Inconsistency with respect to instruction coverage/instruction hits

[computereasy]

Hello,

I am tentatively using this tool to evaluate the coverage of a legacy code, by feeding it with some inputs. My setting is Binary Ninja + Intel Pin tool + C++ binary code compiled by gcc 7.3.0. The OS is Ubuntu 18.04.

So one thing I am a bit confused in the instruction coverage. For instance, in the coverage output shown in Binary Ninja, function foo's instruction coverage is something like 95 / 187, and I interpreted it as foo has in total 187 assembly instructions, among which 95 are covered.

However, when I disassemble the binary code, and count the number of instructions within function foo, I got something different, say foo has in total 875 instructions.

I am trying to understand this inconsistency; Am I missed anything here? Thanks.

[gaasedelen]

Is there any possibility you can share the executable and the collected coverage log? I haven't been able to reproduce this and it is going to be difficult for me to track down what could be causing this otherwise.

If you have IDA Pro, can you check and see what the function looks like in that? Does it report the same number of instructions/blocks as Binary Ninja?

Binary Ninja support is brand new and considered experimental, so I expect at least a few bugs to shake out over the coming weeks/months.