fix: remediate batch 2 clang-tidy violations

[vtz]

Summary

Second batch of clang-tidy remediations targeting performance, readability, and code organization violations across 15 source files.

Changes by category

Performance (17 fixes)

• performance-unnecessary-value-param: Use std::move for callback parameters instead of copying (event_subscriber, rpc_client, rpc_server)
• performance-avoid-endl: Replace std::endl with '\n' (sd_message, tp_reassembler)
• Pass MessagePtr by const& in rpc_server private helpers where only read access is needed

Readability (28 fixes)

• readability-static-accessed-through-instance: Access E2EHeader::get_header_size() via class name (message.h, message.cpp)
• readability-simplify-boolean-expr: Simplify has_valid_method_id() and has_valid_length() returns
• readability-redundant-member-init: Remove redundant {} on UdpConfig::multicast_interface
• readability-qualified-auto: Use const auto* for pointer-to-const (sd_client, sd_server)
• cppcoreguidelines-prefer-member-initializer: Move TpTransfer::last_activity to initializer list

Misc / Organization (17 fixes)

• misc-use-anonymous-namespace: Move file-local statics to anonymous namespaces (e2e_crc, freertos/memory, threadx/memory, sd_client, sd_server)
• cppcoreguidelines-pro-type-cstyle-cast: Replace C-style casts with reinterpret_cast in socket code (tcp_transport)

Tests added

• Boundary tests for has_valid_method_id() (0x0000, 0x0001, 0xFFFE, 0xFFFF)
• Boundary tests for has_valid_length() (0, 7, 8, 9, UINT32_MAX)
• E2EHeader::get_header_size() static access verification
• TpTransfer timestamp initialization consistency test

Test plan

• All existing tests pass (Host, FreeRTOS, ThreadX, Zephyr)
• New boundary tests pass
• Clang-tidy quality gate passes
• No regressions in cross-compilation (ARM Cortex-M4)

Ref: #222

Made with Cursor

Summary by CodeRabbit

• Refactor

  • Internal cleanup and encapsulation across messaging, transport, and platform layers; reduced copies by forwarding ownership of callbacks and handlers.
  • CRC table and initialization made lazy/static-initialized for simpler startup.

• Stability

  • Safer initialization, tighter const-correctness, and stricter message-pool validation to reduce edge-case errors.
  • Replaced flush-causing log endings and improved socket/transport cast safety.

• Tests

  • Added tests for message validation boundaries, E2E header size access, move semantics, and transfer timestamp initialization.

[coderabbitai]

📝 Walkthrough

Walkthrough

Refactors E2E header size access to use static e2e::E2EHeader::get_header_size(), applies move semantics for callbacks/handlers, moves various file-static internals into anonymous namespaces, tightens some const-correctness and cast styles, replaces std::endl with '\n' in a few warnings, and adds tests for message and TP initialization boundaries.

Changes

Cohort / File(s)	Summary
Message & E2E include/someip/message.h, src/someip/message.cpp, tests/test_message.cpp	Switch instance calls to static e2e::E2EHeader::get_header_size() in constructors, deserialize, validation and length update paths; simplified small validation branches; added unit tests for method-id/length boundaries, static header-size access, and move-assignment behavior.
Move semantics (events / RPC) src/events/event_subscriber.cpp, src/rpc/rpc_client.cpp, src/rpc/rpc_server.cpp	Use std::move() to transfer callbacks/handlers into storage and across call sites; added <utility> includes where needed; adjusted PendingCall and method registration to store moved callbacks; some internal response helpers changed to take MessagePtr by const reference.
Platform memory & CRC src/platform/freertos/memory.cpp, src/platform/threadx/memory.cpp, src/e2e/e2e_crc.cpp	Moved translation-unit statics into anonymous namespaces; extracted internal release helpers; added stricter pointer/offset validation in FreeRTOS release; replaced CRC table/init flag with function-local static table.
Service Discovery & SD messages src/sd/sd_client.cpp, src/sd/sd_server.cpp, src/sd/sd_message.cpp	Moved file-static helpers into anonymous namespaces; tightened option pointer constness; replaced std::endl with '\n' in IPv4 parsing warnings.
Transport & types src/transport/tcp_transport.cpp, include/transport/udp_transport.h	Replaced C-style (sockaddr*) casts with reinterpret_cast<...>; removed braced default initializer for UdpTransportConfig::multicast_interface.
TP types & reassembler include/tp/tp_types.h, src/tp/tp_reassembler.cpp, tests/test_tp.cpp	Initialized TpTransfer timestamps in member initializer list; replaced std::endl with '\n' in TP warning; added test ensuring start_time/last_activity initialization.

