본문 바로 가기
Video Thumbnail
 

Coco

짐작이 아닌 코드 커버리지 수치로 증명하는 테스트 품질

Coco는 데스크톱 애플리케이션과 임베디드 시스템을 개발하는 소프트웨어 팀을 위한 최신 코드 커버리지 도구입니다. 빌드 프로세스 중 코드를 계측하여, 컴파일러, 빌드 시스템, 테스트 스위트를 변경하지 않고도 테스트 중 실행된 구문, 분기, 조건을 정확하게 캡처합니다. C, C++, C#, QML, Python, Tcl을 지원하며, 계측 및 정밀한 테스트 커버리지 분석을 제공합니다. Coco를 통해 ISO 26262 및 DO-330과 같은 국제 안전 및 컴플라이언스 표준에 부합하는 감사 대비 보고서를 생성할 수 있습니다. 

Coco 무료 체험하기 문의하기 Coco for MCU

Coco-interface-simplified-01

대부분의 팀이 코드 커버리지를 측정하지만, 이를 의사결정에 활용하지는 않습니다.

커버리지 수치는 어떤 코드가 실행됐는지는 알려주지만, 테스트되지 않아 위험을 초래할 수 있는 부분이 어디인지, 검증 없이 변경된 코드가 무엇인지, 리스크를 가장 많이 줄이기 위해서는 어디에 테스트를 추가해야 하는지는 알려주지 않습니다. Coco는 이러한 취약점을 가시화하고 실질적인 조치로 이어질 수 있도록 하여, 직관이 아니라 근거에 기반한 릴리스 결정을 내릴 수 있도록 합니다. 

특히 규제가 엄격한 산업에서는 의사결정에 대한 근거가 명확히 입증되어야 합니다. 감사 담당자가 각 산업 표준에 의거해 추적 가능한 MC/DC 수준의 구조적 커버리지를 요구하기 때문입니다. 대부분의 도구는 브랜치 수준에서 멈추지만, Coco는 다릅니다. 

Trusted by Siemens · Bosch · LG · Metso · PolyWorks · SGS TÜV Saar Certified · ASIL D
Coco 제품 소개 PDF 다운로드
코드 커버리지로 가능해지는 것들

한 번도 테스트되지 않은 코드를 정확히 확인하세요

커버리지 측정은 무엇이 테스트되었는지 알려줍니다. 근거를 확보한 후에는 아래와 같은 의사결정, 논의, 그리고 결과의 단계를 거치게 됩니다.

가시성

테스트가 무엇을 커버하는지 정확히 확인하세요. Coco의 CoverageBrowser는 모든 라인, 브랜치, 조건을 색상으로 구분하여, 어떤 코드가 실행되었는지, 한 번도 실행되지 않은 코드는 무엇인지 한눈에 파악할 수 있습니다.

리스크 우선순위화

테스트되지 않은 코드 중 리스크가 가장 높은 부분을 파악하세요. Coco의 CRAP(Change Risk Anti-Patterns) 지표는 복잡도와 커버리지 격차를 기준으로 모든 함수를 순위화하여, 장애를 유발할 가능성이 가장 높은 코드에 테스트 역량을 집중할 수 있도록 합니다.

패치 커버리지

전체를 다시 실행하지 않고도 어떤 테스트가 패치를 커버하는지 확인하세요. 패치 분석은 변경 사항(Diff)을 기존 커버리지 데이터와 매핑하여, 변경된 라인 중 기존 테스트로 커버되는 부분과 해당 테스트가 무엇인지 보여줍니다.

임베디드 시스템

실제 하드웨어와 에뮬레이터 모두에서 커버리지를 수집하세요. 런타임 계측은 RTOS 기반 시스템을 포함한 실제 임베디드 타깃에서 작동합니다. 시뮬레이션 결과물 대신, Coco는 실제 프로덕션 동작을 반영합니다.

분산된 팀

소스 코드를 공유하지 않고도 테스트를 분산하세요. Coco를 사용하면 계측된 바이너리를 외주 팀과 공유하고, 결과를 수집하여 중앙화된 커버리지 리포트로 통합할 수 있습니다.

CRAP 지표와 패치 분석이 팀의 테스트 접근 방식을 바꿉니다

방금 변경한 코드를 어떤 테스트가 커버하는지 정확히 파악하세요

개발자가 패치를 적용하면, Coco는 변경 사항(Diff)과 기존 커버리지 데이터를 분석하여 정밀한 리포트를 생성합니다. 전체 테스트 스위트를 다시 실행하지 않고도, 패치의 어떤 라인이 기존 테스트로 커버되는지, 커버되지 않는지, 그리고 어떤 테스트가 해당 코드 경로를 실행했는지 확인할 수 있습니다. 

