This is the mail archive of the ecos-devel@sources.redhat.com mailing list for the eCos project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

AW: contributing a failsafe update meachanism for FIS from within ecos applications

From: "Neundorf, Alexander" <Alexander dot Neundorf at jenoptik dot com>
To: "Andrew Lunn" <andrew at lunn dot ch>
Cc: <ecos-devel at sources dot redhat dot com>
Date: Tue, 19 Oct 2004 17:26:34 +0200
Subject: AW: contributing a failsafe update meachanism for FIS from within ecos applications

Hi all,

> Von: Andrew Lunn [mailto:andrew@lunn.ch]
> Betreff: Re: contributing a failsafe update meachanism for FIS from
> within ecos applications
> 
> > Ok, I'll post a modified patch which uses "$Magic[01]" as "magic
> > number" in the next days, with "$Magic0" for the fis table 0 and
> > "$Magic1" for fis table 1. This leaves 8 bytes room for the
> > valid_flag and the version_count.
> 
> The problem with "Magic" is that it does not indicate what its for. If
> you don't know what its for, somebody will delete it. "fis valid" is
> less likely to be deleted since it sounds more important. I also don't
> see why you need Magic0 and Magic1. 
> 
> You don't need 8 bytes. All you really need is 4 bits. 2 bits for
> valid, in progress and empty, plus 2 bits for the version. 


No two bits for "valid or in_progress or empty" is not enough. In the case that power is lost while writing exactly these two bits the state of these two bits is undefined. So the probability that they end up as valid when I actually wanted to write in_progress is 25%, at least >>0. If the valid_flag is 32 bits and only one combination is considered valid, then the probability is 1/(2**32).
Two bits for the version are with my proposed scheme also not enough. The old table will never be touched, the new one will increase the version of the old table by one. So no wrap-around may happen. This won't happen with 32 bits.

So, here comes a modified patch. 

With the basic changes being:

#define EFIS_VALID "$_FisValid_"

struct fis_valid_info
{
   char magic_name[12];
   unsigned long valid_flag;
   CYG_ADDRESS unused_flash_base;
   unsigned long version_count;
};

This will ensure that also older redboots will recognize this entry in the table as being used but consuming no space on the flash (length and flash_base ==0).
$_FisValid_ isn't listed by "fis list" since its address isn't found (see the loop in fis list).
The flash block of the second fis table is now defined with a cdl-option, I didn't get around yet to define an option to switch the second table on and off.
The fisfs-2.tar.gz contains the changes required in the application code. Still no ecos fs (but will come).

Bye
Alex

Attachment: fisfs-2.tar.gz
Description: fisfs-2.tar.gz

Attachment: fis.fail_save.patch
Description: fis.fail_save.patch

Follow-Ups:
- Re: contributing a failsafe update meachanism for FIS from within ecos applications
  - From: Andrew Lunn

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]