbuffer_drain	call site: 00558	bufferevent_decrement_write_buckets_
16	963	evhttp_make_header_response	call site: 00963	evhttp_maybe_add_date_header
15	135	event_base_priority_init	call site: 00135	evthread_make_base_notifiable
15	1131	evhttp_response_code_	call site: 01131	evhttp_send_page_

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

239

Reachable functions

505

Percentage of reachable functions covered

52.67%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/source-code/src/ws_fuzzer.cc	2
/src/libevent/event.c	83
/src/libevent/log.c	10
/src/libevent/evutil.c	48
/src/libevent/evutil_time.c	4
/src/libevent/minheap-internal.h	12
/src/libevent/evmap.c	19
/src/libevent/http.c	111
/src/libevent/bufferevent_pair.c	7
/src/libevent/bufferevent.c	35
/src/libevent/buffer.c	63
/src/libevent/bufferevent_ratelim.c	15
/src/libevent/bufferevent-internal.h	1
/src/libevent/listener.c	2
/src/libevent/ws.c	11
/src/libevent/bufferevent_sock.c	13
/src/libevent/evthread-internal.h	1
/usr/include/x86_64-linux-gnu/bits/byteswap.h	2
/src/libevent/sha1.c	5
/src/libevent/signal.c	1

Fuzzer: /src/inspector/source-code/src/evtag_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	166	69.4%
gold	[1:9]	0	0.0%
yellow	[10:29]	3	1.25%
greenyellow	[30:49]	2	0.83%
lawngreen	50+	68	28.4%
All colors	239	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
68	153	evbuffer_remove	call site: 00153	evtag_unmarshal
16	136	LLVMFuzzerTestOneInput	call site: 00136	evtag_unmarshal_string
10	58	event_del_nolock_	call site: 00058	event_errx
10	101	evbuffer_drain	call site: 00101	evtag_peek_length
10	113	LLVMFuzzerTestOneInput	call site: 00113	evtag_unmarshal_header
7	128	LLVMFuzzerTestOneInput	call site: 00128	decode_tag_internal
6	51	event_del_nolock_	call site: 00051	evmap_io_del_
6	232	evbuffer_add_buffer	call site: 00232	evtag_unmarshal
4	77	evbuffer_add	call site: 00077	event_deferred_cb_schedule_
4	88	evbuffer_invoke_callbacks_	call site: 00088	evtag_peek
3	11	evbuffer_chain_insert	call site: 00011	evbuffer_free_all_chains
3	42	event_del_nolock_	call site: 00042	event_queue_remove_timeout

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

50

Reachable functions

108

Percentage of reachable functions covered

53.7%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/source-code/src/evtag_fuzzer.cc	1
/src/libevent/buffer.c	31
/src/libevent/event.c	26
/src/libevent/log.c	6
/src/libevent/evutil.c	2
/src/libevent/minheap-internal.h	4
/src/libevent/evmap.c	2
/src/libevent/bufferevent.c	1
/src/libevent/event_tagging.c	24

Fuzzer: /src/inspector/light/source_files/src/http_message_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	373	69.3%
gold	[1:9]	0	0.0%
yellow	[10:29]	3	0.55%
greenyellow	[30:49]	2	0.37%
lawngreen	50+	160	29.7%
All colors	538	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
81	394	evbuffer_add_vprintf	call site: 00394	evhttp_uri_join
56	328	evbuffer_add_buffer	call site: 00328	evhttp_parse_firstline_
45	206	evutil_inet_pton	call site: 00206	evhttp_uri_parse_with_flags
24	174	event_mm_strdup_	call site: 00174	evhttp_uri_parse_authority
15	302	LLVMFuzzerTestOneInput	call site: 00302	evbuffer_add_buffer
14	27	evhttp_request_new	call site: 00027	evhttp_request_free
13	160	evbuffer_readln	call site: 00160	evhttp_parse_request_line
10	86	event_del_nolock_	call site: 00086	event_errx
9	140	evbuffer_search_range	call site: 00140	evbuffer_ptr_subtract
9	279	evhttp_add_header_internal	call site: 00279	evhttp_request_get_host
8	252	LLVMFuzzerTestOneInput	call site: 00252	evbuffer_readln
6	79	event_del_nolock_	call site: 00079	evmap_io_del_

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

97

Reachable functions

211

Percentage of reachable functions covered

54.03%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/light/source_files/src/http_message_fuzzer.cc	1
/src/libevent/http.c	64
/src/libevent/event.c	37
/src/libevent/log.c	6
/src/libevent/evutil.c	10
/src/libevent/buffer.c	47
/src/libevent/minheap-internal.h	4
/src/libevent/evmap.c	2
/src/libevent/bufferevent.c	10
/usr/include/x86_64-linux-gnu/bits/byteswap.h	1
/src/libevent/listener.c	2
/src/libevent/bufferevent_ratelim.c	1
/src/libevent/ws.c	1