  • 통합 형식의 변경 사항(Diff) 가져오기: Coco가 기존 커버리지 실행 데이터와 매핑합니다.
  • 패치의 모든 라인에 주석 표시: 커버됨, 커버되지 않음, 또는 알 수 없음으로 구분되며, 라인별 테스트 횟수도 확인 가능합니다. 
  • 코드 리뷰, 릴리스 게이트, 인증 근거를 위한 HTML 또는 CSV 리포트가 생성됩니다.

CRAP 지표로 다음에 테스트해야 할 코드를 파악하세요

커버리지가 80%라는 사실만으로는 나머지 20%가 사소한 코드인지, 아니면 중요한 코드인지 알 수 없습니다. CRAP 지표(Change Risk Anti-Patterns)는 순환 복잡도(Cyclomatic)와 커버리지 데이터를 결합하여 함수별 리스크 점수를 산출합니다. 복잡도가 높을수록, 그리고 커버리지가 낮을수록 점수는 높아집니다. 

  • 30점 이상의 함수는 고위험으로 표시되어 CoverageBrowser의 순위 목록 상단에 표시됩니다.
  • 전체 코드베이스를 검토하지 않고도, 새 테스트를 추가했을 때 리스크를 가장 많이 줄일 수 있는 위치를 정확히 파악할 수 있습니다. 
  • 결과는 스프린트 계획, QA 리뷰, 경영진 보고를 위해 정렬 및 내보내기가 가능합니다. 

가장 엄격한 안전 표준을 위한 인증 완료

Untitled design-23 1

Coco는 SGS TÜV Saar로부터 독립적으로 인증받았으며, ISO 26262 기준 최고 수준인 ASIL D까지의 안전 관련 소프트웨어 인증에 승인되었습니다. 이는 자체 승인이 아닌, 외부 감사를 통해 확인된 최고 수준의 자동차 기능 안전 무결성 등급입니다. 

 인증 상세 보기

ASIL D 인증

대부분의 커버리지 도구는 안전 필수 워크플로우를 지원한다고 주장합니다. Coco는 이를 독립적으로 검증받았습니다. SGS TÜV Saar는 ISO 26262-8:2018 기준에 따라 ASIL D까지의 안전 관련 소프트웨어 검증을 위해 Coco를 평가하고 인증했습니다. 실제로 이것이 의미하는 바는, 안전 엔지니어가 세이프티 케이스에서 커버리지 도구의 적합성을 입증해야 할 때, 직접 작성한 내부 문서가 아닌 감사 담당자들이 인정하는 기관의 인증서로 답할 수 있다는 것입니다. 기존에는 몇 주가 걸리던 과정이, Coco를 사용하면 몇 분으로 단축됩니다. 

데이터시트의 기능 항목이 아닌, 감사 담당자가 직접 검증할 수 있는 인증

조달 승인, 공급업체 감사, 인증 마일스톤 등의 과정에서는 툴체인의 검증 상태가 면밀히 검토됩니다. 그리고 그러한 검토 시 대부분의 팀은 기존에 사용하고 있는 커버리지 도구가 문제를 해결하기보다 오히려 더 많은 서류 작업을 만들어낸다는 사실을 깨닫게 됩니다. Coco의 SGS TÜV Saar 인증서(No. FS/71/220/26/2113)는 공식 명칭이 부여된 외부 발행 결과물로, 컴플라이언스 팀이 프로젝트 문서에 직접 인용하고 추가 설명 없이 어떤 상황에서든 제시할 수 있습니다. 다른 도구들은 팀이 직접 근거를 만들어야 하는 반면에, Coco는 이미 근거가 갖춰진 채로 제공됩니다. 

도구 검증에 드는 시간을 줄이고, 제품 개발에 더 집중하세요

안전 필수 검증 툴체인의 모든 도구는 목표 수준에 맞게 검증되어야 합니다. 사전 검증된 도구가 없다면 해당 검증 작업은 전적으로 팀의 몫이 되어, 안전 환경에서 도구를 사용하기 전부터 수 주의 추가 작업이 발생합니다. Coco의 TÜV Saar 인증은 이러한 초기 부담을 제거합니다. 특정 표준에 따른 완전한 도구 검증이 필요한 프로젝트의 경우, ISO 26262, DO-178C, IEC 62304, EN 50128을 위한 Coco의 표준별 인증 키트가 그 과정을 완성해 드립니다. 해당 표준이 요구하는 맞춤 문서, 사전 구성된 테스트 케이스, 안전 매뉴얼을 제공하여, 팀이 몇 달이 아닌 며칠 안에 검증을 완료할 수 있도록 지원합니다. 

