Skip to content

Code review fix-pass: tiers 0-15#30

Merged
pappadf merged 2 commits into
mainfrom
code-review-fixes-pass
May 17, 2026
Merged

Code review fix-pass: tiers 0-15#30
pappadf merged 2 commits into
mainfrom
code-review-fixes-pass

Conversation

@pappadf
Copy link
Copy Markdown
Owner

@pappadf pappadf commented May 17, 2026

Summary

Batch fix-pass driven by local/gs-docs/reviews/core-review-straightforward-full.md. Each of the ~900 findings was read against the actual code, fixed when the change was clear-cut and low-risk, or marked NOT FIXED with a per-finding justification (cross-tier dependency, signature change required, self-resolved, etc.) — no bulk-deferred entries remain in the review file.

Highlights by tier

  • Tiers 0-8 (earlier sessions): CPU, memory, MMU, peripherals, VFS, object-model fixes.
  • Tier 9 (storage): journal-load error propagation; ftruncate-based zero-fill replaces 40k-iteration write loops; race-safe fopen; archive.c mkdir-p + dead verbose flag; checkpoint_machine JSON escaping + sweep_others NULL guards; checkpoint.c CHECKPOINT_MAX_ALLOC caps; snprintf model_id; bail-on-fopen-failure (replaces silent zero-fill corruption).
  • Tier 10 (networking): O(2^n) NBP wildcard matcher rewritten as iterative two-pointer O(n*m) — closes a CPU-exhaustion DoS; process_packet/llap_in const-correct end-to-end; llap_send oversize rejection; MAX_SHARES module-private; emit_json_escaped for hostile APM partition names; dead includes and Phase-5c tombstone comments removed.
  • Tier 11 (debugger): macos_atrap_name lookup-result-discarded bug; trace ring-buffer corruption on first wrap; framebuffer-checksum static-accum-byte concurrency hazard; mnemonic buffer bounds check; O(N²) clear loops replaced with bulk helpers; malloccalloc for zero-init.
  • Tier 12 (shell): V_BYTES inline-render cap (64 + "...N more"); emit_json_escaped for partition name/type; ${...} body-size cap; dead ternary in cp.
  • Tier 13 (system): config_get_image bounds check; config_add_image runtime check (was assert-only — silent overflow in release builds); printfLOG across system_ensure_machine; drive_catalog_find_closest NULL checks.
  • Tier 14 (machines): IICX_*_IO_PENALTY triple-definition consolidated; soft-power-off log level corrected (0→1); dead constants removed; via2_output collapsed.
  • Tier 15 (platform): platform_ticks 32-bit time_t overflow fix; gs_download returns -1 on failure (was always 0) + short-read detection; redundant global_emulator clobber removed; dead run_startup_command + rolling-instruction-counter tracking removed; platform_play_8bit_pwm const-correct.

CI follow-up commit

Initial CI run failed in "Run unit tests (CPU)" with a type-mismatch in tests/unit/support/stub_memory.c (test stub still declared int g_page_count after the Tier-4 header change to uint32_t). Fixing that locally revealed a second regression: the Tier-5 MOVEM post-increment refactor in cpu_internal.h introduced "skip An writeback when An is in the list (on 68000)", citing M68000PRM — but the CPU test vectors expect the post-incremented ea to always win (expected/actual deltas are exactly N_regs * size). Reverted to the prior always-writeback logic.

Test plan

  • make headless — clean
  • make -C tests/unit run — 14/14 suites pass
  • make integration-test — 38/38 pass
  • CI green on this branch

🤖 Generated with Claude Code

pappadf and others added 2 commits May 17, 2026 18:42
@pappadf
core-review: batch fix-pass across Tiers 0-15
7c6e137 
Apply analyzed fixes from local/gs-docs/reviews/core-review-straightforward-full.md
covering all 16 review tiers. Each finding was read against the actual code,
fixed when the change was clear-cut and low-risk, or marked NOT FIXED with a
concrete per-finding justification (cross-tier dependency, signature change
required, self-resolved, etc.) — no bulk-deferred entries remain.

Highlights by tier:
- Tier 9 (storage): journal-load error propagation, ftruncate-based zero-fill
  (replaces 40k-iteration write loops), race-safe fopen, archive.c mkdir-p +
  dead verbose flag, checkpoint_machine JSON escaping + sweep_others NULL
  guards, checkpoint.c CHECKPOINT_MAX_ALLOC caps, snprintf model_id, bail-on-
  fopen-failure (replaces silent zero-fill corruption).
- Tier 10 (networking): O(2^n) NBP wildcard matcher rewritten as iterative
  two-pointer O(n*m) (closes a CPU-exhaustion DoS); process_packet/llap_in
  made const-correct end-to-end; llap_send oversize rejection; MAX_SHARES
  made module-private; emit_json_escaped for hostile APM partition names;
  dead includes and Phase-5c tombstone comments removed.
- Tier 11 (debugger): macos_atrap_name lookup-result-discarded bug;
  trace-buffer ring corruption on first wrap; framebuffer checksum static-
  accum-byte concurrency hazard; mnemonic-buffer bounds check; O(N²) clear
  loops replaced with bulk helpers; malloc→calloc for zero-init.
- Tier 12 (shell): V_BYTES inline-render cap (64 + "...N more"); emit_json_
  escaped for partition name/type; ${...} body size cap; dead ternary in cp.
- Tier 13 (system): config_get_image bounds check; config_add_image runtime
  check (was assert-only — silent overflow in release builds); printf→LOG
  across system_ensure_machine; drive_catalog_find_closest NULL checks.
- Tier 14 (machines): IICX_*_IO_PENALTY triple-definition consolidated; soft-
  power-off log level corrected (0→1); dead SE30_RAM_END / PLUS_RAM_TOP
  removed; via2_output collapsed.
- Tier 15 (platform): platform_ticks 32-bit time_t overflow fix; gs_download
  returns -1 on failure (was always 0) + short-read detection; redundant
  global_emulator clobber removed; dead run_startup_command + rolling-
  instruction-counter tracking removed; platform_play_8bit_pwm const-correct.

Earlier tiers (0-8) cover CPU/memory/mmu/peripherals/VFS fixes from prior
review sessions in this same pass.
@pappadf @claude
ci: fix unit test compile + MOVEM post-increment regression
8e19913 
Two issues surfaced after the Tier 0-15 review pass landed:

- `tests/unit/support/stub_memory.c`: the test stub declared
  `int g_page_count` but the real `memory.h` now declares it
  `uint32_t` (Tier-4 type tightening). The mismatch broke unit
  compilation in CI's "Run unit tests (CPU)" step.

- `src/core/cpu/cpu_internal.h`: the Tier-5 MOVEM post-increment
  refactor introduced "skip writeback when An is in the register
  list" on 68000, citing M68000PRM. The cpu test vectors expect
  the post-incremented `ea` to always win — failures show the
  expected-vs-actual delta is exactly N_regs * size, the
  post-increment amount. Reverted to the prior always-writeback
  logic that matches the captured test data.

Local: tests/unit/run → 14/14 suites pass; make integration-test
→ 38/38 pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
@pappadf pappadf merged commit 9b68695 into main May 17, 2026
3 checks passed
@pappadf pappadf deleted the code-review-fixes-pass branch May 17, 2026 20:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pappadf