High level conclusions

Fuzzers reach 41.96% of cyclomatic complexity.

Fuzzers reach 47.64% of all functions.

Reachability and coverage overview

Functions statically reachable by fuzzers

931 / 1954

Cyclomatic complexity statically reachable by fuzzers

6470 / 15417

Runtime code coverage of functions

622 / 1954

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzzer: fuzz_regexp

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	169	37.9%
gold	[1:9]	4	0.89%
yellow	[10:29]	2	0.44%
greenyellow	[30:49]	1	0.22%
lawngreen	50+	269	60.4%
All colors	445	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
0	8	2 : View List ['re_parse_error', 'pstrcpy']	0	14	lre_compile	call site: 00373	/src/quickjs/libregexp.c:1786
0	4	1 : View List ['re_parse_error']	0	4	re_emit_range	call site: 00290	/src/quickjs/libregexp.c:747
0	2	1 : View List ['is_digit']	0	2	lre_parse_escape	call site: 00066	/src/quickjs/libregexp.c:495
0	0	None	366	1397	lre_exec_backtrack	call site: 00391	/src/quickjs/libregexp.c:2080
0	0	None	366	1397	lre_exec_backtrack	call site: 00398	/src/quickjs/libregexp.c:2124
0	0	None	366	1397	lre_exec_backtrack	call site: 00400	/src/quickjs/libregexp.c:2133
0	0	None	366	1397	lre_exec_backtrack	call site: 00415	/src/quickjs/libregexp.c:2235
0	0	None	366	1397	lre_exec_backtrack	call site: 00419	/src/quickjs/libregexp.c:2249
0	0	None	366	1397	lre_exec_backtrack	call site: 00423	/src/quickjs/libregexp.c:2269
0	0	None	366	1397	lre_exec_backtrack	call site: 00430	/src/quickjs/libregexp.c:2309
0	0	None	58	923	re_parse_term	call site: 00114	/src/quickjs/libregexp.c:1143
0	0	None	58	903	re_parse_term	call site: 00306	/src/quickjs/libregexp.c:1366

Runtime coverage analysis

Covered functions

76

Functions that are reachable but not covered

34

Reachable functions

110

Percentage of reachable functions covered

69.09%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
fuzz/fuzz_regexp.c	3
libregexp.c	37
cutils.c	13
./cutils.h	12
./libunicode.h	7
libunicode.c	29

Fuzzer: fuzz_compile

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	3176	74.9%
gold	[1:9]	700	16.5%
yellow	[10:29]	90	2.12%
greenyellow	[30:49]	6	0.14%
lawngreen	50+	268	6.32%
All colors	4240	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
54437	132498	21 : View List ['JS_FreeValue.23', 'js_parse_expr', 'js_parse_expect', 'emit_push_const', 'JS_AtomToValue', 'token_is_ident', 'emit_label', 'emit_atom', 'get_u32', 'optional_chain_test', 'has_with_scope', 'emit_goto', 'get_u16', 'emit_u32', 'emit_op', 'js_parse_error', 'emit_class_field_init', 'next_token', 'js_parse_assign_expr', 'js_parse_template', 'emit_u16']	54459	132532	js_parse_postfix_expr	call site: 00000	/src/quickjs/quickjs.c:24768
19771	27700	15 : View List ['JS_AtomIsNumericIndex1', 'JS_NumberIsNegativeOrMinusZero', 'JS_ToArrayLengthFree', 'JS_IsException.22', '__JS_AtomToUInt32', '__JS_NewFloat64', 'get_prop_flags', 'JS_SetPropertyValue', 'check_define_prop_flags', 'JS_IsUndefined', 'JS_CreateProperty', 'convert_fast_array_to_array', 'JS_AutoInitProperty', 'JS_NumberIsInteger', '__JS_AtomIsTaggedInt']	47968	80322	JS_DefineProperty	call site: 00387	/src/quickjs/quickjs.c:9099
19691	43397	9 : View List ['JS_FreeValue.23', 'check_function', 'js_realloc', 'JS_GetPropertyStr', 'JS_IsException.22', 'JS_ThrowTypeError', 'JS_GetPropertyInternal', 'JS_GetOpaque2', 'JS_IsUndefined']	19691	43397	js_operators_create_internal	call site: 02985	/src/quickjs/quickjs.c:50725
7948	23997	6 : View List ['emit_u32', 'emit_u8', 'js_parse_error', 'emit_return', 'new_label', 'emit_atom']	51856	82987	js_parse_assign_expr2	call site: 00000	/src/quickjs/quickjs.c:25658
7932	7974	4 : View List ['optimize_scope_make_ref', 'dbuf_put_u16', 'can_opt_put_ref_value', 'get_closure_var']	7969	8434	resolve_scope_var	call site: 00000	/src/quickjs/quickjs.c:30633
7896	23667	9 : View List ['string_buffer_write8', 'string_buffer_end', 'unicode_from_utf8', 'string_buffer_init', 'get_lo_surrogate', 'string_buffer_free', 'get_hi_surrogate', 'string_buffer_putc8', 'string_buffer_putc16']	7896	23667	JS_NewStringLen	call site: 00332	/src/quickjs/quickjs.c:3901
7883	7883	2 : View List ['JS_CallFree', 'js_closure']	7883	7883	JS_EvalFunctionInternal	call site: 03298	/src/quickjs/quickjs.c:34399
6018	6018	1 : View List ['js_parse_destructuring_element']	60477	138550	js_parse_postfix_expr	call site: 00000	/src/quickjs/quickjs.c:24656
5944	5944	1 : View List ['js_parse_object_literal']	60403	138476	js_parse_postfix_expr	call site: 00000	/src/quickjs/quickjs.c:24660
5920	9860	2 : View List ['js_parse_function_decl', 'js_parse_error']	5920	9879	js_parse_statement_or_decl	call site: 00000	/src/quickjs/quickjs.c:27228
5920	5920	1 : View List ['js_parse_function_decl']	5920	5920	js_parse_source_element	call site: 00000	/src/quickjs/quickjs.c:29451
3953	3953	1 : View List ['js_std_dump_error']	3953	8391	test_one_input_init	call site: 04006	/src/quickjs/fuzz/fuzz_common.c:54

