[U-Boot] [PATCH 01/21] Define new system_restart() and emergency_restart()

Mon Apr 11 20:31:15 CEST 2011

Dear Graeme Russ,

sorry for the delay.

In message <AANLkTikjCJ6TuJ49TRJWHMh3y=OhFjCKMZd=XxNLvuUD at mail.gmail.com> you wrote:
>
> My point was that everything can be piped through panic()

Yes, it can.  But I don't think that makes sense.

> > Can you please show me a specific case where you would use such
> > different arguments to panic() in the existing code?
> 
> My reasoning is cleaning up the reset()/hang()/panic() API.

Then please keep up with good old Unix philosophy: use small building
block, where each of them fulfils a single purpose, and this done
well.

I seriously dislike the idea of a multifunction panic()
implementation.

> Also, consider devices which do not normally have any device attached to
> log serial output, but you may want to log reset/hang reasons for diagnosis
> later. Board defined hang() and reset() can log the reason in NVRAM and at
> next bootup (with a serial console attached) part of the startup message
> could be 'Last Reset Reason'

Please re-read what I wrote.  Things like hang() or reset() are
supposed to hang or reset _only_.  Any logging is another layer.

> How? For example, if an Ethernet device which the board uses to tftp a file
> from fails to initialise, that failure is detected in the common driver
> code and as a consequence hang(), reset(), or panic() is called. The driver
> can print out a message before calling hang() or reset() (useless if you
> have no serial console attached) and by the time any arch or board specific
> code gets called, all information regarding the failure has been lost. Why
> should a common driver decide if the board should hang or reset? What if

OK, you just proed your own argument wrong.  I agree, a driver should
never just hang(), reset(), or panic() as long as there is a
reasonable way to continue normal operation.

> I am suggesting an API that goes along the lines of:

I understand what you are proposing, and I do not want to accept that.
It is IMO a wrong approach. Functions hang(), reset(), or panic() are
the lowest layer of the implementation, they are function promitives
that are useful as is, and they do exactly what you expect them to do,
without any magic stuff.  Feel free to build your own error handling
and repostiong and logging functions on top of them. If they are
generally useful these may then be reused in more code. But don't try
to put any such stuff into the function primitives.

Best regards,

Wolfgang Denk

-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
"I like your game but we have to change the rules."