Coverage
You can generate a coverage report for a fuzz test with the cifuzz coverage command:
cifuzz coverage [--option...] <fuzz test>
Command options
| Flag | Default | Description |
|---|---|---|
--add-corpus <stringArray> | Directory containing inputs used for calculating code coverage. Used in addition to inputs found in the directory of the fuzz test. This flag can be used multiple times. | |
--build-command <string> | Command to build the fuzz test for build system "other". | |
--build-jobs uint | 8 | Maximum number of concurrent processes used for building. If set to zero, the default of the native build tool is used.Defaults to the number of cores on your machine. |
--build-only | Build the fuzz tests but don't execute them. | |
--coverage-excludes <stringArray> | Exclude files from coverage reporting via glob patterns. Double asterisks (**) match any number of directories. Multiple exclude glob patterns are possible by setting the flag several times, by using ";" as a separator or by specifying 'coverage-excludes' (list) in cifuzz.yaml. | |
--coverage-includes <stringArray> | [**/**] | Include files in coverage reporting via glob patterns. Double asterisks (**) match any number of directories. Multiple include glob patterns are possible by setting the flag several times, by using ";" as a separator or by specifying 'coverage-includes' (list) in cifuzz.yaml. |
--engine-arg <stringArray> | Command-line arguments to pass to the fuzzing engine. This flag can be used multiple times or by specifying 'engine-args' (list) in cifuzz.yaml. See: https://llvm.org/docs/LibFuzzer.html#options | |
-f, --format <string> | html | Output format of the coverage report: "html", "lcov". |
--list-fuzz-tests-command <string> | Provide a command that lists the names of already existing fuzz tests in your project. The listed names should be separated by whitespace and can't include whitespaces themselves, i.e. 'fuzz_test1 fuzz_test_2 ...' | |
-o, --output <string> | Output path of the coverage report. | |
--project-dir <string> | Path to project root. Defaults to the directory containing the cifuzz.yaml. | |
-r, --resolve | Set if fuzz test argument of the command is path to a source file instead of an identifier. Path can be absolute or relative to the current working directory and will be resolved to the identifier of the corresponding fuzz test. | |
--summary-output <string> | Generate JSON coverage summary at the given output path. | |
--test-reports <string> | Output directory for the single fuzz test lcov coverage reports. |
For the syntax of the <fuzz test> argument see this section.