Fuzzer: buffer_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	95	43.1%
gold	[1:9]	14	6.36%
yellow	[10:29]	10	4.54%
greenyellow	[30:49]	17	7.72%
lawngreen	50+	84	38.1%
All colors	220	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
35	36	evbuffer_decref_and_unlock_	call site: 00036	event_deferred_cb_cancel_
11	77	evbuffer_add	call site: 00077	event_deferred_cb_schedule_
9	98	evbuffer_search_range	call site: 00098	evbuffer_ptr_subtract
8	169	LLVMFuzzerTestOneInput	call site: 00169	APPEND_CHAIN_MULTICAST
7	155	LLVMFuzzerTestOneInput	call site: 00155	evbuffer_free_all_chains
4	196	evbuffer_file_segment_new	call site: 00196	evbuffer_file_segment_materialize
3	203	evbuffer_file_segment_materialize	call site: 00203	event_mm_free_
2	31	evbuffer_file_segment_free	call site: 00031	evbuffer_chain_free
2	74	evbuffer_add	call site: 00074	evbuffer_chain_insert
2	95	evbuffer_search_eol	call site: 00095	evbuffer_search
2	166	LLVMFuzzerTestOneInput	call site: 00166	evbuffer_invoke_callbacks_
1	3	event_mm_calloc_	call site: 00003	__errno_location

Runtime coverage analysis

Covered functions

60

Functions that are reachable but not covered

68

Reachable functions

128

Percentage of reachable functions covered

46.88%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/buffer_fuzzer.cc	1
/src/libevent/buffer.c	62
/src/libevent/event.c	26
/src/libevent/log.c	6
/src/libevent/evutil.c	3
/src/libevent/minheap-internal.h	4
/src/libevent/evmap.c	2
/src/libevent/bufferevent.c	1

Fuzzer: /src/inspector/light/source_files/src/listener_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	192	54.8%
gold	[1:9]	5	1.42%
yellow	[10:29]	1	0.28%
greenyellow	[30:49]	5	1.42%
lawngreen	50+	147	42.0%
All colors	350	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
15	135	event_base_priority_init	call site: 00135	evthread_make_base_notifiable
13	168	event_assign	call site: 00168	event_err
11	151	evutil_make_internal_pipe_	call site: 00151	event_assign
10	67	event_del_nolock_	call site: 00067	event_errx
7	337	event_persist_closure	call site: 00337	event_process_active_single_queue
6	60	event_del_nolock_	call site: 00060	evmap_io_del_
6	98	event_base_free_	call site: 00098	event_del
6	200	event_add_nolock_	call site: 00200	evmap_signal_add_
6	267	evutil_accept4_	call site: 00267	evutil_fast_socket_closeonexec
6	312	timeout_process	call site: 00312	event_del_nolock_
5	275	listener_read_cb	call site: 00275	event_sock_warn
5	300	event_base_loop	call site: 00300	timeout_next

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

67

Reachable functions

174

Percentage of reachable functions covered

61.49%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/light/source_files/src/listener_fuzzer.cc	3
/src/libevent/event.c	67
/src/libevent/log.c	10
/src/libevent/evutil.c	20
/src/libevent/evutil_time.c	3
/src/libevent/minheap-internal.h	12
/src/libevent/evmap.c	19
/src/libevent/listener.c	8
/src/libevent/signal.c	1

Fuzzer: ws_fuzzer

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	1036	73.8%
gold	[1:9]	0	0.0%
yellow	[10:29]	0	0.0%
greenyellow	[30:49]	0	0.0%
lawngreen	50+	367	26.1%
All colors	1403	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
211	634	event_mm_strdup_	call site: 00634	evhttp_connection_fail_
132	998	evhttp_write_buffer	call site: 00998	evhttp_connection_fail_
84	1158	evhttp_request_new	call site: 01158	evhttp_handle_request
80	473	evhttp_connection_new_	call site: 00473	bufferevent_socket_new
53	848	bufferevent_enable	call site: 00848	evhttp_connection_cb_cleanup
43	185	event_priority_set	call site: 00185	event_base_free
43	590	evhttp_connection_new_	call site: 00590	evhttp_read_firstline
30	558	evbuffer_drain	call site: 00558	bufferevent_decrement_write_buckets_
16	963	evhttp_make_header_response	call site: 00963	evhttp_maybe_add_date_header
15	135	event_base_priority_init	call site: 00135	evthread_make_base_notifiable
15	1131	evhttp_response_code_	call site: 01131	evhttp_send_page_
14	168	event_assign	call site: 00168	event_err

