Version 2 (modified by JoelSherrill, on Aug 5, 2009 at 11:53:27 PM) (diff)

First attempt at update

RTEMS Coverage Analysis

RTEMS is used in many critical systems. It is important that the RTEMS Project ensure that the RTEMS product is tested as thoroughly as possible. In this light, we want to ensure that as close to 100% of the generate assembly code is executed by the RTEMS test suite. We perform automated coverage testing using an processor simulator in conjunction with a set of RTEMS specific support scripts.

There are multiple ways to measure progress on this task. In the past, we have used two metrics. The first is the reduction in the number of uncovered binary code ranges from that identified initially. The second is the percent of untested binary object code as a percentage of the total code size under analysis. Together the metrics provide useful information. Some uncovered ranges may be a single instruction so eliminating that case improves the first metric more than the second.

Test Theory

Reasons Code is Not Executed

The coverage analysis provides a report on the ranges of assembly instructions within RTEMS subsystems which are not currently exercised by the tests in the current configuration. Each case has to be individually analysed and addressed. Historically, we have identified multiple categories for code being uncovered:

  • Needs a new test case
  • Unreachable in current RTEMS configuration. For example, the SuperCore? could have a feature only exercised by a POSIX API object. It could be disabled when POSIX is not configured.
  • Debug or sanity checking code which can be placed inside an RTEMS_DEBUG conditional.
  • Unreachable paths generated by gcc for switches. Sometimes you have to restructure switches to avoid unreachable object code.
  • Critical sections which are synchronizing actions with ISRs. Most of these are very hard to hit and may require very specific support from a simulator environment. OAR has used tsim to exercise these paths but this is not reproducible in a BSP independent manner. Worse, sometimes there is often no external way to know the case in question has been hit and no way to do it in a one shot test. The spintrcriticalXX and psxintrcriticalXX tests attempt to reproduce these cases.

Test Procedure

Coverage Profiles

RTEMS includes a lot of source code and the coverage analysis should focus on improving the test coverage of well-defined code subsets.

Classic and POSIX

This is the first profile we tested. This focused on the score, sapi, rtems, and posix directories in the cpukit directory. This profile represents a full tasking and synchronization feature set.

Classic Only

In this profile, we disabled POSIX and focus on the contents of the score, sapi, and rtems directories in the cpukit directory. The POSIX API and tests are disabled. In this profile, we expect to identify:

  • features in score only exercised by POSIX
  • features in score available via Classic API but only tested via POSIX
  • POSIX features like sleep() which are enabled with POSIX threads are disabled.

The first case will allow us to disable score features in this configuration and reduce the code size.

The second case allows us to approach 100% coverage in every RTEMS configuration.

Classic, POSIX, and Libc Support

This adds the libcsupport subdirectory to the Classic and POSIX Coverage Profile.

We do not test this profile yet.

BSPs Analyzed


The SkyEye project has added coverage analysis capabilities per our specifications. We are currently using it on some ARM targets to generate coverage reports.




We are using TSIM from Gaisler Research on all SPARC CPUs.




Attachments (1)

Download all attachments as: .zip