dohertj2/lmxopcua
1
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

review(Driver.AbLegacy): fix Bit write 1-byte/2-byte encode-decode mismatch (Medium)

Browse Source 
Re-review at 7286d320. -014 (Medium): Bit EncodeValue (no bitIndex) wrote SetInt8 while
DecodeValue read GetInt16 on a 16-bit B-file element, so a false write could round-trip
as true (stale high byte). Fix: SetInt16 + TDD. -015: tests pass CancellationToken.
This commit is contained in:
Joseph Doherty
2026-06-19 11:47:11 -04:00
parent be272d960f
commit 91e2609560
4 changed files with 131 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
code-reviews/Driver.AbLegacy/findings.md
+90 -4
View File
@@ -4,8 +4,8 @@
|---|---|
| Module | `src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.AbLegacy` |
| Reviewer | Claude Code |
| Review date | 2026-05-22 |
| Commit reviewed | `76d35d1` |
| Review date | 2026-06-19 |
| Commit reviewed | `7286d320` |
| Status | Reviewed |
| Open findings | 0 |
@@ -16,7 +16,7 @@ a category produced nothing rather than leaving it blank.
| # | Category | Result |
|---|---|---|
| 1 | Correctness & logic bugs | Driver.AbLegacy-001, Driver.AbLegacy-002, Driver.AbLegacy-003, Driver.AbLegacy-004 |
| 1 | Correctness & logic bugs | Driver.AbLegacy-001, Driver.AbLegacy-002, Driver.AbLegacy-003, Driver.AbLegacy-004, Driver.AbLegacy-014 |
| 2 | OtOpcUa conventions | Driver.AbLegacy-005 |
| 3 | Concurrency & thread safety | Driver.AbLegacy-006, Driver.AbLegacy-007, Driver.AbLegacy-008 |
| 4 | Error handling & resilience | Driver.AbLegacy-009, Driver.AbLegacy-010 |
@@ -24,7 +24,7 @@ a category produced nothing rather than leaving it blank.
| 6 | Performance & resource management | Driver.AbLegacy-011 |
| 7 | Design-document adherence | Driver.AbLegacy-012 |
| 8 | Code organization & conventions | Driver.AbLegacy-013 |
| 9 | Testing coverage | No issues found |
| 9 | Testing coverage | Driver.AbLegacy-015 |
| 10 | Documentation & comments | No issues found |
## Findings
@@ -394,3 +394,89 @@ regression tests in `AbLegacyDisposeAndResolveHostTests` pin each branch of the
the PCCC-file-as-array gap, notes the consistency with the PR-staged scope in
`docs/v2/driver-specs.md`, and points to the Modbus `ArrayCount` flow as the pattern
to mirror when multi-element addressing lands.
---
## Re-review 2026-06-19 (commit 7286d320)
New code since 76d35d1 adds: multi-element PCCC file (array) read support
(`DecodeArray`, `ElementCount` in `AbLegacyTagCreateParams`), equipment-tag reference
resolution via `EquipmentTagRefResolver<AbLegacyTagDefinition>` + `AbLegacyEquipmentTagParser`,
B/I/O-file bit RMW (`WriteBitInWordAsync` extended), the `AbLegacyDriverProbe`
Test-Connect (two-phase TCP + libplctag PCCC session), extraction of
`AbLegacyDriverOptions` / `AbLegacyDataType` / `AbLegacyPlcFamilyProfile` into a
`.Contracts` project, and the `AbLegacyDriverFactoryExtensions` factory. All 13
prior findings confirmed Resolved. Two new findings recorded (Driver.AbLegacy-014,
-015).
