CID 369560 Missing unlock, in dft_fftw.c
CID 363710 Logically dead code, in resampler.c
CID 55097 Result is not floating point, in chest_test_dl.c
CID 351020 Result is not floating point, in chest_nbiot_test_dl.c
Fix several Coverity issues
This commit adrresses the following code issues found by Coverity:
CID 339785 Division by zero, in fading_channel_test.c
CID 355272 Division by zero, in awgn_channel_test.c
CID 355277 NULL ptr dereference, in awgn_channel_test.c
CID 359663 NULL ptr dereference, in delay_channel_test.c
CID 369544 NULL ptr dereference, in chest_dl_nbiot.c
CID 373326 Resource Leak, in dft_fftw.c
CID 373329 Resource Leak, in dft_fftw.c
CID 372878 Division by zero, in sliv_test.c
CID 372871 Division by zero, in dmrs_pdcch.c
CID 370622 Negative loop bound, in csr_rs.c
CID 370624 Negative loop bound, in csr_rs.c
CID 370626 Negative loop bound, in csr_rs.c
CID's 369568, 369594 NULL ptr dereference, in ch_awgn.c
CID 369540 Logically dead code, in refsignal_dl.c
CID 369608 Logically dead code, in refsignal_ul.c
CIDs 366291, 366296, 366297 Out-of-bounds access, in zc_sequence.c
CID 372209 Division by zero, in cqi.c
CID 370992 Uninitialized pointer read, in pdcch_test.c
CID 373334 Integer overflow, in ue_sync.h
CID 370993, 370995 Undefined division, in pdcch_test.c
CID 370994 Undefined division, in ssb_decode_test.c
CIDs 353368 353364 353365 359673 353366 353367
Explicit null dereferenced, in psss_file_test.c
CID 371865 Unchecked return value, in rf_uhd_imp.cc
CID 363810 Undefined division, in ldpc_rm_chain_test.c
CID 372209, 372211, 372213, 372216 Undefined modulo, in cqi.c
CID 339834 Array compared against 0, in chest_dl.c
CID 369589 Out of bounds access, in dmrs_pucch.c
CID 371681 Out of bounds access, in ue_sync_nr_test.c
CIDs 370761, 370825 Copy-paste error, in ssb.c
CID 369599 out of bounds read, in dmrs_pdcch_test.c
CID 363795 out of bounds read, in ldpc_dec_c_avx2_flood.c
CID 363805 out of bounds read, in ldpc_dec_c_avx2long_flood.c
CID 363821 out of bounds read, in ldpc_dec_c_flood.c
until the correct gain settings are documented and potential
mis-configuration are handled. It seems that the default
Tx/rx gains values are not working with this function.
* Make filename const in filesink
* Sine generation returns the next phase
* Avoid malloc/free in radio class
* Implement Tx gain in ZMQ
* Initial ratio RT gain test
* UHD: use timed Tx gain commands to align changes to subframes
* Minor improvement in test_radio_rt_gain
* Fix compilation
* Check RF gain thread id before joining
* Remove redundant zero initialization.
Co-authored-by: Fabian Eckermann <fabian@srs.io>
* Fix a race condition when accessing the NR PHY cfg by the RRC and phy workers.
Rework how the phy cfg is handled, now workers have their own copy that gets updated after a reconfig moving it out of the state class.
* Default initialize sf_len member in sf_worker for consistency.
* Asynchronous NR PHY configuration
* Fix compilation
* Corrected method override and fix unitialised value
* Added carrier equal comparison to avoid aligment byte padding comparison
Co-authored-by: faluco <borja.ferrer@softwareradiosystems.com>
This was done to avoid integrity issues, when the UE's RRC erroneously sent
measurement reports while the re-establishment was already in progress.
As errously sending PDCP PDUs on DRBs can cause issues as well, this was
disabled too.
Move emergency handlers header file into the support folder.
