fix(driver-modbus-cli): resolve Low code-review findings (Driver.Modbus.Cli-003,004,005,006,007,008)
- Driver.Modbus.Cli-003: ModbusCommandBase.ValidateEndpoint rejects --port outside 1..65535, non-positive --timeout-ms, and --unit-id outside 1..247. - Driver.Modbus.Cli-004: wrapped SubscribeCommand's OnDataChange handler body in a try/catch (warn-and-swallow) and serialised the console write through a lock. - Driver.Modbus.Cli-005: Probe / Read / Write now catch the cancellation-during-init OperationCanceledException and print 'Cancelled.' instead of dumping a stack trace. - Driver.Modbus.Cli-006: ProbeCommand.ComputeVerdict derives the headline from BOTH the driver state and the probe snapshot's OPC UA quality class so the headline can't disagree with the wire result. - Driver.Modbus.Cli-007: docs/Driver.Modbus.Cli.md carries an explicit 'CLI scope' callout — the address-string grammar is a DriverConfig JSON feature; the CLI takes the structured triple only. - Driver.Modbus.Cli-008: pinned BuildOptions, ValidateEndpoint, the region-validation guards, ComputeVerdict, and the cancellation-during- initialize paths. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Joseph Doherty
@@ -7,7 +7,7 @@
|
||||
| Review date | 2026-05-22 |
|
||||
| Commit reviewed | `76d35d1` |
|
||||
| Status | Reviewed |
|
||||
| Open findings | 6 |
|
||||
| Open findings | 0 |
|
||||
|
||||
## Checklist coverage
|
||||
|
||||
@@ -87,7 +87,7 @@ message explaining coils carry a single bit.
|
||||
| Severity | Low |
|
||||
| Category | Correctness & logic bugs |
|
||||
| Location | `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/ModbusCommandBase.cs:14-24` |
|
||||
| Status | Open |
|
||||
| Status | Resolved |
|
||||
|
||||
**Description:** `Port` (`int`) and `TimeoutMs` (`int`) accept any 32-bit value,
|
||||
including negatives and ports above 65535. `UnitId` is a `byte`, so it accepts
|
||||
@@ -103,7 +103,13 @@ error. None of these are validated at parse time.
|
||||
message — consistent with how `WriteCommand` already rejects bad regions and
|
||||
boolean strings.
|
||||
|
||||
**Resolution:** _(open)_
|
||||
**Resolution:** Resolved 2026-05-23 — added `ModbusCommandBase.ValidateEndpoint()`
|
||||
that throws `CliFx.Exceptions.CommandException` for `--port` outside 1..65535,
|
||||
non-positive `--timeout-ms`, and `--unit-id` outside 1..247 (Modbus spec unicast
|
||||
range — rejects the broadcast 0 and reserved 248-255). Each of `ProbeCommand`,
|
||||
`ReadCommand`, `WriteCommand`, and `SubscribeCommand` now calls it at the top of
|
||||
`ExecuteAsync` after `ConfigureLogging()`. Regression tests live in
|
||||
`ModbusCommandBaseTests` (range + boundary cases for all three knobs).
|
||||
|
||||
|
||||
### Driver.Modbus.Cli-004
|
||||
@@ -113,7 +119,7 @@ boolean strings.
|
||||
| Severity | Low |
|
||||
| Category | Concurrency & thread safety |
|
||||
| Location | `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/Commands/SubscribeCommand.cs:61-67` |
|
||||
| Status | Open |
|
||||
| Status | Resolved |
|
||||
|
||||
**Description:** The `OnDataChange` handler is invoked from the driver's
|
||||
`PollGroupEngine` background thread and calls `console.Output.WriteLine`
|
||||
@@ -127,7 +133,11 @@ any synchronization, so overlapping poll ticks could interleave partial lines.
|
||||
write failures so a transient console-write error cannot tear down the poll loop.
