Fuzz introspector: xrow_decode_dml_fuzzer
For issues and ideas: https://github.com/ossf/fuzz-introspector/issues

Fuzz blockers

The followings are the branches where fuzzer fails to bypass.

Unique non-covered Complexity Unique Reachable Complexities Unique Reachable Functions All non-covered Complexity All Reachable Complexity Function Name Function Callsite Blocked Branch
262 262 1 :

['cord_on_demand']

266 266 fiber_set_name_n call site: 00209 /src/tarantool/src/lib/core/fiber.c:1220
23 23 4 :

['tt_strerror', '__errno_location', 'exit', 'say_log_level_is_enabled.1719']

23 23 clock_monotonic call site: 00000 /src/tarantool/src/lib/core/clock.c:51
23 23 4 :

['tt_strerror', '__errno_location', 'exit', 'say_log_level_is_enabled.1439']

23 23 clock_lowres_signal_init call site: 00000 /src/tarantool/src/lib/core/clock_lowres.c:69
21 21 1 :

['mmap_checked']

21 34 slab_arena_create call site: 00000 /src/tarantool/src/lib/small/small/slab_arena.c:204
8 568 8 :

['__errno_location', 'say_log_level_is_enabled', 'diag_get', 'bit_ctz_u64', 'dump_row_hex', 'iproto_key_name', 'diag_set_error', 'BuildClientError']

8 568 xrow_decode_dml_internal call site: 00370 /src/tarantool/src/box/xrow.c:993
8 8 1 :

['tt_pthread_setname']

8 8 cord_set_name call site: 00305 /src/tarantool/src/lib/core/fiber.c:2232
6 6 3 :

['sigaddset', 'pthread_sigmask', 'sigemptyset']

6 6 ev_signal_start call site: 00000 /src/tarantool/third_party/libev/ev.c:4680
4 4 2 :

['atoi', 'getenv']

386 572 loop_init call site: 00000 /src/tarantool/third_party/libev/ev.c:3302
4 4 2 :

['close', 'dup2']

4 8 evpipe_alloc call site: 00000 /src/tarantool/third_party/libev/ev.c:2764
4 4 4 :

['malloc', 'exit', 'realloc', 'say_log_level_is_enabled.370']

4 4 fiber_set_name_n call site: 00210 /src/tarantool/src/lib/core/fiber.c:1223
2 39 4 :

['ev_unref', 'ev_io_start', '__errno_location', 'fd_intern']

24 134 ev_signal_start call site: 00000 /src/tarantool/third_party/libev/ev.c:4629
2 2 1 :

['getpid']

