oss-fuzz/docs/code_coverage.md

# Code Coverage

You can generate code coverage report for your project using [Clang Source-based
Code Coverage].


## Pull the latest Docker images

Docker images get regularly updated with a newer version of build tools, build
configurations, scripts, and other changes. It is recommended to use the most
recent images for a better user experience.


```bash
python infra/helper.py pull_images
```


## Build fuzz targets

Code Coverage report generation requires a special build configuration to be
used. In order to produce such build for your project, run:

```bash
python infra/helper.py build_image $project_name
python infra/helper.py build_fuzzers --sanitizer=coverage $project_name
```


## Establish access to GCS

To get a good understanding of quality of the fuzz testing established for your
project, code coverage should be generated by running fuzz targets against the
corpus aggregated by OSS-Fuzz. The helper script will download the corpus
automatically using `gsutil` tool. To make it work, you need:

* Install [gsutil tool]
* Check whether you have access to the corpus for your project:

```bash
gsutil ls gs://${project_name}-corpus.clusterfuzz-external.appspot.com/
```

If you see an authorization error from the command above, run:

```bash
gcloud auth login
```

and try again. Once `gsutil` works, you can run the report generation.


## Generating code coverage reports

### Full project report

To generate code coverage report using the corpus aggregated on OSS-Fuzz, run:

```bash
python infra/helper.py coverage $project_name
```

If you want to generate code coverage report using the corpus you have locally,
copy the corpus into `build/corpus/$project_name/$fuzz_target/` directories for
each fuzz target, then run:

```bash
python infra/helper.py coverage --no-corpus-download $project_name
```

### Single fuzz target

You can generate a code coverage report for a particular fuzz target with
`--fuzz-target` argument:

```bash
python infra/helper.py coverage --fuzz-target=<fuzz_target_name> $project_name
```

In this mode, you can specify an arbitrary corpus location for the fuzz target
via `--corpus-dir` to be used instead of the corpus downloaded from OSS-Fuzz:

```bash
python infra/helper.py coverage --fuzz-target=<fuzz_target_name> --corpus-dir=<my_local_corpus_dir> $project_name
```

### Additional arguments for `llvm-cov`

You may want to use some of the options of [llvm-cov tool], for example,
`-ignore-filename-regex=`. You can pass those to the helper script after `--`:

```bash
python infra/helper.py coverage $project_name -- -ignore-filename-regex=.*code/to/be/ignored/.* <other_extra_args>
```

To specify particular source files or directories to show in the report, list
their paths at the end of the extra arguments sequence, for example:

```bash
python infra/helper.py coverage zlib -- <other_extra_args> /src/zlib/inftrees.c /src/zlib_uncompress_fuzzer.cc /src/zlib/zutil.c
```

If you want OSS-Fuzz to use some extra arguments when generating code coverage
reports for your project, add the arguments into `project.yaml` file as follows:

```yaml
coverage_extra_args: -ignore-filename-regex=.*crc.* -ignore-filename-regex=.*adler.* <other_extra_args>
```


[Clang Source-based Code Coverage]: https://clang.llvm.org/docs/SourceBasedCodeCoverage.html
[gsutil tool]: https://cloud.google.com/storage/docs/gsutil_install
[llvm-cov tool]: https://llvm.org/docs/CommandGuide/llvm-cov.html
[infra] Enable clange code coverage reports generation for local runs. (#1494) * [infra] Enable clange code coverage reports generation for local runs. * Use runner image and move corpus management to the helper.py . * Clean up, delete unnecessary stuff, add comments. * Run fuzz targets in parallel. Do not exit in case of an error. * Address review feedback, except of the threading thing. * Fix a typo. * Use ThreadPool implementatino available in standard python2.7 package. * Add dry run support + no corpus download option. * Fix flags handling + add log output in case of an error. * Append arguments for fuzz target instead of replacing them. * Remove dry run functionality as it currently errors out after two runs. * Fix some spacing in the code. * Update documentation regarding new code coverage script. 2018-06-14 22:00:46 +00:00			`# Code Coverage`

			`You can generate code coverage report for your project using [Clang Source-based`
			`Code Coverage].`


[docs] Add pull_images command to the code coverage documentation page. (#1644) 2018-07-23 15:02:28 +00:00			`## Pull the latest Docker images`

			`Docker images get regularly updated with a newer version of build tools, build`
			`configurations, scripts, and other changes. It is recommended to use the most`
			`recent images for a better user experience.`


