0

i need to do code coverage in several very resource constrained device in bare metal.

when i try to enable this stuff my ram usage doubles and code size blows up nothing fits.

its functionally not possible to use as implemented in gcc it will not fit

what gcc seems to be creating is a small data structure to hold info then when the app exits it dumps the data to a file.

sorry my target does not have a file system so that will not work and i need it to work in the target on my board and not in a simulator (trying to do code coverage for itq handlers etc)

what i think would work is to insert a series of function calls at each interesting point in the generated code

example : at an if statement i need to record where the if is true, and when false.

so if i create 2 functions: _gcc_condition_true(), or _gcc_condition_false() maybe two more: _gcc_func_enter(), and _gcc_func_exit()

these would be return void and take void parameters

i can easily implement these on my embedded target.

for example on an big arm64 - i can use the the system trace module, or on a coretexM the one wire trace (SWV) or even a high speed synchronous uart, or a simple spi interface that ran at some high speed (say 100mhz)

for example say a spi or uart interface might output 4 (or 5) bytes, ie an ascii T,F (true/false) or E or X (enter exit) followed by the 32 bit return address. if the code size is not large i could use the low 24bits of the address and the upper 8bits as the reason code

externally i capture this data some how small fpga with ddr… then reconstruct the call flow needed for coverage.

another tough part is i would need to build 10-20 different instrumented test apps because the whole thing will not fit on the device (ie: i have 256k total flash and 20-30k ram there is no other chip, this chip is my only solution, and i need to do coverage over the hardware drivers

the idea is the external process would map the call back to the source code via “addr2line” operations. thus i can create a score board of what is and is not yet tested

any ideas on how or where inside gcc to start hacking… its been 15 years since i was last hacking gcc internals and it has changed quite a lot…

i need to do this for: cortexm3, m4, arm64, riscv, and xilinx microblaze targets.

nothing commercial can come close… they only support linux apps or simulations that do not support my targets.

Improve this question

1 Answer 1

Reset to default
0

As you point out: apart from filesystem (and lack thereof) issues, you will see substantial codesize increase and cycle performance decrease due to all the counter updates, the memory traffic created by those updates, the various callbacks, etc. All of that may mean that a) your code won't fit and b) you won't meet HRT constraints even if it does fit. Subsetting likely won't fix the HRT issues and creates a bunch of new issues related to aggregation and execution differences due to changed code (e.g., because you take different paths due to different HRT violations).

Two alternatives suggest themselves:

  • consider ASM coverage (rather than source coverage). You may or may not be able to get this from your ISS, fairly easily. You will have a hard time to map the ASM back to source, in general (eg., due to inlining, unrolling, speculative execution, etc)
  • use your hostsim environment, and measure source coverage there. This isn't ideal either, a you probably don't model/can't model interrupts and timing-related events.

The real question here is what your goals are. If you had a tool/an environment that worked perfectly/did exactly what you want: what did it do? What questions are you trying to answer/what actions do you plan to take given answers to those questions?

If coverage is just a checkbox item...then it really doesn't matter what you do. Come up with a reasonable-sounding justification for whatever approach you can get to run, and explain why the numbers you got meet your project threshold. (Perhaps some AI system can write that justification for you.)

If you have real project goals: then this could be a (much) longer discussion.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

i do not have a means to do iss because it only sims opcodes not the hardware its talking to. in order to sim what inam being asked i have to write a full hardware simulation… effectively at the RTL level and debug that… in the end we sort of determined that is a more Herculean effort

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.