산업 표준에 맞게 설계된 Coco

기능 커버리지부터 MC/DC까지,
산업 표준이 요구하는 모든 수준을 어떤 플랫폼에서든 지원합니다.

코드 커버리지를 측정하고 개선하세요

Coco가 지원하는 커버리지 수준

Coco는 기본적인 함수 및 라인 커버리지부터 가장 엄격한 안전 표준이 요구하는 MC/DC 수준까지, 모든 주요 구조적 커버리지 지표를 지원합니다. 각 수준은 테스트 품질을 바라보는 서로 다른 관점을 제공합니다. 적합한 수준은 적용 표준, 무결성 등급, 그리고 릴리스 전 필요한 신뢰도에 따라 달라집니다. 

 

Coco가 지원하는 커버리지 수준 자세히 알아보기

함수 커버리지

함수 커버리지는 C++의 멤버 함수를 포함하여 코드베이스의 모든 함수가 테스트 중 최소 한 번 이상 호출되었는지 확인합니다. 이는 핵심 로직 유닛이 실제로 실행되고 있는지 여부를 알려주는 기본적인 첫 번째 점검 항목입니다. 테스트 스위트 실행 중 한 번도 호출되지 않은 함수는 정의상 테스트되지 않은 것입니다. Coco는 각 함수가 몇 번 호출되었는지 집계하여, 아키텍처 수준에서의 커버리지를 명확하게 파악할 수 있도록 합니다. 

표준
IEC 61508 SIL 1–4

산업분야
Automotive Aerospace Industrial Railway Medical

문서에서 자세히 알아보기

구문 블록 커버리지

구문 블록 커버리지(Statement Block Coverage)는 프로그램의 모든 실행 가능한 구문이 테스트 중 실행되었는지 확인합니다. Coco는 항상 함께 실행되는 구문들을 블록으로 묶어, 코드 형식과 관계없이 일관된 지표를 유지합니다. 이는 테스트 완성도를 파악하기 위한 신뢰할 수 있는 기준선이 되며, 다양한 코딩 스타일을 사용하는 팀에게는 라인 커버리지보다 더 안정적인 대안이 됩니다. 

표준
ISO 26262 ASIL A–B IEC 61508 SIL 1–4 EN 50128 SIL 0

산업분야
Automotive Industrial Railway Medical

문서에서 자세히 알아보기

라인 커버리지

라인 커버리지는 각 코드 라인이 테스트 중 실행되었는지 확인합니다. 이는 테스트 스위트의 공백을 파악하고 코드가 얼마나 철저하게 실행되고 있는지 빠르게 확인할 수 있는 간단하고 익숙한 방법이라고 할 수 있습니다. Coco는 라인 커버리지를 지원하며, 커버리지 분석을 처음 접하는 팀이나 범용 프로젝트를 진행하는 팀에서 처음 사용하기에 적합합니다. 다만, Coco는 안전 필수 또는 규제 대상 개발에는 라인 커버리지를 권장하지 않습니다. 코드 형식에 따라 결과가 달라질 수 있어 ISO 26262 또는 IEC 61508과 같은 표준의 근거 요건을 충족하기에는 메트릭 안정성이 부족할 수 있기 때문입니다. 이러한 환경에서는 구문 블록 커버리지가 동일한 가시성을 제공하면서도 코드 형식에 관계없이 일관된 결과를 보장합니다. 

표준
Not mapped to safety standards

산업분야
General use Non-regulated projects

문서에서 자세히 알아보기

Branch and Decision Coverage

Branch and decision coverage goes beyond statement coverage by checking that every decision point in your code produces all possible outcomes. Each condition is counted once for true and once for false, so edge cases that only surface under specific inputs get caught during testing rather than in production. Coco verifies both outcomes for every if, while, for and switch statement, making it easier to spot paths your tests are missing.

표준
ISO 26262 ASIL A–D DO-178C DAL A–B IEC 61508 SIL 1–4 EN 50128 SIL 1–4

산업분야
Automotive Aerospace Industrial Railway Medical

문서에서 자세히 알아보기

Condition Coverage

Condition coverage takes decision coverage a step further by splitting complex boolean expressions into their individual parts. Each subexpression connected by an and or or operator is evaluated independently for both true and false. This reveals gaps that decision coverage alone will not catch, particularly in decisions with multiple conditions where some combinations may never be tested. In Coco, condition coverage is the natural stepping stone toward MC/DC and gives you a deeper view of logical test completeness before you move to the full independence requirement.

