preparing fuzz

Signed-off-by: JadKHaddad <[email protected]>

Author: JadKHaddad

bmp180/Cargo.toml

@@ -15,6 +15,7 @@ async = ["dep:embedded-hal-async"]
 blocking = ["dep:embedded-hal"]
 log = ["dep:log"]
 i-know-what-i-am-doing = []
+fuzz = ["blocking"]
 
 [dependencies]
 embedded-hal-async = { version = "1.0.0", optional = true }

bmp180/fuzz/Cargo.lock

@@ -18,7 +18,7 @@ members = ["."]
 debug = 1
 
 [[bin]]
-name = "write_read"
-path = "fuzz_targets/write_read.rs"
+name = "init_update"
+path = "fuzz_targets/init_update.rs"
 test = false
 doc = false

bmp180/fuzz/Cargo.toml

@@ -0,0 +1,19 @@
+#![no_main]
+
+use bmp180::{
+    fuzz::{FuzzDelay, FuzzI2C},
+    BlockingBMP180, BlockingInitBMP180, UninitBMP180,
+};
+
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    let fuzz_i2c = FuzzI2C::new(data);
+
+    let mut bmp180 = UninitBMP180::builder(fuzz_i2c, FuzzDelay {})
+        .build()
+        .initialize()
+        .unwrap();
+
+    bmp180.update().unwrap();
+});

bmp180/fuzz/fuzz_targets/init_update.rs

@@ -312,12 +312,14 @@ mod impl_blocking {
     use embedded_hal::{delay::DelayNs, i2c::I2c};
 
     use crate::{
-        device::register::Register, functionality::blocking::BlockingBMP180, tri, BaseBMP180,
+        device::register::Register,
+        functionality::{blocking::BlockingBMP180, PrivateUninitBMP180},
+        tri, BaseBMP180, BlockingInitBMP180, UninitBMP180,
     };
 
     use super::{calibration::Calibration, BMP180};
 
-    impl<I2C, DELAY> BlockingBMP180<I2C, DELAY> for BMP180<I2C, DELAY>
+    impl<I2C, DELAY> BlockingInitBMP180<I2C, DELAY> for UninitBMP180<I2C, DELAY>
     where
         I2C: I2c,
         DELAY: DelayNs,
@@ -343,6 +345,14 @@ mod impl_blocking {
 
             Ok(Calibration::from_slice(&data))
         }
+    }
+
+    impl<I2C, DELAY> BlockingBMP180<I2C, DELAY> for BMP180<I2C, DELAY>
+    where
+        I2C: I2c,
+        DELAY: DelayNs,
+    {
+        type Error = I2C::Error;
 
         fn read_raw_temperature(&mut self) -> Result<i16, Self::Error> {
             tri!(self.i2c.write(

bmp180/fuzz/fuzz_targets/write_read.rs

@@ -12,12 +12,6 @@ pub trait BlockingBMP180<I2C, DELAY>: BaseBMP180<I2C, DELAY> {
     /// Error type that can occur during blocking operations.
     type Error;
 
-    /// Read device ID.
-    fn read_id(&mut self) -> Result<u8, Self::Error>;
-
-    /// Read calibration data.
-    fn read_calibration(&mut self) -> Result<Calibration, Self::Error>;
-
     /// Read raw temperature.
     fn read_raw_temperature(&mut self) -> Result<i16, Self::Error>;
 

bmp180/src/device/mod.rs

@@ -0,0 +1,74 @@
+//! Fuzzing utilities.
+
+use core::convert::Infallible;
+
+use crate::device::{id::Id, register::Register};
+
+/// Fuzzing delay.
+///
+/// Does nothing.
+pub struct FuzzDelay;
+
+impl embedded_hal::delay::DelayNs for FuzzDelay {
+    fn delay_ns(&mut self, _: u32) {}
+}
+
+/// Fuzzing I2C.
+///
+/// Responds with the correct id. Erverything else is random.
+pub struct FuzzI2C<'data> {
+    /// Data to respond with.
+    data: &'data [u8],
+
+    /// Check if the current write is to the id register.
+    is_id_write: bool,
+}
+
+impl<'data> FuzzI2C<'data> {
+    /// Create a new `FuzzI2C`.
+    pub fn new(data: &'data [u8]) -> Self {
+        Self {
+            data,
+            is_id_write: false,
+        }
+    }
+}
+
+impl embedded_hal::i2c::ErrorType for FuzzI2C<'_> {
+    type Error = Infallible;
+}
+
+impl embedded_hal::i2c::I2c for FuzzI2C<'_> {
+    fn transaction(
+        &mut self,
+        _address: u8,
+        operations: &mut [embedded_hal::i2c::Operation<'_>],
+    ) -> Result<(), Self::Error> {
+        for operation in operations {
+            match operation {
+                embedded_hal::i2c::Operation::Write(write) => {
+                    if write[0] == Register::ChipId as u8 {
+                        self.is_id_write = true;
+                    } else {
+                        self.is_id_write = false;
+                    }
+                }
+                embedded_hal::i2c::Operation::Read(read) => {
+                    if self.is_id_write {
+                        read[0] = Id::Valid as u8;
+                    } else {
+                        if self.data.len() == read.len() {
+                            read.copy_from_slice(self.data);
+                        } else if self.data.len() < read.len() {
+                            read[..self.data.len()].copy_from_slice(self.data);
+                        } else {
+                            read.copy_from_slice(&self.data[..read.len()]);
+                        }
+                    }
+                }
+            }
+        }
+
+        Ok(())
+    }
+}

bmp180/src/functionality/blocking.rs

@@ -30,6 +30,9 @@ pub use crate::functionality::asynchronous::{AsyncBMP180, AsyncInitBMP180};
 #[cfg(feature = "blocking")]
 pub use crate::functionality::blocking::{BlockingBMP180, BlockingInitBMP180};
 
+// #[cfg(feature = "fuzz")]
+pub mod fuzz;
+
 /// Our custom `try!` macro aka `?`, to get rid of [`core::convert::From`]/[`core::convert::Into`] used by the `?` operator.
 macro_rules! tri {
     ($e:expr $(,)?) => {