Implement is valid methods

[allenh1]

Working on #81 .

This PR adds the rcl_x_is_valid calls for:

• publishers
• subscriptions
• services
• clients

Connect to #81

[allenh1]

Currently, there is a small regression I don't know how to fix.

Error in destruction of intra process rcl publisher handle: publisher implementation is invalid, at /home/allenh1/ros2_ws/src/rcl/rcl/src/rcl/publisher.c:161

This happens if you send a publisher (and, oddly, a subscriber) a SIGINT.

[wjwwood]

I think this might be related to this: #100

Basically one of the things we check is whether or not rcl_shutdown() has been called, and if so return an error code saying it is invalid. We may need to relax that check for "getters".

[allenh1]

That definitely makes sense. Perhaps we could just catch SIGINT and forward it to a proper shutdown function. I'll experiment with that later today.

[wjwwood]

SIGINT is already being caught, it's one of the responsibilities of the language specific client libraries, e.g. rclcpp or rclpy. Here is rclcpp's version of this that is done in rclcpp::init:

https://github.com/ros2/rclcpp/blob/master/rclcpp/src/rclcpp/utilities.cpp#L111-L123

[allenh1]

That looks really good to me.

But, other than the regression, do these changes make sense to you? Did I miss any checks?

I tried to conform with the macro calls used in each function's checking.

[wjwwood]

Also, missing from this list is client (the counterpart to service).

The other thing that these functions do not check, which I think should be included in validity checks, is whether or not rcl_shutdown has been called since they were created. For the setters and getters this maybe too strict to check, again see #100, but for some functions like rcl_publish it might be a reason to abort the function. See:

• https://github.com/ros2/rcl/blob/master/rcl/include/rcl/rcl.h#L127
• https://github.com/ros2/rcl/blob/master/rcl/include/rcl/rcl.h#L170
• https://github.com/ros2/rcl/blob/master/rcl/src/rcl/node.c#L190

Checking that might require that the instance id is retrieved while creating the entity (publisher or subscription or whatever) and storing it to be checked later in certain functions.

[wjwwood]

We always use {} to enclose if like statements. You'll want to run our linters over this code to catch any other issues like this. You can either run the tests or you can just run the linters directly:

$ ament_uncrustify /path/to/ws/src/ros2/rcl
$ ament_cpplint /path/to/ws/src/ros2/rcl

Uncrustify can also automatically fix the style with the --reformat option.

[allenh1]

Got it -- I'll use the linter before I push in the future.

[wjwwood]

Indentation is off here.

[allenh1]

Fixed

[wjwwood]

return should be on its own line.

[allenh1]

Fixed

[wjwwood]

Please wrap all or none of the arguments. I'm not sure if the linter will automatically correct this. This is what I would do:

RCL_CHECK_FOR_NULL_WITH_MSG(
  publisher->impl, "publisher implementation is invalid", return NULL);

Or this:

RCL_CHECK_FOR_NULL_WITH_MSG(
  publisher->impl,
  "publisher implementation is invalid",
  return NULL);

[wjwwood]

This applies here and everywhere else that you made a change.

[wjwwood]

Unfortunately, I don't know if we can use the rcl_publisher_is_valid function you created here. The check has become stricter, before this it checked publisher and publisher->impl for NULL, but with this change it also checks that publisher->impl->rmw_handle is not NULL. That might be ok, but we recently ran into an issue which might indicate that this is too strict to simply access the data in the structure. See: #100

The new function makes sense in rcl_publish and rcl_publisher_fini, but for the "getters" (like this function and others) it might be too strict (again see #100).

[allenh1]

Ok -- I just removed the extra check. Now it just checks that publisher->impl is not NULL. I also changed it to return false instead of NULL, because I'm not sure why I had it as NULL instead of false.

[wjwwood]

What is this one checking? That the string isn't empty, i.e. the first character is not \0?

[wjwwood]

Also, why check the service name here, but not check the topic name in publisher and subscription? I'm not sure you need to check it anywhere. I don't see any way that it could end up invalid.

[allenh1]

Ok - I'll remove those checks.

