Coverage
You can generate a coverage report for a fuzz test with the cifuzz coverage command:
cifuzz coverage [--option...] <fuzz test>
For the syntax of the <fuzz test> argument see this section.
Options
The cifuzz coverage command supports the following command specific options:
| Flag | Description |
|---|---|
--add-corpus <stringArray> | Directory containing inputs used for calculating code coverage. Used in addition to inputs found in the directory of the fuzz test. This flag can be used multiple times. |
--build-command <string> | Command to build the fuzz test for build system "other". |
--build-jobs uint[=0] | Maximum number of concurrent processes used for building. If argument is omitted, default of the native build tool is used. |
--build-only | Build the fuzz tests but don't execute them. |
--clean-command <string> | Command to clean the fuzz test and its dependencies for build system "other". |
--coverage-excludes <stringArray> | Exclude files from coverage reporting via glob patterns. Double asterisks (**) match any number of directories. |
--coverage-includes <stringArray> | Include files in coverage reporting via glob patterns. Double asterisks () match any number of directories. (default [/**]) |
--engine-arg <stringArray> | Command-line arguments to pass to the fuzzing engine. This flag can be used multiple times. For libFuzzer see: https://llvm.org/docs/LibFuzzer.html#options For AFL see: https://www.mankier.com/8/afl-fuzz |
-f, --format <string> | Output format of the coverage report: "html", "lcov". (default "html") |
-o, --output <string> | Output path of the coverage report. |
--project-dir <string> | Path to project root. Defaults to the directory containing the cifuzz.yaml. |
-r, --resolve | Set if fuzz test argument of the command is path to a source file instead of an identifier. Path can be absolute or relative to the current working directory and will be resolved to the identifier of the corresponding fuzz test. |
--summary-output <string> | Output path for the coverage summary. |
--test-reports <string> | Output directory for the single fuzz test lcov coverage reports. |
You can find documentation on all supported global options on the "Learn CI Fuzz" page.