			```bash
			`python infra/helper.py pull_images`
			```


[infra] Enable clange code coverage reports generation for local runs. (#1494) * [infra] Enable clange code coverage reports generation for local runs. * Use runner image and move corpus management to the helper.py . * Clean up, delete unnecessary stuff, add comments. * Run fuzz targets in parallel. Do not exit in case of an error. * Address review feedback, except of the threading thing. * Fix a typo. * Use ThreadPool implementatino available in standard python2.7 package. * Add dry run support + no corpus download option. * Fix flags handling + add log output in case of an error. * Append arguments for fuzz target instead of replacing them. * Remove dry run functionality as it currently errors out after two runs. * Fix some spacing in the code. * Update documentation regarding new code coverage script. 2018-06-14 22:00:46 +00:00			`## Build fuzz targets`

			`Code Coverage report generation requires a special build configuration to be`
			`used. In order to produce such build for your project, run:`

			```bash
			`python infra/helper.py build_image $project_name`
code_coverage.md: fix coverage tool invocations (#1870) s/profile/coverage/ 2018-10-12 06:16:51 +00:00			`python infra/helper.py build_fuzzers --sanitizer=coverage $project_name`
[infra] Enable clange code coverage reports generation for local runs. (#1494) * [infra] Enable clange code coverage reports generation for local runs. * Use runner image and move corpus management to the helper.py . * Clean up, delete unnecessary stuff, add comments. * Run fuzz targets in parallel. Do not exit in case of an error. * Address review feedback, except of the threading thing. * Fix a typo. * Use ThreadPool implementatino available in standard python2.7 package. * Add dry run support + no corpus download option. * Fix flags handling + add log output in case of an error. * Append arguments for fuzz target instead of replacing them. * Remove dry run functionality as it currently errors out after two runs. * Fix some spacing in the code. * Update documentation regarding new code coverage script. 2018-06-14 22:00:46 +00:00			```


			`## Establish access to GCS`

			`To get a good understanding of quality of the fuzz testing established for your`
			`project, code coverage should be generated by running fuzz targets against the`
			`corpus aggregated by OSS-Fuzz. The helper script will download the corpus`
[infra] Fix helper.py as per feedback from @evverx + fix issues from #1519. (#1520) * [infra] Fix helper.py as per feedback from @evverx + fix issues from #1519. * Remove stuff from local testing * Suppress unnecessary output from GSUtil. 2018-06-15 17:44:18 +00:00			automatically using `gsutil` tool. To make it work, you need:

			`* Install [gsutil tool]`
			`* Check whether you have access to the corpus for your project:`
[infra] Enable clange code coverage reports generation for local runs. (#1494) * [infra] Enable clange code coverage reports generation for local runs. * Use runner image and move corpus management to the helper.py . * Clean up, delete unnecessary stuff, add comments. * Run fuzz targets in parallel. Do not exit in case of an error. * Address review feedback, except of the threading thing. * Fix a typo. * Use ThreadPool implementatino available in standard python2.7 package. * Add dry run support + no corpus download option. * Fix flags handling + add log output in case of an error. * Append arguments for fuzz target instead of replacing them. * Remove dry run functionality as it currently errors out after two runs. * Fix some spacing in the code. * Update documentation regarding new code coverage script. 2018-06-14 22:00:46 +00:00
			```bash
			`gsutil ls gs://${project_name}-corpus.clusterfuzz-external.appspot.com/`
			```

			`If you see an authorization error from the command above, run:`

			```bash
			`gcloud auth login`
			```

			and try again. Once `gsutil` works, you can run the report generation.


			`## Generating code coverage reports`

[infra] helper.py: support "profile" command for a single fuzz target with arbitrary corpus location. (#1535) * [infra] helper.py: support "profile" command for a single fuzz target with arbitrary corpus location. * Address review feedback. * Update code_coverage.md page. 2018-06-18 21:19:48 +00:00			`### Full project report`

[infra] Enable clange code coverage reports generation for local runs. (#1494) * [infra] Enable clange code coverage reports generation for local runs. * Use runner image and move corpus management to the helper.py . * Clean up, delete unnecessary stuff, add comments. * Run fuzz targets in parallel. Do not exit in case of an error. * Address review feedback, except of the threading thing. * Fix a typo. * Use ThreadPool implementatino available in standard python2.7 package. * Add dry run support + no corpus download option. * Fix flags handling + add log output in case of an error. * Append arguments for fuzz target instead of replacing them. * Remove dry run functionality as it currently errors out after two runs. * Fix some spacing in the code. * Update documentation regarding new code coverage script. 2018-06-14 22:00:46 +00:00			`To generate code coverage report using the corpus aggregated on OSS-Fuzz, run:`

			```bash
code_coverage.md: fix coverage tool invocations (#1870) s/profile/coverage/ 2018-10-12 06:16:51 +00:00			`python infra/helper.py coverage $project_name`
[infra] Enable clange code coverage reports generation for local runs. (#1494) * [infra] Enable clange code coverage reports generation for local runs. * Use runner image and move corpus management to the helper.py . * Clean up, delete unnecessary stuff, add comments. * Run fuzz targets in parallel. Do not exit in case of an error. * Address review feedback, except of the threading thing. * Fix a typo. * Use ThreadPool implementatino available in standard python2.7 package. * Add dry run support + no corpus download option. * Fix flags handling + add log output in case of an error. * Append arguments for fuzz target instead of replacing them. * Remove dry run functionality as it currently errors out after two runs. * Fix some spacing in the code. * Update documentation regarding new code coverage script. 2018-06-14 22:00:46 +00:00			```