|
||||
A single `lock` around the write also removes the interleave risk.
|
||||
|
||||
**Resolution:** _(open)_
|
||||
**Resolution:** Resolved 2026-05-23 — wrapped the `OnDataChange` handler in
|
||||
`try/catch (Exception)` that logs to Serilog at Warning and swallows the failure
|
||||
so a transient console-write error cannot fault the `PollGroupEngine` background
|
||||
loop. The console write is also serialized through a local `lock` object, removing
|
||||
the partial-line interleave risk when multiple poll ticks overlap.
|
||||
|
||||
### Driver.Modbus.Cli-005
|
||||
|
||||
@@ -136,7 +146,7 @@ A single `lock` around the write also removes the interleave risk.
|
||||
| Severity | Low |
|
||||
| Category | Error handling & resilience |
|
||||
| Location | `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/Commands/ProbeCommand.cs:21-54`; `Commands/ReadCommand.cs:46-75`; `Commands/WriteCommand.cs:54-89` |
|
||||
| Status | Open |
|
||||
| Status | Resolved |
|
||||
|
||||
**Description:** All three commands call `ConfigureLogging()` then
|
||||
`console.RegisterCancellationHandler()`, but if the operator presses Ctrl+C
|
||||
@@ -152,7 +162,14 @@ commands do not catch it around their driver calls.
|
||||
the noisy trace on Ctrl+C-during-connect is acceptable. Consistency with
|
||||
`SubscribeCommand`'s handling is the cleaner choice.
|
||||
|
||||
**Resolution:** _(open)_
|
||||
**Resolution:** Resolved 2026-05-23 — added a
|
||||
`catch (OperationCanceledException) when (ct.IsCancellationRequested)` clause
|
||||
around the driver-call bodies in `ProbeCommand`, `ReadCommand`, and `WriteCommand`
|
||||
that prints `Cancelled.` and falls through to the existing `finally`-block
|
||||
shutdown. Matches `SubscribeCommand`'s existing handling so all four commands now
|
||||
exit quietly on Ctrl+C. Regression tests in `CommandCancellationTests` pre-cancel
|
||||
the CliFx `FakeInMemoryConsole` before calling `ExecuteAsync` and assert no
|
||||
exception escapes.
|
||||
|
||||
### Driver.Modbus.Cli-006
|
||||
|
||||
@@ -161,7 +178,7 @@ the noisy trace on Ctrl+C-during-connect is acceptable. Consistency with
|
||||
| Severity | Low |
|
||||
| Category | Error handling & resilience |
|
||||
| Location | `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/Commands/ProbeCommand.cs:35-53` |
|
||||
| Status | Open |
|
||||
| Status | Resolved |
|
||||
|
||||
**Description:** `probe` reports `Health: {health.State}` from `GetHealth()`.
|
||||
After a successful `InitializeAsync` the driver sets state to `Healthy`
|
||||
@@ -179,7 +196,14 @@ snapshot's `StatusCode` (Good vs Bad) rather than — or in addition to — the
|
||||
`State`, or print a single combined verdict line so the two cannot contradict each
|
||||
other.
|
||||
|
||||
**Resolution:** _(open)_
|
||||
**Resolution:** Resolved 2026-05-23 — `ProbeCommand` now prints a single combined
|
||||
`Verdict:` line above the bare driver-state line; the headline is computed by a
|
||||
new `ProbeCommand.ComputeVerdict(DriverState, statusCode)` helper that combines
|
||||
the driver state with the probe snapshot's OPC UA quality class (top 2 bits of
|
||||
the StatusCode). Verdict is `FAIL` whenever the driver is not Healthy OR the
|
||||
snapshot is Bad, `DEGRADED` when the driver is Healthy but the snapshot is
|
||||
Uncertain, and `OK` only when both are Good. Regression tests in
|
||||
`ProbeCommandTests` pin the verdict-grid behaviour.