Refactored signal handling:
- Remove the dependency with the running static variable in the header file.
- Move implementations down to cc files.
- Allow specifying a new signal handler that will be used to stop the applications.
- Move signal handling files to support.
this is to avoid invalid configs that later on cause segfaults, etc.
e.g.:
0 0x7f397adf64a3 (/lib/x86_64-linux-gnu/libc.so.6+0xbb4a3)
1 0x7f397cc8c6ce (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x796ce)
2 0x55b921d61707 in srsran_vec_cf_copy /mnt/data/jenkins/workspace/srslte_ogt_trial_builder_x86-ubuntu1804-asan/srsLTE/lib/src/phy/utils/vector.c:226
3 0x55b921d3b1d4 in ssb_demodulate /mnt/data/jenkins/workspace/srslte_ogt_trial_builder_x86-ubuntu1804-asan/srsLTE/lib/src/phy/sync/ssb.c:632
4 0x55b921d3d8ce in srsran_ssb_csi_measure /mnt/data/jenkins/workspace/srslte_ogt_trial_builder_x86-ubuntu1804-asan/srsLTE/lib/src/phy/sync/ssb.c:905
5 0x55b9215dc20f in srsue::nr::cc_worker::measure_csi() /mnt/data/jenkins/workspace/srslte_ogt_trial_builder_x86-ubuntu1804-asan/srsLTE/srsue/src/phy/nr/cc_worker.cc:373
6 0x55b9215dd216 in srsue::nr::cc_worker::work_dl() /mnt/data/jenkins/workspace/srslte_ogt_trial_builder_x86-ubuntu1804-asan/srsLTE/srsue/src/phy/nr/cc_worker.cc:483
7 0x55b9215f9c69 in srsue::nr::sf_worker::work_imp() /mnt/data/jenkins/workspace/srslte_ogt_trial_builder_x86-ubuntu1804-asan/srsLTE/srsue/src/phy/nr/sf_worker.cc:78
8 0x55b921c47cc6 in srsran::thread_pool::worker::run_thread() /mnt/data/jenkins/workspace/srslte_ogt_trial_builder_x86-ubuntu1804-asan/srsLTE/lib/src/common/thread_pool.cc:48
9 0x55b92152ea0b in srsran:🧵:thread_function_entry(void*) /mnt/data/jenkins/workspace/srslte_ogt_trial_builder_x86-ubuntu1804-asan/srsLTE/lib/include/srsran/common/threads.h:103
10 0x7f397c9fb6da in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
11 0x7f397ae5c71e in __clone (/lib/x86_64-linux-gnu/libc.so.6+0x12171e)
under some circumstances it could happen that the RLC is configured
when SDUs are already being written to the queue. The resize
operation of the underlying container would fail in this case.
Make sure to empty the queue before doing the resize.
* Improve reliability of timestamp to tti conversion
Difftime is not reliable as it might use 32 bit calculation, depending on the system. This leads to wrong frame numbers and subframe indices.
I encountered this Issue when testing the pssch_ue exampel on my system and the conversion from timestamp to frame number and sf idx was wrong.
* Improve GNSS Sync
Added loop to check for GNSS alignment while syncing.
If the received GNSS signal is weak, synchronization errors might occur while syncing.
we've had a few runs in the CI where opening the specified RF device
failed but the eNB/UE still continued to run, just picking the next available
run. This led to false-positive tests.
The policy should be that whenever the user specified a RF device to
be openend, and this device fails, the whole process should fail and
the application should exit.
The auto-detection mode is still available but only if no device name
is specified at all.
this patch fixes a bug discovered in a real network where the DL CQI of a
user degraded repidly in very short time. A relativly big RLC PDU that
was still sent with the good CQI in a big grant now needs to be split
across many tiny segments because the CQI degraded so much.
The retx couting for each transmitted segment caused the retx counter to
reach maxRetx quickly.
