Design questions around CDC stream handling and loading #673
Comments
It originally didn't buffer at all there, I added that to fix an issue with a word being split across two FIFO entries. Went with the smallest change I guess.
It shouldn't be (not that anything verifies this). The most that can be added in one call is 64 bytes, and the most that can be left in the buffer should be <= 3 bytes as the only time a handler returns without finishing/erroring and with data left in the TBH when I wrote the code that relies on reading words I thought the streaming code would handle that across FIFO entries. It didn't, so I added the buffering in For the rest I don't think there's any reason other than nobody writing the code. All the USB serial stuff was a contribution from a beta tester... (Says the beta tester with excessive contributions). (Though I guess you could describe the USB level as "packetized transmission w/ ACK/retry protocol"?) |
I'm running into a some errors with running
32blit flashand have some design questions with respect to the flash loading process and robustness.Receive buffer design
This is a bit of a nit, but why is
CDCDataStreamnot designed as a circular buffer? Thememmoveat the beginning would not be required, and the resulting portion ofAddDatawould be either 1 or 2 memcpy's. Given thatGetDataOfLengthis always reading one byte at a time, it wouldn't change a lot.As a more serious flay, is it possible for
AddDatato be invoked such thatCDCDataStreamcould overflow? There is currently no handling around data overflow inCDCDataStreamitself, so it is unclear what in the system design ensures that overflow will not occur. What is the justification for not having bounds checking inCDCDataStreamitself? Is it possible thatCDCDataStream::AddDataoverflows in some circumstances, and is just not being detected?Loading process robustness
As far as I can tell, the loading process is a blind write from the host to the device (e.g. https://github.com/32blit/32blit-tools/blob/a520a742450c8da97f88f6c0ce74ac0038093e02/src/ttblit/core/blitserial.py#L114-L126 ). The device side is dependent on receiving all the bytes, or the loader will remain stuck waiting for bytes (see:
32blit-sdk/firmware/firmware.cpp
Lines 961 to 963 in 3437f5b
What provides the guarantee that all bytes written from the host will be received by the device and written to disk? When loading larger
.blitfiles I've seen the device appear to be "stuck", which would potentially match a situation where bytes were lost. Why was this approach taken over approaches that could ensure robustness (e.g. packetized transmission w/ ACK/retry protocol).Overall data transfer validation
There does not appear to be a post-transmission data check to ensure post-write data validity to the flash or SD card, e.g. CRC / SHA-xxx hash. The STM32H7 appears to have a HASH processor peripheral capable of doing accelerated SHA-1 / SHA-256 calculations. What is the reason for omitting some form of post-write validity check during loading?
The text was updated successfully, but these errors were encountered: