From bcbbfabbdb70b7f35621294fa6e280cb40c0f3a0 Mon Sep 17 00:00:00 2001
From: Jason <83615043+JJassonn69@users.noreply.github.com>
Date: Thu, 16 Apr 2026 02:12:37 +0545
Subject: [PATCH] harden error_strings[] safety and update .gitignore

- Add ERROR_COUNT sentinel to SystemError_t enum
- Change error_strings[] to static const char* const
- Add static_assert to enforce enum/array sync at compile time
- Add runtime bounds check with fallback for invalid error codes
- Add all missing test binary names to .gitignore
---
 .../9_1_3_C_Cpp_Code/main.cpp                 | 74 ++++++++++---------
 .../9_1_Microcontroller/tests/.gitignore      | 32 ++++++--
 2 files changed, 67 insertions(+), 39 deletions(-)

diff --git a/9_Firmware/9_1_Microcontroller/9_1_3_C_Cpp_Code/main.cpp b/9_Firmware/9_1_Microcontroller/9_1_3_C_Cpp_Code/main.cpp
index 932f4a0..0e48939 100644
--- a/9_Firmware/9_1_Microcontroller/9_1_3_C_Cpp_Code/main.cpp
+++ b/9_Firmware/9_1_Microcontroller/9_1_3_C_Cpp_Code/main.cpp
@@ -620,7 +620,8 @@ typedef enum {
     ERROR_POWER_SUPPLY,
     ERROR_TEMPERATURE_HIGH,
     ERROR_MEMORY_ALLOC,
-    ERROR_WATCHDOG_TIMEOUT
+    ERROR_WATCHDOG_TIMEOUT,
+    ERROR_COUNT  // must be last — used for bounds checking error_strings[]
 } SystemError_t;
 
 static SystemError_t last_error = ERROR_NONE;
@@ -654,18 +655,18 @@ SystemError_t checkSystemHealth(void) {
 
     // 1. Check AD9523 Clock Generator
     static uint32_t last_clock_check = 0;
-    if (HAL_GetTick() - last_clock_check > 5000) {
-        GPIO_PinState s0 = HAL_GPIO_ReadPin(AD9523_STATUS0_GPIO_Port, AD9523_STATUS0_Pin);
-        GPIO_PinState s1 = HAL_GPIO_ReadPin(AD9523_STATUS1_GPIO_Port, AD9523_STATUS1_Pin);
-        DIAG_GPIO("CLK", "AD9523 STATUS0", s0);
-        DIAG_GPIO("CLK", "AD9523 STATUS1", s1);
-        if (s0 == GPIO_PIN_RESET || s1 == GPIO_PIN_RESET) {
-            current_error = ERROR_AD9523_CLOCK;
-            DIAG_ERR("CLK", "AD9523 clock health check FAILED (STATUS0=%d STATUS1=%d)", s0, s1);
-            return current_error;
-        }
-        last_clock_check = HAL_GetTick();
-    }
+    if (HAL_GetTick() - last_clock_check > 5000) {
+        GPIO_PinState s0 = HAL_GPIO_ReadPin(AD9523_STATUS0_GPIO_Port, AD9523_STATUS0_Pin);
+        GPIO_PinState s1 = HAL_GPIO_ReadPin(AD9523_STATUS1_GPIO_Port, AD9523_STATUS1_Pin);
+        DIAG_GPIO("CLK", "AD9523 STATUS0", s0);
+        DIAG_GPIO("CLK", "AD9523 STATUS1", s1);
+        if (s0 == GPIO_PIN_RESET || s1 == GPIO_PIN_RESET) {
+            current_error = ERROR_AD9523_CLOCK;
+            DIAG_ERR("CLK", "AD9523 clock health check FAILED (STATUS0=%d STATUS1=%d)", s0, s1);
+            return current_error;
+        }
+        last_clock_check = HAL_GetTick();
+    }
 
     // 2. Check ADF4382 Lock Status
     bool tx_locked, rx_locked;
@@ -700,26 +701,26 @@ SystemError_t checkSystemHealth(void) {
 
     // 4. Check IMU Communication
     static uint32_t last_imu_check = 0;
-    if (HAL_GetTick() - last_imu_check > 10000) {
-        if (!GY85_Update(&imu)) {
-            current_error = ERROR_IMU_COMM;
-            DIAG_ERR("IMU", "Health check: GY85_Update() FAILED");
-            return current_error;
-        }
-        last_imu_check = HAL_GetTick();
-    }
+    if (HAL_GetTick() - last_imu_check > 10000) {
+        if (!GY85_Update(&imu)) {
+            current_error = ERROR_IMU_COMM;
+            DIAG_ERR("IMU", "Health check: GY85_Update() FAILED");
+            return current_error;
+        }
+        last_imu_check = HAL_GetTick();
+    }
 
