dohertj2/mxaccessgw
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
54325343bd56323f9bbed21cbbfc2f66ecae3398
mxaccessgw/src/MxGateway.Worker.Tests/MxAccess/MxAccessStaSessionTests.cs
T
Joseph Doherty 54325343bd Resolve Worker-004, -005, -006, -007, -008 code-review findings 
Worker-004: post-watchdog-fault heartbeats reported a non-faulted state.
ReportWatchdogFaultIfNeededAsync now sets _state = Faulted before writing
the StaHung fault.

Worker-005 (re-triaged): the cited OnPoll site was removed by Worker-001;
the real silent-failure bug was in MxAccessStaSession.RunAlarmPollLoopAsync,
which caught only graceful-stop exceptions. A failing PollOnce now records a
WorkerFault on the event queue instead of vanishing on a non-awaited task.

Worker-006: RunAsync's finally skipped runtime disposal when shutdown timed
out, leaking the STA thread and COM object. It now always disposes
(MxAccessStaSession.Dispose is idempotent and bounded).

Worker-007 (re-triaged): replaced MxAccessComServer's Type.InvokeMember
reflection fallback with an IMxAccessServer fast path plus typed
ILMXProxyServer* casts; a non-conforming object now fails fast.

Worker-008: alarm consumer STA affinity was unenforced. MxAccessStaSession
records the alarm consumer's STA thread id and asserts every PollOnce runs
on it via a unit-testable guard.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-18 21:31:23 -04:00

487 lines
18 KiB
C#
Raw Blame History

using System;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Threading;
using System.Threading.Tasks;
using MxGateway.Contracts.Proto;
using MxGateway.Worker.MxAccess;
using MxGateway.Worker.Sta;
namespace MxGateway.Worker.Tests.MxAccess;
/// <summary>
/// Tests for <see cref="MxAccessStaSession"/>.
/// </summary>
public sealed class MxAccessStaSessionTests
{
/// <summary>
/// Verifies that StartAsync creates the MXAccess COM object and attaches the event sink on the STA thread.
/// </summary>
[Fact]
public async Task StartAsync_CreatesComObjectAndAttachesEventSinkOnStaThread()
{
FakeMxAccessComObjectFactory factory = new();
FakeMxAccessEventSink eventSink = new();
using StaRuntime runtime = CreateRuntime();
using MxAccessStaSession session = new(runtime, factory, eventSink);
WorkerReady ready = await session.StartAsync("session-1", workerProcessId: 1234);
Assert.Equal(1234, ready.WorkerProcessId);
Assert.Equal(MxAccessInteropInfo.ProgId, ready.MxaccessProgid);
Assert.Equal(MxAccessInteropInfo.Clsid, ready.MxaccessClsid);
Assert.NotNull(ready.ReadyTimestamp);
Assert.Equal(runtime.StaThreadId, factory.CreateThreadId);
Assert.Equal(runtime.StaThreadId, eventSink.AttachThreadId);
Assert.Equal(ApartmentState.STA, factory.CreateApartmentState);
Assert.Same(factory.CreatedObject, eventSink.AttachedObject);
Assert.Equal("session-1", eventSink.SessionId);
}
/// <summary>
/// Verifies that StartAsync maps creation exceptions with HResult when the factory fails.
/// </summary>
[Fact]
public async Task StartAsync_WhenFactoryFails_MapsCreationExceptionWithHResult()
{
const int hresult = unchecked((int)0x80040154);
FakeMxAccessComObjectFactory factory = new(new COMException("Class not registered.", hresult));
FakeMxAccessEventSink eventSink = new();
using StaRuntime runtime = CreateRuntime();
using MxAccessStaSession session = new(runtime, factory, eventSink);
MxAccessCreationException exception = await Assert.ThrowsAsync<MxAccessCreationException>(
() => session.StartAsync(workerProcessId: 1234));
Assert.Equal(hresult, exception.CapturedHResult);
Assert.Equal(MxAccessInteropInfo.ProgId, exception.AttemptedProgId);
Assert.Equal(MxAccessInteropInfo.Clsid, exception.AttemptedClsid);
Assert.Null(eventSink.AttachedObject);
}
/// <summary>
/// Verifies that Dispose detaches the event sink on the STA thread.
