wwtools

dohertj2/wwtools

Fork 0

Commit Graph

Author	SHA1	Message	Date
Joseph Doherty	9251c564c1	mbproxy: resolve remaining items from ReReviewAfterRemediation.md Closes the latent + minor + test-discipline items left after Wave 4. Updates the re-review doc with a final resolution table — every actionable finding now marked Resolved or Accepted with rationale. NM3 — _supervisorCts leaks on re-Start StartAsync now disposes the previous CTS before reassigning. Idempotent: a try/catch (ObjectDisposedException) covers the very-first-Start case where the field-init CTS is still fresh. NM4 — W2.15 TCS is single-shot _firstAttemptCompleted is no longer readonly; StartAsync re-creates it after the W2.16 guard so a re-Started supervisor's WaitForInitialBindAttemptAsync doesn't observe the previous run's signal. Nm6 — _admin GetService<> returns null silently ProxyWorker.ExecuteAsync now logs a Warning when admin isn't registered. Preserves the loud-failure intent from the original IHostedService registration without forcing test hosts to wire admin. Nm7 — AdminEndpointHost.DisposeAsync no double-dispose guard Added a volatile bool _disposed flag with an early-return at the top of DisposeAsync. Symmetry with PlcMultiplexer; protects against ProxyWorker.StopAsync explicitly disposing then DI disposing the singleton again on host shutdown. T3 — RemoveInheritedAppsettings only fires on Build AfterTargets="Build;Publish" + a second Delete against $(PublishDir) so a `dotnet publish` against the test csproj doesn't ship the example PLCs from the linked install template. T4 — Stale TryAttachOrCreate__ReturnsTrue_ test method names Renamed to AttachOrCreate_*_WasNew{True,False} after W3 dropped the bool return. Accepted (with rationale documented in ReReviewAfterRemediation.md): Nm2 — CoalescedHit semantic is per-design Nm4 — _lastBindError preservation on clean exit is intentional forensics Nm5 — EventLogBridge has no injectable logger Nm8 — Cosmetic log noise T1 — Reflection on private fields documented as maintenance trap Tests: 387 pass / 0 fail. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-14 07:02:21 -04:00
Joseph Doherty	7ead3581ab	mbproxy: Wave 3 cleanups, docs, and test gaps from 2026-05-14 review Closes the Wave 3 (cleanup) tier of codereviews/2026-05-14/RemediationPlan.md. Tests: 378 pass / 0 fail (baseline 370 + 8 new W3 regression tests). Code cleanups: * PlcMultiplexer: removed dead `elapsedMs` calculation (the actual EWMA conversion uses Stopwatch ticks two lines below). * UpstreamPipe.FillAsync: dropped the meaningless `firstRead && remaining == count ? false : false` ternary; both branches were `false`. * InFlightByKeyMap.TryAttachOrCreate (always returned `true`) renamed to `AttachOrCreate` and made `void`. Test sites updated to drop the dead `bool ok = ...; ok.ShouldBeTrue();` assertions. * BcdCodec.HasBadNibble promoted from private to internal; the duplicate copy in BcdPduPipeline removed and the call sites updated to `BcdCodec.HasBadNibble`. * PlcMultiplexer watchdog comment fixed: said "1-second floor", code uses 100 ms. Now both agree. * StatusSnapshotBuilder: simplified the unreachable `RemoteEp?.ToString() ?? RemoteEp?.Address.ToString() ?? "?"` to `RemoteEp?.ToString() ?? "?"`. * Mbproxy.csproj: stale "deferred" Polly comment replaced with a real description of where Polly is used (BackendConnect + ListenerRecovery). Doc updates: * README: added a callout about the unconventional 32-bit BCD wire format ("two base-10000 digits in CDAB", not standard binary CDAB Int32) so integrators using off-the-shelf clients learn about the silent-corruption hazard before configuring writes. * docs/design.md: clarified `cacheMissCount` and `coalescedMissCount` semantics — "miss" means "did not find a fresh entry / did not coalesce", NOT "produced a backend round-trip". Operators wanting actual backend traffic should compute `miss − coalescedHit − exception04`. * docs/Architecture/ResponseCache.md: documented the structural "skip invalidation while recovering" gating (no backend reader during recovery → no FC06/FC16 response → no invalidation). * docs/Operations/Configuration.md: noted that the Event Log sink is the custom EventLogBridge, not Serilog.Sinks.EventLog (W2.23 cached