intel · sgrams · May 21, 2026 · May 20, 2026
@@ -139,11 +139,6 @@ run_single_case() {
     echo $test_case | grep "^afl"
     if [ "$?" == "0" ];then
         echo "The test method is afl"
-        if [ "${collect_coverage}" == "YES" ]; then
-            export RUSTFLAGS="-C instrument-coverage"
-            export LLVM_PROFILE_FILE="fuzz-%p-%m.profraw"
-            find . -name "*.profraw" | xargs rm -rf
-        fi
 
         cargo_build=`cargo afl build --manifest-path fuzz/Cargo.toml --bin $test_case --features fuzz --no-default-features`
 	    if [ "$?" != "0" ];then
@@ -174,8 +169,20 @@ run_single_case() {
 
             if [ "${collect_coverage}" == "YES" ]; then
                 [ -d "${test_case}_cov" ] && rm -rf "${test_case}_cov"
+                rm -rf cov_profraw && mkdir -p cov_profraw
+
+                # Build without AFL runtime for coverage replay
+                RUSTFLAGS="-C instrument-coverage" cargo build --manifest-path fuzz/Cargo.toml --bin $test_case --no-default-features
+                export LLVM_PROFILE_FILE="cov_profraw/fuzz-%p-%m.profraw"
+
+                # Replay the AFL queue through the instrumented binary
+                find fuzz/artifacts/$test_case/default/queue -maxdepth 1 -type f | while read input; do
+                    fuzz/target/debug/$test_case "$input" || true
+                done
+                unset LLVM_PROFILE_FILE
 
-                grcov . -s src --binary-path fuzz/target/debug/$test_case -t html --branch --ignore-not-existing -o "${test_case}_cov"
+                grcov cov_profraw -s src --binary-path fuzz/target/debug/ -t html --branch --ignore-not-existing -o "${test_case}_cov"
+                rm -rf cov_profraw
             fi
 	    fi
         popd
@@ -208,7 +215,7 @@ run_single_case() {
 
             find . -name "*.profraw" | xargs rm -rf
             cargo fuzz coverage $test_case
-            grcov . -s src -b fuzz/target/x86_64-unknown-linux-gnu/release/$test_case -t html --branch --ignore-not-existing -o "${test_case}_fuzz_cov"
+            grcov fuzz/coverage/$test_case/raw -s src -b fuzz/target/x86_64-unknown-linux-gnu/release/ -t html --branch --ignore-not-existing -o "${test_case}_fuzz_cov"
         fi
         popd
     fi
@@ -236,12 +243,12 @@ run_all_case(){
                 timeout $test_time cargo fuzz run $fuzz
 