			`If you want to generate code coverage report using the corpus you have locally,`
[infra] Fix helper.py as per feedback from @evverx + fix issues from #1519. (#1520) * [infra] Fix helper.py as per feedback from @evverx + fix issues from #1519. * Remove stuff from local testing * Suppress unnecessary output from GSUtil. 2018-06-15 17:44:18 +00:00			copy the corpus into `build/corpus/$project_name/$fuzz_target/` directories for
			`each fuzz target, then run:`
[infra] Enable clange code coverage reports generation for local runs. (#1494) * [infra] Enable clange code coverage reports generation for local runs. * Use runner image and move corpus management to the helper.py . * Clean up, delete unnecessary stuff, add comments. * Run fuzz targets in parallel. Do not exit in case of an error. * Address review feedback, except of the threading thing. * Fix a typo. * Use ThreadPool implementatino available in standard python2.7 package. * Add dry run support + no corpus download option. * Fix flags handling + add log output in case of an error. * Append arguments for fuzz target instead of replacing them. * Remove dry run functionality as it currently errors out after two runs. * Fix some spacing in the code. * Update documentation regarding new code coverage script. 2018-06-14 22:00:46 +00:00
			```bash
code_coverage.md: fix coverage tool invocations (#1870) s/profile/coverage/ 2018-10-12 06:16:51 +00:00			`python infra/helper.py coverage --no-corpus-download $project_name`
[infra] Enable clange code coverage reports generation for local runs. (#1494) * [infra] Enable clange code coverage reports generation for local runs. * Use runner image and move corpus management to the helper.py . * Clean up, delete unnecessary stuff, add comments. * Run fuzz targets in parallel. Do not exit in case of an error. * Address review feedback, except of the threading thing. * Fix a typo. * Use ThreadPool implementatino available in standard python2.7 package. * Add dry run support + no corpus download option. * Fix flags handling + add log output in case of an error. * Append arguments for fuzz target instead of replacing them. * Remove dry run functionality as it currently errors out after two runs. * Fix some spacing in the code. * Update documentation regarding new code coverage script. 2018-06-14 22:00:46 +00:00			```

[infra] helper.py: support "profile" command for a single fuzz target with arbitrary corpus location. (#1535) * [infra] helper.py: support "profile" command for a single fuzz target with arbitrary corpus location. * Address review feedback. * Update code_coverage.md page. 2018-06-18 21:19:48 +00:00			`### Single fuzz target`

			`You can generate a code coverage report for a particular fuzz target with`
			`--fuzz-target` argument:

			```bash
code_coverage.md: fix coverage tool invocations (#1870) s/profile/coverage/ 2018-10-12 06:16:51 +00:00			`python infra/helper.py coverage --fuzz-target=<fuzz_target_name> $project_name`
[infra] helper.py: support "profile" command for a single fuzz target with arbitrary corpus location. (#1535) * [infra] helper.py: support "profile" command for a single fuzz target with arbitrary corpus location. * Address review feedback. * Update code_coverage.md page. 2018-06-18 21:19:48 +00:00			```

			`In this mode, you can specify an arbitrary corpus location for the fuzz target`
			via `--corpus-dir` to be used instead of the corpus downloaded from OSS-Fuzz:

			```bash
code_coverage.md: fix coverage tool invocations (#1870) s/profile/coverage/ 2018-10-12 06:16:51 +00:00			`python infra/helper.py coverage --fuzz-target=<fuzz_target_name> --corpus-dir=<my_local_corpus_dir> $project_name`
[infra] helper.py: support "profile" command for a single fuzz target with arbitrary corpus location. (#1535) * [infra] helper.py: support "profile" command for a single fuzz target with arbitrary corpus location. * Address review feedback. * Update code_coverage.md page. 2018-06-18 21:19:48 +00:00			```

[infra] Support extra arguments for llvm-cov + update the binaries. (#1629) * [infra] Support extra arguments for llvm-cov + update the binaries. * Slightly change the doc to be less confusing. 2018-07-19 22:58:58 +00:00			### Additional arguments for `llvm-cov`

			`You may want to use some of the options of [llvm-cov tool], for example,`
[infra] Support extra coverage args in project.yaml (fix #1726, follow-up #1547). (#1774) * [infra] Support extra coverage args in project.yaml (fix #1726, follow-up #1547). * Update the documentation page. * Fix review comments by Jonathan. 2018-08-30 16:46:14 +00:00			`-ignore-filename-regex=`. You can pass those to the helper script after `--`:
[infra] Support extra arguments for llvm-cov + update the binaries. (#1629) * [infra] Support extra arguments for llvm-cov + update the binaries. * Slightly change the doc to be less confusing. 2018-07-19 22:58:58 +00:00
			```bash
code_coverage.md: fix coverage tool invocations (#1870) s/profile/coverage/ 2018-10-12 06:16:51 +00:00			`python infra/helper.py coverage $project_name -- -ignore-filename-regex=.code/to/be/ignored/. <other_extra_args>`
[infra] Support extra arguments for llvm-cov + update the binaries. (#1629) * [infra] Support extra arguments for llvm-cov + update the binaries. * Slightly change the doc to be less confusing. 2018-07-19 22:58:58 +00:00			```

