Report generation date: 2023-08-27

Project overview: lua

High level conclusions

Fuzzers reach 63.70% code coverage.

Fuzzers reach 69.77% of cyclomatic complexity.

Fuzzers reach 60.77% of all functions.

Reachability and coverage overview

Functions statically reachable by fuzzers

643 / 1058

Cyclomatic complexity statically reachable by fuzzers

5707 / 8179

Runtime code coverage of functions

674 / 1058

Warning: The number of runtime covered functions are larger than the number of reachable functions. This means that Fuzz Introspector found there are more functions covered at runtime than what is considered reachable based on the static analysis. This is a limitation in the analysis as anything covered at runtime is by definition reachable by the fuzzers.
This is likely due to a limitation in the static analysis. In this case, the count of functions covered at runtime is the true value, which means this is what should be considered "achieved" by the fuzzer.

Use the project functions table below to query all functions that were not covered at runtime.

Fuzzers overview

Fuzzer	Fuzzer filename	Functions Reached	Functions unreached	Fuzzer depth	Files reached	Basic blocks reached	Cyclomatic complexity	Details
fuzz_lua	lua/fuzz_lua.c	684	143	54	16	20883	5781	fuzz_lua.c
luaL_addgsub_test	testdir/tests/luaL_addgsub_test.cc	385	436	54	15	25614	5679	luaL_addgsub_test.cc
lua_load_test	testdir/tests/lua_load_test.c	614	538	54	17	33621	7814	lua_load_test.c

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzzer details

Fuzzer: fuzz_lua

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 729 34.4%

gold [1:9] 145 6.85%

yellow [10:29] 151 7.14%

greenyellow [30:49] 95 4.49%

lawngreen 50+ 994 47.0%

All colors 2114 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	729	34.4%
gold	[1:9]	145	6.85%
yellow	[10:29]	151	7.14%
greenyellow	[30:49]	95	4.49%
lawngreen	50+	994	47.0%
All colors	2114	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
6108	9157	11 : View List ['__asan_handle_no_return', '__asan_report_load8', '__asan_report_load4', 'changedline', '__asan_report_load1', 'luaG_getfuncline', '__asan_report_store2', '__asan_report_store8', 'luaD_hook', '__asan_report_load2', 'luaD_throw']	6114	9163	luaG_traceexec	call site: 00946	/src/lua/ldebug.c:907
3157	3157	1 : View List ['luaU_undump']	3163	9138	f_parser	call site: 00000	/src/lua/ldo.c:992
3057	6079	4 : View List ['lua_type', 'lua_pushfstring', 'lua_typename', 'luaL_callmeta']	3057	9550	msghandler	call site: 01839	/src/lua/fuzz_lua.c:103
3020	9145	10 : View List ['luaG_runerror', '__asan_handle_no_return', '__asan_report_load8', '__asan_report_load1', 'luaT_callTMres', '__asan_report_store8', 'luaG_typeerror', 'luaT_gettm', 'luaH_get', 'luaT_gettmbyobj']	3024	9149	luaV_finishget	call site: 01021	/src/lua/lvm.c:304
3013	3013	1 : View List ['codeextraarg']	3015	6028	luaK_setlist	call site: 00000	/src/lua/lcode.c:1812
3013	3013	1 : View List ['codeextraarg']	3013	6026	luaK_codek	call site: 00000	/src/lua/lcode.c:452
3000	9125	9 : View List ['luaG_runerror', 'luaT_callTM', '__asan_handle_no_return', '__asan_report_store1', '__asan_report_store8', 'luaG_typeerror', 'luaT_gettm', 'luaH_get', 'luaT_gettmbyobj']	3102	12213	luaV_finishset	call site: 01100	/src/lua/lvm.c:341
2993	5980	3 : View List ['luaF_newCclosure', 'luaC_step', '__asan_report_load1']	3049	6036	lua_pushcclosure	call site: 01832	/src/lua/lapi.c:581
2992	2992	2 : View List ['luaH_setint', '__asan_report_load1']	3026	12045	luaH_resize	call site: 01139	/src/lua/ltable.c:561
2992	2992	1 : View List ['runafewfinalizers']	2996	2996	singlestep	call site: 00201	/src/lua/lgc.c:1631
8	8	2 : View List ['__asan_report_load8', '__asan_report_store8']	8	8	forlimit	call site: 01633	/src/lua/lvm.c:183
6	2990	2 : View List ['__asan_report_load8', 'newupval']	6	2990	luaF_findupval	call site: 01691	/src/lua/lfunc.c:93

