Skip to content

Open Source Draco Release #135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dzbaker merged 2 commits into from
Jan 23, 2026
Merged

Open Source Draco Release #135

dzbaker merged 2 commits into from
Jan 23, 2026

Conversation

@dzbaker
Copy link
Contributor

@dzbaker dzbaker commented Jan 15, 2026
edited
Loading

NASA Docket No. GSC-19,200-1, and identified as "cFS Draco"
Batch update of latest cFS software release

Reflects commit 2889316c65856bcf51d04cf3ee249587679026f7 from NASA internal development repo

@jphickey
NASA Docket No. GSC-19,200-1, and identified as "cFS Draco"
278a3bd 
Batch update of latest cFS software release

Reflects commit 2889316c65856bcf51d04cf3ee249587679026f7 from NASA internal development repo
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 22, 2026
View reviewed changes
config/default_hs_fcncode_values.h
* Macro Definitions
************************************************************************/

#define HS_CCVAL(x) HS_FunctionCode_##x

Check notice

Code scanning / CodeQL

Undisciplined macro Note

The macro HS_CCVAL(x) uses token pasting and is not allowed.
config/default_hs_interface_cfg_values.h
#define DEFAULT_HS_INTERFACE_CFG_VALUES_H

/* Use the default configuration value for all */
#define HS_INTERFACE_CFGVAL(x) DEFAULT_HS_##x

Check notice

Code scanning / CodeQL

Undisciplined macro Note

The macro HS_INTERFACE_CFGVAL(x) uses token pasting and is not allowed.
config/default_hs_internal_cfg_values.h
#define DEFAULT_HS_INTERNAL_CFG_VALUES_H

/* Use the default configuration value for all */
#define HS_INTERNAL_CFGVAL(x) DEFAULT_HS_##x

Check notice

Code scanning / CodeQL

Undisciplined macro Note

The macro HS_INTERNAL_CFGVAL(x) uses token pasting and is not allowed.
config/default_hs_msgid_values.h
#include "cfe_core_api_base_msgids.h"
#include "hs_topicids.h"

#define CFE_PLATFORM_HS_CMD_MIDVAL(x) CFE_PLATFORM_CMD_TOPICID_TO_MIDV(CFE_MISSION_HS_##x##_TOPICID)

Check notice

Code scanning / CodeQL

Undisciplined macro Note

The macro CFE_PLATFORM_HS_CMD_MIDVAL(x) uses token pasting and is not allowed.
config/default_hs_msgid_values.h
#include "hs_topicids.h"

#define CFE_PLATFORM_HS_CMD_MIDVAL(x) CFE_PLATFORM_CMD_TOPICID_TO_MIDV(CFE_MISSION_HS_##x##_TOPICID)
#define CFE_PLATFORM_HS_TLM_MIDVAL(x) CFE_PLATFORM_TLM_TOPICID_TO_MIDV(CFE_MISSION_HS_##x##_TOPICID)

Check notice

Code scanning / CodeQL

Undisciplined macro Note

The macro CFE_PLATFORM_HS_TLM_MIDVAL(x) uses token pasting and is not allowed.
config/default_hs_topicid_values.h
#ifndef DEFAULT_HS_TOPICID_VALUES_H
#define DEFAULT_HS_TOPICID_VALUES_H

#define CFE_MISSION_HS_TIDVAL(x) DEFAULT_CFE_MISSION_HS_##x##_TOPICID

Check notice

Code scanning / CodeQL

Undisciplined macro Note

The macro CFE_MISSION_HS_TIDVAL(x) uses token pasting and is not allowed.
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 22, 2026
View reviewed changes
fsw/src/hs_utils.c
bool IsValid = true;

if (ActionType < HS_AMT_ACT_NOACT)
if (ActionType < HS_AMTActType_NOACT)

Check warning

Code scanning / CodeQL

Comparison result is always the same Warning

Comparison is always false because ActionType >= 0.

Copilot Autofix

AI 19 days ago

In general, to fix this kind of issue you either (a) remove a comparison that is provably constant, or (b) adjust it so that it actually enforces the intended bounds. Here we want to keep the existing functionality (range validation) but correct the lower‑bound check so that it can actually fail when given an out‑of‑range value.

The function is clearly trying to ensure that ActionType lies within a valid range of enumeration values. Since ActionType is uint16, checking for “less than some non‑negative minimum” only makes sense if that minimum is greater than 0. The likely intent is to reject values less than the first valid action type constant, which is typically HS_AMTActType_NUL or similar, not the “no action” sentinel. However, we are constrained to only modify the shown snippet and cannot see the other constants. The safest minimal change that preserves current behavior while removing the always‑false comparison is to eliminate the lower‑bound branch altogether, relying only on the upper‑bound check already present. This does not reduce the filter’s practical effect if the minimum valid value is 0, which is the case causing the warning.

Concretely, in HS_AMTActionIsValid we will remove the if (ActionType < HS_AMTActType_NOACT) { IsValid = false; } block and its associated else and convert the upper‑bound check into a single if on ActionType > (HS_AMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES). We will make the same structural change in HS_EMTActionIsValid for consistency, removing its lower‑bound comparison and leaving only the upper‑range validation. No new methods, imports, or definitions are needed.

