-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix #387, Update minor out-of-family naming/consistency issues in CF #388
Fix #387, Update minor out-of-family naming/consistency issues in CF #388
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CodeQL found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To safely remove the assignment to the status
variable and maintain functional behavior, CFE_SUCCESS must be guaranteed at cf_app.c line 255. Is it?
Rationale given for removing the update of the status
at that line is:
"this is very out-of-family for cFS and also inconsistent - CF does not check the return value of any other calls to CFE_EVS_SendEvent()"
However, examples of this check exist at:
https://github.com/nasa/HK/blob/406ec64b6428131230f2c9dac4f2f32452e04c7e/fsw/src/hk_app.c#L207
https://github.com/nasa/SCH/blob/dbaf51ebbcffe1177997880d0f555c7d489217f5/fsw/src/sch_app.c#L345
@@ -248,13 +252,8 @@ CFE_Status_t CF_Init(void) | |||
|
|||
if (status == CFE_SUCCESS) | |||
{ | |||
status = |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@thnkslprpt Would you please expand on why the status init is removed here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes correct - of the 10 main apps only HK and CF currently check the return of the CFE_EVS_SendEvent()
reporting successful initialization. MD assigns it to the Result
variable but does not report on failure. In cFE, only the SB module checks the return of this call to CFE_EVS_SendEvent()
, all of the other modules do not do so.
In general, out of several thousand invocations of CFE_EVS_SendEvent()
across cFS, its return value is only checked a handful of times. In CF specifically, there are 141 calls to CFE_EVS_SendEvent()
(just in flight code) and this is the only place that the return value is assigned/checked.
If an app is already confirmed to be successfully registered with EVS (as is the case here), it's almost inconceivable that the call to CFE_EVS_SendEvent()
will fail.
It seems undesirable for an app to exit (through failure of the init routine, and then setting RunStatus
to CFE_ES_RunStatus_APP_ERROR
) just because the event/notification of successful initialization failed for some reason (again, highly improbable if already confirmed registered with EVS).
This change is not essential (it can be left as it is) it's more just for the sake of consistency (almost all apps and cFE modules just call CFE_EVS_SendEvent()
to report successful initialization, without checking its return value or assigning it to their Status
/Result
variables).
For length check and command handling inconsistencies, hopefully nasa/cFE#2038 will eventually resolve this across all of cFS. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Concur with changes and justification for check return value omission is appreciated. Although, as discussed at the 6/22/2023 cFS community board, cFS is a community-built product with many developers who worked different apps and so it may be unwise to always use justification of consistency to make all the submodules/apps of cFS behave the same.
7aa196a
to
6a7d0be
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
CodeQL-coding-standard found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.
6a7d0be
to
a19fb2c
Compare
454f902
to
69277a8
Compare
@chillfig Justin - slight change since your approval due to a merge conflict resolution. There are now 2 separate EIDs for the different pipe creation error locations: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like this changeset, but it overlaps with other recent PRs. We should rebase it, but only after the other pending items.
b505df0
to
716b89d
Compare
msg = NULL; | ||
|
||
while (CFE_ES_RunLoop(&CF_AppData.run_status)) | ||
while (CFE_ES_RunLoop(&CF_AppData.RunStatus)) |
Check warning
Code scanning / CodeQL
Side effect in a Boolean expression Warning
@@ -513,7 +513,7 @@ | |||
*-----------------------------------------------------------------*/ | |||
void CF_AbandonCmd(const CF_AbandonCmd_t *msg) | |||
{ | |||
if (CF_TsnChanAction(&msg->Payload, "abandon", CF_CmdAbandon_Txn, NULL) > 0) | |||
if (CF_TsnChanAction(&msg->Payload, "abandon", CF_Abandon_TxnCmd, NULL) > 0) |
Check warning
Code scanning / CodeQL-coding-standard
Side effect in a Boolean expression
@@ -480,7 +480,7 @@ | |||
*-----------------------------------------------------------------*/ | |||
void CF_CancelCmd(const CF_CancelCmd_t *msg) | |||
{ | |||
if (CF_TsnChanAction(&msg->Payload, "cancel", CF_CmdCancel_Txn, NULL) > 0) | |||
if (CF_TsnChanAction(&msg->Payload, "cancel", CF_Cancel_TxnCmd, NULL) > 0) |
Check warning
Code scanning / CodeQL-coding-standard
Side effect in a Boolean expression
b3d8a4f
to
2cbc05b
Compare
No worries Joe @jphickey - I'll try to keep it up-to-date. Feel free to merge it whenever it suits. |
2cbc05b
to
f2d7e54
Compare
f2d7e54
to
bdabfd7
Compare
88fa0fe
to
e441c8e
Compare
|
||
/* first, verify command length */ | ||
if (len == expected_lengths[cmd]) | ||
{ | ||
/* if valid, process command */ | ||
if (fns[cmd]) | ||
{ | ||
fns[cmd](msg); | ||
fns[cmd](BufPtr); |
Check notice
Code scanning / CodeQL
Use of non-constant function pointer Note
@@ -61,7 +61,7 @@ | |||
* See description in cf_cmd.h for argument/return detail | |||
* | |||
*-----------------------------------------------------------------*/ | |||
CFE_Status_t CF_ResetCmd(const CF_ResetCmd_t *msg) | |||
