Closed jvoisin closed 4 years ago
yevgenypats
commented
4 years ago 4x sounds good indeed. which coverage exactly this support now? edge?branch? Does it support for example if we have if a == 1 and b == 2 will it instrument it with 2 coverage points?
jvoisin
commented
4 years ago Edges and branches, but only at a line granularity, as I wanted other people's opinion on it before investing more time. It should be hard to make it have one point per condition, since python exposes everything needed.
jvoisin
commented
4 years ago Friendly ping: what should I do with this pull-request to get it merged? :P
yevgenypats
commented
4 years ago Hey:) can you rebase please, fix the conflicts and re-run the unit-tests?
Coverage.py does a lot of funky things that we don't care about, and while its trace function is written in C and is super-fast-fuck-yeah, since it's using a sqlite database to store everything, gathering coverage is slow.
A simple'n'stupid pure-python implementation of edges-coverage yields 4 times more exec/s on my laptop.
This will also allow in the future to use other kind of metrics to guide the fuzzer, like the depth of the calltrace for example, or to have triples instead of pairs for the edges, …