Runtime coverage analysis

Covered functions

447

Functions that are reachable but not covered

631

Reachable functions

974

Percentage of reachable functions covered

35.22%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
fuzz/fuzz_compile.c	1
quickjs.c	607
libbf.c	32
./list.h	6
./cutils.h	18
./quickjs.h	18
./libbf.h	12
cutils.c	16
/usr/include/stdlib.h	1
./libunicode.h	2
libunicode.c	1
fuzz/fuzz_common.c	3
quickjs-libc.c	36
/usr/include/x86_64-linux-gnu/bits/stdio.h	1

Fuzzer: fuzz_eval

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Call tree overview bitmap:

The distribution of callsites in terms of coloring is

Color	Runtime hitcount	Callsite count	Percentage
red	0	2811	69.9%
gold	[1:9]	64	1.59%
yellow	[10:29]	38	0.94%
greenyellow	[30:49]	451	11.2%
lawngreen	50+	655	16.2%
All colors	4019	100

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity	Unique Reachable Complexities	Unique Reachable Functions	All non-covered Complexity	All Reachable Complexity	Function Name	Function Callsite	Blocked Branch
44017	76352	25 : View List ['JS_AtomIsNumericIndex1', 'JS_NumberIsNegativeOrMinusZero', 'JS_FreeValue.23', 'JS_ToArrayLengthFree', 'set_array_length', 'JS_IsException.22', 'set_value', 'JS_SetPropertyValue', 'js_shape_prepare_update', 'convert_fast_array_to_array', 'JS_NumberIsInteger', 'js_same_value', '__JS_AtomIsTaggedInt', 'js_update_property_flags', 'JS_IsFunction', '__JS_AtomToUInt32', 'JS_ThrowTypeErrorOrFalse', '__JS_NewFloat64', 'get_prop_flags', 'check_define_prop_flags', 'JS_DupValue', 'free_var_ref', 'JS_AutoInitProperty', 'get_shape_prop', 'JS_IsUndefined']	44017	80322	JS_DefineProperty	call site: 00387	/src/quickjs/quickjs.c:9266
37779	132498	21 : View List ['JS_FreeValue.23', 'js_parse_expr', 'js_parse_expect', 'emit_push_const', 'JS_AtomToValue', 'token_is_ident', 'emit_label', 'emit_atom', 'get_u32', 'optional_chain_test', 'has_with_scope', 'emit_goto', 'get_u16', 'emit_u32', 'emit_op', 'js_parse_error', 'emit_class_field_init', 'next_token', 'js_parse_assign_expr', 'js_parse_template', 'emit_u16']	37801	132532	js_parse_postfix_expr	call site: 00000	/src/quickjs/quickjs.c:24768
19691	43397	9 : View List ['JS_FreeValue.23', 'check_function', 'js_realloc', 'JS_GetPropertyStr', 'JS_IsException.22', 'JS_ThrowTypeError', 'JS_GetPropertyInternal', 'JS_GetOpaque2', 'JS_IsUndefined']	19691	43397	js_operators_create_internal	call site: 02985	/src/quickjs/quickjs.c:50725
15820	27700	15 : View List ['JS_AtomIsNumericIndex1', 'JS_NumberIsNegativeOrMinusZero', 'JS_ToArrayLengthFree', 'JS_IsException.22', '__JS_AtomToUInt32', '__JS_NewFloat64', 'get_prop_flags', 'JS_SetPropertyValue', 'check_define_prop_flags', 'JS_IsUndefined', 'JS_CreateProperty', 'convert_fast_array_to_array', 'JS_AutoInitProperty', 'JS_NumberIsInteger', '__JS_AtomIsTaggedInt']	44017	80322	JS_DefineProperty	call site: 00387	/src/quickjs/quickjs.c:9099
11876	11876	2 : View List ['JS_ToPrimitiveFree', 'js_call_binary_op_fallback']	27640	31587	js_add_slow	call site: 02094	/src/quickjs/quickjs.c:13673