표준
Stepping stone to MC/DC — not a standalone standard requirement

산업분야
Automotive Aerospace Industrial Railway Medical

문서에서 자세히 알아보기

MC/DC and MCC Coverage

Modified Condition/Decision Coverage (MC/DC) requires that every condition in a decision must independently affect the outcome. For each condition, there must be two test executions where only that condition changes and everything else stays the same. This is the level of rigor that safety auditors expect at the highest integrity levels, and it is what Coco is certified to support up to ASIL D. Multiple Condition Coverage (MCC) goes even further by requiring all possible combinations of truth values in every decision, and is accepted as an alternative to MC/DC under IEC 61508 and EN 50128 at SIL 3 and 4.

MC/DC 표준
ISO 26262 ASIL A–D DO-178C DAL A IEC 61508 SIL 1–4 EN 50128 SIL 1–4

MCC 표준
IEC 61508 SIL 3–4 (alt.) EN 50128 SIL 3–4 (alt.)

인증 키트
IEC 62304 Class C

산업 분야
Automotive Aerospace Industrial Railway Medical

MC/DC 문서  MCC 문서

Test Timing & Performance Metrics

Beyond coverage, Coco also tracks how long each test takes to run and how often each part of your code gets executed. This helps teams identify slow tests, spot code that gets hit far more than necessary, and optimise the order in which tests run across your CI pipeline. It is not a coverage standard requirement, but it is a practical tool for keeping test suites lean and fast without sacrificing the coverage you need.

표준
CI and pipeline optimisation — not a coverage standard requirement

산업 분야
All industries

document

Whitepaper: Code Coverage for Safety-Critical Programs

Read Now

Coco Gives Every Role on Your Team Something They Actually Need

QA Managers & Test Leads

Value Journey

Gain Visibility

Scale Consistency

Maximize ROI

  • Use Case

  • Coco Features

  • What you Achieve

  • Scaling Teams

    Make every test count: Focus effort on what matters, cut what does not 

  • cmreport generates reports automatically on every build. Cobertura XML and SonarQube XML export feeds external dashboards. CoverageBrowser compares builds side by side 

  • Coverage gaps become a managed backlog, not a surprise at release

    Same measurement standard across every team and platform

    Pair with SonarQube or Codecov for time-series trend dashboards

    Run Coco across your team's codebase 

Compliance & Safety Leads

Value Journey

Pass Audits

Build Evidence

Full Qualification

  • Use Case

  • Coco Features

  • What you Achieve

  • Tooling Qualification

    Close out tool qualification in days, not months  

  • Tool Qualification Kits (TQKs) deliver per-standard documentation, pre-built test cases, and safety manuals. MCC and MC/DC cover the highest integrity levels 

  • Qualification documentation ready to submit for ISO 26262, DO-178C, IEC 61508, EN 50128

    Complete traceability between tests and code

    No internal qualification effort to build from scratch

    Ask us which Qualification Kit fits your standard  

Developers & Engineering Teams

Value Journey

See The Risk

Release with Confidence

Move Faster

  • Use Case

  • Coco Features

  • What you Achieve

  • Pre-Merge Confidence

    Understand the impact of every change before it merges

  • Patch coverage analysis maps your diff against existing coverage data and shows which lines are covered, which are not, and which tests executed those paths — without re-running the full suite 

  • Know exactly which lines in your change are covered before review

    Identify which existing tests cover your patch without re-running everything

    For complex logic, MC/DC verifies every condition is fully exercised

    See Coco in action  

DevOps & CI Engineers

Value Journey

Add to Pipeline

Automate Everything

Enforce Standards

  • Use Case

  • Coco Features

  • What you Achieve

  • Getting Started

     Get coverage data into your pipeline today 

  • cmreport outputs Cobertura XML, SonarQube XML, JUnit, and EMMA-XML — formats your existing CI system already reads 

  • Coverage data in CI-compatible formats from day one

    No restructuring of your existing pipeline required

    Add Coco to your next build 

  • Full Automation

    Remove every manual step and enforce standards automatically 

  • CoverageScanner instruments during the build. cmreport generates reports from the command line. Patch coverage analysis runs on every diff. Your CI system reads the output and enforces thresholds 

  • Coverage collected and reported on every build with zero manual steps

    Coco provides the data — your CI system enforces the gate

    Pair with SonarQube or Codecov for visual coverage trend dashboards

    See how Coco fits into a CI pipeline 

Engineering Managers & Technical Leadership

Value Journey

Identify Risk

Align Teams

Make Decisions

  • Use Case

  • Coco Features

  • What you Achieve

  • Getting Started

    Make software risk visible across your organisation

  • The CRAP metric surfaces the riskiest functions by combining complexity with coverage gap.

