How do code coverage tools work?
Solution 1:
Here's a technical paper on How to Implement test coverage tools for arbitrary languages.
My company builds a family of test coverage tools for Java, C#, C++, PHP, COBOL, PLSQL, ... based on this principle.
Solution 2:
Quote straight from the NCover FAQ: NCover reports the percentage of branches in the code that have been taken throughout the course of your automated testing. It achieves this by instrumenting the source code at each branch, and writing the 'hit' points to a file. These 'hit' points are then compared to the total possible points that could have been 'hit'.
Solution 3:
I know this is question is old but if you are still interested you can see an example of how such instrumentation is performed for .NET applications by looking at the open source project OpenCover.
OpenCover inserts instrumentation points at significant points in the code.
- For code line coverage it uses the sequence points taken from a PDB file
- For branch coverage it instruments COND_BRANCH instructions by instrumenting the jump target(s) and the next instruction after the branch instruction i.e. no jump.
- For method instrumentation it instruments the first instruction of any method.
All of these rules are applied in CoverageInstrumentation.cpp after the appropriate points have been located using Mono.Cecil and passed to the profiler from the console host.
The source code to PartCover is also available (as indicated) but this is much harder to follow but it also uses sequence points from PDBs to determine where it instruments the code.