Coverage
You can generate a coverage report for a Fuzz Test with the cifuzz coverage command:
cifuzz coverage [--option...] <fuzz test>
For the syntax of the <fuzz test> argument see this section.
Options
The cifuzz coverage command supports the following command specific options:
| Flag | Description |
|---|---|
--add-corpus <path> | Path to a directory containing inputs to be used for calculating code coverage It is used in addition to inputs found in the inputs directory of the Fuzz Test This flag can be used multiple times |
--build-command <command> | Command to build the Fuzz Test for other build systems |
--build-jobs uint[=0] | Maximum number of concurrent processes to use when building If argument is omitted the native build tool's default number is used |
--build-only | Only build the Fuzz Test and don't execute it |
--clean-command <command> | The command to clean the Fuzz Test and its dependencies for other build systems |
--engine-arg <argument> | Command-line argument to pass to the fuzzing engine See https://llvm.org/docs/LibFuzzer.html#options This flag can be used multiple times Not supported for Node.js projects |
-f, --format <format> | Output format of the coverage report e.g. html lcov(default="html") |
-o, --output <path> | Output path of the coverage report |
-p, --project <name> | The name of the CI Fuzz project you want to start a fuzzing run for, e.g. "my-project-c170bc17" |
--project-dir <dir> | The project root which is the parent for all the project sources Defaults to the directory containing the cifuzz.yaml |
-r, --resolve | Argument of the command is a path to a source file instead of a test identifier. The path can be either absolute or relative to the current working directory and will be resolved to the identifier of the corresponding Fuzz Test. |
All supported global options are documented in Learn CI Fuzz.
IDE Integration
CMake in CLion
You can start coverage runs from within CLion by adjusting your CMakeUserPresets.json with the following command:
cifuzz integrate cmake
You have to enable those presets before they show up as a run configuration. See the CLion documentation on presets detection for more details.
Bazel in IntelliJ
To create a coverage report for your Bazel project in IntelliJ, install the Bazel plugin
and add the following lines to your .bazelrc file:
# Coverage with Replay (C/C++ only)
coverage --@rules_fuzzing//fuzzing:cc_engine=@rules_fuzzing//fuzzing/engines:replay
coverage --@rules_fuzzing//fuzzing:cc_engine_instrumentation=none
coverage --@rules_fuzzing//fuzzing:cc_engine_sanitizer=none
coverage --instrument_test_targets
coverage --action_env=BAZEL_USE_LLVM_NATIVE_COVERAGE=1
coverage --action_env=GCOV=llvm-profdata
coverage --action_env=BAZEL_LLVM_COV=llvm-cov
coverage --combined_report=lcov
coverage --experimental_use_llvm_covmap
coverage --experimental_generate_llvm_lcov
You can start a coverage run by opening the projects BUILD.bazel file and executing the Fuzz Test defined with
cc_fuzz_test with "Run ... with Coverage". This runs the Fuzz Test with the Finding inputs from the *_inputs
directory and produces a coverage report which you can view in your IDE if the Fuzz Test passes.
Maven/Gradle in IntelliJ
You can start a coverage run directly by executing the Fuzz Test with "Run ... with Coverage". This runs the Fuzz Test
with the Finding inputs from the *Inputs directory in your test resources and produces a coverage report.
CMake/Maven/Gradle in VS Code
You can start coverage runs from within VS Code with the help of tasks.
You can add a custom cifuzz coverage task by running:
cifuzz integrate vscode
The created task can then be executed in VS Code.
To visualize coverage reports you can use the Coverage Gutters extension.
Bazel in VS Code
CI Fuzz doesn't support starting a coverage run directly from VSCode for Bazel, but you can visualize a created coverage
report with the Coverage Gutters extension.
The extension requires a lcov.info file which can be created with the following flags for the cifuzz coverage command:
cifuzz coverage --format lcov --output lcov.info <Fuzz Test>