feat: S12.25 portable category axis + event-struct error boundary#513
Conversation
UdpSender-only spike of the event-struct error boundary and the portable category axis, using anonymous enums for category constants. Cast boundary and easily-swappable both verified clean; category headers fall under D.009. Committed as a revert point before testing the macro variant. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Categories become uint16_t macros carrying their own cast, so emit sites drop the (uint16_t) clutter and BASE+n arithmetic is restored. cppcheck-misra clean on the UdpSender TUs with zero new suppressions (vs ~2 D.009 lines per header for the enum variant). Detail stays a per-class enum with a visible (int32_t) cast — it is polymorphic (enum today, native errno/X509 later). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Reshape the library-internal error boundary into three orthogonal axes carried by a SolidSyslogErrorEvent struct: SolidSyslog_Error(severity, source, uint16_t category, int32_t detail) handler: void(void* context, const struct SolidSyslogErrorEvent* event) - Source: extensible identity (unchanged, pointer-identity match). - Category: NEW portable reaction axis — uint16_t macros in SolidSyslogErrorCategory.h (universal lifecycle) + per-role SolidSyslog<Role>Categories.h (errno-domain BASE + n, 0xC000+ reserved for integrators). Macros carry their own cast so emit sites stay clean; the wire type is uint16_t so integrator classes supply their own categories. - Detail: the existing per-class enum (int32_t, native errno/X509 later), kept with a visible cast at the call site. The event struct sidesteps easily-swappable-parameters and makes future axes additive. AsString is deliberately unchanged (text decoupling is S12.26). Swept all 124 emit sites, migrated ~44 test files to event-based asserts with a shared CHECK_ERROR_EVENT macro (portable-category coverage; 3292 -> 3406 checks), and updated the BDD/FreeRtos stderr handlers. gcc + freertos-host green (1392 tests); cppcheck-misra clean with zero new deviations; clang-format clean. Closes #506 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Warning Review limit reached
More reviews will be available in 32 minutes and 13 seconds. Learn how PR review limits work. Your organization has run out of usage credits. Purchase more in the billing tab. ⌛ How to resolve this issue?After more reviews become available, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available. Please see our Fair Usage Limits Policy for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (6)
📝 WalkthroughWalkthroughIntroduces struct-based error events and a portable category axis. Updates public headers, core dispatcher, all emit sites across platforms, BDD targets, tests, docs, and MISRA suppressions to use (category, detail) and the new handler signature. ChangesS12.25 error event boundary and categories
Sequence Diagram(s)sequenceDiagram
participant Caller as Module emit site
participant Dispatcher as SolidSyslog_Error
participant Handler as Installed error handler
Caller->>Dispatcher: SolidSyslog_Error(sev, src, cat, detail)
Dispatcher->>Dispatcher: Assemble SolidSyslogErrorEvent
Dispatcher->>Handler: handler(ctx, &event)
Estimated code review effort🎯 4 (Complex) | ⏱️ ~60 minutes Possibly related issues
Possibly related PRs
Poem
✨ Finishing Touches🧪 Generate unit tests (beta)
|
☀️ Quality Summary 🚦 build-linux-gcc: 100% successful (✔️ 1417 passed) Created by Quality Monitor v1.14.0 (#f3859fd). More details are shown in the GitHub Checks Result. |
…o-enum) The four per-role base macros were bare integral constants, which clang-tidy's cppcoreguidelines/modernize-macro-to-enum flags as a convertible run (the analyze-tidy lanes failed on it). Giving them the same (uint16_t) cast the category macros already carry makes every SOLIDSYSLOG_CAT_* uniform and the check no longer treats them as plain integral macros. Value-preserving; cppcheck-misra and tests unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
There was a problem hiding this comment.
Actionable comments posted: 2
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (3)
Tests/SolidSyslogTlsStreamPoolTest.cpp (1)
100-106:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winDrop the fallback handle before teardown in this test.