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related issues

• Fix pre-existing code quality and safety issues identified during clang-tidy review #226: Changes to FreeRTOS/ThreadX pool internals and CRC static initialization align with initialization/concurrency concerns reported in this issue.

Possibly related PRs

• fix: remediate P0 safety and mechanical clang-tidy violations (#222) #225: Similar refactor replacing instance get_header_size() calls with static e2e::E2EHeader::get_header_size().
• feat(platform): refactor PAL and add FreeRTOS, ThreadX, lwIP backends #25: Related edits to FreeRTOS and ThreadX platform memory-pool implementations and allocation/release helpers.
• feat(tests): increase code coverage with meaningful tests and MC/DC #117: Related changes to E2E CRC/header handling and expectations in src/e2e/e2e_crc.cpp.

Poem

🐇 I hopped through bytes and headers bright,
Static sizes now show their might,
Moves carried callbacks in my paw,
Hidden namespaces keep things raw,
Tests stand watch at boundary light.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 52.73% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'fix: remediate batch 2 clang-tidy violations' accurately describes the main objective of this PR, which is to apply the second batch of clang-tidy remediations across 15 source files addressing performance, readability, and code-organization warnings.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/clang-tidy-batch2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (5)

src/e2e/e2e_crc.cpp (1)

80-103: ⚠️ Potential issue | 🔴 Critical

Make CRC32 table initialization thread-safe.

The unsynchronized shared mutable state at lines 80 and 83 (crc32_table and crc32_table_initialized) creates a race condition. Concurrent calls to calculate_crc32() can simultaneously invoke init_crc32_table(), causing partial writes to crc32_table and nondeterministic CRC values.

Replace the mutable globals and init_crc32_table() function with a thread-safe static local initialization:

Proposed fix

+#include <array>
...
 namespace {
-
-// Precomputed CRC32 lookup table
-uint32_t crc32_table[256];
-
-// Initialize CRC32 lookup table (called once)
-bool crc32_table_initialized = false;
-
-void init_crc32_table() {
-    if (crc32_table_initialized) {
-        return;
-    }
-
-    for (uint32_t i = 0; i < 256; ++i) {
-        uint32_t crc = i << 24;
-        for (int j = 0; j < 8; ++j) {
-            if (crc & 0x80000000) {
-                crc = (crc << 1) ^ CRC32_POLY;
-            } else {
-                crc <<= 1;
-            }
-        }
-        crc32_table[i] = crc;
-    }
-
-    crc32_table_initialized = true;
-}
+const std::array<uint32_t, 256>& get_crc32_table() {
+    static const std::array<uint32_t, 256> table = [] {
+        std::array<uint32_t, 256> t{};
+        for (uint32_t i = 0; i < 256; ++i) {
+            uint32_t crc = i << 24;
+            for (int j = 0; j < 8; ++j) {
+                if (crc & 0x80000000) {
+                    crc = (crc << 1) ^ CRC32_POLY;
+                } else {
+                    crc <<= 1;
+                }
+            }
+            t[i] = crc;
+        }
+        return t;
+    }();
+    return table;
+}
 
