Inspired by the Heisenberg Uncertainty Principle, where observing a system affects its behavior, we often assume that testing software requires modifying or observing the source code. Not so with asmcov! This tool suite turns this idea on its head by analyzing coverage based on the binary executable itself, rather than the original source code. 

Traditional coverage tools like gcov, however, rely on augmenting or instrumentation of the code-under-test to count and trace branch execution, requiring special compiler arguments that introduce additional instrumentation into the final binary. This can lead to unintended or unexpected code generation. What in turn result in a different binary that may behave differently from its unmodified counterpart,  potentially creating code paths that wouldn't exist otherwise.

By tracing execution and marking all branches taken or not (branch coverage like specified by the ISO 26262-6-746747 9.4.4), asmcov enables to write tests that comprehensively cover every aspect of the software's behavior. While we can't guarantee the quality of the tests asmcov enables to write tests that trigger each and every path of your code, leaving no assembler instruction untouched and expose unexpected memory writes.

asmcov uses a concept of "waivers" to explicitly state that certain indirect jumps or calls are expected to be not covered by a test. Additionally it provides a justification for this decision in the report. This waiver mechanism allows you to once build up a stable chain of arguments for acceptable indirect function call or jumps This comes especially handy in CI/CD environments where the coverage of the tests are continuously measured and where newly uncovered code sections shall generate a build pipeline error.

This presentation will showcase the capabilities of asmcov by demonstrating the types of reports it can create. asmcov tracks and visualizes branch coverage, function calls, system calls (syscalls), and  memory access patterns, including stack, heap changes and any other memory mappings.

It will cover the following topics:

• Explain how asmcov supports argumentation on Special Freedom of Interference (sFFI)
• Demonstrate asmcov on an example libc function, including setup and execution
• Show how to deal with IFUNC functions in glibc using asmcov
• Provide a tutorial on writing tests to check memory access patterns using asmcov

Short Bio:

Wolfgang Gehrhardt is a Senior Systems Engineer at emlix GmbH. He is an architect for secured embedded Linux systems in the automotive, industrial and consumer device fields, performing requirements engineering and design throughout the entire product life cycle.

Thursday, September 25, 5.00 PM