Coverage
You can generate a coverage report for a Fuzz Test with the cifuzz coverage command:
cifuzz coverage [--option...] <fuzz test>
For the syntax of the <fuzz test> argument see this section.
Options
The cifuzz coverage command supports the following command specific options:
| Flag | Description |
|---|---|
--add-corpus <path> | Path to a directory containing inputs to be used for calculating code coverage It is used in addition to inputs found in the inputs directory of the Fuzz Test This flag can be used multiple times |
--build-command <command> | Command to build the Fuzz Test for other build systems |
--build-jobs uint[=0] | Maximum number of concurrent processes to use when building If argument is omitted the native build tool's default number is used |
--build-only | Only build the Fuzz Test and don't execute it |
--clean-command <command> | The command to clean the Fuzz Test and its dependencies for other build systems |
--engine-arg <argument> | Command-line argument to pass to the fuzzing engine See https://llvm.org/docs/LibFuzzer.html#options This flag can be used multiple times Not supported for Node.js projects |
-f, --format <format> | Output format of the coverage report e.g. html lcov(default="html") |
-o, --output <path> | Output path of the coverage report |
-p, --project <name> | The name of the CI Fuzz project you want to start a fuzzing run for, e.g. "my-project-c170bc17" |
--project-dir <dir> | The project root which is the parent for all the project sources Defaults to the directory containing the cifuzz.yaml |
-r, --resolve | Argument of the command is a path to a source file instead of a test identifier. The path can be either absolute or relative to the current working directory and will be resolved to the identifier of the corresponding Fuzz Test. |
All supported global options are documented in Learn CI Fuzz.