 }  // namespace
 
 uint32_t calculate_crc32(const std::vector<uint8_t>& data) {
-    init_crc32_table();
+    const auto& crc32_table = get_crc32_table();
 
     uint32_t crc = CRC32_INIT;
 
     for (uint8_t byte : data) {
         uint32_t index = ((crc >> 24) ^ byte) & 0xFF;
         crc = (crc << 8) ^ crc32_table[index];
     }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/e2e/e2e_crc.cpp` around lines 80 - 103, Replace the global mutable
crc32_table and crc32_table_initialized and the init_crc32_table() function with
a thread-safe static local initialization so concurrent calls to
calculate_crc32() cannot race; specifically, remove the globals and have
calculate_crc32() (or a helper it calls) declare a static local
std::array<uint32_t,256> (or equivalent) that is populated the first time via
the same loop, relying on C++ static local initialization to be thread-safe, and
update references that used crc32_table to use that static local variable
instead.

src/events/event_subscriber.cpp (2)

92-101: 🧹 Nitpick | 🔵 Trivial

Move SubscriptionInfo into the map too.

Lines 94-95 move the callbacks into sub_info, but Line 101 stores sub_info as an lvalue, so both std::function objects are still copied once. Finish the handoff with a move here as well.

Proposed fix

-        subscriptions_[key] = sub_info;
+        subscriptions_[key] = std::move(sub_info);

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/events/event_subscriber.cpp` around lines 92 - 101, The SubscriptionInfo
object `sub_info` currently has its `notification_callback` and
`status_callback` moved into it but is then stored into `subscriptions_` as an
lvalue, causing another copy of the std::function objects; change the store to
move `sub_info` into the map (e.g., use `subscriptions_.emplace(key,
std::move(sub_info))` or `subscriptions_[key] = std::move(sub_info)`) so the
callbacks are fully moved and not copied again; update the code around
`make_subscription_key`, `sub_info`, and `subscriptions_` accordingly while
keeping the `ScopedLock` usage.

---

170-188: ⚠️ Potential issue | 🔴 Critical

Field requests are registered under a key that the receive path never uses.

Lines 172-173 store callbacks under (service_id, instance_id, event_id), but on_message_received() looks them up with (service_id, 0, event_id) at Line 292. For any nonzero instance_id, the callback can never be found, and this function also leaves the orphaned entry behind when send_message() fails at Line 188.

Please use the same correlation key on both sides, or key pending field requests by request/session ID and only retain the callback after a successful send.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/events/event_subscriber.cpp` around lines 170 - 188, The callback is
being stored under make_field_key(service_id, instance_id, event_id) but
on_message_received looks up callbacks using make_field_key(service_id, 0,
event_id), and the entry is left behind if send_message fails; change
event_subscriber.cpp so you (a) construct the same correlation key used by
on_message_received (i.e., call make_field_key(service_id, 0, event_id) instead
of using instance_id) or alternatively change on_message_received to use the
instance_id consistently, and (b) only insert into field_requests_ (protected by
field_requests_mutex_) after transport_->send_message(...) returns
Result::SUCCESS, or if you must insert before sending remove the entry on send
failure to avoid orphaned callbacks; reference field_requests_mutex_,
make_field_key, field_requests_, transport_->send_message, and
on_message_received when making the edit.

src/someip/message.cpp (2)

455-463: 🧹 Nitpick | 🔵 Trivial

Drop the no-op total-size comparison.

expected_total_size and actual_total_size are identical expressions, so this branch can never fail and only hides the real check below on length_.

Suggested simplification

-    uint32_t expected_total_size = HEADER_SIZE + e2e_size + payload_.size();
-    uint32_t actual_total_size = HEADER_SIZE + e2e_size + payload_.size();  // Same calculation
-    if (expected_total_size != actual_total_size) {
-        return false;
-    }
-
     // Also check that length_ is consistent
     uint32_t expected_length = 8 + e2e_size + payload_.size();
     if (length_ != expected_length) {
         return false;
     }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/someip/message.cpp` around lines 455 - 463, The current no-op compares
two identical expressions (expected_total_size and actual_total_size); remove
the duplicate actual_total_size and instead validate the parsed length field:
compute e2e_size using e2e_header_.has_value() ?
e2e::E2EHeader::get_header_size() : 0, set expected_total_size = HEADER_SIZE +
e2e_size + payload_.size(), and compare expected_total_size against the message
length field (length_) so the real consistency check is performed (replace the
redundant comparison with: if (expected_total_size != length_) return false;).