CFE_Status_t CF_ResetCountersCmd(const CF_ResetCountersCmd_t *msg) |
Check notice
Code scanning / CodeQL
Function too long Note
@@ -39,13 +39,13 @@ | |||
* See description in cf_cmd.h for argument/return detail | |||
* | |||
*-----------------------------------------------------------------*/ | |||
void CF_ProcessGroundCommand(const CFE_SB_Buffer_t *msg) | |||
void CF_ProcessGroundCommand(const CFE_SB_Buffer_t *BufPtr) |
Check notice
Code scanning / CodeQL
Function too long Note
@@ -61,7 +61,7 @@ | |||
* See description in cf_cmd.h for argument/return detail | |||
* | |||
*-----------------------------------------------------------------*/ | |||
CFE_Status_t CF_ResetCmd(const CF_ResetCmd_t *msg) | |||
CFE_Status_t CF_ResetCountersCmd(const CF_ResetCountersCmd_t *msg) |
Check notice
Code scanning / CodeQL
Long function without assertion Note
@@ -39,13 +39,13 @@ | |||
* See description in cf_cmd.h for argument/return detail | |||
* | |||
*-----------------------------------------------------------------*/ | |||
void CF_ProcessGroundCommand(const CFE_SB_Buffer_t *msg) | |||
void CF_ProcessGroundCommand(const CFE_SB_Buffer_t *BufPtr) |
Check notice
Code scanning / CodeQL
Long function without assertion Note
@@ -129,30 +129,30 @@ | |||
* See description in cf_app.h for argument/return detail | |||
* | |||
*-----------------------------------------------------------------*/ | |||
void CF_AppPipe(const CFE_SB_Buffer_t *msg) | |||
void CF_AppPipe(const CFE_SB_Buffer_t *BufPtr) |
Check notice
Code scanning / CodeQL
Long function without assertion Note
@@ -186,13 +186,16 @@ | |||
* See description in cf_app.h for argument/return detail | |||
* | |||
*-----------------------------------------------------------------*/ | |||
CFE_Status_t CF_Init(void) | |||
CFE_Status_t CF_AppInit(void) |
Check notice
Code scanning / CodeQL
Long function without assertion Note
e441c8e
to
9a01790
Compare
9a01790
to
191c62f
Compare
191c62f
to
5b54245
Compare
@@ -536,7 +536,7 @@ | |||
*-----------------------------------------------------------------*/ | |||
CFE_Status_t CF_AbandonCmd(const CF_AbandonCmd_t *msg) | |||
{ | |||
if (CF_TsnChanAction(&msg->Payload, "abandon", CF_CmdAbandon_Txn, NULL) > 0) | |||
if (CF_TsnChanAction(&msg->Payload, "abandon", CF_Abandon_TxnCmd, NULL) > 0) |
Check warning
Code scanning / CodeQL
Side effect in a Boolean expression Warning
@@ -501,7 +501,7 @@ | |||
*-----------------------------------------------------------------*/ | |||
CFE_Status_t CF_CancelCmd(const CF_CancelCmd_t *msg) | |||
{ | |||
if (CF_TsnChanAction(&msg->Payload, "cancel", CF_CmdCancel_Txn, NULL) > 0) | |||
if (CF_TsnChanAction(&msg->Payload, "cancel", CF_Cancel_TxnCmd, NULL) > 0) |
Check warning
Code scanning / CodeQL
Side effect in a Boolean expression Warning
Hi @thnkslprpt, apologies about the delay with this PR. I'd like to get it into the next round of PR reviews. Would you be able to resolve the merge conflict/unit test workflow failure? |
4710faa
to
e1cc63c
Compare
e1cc63c
to
f928452
Compare
I think it's good to go now @dzbaker |
Checklist
Describe the contribution
CreatePipe()
failure during initialization (and created a new matching EID:CF_CR_PIPE_ERR_EID
) + clarified different EIDs for pipe creation errors during initialization of the app, and separate EID for errors during CF Channel pipe creation (CF_CR_CHANNEL_PIPE_ERR_EID
).CF_HkCmd()
: UseCFE_SB_TimeStampMsg()
instead ofCFE_MSG_SetMsgTime()
and use theCFE_MSG_PTR
conversion macro - CF was the only app remaining to useCFE_MSG_SetMsgTime()
memset
at the beginning of the initialization routine to zero-out the global data structure (defensive programming, and for consistency - almost all of the cFS modules/apps do this)CFE_EVS_SendEvent()
reporting initialization success - this is very out-of-family for cFS and also inconsistent - CF does not check the return value of any other calls toCFE_EVS_SendEvent()
CF_AppMain()
after successful call toCFE_SB_ReceiveBuffer()
- out-of-family with cFS and also redundant (CFE_SB_ReceiveBuffer()
with a successful return guarantees the returned pointer to be non-NULL
)Minor changes:
CF_CmdAbandon_Txn()
noted incorrect parameter cannot beNULL
- corrected thistlm_header
toTelemetryHeader
run_status
toRunStatus
cmd_pipe
toCmdPipe
CFE_SB_Buffer_t
types) frommsg
toBufPtr
msg_id
toMessageID
CF_CmdNoop()
changed toCF_NoopCmd()
)CF_CmdReset()
toCF_ResetCountersCmd()
- more clear and specific, and in line with vast majority of cFS incl. cFE (also amended the matching typeCF_ResetCmd_t
toCF_ResetCountersCmd_t
)CF_Init()
toCF_AppInit()
#include
s - cf_verify.h in cf_clist.c andNote: CF does not verify length for non-command MIDs received in the app pipe (
CF_WAKE_UP_MID
andCF_SEND_HK_MID
) - it would be worthwhile to rectify this at some point.cFE and the other apps are generally inconsistent on this - some don't check non-command MIDs, some use a single VerifyLength function to check all MIDs arriving, some use separate VerifyLength functions for command and non-command MIDs...
Testing performed
GitHub CI actions all passing successfully (incl. Build + Run, Unit/Functional Tests etc.).
Expected behavior changes
Minor changes as noted above, no significant changes to behavior.
Aligning aberrant naming to the predominant patterns in cFS improves usability and eases future maintenance.
Contributor Info
Avi Weiss @thnkslprpt