Runtime coverage analysis

Covered functions

538

Functions that are reachable but not covered

152

Reachable functions

684

Percentage of reachable functions covered

77.78%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
lua/fuzz_lua.c	8
lua/lauxlib.c	29
lua/lstate.c	18
lua/lstring.c	15
lua/ldo.c	25
lua/lmem.c	6
lua/lgc.c	73
lua/lfunc.c	14
lua/ltable.c	37
lua/ltm.c	15
lua/ldebug.c	34
lua/lobject.c	18
lua/lvm.c	25
lua/llex.c	1
lua/lapi.c	44
lua/lzio.c	1

Fuzzer: luaL_addgsub_test

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 1488 70.0%

gold [1:9] 0 0.0%

yellow [10:29] 5 0.23%

greenyellow [30:49] 6 0.28%

lawngreen 50+ 624 29.3%

All colors 2123 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	1488	70.0%
gold	[1:9]	0	0.0%
yellow	[10:29]	5	0.23%
greenyellow	[30:49]	6	0.28%
lawngreen	50+	624	29.3%
All colors	2123	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
8991	9145	10 : View List ['luaG_runerror', '__asan_handle_no_return', '__asan_report_load8', '__asan_report_load1', 'luaT_callTMres', '__asan_report_store8', 'luaG_typeerror', 'luaT_gettm', 'luaH_get', 'luaT_gettmbyobj']	8995	9149	luaV_finishget	call site: 01137	/src/lua/lvm.c:304
8971	9125	9 : View List ['luaG_runerror', 'luaT_callTM', '__asan_handle_no_return', '__asan_report_store1', '__asan_report_store8', 'luaG_typeerror', 'luaT_gettm', 'luaH_get', 'luaT_gettmbyobj']	9073	12213	luaV_finishset	call site: 01217	/src/lua/lvm.c:341
2993	5980	3 : View List ['luaF_newCclosure', 'luaC_step', '__asan_report_load1']	3049	6036	lua_pushcclosure	call site: 02057	/src/lua/lapi.c:581
2992	2992	2 : View List ['luaH_setint', '__asan_report_load1']	6012	12045	luaH_resize	call site: 01252	/src/lua/ltable.c:561
2992	2992	1 : View List ['runafewfinalizers']	2996	2996	singlestep	call site: 00252	/src/lua/lgc.c:1631
2991	2991	2 : View List ['luaG_runerror', '__asan_handle_no_return']	2991	2991	setnodevector	call site: 01254	/src/lua/ltable.c:489
2985	2985	1 : View List ['luaD_seterrorobj']	2985	5974	prepcallclosemth	call site: 00958	/src/lua/lfunc.c:146
79	79	3 : View List ['__asan_report_store8', '__asan_report_store1', 'getgeneric']	79	79	luaH_getstr	call site: 01367	/src/lua/ltable.c:776
4	4	1 : View List ['__asan_report_load1']	12	12	index2value	call site: 01923	/src/lua/lapi.c:73
0	23	2 : View List ['getgclist', 'linkgclist_']	0	23	reallymarkobject	call site: 00177	/src/lua/lgc.c:315
0	23	2 : View List ['getgclist', 'linkgclist_']	0	23	genlink	call site: 00324	/src/lua/lgc.c:432
0	6	1 : View List ['luaE_setdebt']	0	6	incstep	call site: 00831	/src/lua/lgc.c:1677