---

115-126: ⚠️ Potential issue | 🟠 Major

Preserve interface_version_ in move assignment.

Line 121 resets the destination to SOMEIP_INTERFACE_VERSION instead of taking other.interface_version_, breaking consistency with the move constructor (which preserves the field) and copy assignment (which also preserves it). The destination should receive the source's state, not a reset constant.

Proposed fix

-        interface_version_ = SOMEIP_INTERFACE_VERSION;  // Valid interface version for moved-to object
+        interface_version_ = other.interface_version_;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/someip/message.cpp` around lines 115 - 126, The move-assignment operator
Message::operator=(Message&& other) currently resets interface_version_ to
SOMEIP_INTERFACE_VERSION instead of preserving the moved-from value; change it
to assign other.interface_version_ so the destination receives the source's
state (matching the move constructor and copy assignment), i.e., replace the
line that sets interface_version_ with an assignment from
other.interface_version_, keeping the rest of the move logic (payload_,
e2e_header_, etc.) unchanged.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/platform/freertos/memory.cpp`:
- Around line 67-75: Validate pool ownership before destroying the Message: in
release_message (the function calling msg->~Message()), include <cstdint>,
compute uintptr_t raw = reinterpret_cast<std::uintptr_t>(msg) and uintptr_t pool
= reinterpret_cast<std::uintptr_t>(pool_buffer), check alignment and that raw >=
pool and (raw - pool) % sizeof(someip::Message) == 0 and index = (raw - pool) /
sizeof(someip::Message) is < POOL_SIZE; only after these checks take pool_mutex,
mark block_used[index] = false and then call the destructor (msg->~Message());
do not perform pointer subtraction or call the destructor before verifying msg
belongs to this pool.

In `@tests/test_tp.cpp`:
- Around line 691-701: The test TransferInitTimestamps references a non-existent
field transfer.total_size on TpTransfer; change the assertion to check the
actual field name message_id instead (i.e., replace
EXPECT_EQ(transfer.total_size, 1400u) with an assertion that
EXPECT_EQ(transfer.message_id, 1400u)) so the test compiles and verifies the
intended value; keep the other assertions (transfer_id, start_time,
last_activity) unchanged.

---

Outside diff comments:
In `@src/e2e/e2e_crc.cpp`:
- Around line 80-103: Replace the global mutable crc32_table and
crc32_table_initialized and the init_crc32_table() function with a thread-safe
static local initialization so concurrent calls to calculate_crc32() cannot
race; specifically, remove the globals and have calculate_crc32() (or a helper
it calls) declare a static local std::array<uint32_t,256> (or equivalent) that
is populated the first time via the same loop, relying on C++ static local
initialization to be thread-safe, and update references that used crc32_table to
use that static local variable instead.

In `@src/events/event_subscriber.cpp`:
- Around line 92-101: The SubscriptionInfo object `sub_info` currently has its
`notification_callback` and `status_callback` moved into it but is then stored
into `subscriptions_` as an lvalue, causing another copy of the std::function
objects; change the store to move `sub_info` into the map (e.g., use
`subscriptions_.emplace(key, std::move(sub_info))` or `subscriptions_[key] =
std::move(sub_info)`) so the callbacks are fully moved and not copied again;
update the code around `make_subscription_key`, `sub_info`, and `subscriptions_`
accordingly while keeping the `ScopedLock` usage.
- Around line 170-188: The callback is being stored under
make_field_key(service_id, instance_id, event_id) but on_message_received looks
up callbacks using make_field_key(service_id, 0, event_id), and the entry is
left behind if send_message fails; change event_subscriber.cpp so you (a)
construct the same correlation key used by on_message_received (i.e., call
make_field_key(service_id, 0, event_id) instead of using instance_id) or
alternatively change on_message_received to use the instance_id consistently,
and (b) only insert into field_requests_ (protected by field_requests_mutex_)
after transport_->send_message(...) returns Result::SUCCESS, or if you must
insert before sending remove the entry on send failure to avoid orphaned
callbacks; reference field_requests_mutex_, make_field_key, field_requests_,
transport_->send_message, and on_message_received when making the edit.