With this patch we do not increment the retx counter for each transmitted
PDU or segment of a PDU but instead only increment the counter when
a given SN is added to the retx queue. This can happen either:
a) if the SN is negativly acknowledged and was not already on the retx queue,
b) no new data is available for tx and a SN is selected for retx.
This is in accordance with TS 36.322 which handles retx counting in section
5.2.1 according to the above description.
With soapy 0.8.0, GCC 11.1.0 warns of mismatched array bounds
in some functions.
This commit aligns the bound and adds proper wrappers to
fix subsequent warnings.
the code hasn't been maintained for a while an likely needs to be
adapted for a real-world scenarios.
in order to avoid having to maintain two MAC/PHY interfaces we
remove the code from now.
move implementation to cc file to avoid
[build] /bin/ld: CMakeFiles/rrc_nr_asn1_test.dir/rrc_nr_test.cc.o: in function `asn1::rrc_nr::setup_release_c<asn1::rrc_nr::pdcch_serving_cell_cfg_s>::set_setup()':
[build] /home/anpu/src/srsLTE/lib/include/srsran/asn1/rrc_nr.h:2276: undefined reference to `asn1::rrc_nr::setup_release_c<asn1::rrc_nr::pdcch_serving_cell_cfg_s>::set(asn1::rrc_nr::setup_release_c<asn1::rrc_nr::pdcch_serving_cell_cfg_s>::types_opts::options)'
[build] clang: error: linker command failed with exit code 1 (use -v to see invocation)
the do_status is queried from the Tx code frequently. To reduce
chances to delay the execution because the RLC Rx side is currently
holding the mutex we can use an atomic.
the patch uses try-lock whenever a status PDU is tried
to be built. This makes sure that when the lock is currently
hold (e.g. by a thread processing rx PDUs) the generation
of the status PDUs is not taking too long and blocking the calling
thread. Instead the status PDU generation is deferred to the next
Tx opportunity.
It's a probabilistic approach that assumes that at some stage the
lock can in fact be acquired.
on highly loaded systems it can happen that the get_metrics() is called
twice within a few houndred milliseconds. Logging a warning in this
case isn't needed, so reduce to info.
on the other hand, 100ms might be to convervative. Patch also
lowers the smallest interval to 10ms
* Protect PHY SR signal management in a class
* Protect intra_freq_meas vector
* Protect cell and srate shared variables in thread-safe classes
* srsue,srsenb: include TSAN options header
* Protect ue_rnti_t and rnti scheduling windows behind thread-safe classes
* Protect access to state variable in sync_state
* Protect access to metrics configuration
* Protect access to is_pending_sr
* Protect access to UE prach worker
* Protect UE mux
* Avoid unlocking mutex twice
* Fix data races in RF/ZMQ
* Fix data races in intra_measure and PHY
* Fix minor data races in MAC
* Make TSAN default behaviour to not halt on error
* Fix blocking in intra cell measurement
* Address comments
Co-authored-by: Andre Puschmann <andre@softwareradiosystems.com>
Introduce a new macro to catch UHD exceptions and log them directly instead of storing an error string, similar to what errno does.
Remove usrp logging helpers that depend on the now removed member since all calls potentially log the error directly.
RFCI has detected this assert failing in the log_backend_test. I have not been able to reproduce this locally but my theory is the following one:
one of the unit tests does the following:
backend.start();
backend.stop();
the internal running_flag member could be set to true and then to false by the main thread before the worker thread calls do_work(). If this happens
the assert will be triggered, which is wrong and too conservative, so remove the assert.
this is a rather large commit that is hard to split because
it touches quite a few components.
It's a preparation patch for adding NR split bearers in the next
step.
We realized that managing RLC and PDCP bearers for both NR and LTE
in the same entity doesn't work. This is because we use the LCID
as a key for all accesses. With NR dual connectivity however we
can have the same LCID active at the same time for both LTE and NR
carriers.