Runtime coverage analysis

Covered functions

204

Functions that are reachable but not covered

317

Reachable functions

505

Percentage of reachable functions covered

37.23%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/ws_fuzzer.cc	2
/src/libevent/event.c	83
/src/libevent/log.c	10
/src/libevent/evutil.c	48
/src/libevent/evutil_time.c	4
/src/libevent/minheap-internal.h	12
/src/libevent/evmap.c	19
/src/libevent/http.c	111
/src/libevent/bufferevent_pair.c	7
/src/libevent/bufferevent.c	35
/src/libevent/buffer.c	63
/src/libevent/bufferevent_ratelim.c	15
/src/libevent/bufferevent-internal.h	1
/src/libevent/listener.c	2
/src/libevent/ws.c	11
/src/libevent/bufferevent_sock.c	13
/src/libevent/evthread-internal.h	1
/usr/include/x86_64-linux-gnu/bits/byteswap.h	2
/src/libevent/sha1.c	5
/src/libevent/signal.c	1

Fuzzer: /src/inspector/source-code/src/http_message_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	373	69.3%
gold	[1:9]	0	0.0%
yellow	[10:29]	3	0.55%
greenyellow	[30:49]	2	0.37%
lawngreen	50+	160	29.7%
All colors	538	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
81	394	evbuffer_add_vprintf	call site: 00394	evhttp_uri_join
56	328	evbuffer_add_buffer	call site: 00328	evhttp_parse_firstline_
45	206	evutil_inet_pton	call site: 00206	evhttp_uri_parse_with_flags
24	174	event_mm_strdup_	call site: 00174	evhttp_uri_parse_authority
15	302	LLVMFuzzerTestOneInput	call site: 00302	evbuffer_add_buffer
14	27	evhttp_request_new	call site: 00027	evhttp_request_free
13	160	evbuffer_readln	call site: 00160	evhttp_parse_request_line
10	86	event_del_nolock_	call site: 00086	event_errx
9	140	evbuffer_search_range	call site: 00140	evbuffer_ptr_subtract
9	279	evhttp_add_header_internal	call site: 00279	evhttp_request_get_host
8	252	LLVMFuzzerTestOneInput	call site: 00252	evbuffer_readln
6	79	event_del_nolock_	call site: 00079	evmap_io_del_

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

97

Reachable functions

211

Percentage of reachable functions covered

54.03%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Warning: The number of covered functions are larger than the number of reachable functions. This means that there are more functions covered at runtime than are extracted using static analysis. This is likely a result of the static analysis component failing to extract the right call graph or the coverage runtime being compiled with sanitizers in code that the static analysis has not analysed. This can happen if lto/gold is not used in all places that coverage instrumentation is used.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/source-code/src/http_message_fuzzer.cc	1
/src/libevent/http.c	64
/src/libevent/event.c	37
/src/libevent/log.c	6
/src/libevent/evutil.c	10
/src/libevent/buffer.c	47
/src/libevent/minheap-internal.h	4
/src/libevent/evmap.c	2
/src/libevent/bufferevent.c	10
/usr/include/x86_64-linux-gnu/bits/byteswap.h	1
/src/libevent/listener.c	2
/src/libevent/bufferevent_ratelim.c	1
/src/libevent/ws.c	1

Fuzzer: /src/inspector/light/source_files/src/ws_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	905	64.5%
gold	[1:9]	15	1.06%
yellow	[10:29]	8	0.57%
greenyellow	[30:49]	12	0.85%
lawngreen	50+	463	33.0%
All colors	1403	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
132	998	evhttp_write_buffer	call site: 00998	evhttp_connection_fail_
84	1158	evhttp_request_new	call site: 01158	evhttp_handle_request
75	666	evutil_inet_pton	call site: 00666	evhttp_connection_fail_
36	865	be_socket_enable	call site: 00865	evhttp_connection_cb_cleanup
33	488	event_base_gettimeofday_cached	call site: 00488	bufferevent_decrement_read_buckets_
27	818	evutil_getaddrinfo	call site: 00818	evhttp_connection_cb
24	634	event_mm_strdup_	call site: 00634	evhttp_uri_parse_authority
23	530	bufferevent_socket_new	call site: 00530	evbuffer_write_atmost
22	558	evbuffer_drain	call site: 00558	bufferevent_decrement_write_buckets_
16	963	evhttp_make_header_response	call site: 00963	evhttp_maybe_add_date_header
15	135	event_base_priority_init	call site: 00135	evthread_make_base_notifiable
15	1131	evhttp_response_code_	call site: 01131	evhttp_send_page_

