[U-Boot] [PATCH v4 3/8] sandbox: gpio: Add basic driver for simulating GPIOs

Simon Glass sjg at chromium.org
Tue Feb 21 22:55:39 CET 2012


Hi Mike,

On Tue, Feb 21, 2012 at 8:04 AM, Mike Frysinger <vapier at gentoo.org> wrote:
> On Tuesday 21 February 2012 01:27:31 Simon Glass wrote:
>> On Mon, Feb 20, 2012 at 10:11 PM, Mike Frysinger wrote:
>> > --- a/drivers/gpio/sandbox.c
>> > +++ b/drivers/gpio/sandbox.c
>> >
>> >  /* Access routines for GPIO state */
>> > -static u8 *get_gpio(unsigned gp)
>> > +static u8 *get_gpio_flags(unsigned gp)
>> >  {
>> > -       assert(gp < CONFIG_SANDBOX_GPIO_COUNT);
>> > +       if (gp >= ARRAY_SIZE(state)) {
>> > +               static u8 invalid_flags;
>> > +               printf("sandbox_gpio: error: invalid gpio %u\n", gp);
>> > +               return &invalid_flags;
>> > +       }
>> > +
>>
>> I think we want to die / fail the test here, but since we don't have
>> any tests I suppose this is ok for now. I like assert() because it
>> halts.
>
> the problem is that assert() is disabled by default, so by default, we get
> memory corruption :).  i tend to agree with your previous statements (in
> another thread) that the sandbox should, by default, do arg checking since the
> sandbox env is expected to be tested/developed under.
>
> extending that logic, i think it makes more sense to get output that includes
> errors but "works" so people can play around more on the command line without
> interrupting things.  after all, i'd rather see an error message if i was in
> the middle of typing "gpio ..." on the command line but fat fingered the gpio
> number and typed "gpio set 199" instead of "gpio set 19".

I think the opposite though - it makes more sense to me that the test
fails and reports failure, than continues with bogus results.

How about you leave the assert in as well - then I will be happy enough.

Later we could change assert to always bail on sandbox, or make
sandbox always build with DEBUG (although we would need to introduce a
way of skipping the output).

>
>> >  /* set GPIO port 'gp' as an input */
>> >  int gpio_direction_input(unsigned gp)
>> >  {
>> > -       debug("%s: gp = %d\n", __func__, gp);
>> > +       debug("%s: gp:%u\n", __func__, gp);
>> > +
>> >        if (check_reserved(gp, __func__))
>> >                return -1;
>> > -       set_gpio_flag(gp, GPIOF_OUTPUT, 0);
>> >
>> > -       return 0;
>> > +       return sandbox_gpio_set_direction(gp, 0);
>>
>> Ick, we shouldn't call that function here - it is in the test code. Same
>> below.
>>
>> The idea is that this state has two completely separate sides to it -
>> by calling the 'test' functions from the 'U-Boot' functions I think
>> you are going to confuse people a lot.
>
> the way i see it is we have the pin state ("state"), we have direct accessor
> functions with no error checking so other things can directly manipulate that
> state (sandbox_gpio_xxx), and we have the generic gpio api (gpio_xxx).  i
> don't think both API's should get to directly manipulate the state ... it's
> more logical (to me) that the generic gpio api be built off the hardware state
> api rather than grubbin' around directly.
>
> the only place that gets confusing is when we have one structure that ends up
> storing the hardware state (pin direction/levels) along side the generic gpio
> state (pin reservation and friendly label names).  although, thinking a little
> more, we should be able to split that out easily enough -- have an array of
> labels and if a gpio's label is NULL, we know the pin is not reserved.

What I find confusing is that you implement the external API using the
test API - I mean confusing for people reading the code. It would be
better (if you want functions to access all the state) if there were
an internal access functions which the two sets use. I was trying to
keep them as separate as possible.

Worse is that (for example) set_gpio_flag() now accesses a bogus GPIO
and doesn't stop.

IMO

- the test API should fault an invalid access and stop
- the external API should assert() and continue.

I agree that assert() is currently skipped and will not cause a test
to fail, but of course we can address that if you like.

Anyway, this GPIO implementation is better than what we currently
have...so if you really think this is the right thing to do, then
let's go with it and address it later when we have some tests.

> -mike

Regards,
Simon


More information about the U-Boot mailing list