Report generation date: 2025-07-02

Project overview: unit

High level conclusions

Fuzzers reach 12.41% of cyclomatic complexity.

"No files with coverage data was found. This is either because an error occurred when compiling and running coverage runs, or because the introspector run was intentionally done without coverage collection. In order to get optimal results coverage data is needed.

Reachability and coverage overview

Functions statically reachable by fuzzers

140 / 1293

Cyclomatic complexity statically reachable by fuzzers

973 / 7835

Runtime code coverage of functions

0 / 1293

Fuzzers overview

Fuzzer	Fuzzer filename	Functions Reached	Functions unreached	Fuzzer depth	Files reached	Basic blocks reached	Cyclomatic complexity	Details
fuzz_http_h1p	fuzzing/nxt_http_h1p_fuzz.c	40	1408	9	12	449	186	nxt_http_h1p_fuzz.c
fuzz_http_h1p_peer	fuzzing/nxt_http_h1p_peer_fuzz.c	43	1405	9	12	487	200	nxt_http_h1p_peer_fuzz.c
fuzz_http_controller	fuzzing/nxt_http_controller_fuzz.c	40	1408	9	12	445	184	nxt_http_controller_fuzz.c
fuzz_json	fuzzing/nxt_json_fuzz.c	108	1340	14	22	1908	750	nxt_json_fuzz.c
fuzz_basic	fuzzing/nxt_basic_fuzz.c	60	1402	9	17	802	331	nxt_basic_fuzz.c

Project functions overview

The following table shows data about each function in the project. The functions included in this table correspond to all functions that exist in the executables of the fuzzers. As such, there may be functions that are from third-party libraries.

For further technical details on the meaning of columns in the below table, please see the Glossary .

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzzer details

Fuzzer: fuzz_http_h1p

Call tree

The calltree shows the control flow of the fuzzer. This is overlaid with coverage information to display how much of the potential code a fuzzer can reach is in fact covered at runtime. In the following there is a link to a detailed calltree visualisation as well as a bitmap showing a high-level view of the calltree. For further information about these topics please see the glossary for full calltree and calltree overview

Full calltree

Call tree overview bitmap:

The project has no code coverage. Will not display blockers as blockers depend on code coverage.

Fuzzer: fuzz_http_h1p_peer

Call tree

Full calltree

Call tree overview bitmap:

The project has no code coverage. Will not display blockers as blockers depend on code coverage.

Fuzzer: fuzz_http_controller

Call tree

Full calltree

Call tree overview bitmap:

The project has no code coverage. Will not display blockers as blockers depend on code coverage.

Fuzzer: fuzz_json

Call tree

Full calltree

Call tree overview bitmap:

The project has no code coverage. Will not display blockers as blockers depend on code coverage.

Fuzzer: fuzz_basic

Call tree

Full calltree

Call tree overview bitmap:

The project has no code coverage. Will not display blockers as blockers depend on code coverage.

Analyses and suggestions

Optimal target analysis

Remaining optimal interesting functions

The following table shows a list of functions that are optimal targets. Optimal targets are identified by finding the functions that in combination, yield a high code coverage.

Func name	Functions filename	Arg count	Args	Function depth	instr count	bb count	cyclomatic complexity	Reachable functions	Incoming references	total cyclomatic complexity	Unreached complexity
`nxt_router_conf_data_handler`	/src/unit/src/nxt_router.c	2	['N/A', 'N/A']	33	345	33	11	426	0	2470	1746
`nxt_http_application_handler`	/src/unit/src/nxt_http_request.c	3	['N/A', 'N/A', 'N/A']	26	57	8	3	242	0	1409	532
`nxt_runtime_create`	/src/unit/src/nxt_runtime.c	1	['N/A']	22	285	35	17	331	0	1665	478
`nxt_controller_process_new_port_handler`	/src/unit/src/nxt_controller.c	2	['N/A', 'N/A']	29	47	9	4	275	0	1587	271
`nxt_main_port_modules_handler`	/src/unit/src/nxt_main_process.c	2	['N/A', 'N/A']	30	490	63	23	328	0	1652	230
`nxt_http_parse_request_line`	/src/unit/src/nxt_http_parse.c	3	['N/A', 'N/A', 'N/A']	16	1862	248	88	36	0	334	193
`nxt_isolation_main_prefork`	/src/unit/src/nxt_isolation.c	3	['N/A', 'N/A', 'N/A']	17	395	51	18	73	0	449	166
`nxt_http_route_handler`	/src/unit/src/nxt_http_route.c	3	['N/A', 'N/A', 'N/A']	22	213	29	9	109	0	674	150
`nxt_http_static_send`	/src/unit/src/nxt_http_static.c	3	['N/A', 'N/A', 'N/A']	26	1107	119	38	130	4	826	149
`nxt_proto_setup`	/src/unit/src/nxt_application.c	2	['N/A', 'N/A']	10	329	46	16	58	0	289	127

Implementing fuzzers that target the above functions will improve reachability such that it becomes:

Functions statically reachable by fuzzers

691 / 1293

Cyclomatic complexity statically reachable by fuzzers

4761 / 7835

All functions overview

If you implement fuzzers for these functions, the status of all functions in the project will be:

Func name	Functions filename	Args	Function call depth	Reached by Fuzzers	Runtime reached by Fuzzers	Combined reached by Fuzzers	Fuzzers runtime hit	Func lines hit %	I Count	BB Count	Cyclomatic complexity	Functions reached	Reached by functions	Accumulated cyclomatic complexity	Undiscovered complexity

Fuzz engine guidance

This sections provides heuristics that can be used as input to a fuzz engine when running a given fuzz target. The current focus is on providing input that is usable by libFuzzer.