     // 5. Check BMP180 Communication
     static uint32_t last_bmp_check = 0;
-    if (HAL_GetTick() - last_bmp_check > 15000) {
-        double pressure = myBMP.getPressure();
-        if (pressure < 30000.0 || pressure > 110000.0 || isnan(pressure)) {
-            current_error = ERROR_BMP180_COMM;
-            DIAG_ERR("SYS", "Health check: BMP180 pressure out of range: %.0f", pressure);
-            return current_error;
-        }
-        last_bmp_check = HAL_GetTick();
-    }
+    if (HAL_GetTick() - last_bmp_check > 15000) {
+        double pressure = myBMP.getPressure();
+        if (pressure < 30000.0 || pressure > 110000.0 || isnan(pressure)) {
+            current_error = ERROR_BMP180_COMM;
+            DIAG_ERR("SYS", "Health check: BMP180 pressure out of range: %.0f", pressure);
+            return current_error;
+        }
+        last_bmp_check = HAL_GetTick();
+    }
 
     // 6. Check GPS Communication
     static uint32_t last_gps_fix = 0;
@@ -867,7 +868,7 @@ void handleSystemError(SystemError_t error) {
     DIAG_ERR("SYS", "handleSystemError: error=%d error_count=%lu", error, error_count);
 
     char error_msg[100];
-    const char* error_strings[] = {
+    static const char* const error_strings[] = {
         "No error",
         "AD9523 Clock failure",
         "ADF4382 TX LO unlocked",
@@ -887,9 +888,16 @@ void handleSystemError(SystemError_t error) {
         "Watchdog timeout"
     };
 
+    static_assert(sizeof(error_strings) / sizeof(error_strings[0]) == ERROR_COUNT,
+                  "error_strings[] and SystemError_t enum are out of sync");
+
+    const char* err_name = (error >= 0 && error < (int)(sizeof(error_strings) / sizeof(error_strings[0])))
+                           ? error_strings[error]
+                           : "Unknown error";
+
     snprintf(error_msg, sizeof(error_msg),
              "ERROR #%d: %s (Count: %lu)\r\n",
-             error, error_strings[error], error_count);
+             error, err_name, error_count);
     HAL_UART_Transmit(&huart3, (uint8_t*)error_msg, strlen(error_msg), 1000);
 
     // Blink LED pattern based on error code
@@ -915,7 +923,7 @@ void handleSystemError(SystemError_t error) {
     if ((error >= ERROR_RF_PA_OVERCURRENT && error <= ERROR_POWER_SUPPLY) ||
         error == ERROR_TEMPERATURE_HIGH ||
         error == ERROR_WATCHDOG_TIMEOUT) {
-        DIAG_ERR("SYS", "CRITICAL ERROR (code %d: %s) -- initiating Emergency_Stop()", error, error_strings[error]);
+        DIAG_ERR("SYS", "CRITICAL ERROR (code %d: %s) -- initiating Emergency_Stop()", error, err_name);
         snprintf(error_msg, sizeof(error_msg),
                  "CRITICAL ERROR! Initiating emergency shutdown.\r\n");
         HAL_UART_Transmit(&huart3, (uint8_t*)error_msg, strlen(error_msg), 1000);
diff --git a/9_Firmware/9_1_Microcontroller/tests/.gitignore b/9_Firmware/9_1_Microcontroller/tests/.gitignore
index e185c71..acc7942 100644
--- a/9_Firmware/9_1_Microcontroller/tests/.gitignore
+++ b/9_Firmware/9_1_Microcontroller/tests/.gitignore
@@ -3,18 +3,38 @@
 *.dSYM/
 
 # Test binaries (built by Makefile)
+# TESTS_WITH_REAL
 test_bug1_timed_sync_init_ordering
-test_bug2_ad9523_double_setup
 test_bug3_timed_sync_noop
 test_bug4_phase_shift_before_check
 test_bug5_fine_phase_gpio_only
+test_bug9_platform_ops_null
+test_bug10_spi_cs_not_toggled
+test_bug15_htim3_dangling_extern
+
+# TESTS_MOCK_ONLY
+test_bug2_ad9523_double_setup
 test_bug6_timer_variable_collision
 test_bug7_gpio_pin_conflict
 test_bug8_uart_commented_out
-test_bug9_platform_ops_null
-test_bug10_spi_cs_not_toggled
-test_bug11_platform_spi_transmit_only
+test_bug14_diag_section_args
+test_gap3_emergency_stop_rails
+
+# TESTS_STANDALONE
 test_bug12_pa_cal_loop_inverted
 test_bug13_dac2_adc_buffer_mismatch
-test_bug14_diag_section_args
-test_bug15_htim3_dangling_extern
+test_gap3_iwdg_config
+test_gap3_temperature_max
+test_gap3_idq_periodic_reread
+test_gap3_emergency_state_ordering
+test_gap3_overtemp_emergency_stop
+test_gap3_health_watchdog_cold_start
+
+# TESTS_WITH_PLATFORM
+test_bug11_platform_spi_transmit_only
+
+# TESTS_WITH_CXX
+test_agc_outer_loop
+
+# Manual / one-off test builds
+test_um982_gps