NQC2: A Non-Intrusive QEMU Code Coverage Plugin

TL;DR

NQC2 is a QEMU plugin that non-intrusively collects code coverage data for embedded systems during runtime without requiring source code modification or operating system features.

Contribution

It introduces NQC2, a novel QEMU plugin that extracts code coverage from bare-metal embedded systems without instrumentation or OS dependencies.

Findings

NQC2 outperforms comparable approaches by up to 8.5 times.

It works with modified QEMU versions and bare-metal programs.

Provides effective coverage analysis for embedded systems.

Abstract

Code coverage analysis has become a standard approach in software development, facilitating the assessment of test suite effectiveness, the identification of under-tested code segments, and the discovery of performance bottlenecks. When code coverage of software for embedded systems needs to be measured, conventional approaches quickly meet their limits. A commonly used approach involves instrumenting the source files with added code that collects and dumps coverage information during runtime. This inserted code usually relies on the existence of an operating and a file system to dump the collected data. These features are not available for bare-metal programs that are executed on embedded systems. To overcome this issue, we present NQC2, a plugin for QEMU.NQC2 extracts coverage information from QEMU during runtime and stores them into a file on the host machine. This approach is even compatible with modified QEMU versions and does not require target-software instrumentation. NQC2 outperforms a comparable approach from Xilinx by up to 8.5 x.