overflowstill points at the fallback stream here, so teardown destroys it and intentionally reportsUNKNOWN_DESTROYthroughErrorHandlerFake. The result is two callbacks for the test even though Line 102 assertsONCE.Suggested fix
overflow = SolidSyslogTlsStream_Create(&config); CALLED_FAKE(ErrorHandlerFake_Handle, ONCE); LONGS_EQUAL(SOLIDSYSLOG_SEVERITY_ERROR, ErrorHandlerFake_LastSeverity()); POINTERS_EQUAL(&TlsStreamErrorSource, ErrorHandlerFake_LastSource()); UNSIGNED_LONGS_EQUAL(SOLIDSYSLOG_CAT_POOL_EXHAUSTED, ErrorHandlerFake_LastCategory()); UNSIGNED_LONGS_EQUAL(TLSSTREAM_ERROR_POOL_EXHAUSTED, ErrorHandlerFake_LastDetail()); + overflow = nullptr;Based on learnings: pool-backed
_Destroyintentionally warns on fallback handles, so tests that assert only the create-time error need to keep teardown away from that fallback.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Tests/SolidSyslogTlsStreamPoolTest.cpp` around lines 100 - 106, The test currently leaves the fallback handle in overflow (returned by SolidSyslogTlsStream_Create) so teardown later destroys it and triggers a second ErrorHandlerFake_Handle callback; before test teardown, explicitly drop/close the fallback handle stored in overflow (e.g., call the pool/fallback release/close function or set overflow to NULL and ensure any created handle is destroyed) so only the create-time error is reported and the ErrorHandlerFake_Handle assertion (ONCE) remains valid; locate usage of overflow and SolidSyslogTlsStream_Create in this test and release that handle before test teardown to avoid the pool-backed _Destroy warning callback.Tests/SolidSyslogStreamSenderTest.cpp (1)
756-762:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winTeardown is hitting the wrong destroy path for this bad-setup group.
Here
senderis either stillnullptror the shared fallback returned from a bad setup, and both cases routeSolidSyslogStreamSender_Destroy(...)into the intentionalUNKNOWN_DESTROYwarning path. That means theCALLED_FAKE(ErrorHandlerFake_Handle, ONCE)assertions in this group are only true before teardown runs.Use a separate “owns pooled sender” path here, or keep the bad-setup sender local to the tests and only destroy a real pooled sender from teardown.
Based on learnings: calling
SolidSyslog*_Destroy(nullptr)is not a safe no-op here, and pool-backed_Destroyalso intentionally warns on fallback handles.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Tests/SolidSyslogStreamSenderTest.cpp` around lines 756 - 762, The teardown currently calls SolidSyslogStreamSender_Destroy(sender) which routes nullptr or the shared fallback into the UNKNOWN_DESTROY warning path and invalidates the CALLED_FAKE(ErrorHandlerFake_Handle, ONCE) assertions; change teardown to only destroy pooled/owned senders (e.g. track and call SolidSyslogStreamSender_Destroy on an owned_pooled_sender variable) and do not call SolidSyslogStreamSender_Destroy on the test-local bad-setup sender (keep that bad sender as a local variable inside those tests so teardown won't touch it), or add an explicit owns_pooled_sender flag checked in teardown before calling SolidSyslogStreamSender_Destroy to avoid triggering the fallback warning path.Tests/SolidSyslogGetAddrInfoResolverTest.cpp (1)
189-195:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winClear
overflowafter the create-error assertion.This test leaves the fallback resolver in
overflow, so teardown destroys it and, by design, emitsUNKNOWN_DESTROYthrough the still-installed fake. The test therefore produces two handler callbacks by the time it finishes, even though Line 191 assertsONCE.Suggested fix
overflow = SolidSyslogGetAddrInfoResolver_Create(); CALLED_FAKE(ErrorHandlerFake_Handle, ONCE); LONGS_EQUAL(SOLIDSYSLOG_SEVERITY_ERROR, ErrorHandlerFake_LastSeverity()); POINTERS_EQUAL(&GetAddrInfoResolverErrorSource, ErrorHandlerFake_LastSource()); UNSIGNED_LONGS_EQUAL(SOLIDSYSLOG_CAT_POOL_EXHAUSTED, ErrorHandlerFake_LastCategory()); UNSIGNED_LONGS_EQUAL(GETADDRINFORESOLVER_ERROR_POOL_EXHAUSTED, ErrorHandlerFake_LastDetail()); + overflow = nullptr;Based on learnings: every pool-backed
_Destroyintentionally warns on fallback handles, so tests must avoid letting teardown destroy the fallback when they asserted only the create-time error.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Tests/SolidSyslogGetAddrInfoResolverTest.cpp` around lines 189 - 195, The test leaves the fallback resolver in the local variable overflow after calling SolidSyslogGetAddrInfoResolver_Create and asserting the create-time error, which causes teardown to destroy that fallback and trigger a second ErrorHandler callback; after the assertions that check ErrorHandlerFake_Handle (ONCE) and related details, set overflow to NULL (or otherwise clear/reset the fallback handle) so teardown won't attempt to destroy it—update the test around SolidSyslogGetAddrInfoResolver_Create/overflow to clear overflow immediately after the error assertions.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@Bdd/Targets/Common/BddTargetStderrErrorHandler.c`:
- Around line 19-22: The current cast of event->Detail to uint8_t when calling
source->AsString can mis-map int32_t values; update the logic in
BddTargetStderrErrorHandler.c so you only call
source->AsString((uint8_t)event->Detail) when source->AsString is non-NULL and
event->Detail is within the old uint8_t range (0..255), otherwise leave the
default message unchanged; reference the symbols source->AsString and
event->Detail and perform an explicit range check before the cast to avoid
truncation to legacy values.