    CoverageBrowser and cmreport give consistent measurement across every team 

  • Replace "we think it is well tested" with objective data

    Know which parts of the codebase carry the most untested risk

    Give every team a shared, measurable definition of quality

    See what coverage evidence looks like for leadership 

  • Strategic Planning

    Turn coverage data into investment and release decisions

  •  cmreport with coverage gap analysis by module. Cobertura XML and SonarQube XML export for leadership dashboards. CoverageBrowser build comparison 

  • Compare coverage between releases to track improvement

    Justify testing investment with measurable quality data

    Pair Coco exports with SonarQube or your CI system for time-series dashboards

    Talk to us about rolling Coco out across your organisation 

Embedded & MCU Engineers

Value Journey

Instrument the Target

Collect Real Data

Scale Across Builds

  • Use Case

  • Coco Features

  • What you Achieve

  • Getting Started

    Get real coverage from your actual hardware, not a simulator

  • CoverageScanner wraps your existing compiler (ARM GCC, IAR, Green Hills, HighTec and others)  with no toolchain migration

    Statement block, decision, and function coverage on bare-metal and RTOS targets 

  • Coverage that reflects what your hardware actually executes

    Start measuring without changing your build system, toolchain, or source code

    Instrument your first MCU target 

  • Data Collection

    Retrieve coverage from any target and merge into one report

  • CoverageScanner custom IO functions support GDB, serial, TCP/IP, CAN bus, and ARM semihosting

    For Qt for MCUs: cmcsexeimport with --qul-port enables one-click import for Qt for MCUs targets

    cmmerge and cocoqmlscanner combine C++ and QML into a single database 

  • No single transfer method required, use what your hardware already has

    One unified report across all targets and test runs

    Fully scriptable end-to-end workflow from build to report

    Read how safety-critical teams certify embedded software 

See How to Detect Coverage Gap You Didn't Know You Had 


Watch James Vance, Senior Software Engineer at Qt Group, walk through the Coco code coverage interface and show how to measure coverage and identify untested code.
 

“Coco code coverage is a relevant tool for us, because you do not know how good your software quality is until you understand the code coverage and testing coverage.” 

Jaakko Palokangas, Director of Digital Technology Development, Metso

Code Coverage Tool that Works With Your Setup

Coco plugs into your CI/CD, IDE, and quality tools to make coverage insights instantly usable where you work. Streamline your path from test data to quality improvements.

 

Deploy Anywhere

Run Coco natively or cross-compile to any target, covering everything from desktop to bare-metal embedded systems
Native Compatibility
Run on the systems your teams already use
 Linux, Windows (32/64-bit), macOS 64-bit — Intel & ARM via Rosetta 2
 UNIX variants: Solaris, AIX (enterprise, on request)
Cross-Compilation
Target embedded & constrained environments
 Embedded Linux/Windows — industrial & automotive
 RTOS: QNX, VxWorks, FreeRTOS
 Bare-metal microcontrollers for safety-critical devices
Supported Compilers
Mainstream and specialized toolchains*
 GCC, Clang, MS Visual Studio, Intel, Mono
 QNX, ARM (Keil), Green Hills, HighTec, Diab, TI, and more
*Some toolchains require the Coco Cross-Compilation Add-on
Target Hardware
Run qualification on real, production hardware
 Intel x86/x64, ARM, PowerPC, MIPS, SPARC, AURIX™, and more
 General-purpose CPUs to safety-grade microcontrollers

Develop & Build Faster

Build systems without needing to change your tools or refactor your code. Coco fits right in

Report & Stay Compliant

Export in the formats your teams and auditors already know

Test with What You Already Use

Coco works right alongside your existing frameworks: GoogleTest, Boost.Test, NUnit

Automate & Release

Get automated coverage feedback in your CI/CD pipeline

Code Coverage for Embedded Systems and MCUs

Coco for MCUs
Code Coverage for any Microcontroller Project

Coco works on any C or C++ MCU project regardless of silicon vendor, RTOS, or application framework. It wraps your existing compiler during the build with no toolchain migration and no source code changes. Coverage data is collected on the actual target and analysed in CoverageBrowser.

Most MCU projects have no file system and no OS to help collect data. Coco handles this by capturing coverage data during test execution and retrieving through whatever communication channel the hardware already has available.

  • If you are building with Qt for MCUs, a dedicated integration is available with full C++ and QML coverage, device discovery, and one-click data import.