[infra] Support extra coverage args in project.yaml (fix #1726, follow-up #1547). (#1774) * [infra] Support extra coverage args in project.yaml (fix #1726, follow-up #1547). * Update the documentation page. * Fix review comments by Jonathan. 2018-08-30 16:46:14 +00:00			`To specify particular source files or directories to show in the report, list`
			`their paths at the end of the extra arguments sequence, for example:`
[infra] Update coverage script to support sources white listing. (#1707) 2018-08-12 17:19:40 +00:00
			```bash
code_coverage.md: fix coverage tool invocations (#1870) s/profile/coverage/ 2018-10-12 06:16:51 +00:00			`python infra/helper.py coverage zlib -- <other_extra_args> /src/zlib/inftrees.c /src/zlib_uncompress_fuzzer.cc /src/zlib/zutil.c`
[infra] Update coverage script to support sources white listing. (#1707) 2018-08-12 17:19:40 +00:00			```
[infra] Enable clange code coverage reports generation for local runs. (#1494) * [infra] Enable clange code coverage reports generation for local runs. * Use runner image and move corpus management to the helper.py . * Clean up, delete unnecessary stuff, add comments. * Run fuzz targets in parallel. Do not exit in case of an error. * Address review feedback, except of the threading thing. * Fix a typo. * Use ThreadPool implementatino available in standard python2.7 package. * Add dry run support + no corpus download option. * Fix flags handling + add log output in case of an error. * Append arguments for fuzz target instead of replacing them. * Remove dry run functionality as it currently errors out after two runs. * Fix some spacing in the code. * Update documentation regarding new code coverage script. 2018-06-14 22:00:46 +00:00
[infra] Support extra coverage args in project.yaml (fix #1726, follow-up #1547). (#1774) * [infra] Support extra coverage args in project.yaml (fix #1726, follow-up #1547). * Update the documentation page. * Fix review comments by Jonathan. 2018-08-30 16:46:14 +00:00			`If you want OSS-Fuzz to use some extra arguments when generating code coverage`
			reports for your project, add the arguments into `project.yaml` file as follows:

			```yaml
			`coverage_extra_args: -ignore-filename-regex=.crc. -ignore-filename-regex=.adler. <other_extra_args>`
			```


[infra] Enable clange code coverage reports generation for local runs. (#1494) * [infra] Enable clange code coverage reports generation for local runs. * Use runner image and move corpus management to the helper.py . * Clean up, delete unnecessary stuff, add comments. * Run fuzz targets in parallel. Do not exit in case of an error. * Address review feedback, except of the threading thing. * Fix a typo. * Use ThreadPool implementatino available in standard python2.7 package. * Add dry run support + no corpus download option. * Fix flags handling + add log output in case of an error. * Append arguments for fuzz target instead of replacing them. * Remove dry run functionality as it currently errors out after two runs. * Fix some spacing in the code. * Update documentation regarding new code coverage script. 2018-06-14 22:00:46 +00:00			`[Clang Source-based Code Coverage]: https://clang.llvm.org/docs/SourceBasedCodeCoverage.html`
[infra] Fix helper.py as per feedback from @evverx + fix issues from #1519. (#1520) * [infra] Fix helper.py as per feedback from @evverx + fix issues from #1519. * Remove stuff from local testing * Suppress unnecessary output from GSUtil. 2018-06-15 17:44:18 +00:00			`[gsutil tool]: https://cloud.google.com/storage/docs/gsutil_install`
[infra] Support extra arguments for llvm-cov + update the binaries. (#1629) * [infra] Support extra arguments for llvm-cov + update the binaries. * Slightly change the doc to be less confusing. 2018-07-19 22:58:58 +00:00			`[llvm-cov tool]: https://llvm.org/docs/CommandGuide/llvm-cov.html`