tsffs icon indicating copy to clipboard operation
tsffs copied to clipboard
verified publisher icon intel

Support Optional Coverage % Reporting

Open novafacing opened this issue 1 year ago • 3 comments

Several requests have been submitted to support a coverage percentage. This essentially requires taking the binary/driver/FW under test (or its debuginfo) as a parameter and doing relocation tracking to translate binary PC to loaded address to determine coverage.

novafacing avatar Apr 19 '24 18:04 novafacing

Would it be possible to hook into how simics currently tracks coverage?

cglosner avatar Apr 22 '24 17:04 cglosner

Likely! Especially for UEFI, we can probably use the FW tracker to pull debuginfo.

novafacing avatar Apr 22 '24 19:04 novafacing

After some very hackyish testing for UEFI, it is possible to get the relocations from simics by utilizing the existing debug info. As long as the program compiled in debug mode then even the function relocations are extracted and the granularity of the coverage info can be somewhat controlled.

I do the mapping post running the fuzzer with a python script, but it should be possible to add it internally. I currently use the fuzzer though to capture the relocations and output the info.

cglosner avatar Apr 23 '24 19:04 cglosner