Fuzz code

CMakeLists.txt

@@ -26,15 +26,6 @@ if(UNIT_TESTING)
     # Use reference https://stackoverflow.com/a/52257586
     set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_SOURCE_DIR}/cmake)
 
-    include(CodeCoverage)
-    APPEND_COVERAGE_COMPILER_FLAGS()
-    SETUP_TARGET_FOR_COVERAGE_LCOV(
-            NAME coverage_my                 
-            EXECUTABLE ctest -j ${n_cores} # Executable in PROJECT_BINARY_DIR
-            DEPENDENCIES
-            picotracker_lora_tests
-            EXCLUDE "build/_deps*" "/usr/include/c++/*"     # Patterns to exclude (can be relative
-            )
     add_subdirectory(tests)
 else()
     message(STATUS ">>> Compiling for target")

src/apps/LoRaMac/common/callbacks.c

@@ -31,6 +31,7 @@ typedef struct
 } uplink_key_setter_message_t;
 
 uplink_key_setter_message_t uplink_key_setter_message;
+extern uint32_t tx_count_on_this_credential;
 
 void OnNvmDataChange(LmHandlerNvmContextStates_t state, uint16_t size)
 {
@@ -46,6 +47,8 @@ void OnNvmDataChange(LmHandlerNvmContextStates_t state, uint16_t size)
      */
     if (state == LORAMAC_HANDLER_NVM_STORE)
     {
+        // tx_count_on_this_credential++;
+
 #if GPS_ENABLED
         setup_GPS();
 #endif

src/apps/LoRaMac/common/message_sender.c

@@ -15,6 +15,7 @@
 #include "print_utils.h"
 #include "callbacks.h"
 #include "iwdg.h"
+#include "stdio.h"
 
 bool can_tx(LoRaMacRegion_t current_stack_region);
 
@@ -49,6 +50,10 @@ bool sensor_read_and_send(LmHandlerAppData_t *AppData, LoRaMacRegion_t current_s
 
         ret = true;
     }
+    else
+    {
+        printf("Lorawan stack initialised for wrong region.");
+    }
 
     return ret;
 }

src/apps/LoRaMac/periodic-uplink-lpp/B-L072Z-LRWAN1/main.c

@@ -38,6 +38,11 @@
 #include "message_sender.h"
 #include "eeprom_settings_manager.h"
 #include "nvmm.h"
+#include "signal.h"
+
+#ifdef UNITTESTING_LORA
+#include "rtc_mock.h"
+#endif
 
 /*!
  * User application data
@@ -121,14 +126,29 @@ static volatile uint8_t IsTxFramePending = 0;
  */
 extern Uart_t Uart1;
 
-
 uint32_t tx_count_on_this_credential = 0;
 
+void handler(int signum)
+{
+    /* notify the operator that the service has receive SIGTERM
+       and clean up (close file descriptors, etc). Will allow .gcda runtime
+       coverage files to be properly created.
+       Taken from https://stackoverflow.com/a/71168545
+     */
+
+    exit(0);
+}
+
+
 /*!
  * Main application entry point.
  */
 int main( void )
 {
+    signal(SIGTERM, handler);
+    signal(SIGHUP, handler);
+    signal(SIGINT, handler);
+
 #if( USE_WATCHDOG )
     IWDG_Init( );
 #endif
@@ -144,9 +164,6 @@ int main( void )
     /* Initialise timer */
     timer_init( );
 
-    /* Transmit immediately (10 milliseconds later) */
-    setup_next_tx_alarm( 10 );
-
     while( 1 )
     {
         switch_to_next_registered_credentials( ); // Switch to the next set of
@@ -156,8 +173,12 @@ int main( void )
     }
 }
 
+
 static void transmit_n_times_on_this_credential( void )
 {
+    /* Transmit immediately (10 milliseconds later) */
+    setup_next_tx_alarm( 10 );
+
     print_current_region( );
 
     /* Configure the subband settings for AS923 BEFORE initing it. Only needed
@@ -195,6 +216,10 @@ static void transmit_n_times_on_this_credential( void )
 
     while( tx_count_on_this_credential < N_TRANMISSIONS_PER_CREDENTIAL )
     {
+#ifdef UNITTESTING_LORA
+        /* simulate 1 millisecond per loop */
+        bump_rtc_tick( );
+#endif
         // Process characters sent over the command line interface
         CliProcess( &Uart1 );
 
@@ -236,7 +261,6 @@ static void PrepareTxFrame( void )
         return;
     }
 
-    tx_count_on_this_credential ++;
     sensor_read_and_send( &AppData, LmHandlerParams.Region );
     uint32_t interval = read_tx_interval_in_eeprom( TX_INTERVAL_EEPROM_ADDRESS,
                                                     TX_INTERVAL_GPS_FIX_OK );

src/mac/LoRaMacParser.c

@@ -20,6 +20,7 @@ Maintainer: Miguel Luis ( Semtech ), Gregory Cristian ( Semtech ),
 */
 #include "LoRaMacParser.h"
 #include "utilities.h"
+#include "string.h"
 