#### Re-review checklist
| # | Category | Result |
|---|---|---|
| 1 | Correctness & logic bugs | Driver.AbLegacy-014 |
| 2 | OtOpcUa conventions | No issues found |
| 3 | Concurrency & thread safety | No issues found |
| 4 | Error handling & resilience | No issues found |
| 5 | Security | No issues found |
| 6 | Performance & resource management | No issues found |
| 7 | Design-document adherence | No issues found |
| 8 | Code organization & conventions | No issues found |
| 9 | Testing coverage | Driver.AbLegacy-015 |
| 10 | Documentation & comments | No issues found |
### Driver.AbLegacy-014
| Field | Value |
|---|---|
| Severity | Medium |
| Category | Correctness & logic bugs |
| Location | `LibplctagLegacyTagRuntime.cs:145` |
| Status | Resolved |
**Description:** The fix for Driver.AbLegacy-004 corrected the *decode* path for a
`Bit`-typed tag with no bit-index suffix (`DecodeValue` now calls `GetInt16(0) & 1`
instead of `GetInt8(0)`), but the symmetric *encode* path was not updated:
`EncodeValue` for `Bit` with `bitIndex == null` still calls
`_tag.SetInt8(0, (sbyte)0/1)`. A PCCC B-file element is a 16-bit word; `SetInt8`
writes only the low byte (8 bits), leaving bits 815 of the tag buffer unchanged from
the previous read. On a round-trip, `DecodeValue` reads the full 16-bit word via
`GetInt16(0)`, so the high byte that `SetInt8` did not overwrite contributes to the
decoded value. In the worst case, writing `false` (`SetInt8(0, 0)`) clears byte 0 but
leaves byte 1 intact, so `GetInt16(0)` may decode a non-zero value and the node
reports `true` after a `false` write. The encode and decode paths are asymmetric.
**Recommendation:** Replace `_tag.SetInt8(0, …)` with `_tag.SetInt16(0, …)` so the
encode writes the full 16-bit word, matching the 16-bit decode. This makes `SetInt16(0, 1)`
and `GetInt16(0) & 1` a symmetric pair.
**Resolution:** Resolved 2026-06-19 — `EncodeValue` for `Bit` with no `bitIndex` changed
from `SetInt8(0, …)` to `SetInt16(0, (short)0/(short)1)`, making the encode symmetric
with `DecodeValue`'s `GetInt16(0) & 1` decode. A regression test
`Bit_tag_without_suffix_writes_via_EncodeValue_not_RMW` in `AbLegacyReadWriteTests`
pins the encode routing (no parent-word runtime created, tag's own runtime receives
the write) and that `EncodeValue` is called with the correct value.
### Driver.AbLegacy-015
| Field | Value |
|---|---|
| Severity | Low |
| Category | Testing coverage |
| Location | `AbLegacyCapabilityTests.cs:92`, `AbLegacyCapabilityTests.cs:174` |
| Status | Resolved |
**Description:** Two `Task.Delay` calls in `AbLegacyCapabilityTests` use
`CancellationToken.None` (implicit, no argument) rather than
`TestContext.Current.CancellationToken`, triggering xUnit1051 analyzer warnings
("Calls to methods which accept CancellationToken should use
TestContext.Current.CancellationToken to allow test cancellation to be more
responsive"). Under test-runner cancellation (timeout or `dotnet test --cancel`) the
300 ms and 200 ms delays in `Unsubscribe_halts_polling` and
`Probe_disabled_when_ProbeAddress_is_null` would run to completion instead of
aborting immediately, making the test suite slower to cancel.
**Recommendation:** Pass `TestContext.Current.CancellationToken` to both `Task.Delay`
calls.
**Resolution:** Resolved 2026-06-19 — both `Task.Delay` calls updated to pass
`TestContext.Current.CancellationToken`; xUnit1051 warnings no longer emitted.
src/Drivers/ZB.MOM.WW.OtOpcUa.Driver.AbLegacy/LibplctagLegacyTagRuntime.cs
+5 -1
View File
@@ -142,7 +142,11 @@ internal sealed class LibplctagLegacyTagRuntime : IAbLegacyTagRuntime
// silently clobbering the whole word.
throw new NotSupportedException(
"Bit-with-bitIndex writes must go through AbLegacyDriver.WriteBitInWordAsync.");
_tag.SetInt8(0, Convert.ToBoolean(value) ? (sbyte)1 : (sbyte)0);
// Driver.AbLegacy-014 — use SetInt16 to match DecodeValue's GetInt16(0) decode.
