Possible race conditions (they all happen between the check of existence
of a topic and trying to create the node):
- single instance, with multiple advertisers during the first advertise:
both advertisers see the topic as non-existent and try to advertise it.
One of them will fail, leading to an error message.
This is the cause for telemetry_status advert failure seen in SITL in
rare cases.
- multi-instance: subscription to non-existing instance -> px4_open fails,
and the subscriber tries to create the node. If during that time a
publisher publishes that instance, the subscriber will get (instance+1)
(or fails if the max number of instances is exceeded).
This is a race that goes pretty much unnoticed.
- multi-instance: 2 publishers can get the same instance (if is_published()
is false in case both have not published data yet).
This can also go unnoticed.
Therefore the patch changes where _advertised is set: it is now set
directly during the advertisement instead of during publication.
and remove the px4_ prefix, except for px4_config.h.
command to update includes:
for k in app.h atomic.h cli.h console_buffer.h defines.h getopt.h i2c.h init.h log.h micro_hal.h module.h module_params.h param.h param_macros.h posix.h sem.h sem.hpp shmem.h shutdown.h tasks.h time.h workqueue.h; do for i in $(grep -rl 'include <px4_'$k src platforms boards); do sed -i 's/#include <px4_'$k'/#include <px4_platform_common\/'$k/ $i; done; done
for in $(grep -rl 'include <px4_config.h' src platforms boards); do sed -i 's/#include <px4_config.h/#include <px4_platform_common\/px4_config.h'/ $i; done
Transitional headers for submodules are added (px4_{defines,log,time}.h)
* Add kdevelop to gitignore
* Add test stubs
* Rename px4_add_gtest to px4_add_unit_gtest
* Add infrastructure to run functional tests
* Add example tests with parameters and uorb messages
* Fix memory issues in destructors in uORB manager and CDev
* Add a more real-world test of the collision prevention
Since assertions lead to crashes, we need better failure handling. In all
the cases in this patch, the assert is not required.
All the ones with the task id should be replaced with the module base
class.
Ah yes, and this reduces flash space, since the ASSERT macro will expand to
a printf that contains the source file name.
Existing users of orb_exists:
- logger (dynamic subscribe to multi-instances)
- mavlink (orb subscription)
- sdlog2
- preflightcheck (check for home_position)
- wait_for_topic shell command (it's not used)
- orb_group_count() (sensors: dynamic sensor addition)
All use-cases benefit from the changed semantics: they are really only
interested if there is a publisher, not another subscriber.
Reasons:
- DeviceMaster::_node_map does not need to be shared among instances,
because there is at most 1 instance per Flavor and different Flavors
have non-intersecting device paths.
- Keeping it static would also require a static lock
- DeviceMaster::_node_map was not locked at all when used from
uORB::Manager
So this fixes two synchronization issues:
- Different DeviceMaster objects could access the same static data in
parallel
- getDeviceNode() called from uORB::Manager did not use any locking at all
This has the following benefits:
- Manager can ensure that there is at most one instance of DeviceMaster
per Flavor
- The Manager needs access to (static) data of DeviceMaster already.
This will make it easier to access this data in a non-static way, and
does not introduce new dependencies.
If enabled, orb reads a rules file (./rootfs/orb_publisher.rules) on
startup. This can contain rules about which module is allowed to publish
which topic. It is completely transparent, so a publisher does not know
if he's not allowed to publish, and publications will look as if they
succeeded.
To test, add
#define ORB_USE_PUBLISHER_RULES
to uORBManager.hpp
This adds two uORB API calls:
- orb_advertise_queue
- orb_advertise_multi_queue
Both add a queue_size parameter to define a maximum number of buffered
item. The existing orb calls use all a queue size of one and thus their
behavior is unchanged. If a writer publishes too fast, the oldest elements
from the queue are silently dropped.
The returned timestamp is always the one from the latest message in the
queue.
Queue size can be set via ioctl during advertisement phase. After that it
cannot be changed anymore.
This fixes a race condition: uORB::Manager::get_instance() is used in a
multi-thread context, but the singleton initialization was not thread-safe.
Further, this avoids having to check for nullptr every time the singleton
is accessed.
uORB::Manager::initialize() is called when uorb is started. No one else
accesses the singleton before that point, because it is only used in the
orb_* methods, and in muorb. Both require uorb to be started already when
they are used.
This is necessary when using multiple instances of a topic. However it does
not free the underlying resources, as it is assumed they will be used again
at a later point.
This fixes the previously introduced unit test. It fixes the case where
orb_subscribe_multi is called multiple times with different instances,
and no publisher advertised the topic yet. In this case all subscribers
got the same instance 0.