Runtime coverage analysis

Covered functions

162

Functions that are reachable but not covered

225

Reachable functions

385

Percentage of reachable functions covered

41.56%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testdir/tests/luaL_addgsub_test.cc	1
testdir/build/lua-master/source/lauxlib.c	21
testdir/build/lua-master/source/lstate.c	18
testdir/build/lua-master/source/lstring.c	15
testdir/build/lua-master/source/ldo.c	24
testdir/build/lua-master/source/lmem.c	5
testdir/build/lua-master/source/lgc.c	73
testdir/build/lua-master/source/lfunc.c	14
testdir/build/lua-master/source/ltable.c	35
testdir/build/lua-master/source/ltm.c	15
testdir/build/lua-master/source/ldebug.c	32
testdir/build/lua-master/source/lobject.c	18
testdir/build/lua-master/source/lvm.c	25
testdir/build/lua-master/source/llex.c	1
testdir/build/lua-master/source/lapi.c	29

Fuzzer: lua_load_test

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color Runtime hitcount Callsite count Percentage

red 0 670 32.4%

gold [1:9] 132 6.39%

yellow [10:29] 64 3.09%

greenyellow [30:49] 190 9.20%

lawngreen 50+ 1009 48.8%

All colors 2065 100

Color	Runtime hitcount	Callsite count	Percentage
red	0	670	32.4%
gold	[1:9]	132	6.39%
yellow	[10:29]	64	3.09%
greenyellow	[30:49]	190	9.20%
lawngreen	50+	1009	48.8%
All colors	2065	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
8290	8290	2 : View List ['checkload', 'luaL_loadfilex']	8290	8290	searcher_Lua	call site: 00000	/src/testdir/build/lua-master/source/loadlib.c:540
6534	12507	4 : View List ['checkload', 'lua_pushfstring', 'lua_pushstring', 'loadfunc']	6534	12507	searcher_Croot	call site: 00000	/src/testdir/build/lua-master/source/loadlib.c:587
6534	6534	2 : View List ['checkload', 'loadfunc']	6534	6534	searcher_C	call site: 00000	/src/testdir/build/lua-master/source/loadlib.c:574
6108	9157	11 : View List ['__asan_handle_no_return', '__asan_report_load8', '__asan_report_load4', 'changedline', '__asan_report_load1', 'luaG_getfuncline', '__asan_report_store2', '__asan_report_store8', 'luaD_hook', '__asan_report_load2', 'luaD_throw']	6114	9163	luaG_traceexec	call site: 01058	/src/lua/ldebug.c:907
3278	11301	3 : View List ['luaL_checktype', 'lua_load', 'lua_settop']	3278	17619	luaB_load	call site: 00000	/src/testdir/build/lua-master/source/lbaselib.c:393
3209	6208	3 : View List ['pushglobalfuncname', 'lua_tolstring', '__asan_report_store8']	3211	9314	luaL_argerror	call site: 00000	/src/lua/lauxlib.c:186
3013	3013	1 : View List ['codeextraarg']	3015	6028	luaK_setlist	call site: 00000	/src/lua/lcode.c:1812
3013	3013	1 : View List ['codeextraarg']	3013	6026	luaK_codek	call site: 00000	/src/lua/lcode.c:452
3000	9125	9 : View List ['luaG_runerror', 'luaT_callTM', '__asan_handle_no_return', '__asan_report_store1', '__asan_report_store8', 'luaG_typeerror', 'luaT_gettm', 'luaH_get', 'luaT_gettmbyobj']	3040	12213	luaV_finishset	call site: 01217	/src/lua/lvm.c:341
86	3095	3 : View List ['lua_setupvalue', 'lua_settop', 'lua_pushvalue']	86	3095	load_aux	call site: 00000	/src/testdir/build/lua-master/source/lbaselib.c:325
72	3086	3 : View List ['lua_pushboolean', 'lua_copy', 'lua_setfield']	72	3106	ll_require	call site: 00000	/src/testdir/build/lua-master/source/loadlib.c:668
26	19650	10 : View List ['luaL_prepbuffsize', '__asan_report_load8', '__asan_report_store1', 'luaL_buffinit', 'luaL_addstring', 'luaL_addlstring', '__asan_set_shadow_f8', 'luaL_pushresult', 'strlen', 'strstr']	32	28638	setpath	call site: 00000	/src/testdir/build/lua-master/source/loadlib.c:296