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

239

Reachable functions

505

Percentage of reachable functions covered

52.67%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/light/source_files/src/ws_fuzzer.cc	2
/src/libevent/event.c	83
/src/libevent/log.c	10
/src/libevent/evutil.c	48
/src/libevent/evutil_time.c	4
/src/libevent/minheap-internal.h	12
/src/libevent/evmap.c	19
/src/libevent/http.c	111
/src/libevent/bufferevent_pair.c	7
/src/libevent/bufferevent.c	35
/src/libevent/buffer.c	63
/src/libevent/bufferevent_ratelim.c	15
/src/libevent/bufferevent-internal.h	1
/src/libevent/listener.c	2
/src/libevent/ws.c	11
/src/libevent/bufferevent_sock.c	13
/src/libevent/evthread-internal.h	1
/usr/include/x86_64-linux-gnu/bits/byteswap.h	2
/src/libevent/sha1.c	5
/src/libevent/signal.c	1

Fuzzer: /src/inspector/light/source_files/src/dns_fuzzer.cc

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	1162	78.8%
gold	[1:9]	16	1.08%
yellow	[10:29]	9	0.61%
greenyellow	[30:49]	18	1.22%
lawngreen	50+	269	18.2%
All colors	1474	100

Fuzz blockers

The following nodes represent call sites where fuzz blockers occur.

Amount of callsites blocked	Calltree index	Parent function	Callsite	Largest blocked function
163	1084	evutil_parse_sockaddr_port	call site: 01084	resolv_conf_parse_line
142	777	evutil_format_sockaddr_port_	call site: 00777	nameserver_ready_callback
117	959	bufferevent_enable	call site: 00959	evdns_base_resolv_conf_parse
90	1300	listener_decref_and_unlock	call site: 01300	evdns_server_request_respond
46	386	evutil_ascii_strcasecmp	call site: 00386	evdns_base_resolve_ipv4
45	233	event_config_free	call site: 00233	evdns_base_new
41	720	evbuffer_remove	call site: 00720	reply_parse
41	1432	event_base_loop	call site: 01432	evdns_base_new
38	346	evutil_getaddrinfo	call site: 00346	evutil_getaddrinfo_common_
30	1268	LLVMFuzzerTestOneInput	call site: 01268	evdns_base_free_and_unlock
28	445	event_callback_activate_nolock_	call site: 00445	request_finished
23	620	bufferevent_socket_new	call site: 00620	evbuffer_write_atmost

Runtime coverage analysis

Covered functions

368

Functions that are reachable but not covered

308

Reachable functions

505

Percentage of reachable functions covered

39.01%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
/src/inspector/light/source_files/src/dns_fuzzer.cc	3
/src/libevent/event.c	82
/src/libevent/log.c	9
/src/libevent/evutil.c	62
/src/libevent/evutil_time.c	3
/src/libevent/minheap-internal.h	12
/src/libevent/evmap.c	19
/src/libevent/evdns.c	125
/src/libevent/evutil_rand.c	3
/src/libevent/./arc4random.c	13
/usr/include/x86_64-linux-gnu/bits/byteswap.h	2
/src/libevent/bufferevent.c	31
/src/libevent/buffer.c	42
/src/libevent/bufferevent_ratelim.c	15
/src/libevent/bufferevent_sock.c	7
/src/libevent/evthread-internal.h	1
/src/libevent/bufferevent-internal.h	1
/src/libevent/strlcpy.c	1
/src/libevent/listener.c	2
/src/libevent/signal.c	1

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name	Functions filename	Arg count	Args	Function depth	hitcount	instr count	bb count	cyclomatic complexity	Reachable functions	Incoming references	total cyclomatic complexity	Unreached complexity
epoll_dispatch	/src/libevent/epoll.c	2	['N/A', 'N/A']	7	0	319	71	28	29	0	136	77
evhttp_start	/src/libevent/http.c	2	['N/A', 'short']	46	0	32	8	4	431	0	2681	75
event_reinit	/src/libevent/event.c	1	['N/A']	9	0	240	51	19	104	0	550	65
evthread_set_lock_callbacks	/src/libevent/evthread.c	1	['N/A']	7	0	157	37	16	24	0	95	48
event_base_dump_events	/src/libevent/event.c	2	['N/A', 'N/A']	3	0	46	9	4	11	0	62	46
sigfd_add	/src/libevent/signalfd.c	5	['N/A', 'int', 'short', 'short', 'N/A']	8	0	128	26	11	89	0	458	36
epoll_init	/src/libevent/epoll.c	1	['N/A']	9	0	193	43	18	67	0	266	35

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers

773 / 1139

Cyclomatic complexity statically reachable by fuzzers

5415 / 6979

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

/src/utils_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evutil_getaddrinfo', 'evutil_inet_pton_scope', 'evutil_inet_ntop', 'evutil_new_addrinfo_', 'evutil_parse_sockaddr_port', 'event_mm_strdup_', 'evutil_format_sockaddr_port_', 'test_for_getaddrinfo_hacks']

