fix(0x11): defer ECUReset hook until secured response sent; skip on send failure#85
Merged
Merged
Conversation
…end failure Hardens the send-before-reset ordering (#76) for two cases the merged fix did not cover: - SecuredDataTransmission (0x84) wrapping: a 0x11 inner request only has its 0x51 captured; the response the tester receives is the outer secured frame, sent later by the 0x84 handler. A synchronous fn_reset therefore still rebooted before the tester was answered. Add a deferred-reset latch (ctx->reset_pending / reset_pending_type): the handler runs the reset immediately for an unsecured or suppressed request, but leaves it pending when the response was captured. The 0x84 handler fires it after the outer secured response is sent, and cancels it if securing fails. A captured ROE (0x86) inner dispatch clears the latch so it can never reset. - Transport send failure: if the positive response cannot be handed to the transport, the reset is now skipped so the tester is not left without a confirmation. Document the stronger guarantee on uds_reset_fn. Adds regression tests for the secured-deferral ordering and the send-failure case (both verified red before the fix). 59/59 tests pass; cppcheck + clang-format 18 clean. Refs #76
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Reworks the secured-deferral hardening from the now-superseded #78 onto current
develop(which already has the simpler ordering fix from #82).What #82 left uncovered
The merged #82 sends the
0x51beforefn_resetfor a plain ECUReset, but:uds_send_responseonly captures the inner0x51; the response the tester actually receives is the outer secured frame, sent later by the 0x84 handler. So a synchronousfn_resetstill reboots before the tester is answered.fn_reseteven whenuds_send_responsereturns an error, leaving the tester with no confirmation but a rebooted ECU.Fix
ctx->reset_pending/reset_pending_type): the handler runs the reset immediately for an unsecured or suppressed request, but leaves it pending when the response was captured.uds_reset_fndoc updated; the remaining honest caveat (fn_tp_send = "queued" not "drained") is documented.Tests
test_ecu_reset_secured_defers_until_outer_response— drives a real 0x84-wrapped ECUReset, asserts exactly one real TX (the outer frame) and the reset sequenced strictly after it.test_ecu_reset_no_reset_when_send_fails— failing transport →fn_resetnot called.Both verified red before the fix. Full suite 59/59; cppcheck + clang-format 18 clean.
Supersedes #78.