 LoRaMacParserStatus_t LoRaMacParserJoinAccept( LoRaMacMessageJoinAccept_t* macMsg )
 {
@@ -88,7 +89,7 @@ LoRaMacParserStatus_t LoRaMacParserData( LoRaMacMessageData_t* macMsg )
 
     if( macMsg->FHDR.FCtrl.Bits.FOptsLen <= 15 )
     {
-        memcpy1( macMsg->FHDR.FOpts, &macMsg->Buffer[bufItr], macMsg->FHDR.FCtrl.Bits.FOptsLen );
+        memcpy( macMsg->FHDR.FOpts, &macMsg->Buffer[bufItr], macMsg->FHDR.FCtrl.Bits.FOptsLen );
         bufItr = bufItr + macMsg->FHDR.FCtrl.Bits.FOptsLen;
     }
     else
@@ -105,7 +106,7 @@ LoRaMacParserStatus_t LoRaMacParserData( LoRaMacMessageData_t* macMsg )
         macMsg->FPort = macMsg->Buffer[bufItr++];
 
         macMsg->FRMPayloadSize = ( macMsg->BufSize - bufItr - LORAMAC_MIC_FIELD_SIZE );
-        memcpy1( macMsg->FRMPayload, &macMsg->Buffer[bufItr], macMsg->FRMPayloadSize );
+        memcpy( macMsg->FRMPayload, &macMsg->Buffer[bufItr], macMsg->FRMPayloadSize );
         bufItr = bufItr + macMsg->FRMPayloadSize;
     }
 

src/peripherals/config.h

@@ -120,7 +120,7 @@ extern "C"
  * @brief Define how quickly to return to searching for a GPS fix after transmitting
  * 
  */
-#define TX_INTERVAL_GPS_FIX_OK 2800 /* When fix was aquired, then sleep for this period (in milliseconds) before searching again */
+#define TX_INTERVAL_GPS_FIX_OK 10000 /* When fix was aquired, then sleep for this period (in milliseconds) before searching again */
 
   /**
    * @brief Lorawan defaults, normally will not be changed 

tests/CMakeLists.txt

@@ -1,22 +1,9 @@
 cmake_minimum_required(VERSION 3.7)
+set(CMAKE_C_COMPILER "clang")
+set(CMAKE_CXX_COMPILER "clang++")
+set(CMAKE_CXX_STANDARD 14)
 
 
-# Get the test framework Cpputest
-include(FetchContent)
-FetchContent_Declare(
-    cpputest
-    GIT_REPOSITORY https://github.com/cpputest/cpputest.git
-    GIT_TAG v4.0
-)
-# Set this to ON if you want to have the CppUTests in your project as well.
-set(TESTS OFF CACHE BOOL "Switch off CppUTest Test build")
-
-
-set(CPPUTEST_CXX_FLAGS "${CPPUTEST_CXX_FLAGS}  -m32")
-set(CPPUTEST_LD_FLAGS "${CPPUTEST_LD_FLAGS}  -m32")
-
-FetchContent_MakeAvailable(cpputest)
-
 add_definitions(
     -DREGION_EU868
     -DREGION_US915
@@ -35,9 +22,6 @@ add_definitions(
 )
 
 
-include_directories(${CPPUTEST_SRC_DIR})
-include_directories(${CPPUTESTEXT_SRC_DIR})
-
 # Test includes
 include_directories(${PROJECT_SOURCE_DIR}/mocking)
 include_directories(${PROJECT_SOURCE_DIR}/tests/mocks/)
@@ -65,7 +49,6 @@ include_directories(${PROJECT_SOURCE_DIR}/src/radio/sx1276/)
 
 # Unittests
 set(UNIT_TESTS 
-    main.cpp
     geofence_ut.cpp
     playback_ut.cpp
     lorawan_credentials_ut.cpp
@@ -87,16 +70,17 @@ set(MOCKS
     cli-mock.c
     board-mock.c
     sx1276-mock.c
-    timer-mock.cpp
     bsp_mock.cpp
     eeprom-board-mock.cpp
     # loramac-mock.cpp
     systime-mock.cpp
     ublox-mock.cpp
     nvm_images.cpp
-    gps_mock_utils.cpp
     delay-board-mock.c
     gpio_mock.c
+    rtc-board-mock.c
+    mocks/rtc_mock.c
+    ublox_simulator.cpp
 )
 