check). * docs/plan/README.md: added a Phase 12 row pointing at the remediation plan and linking out to codereviews/2026-05-14/. Test additions (W3 high-value gaps): * BcdPduPipelineTests: - FC16_WriteStartsOnHighWord_Of32BitPair_PassesThroughRaw_WithPartialWarning (symmetric inverse of the existing low-side partial-overlap test). - FC03_Mixed_16Bit_32Bit_AndNonBcd_InOneRead_OnlyConfiguredSlotsRewritten (mixed-slot routing in a single FC03 read). - FC16_Response_PassesThroughUnchanged_RegardlessOfTagMap (FC16 response carries no register data; rewriter must pass through). * AdminEndpointTests: - NonGetMethod_AgainstAdminRoutes_Returns405 (Theory: POST/PUT/DELETE/ PATCH against `/` and `/status.json` must return 405; guards against an accidental MapPost being added later). * HotReloadE2ETests: - E2E_TagListReload_OnCacheablePlc_EmitsCacheFlushedEvent (validates the W2.8 cache.flushed wiring end-to-end via the real FileSystemWatcher reload path). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-14 06:06:52 -04:00
Joseph Doherty	a2dba4bd07	mbproxy: add in-flight read coalescing (Phase 10) When two or more upstream clients send the same FC03/FC04 read while a matching request is already in flight on the same PLC's multiplexed backend socket, attach the late arrivals to the existing InFlightRequest .InterestedParties list instead of opening a second backend round-trip. The single backend response fans out to every attached party with each party's original MBAP TxId restored individually. Zero post-response staleness — coalescing operates entirely within the in-flight window (microseconds to ~10 ms typical); the proxy is NOT a cache layer. Headline mechanism: - New record struct CoalescingKey(UnitId, Fc, StartAddress, Qty) keys the per-PLC InFlightByKeyMap. FC03 and FC04 are separate Modbus tables and never share a key; different unit IDs never coalesce; writes (FC06/FC16) bypass the coalescing path entirely. - InFlightByKeyMap uses a simple lock around a Dictionary; atomic TryAttachOrCreate either appends a new party to the in-flight request's mutable List<InterestedParty> or invokes a factory to build a fresh entry. Per-entry MaxParties cap (default 32) bounds fan-out cost; past the cap, the next arrival opens a new entry. - PlcMultiplexer.OnUpstreamFrameAsync takes the coalescing path for FC03/FC04 when Mbproxy.Resilience.ReadCoalescing.Enabled. The factory closure does the Phase-9 work (allocate TxId, add to CorrelationMap); the channel send happens AFTER returning from TryAttachOrCreate so the map lock is not held across the async send. - Response fan-out in RunBackendReaderAsync removes the entry from InFlightByKeyMap before iterating InterestedParties, ensuring no concurrent attach can mutate the list during iteration. - Cascade + watchdog paths also drain the key map so a stale entry cannot outlive its backend round-trip. Counter accounting balance (per snapshot): CoalescedHitCount + CoalescedMissCount equals total FC03 + FC04 requests since startup. Even with coalescing disabled, every read still bumps Miss so dashboard math stays balanced. New surface (additive only): - src/Mbproxy/Proxy/Multiplexing/CoalescingKey.cs - src/Mbproxy/Proxy/Multiplexing/InFlightByKeyMap.cs - src/Mbproxy/Proxy/Multiplexing/CoalescingLogEvents.cs - ReadCoalescingOptions on ResilienceOptions - CoalescedHitCount / CoalescedMissCount / CoalescedResponseToDeadUpstream counters surfaced on /status.json per PLC and as a compact "Coal" cell on the HTML status page. Phase 9 test patch: TwoUpstreams_ProxyTxIds_AreDistinct_OnTheWire previously read the same register from both clients (which now coalesces). Patched to read two different addresses so the test still proves distinct backend TxIds without violating the coalescing contract. Tests added: 24 new (19 unit + 5 E2E): - CoalescingKeyTests (5) - InFlightByKeyMapTests (6, includes concurrent stress) - ReadCoalescingTests (8, stub-backend with deterministic delay) - ReadCoalescingE2ETests (5, pymodbus simulator; coalescing-active during overlap is proven against the stub, not the sim, due to pymodbus 3.13's known concurrent-frame bug) Total: 325 tests passing (282 unit + 43 E2E). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-05-14 02:26:06 -04:00