In `@Platform/OpenSsl/Source/SolidSyslogOpenSslHmacSha256Policy.c`:
- Around line 110-114: The ComputeTag helper always reports failures with
SOLIDSYSLOG_CAT_SECURITYPOLICY_SEAL_FAILED which is incorrect for open-time HMAC
errors; update OpenSslHmacSha256Policy_ComputeTag to accept an
operation-specific failure category (or a boolean indicating seal vs open) and
use that value when calling OpenSslHmacSha256Policy_Report instead of the
hard-coded SOLIDSYSLOG_CAT_SECURITYPOLICY_SEAL_FAILED so callers (seal and open)
can pass the correct category for their failure reports.
---
Outside diff comments:
In `@Tests/SolidSyslogGetAddrInfoResolverTest.cpp`:
- Around line 189-195: The test leaves the fallback resolver in the local
variable overflow after calling SolidSyslogGetAddrInfoResolver_Create and
asserting the create-time error, which causes teardown to destroy that fallback
and trigger a second ErrorHandler callback; after the assertions that check
ErrorHandlerFake_Handle (ONCE) and related details, set overflow to NULL (or
otherwise clear/reset the fallback handle) so teardown won't attempt to destroy
it—update the test around SolidSyslogGetAddrInfoResolver_Create/overflow to
clear overflow immediately after the error assertions.
In `@Tests/SolidSyslogStreamSenderTest.cpp`:
- Around line 756-762: The teardown currently calls
SolidSyslogStreamSender_Destroy(sender) which routes nullptr or the shared
fallback into the UNKNOWN_DESTROY warning path and invalidates the
CALLED_FAKE(ErrorHandlerFake_Handle, ONCE) assertions; change teardown to only
destroy pooled/owned senders (e.g. track and call
SolidSyslogStreamSender_Destroy on an owned_pooled_sender variable) and do not
call SolidSyslogStreamSender_Destroy on the test-local bad-setup sender (keep
that bad sender as a local variable inside those tests so teardown won't touch
it), or add an explicit owns_pooled_sender flag checked in teardown before
calling SolidSyslogStreamSender_Destroy to avoid triggering the fallback warning
path.
In `@Tests/SolidSyslogTlsStreamPoolTest.cpp`:
- Around line 100-106: The test currently leaves the fallback handle in overflow
(returned by SolidSyslogTlsStream_Create) so teardown later destroys it and
triggers a second ErrorHandlerFake_Handle callback; before test teardown,
explicitly drop/close the fallback handle stored in overflow (e.g., call the
pool/fallback release/close function or set overflow to NULL and ensure any
created handle is destroyed) so only the create-time error is reported and the
ErrorHandlerFake_Handle assertion (ONCE) remains valid; locate usage of overflow
and SolidSyslogTlsStream_Create in this test and release that handle before test
teardown to avoid the pool-backed _Destroy warning callback.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: cee7abd9-3261-4b5d-8685-0ef60d31bd16
📒 Files selected for processing (121)
