Fuzz introspector
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzzer details

Fuzzer: fuzz_regex

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is
Color Runtime hitcount Callsite count Percentage
red 0 2 0.94%
gold [1:9] 14 6.60%
yellow [10:29] 5 2.35%
greenyellow [30:49] 6 2.83%
lawngreen 50+ 185 87.2%
All colors 212 100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
0 0 None 0 65 re_regcomp call site: 00155 /src/librdkafka/src/regexp.c:1040

Runtime coverage analysis

Covered functions
Functions that are reachable but not covered
Reachable functions
Percentage of reachable functions covered
NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.
Function name source code lines source lines hit percentage hit

Files reached

filename functions hit
/src/librdkafka/tests/fuzzers/fuzz_regex.c 1
regexp.c 31
rd.h 3