  • If you are not using Qt, it works exactly the same way through GDB, serial, TCP/IP, CAN bus, or ARM semihosting.


NXP Infineon Renesas STM32 Microchip TI AURIX

ARM GCC IAR Green Hills HighTec Clang Diab

Bare-metal FreeRTOS QNX VxWorks Zephyr SafeRTOS

How to Measure Code Coverage for MCUs

1

Instrument at build time

Coco wraps your existing compiler. The instrumented binary builds and flashes to the target exactly as normal.
2

Execute tests on real hardware

Tests run on the actual MCU target, bare-metal or RTOS. Coverage data is captured on the device during execution.
3

Retrieve data via your available channel

Coco provides custom IO functions you implement for your hardware. Supported transfer paths include:

GDB variable dump any target
Serial / COM port common
TCP/IP networked targets
CAN bus automotive
ARM semihosting ARM Cortex-M/R
Qt for MCUs DeviceLink Qt MCUs projects
4

Merge, analyse, and report

Results from multiple test runs and targets merge into a single CoverageBrowser report. The full workflow is scriptable from the command line for CI integration.
Start measuring coverage on real hardware

Qt for MCUs Integration
Full Coverage for C++ and QML Out of the Box

For teams building with Qt for MCUs, Coco provides a dedicated integration that covers both C++ and QML (Qt Quick Ultralite) in a single workflow. Compiler profiles for supported Qt for MCUs toolchains are included by default, so no manual configuration is needed. C++ and QML coverage results merge into one database for a complete view of application coverage.

Device discovery and one-click coverage import directly from the board in CoverageBrowser
Debug output console for monitoring device output during test execution
QML instrumentation via the --qul option handles project integration automatically
No debugger or custom IO functions required for data retrieval

Compatible with Qt for MCUs version 2.12.1 and above.

Start measuring coverage on Qt for MCUs

Regulated Industries
Coverage Evidence Your Auditors Can Verify 

Safety standards for MCU software require structural coverage evidence at specific levels. Coco supports every level those standards demand, from function and statement coverage through branch, condition, and MC/DC. Reports are audit-ready and aligned to your standard. For projects that need full tool qualification, per-standard Qualification Kits for ISO 26262, DO-178C, IEC 62304, and EN 50128 are available separately.

ISO 26262 up to ASIL D · DO-178C · IEC 62304 · IEC 61508 · EN 50128
Independently certified by SGS TÜV Saar, Certificate No. FS/71/220/26/2113

“Coco brings together the missing link between code and tests. Coco seemed like a regular code coverage tool at first, but after we started using it, we found some very advanced features.” 

InnovMetric

tool qualification
Tool Qualification for Regulated Industries

Avoid Months of Manual Work

If you need to certify your software, you need to qualify your tools.

The Coco Qualification Kit gives you everything needed to prove Coco is safe and reliable for use in safety-critical development. No need to build test suites or write justification from scratch, we’ve done it for you.

  • Pre-built test cases and expected results

  • Tool classification and safety manuals

  • Ready for ISO 26262, DO-178C, IEC 62304, EN 50128, and more

Designed to support a wide range of industries, Coco simplifies compliance and quality assurance by providing ready-to-use validation reports, process documentation, and certification templates

Learn more about Tool Qualification Kit

 

What’s new in Coco? Latest Release – Coco 7.5

  • CRAP Metric: Combines cyclomatic complexity with code coverage into a single risk score, giving you a prioritized list of the C++ functions most likely to contain bugs, so you stop chasing percentages and start fixing what matters.
  • cmimport: Converts Python coverage.py reports into Coco's format, merging Python and C++ coverage into one unified report  eliminating the need to maintain two separate tools across your stack.
  • Coco Setup: Automatically detects your compiler toolchains and generates coverage scanner wrappers, reducing a multi-day configuration task to a guided five-minute setup.
  • Qt for MCUs: Instruments both C++ and QML running on embedded target devices, using the Device Link protocol to transfer coverage data automatically, giving you a complete frontend-to-backend coverage report from real hardware, no debugger scripting required.

 

Read Latest Release

인증 키트

테스트 프로세스가 안전 표준에 부합하는지 확인할 수 있도록 도와주는 맞춤형 종합 인증 도구입니다.

더 알아보기

문서

Coco의 기술적 측면에 대해 자세히 알아보세요.

자세히 보기

Coco 평가판 활용 가이드

평가판 활용 가이드는 Coco 평가판을 다운로드하여 세팅하고 사용하기까지의 모든 과정을 안내합니다.

