The original Couverture project had the objectives to produce a Free Software coverage analysis toolset together with the ability to generate artifacts that allow the tools to be used for safety-critical software projects undergoing a DO-178B software audit process for all levels of criticality. While an important target use of the coverage toolset is safety-critical embedded applications, the design of the tools allows its use in non safety-critical projects. Beyond the production of useful tools and certification material for industrial users, an important goal is to raise awareness and interest about safety-critical and certification issues in the Free Software/Open Source community.
The key insight of Couverture is as follows: code coverage can greatly benefit from recent advances in hardware virtualization technology as promoted, for instance, by QEMU. By virtualizing the target hardware, Couverture tools can execute the binary code that is to run on the target hardware as-is on a host computer. While executing the target code on the host, Couverture tools collect binary branch information. The collected information is then analyzed off-line and mapped back to the original sources by using the source to object code mapping information extracted from the debugging information contained in the executable. We are basing this part of our work on the DWARF standard for debugging information that the majority of compilation chains are capable of generating. Our virtualization technology is based on QEMU that we are extending, first to output binary branch coverage information, and second to make it usable in industrial contexts typically found in the avionics domain (MIL-STD-1553, ARINC 629, etc.). Because QEMU works by compiling the target object code into the host object code and that the host computer is typically faster than the target one, virtualization is actually a plus over direct execution on the target.
To visit the Couverture project Forge, please click here.
Accessing Couverture ComponentsFor traditional target architectures such as SPARC or PowerPC, the Couverture toolset comprises two core components:
- Versions of Qemu instrumented to generate machine-level execution traces on demand,
- The "gnatcov" front-end, which may be used both as a wrapper to the instrumented qemu and as a trace analyzer able to render coverage results.