The patch solves that by creating a dedicated NR instance for RLC/PDCP
in the stack. But then the question arises for UL traffic on, e.g. LCID 4
what PDCP instance the GW should use for pushing SDUs. It doesnt' know
that. And in fact it doesn't need to. It just needs to know EPS
bearer IDs. So the next change was to remove the knowledge of what
LCIDs are from the GW. Make is agnostic and only work on EPS bearer IDs.
The handling and mapping between EPS bearer IDs and LCIDs for LTE
or NR (mainly PDCP for pushing data) is done in the Stack because
it has access to both.
The NAS also has a EPS bearer map but only knows about default and
dedicated bearers. It doesn't know on which logical channels they
are transmitted.
this patch mainly modernizes the bearer creation to use smart pointers.
that allows to simplify the error handling.
ue_stack is changed to match new interface. This commit compiles
but doesn't work.
when a lost PDU is detected a warning will be logged. In theory
this could be info as well but a warning may help to detect issues
in tests. The same event causes multiple other warnings to be logged,
which is very spammy. The patch reduces the log level for
those messages to info.
the patch is a re-implementation of the customer-specific optimization
we did in order to reduce the time the RLC holds the Tx mutex when
processing an incoming status PDU.
The patch makes sure to never operate on a raw mutex but instead
uses the deadlock-avoiding RAII lock.
before processing incoming status PDUs we should be checking
if the ACK_SN falls within our current Tx window. If not the PDU
will be dropped.
Without the check we were incorrectly processing the status PDU
and because the sequence number wrap around wasn't working
correctly if ACK_SN is smaller than vt_a we were corrupting
our Tx window.
the test verifies that the ACK_SN of a status PDU falls inside the
rx_window of the receiver. If not, than the RLC state has been
corrupted and the status PDU is likely invalid.
we had it returning int but had a bug in using the return value properly,
i.e. handling when -1 was returned in RLC TM.
Thinking about it more, it doesn't make sense to have a negative return
value here anyway. Either the RLC can return a PDU or not. If it can't the
returned lenght is zero.
when a small grant is provided it might not be possible to fit a full status
PDU. This is currently detected while packing the PDU.
In order to avoid sending potentiall contradicting status info to the sending
entity, the fix makes sure to only transmit a small PDU acking what really
has been received so far.
This might not be optimal in terms for retx but will not corrupt any
state.
it turned out that a certain order of events can lead to
a RLC transmitter stalling because even though unacknowledged PDUs
are queued, none of them was actually considered for retx.
This can happen if a pollRetxTimer expires for a SN that, meanwhile,
has already been acknowledged. The positive lead to the deletion of
the SN from the Tx window.
The fix makes sure that when a retx for a unexisting SN is requested,
the sender will consider the next unacknowledged SN instead.
TSAN doesn't work well then threads are created with attributes
thar require root rights but the process is run as normal user.
this patch avoid the thread attributes in this case. TSAN isn't going
to be used for production builds.
although the manual test with Amarisoft eNB worked fine it seems
the delay is still needed in the default case. Over 50% of the
tests failed in the nightly with:
[zmq] Error: tx time is 0.067 ms in the past (138240 < 139776)
[zmq] Error: tx time is 1.100 ms in the past (184320 < 209664)
While this usleep() should increase the pass likelihood it
still doesn't guarantee error-free runs, so we might need
to revisit it again as some stage.
the thread workers need access to their current state to exit properly
when they are set to state STOP. However, since the state is kept in
a std::vector for all workers, it seems more appropiate to add a per-thread
running variable rather then mutexing the entire vector.
it seems that different SNs should be retransmitted depending
on the actual situation. In case of pollRetx timer expiration,
vt_s - 1 should actually be resent.
This patch prepares the function to accept different SNs but
leaves it to send vt_a by default. The RLC AM test would need
to changed as well to not fail.