가이드 확인하기

Blog

Is 70%, 80%, 90%, or 100% Code Coverage Good Enough?

Numbers like 70%, 80%, or even 100% do not tell the whole story, and sometimes they can create a false sense of security. In our deep dive, “Is 70%, 80%, 90%, or 100% Code Coverage Good Enough?”, we break down what those metrics really say about your tests, why 100% statement coverage can still leave dangerous gaps.

Read more

Tutorial

Using AI Code Assistants to Generate Unit Tests and Maximize Coverage

See how you can use GitHub Copilot + Coco Code Coverage to raise test coverage from 65% to 78%, and how this approach can be adapted for other frameworks and industries, including safety-critical domains.

Read more

소프트웨어 개발에서의 품질 보증을 위한 완벽한 가이드

가이드 읽어보기

Frequently Asked Questions

How do I measure code coverage for embedded C/C++ systems?
Measuring code coverage for embedded C/C++ systems requires a tool that can instrument code for cross-compiled targets and collect execution data from real hardware. Coco uses compiler-level instrumentation — it wraps the compiler (GCC, Clang, IAR, ARM/Keil, Green Hills, and others) and inserts measurement points during the build process. Coverage data is collected during test execution on the actual embedded target — including RTOS-based systems running QNX, VxWorks, and FreeRTOS, as well as bare-metal microcontrollers — and then analysed in CoverageBrowser. Results from multiple targets and configurations can be merged into a single coverage report.

What is the difference between MC/DC and branch coverage?
Branch coverage (also called decision coverage) verifies that every decision, such as an if statement, has evaluated to both true and false. Modified Condition/Decision Coverage (MC/DC) goes further: it requires that every individual condition within a decision independently affects the decision outcome, with each condition shown to be independently capable of changing the result. MC/DC requires more test cases than branch coverage but provides significantly stronger assurance, which is why it is expected at ASIL D under ISO 26262 and required at DAL A under DO-178C.

What is a good code coverage tool for C++ and embedded systems?
Coco is a code coverage analysis tool specifically designed for C and C++ development across desktop and embedded systems. It supports compiler-level instrumentation for GCC, Clang, IAR, ARM/Keil, and Green Hills compilers, and works on embedded targets including QNX, VxWorks, FreeRTOS, and bare-metal microcontrollers. For teams working under safety standards such as ISO 26262, DO-178C, or IEC 62304, Coco is independently certified by SGS TÜV Saar to ASIL D and provides per-standard Qualification Kits.

Can code coverage be collected without source code access?
Yes. Coco supports black-box testing through a facility that separates instrumentation from source code access. A developer with source code creates a black-box instrumentation database — an instrumented binary that contains no source code. This binary is distributed to QA engineers or outsourced teams who run tests and generate execution reports (.csexe files). The execution reports are returned to the developer who merges them into the master coverage database without the QA team ever seeing source code. This is particularly useful for distributed teams, outsourced testing, and IP-sensitive projects.

How do I measure code coverage on embedded C and C++ targets?
Coco uses compiler-level instrumentation — it wraps your existing compiler and inserts measurement points during the build. Coverage data is collected during test execution on the actual embedded target, including RTOS-based systems running QNX, VxWorks, and FreeRTOS, and bare-metal microcontrollers. Results from multiple targets and configurations can be merged into a single coverage report in CoverageBrowser. No toolchain migration is required.

How does Coco integrate with CI/CD pipelines?
Coco integrates natively with Jenkins, GitHub Actions, and GitLab CI. Coverage data is collected automatically during pipeline execution and exported in CI-compatible formats including Cobertura XML, SonarQube XML, JUnit, and EMMA-XML. Coverage thresholds can be set as quality gates to block merges when coverage drops below defined levels. The cmreport command-line tool enables automated report generation in any build script without a GUI.

What is code coverage in software testing?
Code coverage analysis records which statements, branches, and conditions in source code are executed during a test run, expressed as a percentage of total executable code. It is distinct from test coverage (which measures requirement coverage) and test effectiveness (which measures whether tests catch real defects)

What code coverage is required for ISO 26262 ASIL D?
ISO 26262 Part 6, Table 14 classifies structural coverage requirements by ASIL level. At ASIL D, Modified Condition/Decision Coverage (MC/DC) is classified as highly recommended (++), meaning certification bodies expect it and will require justification for its absence. At ASIL C, MC/DC is recommended (+). Statement and branch coverage are expected at ASIL A and B. Note that 'highly recommended' in ISO 26262 language is not a hard mandate in the same way as some DO-178C requirements, but in practice auditors treat it as effectively required at ASIL D. Coco is certified by SGS TÜV Saar (Certificate No. FS/71/220/26/2113) for use in ISO 26262 projects up to ASIL D.