Bdd/Targets/Common/BddTargetStderrErrorHandler.cBdd/Targets/FreeRtos/main.cBdd/Targets/FreeRtosLwip/main.cCLAUDE.mdCore/Interface/SolidSyslogBufferCategories.hCore/Interface/SolidSyslogError.hCore/Interface/SolidSyslogErrorCategory.hCore/Interface/SolidSyslogResolverCategories.hCore/Interface/SolidSyslogSecurityPolicyCategories.hCore/Interface/SolidSyslogTlsStreamCategories.hCore/Source/SolidSyslog.cCore/Source/SolidSyslogBlockStoreStatic.cCore/Source/SolidSyslogCircularBufferStatic.cCore/Source/SolidSyslogError.cCore/Source/SolidSyslogFileBlockDeviceStatic.cCore/Source/SolidSyslogMetaSdStatic.cCore/Source/SolidSyslogOriginSdStatic.cCore/Source/SolidSyslogPassthroughBufferStatic.cCore/Source/SolidSyslogStatic.cCore/Source/SolidSyslogStreamSenderStatic.cCore/Source/SolidSyslogSwitchingSenderStatic.cCore/Source/SolidSyslogTimeQualitySdStatic.cCore/Source/SolidSyslogUdpSender.cCore/Source/SolidSyslogUdpSenderStatic.cDEVLOG.mdPlatform/Atomics/Source/SolidSyslogStdAtomicCounterStatic.cPlatform/FatFs/Source/SolidSyslogFatFsFileStatic.cPlatform/FreeRtos/Source/SolidSyslogFreeRtosMutexStatic.cPlatform/LwipRaw/Source/SolidSyslogLwipRawAddressStatic.cPlatform/LwipRaw/Source/SolidSyslogLwipRawDatagramStatic.cPlatform/LwipRaw/Source/SolidSyslogLwipRawDnsResolver.cPlatform/LwipRaw/Source/SolidSyslogLwipRawDnsResolverStatic.cPlatform/LwipRaw/Source/SolidSyslogLwipRawResolverStatic.cPlatform/LwipRaw/Source/SolidSyslogLwipRawTcpStreamStatic.cPlatform/MbedTls/Source/SolidSyslogMbedTlsAesGcmPolicy.cPlatform/MbedTls/Source/SolidSyslogMbedTlsAesGcmPolicyMessages.cPlatform/MbedTls/Source/SolidSyslogMbedTlsAesGcmPolicyPrivate.hPlatform/MbedTls/Source/SolidSyslogMbedTlsAesGcmPolicyStatic.cPlatform/MbedTls/Source/SolidSyslogMbedTlsHmacSha256Policy.cPlatform/MbedTls/Source/SolidSyslogMbedTlsHmacSha256PolicyMessages.cPlatform/MbedTls/Source/SolidSyslogMbedTlsHmacSha256PolicyPrivate.hPlatform/MbedTls/Source/SolidSyslogMbedTlsHmacSha256PolicyStatic.cPlatform/MbedTls/Source/SolidSyslogMbedTlsStream.cPlatform/MbedTls/Source/SolidSyslogMbedTlsStreamStatic.cPlatform/OpenSsl/Source/SolidSyslogOpenSslAesGcmPolicy.cPlatform/OpenSsl/Source/SolidSyslogOpenSslAesGcmPolicyMessages.cPlatform/OpenSsl/Source/SolidSyslogOpenSslAesGcmPolicyPrivate.hPlatform/OpenSsl/Source/SolidSyslogOpenSslAesGcmPolicyStatic.cPlatform/OpenSsl/Source/SolidSyslogOpenSslHmacSha256Policy.cPlatform/OpenSsl/Source/SolidSyslogOpenSslHmacSha256PolicyMessages.cPlatform/OpenSsl/Source/SolidSyslogOpenSslHmacSha256PolicyPrivate.hPlatform/OpenSsl/Source/SolidSyslogOpenSslHmacSha256PolicyStatic.cPlatform/OpenSsl/Source/SolidSyslogTlsStream.cPlatform/OpenSsl/Source/SolidSyslogTlsStreamStatic.cPlatform/PlusTcp/Source/SolidSyslogPlusTcpAddressStatic.cPlatform/PlusTcp/Source/SolidSyslogPlusTcpDatagramStatic.cPlatform/PlusTcp/Source/SolidSyslogPlusTcpResolverStatic.cPlatform/PlusTcp/Source/SolidSyslogPlusTcpTcpStreamStatic.cPlatform/Posix/Source/SolidSyslogGetAddrInfoResolverStatic.cPlatform/Posix/Source/SolidSyslogPosixAddressStatic.cPlatform/Posix/Source/SolidSyslogPosixDatagramStatic.cPlatform/Posix/Source/SolidSyslogPosixFileStatic.cPlatform/Posix/Source/SolidSyslogPosixMessageQueueBuffer.cPlatform/Posix/Source/SolidSyslogPosixMessageQueueBufferStatic.cPlatform/Posix/Source/SolidSyslogPosixMutexStatic.cPlatform/Posix/Source/SolidSyslogPosixTcpStreamStatic.cPlatform/Windows/Source/SolidSyslogWindowsAtomicCounterStatic.cPlatform/Windows/Source/SolidSyslogWindowsFileStatic.cPlatform/Windows/Source/SolidSyslogWindowsMutexStatic.cPlatform/Windows/Source/SolidSyslogWinsockAddressStatic.cPlatform/Windows/Source/SolidSyslogWinsockDatagramStatic.cPlatform/Windows/Source/SolidSyslogWinsockResolverStatic.cPlatform/Windows/Source/SolidSyslogWinsockTcpStreamStatic.cTests/FatFs/SolidSyslogFatFsFilePoolTest.cppTests/FreeRtos/SolidSyslogFreeRtosMutexTest.cppTests/FreeRtos/SolidSyslogPlusTcpAddressTest.cppTests/FreeRtos/SolidSyslogPlusTcpDatagramTest.cppTests/FreeRtos/SolidSyslogPlusTcpResolverTest.cppTests/FreeRtos/SolidSyslogPlusTcpTcpStreamTest.cppTests/Lwip/SolidSyslogLwipRawAddressTest.cppTests/Lwip/SolidSyslogLwipRawDatagramTest.cppTests/Lwip/SolidSyslogLwipRawDnsResolverTest.cppTests/Lwip/SolidSyslogLwipRawResolverTest.cppTests/Lwip/SolidSyslogLwipRawTcpStreamTest.cppTests/MbedTls/SolidSyslogMbedTlsAesGcmPolicyTest.cppTests/MbedTls/SolidSyslogMbedTlsHmacSha256PolicyTest.cppTests/MbedTls/SolidSyslogMbedTlsStreamPoolTest.cppTests/MbedTls/SolidSyslogMbedTlsStreamTest.cppTests/SolidSyslogCircularBufferTest.cppTests/SolidSyslogErrorTest.cppTests/SolidSyslogGetAddrInfoResolverTest.cppTests/SolidSyslogMetaSdTest.cppTests/SolidSyslogOpenSslAesGcmPolicyTest.cppTests/SolidSyslogOpenSslHmacSha256PolicyTest.cppTests/SolidSyslogPassthroughBufferTest.cppTests/SolidSyslogPoolTest.cppTests/SolidSyslogPosixAddressTest.cppTests/SolidSyslogPosixDatagramTest.cppTests/SolidSyslogPosixFileTest.cppTests/SolidSyslogPosixMessageQueueBufferTest.cppTests/SolidSyslogPosixMutexTest.cppTests/SolidSyslogPosixTcpStreamTest.cppTests/SolidSyslogStdAtomicCounterPoolTest.cppTests/SolidSyslogStreamSenderTest.cppTests/SolidSyslogSwitchingSenderTest.cppTests/SolidSyslogTest.cppTests/SolidSyslogTimeQualitySdTest.cppTests/SolidSyslogTlsStreamPoolTest.cppTests/SolidSyslogTlsStreamTest.cppTests/SolidSyslogUdpSenderTest.cppTests/SolidSyslogWindowsAtomicCounterPoolTest.cppTests/SolidSyslogWindowsFileTest.cppTests/SolidSyslogWindowsMutexTest.cppTests/SolidSyslogWinsockAddressTest.cppTests/SolidSyslogWinsockDatagramTest.cppTests/SolidSyslogWinsockResolverTest.cppTests/SolidSyslogWinsockTcpStreamTest.cppTests/Support/ErrorHandlerFake.cTests/Support/ErrorHandlerFake.hTests/Support/TestUtils.hmisra_suppressions.txt
The HMAC policies' ComputeTag helper is shared by SealRecord and OpenRecord but hard-coded SOLIDSYSLOG_CAT_SECURITYPOLICY_SEAL_FAILED, so an HMAC computation failure during verify was mis-categorised as a write-side seal failure. Thread the failure category in from the caller — SealRecord passes SEAL_FAILED, OpenRecord passes OPEN_FAILED — in both the OpenSSL and Mbed TLS policies. Driven by a new OpenRecordReportsHmacFailureAsOpenFailed test in each (the open-path HMAC failure was previously untested). Flagged by CodeRabbit. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
@coderabbitai — dispositions for the three "outside diff range" teardown findings ( These are pre-existing patterns — present before this PR (verified against the merge base); this PR only added a category-assertion line in the same test bodies. The tests pass: the Agreed it's latent test hygiene (a test that asserts "exactly one error" technically emits a second during teardown), but it's out of scope for this error-event refactor and not a regression. Leaving as-is here; happy to clean it up in a dedicated test-hygiene pass if wanted. Summary of this review round:
|
|
Recording the teardown pattern for future reviews: ✏️ Learnings added
🧠 Learnings used✅ Action performedComments resolved. Approval is disabled; enable |
☀️ Quality Summary 🚦 build-linux-gcc: 100% successful (✔️ 1418 passed) 🚧 Error MessagesCreated by Quality Monitor v1.14.0 (#f3859fd). More details are shown in the GitHub Checks Result. |
