dohertj2/lmxopcua
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(client-shared): resolve High code-review findings (Client.Shared-005, Client.Shared-006)

Browse Source 
Client.Shared-005: _activeDataSubscriptions (a plain Dictionary) and the
_activeAlarmSubscription tuple were mutated from the caller thread, the
keep-alive failover path, and DisconnectAsync with no synchronization,
risking bucket corrosion / InvalidOperationException / lost entries.
Added a dedicated _subscriptionLock and wrapped every read/write of that
bookkeeping state inside it (Subscribe/Unsubscribe[Alarms]Async,
Disconnect, Dispose, and the snapshot/clear/re-record steps of
ReplaySubscriptionsAsync). Awaited adapter calls stay outside the lock so
it is never held across I/O.

Client.Shared-006: HandleKeepAliveFailureAsync had only a non-atomic
state check guarding re-entry, so two bad keep-alives could each start a
failover loop, racing to dispose/replace _session and double-replaying
subscriptions. It now claims an atomic _failoverInProgress slot via
Interlocked.CompareExchange; a re-entrant call returns immediately. The
loop body moved to RunFailoverAsync, wrapped in try/finally that resets
the flag.

Tests: added KeepAliveFailure_ReentrantWhileFailoverInFlight_RunsFailoverOnce
and SubscribeAndUnsubscribe_ConcurrentCalls_DoNotCorruptState regression
tests; made the FakeSubscriptionAdapter / FakeSessionAdapter /
FakeSessionFactory test doubles thread-safe (and added a CreateGate hook)
so the concurrency tests exercise production locking rather than fake
state. All 138 Client.Shared tests pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Joseph Doherty
2026-05-22 06:20:40 -04:00
parent 3de688f8d6
commit e221371a0c
6 changed files with 248 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
tests/Client/ZB.MOM.WW.OtOpcUa.Client.Shared.Tests/Fakes/FakeSessionAdapter.cs
View File

@@ -159,10 +159,13 @@ internal sealed class FakeSessionAdapter : ISessionAdapter
/// <inheritdoc />
public Task<ISubscriptionAdapter> CreateSubscriptionAsync(int publishingIntervalMs, CancellationToken ct)
{
var sub = NextSubscription ?? new FakeSubscriptionAdapter();
NextSubscription = null;
_createdSubscriptions.Add(sub);
return Task.FromResult<ISubscriptionAdapter>(sub);
lock (_createdSubscriptions)
{
var sub = NextSubscription ?? new FakeSubscriptionAdapter();
NextSubscription = null;
_createdSubscriptions.Add(sub);
return Task.FromResult<ISubscriptionAdapter>(sub);
}
}
/// <inheritdoc />

13
tests/Client/ZB.MOM.WW.OtOpcUa.Client.Shared.Tests/Fakes/FakeSessionFactory.cs
View File

@@ -12,15 +12,24 @@ internal sealed class FakeSessionFactory : ISessionFactory
public bool ThrowOnCreate { get; set; }
public string? LastEndpointUrl { get; private set; }
/// <summary>
/// Optional gate that, when set, blocks <see cref="CreateSessionAsync" /> until completed.
/// Lets tests hold a failover loop in-flight to exercise re-entrancy.
/// </summary>
public TaskCompletionSource? CreateGate { get; set; }
public IReadOnlyList<FakeSessionAdapter> CreatedSessions => _createdSessions;
public Task<ISessionAdapter> CreateSessionAsync(
public async Task<ISessionAdapter> CreateSessionAsync(
ApplicationConfiguration config, EndpointDescription endpoint, string sessionName,
uint sessionTimeoutMs, UserIdentity identity, CancellationToken ct)
{
CreateCallCount++;
LastEndpointUrl = endpoint.EndpointUrl;
if (CreateGate != null)
await CreateGate.Task;
if (ThrowOnCreate)
throw new InvalidOperationException("FakeSessionFactory configured to fail.");
@@ -39,7 +48,7 @@ internal sealed class FakeSessionFactory : ISessionFactory
// Ensure endpoint URL matches
session.EndpointUrl = endpoint.EndpointUrl;
_createdSessions.Add(session);
return Task.FromResult<ISessionAdapter>(session);
return session;
}
/// <summary>

63
tests/Client/ZB.MOM.WW.OtOpcUa.Client.Shared.Tests/Fakes/FakeSubscriptionAdapter.cs
View File