// A PCCC B-file element is a 16-bit word; SetInt8 only writes 1 byte, leaving
// bits 8-15 from the previous read in the tag buffer and creating a
// decode/encode asymmetry. SetInt16(0, 0/1) writes the full 16-bit word.
_tag.SetInt16(0, Convert.ToBoolean(value) ? (short)1 : (short)0);
break;
case AbLegacyDataType.Int:
case AbLegacyDataType.AnalogInt:
tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.AbLegacy.Tests/AbLegacyCapabilityTests.cs
+2 -2
View File
@@ -89,7 +89,7 @@ public sealed class AbLegacyCapabilityTests
var afterUnsub = events.Count;
tagRef.Value = 999;
await Task.Delay(300);
await Task.Delay(300, TestContext.Current.CancellationToken);
events.Count.ShouldBe(afterUnsub);
}
@@ -171,7 +171,7 @@ public sealed class AbLegacyCapabilityTests
Probe = new AbLegacyProbeOptions { Enabled = true, ProbeAddress = null },
}, "drv-1");
await drv.InitializeAsync("{}", CancellationToken.None);
await Task.Delay(200);
await Task.Delay(200, TestContext.Current.CancellationToken);
drv.GetHostStatuses().Single().State.ShouldBe(HostState.Unknown);
await drv.ShutdownAsync(CancellationToken.None);
tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.AbLegacy.Tests/AbLegacyReadWriteTests.cs
+34
View File
@@ -189,6 +189,40 @@ public sealed class AbLegacyReadWriteTests
results.Single().StatusCode.ShouldBe(AbLegacyStatusMapper.Good);
}
/// <summary>
/// Driver.AbLegacy-014 — a Bit-typed tag with no bit suffix (e.g. B3:0, DataType=Bit)
/// takes the EncodeValue(Bit, bitIndex:null, …) path (not RMW). The encode must be
/// symmetric with the DecodeValue path, which reads the full 16-bit word via GetInt16.
/// Through the fake factory this verifies the driver dispatches through EncodeValue with
/// the right arguments; the SetInt16/SetInt8 delta is exercised against a live PLC.
/// </summary>
[Fact]
public async Task Bit_tag_without_suffix_writes_via_EncodeValue_not_RMW()
{
// A Bit-typed tag with NO /N bit suffix — bitIndex is null, so write must NOT
// route through WriteBitInWordAsync (which requires bitIndex). Instead it goes
// through EncodeValue(Bit, null, value) on the tag's own runtime, not a parent runtime.
var factory = new FakeAbLegacyTagFactory();
var drv = new AbLegacyDriver(new AbLegacyDriverOptions
{
Devices = [new AbLegacyDeviceOptions("ab://10.0.0.5/1,0")],
Tags = [new AbLegacyTagDefinition("Flag", "ab://10.0.0.5/1,0", "B3:0", AbLegacyDataType.Bit)],
Probe = new AbLegacyProbeOptions { Enabled = false },
}, "drv-1", factory);
await drv.InitializeAsync("{}", CancellationToken.None);
var results = await drv.WriteAsync(
[new WriteRequest("Flag", true)], CancellationToken.None);
// Must succeed (Good) and route through the tag's own runtime, NOT a parent runtime.
results.Single().StatusCode.ShouldBe(AbLegacyStatusMapper.Good);
factory.Tags.ShouldContainKey("B3:0");
factory.Tags.ShouldNotContainKey("B3"); // no parent-word runtime created
factory.Tags["B3:0"].WriteCount.ShouldBe(1);
// FakeAbLegacyTag.EncodeValue stores the raw value; verify it received true.
factory.Tags["B3:0"].Value.ShouldBe(true);
}
/// <summary>Verifies that write exceptions surface as BadCommunicationError.</summary>
[Fact]
public async Task Write_exception_surfaces_BadCommunicationError()