/// </summary>
[Fact]
public async Task Dispose_DetachesEventSinkOnStaThread()
{
FakeMxAccessComObjectFactory factory = new();
FakeMxAccessEventSink eventSink = new();
using StaRuntime runtime = CreateRuntime();
MxAccessStaSession session = new(runtime, factory, eventSink);
await session.StartAsync(workerProcessId: 1234);
session.Dispose();
Assert.Equal(runtime.StaThreadId, eventSink.DetachThreadId);
}
private static StaRuntime CreateRuntime()
{
return new StaRuntime(
new NoopComApartmentInitializer(),
new StaMessagePump(),
TimeSpan.FromMilliseconds(25));
}
/// <summary>
/// Fake MXAccess COM object factory for testing.
/// </summary>
private sealed class FakeMxAccessComObjectFactory : IMxAccessComObjectFactory
{
private readonly Exception? exception;
/// <summary>
/// Initializes a fake factory that optionally throws an exception.
/// </summary>
/// <param name="exception">Exception to throw when Create is called; null to succeed.</param>
public FakeMxAccessComObjectFactory(Exception? exception = null)
{
this.exception = exception;
}
/// <summary>
/// Gets the COM object created by this factory.
/// </summary>
public object CreatedObject { get; } = new();
/// <summary>
/// Gets the managed thread ID when Create was called.
/// </summary>
public int? CreateThreadId { get; private set; }
/// <summary>
/// Gets the apartment state when Create was called.
/// </summary>
public ApartmentState? CreateApartmentState { get; private set; }
/// <summary>
/// Creates the COM object or throws the configured exception.
/// </summary>
public object Create()
{
CreateThreadId = Thread.CurrentThread.ManagedThreadId;
CreateApartmentState = Thread.CurrentThread.GetApartmentState();
if (exception is not null)
{
throw exception;
}
return CreatedObject;
}
}
/// <summary>
/// Fake MXAccess event sink for testing.
/// </summary>
private sealed class FakeMxAccessEventSink : IMxAccessEventSink
{
/// <summary>
/// Gets the attached MXAccess COM object.
/// </summary>
public object? AttachedObject { get; private set; }
/// <summary>
/// Gets the managed thread ID when Attach was called.
/// </summary>
public int? AttachThreadId { get; private set; }
/// <summary>
/// Gets the managed thread ID when Detach was called.
/// </summary>
public int? DetachThreadId { get; private set; }
/// <summary>
/// Gets the session identifier.
/// </summary>
public string? SessionId { get; private set; }
/// <summary>
/// Attaches the MXAccess COM object and records thread context.
/// </summary>
/// <param name="mxAccessComObject">MXAccess COM object to attach.</param>
/// <param name="sessionId">Identifier of the session.</param>
public void Attach(
object mxAccessComObject,
string sessionId)
{
AttachedObject = mxAccessComObject;
AttachThreadId = Thread.CurrentThread.ManagedThreadId;
SessionId = sessionId;
}
/// <summary>
/// Detaches the MXAccess COM object and records thread context.
/// </summary>
public void Detach()
{
DetachThreadId = Thread.CurrentThread.ManagedThreadId;
AttachedObject = null;
}
}
/// <summary>
/// Gap 1: Verifies that when MxAccessStaSession is created with an alarm handler factory,
/// a SubscribeAlarms command dispatched through the session reaches the handler.
/// This proves the fix in WorkerPipeSession (and the new internal constructor) correctly
/// wires the factory rather than leaving alarmCommandHandler null.
/// </summary>
[Fact]
public async Task StartAsync_WithAlarmCommandHandlerFactory_SubscribeAlarmsCommandReachesHandler()
{
FakeAlarmCommandHandler handler = new();
FakeMxAccessComObjectFactory factory = new();
FakeMxAccessEventSink eventSink = new();
using StaRuntime runtime = CreateRuntime();
using MxAccessStaSession session = new(
runtime,
factory,
eventSink,
new MxAccessEventQueue(),
_eq => handler);
await session.StartAsync("session-1", workerProcessId: 1);
StaCommand subscribeCommand = new StaCommand(
"session-1",
"corr-1",
new MxCommand
{
Kind = MxCommandKind.SubscribeAlarms,
SubscribeAlarms = new SubscribeAlarmsCommand
{
SubscriptionExpression = @"\\HOST\Galaxy!Area",
},
});
MxCommandReply reply = await session.DispatchAsync(subscribeCommand);
Assert.Equal(ProtocolStatusCode.Ok, reply.ProtocolStatus.Code);
Assert.True(handler.IsSubscribed);
Assert.Equal(@"\\HOST\Galaxy!Area", handler.LastSubscription);
}
/// <summary>
/// Gap 1: Verifies that when MxAccessStaSession is created with the default
/// parameterless constructor (no alarm factory), SubscribeAlarms returns
/// InvalidRequest with "alarm consumer not configured" diagnostic.
