Code Coverage

Apr 22, 2026 00:00:00

Code Coverage

Collects code coverage during emulation and serializes to file for visualization tools like Lighthouse.

CLI Usage

1./qltool run \
2  -f examples/rootfs/x8664_efi/bin/TcgPlatformSetupPolicy \
3  --rootfs examples/rootfs/x8664_efi \
4  --coverage-format drcov \
5  --coverage-file TcgPlatformSetupPolicy.cov

Options:

--coverage-file / -c: output file path
--coverage-format: currently only drcov and drcov_exact

Script Usage

Wrap ql.run() in cov_utils.collect_coverage():

1from qiling import Qiling
2from qiling.extensions.coverage import utils as cov_utils
3
4ql = Qiling([...], ...)
5ql.os.set_syscall(4118, my_syscall_fsync)
6
7with cov_utils.collect_coverage(ql, 'drcov', 'output.cov'):
8    ql.run()

Adding a New Coverage Format

Create a new module under coverage/formats/
Add its name to __all__ in coverage/__init__.py
Create a class inheriting from QlBaseCoverage
Implement all @abstractmethod members:

Member	Type	Description
`FORMAT_NAME`	class var	User-facing name shown in qltool help
`activate(self)`	method	Start collection (e.g. register basic-block hook)
`deactivate(self)`	method	Stop collection (e.g. deregister hook)
`dump_coverage(self, coverage_file)`	method	Write collected data to file

Coverage files typically contain fixed-size headers followed by a variable-length list of basic block addresses encountered during emulation.