Missing "Functions Statically Reachable" in Introspector Report

[sg3-141-592]

Looking at a recent croniter coverage report https://storage.googleapis.com/oss-fuzz-introspector/croniter/inspector-report/20230501/fuzz_report.html the "Functions Statically Reachable" is very low 2/48.

However function coverage is pretty good. It looks like there are lots of functions that are counted as having coverage but not being "Reached by Fuzzers".

Picking croniter.croniter.croniter.get_next as a example, which is lines 191-193. We can see clear coverage in fuzz_iter - all_cov.json.

[DavidKorczynski]

There are a couple of issues at place, but I have some progress which I'll add for now, although I will try and come up with something better in the near future.

The first issue is due to some limitations in fuzz introspector's way of recognizing which modules are used. This can be overcome by helping fuzz introspector in identifying which package is being analysed. If you add this line to the build.sh in OSS-Fuzz:

export PYFUZZPACKAGE=$SRC/croniter/src/croniter

Then you will see something more meaningful, and my calltrees grow to size ~70/~80 for two of the fuzzers. Can you confirm?

The other issue at play is probably a deeper limitation in the callgraph analysis -- I'll need some more time to go over this though.

[sg3-141-592]

Thanks, setting that variable gives an initial improvement 2 -> 15 functions covered. Then I updated how croniter was imported into the fuzzers which gave an additional improvement 15 -> 22 functions covered https://github.com/google/oss-fuzz/pull/10207 . There's still a few patterns of issues, especially the nested croniter.croniter. When I get a chance I'll have a look how croniter is doing is defining these, I'm guessing this is a problem of a mismatch between how PyCG sees the callgraph compared to names in the coverage report.