/// This validates the baseline before the fix.
/// </summary>
[Fact]
public async Task StartAsync_WithoutAlarmCommandHandlerFactory_SubscribeAlarmsReturnsInvalidRequest()
{
FakeMxAccessComObjectFactory factory = new();
FakeMxAccessEventSink eventSink = new();
using StaRuntime runtime = CreateRuntime();
// Use the 4-arg (no factory) constructor — equivalent to the old MxAccessStaSession()
using MxAccessStaSession session = new(runtime, factory, eventSink);
await session.StartAsync("session-1", workerProcessId: 1);
StaCommand subscribeCommand = new StaCommand(
"session-1",
"corr-1",
new MxCommand
{
Kind = MxCommandKind.SubscribeAlarms,
SubscribeAlarms = new SubscribeAlarmsCommand
{
SubscriptionExpression = @"\\HOST\Galaxy!Area",
},
});
MxCommandReply reply = await session.DispatchAsync(subscribeCommand);
Assert.Equal(ProtocolStatusCode.InvalidRequest, reply.ProtocolStatus.Code);
Assert.Contains("alarm", reply.DiagnosticMessage, StringComparison.OrdinalIgnoreCase);
}
/// <summary>
/// Gap 2: Verifies that after StartAsync with an alarm handler factory, the STA poll
/// loop calls PollOnce on the handler via the STA within a reasonable timeout.
/// This proves polling is driven by the STA rather than the consumer's internal timer.
/// </summary>
[Fact]
public async Task StartAsync_WithAlarmCommandHandlerFactory_PollOnceCalledViaSta()
{
FakeAlarmCommandHandler handler = new();
FakeMxAccessComObjectFactory factory = new();
FakeMxAccessEventSink eventSink = new();
using StaRuntime runtime = CreateRuntime();
using MxAccessStaSession session = new(
runtime,
factory,
eventSink,
new MxAccessEventQueue(),
_eq => handler);
await session.StartAsync("session-1", workerProcessId: 1);
// Wait up to 3s for at least one PollOnce call from the STA poll loop.
using CancellationTokenSource timeout = new CancellationTokenSource(TimeSpan.FromSeconds(3));
while (handler.PollCount == 0 && !timeout.IsCancellationRequested)
{
await Task.Delay(50, CancellationToken.None);
}
Assert.True(handler.PollCount > 0,
"Expected PollOnce to be called at least once by the STA poll loop within 3 seconds.");
Assert.NotNull(handler.LastPollThreadId);
Assert.Equal(runtime.StaThreadId, handler.LastPollThreadId);
}
/// <summary>
/// Gap 2: Verifies that the STA poll loop stops when the session is disposed —
/// no further PollOnce calls after disposal.
/// </summary>
[Fact]
public async Task Dispose_StopsAlarmPollLoop()
{
FakeAlarmCommandHandler handler = new();
FakeMxAccessComObjectFactory factory = new();
FakeMxAccessEventSink eventSink = new();
using StaRuntime runtime = CreateRuntime();
MxAccessStaSession session = new(
runtime,
factory,
eventSink,
new MxAccessEventQueue(),
_eq => handler);
await session.StartAsync("session-1", workerProcessId: 1);
// Wait for at least one poll to occur, then dispose.
using CancellationTokenSource initTimeout = new CancellationTokenSource(TimeSpan.FromSeconds(3));
while (handler.PollCount == 0 && !initTimeout.IsCancellationRequested)
{
await Task.Delay(50, CancellationToken.None);
}
Assert.True(handler.PollCount > 0, "Prerequisite: poll loop must have fired before dispose.");
session.Dispose();
int pollCountAtDispose = handler.PollCount;
// Wait 1 second and verify no further polls occur.
await Task.Delay(1000);
Assert.Equal(pollCountAtDispose, handler.PollCount);
}
/// <summary>
/// Worker-005 regression: when the alarm poll loop's PollOnce throws a
/// real failure (e.g. a COMException from GetXmlCurrentAlarms2), the
/// failure must be recorded as a fault on the event queue so a broken
/// alarm subscription becomes observable on the IPC fault path instead
/// of silently faulting the never-awaited poll task.