401 587 loop_init call site: 00000 /src/tarantool/third_party/libev/ev.c:3298

Fuzzer calltree

0 LLVMFuzzerTestOneInput [function] [call site] 00000
1 mp_check [function] [call site] 00001
2 mp_load_u8 [function] [call site] 00002
2 mp_load_u8 [function] [call site] 00003
2 mp_load_u8 [function] [call site] 00004
2 mp_load_u16 [function] [call site] 00005
2 mp_load_u32 [function] [call site] 00006
2 mp_load_u16 [function] [call site] 00007
2 mp_load_u32 [function] [call site] 00008
2 mp_load_u16 [function] [call site] 00009
2 mp_load_u32 [function] [call site] 00010
2 mp_load_u8 [function] [call site] 00011
2 mp_load_u8 [function] [call site] 00012
2 mp_load_u16 [function] [call site] 00013
2 mp_load_u8 [function] [call site] 00014
2 mp_load_u32 [function] [call site] 00015
2 mp_load_u8 [function] [call site] 00016
2 __assert_fail [call site] 00017
2 __assert_fail [call site] 00018
1 xrow_decode_dml [function] [call site] 00019
2 xrow_decode_dml_internal [function] [call site] 00020
3 __assert_fail [call site] 00021
3 __errno_location [call site] 00022
3 say_log_level_is_enabled [function] [call site] 00023
3 BuildClientError [function] [call site] 00024
4 Exception::operator new(unsigned long) [function] [call site] 00025
5 alloc_failure(char const*, int, unsigned long) [function] [call site] 00026
6 fprintf [call site] 00027
6 exit [call site] 00028
4 ClientError::ClientError(char const*, unsigned int, unsigned int, ...) [function] [call site] 00029
5 ClientError::ClientError(type_info const*, char const*, unsigned int, unsigned int) [function] [call site] 00030
6 Exception::Exception(type_info const*, char const*, unsigned int) [function] [call site] 00031
7 error_create [function] [call site] 00032
8 error_payload_create [function] [call site] 00033
8 error_set_location [function] [call site] 00034
9 snprintf [call site] 00035
7 exception_destroy(error*) [function] [call site] 00036
8 Exception::~Exception() [function] [call site] 00037
6 rmean_collect [function] [call site] 00038
7 __assert_fail [call site] 00039
6 Exception::~Exception() [function] [call site] 00040
7 __assert_fail [call site] 00041
5 client_error_create(error*, __va_list_tag*) [function] [call site] 00042
6 tnt_errcode_record(unsigned int) [function] [call site] 00043
6 error_vformat_msg [function] [call site] 00044
7 error_msg_is_malloced [function] [call site] 00045
7 vsnprintf [call site] 00046
7 alloc_failure [function] [call site] 00047
7 vsnprintf [call site] 00048
7 __assert_fail [call site] 00049
6 error_set_str(error*, char const*, char const*) [function] [call site] 00050
7 error_payload_set_str [function] [call site] 00051
8 strlen [call site] 00052
8 mp_sizeof_str [function] [call site] 00053
9 mp_sizeof_strl [function] [call site] 00054
8 error_payload_prepare [function] [call site] 00055
9 grp_alloc_initializer [function] [call site] 00056
9 strcmp [call site] 00057
9 realloc [call site] 00058
9 alloc_failure [function] [call site] 00059
9 grp_alloc_reserve_data [function] [call site] 00060
9 grp_alloc_reserve_str0 [function] [call site] 00061
10 strlen [call site] 00062
10 grp_alloc_reserve_str [function] [call site] 00063
9 grp_alloc_reserve_data [function] [call site] 00064
9 grp_alloc_size [function] [call site] 00065
9 alloc_failure [function] [call site] 00066
9 grp_alloc_create_data [function] [call site] 00067
9 grp_alloc_create_str0 [function] [call site] 00068
10 strlen [call site] 00069
10 grp_alloc_create_str [function] [call site] 00070
9 grp_alloc_create_data [function] [call site] 00071
9 grp_alloc_size [function] [call site] 00072
8 mp_encode_str [function] [call site] 00073
9 mp_encode_strl [function] [call site] 00074
10 mp_store_u8 [function] [call site] 00075
10 mp_store_u8 [function] [call site] 00076
10 mp_store_u8 [function] [call site] 00077
10 mp_store_u8 [function] [call site] 00078
10 mp_store_u16 [function] [call site] 00079
10 mp_store_u8 [function] [call site] 00080
10 mp_store_u32 [function] [call site] 00081
9 mp_memcpy [function] [call site] 00082
6 error_set_int(error*, char const*, long) [function] [call site] 00083
7 error_payload_set_int [function] [call site] 00084
8 error_payload_set_uint [function] [call site] 00085
9 mp_sizeof_uint [function] [call site] 00086
9 error_payload_prepare [function] [call site] 00087
9 mp_encode_uint [function] [call site] 00088
