Update and improve cache operations. #192
Conversation
adamgreig
added
S-waiting-on-review
|
r? @ithinuel (rust_highfive has picked a reviewer for you, use r? to override) |
src/peripheral/scb.rs
Outdated
| /// recent writes to `obj` to be lost, potentially including the write that initialised it. | ||
| /// Therefore, this method may cause uninitialised memory or invalid values to be read, | ||
| /// resulting in undefined behaviour. You must ensure that main memory contains a valid and | ||
| /// initialised value for T before invalidating `obj`. |
There was a problem hiding this comment.
Isn't it unsound in general when the memory a &T points to is modified (unless T is an UnsafeCell)?
There was a problem hiding this comment.
Do you think we should require &mut here instead of &, or just give a more dire warning about potential consequences?
There was a problem hiding this comment.
&mut sounds like a good option, as long as it doesn't make the API unusable. Do you happen to have any real-world examples where this API would be used?
There was a problem hiding this comment.
I've used the previous invalidate API in ethernet peripheral drivers where the descriptors and packet memory are shared between CPU and peripheral. In all of those instances the code had &mut access, though the receive buffers were in principle read-only.
The other use case I can see is sharing memory between cores on a multi-core device, e.g. the STM32H7 dual-core series have D-cache for the M7 core, so communicating with the M4 core could require cache management. Imagine a synchronisation primitive which needs to invalidate some interior memory to ensure it's reading a fresh value from the other core, and wants to be able to do this with only &self. But probably such a primitive should contain an UnsafeCell which can handle the interior mutability, and then it would still be able to pass &mut to the cache invalidation function.
On balance I think it's probably a more obvious API if it takes &mut to make it clear that the value might change, and in the rare case someone needs to access it with a non-mut, it's only a one line function that calls another public unsafe method anyway, so it's not that much extra effort. I'll update this PR.
|
A couple of other notes:
Please don't merge just yet. |
|
I've updated the documentation to more clearly convey what's required and what will happen, updated the methods to take This is ready for review now. |
Co-Authored-By: Jonas Schievink <[email protected]>
|
Thanks, I've applied suggestions and updated some other |
|
Great, let's do this! bors r+ |
|
👎 Rejected by too few approved reviews |
192: Update and improve cache operations. r=jonas-schievink a=adamgreig Closes #47, #188. I've implemented the proposed methods from #47 and marked all d-cache invalidation functions as unsafe. It's not unsafe to invalidate i-cache or branch predictor as they are read-only caches. The clean and clean+invalidate operations do not alter memory from the executing core's point of view so are also safe. It wasn't possible to remove the requirement to pass in `&mut CPUID` as you require synchronized access to `CPUID` to read the number of sets and ways in the cache, which is required to fully clean or invalidate them, which is required to enable or disable them. So it goes. Breaking change due to changing safety of d-cache invalidation functions. Co-authored-by: Adam Greig <[email protected]>
Build failed |
|
Apparently we're downloading stuff from Arm servers during CI. Not sure why but we shouldn't be doing that. |
|
bors retry
… |
192: Update and improve cache operations. r=jonas-schievink a=adamgreig Closes #47, #188. I've implemented the proposed methods from #47 and marked all d-cache invalidation functions as unsafe. It's not unsafe to invalidate i-cache or branch predictor as they are read-only caches. The clean and clean+invalidate operations do not alter memory from the executing core's point of view so are also safe. It wasn't possible to remove the requirement to pass in `&mut CPUID` as you require synchronized access to `CPUID` to read the number of sets and ways in the cache, which is required to fully clean or invalidate them, which is required to enable or disable them. So it goes. Breaking change due to changing safety of d-cache invalidation functions. Co-authored-by: Adam Greig <[email protected]>
|
We download the gcc toolchain which is used to verify the precompiled
binary blobs are correct compared to the source, iirc.
…On Wed, 5 Feb 2020, 00:09 Jonas Schievink, ***@***.***> wrote:
Apparently we're downloading stuff from Arm servers during CI. Not sure
why but we shouldn't be doing that.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#192?email_source=notifications&email_token=AAALQ4YKQ7345V63VXIDXILRBH7VHA5CNFSM4KHLQKG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKZVLBI#issuecomment-582178181>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAALQ427ZFJOESIJ4OQBXWDRBH7VHANCNFSM4KHLQKGQ>
.
|
|
Using |
|
At the time I don't think a suitable version was available in apt and it
still might not be. We could have Travis cache the downloaded toolchain,
though.
…On Wed, 5 Feb 2020, 00:16 Jonas Schievink, ***@***.***> wrote:
Using apt-get is better for that since Travis caches it. I'll open an
issue.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#192?email_source=notifications&email_token=AAALQ46FXWJKHYLJTOSA3QTRBIANJA5CNFSM4KHLQKG2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKZVZOY#issuecomment-582180027>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAALQ4ZGRH6657UABFACWDDRBIANJANCNFSM4KHLQKGQ>
.
|
Build succeeded |
192: add a .uninit section r=therealprof a=japaric that contains static variables that will not be initialized by the runtime this implements only the linker section described in RFC #116 so that downstream libraries / framework can leverage it without (a) forking this crate or (b) requiring the end user to pass additional linker scripts to the linker when building their crate. This commit doesn't add the user interface described in RFC #116; instead it documents how to use this linker section in the advanced section of the crate level documentation Co-authored-by: Jorge Aparicio <[email protected]>
Closes #47, #188.
I've implemented the proposed methods from #47 and marked all d-cache invalidation functions as unsafe. It's not unsafe to invalidate i-cache or branch predictor as they are read-only caches. The clean and clean+invalidate operations do not alter memory from the executing core's point of view so are also safe.
It wasn't possible to remove the requirement to pass in
&mut CPUIDas you require synchronized access toCPUIDto read the number of sets and ways in the cache, which is required to fully clean or invalidate them, which is required to enable or disable them. So it goes.Breaking change due to changing safety of d-cache invalidation functions.