Author

SHA1

Message

Date

Joseph Doherty

9251c564c1

mbproxy: resolve remaining items from ReReviewAfterRemediation.md

Closes the latent + minor + test-discipline items left after Wave 4. Updates
the re-review doc with a final resolution table — every actionable finding
now marked Resolved or Accepted with rationale.

NM3 — _supervisorCts leaks on re-Start
  StartAsync now disposes the previous CTS before reassigning. Idempotent:
  a try/catch (ObjectDisposedException) covers the very-first-Start case
  where the field-init CTS is still fresh.

NM4 — W2.15 TCS is single-shot
  _firstAttemptCompleted is no longer readonly; StartAsync re-creates it
  after the W2.16 guard so a re-Started supervisor's
  WaitForInitialBindAttemptAsync doesn't observe the previous run's signal.

Nm6 — _admin GetService<> returns null silently
  ProxyWorker.ExecuteAsync now logs a Warning when admin isn't registered.
  Preserves the loud-failure intent from the original IHostedService
  registration without forcing test hosts to wire admin.

Nm7 — AdminEndpointHost.DisposeAsync no double-dispose guard
  Added a volatile bool _disposed flag with an early-return at the top of
  DisposeAsync. Symmetry with PlcMultiplexer; protects against
  ProxyWorker.StopAsync explicitly disposing then DI disposing the singleton
  again on host shutdown.

T3 — RemoveInheritedAppsettings only fires on Build
  AfterTargets="Build;Publish" + a second Delete against $(PublishDir)
  so a `dotnet publish` against the test csproj doesn't ship the example
  PLCs from the linked install template.

T4 — Stale TryAttachOrCreate_*_ReturnsTrue_* test method names
  Renamed to AttachOrCreate_*_WasNew{True,False} after W3 dropped the bool
  return.

Accepted (with rationale documented in ReReviewAfterRemediation.md):
  Nm2 — CoalescedHit semantic is per-design
  Nm4 — _lastBindError preservation on clean exit is intentional forensics
  Nm5 — EventLogBridge has no injectable logger
  Nm8 — Cosmetic log noise
  T1  — Reflection on private fields documented as maintenance trap

Tests: 387 pass / 0 fail.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-14 07:02:21 -04:00

Joseph Doherty

7ead3581ab

mbproxy: Wave 3 cleanups, docs, and test gaps from 2026-05-14 review

Closes the Wave 3 (cleanup) tier of codereviews/2026-05-14/RemediationPlan.md.
Tests: 378 pass / 0 fail (baseline 370 + 8 new W3 regression tests).

Code cleanups:
  * PlcMultiplexer: removed dead `elapsedMs` calculation (the actual EWMA
    conversion uses Stopwatch ticks two lines below).
  * UpstreamPipe.FillAsync: dropped the meaningless `firstRead && remaining
    == count ? false : false` ternary; both branches were `false`.
  * InFlightByKeyMap.TryAttachOrCreate (always returned `true`) renamed to
    `AttachOrCreate` and made `void`. Test sites updated to drop the dead
    `bool ok = ...; ok.ShouldBeTrue();` assertions.
  * BcdCodec.HasBadNibble promoted from private to internal; the duplicate
    copy in BcdPduPipeline removed and the call sites updated to
    `BcdCodec.HasBadNibble`.
  * PlcMultiplexer watchdog comment fixed: said "1-second floor", code uses
    100 ms. Now both agree.
  * StatusSnapshotBuilder: simplified the unreachable
    `RemoteEp?.ToString() ?? RemoteEp?.Address.ToString() ?? "?"` to
    `RemoteEp?.ToString() ?? "?"`.
  * Mbproxy.csproj: stale "deferred" Polly comment replaced with a real
    description of where Polly is used (BackendConnect + ListenerRecovery).

Doc updates:
  * README: added a callout about the unconventional 32-bit BCD wire format
    ("two base-10000 digits in CDAB", not standard binary CDAB Int32) so
    integrators using off-the-shelf clients learn about the silent-corruption
    hazard before configuring writes.
  * docs/design.md: clarified `cacheMissCount` and `coalescedMissCount`
    semantics — "miss" means "did not find a fresh entry / did not coalesce",
    NOT "produced a backend round-trip". Operators wanting actual backend
    traffic should compute `miss − coalescedHit − exception04`.
  * docs/Architecture/ResponseCache.md: documented the structural
    "skip invalidation while recovering" gating (no backend reader during
    recovery → no FC06/FC16 response → no invalidation).
  * docs/Operations/Configuration.md: noted that the Event Log sink is the
    custom EventLogBridge, not Serilog.Sinks.EventLog (W2.23 cached check).
  * docs/plan/README.md: added a Phase 12 row pointing at the remediation
    plan and linking out to codereviews/2026-05-14/.