10 mp_store_u8 [function] [call site] 00089
10 mp_store_u8 [function] [call site] 00090
10 mp_store_u8 [function] [call site] 00091
10 mp_store_u8 [function] [call site] 00092
10 mp_store_u16 [function] [call site] 00093
10 mp_store_u8 [function] [call site] 00094
10 mp_store_u32 [function] [call site] 00095
10 mp_store_u8 [function] [call site] 00096
10 mp_store_u64 [function] [call site] 00097
8 mp_sizeof_int [function] [call site] 00098
9 __assert_fail [call site] 00099
8 error_payload_prepare [function] [call site] 00100
8 mp_encode_int [function] [call site] 00101
9 __assert_fail [call site] 00102
9 mp_store_u8 [function] [call site] 00103
9 mp_store_u8 [function] [call site] 00104
9 mp_store_u8 [function] [call site] 00105
9 mp_store_u8 [function] [call site] 00106
9 mp_store_u16 [function] [call site] 00107
9 mp_store_u8 [function] [call site] 00108
9 mp_store_u32 [function] [call site] 00109
9 mp_store_u8 [function] [call site] 00110
9 mp_store_u64 [function] [call site] 00111
6 error_set_uint(error*, char const*, unsigned long) [function] [call site] 00112
6 error_set_int(error*, char const*, long) [function] [call site] 00113
6 error_set_uint(error*, char const*, unsigned long) [function] [call site] 00114
6 error_set_int(error*, char const*, long) [function] [call site] 00115
6 error_set_uint(error*, char const*, unsigned long) [function] [call site] 00116
6 error_set_str(error*, char const*, char const*) [function] [call site] 00117
6 __assert_fail [call site] 00118
6 mp_next [function] [call site] 00119
7 mp_load_u8 [function] [call site] 00120
7 mp_load_u8 [function] [call site] 00121
7 mp_next_slowpath [function] [call site] 00122
8 mp_load_u8 [function] [call site] 00123
8 mp_load_u64 [function] [call site] 00124
8 mp_load_u8 [function] [call site] 00125
8 mp_load_u16 [function] [call site] 00126
8 mp_load_u32 [function] [call site] 00127
8 mp_load_u16 [function] [call site] 00128
8 mp_load_u32 [function] [call site] 00129
8 mp_load_u16 [function] [call site] 00130
8 mp_load_u32 [function] [call site] 00131
8 mp_load_u8 [function] [call site] 00132
8 mp_load_u8 [function] [call site] 00133
8 mp_load_u16 [function] [call site] 00134
8 mp_load_u8 [function] [call site] 00135
8 mp_load_u32 [function] [call site] 00136
8 mp_load_u8 [function] [call site] 00137
8 __assert_fail [call site] 00138
6 error_set_mp(error*, char const*, char const*, unsigned int) [function] [call site] 00139
7 error_payload_set_mp [function] [call site] 00140
8 error_payload_prepare [function] [call site] 00141
8 error_payload_prepare [function] [call site] 00142
6 __assert_fail [call site] 00143
6 tuple_data(tuple*) [function] [call site] 00144
7 tuple_data_offset(tuple*) [function] [call site] 00145
8 __assert_fail [call site] 00146
6 tuple_bsize(tuple*) [function] [call site] 00147
6 error_set_mp(error*, char const*, char const*, unsigned int) [function] [call site] 00148
6 __assert_fail [call site] 00149
6 strncmp [call site] 00150
6 error_set_str(error*, char const*, char const*) [function] [call site] 00151
5 ClientError::~ClientError() [function] [call site] 00152
6 Exception::~Exception() [function] [call site] 00153
4 client_error_create(error*, __va_list_tag*) [function] [call site] 00154
4 __cxa_begin_catch [call site] 00155
4 __cxa_end_catch [call site] 00156
3 diag_get [function] [call site] 00157
4 cord_on_demand [function] [call site] 00158
5 CordOnDemand::get() [function] [call site] 00159
6 CordOnDemand::CordOnDemand() [function] [call site] 00160
7 calloc [call site] 00161
7 alloc_failure(char const*, int, unsigned long) [function] [call site] 00162
7 cord_create [function] [call site] 00163
8 cord_on_demand [function] [call site] 00164
8 slab_cache_set_thread [function] [call site] 00165
9 pthread_self [call site] 00166
8 pthread_self [call site] 00167
8 slab_cache_create [function] [call site] 00168
9 small_getpagesize [function] [call site] 00169
10 sysconf [call site] 00170
9 __assert_fail [call site] 00171
9 small_lb [function] [call site] 00172
9 small_lb [function] [call site] 00173
9 slab_list_create [function] [call site] 00174
10 small_stats_reset [function] [call site] 00175
9 slab_list_create [function] [call site] 00176
9 slab_cache_set_thread [function] [call site] 00177
8 mempool_create [function] [call site] 00178
9 slab_order [function] [call site] 00179