@@ -12,6 +12,10 @@ internal sealed class FakeSubscriptionAdapter : ISubscriptionAdapter
Dictionary<uint, (NodeId NodeId, Action<string, DataValue>? DataCallback, Action<EventFieldList>? EventCallback
)> _items = new();
// Guards _items so concurrent-subscription tests exercise the production
// locking rather than tripping over the test double's own state.
private readonly object _itemsLock = new();
private uint _nextHandle = 100;
/// <summary>
/// Gets a value indicating whether the fake subscription has been deleted.
@@ -34,7 +38,13 @@ internal sealed class FakeSubscriptionAdapter : ISubscriptionAdapter
/// <summary>
/// Gets the handles of all active items.
/// </summary>
public IReadOnlyCollection<uint> ActiveHandles => _items.Keys.ToList();
public IReadOnlyCollection<uint> ActiveHandles
{
get
{
lock (_itemsLock) return _items.Keys.ToList();
}
}
/// <inheritdoc />
public uint SubscriptionId { get; set; } = 42;
@@ -43,17 +53,24 @@ internal sealed class FakeSubscriptionAdapter : ISubscriptionAdapter
public Task<uint> AddDataChangeMonitoredItemAsync(NodeId nodeId, int samplingIntervalMs,
Action<string, DataValue> onDataChange, CancellationToken ct)
{
AddDataChangeCount++;
var handle = _nextHandle++;
_items[handle] = (nodeId, onDataChange, null);
return Task.FromResult(handle);
lock (_itemsLock)
{
AddDataChangeCount++;
var handle = _nextHandle++;
_items[handle] = (nodeId, onDataChange, null);
return Task.FromResult(handle);
}
}
/// <inheritdoc />
public Task RemoveMonitoredItemAsync(uint clientHandle, CancellationToken ct)
{
RemoveCount++;
_items.Remove(clientHandle);
lock (_itemsLock)
{
RemoveCount++;
_items.Remove(clientHandle);
}
return Task.CompletedTask;
}
@@ -61,10 +78,13 @@ internal sealed class FakeSubscriptionAdapter : ISubscriptionAdapter
public Task<uint> AddEventMonitoredItemAsync(NodeId nodeId, int samplingIntervalMs, EventFilter filter,
Action<EventFieldList> onEvent, CancellationToken ct)
{
AddEventCount++;
var handle = _nextHandle++;
_items[handle] = (nodeId, null, onEvent);
return Task.FromResult(handle);
lock (_itemsLock)
{
AddEventCount++;
var handle = _nextHandle++;
_items[handle] = (nodeId, null, onEvent);
return Task.FromResult(handle);
}
}
/// <inheritdoc />
@@ -80,7 +100,7 @@ internal sealed class FakeSubscriptionAdapter : ISubscriptionAdapter
public Task DeleteAsync(CancellationToken ct)
{
Deleted = true;
_items.Clear();
lock (_itemsLock) _items.Clear();
return Task.CompletedTask;
}
@@ -89,7 +109,7 @@ internal sealed class FakeSubscriptionAdapter : ISubscriptionAdapter
/// </summary>
public void Dispose()
{
_items.Clear();
lock (_itemsLock) _items.Clear();
}
/// <summary>
@@ -97,8 +117,13 @@ internal sealed class FakeSubscriptionAdapter : ISubscriptionAdapter
/// </summary>
public void SimulateDataChange(uint handle, DataValue value)
{
if (_items.TryGetValue(handle, out var item) && item.DataCallback != null)
item.DataCallback(item.NodeId.ToString(), value);
(NodeId NodeId, Action<string, DataValue>? DataCallback, Action<EventFieldList>? EventCallback) item;
lock (_itemsLock)
{
if (!_items.TryGetValue(handle, out item)) return;
}
item.DataCallback?.Invoke(item.NodeId.ToString(), value);
}
/// <summary>
@@ -106,6 +131,12 @@ internal sealed class FakeSubscriptionAdapter : ISubscriptionAdapter
/// </summary>
public void SimulateEvent(uint handle, EventFieldList eventFields)
{
if (_items.TryGetValue(handle, out var item) && item.EventCallback != null) item.EventCallback(eventFields);
(NodeId NodeId, Action<string, DataValue>? DataCallback, Action<EventFieldList>? EventCallback) item;
lock (_itemsLock)
{
if (!_items.TryGetValue(handle, out item)) return;
}
item.EventCallback?.Invoke(eventFields);
}
}