 
@@ -118,6 +102,7 @@ set(FILES_UNDER_TEST
     ${PROJECT_SOURCE_DIR}/src/apps/LoRaMac/common/LmHandlerMsgDisplay.c
     ${PROJECT_SOURCE_DIR}/src/apps/LoRaMac/common/LmHandler/LmHandler.c
     ${PROJECT_SOURCE_DIR}/src/system/delay.c
+    ${PROJECT_SOURCE_DIR}/src/system/timer.c
     ${PROJECT_SOURCE_DIR}/src/apps/LoRaMac/common/callbacks.c
 
 
@@ -150,7 +135,6 @@ set(FILES_UNDER_TEST
     ${PROJECT_SOURCE_DIR}/src/peripherals/soft-se/aes.c
     ${PROJECT_SOURCE_DIR}/src/peripherals/soft-se/soft-se-hal.c
 
-    ${PROJECT_SOURCE_DIR}/src/apps/LoRaMac/common/CayenneLpp.c 
     ${PROJECT_SOURCE_DIR}/src/apps/LoRaMac/common/LmHandlerMsgDisplay.c 
     ${PROJECT_SOURCE_DIR}/src/apps/LoRaMac/common/NvmDataMgmt.c 
     ${PROJECT_SOURCE_DIR}/src/apps/LoRaMac/common/LmHandler/LmHandler.c 
@@ -175,15 +159,18 @@ set(SOURCE_FILES
     ${FILES_UNDER_TEST}
 )
 
-add_executable(picotracker_lora_tests ${SOURCE_FILES})
-target_compile_options(picotracker_lora_tests PRIVATE -fshort-enums)
-# target_compile_options(picotracker_lora_tests PRIVATE -Wall -Wextra -Wpedantic)
-target_link_libraries(picotracker_lora_tests PRIVATE CppUTest CppUTestExt)
+
+set(INTEGRATION_TEST_SOURCE_FILES
+    ${MOCKS}
+    ${FILES_UNDER_TEST}
+)
 
 
-# only build 32-bit binaries
-target_compile_options(picotracker_lora_tests PRIVATE -m32)
-target_link_options(picotracker_lora_tests PRIVATE -m32)
 
-# Add tests
-add_test(picotracker_lora_tests picotracker_lora_tests -p) # Pass option to run CppUTests all on different threads
+set(CMAKE_CXX_FLAGS -fsanitize=fuzzer,address,undefined)
+
+
+add_executable(parser_brute_force
+    parser_brute_force.cpp
+    ${INTEGRATION_TEST_SOURCE_FILES}
+)

tests/bsp_mock.cpp

@@ -1,4 +1,3 @@
-#include "CppUTestExt/MockSupport.h"
 
 extern "C"
 {

tests/eeprom-board-mock.cpp

@@ -23,7 +23,6 @@
  * Modified by Medad Newman for unittesting
  */
 
-#include "CppUTestExt/MockSupport.h"
 
 extern "C"
 {

tests/gps_mock_utils.cpp

@@ -9,9 +9,6 @@
  * 
  */
 
-#include "CppUTest/TestHarness.h"
-#include "CppUTestExt/MockSupport.h"
-
 extern "C"
 {
 #include "ublox.h"

tests/mocks/rtc_mock.c

@@ -0,0 +1,39 @@
+/**
+ * @file rtc_mock.cpp
+ * @author Medad Newman ([email protected])
+ * @brief
+ * @version 0.1
+ * @date 2022-08-08
+ *
+ * @copyright Copyright (c) 2022
+ *
+ */
+
+#include "rtc_mock.h"
+#include "stdint.h"
+#include "stdbool.h"
+#include "stm32l0xx.h"
+#include "rtc-board.h"
+
+
+extern uint32_t countdown;
+extern bool alarm_stopped;
+extern TimerTime_t current_time;
+
+
+void bump_rtc_tick()
+{
+    current_time += 1; /* simulate 1 millisecond per loop */
+    if (countdown > 0 && !alarm_stopped)
+    {
+        countdown--;
+    }
+
+    // printf("current time: %d ms, countdown: %d ms, alarm_stopped: %d\n", current_time, countdown, alarm_stopped);
+
+    if (countdown == 0)
+    {
+        RTC_HandleTypeDef dummy;
+        HAL_RTC_AlarmAEventCallback(&dummy);
+    }
+}

tests/mocks/rtc_mock.h

@@ -0,0 +1,12 @@
+/**
+ * @file rtc_mock.hpp
+ * @author Medad Newman ([email protected])
+ * @brief 
+ * @version 0.1
+ * @date 2022-08-08
+ * 
+ * @copyright Copyright (c) 2022
+ * 
+ */
+
+void bump_rtc_tick();

tests/parser_brute_force.cpp

@@ -0,0 +1,13 @@
+#include <LoRaMacParser.h>
+#include <stddef.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+    LoRaMacMessageData_t message = {
+        .Buffer = (uint8_t*)Data,
+        .BufSize = (uint8_t)Size,
+    };
+    LoRaMacParserData(&message);
+
+    return 0;
+}