Runtime coverage analysis

Covered functions

606

Functions that are reachable but not covered

156

Reachable functions

614

Percentage of reachable functions covered

74.59%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
testdir/tests/lua_load_test.c	2
testdir/build/lua-master/source/lauxlib.c	9
testdir/build/lua-master/source/lstate.c	18
testdir/build/lua-master/source/lstring.c	14
testdir/build/lua-master/source/ldo.c	25
testdir/build/lua-master/source/lmem.c	6
testdir/build/lua-master/source/lgc.c	70
testdir/build/lua-master/source/lfunc.c	14
testdir/build/lua-master/source/ltable.c	35
testdir/build/lua-master/source/ltm.c	15
testdir/build/lua-master/source/ldebug.c	25
testdir/build/lua-master/source/lobject.c	17
testdir/build/lua-master/source/lvm.c	25
testdir/build/lua-master/source/llex.c	1
testdir/build/lua-master/source/lapi.c	22
testdir/build/lua-master/source/linit.c	1
testdir/build/lua-master/source/lzio.c	1

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name	Functions filename	Arg count	Args	Function depth	instr count	bb count	cyclomatic complexity	Reachable functions	total cyclomatic complexity	Unreached complexity
`str_gsub`	/src/testdir/build/lua-master/source/lstrlib.c	1	['struct.lua_State *']	130	556	77	18	409	3711	249
`io_lines`	/src/testdir/build/lua-master/source/liolib.c	1	['struct.lua_State *']	128	102	12	5	413	3656	156
`str_pack`	/src/testdir/build/lua-master/source/lstrlib.c	1	['struct.lua_State *']	129	1490	225	49	389	3642	151
`luaB_cowrap`	/src/testdir/build/lua-master/source/lcorolib.c	1	['struct.lua_State *']	128	18	3	2	362	3469	148
`str_dump`	/src/testdir/build/lua-master/source/lstrlib.c	1	['struct.lua_State *']	129	136	16	7	392	3587	120
`sort`	/src/testdir/build/lua-master/source/ltablib.c	1	['struct.lua_State *']	128	80	12	5	360	3412	114
`str_format`	/src/testdir/build/lua-master/source/lstrlib.c	1	['struct.lua_State *']	128	878	129	25	400	3650	111
`searcher_Lua`	/src/testdir/build/lua-master/source/loadlib.c	1	['struct.lua_State *']	129	60	6	3	662	5634	93
`luaB_collectgarbage`	/src/testdir/build/lua-master/source/lbaselib.c	1	['struct.lua_State *']	129	375	42	2	352	3397	86
`os_date`	/src/testdir/build/lua-master/source/loslib.c	1	['struct.lua_State *']	130	494	66	19	389	3550	53

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers

800 / 1058

Cyclomatic complexity statically reachable by fuzzers

6952 / 8179

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Runtime coverage analysis

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name	Function total lines	Lines covered at runtime	percentage covered	Reached by fuzzers
luaG_traceexec	43	9	20.93%	['fuzz_lua', 'luaL_addgsub_test', 'lua_load_test']
auxgetinfo	53	26	49.05%	['fuzz_lua', 'luaL_addgsub_test']
funcnamefromcode	36	10	27.77%	['fuzz_lua', 'luaL_addgsub_test', 'lua_load_test']
luaH_getn	36	18	50.0%	['fuzz_lua', 'luaL_addgsub_test', 'lua_load_test']
luaV_finishset	32	16	50.0%	['fuzz_lua', 'luaL_addgsub_test', 'lua_load_test']
luaV_equalobj	46	24	52.17%	['fuzz_lua', 'luaL_addgsub_test', 'lua_load_test']
lua_gc	96	26	27.08%	[]
luaB_collectgarbage	58	22	37.93%	[]
str_pack	94	34	36.17%	[]
getoption	41	15	36.58%	[]