/src/evtag_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

/src/listener_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['event_add_nolock_', 'event_base_priority_init', 'event_assign', 'evutil_make_internal_pipe_', 'event_del_nolock_', 'event_process_active_single_queue', 'event_base_free_', 'evutil_accept4_']

/src/inspector/light/source_files/src/buffer_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evbuffer_find', 'event_del_nolock_', 'evbuffer_search_range', 'LLVMFuzzerTestOneInput', 'evbuffer_add', 'evbuffer_expand', 'evbuffer_file_segment_new', 'evbuffer_chain_insert']

/src/inspector/source-code/src/buffer_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evbuffer_find', 'event_del_nolock_', 'evbuffer_search_range', 'LLVMFuzzerTestOneInput', 'evbuffer_add', 'evbuffer_expand', 'evbuffer_file_segment_new', 'evbuffer_chain_insert']

/src/inspector/light/source_files/src/evtag_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evbuffer_remove', 'LLVMFuzzerTestOneInput', 'event_del_nolock_', 'evbuffer_drain', 'evbuffer_add_buffer', 'evbuffer_add', 'evbuffer_invoke_callbacks_']

/src/inspector/light/source_files/src/utils_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evutil_getaddrinfo', 'evutil_inet_pton_scope', 'evutil_inet_ntop', 'evutil_new_addrinfo_', 'evutil_parse_sockaddr_port', 'event_mm_strdup_', 'evutil_format_sockaddr_port_', 'test_for_getaddrinfo_hacks']

/src/inspector/source-code/src/listener_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['event_base_priority_init', 'event_assign', 'evutil_make_internal_pipe_', 'event_del_nolock_', 'event_persist_closure', 'event_base_free_', 'event_add_nolock_', 'evutil_accept4_', 'timeout_process']

/src/dns_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evutil_parse_sockaddr_port', 'evutil_format_sockaddr_port_', 'bufferevent_enable', 'listener_decref_and_unlock', 'evutil_ascii_strcasecmp', 'event_config_free', 'evbuffer_remove', 'event_base_loop', 'evutil_getaddrinfo', 'LLVMFuzzerTestOneInput']

/src/inspector/source-code/src/dns_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evutil_parse_sockaddr_port', 'evutil_format_sockaddr_port_', 'bufferevent_enable', 'listener_decref_and_unlock', 'evutil_ascii_strcasecmp', 'event_config_free', 'evbuffer_remove', 'event_base_loop', 'evutil_getaddrinfo', 'LLVMFuzzerTestOneInput']

/src/inspector/source-code/src/bufferevent_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['event_base_gettimeofday_cached', 'event_get_priority', 'bufferevent_socket_new', 'evbuffer_drain', 'event_base_priority_init', 'event_assign', 'evutil_make_internal_pipe_', 'event_del_nolock_', 'bufferevent_init_generic_timeout_cbs_', 'bufferevent_remove_from_rate_limit_group']

/src/inspector/source-code/src/utils_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evutil_getaddrinfo', 'evutil_inet_pton_scope', 'evutil_inet_ntop', 'evutil_new_addrinfo_', 'evutil_parse_sockaddr_port', 'event_mm_strdup_', 'evutil_format_sockaddr_port_', 'test_for_getaddrinfo_hacks']

/src/inspector/light/source_files/src/bufferevent_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['event_base_gettimeofday_cached', 'event_get_priority', 'bufferevent_socket_new', 'evbuffer_drain', 'event_base_priority_init', 'event_assign', 'evutil_make_internal_pipe_', 'event_del_nolock_', 'bufferevent_init_generic_timeout_cbs_', 'bufferevent_remove_from_rate_limit_group']

/src/bufferevent_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['event_base_gettimeofday_cached', 'bufferevent_socket_new', 'evbuffer_drain', 'LLVMFuzzerTestOneInput', 'event_base_priority_init', 'event_assign', 'evutil_make_internal_pipe_', 'event_del_nolock_', 'evbuffer_decref_and_unlock_', 'bufferevent_init_generic_timeout_cbs_']

/src/http_message_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

/src/inspector/source-code/src/ws_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evhttp_write_buffer', 'evhttp_request_new', 'evutil_inet_pton', 'be_socket_enable', 'event_base_gettimeofday_cached', 'evutil_getaddrinfo', 'event_mm_strdup_', 'bufferevent_socket_new', 'evbuffer_drain', 'evhttp_make_header_response']

/src/inspector/source-code/src/evtag_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evbuffer_remove', 'LLVMFuzzerTestOneInput', 'event_del_nolock_', 'evbuffer_drain', 'evbuffer_add_buffer', 'evbuffer_add', 'evbuffer_invoke_callbacks_']

