Increase rcl_lifecycle test coverage and add more safety checks

[brawner]

As part of the push to Quality Level 1, this adds more more tests of the rcl_lifecycle API. While writing these tests, I found a few instances where more checks were needed.

If I didn't understand parts of the API and added checks where they weren't desired, feel free to make comments below. Alternatively, if there are more thorough checks that people feel are necessary I can also add those in. These were pretty much what I found passing around bad parameters.

• Linux
• Linux-aarch64
• macOS
• Windows
• Coverage

[brawner]

It looks like there is a bit more I can do to boost coverage. I'll work on this more tomorrow.

[brawner]

• Linux
• Linux-aarch64
• macOS
• Windows

[brawner]

Much better coverage, but com_interface and default_state_machine are dragging it down.

Name  ↓	Classes	Lines	Conditionals
com_interface.c	100% 1/1	77% 66/86	66/86
default_state_machine.c	100% 1/1	80% 147/184	147/184
rcl_lifecycle.c	100% 1/1	92% 167/181	167/181
transition_map.c	100% 1/1	97% 77/79	77/79

[ahcorde]

Some of the errors are better defined as RCL_RET INVALID_ARGUMENT. If you decide to change this you should change some error in the tests.

[ahcorde]

Suggested change

	return RCL_RET_ERROR;
	return RCL_RET_INVALID_ARGUMENT;

[ahcorde]

Suggested change

	return RCL_RET_ERROR;
	return RCL_RET_INVALID_ARGUMENT;

[ahcorde]

Suggested change

	return RCL_RET_ERROR;
	return RCL_RET_INVALID_ARGUMENT;

[ahcorde]

Suggested change

	return RCL_RET_ERROR;
	return RCL_RET_INVALID_ARGUMENT;

[ahcorde]

Suggested change

	return RCL_RET_ERROR;
	return RCL_RET_INVALID_ARGUMENT;

[ahcorde]

Suggested change

	return RCL_RET_ERROR;
	return RCL_RET_INVALID_ARGUMENT;

[ahcorde]

Suggested change

	return RCL_RET_ERROR;
	return RCL_RET_INVALID_ARGUMENT;

[ahcorde]

Suggested change

	return RCL_RET_ERROR;
	return RCL_RET_INVALID_ARGUMENT;

[ahcorde]

Suggested change

	return RCL_RET_ERROR;
	return RCL_RET_INVALID_ARGUMENT;

[ahcorde]

Suggested change

	return RCL_RET_ERROR;
	return RCL_RET_INVALID_ARGUMENT;

[brawner]

I'm not sure I can change the error codes of already existing functions this late in the game. While, I agree invalid_argument is better than error, I chose RCL_RET_ERROR to match the rest of the code.

[ahcorde]

I added an issue to follow up with the error messages #655

[Karsten1987]

Looks good to me besides one comment.

[Karsten1987]

is that meant as a TODO here? If fini() fails and sets its own error message, I think we can either reset it here or concatenate. I think overwriting the error message actually yields a warning.

[brawner]

No it was an issue I had found, and didn't have a great way of resolving it. I didn't know concatenation would work, I'll add that in.

It will indeed print a warning if the error message is set and then it proceeds to set another error message. However, I didn't want to lose the trace of errors messages as they fall from one failure to the next (so it would have been impossible to see the original failure case).

[brawner]

Checking one last time

• Linux
• Linux-aarch64
• macOS
• Windows

[Karsten1987]

Suggested change

	fail:;
	fail:

Or was that semicolon intended?

[brawner]

The compiler wouldn't let me declare current_error directly after fail: without it. The semicolon effectively creates a new statement. Should I move the variable declarations to the top?

[Karsten1987]

if I interpret this correctly this line will always result in an empty string, given that you reset the error message just above.

[Karsten1987]

Sorry to iterate again over this, but I think that else if branch is not needed. If I see this correctly, we'll fetch the error message before just to reset it again in this branch.
Why not just retrieving the existing error message within the first if branch?

something like this:

if (rcl_lifecycle_transition_map_fini(&state_machine->transition_map, allocator) != RCL_RET_OK) {
  const char * fini_error = "";
  if (rcl_error_is_set()) {
     fini_error = rcl_get_error_string().str;
     rcl_reset_error();
  }
  RCL_SET_ERROR_MSG_WITH_FORMAT_STRING(
  "Freeing transition map failed while handling a previous error. Leaking memory!"
  "\nOriginal error:\n\t%s\nError encountered in rcl_lifecycle_transition_map_fini():\n\t%s\n",
  current_error, fini_error);
}

if (!rcl_error_is_set()) {
  RCL_SET_ERROR_MSG("Unspecified error ..");
}

[brawner]

The problem originally was that the error message was already set. But if rcl_lifecycle_transition_map_fini failed, it would set its own message, and then the message would get set a third time inside this first if loop. So the goal was to keep track of current_message, and append fini_error if it existed and throw a combined error that was hopefully more helpful than either of them individually.

However, if rcl_lifecycle_transition_map_fini succeeds, we still want the user to know what caused the code to reach fail: in the first place, which is in current_message , but only if rcl_error_is_set() was true in line 697.

Originally when I submitted this, I just relied on rcutils to log the transition of error messages, since it warns if a new error message is set while a previous one had already existed. However, since I'm pretty new to the ROS 2 C codebase, I'm really not confident about any particular approach here 🤷‍♂️

[brawner]

Address @Karsten1987's feedback and am running CI again.

• Linux
• Linux-aarch64
• macOS
• Windows

[Karsten1987]

this looks good to me now. Thanks for iterating with me over this.

[brawner]

Thank you for your reviews and help!

[hidmic]

@brawner @Karsten1987 this patch is causing test failures in rclcpp_lifecycle tests. See https://ci.ros2.org/view/nightly/job/nightly_linux_release/1555/. It seems these additional checks in rcl_lifecycle_transition_init() are not consistent with what rclcpp_lifecycle expects of this API.

[Karsten1987]

Looks like a transition can be lazy initialized where start and goal state don't have to be present. Which means we should remove the nullptr checks for these two.