7932	7974	4 : View List ['optimize_scope_make_ref', 'dbuf_put_u16', 'can_opt_put_ref_value', 'get_closure_var']	7969	8434	resolve_scope_var	call site: 00000	/src/quickjs/quickjs.c:30633
7886	23667	9 : View List ['string_buffer_write8', 'string_buffer_end', 'unicode_from_utf8', 'string_buffer_init', 'get_lo_surrogate', 'string_buffer_free', 'get_hi_surrogate', 'string_buffer_putc8', 'string_buffer_putc16']	7886	23667	JS_NewStringLen	call site: 00332	/src/quickjs/quickjs.c:3901
6018	6018	1 : View List ['js_parse_destructuring_element']	43819	138550	js_parse_postfix_expr	call site: 00000	/src/quickjs/quickjs.c:24656
5944	5944	1 : View List ['js_parse_object_literal']	43745	138476	js_parse_postfix_expr	call site: 00000	/src/quickjs/quickjs.c:24660
5920	9860	2 : View List ['js_parse_function_decl', 'js_parse_error']	5920	9879	js_parse_statement_or_decl	call site: 00000	/src/quickjs/quickjs.c:27228
5920	5920	1 : View List ['js_parse_function_decl']	5920	5920	js_parse_source_element	call site: 00000	/src/quickjs/quickjs.c:29451
3953	3953	1 : View List ['js_std_dump_error']	3953	8391	test_one_input_init	call site: 04006	/src/quickjs/fuzz/fuzz_common.c:54

Runtime coverage analysis

Covered functions

586

Functions that are reachable but not covered

529

Reachable functions

942

Percentage of reachable functions covered

43.84%

NB: The sum of covered functions and functions that are reachable but not covered need not be equal to Reachable functions . This is because the reachability analysis is an approximation and thus at runtime some functions may be covered that are not included in the reachability analysis. This is a limitation of our static analysis capabilities.

Function name	source code lines	source lines hit	percentage hit

Files reached

filename	functions hit
fuzz/fuzz_eval.c	1
quickjs.c	575
libbf.c	32
./list.h	6
./cutils.h	17
./quickjs.h	18
./libbf.h	12
cutils.c	16
/usr/include/stdlib.h	1
./libunicode.h	2
libunicode.c	1
fuzz/fuzz_common.c	3
quickjs-libc.c	36
/usr/include/x86_64-linux-gnu/bits/stdio.h	1

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name	Functions filename	Arg count	Args	Function depth	hitcount	instr count	bb count	cyclomatic complexity	Reachable functions	Incoming references	total cyclomatic complexity	Unreached complexity
__JS_EvalInternal	/src/quickjs/quickjs.c	8	['N/A', 'size_t', 'size_t', 'N/A', 'size_t', 'N/A', 'int', 'int']	79	0	404	61	21	750	0	6627	2597
js_binary_arith_bigint	/src/quickjs/quickjs.c	6	['N/A', 'int', 'N/A', 'size_t', 'size_t', 'N/A']	55	0	369	55	15	665	0	4652	699
js_json_stringify	/src/quickjs/quickjs.c	5	['N/A', 'size_t', 'size_t', 'int', 'N/A']	61	0	25	3	2	599	0	4249	281
js_bigdecimal_fop	/src/quickjs/quickjs.c	6	['N/A', 'size_t', 'size_t', 'int', 'N/A', 'int']	55	0	284	41	12	630	0	4357	274
js_bigfloat_toExponential	/src/quickjs/quickjs.c	5	['N/A', 'size_t', 'size_t', 'int', 'N/A']	56	0	162	28	12	663	0	4670	222
js_regexp_Symbol_replace	/src/quickjs/quickjs.c	5	['N/A', 'size_t', 'size_t', 'int', 'N/A']	61	0	1027	125	51	599	0	4455	205
js_string_normalize	/src/quickjs/quickjs.c	5	['N/A', 'size_t', 'size_t', 'int', 'N/A']	55	0	190	31	13	581	0	4084	127