/src/inspector/light/source_files/src/http_message_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evbuffer_add_vprintf', 'evbuffer_add_buffer', 'evutil_inet_pton', 'event_mm_strdup_', 'LLVMFuzzerTestOneInput', 'evhttp_request_new', 'evbuffer_readln', 'event_del_nolock_', 'evbuffer_search_range', 'evhttp_add_header_internal']

/src/buffer_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evbuffer_decref_and_unlock_', 'evbuffer_add', 'evbuffer_search_range', 'LLVMFuzzerTestOneInput', 'evbuffer_file_segment_new', 'evbuffer_file_segment_materialize', 'evbuffer_file_segment_free', 'evbuffer_search_eol']

/src/inspector/light/source_files/src/listener_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['event_base_priority_init', 'event_assign', 'evutil_make_internal_pipe_', 'event_del_nolock_', 'event_persist_closure', 'event_base_free_', 'event_add_nolock_', 'evutil_accept4_', 'timeout_process']

/src/ws_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['event_mm_strdup_', 'evhttp_write_buffer', 'evhttp_request_new', 'evhttp_connection_new_', 'bufferevent_enable', 'event_priority_set', 'evbuffer_drain', 'evhttp_make_header_response', 'event_base_priority_init']

/src/inspector/source-code/src/http_message_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evbuffer_add_vprintf', 'evbuffer_add_buffer', 'evutil_inet_pton', 'event_mm_strdup_', 'LLVMFuzzerTestOneInput', 'evhttp_request_new', 'evbuffer_readln', 'event_del_nolock_', 'evbuffer_search_range', 'evhttp_add_header_internal']

/src/inspector/light/source_files/src/ws_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evhttp_write_buffer', 'evhttp_request_new', 'evutil_inet_pton', 'be_socket_enable', 'event_base_gettimeofday_cached', 'evutil_getaddrinfo', 'event_mm_strdup_', 'bufferevent_socket_new', 'evbuffer_drain', 'evhttp_make_header_response']

/src/inspector/light/source_files/src/dns_fuzzer.cc

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['evutil_parse_sockaddr_port', 'evutil_format_sockaddr_port_', 'bufferevent_enable', 'listener_decref_and_unlock', 'evutil_ascii_strcasecmp', 'event_config_free', 'evbuffer_remove', 'event_base_loop', 'evutil_getaddrinfo', 'LLVMFuzzerTestOneInput']

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name	Function total lines	Lines covered at runtime	percentage covered	Reached by fuzzers
evutil_getaddrinfo	35	19	54.28%	['/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', 'utils_fuzzer', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc']
epoll_init	65	27	41.53%	['listener_fuzzer', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc']
epoll_apply_one_change	65	17	26.15%	['/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', 'dns_fuzzer', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', 'listener_fuzzer', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc']
epoll_dispatch	84	44	52.38%	['listener_fuzzer', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc']
event_active_nolock_	39	16	41.02%	['listener_fuzzer', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc']
event_base_free_	82	42	51.21%	['listener_fuzzer', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc']
event_process_active_single_queue	107	54	50.46%	['listener_fuzzer', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc']
evconnlistener_new_bind	60	31	51.66%	['/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', 'dns_fuzzer', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', 'listener_fuzzer', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc']
listener_read_cb	54	29	53.70%	['/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', 'dns_fuzzer', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', 'listener_fuzzer', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc']
evbuffer_commit_space	54	24	44.44%	['/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', 'buffer_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc']
evbuffer_prepend_buffer	32	12	37.5%	['/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', 'buffer_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc']
evbuffer_search_eol	70	29	41.42%	['buffer_fuzzer', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'http_message_fuzzer', '/src/inspector/light/source_files/src/listener_fuzzer.cc']
evbuffer_chain_free	42	23	54.76%	['buffer_fuzzer', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'evtag_fuzzer', 'bufferevent_fuzzer', 'http_message_fuzzer', '/src/inspector/light/source_files/src/listener_fuzzer.cc']
PRESERVE_PINNED	32	7	21.87%	['buffer_fuzzer', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'evtag_fuzzer', 'bufferevent_fuzzer', 'http_message_fuzzer', '/src/inspector/light/source_files/src/listener_fuzzer.cc']
bufferevent_set_rate_limit	61	15	24.59%	['/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc']
event_base_cancel_single_callback_	33	18	54.54%	['listener_fuzzer', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc']
poll_dispatch	66	24	36.36%	['/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc']
evhttp_free	36	16	44.44%	['/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'http_message_fuzzer', '/src/inspector/light/source_files/src/listener_fuzzer.cc']
evhttp_request_new	36	18	50.0%	['/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'http_message_fuzzer', '/src/inspector/light/source_files/src/listener_fuzzer.cc']
evhttp_make_header_response	33	11	33.33%	['/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', 'ws_fuzzer', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc', '/src/inspector/light/source_files/src/buffer_fuzzer.cc']