                 if [ "${collect_coverage}" == "YES" ]; then
-                    if [ ! -d "${fuzz}_fuzz_cov" ]; then
+                    if [ -d "${fuzz}_fuzz_cov" ]; then
                         rm -rf ${fuzz}_fuzz_cov
                     fi
                     find . -name "*.profraw" | xargs rm -rf
                     cargo fuzz coverage $fuzz
-                    grcov . -s src -b fuzz/target/x86_64-unknown-linux-gnu/release/$fuzz -t html --branch --ignore-not-existing -o "${fuzz}_fuzz_cov"
+                    grcov fuzz/coverage/$fuzz/raw -s src -b fuzz/target/x86_64-unknown-linux-gnu/release/ -t html --branch --ignore-not-existing -o "${fuzz}_fuzz_cov"
                 fi
             done
             popd
@@ -252,12 +259,6 @@ run_all_case(){
             fuzz_list=$(cargo fuzz list)
             for fuzz in $fuzz_list;do
                 if [[ "$fuzz" =~ "afl" ]];then
-                    if [ "${collect_coverage}" == "YES" ]; then
-                        export RUSTFLAGS="-C instrument-coverage"
-                        export LLVM_PROFILE_FILE="fuzz-%p-%m.profraw"
-                        find . -name "*.profraw" | xargs rm -rf
-                    fi
-
                     cargo_build=`cargo afl build --manifest-path fuzz/Cargo.toml --bin $fuzz --features fuzz --no-default-features`
                     if [ "$?" != "0" ];then
                         echo "Error: Build execution failed"
@@ -279,7 +280,20 @@ run_all_case(){
                             if [ -d "${fuzz}_cov" ]; then
                                 rm -rf "${fuzz}_cov"
                             fi
-                            grcov . -s src --binary-path fuzz/target/debug/$fuzz -t html --branch --ignore-not-existing -o "${fuzz}_cov"
+                            rm -rf cov_profraw && mkdir -p cov_profraw
+
+                            # Build without AFL runtime for coverage replay
+                            RUSTFLAGS="-C instrument-coverage" cargo build --manifest-path fuzz/Cargo.toml --bin $fuzz --no-default-features
+                            export LLVM_PROFILE_FILE="cov_profraw/fuzz-%p-%m.profraw"
+
+                            # Replay the AFL queue through the instrumented binary
+                            find fuzz/artifacts/$fuzz/default/queue -maxdepth 1 -type f | while read input; do
+                                fuzz/target/debug/$fuzz "$input" || true
+                            done
+                            unset LLVM_PROFILE_FILE
+
+                            grcov cov_profraw -s src --binary-path fuzz/target/debug/ -t html --branch --ignore-not-existing -o "${fuzz}_cov"
+                            rm -rf cov_profraw
                         fi
                     fi
                 else

@@ -1,26 +1,22 @@
 #!/bin/bash
 
-if [[ ! $PWD =~ firmware.security.tdx.migtd.td$ ]];then
-    pushd ..
-fi
-
-unittest_folders=(
-    "policy"
-    "migtd"
-)
+# Navigate to repo root if run from sh_script/
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
+cd "$REPO_ROOT"
 
 export RUSTFLAGS="-Cinstrument-coverage"
 export LLVM_PROFILE_FILE="unittest-%p-%m.profraw"
 
-find . -name "*.profraw" | xargs rm -rf
+find . -name "*.profraw" -not -path "./deps/*" -delete
 
-for path in ${unittest_folders[@]}; do
-    pushd $path
-    cargo test
-    popd
-done
+cargo test -p policy -p migtd -p crypto -p virtio -p vsock
 
-grcov . --binary-path ./target/debug/ -s . -t html --branch --ignore-not-existing -o unit_test_coverage
+grcov . --binary-path ./target/debug/ -s . -t html --branch \
+    --ignore-not-existing \
+    --ignore "deps/*" \
+    --ignore "target/*" \
+    -o unit_test_coverage
 
 unset RUSTFLAGS
 unset LLVM_PROFILE_FILE
@@ -8,6 +8,10 @@ license = "MIT"
 description = "for rustls no_std use, export rustls used functions, traits and structs in std"
 readme = "readme.md"
 
+[features]
+# Enable to run tests copied from std (requires nightly + full std environment)
+std_tests = []
+
 [dependencies]
 sys_time = {path = "../sys_time"}
 

@@ -1,4 +1,5 @@
-#[cfg(test)]
+// Tests require std features (format!, sys::decode_error_kind) unavailable in this no_std stub
+#[cfg(all(test, feature = "std_tests"))]
 mod tests;
 
 use crate::error;

@@ -1,4 +1,5 @@
-#[cfg(test)]
+// Tests require #[bench] (unstable) and std prelude unavailable in this no_std stub
+#[cfg(all(test, feature = "std_tests"))]
 mod tests;
 
 use crate::io::{self, Error, ErrorKind, Initializer, IoSlice, IoSliceMut, Read, Write};

@@ -31,6 +31,7 @@ pub fn get_sys_time() -> Option<i64> {
 mod tests {
     use super::get_sys_time;
     #[test]
+    #[ignore = "requires x86 I/O port access (CMOS/RTC), segfaults in userspace"]
     fn it_works() {
         assert_ne!(get_sys_time().unwrap(), 0);
     }