Link Search Menu Expand Document

Coverage

This section explains how cifuzz can generate and visualize coverage reports. cifuzz can also be integrated directly with the IDEs CLion and VSCode.

Table of contents


Generating Coverage Reports

After running a fuzz test, you can generate a coverage report which shows the line by line coverage of the fuzzed code. It does this by executing the target software with all inputs in the corpus.

cifuzz coverage my_fuzz_test

Running the above command will create the coverage report and automatically launch your browser to view it. This will show coverage of the fuzz test itself, as well as the relevant source files. We’ll focus on coverage of the exploreMe function in explore_me.cpp here. The count column shows the number of times the fuzz test reached a given line in the source code. The line counts decrease as the fuzz test finds new inputs to reach deeper parts of the code until it triggers a heap-buffer-overflow.

IDE Integrations

cifuzz can be integrated with existing IDEs. Below are examples for CLion and VS Code.

CLion

You can start coverage runs from within CLion with the help of CMake user presets. Custom cifuzz presets can be added by running:

cifuzz integrate cmake

Those presets have to be enabled before they show up as a run configuration. See here for more details.

fuzz test in CMake

VS Code

You can start coverage runs from within VS Code with the help of tasks. See here for more details. A custom cifuzz coverage task can be added by running:

cifuzz integrate vscode

Coverage reports can be visualized with the Coverage Gutters extension.

fuzz test in CMake