[allenh1]

Sorry for disappearing for a little there (first week back at school). When I ran uncrustify, I got the following:

allenh1@host-147-10 ~/ros2_ws $ ament_uncrustify src/rcl/
Traceback (most recent call last):
  File "/home/allenh1/ros2_ws/install/bin/ament_uncrustify", line 6, in <module>
    from pkg_resources import load_entry_point
  File "<frozen importlib._bootstrap>", line 969, in _find_and_load
  File "<frozen importlib._bootstrap>", line 958, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 664, in _load_unlocked
  File "<frozen importlib._bootstrap>", line 634, in _load_backward_compatible
  File "/usr/lib64/python3.5/site-packages/setuptools-32.2.0-py3.5.egg/pkg_resources/__init__.py", line 3019, in <module>
  File "/usr/lib64/python3.5/site-packages/setuptools-32.2.0-py3.5.egg/pkg_resources/__init__.py", line 3003, in _call_aside
  File "/usr/lib64/python3.5/site-packages/setuptools-32.2.0-py3.5.egg/pkg_resources/__init__.py", line 3032, in _initialize_master_working_set
  File "/usr/lib64/python3.5/site-packages/setuptools-32.2.0-py3.5.egg/pkg_resources/__init__.py", line 655, in _build_master
  File "/usr/lib64/python3.5/site-packages/setuptools-32.2.0-py3.5.egg/pkg_resources/__init__.py", line 963, in require
  File "/usr/lib64/python3.5/site-packages/setuptools-32.2.0-py3.5.egg/pkg_resources/__init__.py", line 849, in resolve
pkg_resources.DistributionNotFound: The 'ament-uncrustify' distribution was not found and is required by the application

I assume this is going to be Gentoo specific. If you'd like, I'll see if I can't find a patch for this.

---

Update: same for the ament_cpplint

[allenh1]

@wjwwood Resolved conflicts. Am I missing anything else with this?

[wjwwood]

@allenh1 not sure, I'll catch up on it as soon as I can now that you've had a fresh look at it.

One thing I can see is that there is not documentation on some of the new functions and the ones that have them just have a brief. If you don't have time to improve the docs I'll do it, but if you're looking for something to do I recommend taking some inspiration from the docs of the other functions and consider cases like what if NULL passed and in what cases is each of those considered invalid. I believe it would be best if at least those two categories of things were covered if not more.

[allenh1]

ok -- will do.

I'm getting ready to head out of town, so I might be a little lazy about it, but I'll definitely bother you about it at some point next week!

[allenh1]

@wjwwood Just got around to doing the documentation here. I also moved a check I saw in rcl_subscription_get_topic_name to the rcl_subscription_is_valid function (checks that the option pointer is not NULL).

[wjwwood]

Isn't this an infinite loop? rcl_subscription_get_options calls this function.

[allenh1]

Uh -- wups. Let me just undo that then.

[wjwwood]

You could split rcl_subscription_get_options up like this:

return_type
_subscription_get_options(params...) {
  // just return the options, no checks
  return options
}

return_type
rcl_subscription_get_options(params....) {
   // do checks, like call is_valid
   return _subscription_get_options(params...);
}

Then you could use the internal _subscription_get_options function in is_valid.

Or since it is so simple you could just duplicate the logic to extract the options in both places.

[wjwwood]

Looks like client is still missing, from my review above:

Also, missing from this list is client (the counterpart to service).

Thanks for working on it 😄!

[allenh1]

@wjwwood I pushed the fix for the rcl_subscription_get_options function if you wanna look at it. Tested it and it works (as far as I can tell).

Next on my list is the client checks. After that, we should be good right?

[wjwwood]

Tested it and it works (as far as I can tell).

Have you run all of the tests (even for downstream packages)? If not I can show you how or we can start a CI job to test it for you.

Next on my list is the client checks. After that, we should be good right?

When you've got that, I'll do another code review, and we'll run CI. If both of those don't turn anything up, then yeah I think this should be done.

[wjwwood]

I started some CI for you:

• Linux
• Linux-aarch64
• macOS
• Windows

[allenh1]

• Linux
• Linux-aarch64
• macOS
• Windows

[mikaelarguedas]

@allenh1 If you select the arrow and select "rebase and merge" you will see that this conflicts

Edit: arg edited my comment rather than posting a new one 😖 . Ok I see that you pushed a branch of the same name on this repo but did not update the branch from where this PR is made. That's why this one still conflicts. I guess you can just force push on your fork to update this PR

[allenh1]

@mikaelarguedas I already did so, and it was definitely not a good time.