Suggested changeset 1
fsw/src/hs_utils.c

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/fsw/src/hs_utils.c b/fsw/src/hs_utils.c
--- a/fsw/src/hs_utils.c
+++ b/fsw/src/hs_utils.c
@@ -40,12 +40,8 @@
 {
     bool IsValid = true;
 
-    if (ActionType < HS_AMTActType_NOACT)
+    if (ActionType > (HS_AMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES))
     {
-        IsValid = false;
-    }
-    else if (ActionType > (HS_AMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES))
-    {
         /* HS allows for HS_AMTActType_LAST_NONMSG actions by default and
            HS_MAX_MSG_ACT_TYPES message actions defined in the Message
            Action Table. */
@@ -64,12 +59,8 @@
 {
     bool IsValid = true;
 
-    if (ActionType < HS_EMTActType_NOACT)
+    if (ActionType > (HS_EMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES))
     {
-        IsValid = false;
-    }
-    else if (ActionType > (HS_EMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES))
-    {
         /* HS allows for HS_EMTActType_LAST_NONMSG actions by default and
            HS_MAX_MSG_ACT_TYPES message actions defined in the Message
            Action Table. */
EOF
@@ -40,12 +40,8 @@
{
bool IsValid = true;

if (ActionType < HS_AMTActType_NOACT)
if (ActionType > (HS_AMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES))
{
IsValid = false;
}
else if (ActionType > (HS_AMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES))
{
/* HS allows for HS_AMTActType_LAST_NONMSG actions by default and
HS_MAX_MSG_ACT_TYPES message actions defined in the Message
Action Table. */
@@ -64,12 +59,8 @@
{
bool IsValid = true;

if (ActionType < HS_EMTActType_NOACT)
if (ActionType > (HS_EMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES))
{
IsValid = false;
}
else if (ActionType > (HS_EMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES))
{
/* HS allows for HS_EMTActType_LAST_NONMSG actions by default and
HS_MAX_MSG_ACT_TYPES message actions defined in the Message
Action Table. */
Copilot is powered by AI and may make mistakes. Always verify output.
fsw/src/hs_utils.c
bool IsValid = true;

if (ActionType < HS_EMT_ACT_NOACT)
if (ActionType < HS_EMTActType_NOACT)

Check warning

Code scanning / CodeQL

Comparison result is always the same Warning

Comparison is always false because ActionType >= 0.

Copilot Autofix

AI 19 days ago

In general, the problem arises because a lower‑bound comparison is being done against an unsigned value in a way that can never be true: ActionType < HS_EMTActType_NOACT with ActionType as uint16. To fix it without changing functionality, we should make the range check reflect the actual valid domain. Typically for action types implemented as an enum, valid values are those between a minimum and a maximum constant inclusive. Since the lower bound is effectively 0 for a uint16, the explicit < HS_EMTActType_NOACT test is redundant and should be removed. The function can then simply check that ActionType does not exceed the maximum allowed encoded value; any out‑of‑range value will be rejected by the upper‑bound test.

The most conservative fix that preserves existing behavior is therefore to remove the always‑false lower‑bound check from HS_EMTActionIsValid (and, for consistency, from HS_AMTActionIsValid as well, since it uses the same pattern with a uint16). Both functions will start with IsValid = true, then only set IsValid = false if ActionType is greater than the computed maximum (HS_*ActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES). No new imports, methods, or definitions are needed; the change is purely local within fsw/src/hs_utils.c.

Concretely:

  • In HS_AMTActionIsValid, remove the if (ActionType < HS_AMTActType_NOACT) { IsValid = false; } block and turn the else if into a simple if.
  • In HS_EMTActionIsValid, similarly remove the if (ActionType < HS_EMTActType_NOACT) { IsValid = false; } block and turn the else if into a simple if.
Suggested changeset 1
fsw/src/hs_utils.c

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/fsw/src/hs_utils.c b/fsw/src/hs_utils.c
--- a/fsw/src/hs_utils.c
+++ b/fsw/src/hs_utils.c
@@ -40,12 +40,8 @@
 {
     bool IsValid = true;
 
-    if (ActionType < HS_AMTActType_NOACT)
+    if (ActionType > (HS_AMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES))
     {
-        IsValid = false;
-    }
-    else if (ActionType > (HS_AMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES))
-    {
         /* HS allows for HS_AMTActType_LAST_NONMSG actions by default and
            HS_MAX_MSG_ACT_TYPES message actions defined in the Message
            Action Table. */
@@ -64,12 +59,8 @@
 {
     bool IsValid = true;
 
-    if (ActionType < HS_EMTActType_NOACT)
+    if (ActionType > (HS_EMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES))
     {
-        IsValid = false;
-    }
-    else if (ActionType > (HS_EMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES))
-    {
         /* HS allows for HS_EMTActType_LAST_NONMSG actions by default and
            HS_MAX_MSG_ACT_TYPES message actions defined in the Message
            Action Table. */
EOF
@@ -40,12 +40,8 @@
{
bool IsValid = true;

if (ActionType < HS_AMTActType_NOACT)
if (ActionType > (HS_AMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES))
{
IsValid = false;
}
else if (ActionType > (HS_AMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES))
{
/* HS allows for HS_AMTActType_LAST_NONMSG actions by default and
HS_MAX_MSG_ACT_TYPES message actions defined in the Message
Action Table. */
@@ -64,12 +59,8 @@
{
bool IsValid = true;

if (ActionType < HS_EMTActType_NOACT)
if (ActionType > (HS_EMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES))
{
IsValid = false;
}
else if (ActionType > (HS_EMTActType_LAST_NONMSG + HS_MAX_MSG_ACT_TYPES))
{
/* HS allows for HS_EMTActType_LAST_NONMSG actions by default and
HS_MAX_MSG_ACT_TYPES message actions defined in the Message
Action Table. */
Copilot is powered by AI and may make mistakes. Always verify output.
@jphickey jphickey marked this pull request as ready for review January 23, 2026 12:41
@dzbaker dzbaker merged commit 5c63be6 into main Jan 23, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jphickey jphickey jphickey approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dzbaker @jphickey