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file	Reached by	Covered by
	[]	[]
/src/libevent/log.c	['evtag_fuzzer', 'listener_fuzzer', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', 'http_message_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'buffer_fuzzer', '/src/inspector/light/source_files/src/listener_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	['/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'buffer_fuzzer', '/src/inspector/light/source_files/src/listener_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']
/src/ws_fuzzer.cc	['ws_fuzzer']	['ws_fuzzer']
/src/listener_fuzzer.cc	['listener_fuzzer']	['listener_fuzzer']
/src/libevent/evdns.c	['dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	[]
/src/buffer_fuzzer.cc	['buffer_fuzzer']	['buffer_fuzzer']
/src/libevent/evmap.c	['evtag_fuzzer', 'listener_fuzzer', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', 'http_message_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'buffer_fuzzer', '/src/inspector/light/source_files/src/listener_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	['listener_fuzzer', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']
/src/inspector/source-code/src/utils_fuzzer.cc	['/src/inspector/source-code/src/utils_fuzzer.cc']	['/src/inspector/source-code/src/utils_fuzzer.cc']
/src/inspector/light/source_files/src/buffer_fuzzer.cc	['/src/inspector/light/source_files/src/buffer_fuzzer.cc']	['/src/inspector/light/source_files/src/buffer_fuzzer.cc']
/src/libevent/http.c	['http_message_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc']	['/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc']
/src/bufferevent_fuzzer.cc	['bufferevent_fuzzer']	['bufferevent_fuzzer']
/src/libevent/sha1.c	['/src/inspector/source-code/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/light/source_files/src/ws_fuzzer.cc']	['/src/inspector/source-code/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/light/source_files/src/ws_fuzzer.cc']
/src/libevent/listener.c	['listener_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', 'http_message_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	['listener_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']
/src/libevent/bufferevent-internal.h	['dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	['dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']
/src/inspector/source-code/src/evtag_fuzzer.cc	['/src/inspector/source-code/src/evtag_fuzzer.cc']	['/src/inspector/source-code/src/evtag_fuzzer.cc']
/src/libevent/ws.c	['http_message_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc']	['/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc']
/src/libevent/event_tagging.c	['evtag_fuzzer', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc']	[]
/src/libevent/evutil_time.c	['listener_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc', 'ws_fuzzer', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	['listener_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc', 'ws_fuzzer', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']
/src/utils_fuzzer.cc	['utils_fuzzer']	['utils_fuzzer']
/src/inspector/light/source_files/src/evtag_fuzzer.cc	['/src/inspector/light/source_files/src/evtag_fuzzer.cc']	['/src/inspector/light/source_files/src/evtag_fuzzer.cc']
/src/inspector/light/source_files/src/utils_fuzzer.cc	['/src/inspector/light/source_files/src/utils_fuzzer.cc']	['/src/inspector/light/source_files/src/utils_fuzzer.cc']
/src/libevent/strlcpy.c	['utils_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	['utils_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']
/src/libevent/select.c	[]	[]
/src/inspector/light/source_files/src/http_message_fuzzer.cc	['/src/inspector/light/source_files/src/http_message_fuzzer.cc']	['/src/inspector/light/source_files/src/http_message_fuzzer.cc']
/src/libevent/buffer.c	['evtag_fuzzer', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', 'http_message_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'buffer_fuzzer', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	['/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'buffer_fuzzer', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']
/src/libevent/bufferevent_filter.c	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer']	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer']
/src/inspector/source-code/src/ws_fuzzer.cc	['/src/inspector/source-code/src/ws_fuzzer.cc']	['/src/inspector/source-code/src/ws_fuzzer.cc']
/src/inspector/source-code/src/bufferevent_fuzzer.cc	['/src/inspector/source-code/src/bufferevent_fuzzer.cc']	['/src/inspector/source-code/src/bufferevent_fuzzer.cc']
/src/inspector/light/source_files/src/dns_fuzzer.cc	['/src/inspector/light/source_files/src/dns_fuzzer.cc']	['/src/inspector/light/source_files/src/dns_fuzzer.cc']
/usr/include/x86_64-linux-gnu/bits/byteswap.h	['utils_fuzzer', '/src/inspector/light/source_files/src/utils_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', 'http_message_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	[]
/src/libevent/epoll.c	[]	[]
/src/libevent/evutil_rand.c	['dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	[]
/src/dns_fuzzer.cc	['dns_fuzzer']	['dns_fuzzer']
/src/libevent/./arc4random.c	['dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	[]