---

I did, however, forget which remote I was working on. Let me force push the changes to the other one.

---

@mikaelarguedas I too edited my comment XD

[wjwwood]

There are a few things that remain to be addressed. Also since I've seen a few tricky cases which aren't being covered (like accessing something that might be NULL), please add tests for these functions which test each of the cases so we can ensure they're correct and not just rely on review.

[wjwwood]

Needs docs still.

[wjwwood]

This will fail if subscription is NULL.

[allenh1]

This is very true. Thank you.

[allenh1]

@wjwwood Got it -- will do.

[wjwwood]

I did another pass on this. I found a few more things/questions to address.

I'd say we should address these new comments before running CI again.

Sorry it took so long for me to review it again... Still digging out of emails.

[wjwwood]

Does this need to be in the header? It would be better to put it in the .c file if possible. It shouldn't be part of the public API if possible (even if it has the leading _).

[wjwwood]

Same applies to the similar functions in all the other headers of this pr.

[wjwwood]

Also, there is some inconsistency in that this kind of function is in client, pub, and sub, but not service. Which is strange.

[wjwwood]

typo mw -> rmw

[wjwwood]

The list of reasons for client is different (more exhaustive). I don't know if we need the list to be that exhaustive, but it ought to be consistent amongst similar elements.

[allenh1]

Is this sufficient?

/**
 * The bool returned is `false` if the argument `publisher` is invalid.
 * The bool returned is `true` otherwise.
 */

(not leaving out the details beneath, but I didn't retype them here for clarity)

[wjwwood]

That's fine. As long as it is consistently done on each of the entities.

[wjwwood]

Again, here but not every where. Should be removed here or added everywhere else.

[wjwwood]

If options is null, then you shouldn't access it to get the allocator. You should use rcl_get_default_allocator() here and optionally you could use options->allocator in the next null check.

[allenh1]

That's a very good point. Not sure why I thought that would be a good idea.

[wjwwood]

No worries, probably a copy-paste error or something.

[wjwwood]

This doesn't need to be an else if since the previous if returns.

[wjwwood]

Why does this one not check the options of the service like it does for client and pub/sub?

[wjwwood]

Again, you shouldn't use options->allocator if options is null...

[allenh1]

@wjwwood Thanks! I'll get to these shortly.

[wjwwood]

The code changes lgtm now. Thanks for iterating on it.

It would still be good to have some tests for these new "is valid" functions. That way we don't have to rely on my code review alone and so we can make sure the desired behavior doesn't accidentally get changes later.

But go ahead and check the linters locally and then run CI if you want.

[allenh1]

After linting and whatnot, I ran the tests and hit the following:

2: Test command: /usr/bin/python3 "-u" "/home/allenh1/ros2_ws/install/share/ament_cmake_test/cmake/run_test.py" "/home/allenh1/ros2_ws/build/rcl_lifecycle/test_results/rcl_lifecycle/test_multiple_instances.gtest.xml" "--output-file" "/home/allenh1/ros2_ws/build/rcl_lifecycle/ament_cmake_gtest/test_multiple_instances.txt" "--command" "/home/allenh1/ros2_ws/build/rcl_lifecycle/test_multiple_instances" "--gtest_output=xml:/home/allenh1/ros2_ws/build/rcl_lifecycle/test_results/rcl_lifecycle/test_multiple_instances.gtest.xml"
2: Test timeout computed to be: 60
2: -- run_test.py: invoking following command in '/home/allenh1/ros2_ws/src/ros2/rcl/rcl_lifecycle':
2:  - /home/allenh1/ros2_ws/build/rcl_lifecycle/test_multiple_instances --gtest_output=xml:/home/allenh1/ros2_ws/build/rcl_lifecycle/test_results/rcl_lifecycle/test_multiple_instances.gtest.xml
2: Running main() from gtest_main.cc
2: [==========] Running 1 test from 1 test case.
2: [----------] Global test environment set-up.
2: [----------] 1 test from TestMultipleInstances
2: [ RUN      ] TestMultipleInstances.default_sequence_error_unresolved
2: 
2: >>> [rcutils|error_handling.c:148] rcutils_set_error_state()
2: This error state is being overwritten:
2: 
2:   'options argument is null, at /home/allenh1/ros2_ws/src/ros2/rcl/rcl/src/rcl/publisher.c:255'
2: 
2: with this new error message:
2: 
2:   'could not free lifecycle com interface. Leaking memory!
2: , at /home/allenh1/ros2_ws/src/ros2/rcl/rcl_lifecycle/src/rcl_lifecycle.c:104'
2: 
2: rcutils_reset_error() should be called after error handling to avoid this.
2: <<<
2: /home/allenh1/ros2_ws/src/ros2/rcl/rcl_lifecycle/test/test_multiple_instances.cpp:111: Failure
2: Value of: ret
2:   Actual: 1
2: Expected: 0
2: could not free lifecycle com interface. Leaking memory!
2: , at /home/allenh1/ros2_ws/src/ros2/rcl/rcl_lifecycle/src/rcl_lifecycle.c:104
2: 
2: >>> [rcutils|error_handling.c:148] rcutils_set_error_state()
2: This error state is being overwritten:
2: 
2:   'could not free lifecycle com interface. Leaking memory!
2: , at /home/allenh1/ros2_ws/src/ros2/rcl/rcl_lifecycle/src/rcl_lifecycle.c:104'
2: 
2: with this new error message:
2: 
2:   'options argument is null, at /home/allenh1/ros2_ws/src/ros2/rcl/rcl/src/rcl/publisher.c:255'
2: 
2: rcutils_reset_error() should be called after error handling to avoid this.
2: <<<
2: 
2: >>> [rcutils|error_handling.c:148] rcutils_set_error_state()
2: This error state is being overwritten:
2: 
2:   'options argument is null, at /home/allenh1/ros2_ws/src/ros2/rcl/rcl/src/rcl/publisher.c:255'
2: 
2: with this new error message:
2: 
2:   'could not free lifecycle com interface. Leaking memory!
2: , at /home/allenh1/ros2_ws/src/ros2/rcl/rcl_lifecycle/src/rcl_lifecycle.c:104'
2: 
2: rcutils_reset_error() should be called after error handling to avoid this.
2: <<<
2: /home/allenh1/ros2_ws/src/ros2/rcl/rcl_lifecycle/test/test_multiple_instances.cpp:113: Failure
2: Value of: ret
2:   Actual: 1
2: Expected: 0
2: could not free lifecycle com interface. Leaking memory!
2: , at /home/allenh1/ros2_ws/src/ros2/rcl/rcl_lifecycle/src/rcl_lifecycle.c:104
2: 
2: >>> [rcutils|error_handling.c:148] rcutils_set_error_state()
2: This error state is being overwritten:
2: 
2:   'could not free lifecycle com interface. Leaking memory!
2: , at /home/allenh1/ros2_ws/src/ros2/rcl/rcl_lifecycle/src/rcl_lifecycle.c:104'
2: 
2: with this new error message:
2: 
2:   'options argument is null, at /home/allenh1/ros2_ws/src/ros2/rcl/rcl/src/rcl/publisher.c:255'
2: 
2: rcutils_reset_error() should be called after error handling to avoid this.
2: <<<
2: 
2: >>> [rcutils|error_handling.c:148] rcutils_set_error_state()
2: This error state is being overwritten:
2: 
2:   'options argument is null, at /home/allenh1/ros2_ws/src/ros2/rcl/rcl/src/rcl/publisher.c:255'
2: 
2: with this new error message:
2: 
2:   'could not free lifecycle com interface. Leaking memory!
2: , at /home/allenh1/ros2_ws/src/ros2/rcl/rcl_lifecycle/src/rcl_lifecycle.c:104'
2: 
2: rcutils_reset_error() should be called after error handling to avoid this.
2: <<<
2: /home/allenh1/ros2_ws/src/ros2/rcl/rcl_lifecycle/test/test_multiple_instances.cpp:115: Failure
2: Value of: ret
2:   Actual: 1
2: Expected: 0
2: could not free lifecycle com interface. Leaking memory!
2: , at /home/allenh1/ros2_ws/src/ros2/rcl/rcl_lifecycle/src/rcl_lifecycle.c:104
2: [  FAILED  ] TestMultipleInstances.default_sequence_error_unresolved (3 ms)
2: [----------] 1 test from TestMultipleInstances (3 ms total)
2: 
2: [----------] Global test environment tear-down
2: [==========] 1 test from 1 test case ran. (3 ms total)
2: [  PASSED  ] 0 tests.
2: [  FAILED  ] 1 test, listed below:
2: [  FAILED  ] TestMultipleInstances.default_sequence_error_unresolved
2: 
2:  1 FAILED TEST
2: -- run_test.py: return code 1
2: -- run_test.py: verify result file '/home/allenh1/ros2_ws/build/rcl_lifecycle/test_results/rcl_lifecycle/test_multiple_instances.gtest.xml'
2/8 Test #2: test_multiple_instances ..........***Failed    0.08 sec