Test additions (W3 high-value gaps):
  * BcdPduPipelineTests:
    - FC16_WriteStartsOnHighWord_Of32BitPair_PassesThroughRaw_WithPartialWarning
      (symmetric inverse of the existing low-side partial-overlap test).
    - FC03_Mixed_16Bit_32Bit_AndNonBcd_InOneRead_OnlyConfiguredSlotsRewritten
      (mixed-slot routing in a single FC03 read).
    - FC16_Response_PassesThroughUnchanged_RegardlessOfTagMap (FC16 response
      carries no register data; rewriter must pass through).
  * AdminEndpointTests:
    - NonGetMethod_AgainstAdminRoutes_Returns405 (Theory: POST/PUT/DELETE/
      PATCH against `/` and `/status.json` must return 405; guards against
      an accidental MapPost being added later).
  * HotReloadE2ETests:
    - E2E_TagListReload_OnCacheablePlc_EmitsCacheFlushedEvent (validates the
      W2.8 cache.flushed wiring end-to-end via the real FileSystemWatcher
      reload path).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-14 06:06:52 -04:00

Joseph Doherty

a2dba4bd07

mbproxy: add in-flight read coalescing (Phase 10)

When two or more upstream clients send the same FC03/FC04 read while a
matching request is already in flight on the same PLC's multiplexed
backend socket, attach the late arrivals to the existing InFlightRequest
.InterestedParties list instead of opening a second backend round-trip.
The single backend response fans out to every attached party with each
party's original MBAP TxId restored individually. Zero post-response
staleness — coalescing operates entirely within the in-flight window
(microseconds to ~10 ms typical); the proxy is NOT a cache layer.

Headline mechanism:

- New record struct CoalescingKey(UnitId, Fc, StartAddress, Qty) keys
  the per-PLC InFlightByKeyMap. FC03 and FC04 are separate Modbus
  tables and never share a key; different unit IDs never coalesce;
  writes (FC06/FC16) bypass the coalescing path entirely.
- InFlightByKeyMap uses a simple lock around a Dictionary; atomic
  TryAttachOrCreate either appends a new party to the in-flight
  request's mutable List<InterestedParty> or invokes a factory to
  build a fresh entry. Per-entry MaxParties cap (default 32) bounds
  fan-out cost; past the cap, the next arrival opens a new entry.
- PlcMultiplexer.OnUpstreamFrameAsync takes the coalescing path for
  FC03/FC04 when Mbproxy.Resilience.ReadCoalescing.Enabled. The
  factory closure does the Phase-9 work (allocate TxId, add to
  CorrelationMap); the channel send happens AFTER returning from
  TryAttachOrCreate so the map lock is not held across the async send.
- Response fan-out in RunBackendReaderAsync removes the entry from
  InFlightByKeyMap before iterating InterestedParties, ensuring no
  concurrent attach can mutate the list during iteration.
- Cascade + watchdog paths also drain the key map so a stale entry
  cannot outlive its backend round-trip.

Counter accounting balance (per snapshot): CoalescedHitCount +
CoalescedMissCount equals total FC03 + FC04 requests since startup.
Even with coalescing disabled, every read still bumps Miss so dashboard
math stays balanced.

New surface (additive only):
- src/Mbproxy/Proxy/Multiplexing/CoalescingKey.cs
- src/Mbproxy/Proxy/Multiplexing/InFlightByKeyMap.cs
- src/Mbproxy/Proxy/Multiplexing/CoalescingLogEvents.cs
- ReadCoalescingOptions on ResilienceOptions
- CoalescedHitCount / CoalescedMissCount /
  CoalescedResponseToDeadUpstream counters surfaced on /status.json
  per PLC and as a compact "Coal" cell on the HTML status page.

Phase 9 test patch: TwoUpstreams_ProxyTxIds_AreDistinct_OnTheWire
previously read the same register from both clients (which now
coalesces). Patched to read two different addresses so the test still
proves distinct backend TxIds without violating the coalescing
contract.

Tests added: 24 new (19 unit + 5 E2E):
- CoalescingKeyTests (5)
- InFlightByKeyMapTests (6, includes concurrent stress)
- ReadCoalescingTests (8, stub-backend with deterministic delay)
- ReadCoalescingE2ETests (5, pymodbus simulator; coalescing-active
  during overlap is proven against the stub, not the sim, due to
  pymodbus 3.13's known concurrent-frame bug)

Total: 325 tests passing (282 unit + 43 E2E).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

2026-05-14 02:26:06 -04:00

3 Commits