What code coverage does IEC 62304 Class C require?
IEC 62304 classifies medical device software by safety risk level. Class C software (where failure could cause death or serious injury) requires comprehensive software unit verification with coverage reports demonstrating that all code related to risk control measures has been tested. Regulatory submissions for Class C devices are expected to include structural coverage evidence. Coco generates audit-ready coverage reports aligned to IEC 62304 requirements and provides an IEC 62304 Qualification Kit.

Does code coverage need to be tool-qualified for safety-critical software?
Yes. Under ISO 26262, DO-178C, IEC 62304, IEC 61508, and EN 50128, every tool used in safety-critical software verification must be qualified for the integrity level being targeted. Without a pre-qualified tool, the qualification burden falls entirely on the development team — typically requiring months of effort to produce tool behaviour documentation, validation test suites, and qualification reports. Coco reduces this burden significantly. Coco Version 7.4.0 is independently certified by SGS TÜV Saar (Certificate No. FS/71/220/26/2113) under ISO 26262-8:2018, clause 11. Per-standard Qualification Kits for ISO 26262, DO-178C, IEC 62304, and EN 50128 deliver the remaining documentation, pre-built test cases, and safety manuals so tool qualification closes in days rather than months.

Is Coco certified for use in ISO 26262 safety-critical development?
Yes. Coco Version 7.4.0 has been independently assessed and certified by SGS TÜV Saar (Certificate No. FS/71/220/26/2113) against ISO 26262-8:2018, clause 11. It is confirmed suitable for verification of safety-related software up to ASIL D, the highest automotive safety integrity level. Per-standard Qualification Kits are available for ISO 26262, DO-178C, IEC 62304, and EN 50128.

What coverage levels does Coco support?
Coco supports function coverage, line coverage, statement block coverage, decision/branch coverage, condition coverage, Modified Condition/Decision Coverage (MC/DC), and Multiple Condition Coverage (MCC). MC/DC is the level required at ASIL C/D under ISO 26262 and DAL A/B under DO-178C. All levels are visualised in CoverageBrowser with colour-coded source code annotation.

Does Coco work with embedded systems and real hardware targets?
Yes. Coco supports coverage collection from actual embedded targets, not only emulators. It works with GCC, Clang, IAR, ARM/Keil, Green Hills, and other embedded compilers. Supported platforms include Embedded Linux, QNX, VxWorks, FreeRTOS, and bare-metal microcontrollers. Coverage data from real hardware execution is merged with results from other targets and analysed together in CoverageBrowser.

What is the CRAP metric in Coco?
CRAP stands for Change Risk Anti-Patterns. It combines cyclomatic complexity with coverage data to produce a risk score for every function. The higher the complexity and the lower the coverage, the higher the score. Functions scoring above 30 are flagged as high risk in CoverageBrowser. This allows QA teams to prioritise new test writing by objective risk rank rather than by instinct, and to export ranked results for sprint planning and management reporting.

How does Coco patch analysis work?
Patch analysis takes a diff file in unified format and maps it against existing coverage execution data (.csmes and .csexe files) from your test suite. It produces an annotated report showing which lines in the patch are covered by existing tests, which are not covered, and which tests executed the changed code paths without re-running the test suite against the patched version. Output is available as HTML or CSV for code reviews, release gates, and certification evidence.

Does code coverage tooling need to be qualified for safety-critical projects?
Yes. Under ISO 26262, DO-178C, IEC 62304, IEC 61508, and EN 50128, every tool used in safety-critical software verification must be qualified for the integrity level being targeted. Without a pre-qualified tool, the qualification burden falls entirely on the development team, typically requiring months of effort. Coco's TÜV Saar certification removes the initial qualification burden. Per-standard Qualification Kits for ISO 26262, DO-178C, IEC 62304, and EN 50128 close out the remainder in days rather than months.

Does Coco work with languages other than C and C++?
Yes. Coco supports C, C++, C#, QML, Tcl, and Python (via coverage.py integration for Python modules, with Coco handling instrumentation for native C/C++/C#/QML/Tcl layers). Coco is not a Qt-only tool, as it works with any codebase using these languages regardless of framework. Coverage results across all supported languages can be merged and analysed together in a single report.

Know What Your Tests Are Missing by End of Day

Coco's evaluation license lets you instrument components against your existing build system and test suite. Within the same day you have a real coverage report. It is not a demo, not sample data, but actual execution results from your own code showing exactly where your tests fall short.
Generate Report Talk to an Expert