|
||||
|
||||
### Driver.Modbus.Cli-007
|
||||
|
||||
@@ -188,7 +212,7 @@ other.
|
||||
| Severity | Low |
|
||||
| Category | Design-document adherence |
|
||||
| Location | `docs/Driver.Modbus.Cli.md:124-156`; `src/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli/Commands/ReadCommand.cs` |
|
||||
| Status | Open |
|
||||
| Status | Resolved |
|
||||
|
||||
**Description:** `docs/Driver.Modbus.Cli.md` devotes a whole "v2 addressing
|
||||
grammar" section to the industry-standard tag-address strings (`40001:F:CDAB`,
|
||||
@@ -205,7 +229,14 @@ driver's address-string parser (and `--family` for the DL205/MELSEC native
|
||||
syntax), or scope the "v2 addressing grammar" section of the doc to note it
|
||||
applies to `DriverConfig` JSON and is not a CLI flag.
|
||||
|
||||
**Resolution:** _(open)_
|
||||
**Resolution:** Resolved 2026-05-23 — chose the doc-scoping fix (an
|
||||
`--address-string` flag is a bigger feature that warrants its own design
|
||||
discussion). Added a "CLI scope" callout to the top of the
|
||||
`docs/Driver.Modbus.Cli.md` "v2 addressing grammar" section stating the CLI
|
||||
accepts only the structured `--region` + `--address` + `--type` triple and that
|
||||
the address-string grammar is a `DriverConfig` JSON feature. The pre-existing
|
||||
closing paragraph already said the same thing; the new callout makes it visible
|
||||
before the grammar examples instead of after them. Code surface left unchanged.
|
||||
|
||||
### Driver.Modbus.Cli-008
|
||||
|
||||
@@ -214,7 +245,7 @@ applies to `DriverConfig` JSON and is not a CLI flag.
|
||||
| Severity | Low |
|
||||
| Category | Testing coverage |
|
||||
| Location | `tests/Drivers/Cli/ZB.MOM.WW.OtOpcUa.Driver.Modbus.Cli.Tests/` |
|
||||
| Status | Open |
|
||||
| Status | Resolved |
|
||||
|
||||
**Description:** The test project covers only the two pure-function seams:
|
||||
`ReadCommand.SynthesiseTagName` and `WriteCommand.ParseValue`. There is no coverage
|
||||
@@ -231,4 +262,19 @@ likely to regress and is currently untested. The validation gaps in findings
|
||||
setters and assert the produced `ModbusDriverOptions`). Once findings 002/003 are
|
||||
fixed, add tests for the new validation paths.
|
||||
|
||||
**Resolution:** _(open)_
|
||||
**Resolution:** Resolved 2026-05-23 — added four new test classes covering the
|
||||
previously untested branch logic:
|
||||
- `ModbusCommandBaseTests` — six tests over `BuildOptions` (probe disabled,
|
||||
`TimeoutMs` → `Timeout` mapping, `AutoReconnect` tracking
|
||||
`--disable-reconnect` in both directions, host/port/unit flow-through, tag
|
||||
pass-through) plus the new `ValidateEndpoint` range-check tests for finding
|
||||
003 (port 1..65535, timeout-ms > 0, unit-id 1..247).
|
||||
- `WriteCommandRegionValidationTests` — read-only region rejection
|
||||
(DiscreteInputs / InputRegisters) and the Coils-non-Bool guard for finding
|
||||
002.
|
||||
- `ProbeCommandTests` — the new `ComputeVerdict` helper for finding 006
|
||||
(OK / DEGRADED / FAIL grid).
|
||||
- `CommandCancellationTests` — Ctrl+C-during-initialize for `ProbeCommand` /
|
||||
`ReadCommand` / `WriteCommand` for finding 005.
|
||||
|
||||
Total test count grew from 18 to 64; all pass.
|
||||
|
||||
Reference in New Issue
Block a user