- Replace shared_variable members in log_channel class in favor of atomics.
- Remove the small string optimization in srslog now that we dont allocate anymore.
- Trim some critical sections in srslog.
also make sure we don't assign LCIDs beyond the possible
number.
possible fix for https://github.com/srsran/srsRAN/issues/658
Co-authored-by: herlesupreeth <herlesupreeth@gmail.com>
Co-authored-by: Francisco <francisco.paisana@softwareradiosystems.com>
if RLC PDUs with certain PDCP SNs were already in flight
when their discard timer at PDCP expires, they weren't
remove from the undelivered_sdu_info_queue causing
indesired log entries like:
08:08:52.455280 [RLC ] [W] PDCP_SN=2103 already marked as undelivered
when the SN was sent again (after wrap around).
The patch makes sure to always try to delete the PDCP SN
from the queue. It should fix (at least partly) #2560
previously the warning was printed when a Lime was connected to the PC.
Now all connected devices are printed but the warning is only
shown if the selected device is the Lime.
- use const char* instead of std::string in enumerated<>::to_string() to avoid mallocs.
- Remove the use of "typedef", and use "using" keyword instead.
- Fix rrc_nr::setup_release_c<>::to_string() broken linkage.
this commit adds a complete DL HARQ entity to the MAC of the UE.
It also refactors demux into an own class and adapts the PHY-MAC
interface to use the new MAC capabilities.
avoiding any allocations.
Each segment stores its own PDCP SN and RLC SN and has two pointers,
one for the next segment of the same RLC PDU, and another for the next segment
of the same PDCP PDU.
Previously since a char* can have any length, this was managed by FMT by converting it into a std::string.
Now we store it into a configurable size node that can store a fixed size string, otherwise it falls back to std::string.
the current value of 256 limits the number of PDCP SDUs that can be
notified from RLC. The limit is quickly hit when too many SDUs
are in flight. This can cause unwanted log entries and weird PDCP
behaviour.
the patch increases the value to 1024, which still can be too few if
many smaller SDUs are traveling.
The patch also set the log level to warning to quicker spot
misconfigs in logs.
Fixes#2616
the created RLC PDU was too large to fit inside the MAC grant
because only the header room for the short L field was used.
The patch determines the correct size before passing the opportunity to RLC.
It also improves logging in error case by using the MAC logger instead of
stderr/stdout when error occurs.
building on the previous refactor this patch now adds support
for peridoic BSR reporting (using short BSR). It furthermore does
the following changes:
* add BSR packing
* add proc_bsr_nr unit test
* move mac_nr test code into test folder under src (needs to be done with other test code too)
previously we were only counting retx if we retx the start of a segment.
this could lead to unwanted behaviour, i.e., not counting retx
correctly and thus not triggering the maxretx attempt, if the receive
always sends NACKs with a SO_start.
The RLC spec is not clear on how this should be handled correctly but
IMHO using an integer number of retx is reasonable, even for segments
that might be retransmitted more often.
The alternative of using a fractional retx counter that may be increamented
proportional to the segment size that is retx is another alternative
but considered too complex to implement (and test correctly).
- use of inheritance to simplify testing
- removal of global network manager
- pass of custon socket manager to s1ap and gtpu ctors
- overhauled the registration of socket fd,callback in socket manager
- Implement a common event "log_rrc" for all RRC events and discriminate by procedure using an enum.
- Log events for connection, reestablishment, reconfig, reject and release.
- Log the corresponding ASN1 message used by each procedure.
- Redefine the JSON object for this event to match the new structure.
Fixed a compilation error detected by the static analyzer in gcc9.3 where bounded_vector::data() was using taking the address of the internal buffer which confused it, prefer to use the data method of std::array.
This was done so it would work when circular buffer holds other things
that are not unique_pointers. Queue and pop_func had to be made public
to be able to call the pop_func when an SDU is discarded.