Add some notes from our fuzzing investigations

aml/src/lib.rs

@@ -15,6 +15,7 @@
 //! ```ignore
 //! let my_aml_value = aml_context.lookup(&AmlName::from_str("\\_SB.PCI0.S08._ADR").unwrap());
 //! ```
+// TODO: add example of invoking a method
 //!
 //! ### About the parser
 //! The parser is written using a set of custom parser combinators - the code can be confusing on
@@ -194,6 +195,7 @@ impl AmlContext {
         }
     }
 
+    // TODO: docs
     pub fn invoke_method(&mut self, path: &AmlName, args: Args) -> Result<AmlValue, AmlError> {
         match self.namespace.get_by_path(path)?.clone() {
             AmlValue::Method { flags, code } => {
@@ -248,6 +250,7 @@ impl AmlContext {
         }
     }
 
+    // TODO: docs
     pub fn initialize_objects(&mut self) -> Result<(), AmlError> {
         use name_object::NameSeg;
         use namespace::NamespaceLevel;
@@ -578,6 +581,7 @@ impl AmlContext {
     }
 }
 
+// TODO: docs
 pub trait Handler {
     fn read_u8(&self, address: usize) -> u8;
     fn read_u16(&self, address: usize) -> u16;

aml/src/namespace.rs

@@ -223,6 +223,9 @@ impl Namespace {
         } else {
             // If search rules don't apply, simply resolve it against the starting scope
             let name = path.resolve(starting_scope)?;
+            // TODO: the fuzzer crashes when path is `\` and the scope is also `\`. This means that name is `\`,
+            // which then trips up get_level_for_path. I don't know where to best solve this: we could check for
+            // specific things that crash `search`, or look for a more general solution.
             let (level, last_seg) = self.get_level_for_path(&path.resolve(starting_scope)?)?;
 
             if let Some(&handle) = level.values.get(&last_seg) {
@@ -363,7 +366,7 @@ impl fmt::Debug for Namespace {
             }
 
             Ok(())
-        };
+        }
 
         print_level(self, f, "\\", &self.root, 0)
     }

aml/src/term_object.rs

@@ -37,6 +37,7 @@ where
     /*
      * TermList := Nothing | <TermObj TermList>
      */
+    // TODO: why does this use still_parsing, instead of just taking the whole thing and parsing it til it's empty?
     move |mut input: &'a [u8], mut context: &'c mut AmlContext| {
         while list_length.still_parsing(input) {
             // TODO: currently, we ignore the value of the expression. We may need to propagate