Implement code coverage transformation

[JamesLee-Jones]

Implement a non-semantics preserving version of the code coverage instrumentation to add extra code coverage points if a mutation differs from the actual result.

[JamesLee-Jones]

This is still very much a work in progress and will require large amounts of refactoring to remove code duplication. This is just a first experiment in using code coverage to guide greybox fuzzing.

[JamesLee-Jones]

While trying to modify Woff2, the changes made by this update to Dredd cause compile errors:

SRC/src/font.cc:641:140: error: incompatible operand types ('int' and 'woff2::Font::Table *')
  if (!__dredd_enabled_mutation(9)) { return __dredd_replace_expr_bool([&]() -> bool { return static_cast<bool>(it == tables.end()); }, 0) ? __dredd_replace_expr_int(0, 3) : &it->second; }

SRC/src/woff2_enc.cc:964:91: error: comparison between pointer and integer ('const Font::Table *' and 'long')
      if (!__dredd_enabled_mutation(1475)) { if (__dredd_replace_expr_bool(table_to_store == __dredd_replace_expr_long(NULL, 1466), 1472)) table_to_store = &original; }

SRC/src/woff2_dec.cc:2191:20: error: cannot initialize a variable of type 'const woff2::Table *' with an rvalue of type 'long'
      const Table* glyf_table = __dredd_replace_expr_long(NULL, 10411);

Replacing NULL seems to be the primary culprit, but not the only one.

[JamesLee-Jones]

When fuzzing woff, the current implementation leads to some crashes coming from the changes introduced by Dredd instead of the bug present in woff. This means the current implementation must not be entirely semantics preserving.

An example of a replacement that causes a crash is:

static unsigned int __dredd_replace_expr_unsigned_int_lvalue(unsigned int& arg, int local_mutation_id) {
  unsigned int actual_result = arg; // The crash is here
  return actual_result;
}

This doesn't appear to the case for the main branch of Dredd.