9 __assert_fail [call site] 00180
9 mempool_create_with_order [function] [call site] 00181
10 __assert_fail [call site] 00182
10 slab_list_create [function] [call site] 00183
10 mslab_tree_new [function] [call site] 00184
10 slab_order_size [function] [call site] 00185
10 mslab_sizeof [function] [call site] 00186
11 small_align [function] [call site] 00187
12 __assert_fail [call site] 00188
12 __assert_fail [call site] 00189
10 __assert_fail [call site] 00190
10 slab_order_size [function] [call site] 00191
8 mh_i64ptr_new [function] [call site] 00192
9 calloc [call site] 00193
9 alloc_failure [function] [call site] 00194
9 calloc [call site] 00195
9 alloc_failure [function] [call site] 00196
9 calloc [call site] 00197
9 alloc_failure [function] [call site] 00198
9 calloc [call site] 00199
9 alloc_failure [function] [call site] 00200
8 fiber_reset [function] [call site] 00201
9 clock_stat_reset [function] [call site] 00202
8 diag_create [function] [call site] 00203
8 region_create [function] [call site] 00204
9 slab_list_create [function] [call site] 00205
8 fiber_gc_checker_init [function] [call site] 00206
8 fiber_set_name [function] [call site] 00207
9 strlen [call site] 00208
9 fiber_set_name_n [function] [call site] 00209
10 cord_on_demand [function] [call site] 00210
10 realloc [call site] 00211
10 say_log_level_is_enabled [function] [call site] 00212
10 exit [call site] 00213
8 fiber_schedule_wakeup [function] [call site] 00214
9 cord_on_demand [function] [call site] 00215
9 fiber_check_gc [function] [call site] 00216
10 cord_on_demand [function] [call site] 00217
10 region_used [function] [call site] 00218
10 __assert_fail [call site] 00219
10 region_used [function] [call site] 00220
10 say_log_level_is_enabled [function] [call site] 00221
10 abort [call site] 00222
9 fiber_schedule_list [function] [call site] 00223
10 __assert_fail [call site] 00224
10 __assert_fail [call site] 00225
10 cord_on_demand [function] [call site] 00226
10 cord_on_demand [function] [call site] 00227
10 __assert_fail [call site] 00228
10 cord_on_demand [function] [call site] 00229
10 clock_set_on_csw [function] [call site] 00230
11 cord_on_demand [function] [call site] 00231
11 cpu_stat_on_csw [function] [call site] 00232
12 clock_monotonic64 [function] [call site] 00233
13 clock_gettime [call site] 00234
13 say_log_level_is_enabled [function] [call site] 00235
13 __errno_location [call site] 00236
13 tt_strerror [function] [call site] 00237
14 tt_static_buf [function] [call site] 00238
15 static_aligned_alloc [function] [call site] 00239
16 static_aligned_reserve [function] [call site] 00240
17 static_reserve [function] [call site] 00241
17 small_align [function] [call site] 00242
14 strerror_r [call site] 00243
11 cord_on_demand [function] [call site] 00244
11 clock_stat_add_delta [function] [call site] 00245
11 clock_stat_add_delta [function] [call site] 00246
10 fiber_call_impl [function] [call site] 00247
11 cord_on_demand [function] [call site] 00248
11 cord_on_demand [function] [call site] 00249
11 __assert_fail [call site] 00250
11 __assert_fail [call site] 00251
11 __assert_fail [call site] 00252
11 __assert_fail [call site] 00253
11 __assert_fail [call site] 00254
11 __assert_fail [call site] 00255
11 __assert_fail [call site] 00256
11 __assert_fail [call site] 00257
11 cord_is_main [function] [call site] 00258
12 cord_on_demand [function] [call site] 00259
11 cord_reset_slice [function] [call site] 00260
12 cord_is_main [function] [call site] 00261
12 __assert_fail [call site] 00262
12 clock_lowres_monotonic [function] [call site] 00263
13 clock_lowres_thread_is_owner [function] [call site] 00264
14 pthread_self [call site] 00265
13 __assert_fail [call site] 00266
12 cord_on_demand [function] [call site] 00267
12 cord_on_demand [function] [call site] 00268
12 cord_on_demand [function] [call site] 00269
11 coro_transfer [call site] 00270
8 fiber_schedule_idle [function] [call site] 00271
8 cord_is_main [function] [call site] 00272
8 fiber_top_init [function] [call site] 00273
9 cord_on_demand [function] [call site] 00274
9 loop_on_iteration_end [function] [call site] 00275
10 cord_on_demand [function] [call site] 00276
10 __assert_fail [call site] 00277
10 cord_on_demand [function] [call site] 00278
10 clock_set_on_csw [function] [call site] 00279
10 cord_on_demand [function] [call site] 00280