Files and Directories in report

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file	Reached by	Covered by
	[]	[]
/src/lua/lstate.c	['fuzz_lua']	['fuzz_lua']
/src/lua/lgc.c	['fuzz_lua']	['fuzz_lua']
/src/testdir/build/lua-master/source/ldo.c	['luaL_addgsub_test', 'lua_load_test']	['luaL_addgsub_test', 'lua_load_test']
/src/testdir/build/lua-master/source/ldump.c	[]	[]
/src/lua/lzio.c	['fuzz_lua']	['fuzz_lua']
/src/testdir/build/lua-master/source/lstate.c	['luaL_addgsub_test', 'lua_load_test']	['luaL_addgsub_test', 'lua_load_test']
/src/testdir/build/lua-master/source/ltable.c	['luaL_addgsub_test', 'lua_load_test']	['luaL_addgsub_test', 'lua_load_test']
/src/testdir/build/lua-master/source/lmathlib.c	[]	[]
/src/testdir/build/lua-master/source/lundump.c	[]	[]
/src/lua/lundump.c	[]	[]
/src/testdir/build/lua-master/source/lvm.c	['luaL_addgsub_test', 'lua_load_test']	['luaL_addgsub_test', 'lua_load_test']
/src/testdir/build/lua-master/source/lutf8lib.c	[]	[]
/src/testdir/build/lua-master/source/lgc.c	['luaL_addgsub_test', 'lua_load_test']	['luaL_addgsub_test', 'lua_load_test']
/src/testdir/build/lua-master/source/lfunc.c	['luaL_addgsub_test', 'lua_load_test']	['luaL_addgsub_test', 'lua_load_test']
/src/testdir/build/lua-master/source/ltm.c	['luaL_addgsub_test', 'lua_load_test']	['luaL_addgsub_test', 'lua_load_test']
/src/lua/lparser.c	[]	[]
/src/testdir/build/lua-master/source/ldebug.c	['luaL_addgsub_test', 'lua_load_test']	['lua_load_test']
/src/testdir/build/lua-master/source/loslib.c	[]	[]
/src/testdir/build/lua-master/source/llex.c	['luaL_addgsub_test', 'lua_load_test']	['luaL_addgsub_test', 'lua_load_test']
/src/testdir/build/lua-master/source/linit.c	['lua_load_test']	['lua_load_test']
/src/testdir/build/lua-master/source/loadlib.c	[]	[]
/src/testdir/build/lua-master/source/lapi.c	['luaL_addgsub_test', 'lua_load_test']	['luaL_addgsub_test', 'lua_load_test']
/src/lua/ldebug.c	['fuzz_lua']	['fuzz_lua']
/src/testdir/build/lua-master/source/liolib.c	[]	[]
/src/lua/lvm.c	['fuzz_lua']	['fuzz_lua']
/src/lua/ltm.c	['fuzz_lua']	['fuzz_lua']
/src/testdir/build/lua-master/source/lzio.c	['lua_load_test']	['lua_load_test']
/src/lua/lapi.c	['fuzz_lua']	['fuzz_lua']
/src/testdir/build/lua-master/source/ltablib.c	[]	[]
/src/testdir/build/lua-master/source/lstrlib.c	[]	[]
/src/lua/fuzz_lua.c	['fuzz_lua']	['fuzz_lua']
/src/testdir/build/lua-master/source/lobject.c	['luaL_addgsub_test', 'lua_load_test']	['luaL_addgsub_test', 'lua_load_test']
/src/testdir/build/lua-master/source/ldblib.c	[]	[]
/src/lua/lcode.c	[]	[]
/src/testdir/build/lua-master/source/lstring.c	['luaL_addgsub_test', 'lua_load_test']	['luaL_addgsub_test', 'lua_load_test']
/src/lua/lmem.c	['fuzz_lua']	['fuzz_lua']
/src/testdir/build/lua-master/source/lcorolib.c	[]	[]
/src/lua/lfunc.c	['fuzz_lua']	['fuzz_lua']
/src/testdir/build/lua-master/source/lbaselib.c	[]	[]
/src/lua/lobject.c	['fuzz_lua']	['fuzz_lua']
/src/testdir/build/lua-master/source/lauxlib.c	['luaL_addgsub_test', 'lua_load_test']	['luaL_addgsub_test', 'lua_load_test']
/src/testdir/tests/luaL_addgsub_test.cc	['luaL_addgsub_test']	['luaL_addgsub_test']
/src/lua/ldump.c	[]	[]
/src/lua/llex.c	['fuzz_lua']	['fuzz_lua']
/src/lua/lauxlib.c	['fuzz_lua']	['fuzz_lua']
/src/testdir/tests/lua_load_test.c	['lua_load_test']	['lua_load_test']
/src/lua/lstring.c	['fuzz_lua']	['fuzz_lua']
/src/testdir/build/lua-master/source/lparser.c	[]	[]
/src/testdir/build/lua-master/source/lcode.c	[]	[]
/src/lua/ldo.c	['fuzz_lua']	['fuzz_lua']
/src/testdir/build/lua-master/source/lmem.c	['luaL_addgsub_test', 'lua_load_test']	['luaL_addgsub_test', 'lua_load_test']
/src/lua/ltable.c	['fuzz_lua']	['fuzz_lua']