I take this to mean that the checks I implemented are too aggressive. Should I be checking the options pointer?

[wjwwood]

I take this to mean that the checks I implemented are too aggressive.

Maybe, I'm not sure. It could also be that these tests or the implementation of the lifecycle stuff is making an incorrect assumption. You'll just have to dig into the test failures and see what needs to change.

Should I be checking the options pointer?

I think so, but that's just my impression without looking at it in detail.

[allenh1]

Found it. It was an unnecessary check in the publisher's fini function.

• Linux
• Linux-aarch64
• macOS
• Windows

[allenh1]

(I just changed one of the strings that said "subscription" in the service.c file to say "service" -- don't think this is worth re-triggering CI over)

---

@wjwwood can I merge this after the CI is green?

[dirk-thomas]

RCL_RET_INVALID_ARGUMENT? This function can only return bool.

[allenh1]

Good catch! I believe that would have been the same as return 1, which is very not correct.

[dirk-thomas]

It would be better if the different checks use a different error message. Otherwise the user won't be able to distinguish the error case without additional debugging.

Same for the other *_is_valid functions.

[allenh1]

That's a good point. I'll update other files as well.

[dirk-thomas]

Should the docblocks mention that in case these functions return false an error message is being set?

[allenh1]

I have no idea -- @wjwwood what do you think?

[wjwwood]

We normally don't mention that an error message is set, but in this case I think it makes sense because we're not returning an error code. I think we mention it explicitly in a few other functions where a pointer is returned (an error is set if NULL is returned instead). Can't hurt.

[dirk-thomas]

Will the user need to reset the error message before being able to call the next function "safely"?

[wjwwood]

Well it's always safe to leave the error message, but you do need to do it before calling something else if you don't want the overwriting an error message print. Elsewhere it is implied that a non RCL_RET_OK return code means an error message is set. Here it's not so clear that one would be set by a false return value. So I think it's appropriate.

[allenh1]

Ok. I just added a simple

/**
 * In the case where `false` is to be returned, an
 * error message is set.
 */

Should I re-run the CI?

[dirk-thomas]

Are we expecting users to call these rcl_x_is_valid functions? If no, I think the current state documenting that an error message is being set in the case the functions return false is good.

If yes, I am not sure if that is a convenient API. I can imagine many cases where the caller doesn't care about the specific error message and will either have to write boiler plate code around every call to reset the error message or even forget about it (which will result in the error message being printed when attempted to be overwritten). Maybe in that case the functions should have a flag to optionally not set (or internall reset) the error message.

[allenh1]

My understanding is that these functions are just to clean up the code so that, if a check is added in the future, it only needs to go in one place.

But that may be completely off-base, so I'll defer to @wjwwood.

[wjwwood]

I think the interface is fine as-is. I don't expect people to use these functions often (only client library implementers) and I expect even fewer cases where a return of false doesn't trigger an error case or at least a logging event. Also resetting the error is a single line, so it's not much boiler plate.

Having another option to not set the error seems unnecessarily complicated for the number of times it would be used.

[dirk-thomas]

Sounds good to me than. 👍

[mikaelarguedas]

Nit: missing empty line here

[allenh1]

fixed

[allenh1]

Ok, here's the new CI.

(updated, after linting)

• Linux
• Linux-aarch64
• macOS
• Windows

[wjwwood]

I added an issue to add tests for these functions in the future: #150