Build jacoco cli internally

1 files changed, 30 insertions, 16 deletions

diff --git a/README.md b/README.md
index fdceec99..53da74d9 100644
--- a/README.md
+++ b/README.md
@@ -473,30 +473,44 @@ via `--ignore=<token_1>,<token2>`.
 
 ### Export coverage information
 
-The internally gathered JaCoCo coverage information can be exported in a human-readable and the JaCoCo dump format.
-These can help identify code areas that can not be reached through fuzzing and perhaps need changes to make them more
-accessible for the fuzzer.
+The internally gathered JaCoCo coverage information can be exported in human-readable and JaCoCo execution data format
+(`.exec`). These can help identify code areas that have not been covered by the fuzzer and thus may require more
+comprehensive fuzz targets or a more extensive initial corpus to reach.
 
 The human-readable report contains coverage information, like branch and line coverage, on file level. It's useful to 
-get a quick overview about the overall coverage. The flag `--coverage_report=<file>` can be used to generate the report. 
-
-Similar to the JaCoCo `dump` command the flag `--coverage_dump=<file>` specifies the coverage dump file, often called
-`coverage.exec`, that should be generated after the fuzzing run. It contains a binary representation of the gathered
-coverage data in the JaCoCo format.
-
-The JaCoCo `report` command can be used to generate reports based on the coverage dump. For example the
-following command generates an HTML report in the folder `./report/` containing all classes available in `classes.jar`
-and their coverage as captured in the export `coverage.exec`.
+get a quick overview about the overall coverage. The flag `--coverage_report=<file>` can be used to generate it.
+
+Similar to the JaCoCo `dump` command, the flag `--coverage_dump=<file>` specifies a coverage dump file, often called
+`jacoco.exec`, that is generated after the fuzzing run. It contains a binary representation of the gathered coverage 
+data in the JaCoCo format.
+
+The JaCoCo `report` command can be used to generate reports based on this coverage dump. **Note:** The version of the
+JaCoCo agent used by Jazzer internally differs slightly from the official one. As a result, a similarly modified version
+of the JaCoCo CLI tool has to be used to generate correct reports. The correct version is available at its
+[release page](https://github.com/CodeIntelligenceTesting/jacoco/releases) as `zip` file. The report tool is located in 
+the `lib` folder and can be used as described in the JaCoCo 
+[CLI documentation](https://www.eclemma.org/jacoco/trunk/doc/cli.html). For example the following command generates an 
+HTML report in the folder `report` containing all classes available in `classes.jar` and their coverage as captured in 
+the export `coverage.exec`. Source code to include in the report is searched for in `some/path/to/sources`. 
+After execution the `index.html` file in the output folder can be opened in a browser.
 ```shell
-java -jar jacococli.jar report coverage.exec \
+java -jar path/to/jacococli.jar report coverage.exec \
   --classfiles classes.jar \
   --sourcefiles some/path/to/sources \
-  --html ./report/ \
+  --html report \
   --name FuzzCoverageReport
 ```
 
-More information about coverage report generation is available on the JaCoCo
-[CLI documentation](https://www.eclemma.org/jacoco/trunk/doc/cli.html) page.
+Furthermore, it's also possible to directly use the CLI tools of the internal JaCoCo version via Bazel with the target
+`@jazzer_jacoco//:jacoco_cli`. The following command builds an HTML report similar to the one mentioned above:
+```shell
+bazel run @jazzer_jacoco//:jacoco_cli -- \
+  report /coverage.exec \
+  --classfiles /classes.jar \
+  --sourcefiles /some/path/to/sources \
+  --html /tmp/report/ \
+  --name FuzzCoverageReport
+```
 
 ## Advanced fuzz targets