Directories in report

Directory

/src/testdir/build/lua-master/source/
/src/testdir/tests/
/src/lua/

Metadata section

This sections shows the raw data that is used to produce this report. This is mainly used for further processing and developer debugging.

Fuzzer Calltree file Program data file Coverage file

fuzz_lua fuzzerLogFile-0-aHw7A82CAB.data fuzzerLogFile-0-aHw7A82CAB.data.yaml fuzz_lua.covreport

luaL_addgsub_test fuzzerLogFile-0-nWXcVCTRuU.data fuzzerLogFile-0-nWXcVCTRuU.data.yaml luaL_addgsub_test.covreport

lua_load_test fuzzerLogFile-0-74sPwbrQCP.data fuzzerLogFile-0-74sPwbrQCP.data.yaml lua_load_test.covreport

Fuzzer	Calltree file	Program data file	Coverage file
fuzz_lua	fuzzerLogFile-0-aHw7A82CAB.data	fuzzerLogFile-0-aHw7A82CAB.data.yaml	fuzz_lua.covreport
luaL_addgsub_test	fuzzerLogFile-0-nWXcVCTRuU.data	fuzzerLogFile-0-nWXcVCTRuU.data.yaml	luaL_addgsub_test.covreport
lua_load_test	fuzzerLogFile-0-74sPwbrQCP.data	fuzzerLogFile-0-74sPwbrQCP.data.yaml	lua_load_test.covreport

Table of contents

Project overview: lua

High level conclusions

Reachability and coverage overview

Fuzzers overview

Project functions overview

Fuzzer details

Fuzzer: fuzz_lua

Call tree

Fuzz blockers

Runtime coverage analysis

Files reached

Fuzzer: luaL_addgsub_test

Call tree

Fuzz blockers

Runtime coverage analysis

Files reached

Fuzzer: lua_load_test

Call tree

Fuzz blockers

Runtime coverage analysis

Files reached

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

All functions overview

Runtime coverage analysis

Complex functions with low coverage

Files and Directories in report

Files in report

Directories in report

Metadata section