Lib.rs

Development toolsTesting
#coverage #test

cov-mark

Manual coverage marks

by Alex Kladov, Simonas Kazlauskas

3 releases (stable)

2.0.0-pre.1 Jun 12, 2021
1.1.0 Aug 28, 2020
1.0.0 May 29, 2020

#69 in Testing

Download history 15354/week @ 2023-12-13 13925/week @ 2023-12-20 10140/week @ 2023-12-27 14391/week @ 2024-01-03 15395/week @ 2024-01-10 16836/week @ 2024-01-17 16592/week @ 2024-01-24 19963/week @ 2024-01-31 21762/week @ 2024-02-07 22960/week @ 2024-02-14 22728/week @ 2024-02-21 22038/week @ 2024-02-28 22592/week @ 2024-03-06 23756/week @ 2024-03-13 24706/week @ 2024-03-20 19451/week @ 2024-03-27

94,006 downloads per month
Used in 60 crates (15 directly)

MIT/Apache

11KB
105 lines

cov-mark

Verify that your tests exercise the conditions you think they are exercising

fn safe_divide(dividend: u32, divisor: u32) -> u32 {
    if divisor == 0 {
        cov_mark::hit!(save_divide_zero);
        return 0;
    }
    dividend / divisor
}

#[test]
fn test_safe_divide_by_zero() {
    cov_mark::check!(save_divide_zero);
    assert_eq!(safe_divide(92, 0), 0);
}

See the docs for details

lib.rs:

cov-mark

This library at its core provides two macros, hit! and check!, which can be used to verify that a certain test exercises a certain code path.

Here's a short example:

fn parse_date(s: &str) -> Option<(u32, u32, u32)> {
    if 10 != s.len() {
        // By using `cov_mark::hit!`
        // we signal which test exercises this code.
        cov_mark::hit!(short_date);
        return None;
    }

    if "-" != &s[4..5] || "-" != &s[7..8] {
        cov_mark::hit!(bad_dashes);
        return None;
    }
    // ...
}

#[test]
fn test_parse_date() {
    {
        // `cov_mark::check!` creates a guard object
        // that verifies that by the end of the scope we've
        // executed the corresponding `cov_mark::hit`.
        cov_mark::check!(short_date);
        assert!(parse_date("92").is_none());
    }

//  This will fail. Although the test looks like
//  it exercises the second condition, it does not.
//  The call to `covers!` call catches this bug in the test.
//  {
//      cov_mark::check!(bad_dashes);;
//      assert!(parse_date("27.2.2013").is_none());
//  }

    {
        cov_mark::check!(bad_dashes);
        assert!(parse_date("27.02.2013").is_none());
    }
}

Here's why coverage marks are useful:

  • Verifying that something doesn't happen for the right reason.
  • Finding the test that exercises the code (grep for check!(mark_name)).
  • Finding the code that the test is supposed to check (grep for hit!(mark_name)).
  • Making sure that code and tests don't diverge during refactorings.
  • (If used pervasively) Verifying that each branch has a corresponding test.

Limitations

  • In the presence of threads, check! may falsely pass, if the mark is hit by an unrelated thread, unless the thread-local feature is enabled.
  • Names of marks must be globally unique.
  • check! can't be used in integration tests.

Implementation Details

Each coverage mark is an AtomicUsize counter. hit! increments this counter, check! returns a guard object which checks that the mark was incremented. When the thread-local feature is enabled, each counter is stored as a thread-local, allowing for more accurate counting.

Counters are declared using #[no_mangle] attribute, so that hit! and check! both can find the mark without the need to declare it in a common module. Aren't the linkers horrible wonderful?

Safety

Technically, the hit! macro in this crate is unsound: it uses extern "C" #[no_mangle] symbol, which could clash with an existing symbol and cause UB. For example, cov_mark::hit!(main) may segfault. That said:

  • If there's no existing symbol, the result is a linker error.
  • If there exists corresponding cov_mark::check!, the result is a linker error.
  • Code inside cov_mark::hit! is hidden under #[cfg(test)].

It is believed that it is practically impossible to cause UB by accident when using this crate. For this reason, the hit macro hides unsafety inside.

No runtime deps

Features