/// </summary>
[Fact]
public async Task RunAlarmPollLoop_WhenPollOnceThrows_RecordsFaultOnEventQueue()
{
FakeAlarmCommandHandler handler = new()
{
PollException = new System.Runtime.InteropServices.COMException(
"GetXmlCurrentAlarms2 failed.", unchecked((int)0x80004005)),
};
FakeMxAccessComObjectFactory factory = new();
FakeMxAccessEventSink eventSink = new();
using StaRuntime runtime = CreateRuntime();
MxAccessEventQueue eventQueue = new();
using MxAccessStaSession session = new(
runtime,
factory,
eventSink,
eventQueue,
_eq => handler);
await session.StartAsync("session-1", workerProcessId: 1);
// Wait up to 5s for the poll loop to fault the queue.
using CancellationTokenSource timeout = new CancellationTokenSource(TimeSpan.FromSeconds(5));
while (!eventQueue.IsFaulted && !timeout.IsCancellationRequested)
{
await Task.Delay(50, CancellationToken.None);
}
Assert.True(eventQueue.IsFaulted, "Expected the alarm poll failure to fault the event queue.");
WorkerFault? fault = session.DrainFault();
Assert.NotNull(fault);
Assert.Equal(WorkerFaultCategory.MxaccessEventConversionFailed, fault!.Category);
Assert.Contains("alarm poll failed", fault.DiagnosticMessage, StringComparison.OrdinalIgnoreCase);
Assert.Equal(typeof(System.Runtime.InteropServices.COMException).FullName, fault.ExceptionType);
}
/// <summary>
/// Worker-008 regression: the STA-affinity guard throws when an
/// IMxAccessAlarmConsumer call is attempted off the thread that created
/// the consumer, mirroring the MxAccessSession.CreationThreadId invariant.
/// </summary>
[Fact]
public void AssertOnAlarmConsumerThread_WhenOffOwningThread_Throws()
{
const int owningThread = 7;
const int otherThread = 99;
InvalidOperationException exception = Assert.Throws<InvalidOperationException>(
() => MxAccessStaSession.AssertOnAlarmConsumerThread(owningThread, otherThread));
Assert.Contains("off its owning STA thread", exception.Message, StringComparison.Ordinal);
}
/// <summary>
/// Worker-008: the STA-affinity guard is a no-op on the owning thread and
/// when no alarm consumer is configured (expected thread id null).
/// </summary>
[Fact]
public void AssertOnAlarmConsumerThread_OnOwningThreadOrUnset_DoesNotThrow()
{
MxAccessStaSession.AssertOnAlarmConsumerThread(expectedThreadId: 42, actualThreadId: 42);
MxAccessStaSession.AssertOnAlarmConsumerThread(expectedThreadId: null, actualThreadId: 123);
}
/// <summary>
/// Noop STA COM apartment initializer for testing.
/// </summary>
private sealed class NoopComApartmentInitializer : IStaComApartmentInitializer
{
/// <summary>
/// Initializes the COM apartment (no-op).
/// </summary>
public void Initialize()
{
}
/// <summary>
/// Uninitializes the COM apartment (no-op).
/// </summary>
public void Uninitialize()
{
}
}
/// <summary>
/// Fake alarm command handler that records calls and tracks poll thread.
/// </summary>
private sealed class FakeAlarmCommandHandler : IAlarmCommandHandler
{
private readonly object gate = new object();
private int pollCount;
private int? lastPollThreadId;
public bool IsSubscribed { get; private set; }
public string? LastSubscription { get; private set; }
/// <summary>Exception thrown by PollOnce; null to succeed.</summary>
public Exception? PollException { get; set; }
public int PollCount
{
get { lock (gate) return pollCount; }
}
public int? LastPollThreadId
{
get { lock (gate) return lastPollThreadId; }
}
public void Subscribe(string subscription, string sessionId)
{
IsSubscribed = true;
LastSubscription = subscription;
}
public void Unsubscribe()
{
IsSubscribed = false;
}
public int Acknowledge(Guid alarmGuid, string comment, string operatorUser,
string operatorNode, string operatorDomain, string operatorFullName)
=> 0;
public int AcknowledgeByName(string alarmName, string providerName, string groupName,
string comment, string operatorUser, string operatorNode,
string operatorDomain, string operatorFullName)
=> 0;
public IReadOnlyList<ActiveAlarmSnapshot> QueryActive(string? alarmFilterPrefix)
=> Array.Empty<ActiveAlarmSnapshot>();
public void PollOnce()
{
lock (gate)
{
pollCount++;
lastPollThreadId = Thread.CurrentThread.ManagedThreadId;
}
if (PollException is not null)
{
throw PollException;
}
}
public void Dispose() { }
}
}
Reference in New Issue View Git Blame Copy Permalink