☀️ Quality Summary 🚦 build-linux-gcc: 100% successful (✔️ 1418 passed) Created by Quality Monitor v1.14.0 (#f3859fd). More details are shown in the GitHub Checks Result. |
Purpose
Closes #506. Continues the error-reporting design from #433, which deferred a structured-context payload on
_Error. #433 left the singlecodeaxis overloaded — it meant both which kind of failure (the portable reaction) and the exact spot (dev detail). This story splits that into three orthogonal axes carried by an error-event struct and adds a library-owned, portable category axis organised by role, so a reaction to e.g. a TLS handshake failure works identically across OpenSSL, Mbed TLS, and any integrator backend.Change Description
New boundary:
uint16_tmacros inSolidSyslogErrorCategory.h(universal lifecycle:BAD_CONFIG/BAD_ARGUMENT/POOL_EXHAUSTED/UNKNOWN_DESTROY) plus per-roleSolidSyslog<Role>Categories.hbeside each*Definition.h(errno-domainBASE + n;0xC000+reserved for integrator roles).enum SolidSyslog<Class>Errors, nowint32_t(nativeerrno/X509_V_ERR_*later), kept with a visible cast at the call site.Key decisions (not obvious from the diff):
BASE + n) and dragged D.0092.4/5.7suppressions onto every category header. Macros restoreBASE + n, embed their own(uint16_t)cast (cast-free emit sites), and add zero new MISRA suppressions because every category has a live emit site (a dead category is a cppcheck2.5failure — self-enforcing). The wire type staysuint16_t, never an enum, so integrators supply their own categories.uint16_t), detail is polymorphic (enum today, native code later). Macro-ising detail would have re-opened S12.22: Per-source error dispatch — SolidSyslogErrorSource + typed SolidSyslogErrorCode #433 across 43+43 files.BAD_ARGUMENTadded as a 4th universal category (runtime NULL args, distinct from setup-timeBAD_CONFIG), which absorbed the per-SenderSEND_NULL_BUFFERcategory and let the Sender category header be dropped.AsStringdeliberately unchanged — text decoupling / i18n is the sibling story S12.26.The signature break forces atomicity (cannot stay green split across PRs): 124 emit sites, 4 role category headers, ~44 test files, and the BDD/FreeRtos handlers all land here.
Test Evidence
CHECK_ERROR_EVENT(src, cat, detail)inTestUtils.h;ErrorHandlerFakecaptures the event (_LastCategory/_LastDetail;_LastCoderetired). Every error assertion across ~44 test files now checks the portable category alongside the detail — 3292 → 3406 checks.SolidSyslogErrorTest.cpp; the rest is mechanical refactor under green.gccdebug andfreertos-hostdebug both green (1392 tests, 0 failures, plus the embedded test binaries).cppcheck-misraclean — zero new findings on the category headers; suppressions realigned withscripts/misra_renumber.py.clang-format --dry-run --Werrorclean across the tree.Areas Affected
Core/Interface/SolidSyslogError.h(event struct, handler typedef,_Errorsignature — pre-1.0 break),Core/Interface/SolidSyslogErrorCategory.h(NEW) + 4 role category headers (NEW),Core/Source/SolidSyslogError.c(event assembly).Core/Source/+Platform/*/Source/; the crypto-policy_Reportwrappers gained acategoryparameter.Bdd/Targets/Common/BddTargetStderrErrorHandler.c,Bdd/Targets/FreeRtos/main.c,Bdd/Targets/FreeRtosLwip/main.c(handler signature).Tests/Support/{TestUtils.h, ErrorHandlerFake.*}.CLAUDE.mdpublic-headers table,DEVLOG.md,misra_suppressions.txt.🤖 Generated with Claude Code
Summary by CodeRabbit
Release Notes