-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why do we need yet another *cov? #7
Comments
A post of relevant topic from Rust blog: https://blog.rust-lang.org/inside-rust/2020/11/12/source-based-code-coverage.html Note: It claims gcov relies on debuginfo to correlate IR to source code. I think this is incorrect:
syzkaller document on their "covearge": https://github.com/google/syzkaller/blob/master/docs/coverage.md which is also the opposite of "source-based". |
Reason 2: Unique-cause MC/DCExample 1https://elixir.bootlin.com/linux/v6.10-rc7/source/net/netlink/genetlink.c#L264 GCC gcov report: 15898: 264: if ((flags & GENL_CMD_CAP_DO && !full->doit) ||
condition outcomes covered 8/8
7949: 265: (flags & GENL_CMD_CAP_DUMP && !full->dumpit)) { Clang Source-based Code Coverage report: 264| 15.8k| if ((flags & GENL_CMD_CAP_DO && !full->doit) ||
265| 15.8k| (flags & GENL_CMD_CAP_DUMP && !full->dumpit)) {
------------------
|---> MC/DC Decision Region (264:6) to (265:50)
|
| Number of Conditions: 4
| Condition C1 --> (264:7)
| Condition C2 --> (264:34)
| Condition C3 --> (265:7)
| Condition C4 --> (265:36)
|
| Executed MC/DC Test Vectors:
|
| C1, C2, C3, C4 Result
| 1 { F, -, T, F = F }
| 2 { T, F, F, - = F }
| 3 { F, -, T, T = T }
| 4 { T, T, -, - = T }
|
| C1-Pair: covered: (1,4)
| C2-Pair: covered: (2,4)
| C3-Pair: not covered
| C4-Pair: covered: (1,3)
| MC/DC Coverage for Decision: 75.00%
|
------------------ The expression is in the form of
Therefore, test vectors 2 and 3 meet the criteria of masking MC/DC, but not unique-cause MC/DC, as Finding more examples by automation
Then we inspect all cases where:
With Linux 6.10-rc7 defconfig + KUnit + gcov, GCC produced in total 2583
We found the Such examples seem hard to find in kernel coverage reports. It very much depends on execution, and the code-under-test needs to be covered in a very specific way. Nonetheless, with example 1 and many user-space examples (much easier to get), the demonstrated idea is not affected. |
These look like great examples. Will they appear in your LPC presentation? |
Yes! It will be the focus of this one https://lpc.events/event/18/contributions/1895/ |
Reason 1: Source based
Example 1
https://elixir.bootlin.com/linux/v6.10-rc7/source/drivers/gpu/drm/drm_buddy.c#L114
GCC gcov report:
Confusing part(s):
if
statement (L114) is reported to have 10 branches instead of 2Clang Source-based Code Coverage report:
Example 2
https://elixir.bootlin.com/linux/v6.10-rc7/source/drivers/leds/led-triggers.c#L33
GCC gcov report:
Confusing part(s):
Clang Source-based Code Coverage report:
Example 3
https://elixir.bootlin.com/linux/v6.10-rc7/source/drivers/firmware/dmi_scan.c#L1068
GCC gcov report:
Confusing part(s):
Clang Source-based Code Coverage report:
Example 4
https://elixir.bootlin.com/linux/v6.10-rc7/source/fs/xattr.c#L30
GCC gcov report:
Confusing part(s):
Clang Source-based Code Coverage report:
The text was updated successfully, but these errors were encountered: