Allow unique prefix matches for elements and attributes specified in
directly in CYCLONEDDS_URI. That mode already has a few niceties for
quickly specifying some configuration overrides, this is simply one
more.
Signed-off-by: Erik Boasson <eb@ilities.com>
The ``docs/makernc.pl`` perl script can extract the options from the
source code for the configuration processing and turn these into a
GitHub MarkDown document and a RELAX NG Compact form (RNC) description
of the options. Standard conversion tools can be used to turn the RNC
file into an XSD.
Although they are generated by a mechanical transformation, it is not
(yet) part of the build process, in no small part because there no
proper generation and publishing system has yet been set up for the
documentation.
Now that there is an XSD and a Markdown file for discovering the
options, there is no need to retain the configuration editing tool. Any
decent editor will do a better job.
Signed-off-by: Erik Boasson <eb@ilities.com>
From a distant past came code to encrypt data on the wire, but it hasn't
been functional in Cyclone for a long time and it only ever provided
protection against casual eavesdroppers. It is better to delete it.
Signed-off-by: Erik Boasson <eb@ilities.com>
* macOS < 10.13: skip log tests for want of fmemopen
There is a dependency on fmemopen in the tests for the logging
functions, which macOS introduced only in version 10.13. There should
be no other obstacle to building/running/testing on older versions of
macOS. This commit does the pragmatic thing: remove the dependency and
turns the tests into no-ops in this one case.
Signed-off-by: Erik Boasson <eb@ilities.com>
* Fix macOS clock_gettime_nsec_np availability test
Signed-off-by: Erik Boasson <eb@ilities.com>
* GUID, keyhash compare (currently no reliance on this comparison, so
not causing trouble in Cyclone for applications)
* comparing "propagate" boolean in plist (newly added for security,
not yet used)
* fix memory leak in plist_unalias (currently only used in duplicating
them, in which case the memory leak doesn't occur)
* add unit tests for plist handling
Signed-off-by: Erik Boasson <eb@ilities.com>
* Fix type of num reliable readers (int to int32_t)
* Conversion codes in debug monitor printf formats
* Dead code elimination
* Skipping a test case where SIZE_MAX is assumed > INT32_MAX if
assumption is false on target platform
* Error handling in os_sockWaitsetNew
* Stick to unsigned in fragment size calculations
This check is actually guarded by valid_DataFrag and was safe for
datagrams up to 2GB, but the unintended and implicit conversion to is
still best eliminated.
* A "server" connection never has an invalid socket in TCP wrapper
* Handle error return from gethostname in SPDP write (CID 248183)
* Handle extended retcodes in dds_strretcode
CID 248131, introduced by 19aec98b8a
* Remove dead code in ddsrt logging test (CID 248195)
* Validate command-line argument in process test (CID 248117)
* Allow for extremely delayed store in test
Test is constructed to have the events trigger only at the appropriate
times, but it does assume that the store to cb_called becomes visible
prior to the listener callback. I'm pretty sure that will always be
the case in practice, but I'm also pretty sure there is no formal
guarantee without a memory barrier, which mutex_unlock provides.
CID 248088, 248136, 248177, 253590, 253591, 253593
* Check unsetenv return value in test (CID 248099)
Signed-off-by: Erik Boasson <eb@ilities.com>
Initialisation of ddsrt layer uses a hand-rolled CAS/sleep device not
unlike a spin lock. This so initialisation doesn't depend on, e.g.,
ddsrt_once.
Checking or changing thread states between "awake" and "asleep" can end
up in ddsrt_init if the thread is unknown at the time of the call.
Once really only ends up in those cases when the library is initialised
already, in which case no sleeping occurs.
In any case, the sleep is just a friendly yielding of the CPU. Coverity
will still see the loop, just not the sleep.
Signed-off-by: Erik Boasson <eb@ilities.com>
In the case of when a DATA_ON_READERS listener is set, but with the
corresponding status mask is set to suppress the event, the reader lock
would not be in locked, resulting in a unlocked access of status flags
and a double unlock.
Signed-off-by: Erik Boasson <eb@ilities.com>
For targets that do not support ddsrt_setenv and ddsrt_getenv, an alternative
method is needed to supply an application specific configuration. One way to
implement this, is to add a function for creating a domain with a string
arguments, which needs to be called before any call to dds_create_participant
for given domain identifier.
The function dds_create_domain has been added, which has as arguments a domain
identifier and a configuration string. The string is treated in the same way
as the string that is retrieved from the environment variable, in that it may
containt a comma separated list of file names and/or XML fragments for the
configuration.
Two tests have been added. One limits the number of participants to two and
verifies that creating a third participant fails. The other tests checks
incorrect calls to dds_create_domain.
An assert in dds_handle_delete has been weakened.
Signed-off-by: Frans Faase <frans.faase@adlinktech.com>
Those fail with a small probability, but it is still annoying. The code
has been vetted and tested; and by disabling the test only when run in
the CI infrastructure, anyone changing the code would still have the
test run locally.
Signed-off-by: Erik Boasson <eb@ilities.com>
Rare intermittent failure appears to be timing. Increasing the timeout
doesn't affect the duration of a successful run and will still signal an
missing trigger.
Signed-off-by: Erik Boasson <eb@ilities.com>
Deleting participant does: add to "deleted participants", remove from
GUID hash table; so SPDP processing must first check for an existing
participant and check deleted participants if nothing found.
Signed-off-by: Erik Boasson <eb@ilities.com>
So dds_read/dds_take should pass it the address of the first pointer,
rather than the first pointer itself, or the freeing of memory allocated
for samples because of an outstanding loan will crash. Add a test that
reliable detects this case when no other participants are around.
Signed-off-by: Erik Boasson <eb@ilities.com>
Deleting entities concurrently with operating on them or creating child
entities should work properly, even if it is essentially abuse. This
commit fixes (most?) of them, with exception of some nastiness when
deleting the last entity, and thus deinitialising the library, in
parallel to attempting to operate on a (by definition invalid) handle.
* Interrupting a blocked operation at the beginning of "delete" is now a
separate operation. E.g., a wait call on a waitset must be interrupted,
but the data structures can't be touched yet because other threads may
be doing an attach/detach in parallel.
* DDSI writer can now be switched to an intermediate state,
"INTERRUPTED", to indicate that it should unblock any waiting threads
and refuse to transmit any further data, but without actually
embarking on the path of deleting data structures.
* The extra "pinning" of readers and writers is now gone, they remain
fully functional until the no other threads can still access the
entity.
* Future listener invocations are prevented as part of deleting the
entity, but now it also guarantees the application can no longer
re-enable them. It furthermore waits until there are no further
current or pending listener invocations, rather than simply no current
ones.
* The internal state of the waitset now has its own lock, otherwise
attaching the parent entity of the waitset can require locking the
waitset after having locking the parent, which violates locking order.
* Handles are created in a pending state, where they are not included in
a dds_get_children operation and refuse to be pinned. This makes it
possible (in a future commit) to undo deletion of complex entities.
* There is a test (ddsc_waitset_torture) that exercises some of these
corner cases.
Signed-off-by: Erik Boasson <eb@ilities.com>
This fixes a possible deadlock when detaching an entity at the same time
it is triggering: a triggering entity holds its m_observers_lock while
trying to acquire waiset::m_mutex, and so attach and detach must not do
the opposite. The deadlock had excellent reproducibility in a seemingly
unrelated ROS2 application; this changes fixes it.
Signed-off-by: Erik Boasson <eb@ilities.com>
The default RHC implementation is not always ideal and rather than
trying to squeeze everything in a fixed interface it makes more sense to
allow the caller to provide an arbitrary implementation of the
interface.
This is not yet a stable interface.
Signed-off-by: Erik Boasson <eb@ilities.com>
This makes it possible to write one's own RHC implementation. This is
not a stable interface. It shuffles a few things around and renames
some types used throughout the code to stick to having a "dds" prefix
for all the external things.
Signed-off-by: Erik Boasson <eb@ilities.com>
All functions creating an entity pin the parent, which guarantees that
the CLOSED is not set yet, but as setting it occurs within the mutex, it
may be set by the time the parent has been locked. One should not try
to add a child entity at that point, so check it again.
Signed-off-by: Erik Boasson <eb@ilities.com>
Leak a small amount of memory when there are still application threads
around, that's slightly less problematic than the old code. It really
needs an overhaul.
Signed-off-by: Erik Boasson <eb@ilities.com>
Require that all entities attached to waitset are in the same
participant (if the waitset's parent is a participant) or in the same
domain (if the waitset's parent is a domain). There used to be no check
on this, but it always seemed unhygenic and now that domains and the
entire library instantiation can be used as parents, it seems much
better to enforce this scoping rule.
Signed-off-by: Erik Boasson <eb@ilities.com>
This commit adds two entity types: a "domain", which is the parent of
participants and which is instantiated for each domain that has at least
one participant in it; and "cyclonedds", which is a representation of
the (initialized) Cyclone DDS library in the process and that is the
parent of all domain entities. The handle of the latter is a
compile-constant, DDS_CYCLONEDDS_HANDLE.
This changes the return value from dds_get_parent when executed on a
participant: it now returns the handle of the entity representing the
domain the participant is attached to. Two participants in the same
domain self-evidently return the same domain entity.
This allows deleting all participants in a domain by calling dds_delete
on the domain entity, or tearing down everything and deinitializing the
library by calling dds_delete on the top-level entity.
Signed-off-by: Erik Boasson <eb@ilities.com>
Things go really badly wrong when topics from one participant are used
to create a reader/writer in another participant. This returns an error
if they are not.
Signed-off-by: Erik Boasson <eb@ilities.com>