In `@src/someip/message.cpp`:
- Around line 455-463: The current no-op compares two identical expressions
(expected_total_size and actual_total_size); remove the duplicate
actual_total_size and instead validate the parsed length field: compute e2e_size
using e2e_header_.has_value() ? e2e::E2EHeader::get_header_size() : 0, set
expected_total_size = HEADER_SIZE + e2e_size + payload_.size(), and compare
expected_total_size against the message length field (length_) so the real
consistency check is performed (replace the redundant comparison with: if
(expected_total_size != length_) return false;).
- Around line 115-126: The move-assignment operator Message::operator=(Message&&
other) currently resets interface_version_ to SOMEIP_INTERFACE_VERSION instead
of preserving the moved-from value; change it to assign other.interface_version_
so the destination receives the source's state (matching the move constructor
and copy assignment), i.e., replace the line that sets interface_version_ with
an assignment from other.interface_version_, keeping the rest of the move logic
(payload_, e2e_header_, etc.) unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 588b8f03-f379-48cf-abe1-4e07cbd430f1

📥 Commits

Reviewing files that changed from the base of the PR and between fe04536 and 6772721.

📒 Files selected for processing (17)

• include/someip/message.h
• include/tp/tp_types.h
• include/transport/udp_transport.h
• src/e2e/e2e_crc.cpp
• src/events/event_subscriber.cpp
• src/platform/freertos/memory.cpp
• src/platform/threadx/memory.cpp
• src/rpc/rpc_client.cpp
• src/rpc/rpc_server.cpp
• src/sd/sd_client.cpp
• src/sd/sd_message.cpp
• src/sd/sd_server.cpp
• src/someip/message.cpp
• src/tp/tp_reassembler.cpp
• src/transport/tcp_transport.cpp
• tests/test_message.cpp
• tests/test_tp.cpp

[vtz]

Review comment triage

Fixed in next push:

1. FreeRTOS pool ownership (Major) — Added bounds + alignment validation before destroying the Message
2. CRC32 thread-safety (Critical) — Replaced mutable globals with thread-safe static const local initialization via C++ magic statics
3. sub_info std::move (Trivial) — Now moved into the map instead of copied
4. interface_version_ move assignment (Major) — Fixed to preserve source value instead of resetting to constant
5. No-op total-size comparison (Trivial) — Removed redundant identical comparison, kept the real length_ check
6. test_tp.cpp total_size (Critical) — Already fixed in 05c208b

Pre-existing, out of scope for this PR:

• field_requests_ key mismatch (event_subscriber.cpp:170-188) — The make_field_key(service_id, instance_id, event_id) vs make_field_key(service_id, 0, event_id) inconsistency and the missing cleanup on send_message failure are pre-existing issues not introduced by this PR. These should be tracked and fixed separately.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/platform/freertos/memory.cpp`:
- Around line 67-76: Replace the pointer relational checks on raw and pool_start
with integer comparisons using std::uintptr_t: include <cstdint>, cast raw and
pool_start to std::uintptr_t (e.g., uintptr_t raw_addr =
reinterpret_cast<uintptr_t>(raw); uintptr_t pool_addr =
reinterpret_cast<uintptr_t>(pool_start);) and then perform bounds checks against
pool_addr and pool_addr + POOL_SIZE * sizeof(someip::Message); keep the existing
byte_offset/modulo/index logic unchanged after the validated cast.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 12a7b25e-314e-41eb-affe-296a944e23dc

📥 Commits

Reviewing files that changed from the base of the PR and between 05c208b and a59d487.

📒 Files selected for processing (5)

• src/e2e/e2e_crc.cpp
• src/events/event_subscriber.cpp
• src/platform/freertos/memory.cpp
• src/someip/message.cpp
• tests/test_message.cpp