Introducing Wasmcov: Code Coverage Tool for Wasm Projects

In smart contract development, one of the key challenges is the lack of essential tools for secure coding on many platforms, particularly for WebAssembly (Wasm). Unlike Ethereum, which has tools like Istanbul.js, LLVM-cov, or Solidity-Coverage, Wasm lacks similar resources, leading to potential security gaps. To address this, we’re proud to introduce Wasmcov, a specialized code coverage tool tailored for Wasm environments.

Introducing Wasmcov

Wasmcov is a Rust library and an associated binary that provides automated coverage analysis of Wasm executables. This tool leverages advanced LLVM functionality, offering a solution to the limitations in current Wasm compilation.

Wasmcov’s primary goal is to provide developers with accurate and efficient code coverage data, essential for identifying untested code segments and potential vulnerabilities.

Code coverage is a fundamental aspect of software quality assurance. Without it, developers may overlook critical areas of their code, leaving potential security risks undetected. Wasmcov addresses this by enabling precise coverage measurement on the target system itself, eliminating discrepancies between host and target environments. It allows developers to automate test coverage, ensure code quality, and guarantee compatibility with specific target configurations. 

Team behind Wasmcov

Wasmcov was developed by Hacken’s security researchers Noah Jelich and Bartosz Barwikowski during their audits of leading Wasm-based protocols Radix and NEAR.

Here’s a detailed analysis of Wasmcov’s capabilities and potential impact, as provided by Noah:
“In the current industry landscape, Wasm code coverage is limited to typical compilation targets, rather than encompassing the specific execution environments. You could run tests on the real runtime, but it took manual cumbersome work to check their coverage and could potentially lead to missing vulnerabilities. But now, things are shifting. We’re introducing more robust tooling for Wasm, aiming to streamline and secure the process.”

Conclusion

This release marks a significant enhancement in the security and reliability of smart contracts on Wasm-based protocols. With its integration by leading protocols like Radix, which has already implemented it for all its projects, and the upcoming adoption by NEAR, Wasmcov is set to bolster the security landscape across various platforms.

Wasmcov, as an open-source library, is readily integrable into any Wasm application by simply adding it as a dependency. We warmly invite all developers to adopt this tool and join us in our mission to make Web3 a safer place.

To begin using Wasmcov and contribute to a more secure Web3 environment, visit our GitHub page for detailed instructions: https://github.com/hknio/wasmcov.