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers

1315 / 1954

Cyclomatic complexity statically reachable by fuzzers

10875 / 15417

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.

fuzz/fuzz_regexp.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['cr_op', 're_parse_char_class', 'cr_invert', 'lre_exec_backtrack', 're_parse_term', 'dbuf_insert', 're_parse_disjunction']

fuzz/fuzz_compile.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['JS_CallInternal', 'js_std_await', 'dbuf_put_u16', 'rqsort', 'JS_DefineProperty', 'JS_ToStringInternal', 'JS_GetOwnPropertyInternal', 'js_os_init']

fuzz/fuzz_eval.c

Dictionary

Use this with the libFuzzer -dict=DICT.file flag

Fuzzer function priority

Use one of these functions as input to libfuzzer with flag: -focus_function name

-focus_function=['js_os_poll', 'js_add_slow', 'JS_ToStringFree', 'rqsort', 'JS_CallInternal', 'JS_GetOwnPropertyInternal', 'js_os_init', 'JS_Throw']

This section shows analysis of runtime coverage data.

For futher technical details on how this section is generated, please see the Glossary .

Complex functions with low coverage

Func name	Function total lines	Lines covered at runtime	percentage covered	Reached by fuzzers
exchange_func	33	9	27.27%	['fuzz_regexp', 'fuzz_compile', 'fuzz_eval']
js_module_set_import_meta	44	24	54.54%	['fuzz_compile', 'fuzz_eval']
JS_NewStringLen	49	16	32.65%	['fuzz_compile', 'fuzz_eval']
JS_ToCStringLen2	77	23	29.87%	['fuzz_compile', 'fuzz_eval']
JS_GetPropertyInternal	128	33	25.78%	['fuzz_compile', 'fuzz_eval']
JS_SetPropertyInternal	244	40	16.39%	['fuzz_compile', 'fuzz_eval']
JS_DefineProperty	236	35	14.83%	['fuzz_compile', 'fuzz_eval']
JS_ToStringInternal	58	16	27.58%	['fuzz_compile', 'fuzz_eval']
is_num_string	31	13	41.93%	['fuzz_compile', 'fuzz_eval']
JS_GetOwnPropertyNamesInternal	168	70	41.66%	['fuzz_compile', 'fuzz_eval']
JS_GetOwnPropertyInternal	70	18	25.71%	['fuzz_compile', 'fuzz_eval']
JS_CallInternal	2371	270	11.38%	['fuzz_compile', 'fuzz_eval']
simple_next_token	81	28	34.56%	[]
js_host_resolve_imported_module	35	17	48.57%	['fuzz_compile', 'fuzz_eval']
js_default_module_normalize_name	46	8	17.39%	['fuzz_compile', 'fuzz_eval']
js_inner_module_linking	130	67	51.53%	['fuzz_compile', 'fuzz_eval']
js_string_define_own_property	32	11	34.37%	[]
js_parse_string	123	58	47.15%	[]
js_promise_resolve_function_call	41	19	46.34%	[]
fulfill_or_reject_promise	33	12	36.36%	[]
js_async_function_resume	45	13	28.88%	['fuzz_compile', 'fuzz_eval']
push_scope	32	13	40.62%	[]
next_token	451	157	34.81%	[]
js_parse_directives	87	28	32.18%	[]
js_parse_skip_parens_token	103	47	45.63%	[]
js_parse_postfix_expr	574	125	21.77%	[]
js_parse_array_literal	84	38	45.23%	[]
js_parse_assign_expr2	235	31	13.19%	[]
js_parse_logical_and_or	35	12	34.28%	[]
js_parse_expr_binary	163	67	41.10%	[]
js_parse_unary	121	32	26.44%	[]
get_lvalue	111	46	41.44%	[]
put_lvalue	97	34	35.05%	[]
js_parse_import	105	32	30.47%	[]
js_parse_statement_or_decl	613	38	6.199%	[]
is_let	33	5	15.15%	[]
emit_return	68	17	25.0%	[]
resolve_variables	312	69	22.11%	[]
resolve_scope_var	382	75	19.63%	[]
skip_dead_code	38	13	34.21%	[]
instantiate_hoisted_definitions	108	27	25.0%	[]
resolve_labels	757	211	27.87%	[]
ss_check	33	11	33.33%	[]
js_operators_create_internal	95	21	22.10%	['fuzz_compile', 'fuzz_eval']
bf_mul_pow_radix	51	22	43.13%	[]
__bf_round	83	35	42.16%	['fuzz_compile', 'fuzz_eval']
bf_get_rnd_add	43	20	46.51%	['fuzz_compile', 'fuzz_eval']
mp_divnorm	59	8	13.55%	[]
bf_add_internal	116	60	51.72%	[]
__bf_div	63	29	46.03%	[]
bf_atof_internal	227	104	45.81%	[]
ntt_fft_partial	50	12	24.0%	[]
js_os_poll	98	14	14.28%	['fuzz_compile', 'fuzz_eval']
JS_ToInt32Free	54	16	29.62%	['fuzz_compile', 'fuzz_eval']
js_closure	42	17	40.47%	['fuzz_compile', 'fuzz_eval']
js_closure2	32	11	34.37%	['fuzz_compile', 'fuzz_eval']
js_add_slow	107	14	13.08%	['fuzz_compile', 'fuzz_eval']
JS_ConcatStringInPlace	34	7	20.58%	['fuzz_compile', 'fuzz_eval']
put_short_code	56	12	21.42%	[]