10 cord_on_demand [function] [call site] 00281
10 cpu_stat_end [function] [call site] 00282
11 clock_thread64 [function] [call site] 00283
12 clock_gettime [call site] 00284
12 say_log_level_is_enabled [function] [call site] 00285
12 __errno_location [call site] 00286
12 tt_strerror [function] [call site] 00287
11 cord_on_demand [function] [call site] 00288
10 cord_on_demand [function] [call site] 00289
10 clock_stat_update [function] [call site] 00290
11 clock_diff_accumulate [function] [call site] 00291
10 cord_on_demand [function] [call site] 00292
10 clock_stat_update [function] [call site] 00293
10 cord_on_demand [function] [call site] 00294
10 clock_stat_update [function] [call site] 00295
9 cord_on_demand [function] [call site] 00296
9 loop_on_iteration_start [function] [call site] 00297
10 cord_on_demand [function] [call site] 00298
10 cpu_stat_start [function] [call site] 00299
11 clock_monotonic64 [function] [call site] 00300
11 clock_thread64 [function] [call site] 00301
8 cord_set_name [function] [call site] 00302
9 cord_on_demand [function] [call site] 00303
9 snprintf [call site] 00304
9 cord_is_main [function] [call site] 00305
9 tt_pthread_setname [function] [call site] 00306
10 snprintf [call site] 00307
10 pthread_self [call site] 00308
8 trigger_init_in_thread [function] [call site] 00309
9 cord_on_demand [function] [call site] 00310
9 mempool_create(mempool*, slab_cache*, unsigned int) [function] [call site] 00311
8 signal_stack_init [function] [call site] 00312
9 alloc_failure [function] [call site] 00313
9 say_log_level_is_enabled [function] [call site] 00314
9 __errno_location [call site] 00315
9 _say_strerror [function] [call site] 00316
10 tt_strerror [function] [call site] 00317
3 diag_set_error [function] [call site] 00318
4 __assert_fail [call site] 00319
4 error_ref [function] [call site] 00320
5 say_log_level_is_enabled [function] [call site] 00321
4 diag_clear [function] [call site] 00322
5 error_unref [function] [call site] 00323
6 __assert_fail [call site] 00324
6 error_msg_is_malloced [function] [call site] 00325
6 error_payload_destroy [function] [call site] 00326
4 error_unlink_effect [function] [call site] 00327
5 __assert_fail [call site] 00328
5 error_unref [function] [call site] 00329
3 dump_row_hex [function] [call site] 00330
4 tt_static_buf [function] [call site] 00331
4 say_log_level_is_enabled [function] [call site] 00332
4 snprintf [call site] 00333
4 snprintf [call site] 00334
4 say_log_level_is_enabled [function] [call site] 00335
3 mp_decode_map [function] [call site] 00336
4 mp_load_u8 [function] [call site] 00337
4 mp_load_u16 [function] [call site] 00338
4 mp_load_u32 [function] [call site] 00339
4 __assert_fail [call site] 00340
3 mp_next [function] [call site] 00341
3 mp_next [function] [call site] 00342
3 mp_decode_uint [function] [call site] 00343
4 mp_load_u8 [function] [call site] 00344
4 mp_load_u8 [function] [call site] 00345
4 mp_load_u16 [function] [call site] 00346
4 mp_load_u32 [function] [call site] 00347
4 mp_load_u64 [function] [call site] 00348
4 __assert_fail [call site] 00349
3 mp_next [function] [call site] 00350
3 iproto_key_bit [function] [call site] 00351
3 mp_decode_uint [function] [call site] 00352
3 mp_decode_uint [function] [call site] 00353
3 mp_decode_uint [function] [call site] 00354
3 mp_decode_uint [function] [call site] 00355
3 mp_decode_uint [function] [call site] 00356
3 mp_decode_uint [function] [call site] 00357
3 mp_decode_bool [function] [call site] 00358
4 mp_load_u8 [function] [call site] 00359
4 __assert_fail [call site] 00360
3 mp_decode_str [function] [call site] 00361
4 __assert_fail [call site] 00362
4 mp_decode_strl [function] [call site] 00363
5 mp_load_u8 [function] [call site] 00364
5 mp_load_u8 [function] [call site] 00365
5 mp_load_u16 [function] [call site] 00366
5 mp_load_u32 [function] [call site] 00367
5 __assert_fail [call site] 00368
3 mp_decode_str [function] [call site] 00369
3 iproto_key_bit [function] [call site] 00370
3 bit_ctz_u64 [function] [call site] 00371
3 __errno_location [call site] 00372
3 say_log_level_is_enabled [function] [call site] 00373
3 iproto_key_name [function] [call site] 00374
3 BuildClientError [function] [call site] 00375
3 diag_get [function] [call site] 00376
3 diag_set_error [function] [call site] 00377
3 dump_row_hex [function] [call site] 00378