Add support for generating coverage data

Author: Your Name

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "frida-cshell",
-  "version": "1.2.1",
+  "version": "1.3.0",
   "description": "Frida's CShell",
   "scripts": {
     "prepare": "npm run build && npm run version && npm run package && npm run copy",
@@ -16,8 +16,8 @@
     "@typescript-eslint/eslint-plugin": "^7.1.1",
     "@typescript-eslint/parser": "^7.1.1",
     "eslint": "^8.57.0",
-    "frida-compile": "^16.2.1",
+    "frida-compile": "^16.4.1",
     "replace": "^1.2.2",
-    "prettier": "^3.2.5"
+    "prettier": "^3.3.3"
   }
 }

package.json

@@ -11,6 +11,7 @@ import { Trace, Traces } from '../traces/trace.js';
 import { Var } from '../vars/var.js';
 import { Vars } from '../vars/vars.js';
 import { CallTrace } from '../traces/call.js';
+import { CoverageTrace } from '../traces/coverage/trace.js';
 
 export const BP_LENGTH: number = 16;
 
@@ -26,6 +27,7 @@ export enum BpType {
   BlockTrace = 'block trace',
   CallTrace = 'call trace',
   UniqueBlockTrace = 'unique block trace',
+  Coverage = 'coverage',
   MemoryRead = 'memory read',
   MemoryWrite = 'memory write',
 }
@@ -87,6 +89,7 @@ export class Bp {
       case BpType.BlockTrace:
       case BpType.CallTrace:
       case BpType.UniqueBlockTrace:
+      case BpType.Coverage:
         return BpKind.Code;
       case BpType.MemoryRead:
       case BpType.MemoryWrite:
@@ -167,6 +170,19 @@ export class Bp {
           },
         });
         break;
+      case BpType.Coverage:
+        this._listener = Interceptor.attach(addr.toPointer(), {
+          onEnter() {
+            if (bp._hits === 0) return;
+            bp._trace = CoverageTrace.create(this.threadId);
+            bp.startCoverage(this.threadId, this.context);
+          },
+          onLeave(_retVal) {
+            if (bp._hits === 0) return;
+            bp.stopCoverage(this.threadId, this.context);
+          },
+        });
+        break;
       default:
         throw new Error(`unknown code breakpoint type: ${this._type}`);
     }

src/breakpoints/bp.ts

@@ -44,7 +44,8 @@ abstract class TypedBpCmdLet extends CmdLet implements InputInterceptLine {
     switch (this.bpType) {
       case BpType.Instruction:
       case BpType.FunctionEntry:
-      case BpType.FunctionExit: {
+      case BpType.FunctionExit:
+      case BpType.Coverage: {
         if (tokens.length !== 3) return null;
         const [a0, a1, a2] = tokens;
         const [t0, t1, t2] = [a0 as Token, a1 as Token, a2 as Token];
@@ -146,6 +147,7 @@ abstract class TypedBpCmdLet extends CmdLet implements InputInterceptLine {
       case BpType.BlockTrace:
       case BpType.CallTrace:
       case BpType.UniqueBlockTrace:
+      case BpType.Coverage:
         this.done();
         break;
       default:
@@ -235,7 +237,8 @@ abstract class TypedBpCmdLet extends CmdLet implements InputInterceptLine {
     switch (this.bpType) {
       case BpType.Instruction:
       case BpType.FunctionEntry:
-      case BpType.FunctionExit: {
+      case BpType.FunctionExit:
+      case BpType.Coverage: {
         if (tokens.length !== 2) return null;
         const [a0, a1] = tokens;
         const [t0, t1] = [a0 as Token, a1 as Token];
@@ -453,3 +456,9 @@ export class UniqueBlockTraceBpCmdLet extends TypedBpCmdLet {
   bpType = BpType.UniqueBlockTrace;
   help = `${this.bpType} breakpoint`;
 }
+
+export class CoverageBpCmdLet extends TypedBpCmdLet {
+  name = '@c';
+  bpType = BpType.Coverage;
+  help = `${this.bpType} breakpoint`;
+}

src/cmdlets/bp.ts

@@ -32,6 +32,7 @@ import {
   BlockTraceBpCmdLet,
   CallTraceBpCmdLet,
   UniqueBlockTraceBpCmdLet,
+  CoverageBpCmdLet,
   InsnBpCmdLet,
   ReadBpCmdLet,
   WriteBpCmdLet,
@@ -56,6 +57,7 @@ export class CmdLets {
     this.registerCmdletType(BtCmdLet);
     this.registerCmdletType(CallTraceBpCmdLet);
     this.registerCmdletType(CopyCmdLet);
+    this.registerCmdletType(CoverageBpCmdLet);
     this.registerCmdletType(DivCmdLet);
     this.registerCmdletType(DumpCmdLet);
     this.registerCmdletType(EndianCmdLet);

src/commands/cmdlets.ts

@@ -63,8 +63,13 @@ export class BlockTrace implements Trace {
             currentDepth = 0;
             first = false;
           }
-          if (numOutput >= BlockTrace.MAX_BLOCKS) return;
+          if (numOutput >= BlockTrace.MAX_BLOCKS) {
+            Output.writeln(Output.red(`TRACE TRUNCATED`));
+            return;
+          }
           numOutput += 1;
+          const idx = `${numOutput.toString().padStart(4, ' ')}. `;
+          Output.write(Output.bold(idx));
           if (currentDepth > 0) {
             Output.write('\t'.repeat(currentDepth));
           }

src/traces/block.ts

@@ -60,8 +60,13 @@ export class CallTrace implements Trace {
           currentDepth = 1;
           first = false;
         }
-        if (numOutput >= CallTrace.MAX_CALLS) return;
+        if (numOutput >= CallTrace.MAX_CALLS) {
+          Output.writeln(Output.red(`TRACE TRUNCATED`));
+          return;
+        }
         numOutput += 1;
+        const idx = `${numOutput.toString().padStart(4, ' ')}. `;
+        Output.write(Output.bold(idx));
         if (currentDepth > 0) {
           Output.write('\t'.repeat(currentDepth));
         }