This section shows which files and directories are considered in this report. The main reason for showing this is fuzz introspector may include more code in the reasoning than is desired. This section helps identify if too many files/directories are included, e.g. third party code, which may be irrelevant for the threat model. In the event too much is included, fuzz introspector supports a configuration file that can exclude data from the report. See the following link for more information on how to create a config file: link

Files in report

Source file	Reached by	Covered by
	[]	[]
/src/quickjs/fuzz/fuzz_eval.c	['fuzz_eval']	['fuzz_eval']
/usr/include/stdlib.h	['fuzz_compile', 'fuzz_eval']	[]
/src/quickjs/fuzz/fuzz_regexp.c	['fuzz_regexp']	['fuzz_regexp']
/src/quickjs/./libbf.h	['fuzz_compile', 'fuzz_eval']	[]
/src/quickjs/libbf.c	['fuzz_compile', 'fuzz_eval']	['fuzz_compile', 'fuzz_eval']
/src/quickjs/libunicode.c	['fuzz_regexp', 'fuzz_compile', 'fuzz_eval']	['fuzz_regexp', 'fuzz_eval']
/src/quickjs/fuzz/fuzz_compile.c	['fuzz_compile']	['fuzz_compile']
/src/quickjs/quickjs-libc.c	['fuzz_compile', 'fuzz_eval']	['fuzz_compile', 'fuzz_eval']
/src/quickjs/./libunicode.h	['fuzz_regexp', 'fuzz_compile', 'fuzz_eval']	[]
/src/quickjs/quickjs.c	['fuzz_compile', 'fuzz_eval']	['fuzz_compile', 'fuzz_eval']
/src/quickjs/./cutils.h	['fuzz_regexp', 'fuzz_compile', 'fuzz_eval']	[]
/src/quickjs/./quickjs.h	['fuzz_compile', 'fuzz_eval']	[]
/src/quickjs/fuzz/fuzz_common.c	['fuzz_compile', 'fuzz_eval']	['fuzz_compile', 'fuzz_eval']
/src/quickjs/cutils.c	['fuzz_regexp', 'fuzz_compile', 'fuzz_eval']	['fuzz_regexp', 'fuzz_compile', 'fuzz_eval']
/src/quickjs/libregexp.c	['fuzz_regexp']	['fuzz_regexp']
/usr/include/x86_64-linux-gnu/bits/stdio.h	['fuzz_compile', 'fuzz_eval']	[]
/usr/include/x86_64-linux-gnu/sys/stat.h	[]	[]
/src/quickjs/./list.h	['fuzz_compile', 'fuzz_eval']	[]

Directories in report

Directory
/src/quickjs/
/src/quickjs/./
/usr/include/x86_64-linux-gnu/bits/
/src/quickjs/fuzz/
/usr/include/
/usr/include/x86_64-linux-gnu/sys/