fix-288-remove_pipename changes

[CDKnightNASA]

Describe the contribution
Removes the PipeName field from the CFE_SB_PipeD_t struct.

Testing performed
make install
make test

Expected behavior changes
A clear and concise description of how this contribution will change behavior and level of impact.

• API Change: internal change to CFE_SB_GetPipeName
• Behavior Change: reduced memory impact of the CFE_SB_PipeD_t table

System(s) tested on:

• Hardware: VM
• OS: Linux
• Versions: "master"

Contributor Info
Chris Knight, NASA Ames Research Center

[skliper]

CCB 20191123 - Discussed the string copies vs passing pointers, or use the get properties but could result in fixing implementation (os_queues dependency would get built in).

This implementation saves memory, but is a performance hit with the string copies. Not in the standard get/send path (just for error processing), and in the create/delete so not really a significant real time operation impact.

[skliper]

CCB 20191123 - approved for integration candidate, under additional review by jphickey and acudmore

[ghost]

Looks good. Approve.

[ghost]

Should you use strncpy here?

[CDKnightNASA]

fixed

[ghost]

Is it worth checking to see if PipeNameBuf is non-NULL? If it's only used internally, then it might not be necessary.

[jphickey]

I would also prefer to see this have a third parameter, which is the size of the output buffer, rather than assuming it is always exactly OS_MAX_API_NAME. There are several reasons for this, but mainly that OS_MAX_API_NAME is an OSAL definition, not a CFE platform definition, and theoretically a single build of CFE could be linked with a different build of OSAL without necessarily having the same definition.

Also note that the CFE_ES_GetAppName() function, which is similar in concept/purpose, has the following prototype:
int32 CFE_ES_GetAppName(char *AppName, uint32 AppId, uint32 BufferLength)

The output/destination buffer pointer is first, which mirrors the way many C library string functions work.

[jphickey]

I would like to see some updates to the CFE_SB_GetPipeName() to always fill the buffer with a null terminated string (i.e. an empty string) even in cases of error, to also pass in a separate size, and also reverse one case where it was called before releasing the SB lock.

[jphickey]

In this case the CFE_SB_GetPipeName is called while the SB global lock is still held. This should probably be switched. In all other cases it looks like CFE_SB_GetPipeName is invoked outside the lock, which is probably preferable, as it avoids a double lock with OSAL. OSAL already has protections in case a delete occurs in close proximity to this call.

[CDKnightNASA]

Fixed!

[jphickey]

I would also prefer to see this have a third parameter, which is the size of the output buffer, rather than assuming it is always exactly OS_MAX_API_NAME. There are several reasons for this, but mainly that OS_MAX_API_NAME is an OSAL definition, not a CFE platform definition, and theoretically a single build of CFE could be linked with a different build of OSAL without necessarily having the same definition.

Also note that the CFE_ES_GetAppName() function, which is similar in concept/purpose, has the following prototype:
int32 CFE_ES_GetAppName(char *AppName, uint32 AppId, uint32 BufferLength)

The output/destination buffer pointer is first, which mirrors the way many C library string functions work.

[jphickey]

It looks like the source/destination is reversed here

[CDKnightNASA]

GAH! I can't believe I did that. Fixed this.

[jphickey]

I would also like to see this guaranteed to return a null-terminated string so long as a valid buffer was passed. We also did this for CFE_ES_GetAppName() too -- although it returns a status as to whether or not it was successful, nobody checked the status, and it looks like this is also the case with this function. If it fails, return an empty string.

[CDKnightNASA]

I would like to see some updates to the CFE_SB_GetPipeName() to always fill the buffer with a null terminated string (i.e. an empty string) even in cases of error,

Generally I prefer the minimum of change on error. Is there "style guidance" we should adopt and that should be documented in the coding style guide?

The SB code is not particularly consistent:

CreatePipe does this--initializes *PipeIdPtr to an invalid ID at the start of the function.

GetPipeOpts does NOT do this for *OptsPtr.

CFE_SB_GetAppTskName ...sorta...does this, by adding a null at the end of the buffer (no matter how long the actual name is.) But that, of course, does not handle the intervening bytes.

Remember, also, that CFE_SB_GetPipeName is a "private" function, although I could easily see exposing this. (In fact, there's one unit test already, which is kinda odd for a private function.)

to also pass in a separate size,

Again this is not what CFE_SB_GetAppTskName does, a lot of functions assume (and are documented to assume) that the buffer is OS_MAX_API_NAME in length. If we want to change the "guidance" and start recommending array buffers be passed with size, I am good with that.

and also reverse one case where it was called before releasing the SB lock.

Ok I will evaluate the locking logic per this and your other comment.

[skliper]

CCB - 12/4/2019: Consider adding an OSAL API which just retrieves the name of a resource, simplifies this issue and the other's related

[CDKnightNASA]

OBE - pull request #404