Add Function-Level Coverage Overview and Statistics

[xusheng6]

Feature Request

Add a function-level coverage overview widget that provides aggregate statistics and analysis capabilities beyond the current instruction-level painting.

Current Limitations

Currently, the debugger only paints coverage at the instruction level in the disassembly view. While useful, this makes it difficult to:

• Identify which functions have the most/least coverage
• Get an overall coverage percentage
• Prioritize which uncovered code to analyze
• Export coverage statistics for reporting
• Compare coverage across different functions

Proposed Feature

Add a "Coverage Overview" widget with a sortable table displaying:

Columns

• Function Name - Demangled name with address
• Blocks Executed - e.g., "15/23" (executed/total)
• Instructions Executed - e.g., "87/145"
• Coverage % - Calculated from instructions executed
• Execution Count - Total times instructions in this function executed
• Complexity (optional) - Cyclomatic complexity if available

Capabilities

• Sort by any column (find least covered, most complex, etc.)
• Search/filter by function name
• Double-click to navigate to function
• Export to CSV/JSON
• Color-coded rows based on coverage percentage
• Show aggregate statistics (overall coverage %, total functions covered, etc.)

Benefits

1. Quick Assessment - Immediately see which functions need attention
2. Prioritization - Focus testing on high-complexity low-coverage functions
3. Reporting - Export coverage metrics for documentation/reports
4. Comparison - When combined with Consider separating the TTD coverage functionality into trace provider and trace consumer #987, compare coverage across multiple traces
5. Fuzzing Integration - Identify gaps in fuzzer-generated coverage

Implementation Notes

• Leverage Binary Ninja's existing function/basic block APIs
• Aggregate data from existing m_executedInstructionCounts map
• UI should update when coverage is loaded/changed
• Consider async computation for large binaries

Related Issues

• Depends on Consider separating the TTD coverage functionality into trace provider and trace consumer #987 for proper architecture (coverage provider/consumer separation)
• Enables coverage composition features mentioned in Consider separating the TTD coverage functionality into trace provider and trace consumer #987

Example UI (from similar tools)

Function-level coverage tables are a standard feature in coverage tools like:

• Lighthouse (IDA/Binary Ninja coverage plugin)
• Bullseye Coverage
• gcov/lcov

The table would integrate naturally with Binary Ninja's dockable widget system.