/src/inspector/light/source_files/src/ws_fuzzer.cc	['/src/inspector/light/source_files/src/ws_fuzzer.cc']	['/src/inspector/light/source_files/src/ws_fuzzer.cc']
/src/libevent/signal.c	['listener_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc', 'ws_fuzzer', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	['listener_fuzzer', '/src/inspector/source-code/src/listener_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc', 'ws_fuzzer', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']
/src/libevent/evthread-internal.h	['dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	[]
/src/inspector/source-code/src/dns_fuzzer.cc	['/src/inspector/source-code/src/dns_fuzzer.cc']	['/src/inspector/source-code/src/dns_fuzzer.cc']
/src/inspector/source-code/src/http_message_fuzzer.cc	['/src/inspector/source-code/src/http_message_fuzzer.cc']	['/src/inspector/source-code/src/http_message_fuzzer.cc']
/src/libevent/event.c	['utils_fuzzer', 'evtag_fuzzer', 'listener_fuzzer', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', 'http_message_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'buffer_fuzzer', '/src/inspector/light/source_files/src/listener_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	['utils_fuzzer', 'listener_fuzzer', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'buffer_fuzzer', '/src/inspector/light/source_files/src/listener_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']
/src/libevent/bufferevent_sock.c	['dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	['dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']
/src/inspector/source-code/src/buffer_fuzzer.cc	['/src/inspector/source-code/src/buffer_fuzzer.cc']	['/src/inspector/source-code/src/buffer_fuzzer.cc']
/usr/local/bin/../include/c++/v1/stdexcept	[]	[]
/src/inspector/light/source_files/src/bufferevent_fuzzer.cc	['/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']	['/src/inspector/light/source_files/src/bufferevent_fuzzer.cc']
/src/http_message_fuzzer.cc	['http_message_fuzzer']	[]
/src/libevent/poll.c	[]	[]
/src/libevent/bufferevent_ratelim.c	['dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', 'http_message_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	['dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']
/src/libevent/evutil.c	['utils_fuzzer', 'evtag_fuzzer', 'listener_fuzzer', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', 'http_message_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'buffer_fuzzer', '/src/inspector/light/source_files/src/listener_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	['utils_fuzzer', 'listener_fuzzer', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/utils_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/source-code/src/utils_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'buffer_fuzzer', '/src/inspector/light/source_files/src/listener_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']
/src/libevent/bufferevent_pair.c	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/light/source_files/src/ws_fuzzer.cc']	['/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', 'ws_fuzzer', '/src/inspector/light/source_files/src/ws_fuzzer.cc']
/src/evtag_fuzzer.cc	['evtag_fuzzer']	[]
/src/libevent/minheap-internal.h	['evtag_fuzzer', 'listener_fuzzer', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', 'http_message_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'buffer_fuzzer', '/src/inspector/light/source_files/src/listener_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	['listener_fuzzer', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', '/src/inspector/source-code/src/listener_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/listener_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']
/src/libevent/signalfd.c	[]	[]
/src/libevent/evthread.c	[]	[]
/src/inspector/source-code/src/listener_fuzzer.cc	['/src/inspector/source-code/src/listener_fuzzer.cc']	['/src/inspector/source-code/src/listener_fuzzer.cc']
/src/inspector/light/source_files/src/listener_fuzzer.cc	['/src/inspector/light/source_files/src/listener_fuzzer.cc']	['/src/inspector/light/source_files/src/listener_fuzzer.cc']
/src/libevent/bufferevent.c	['evtag_fuzzer', '/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', 'http_message_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'buffer_fuzzer', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']	['/src/inspector/light/source_files/src/buffer_fuzzer.cc', '/src/inspector/source-code/src/buffer_fuzzer.cc', '/src/inspector/light/source_files/src/evtag_fuzzer.cc', 'dns_fuzzer', '/src/inspector/source-code/src/dns_fuzzer.cc', '/src/inspector/source-code/src/bufferevent_fuzzer.cc', '/src/inspector/light/source_files/src/bufferevent_fuzzer.cc', 'bufferevent_fuzzer', '/src/inspector/source-code/src/ws_fuzzer.cc', '/src/inspector/source-code/src/evtag_fuzzer.cc', '/src/inspector/light/source_files/src/http_message_fuzzer.cc', 'ws_fuzzer', '/src/inspector/source-code/src/http_message_fuzzer.cc', '/src/inspector/light/source_files/src/ws_fuzzer.cc', '/src/inspector/light/source_files/src/dns_fuzzer.cc']

Directories in report

Directory
/src/
/usr/include/x86_64-linux-gnu/bits/
/usr/local/bin/../include/c++/v1/
/src/libevent/
/src/libevent/./
/src/inspector/light/source_files/src/
/src/inspector/source-code/src/