riscv: add fallible functions #222
Conversation
|
We probably also want to cover the Wanted to submit the initial work to get feedback on the approach. |
|
I've added suggested fixes as If you're happy with them, I'll squash them into their respective parent commits before a merge. I've also left conversations open to continue discussion on some of the style-related suggestions. |
There was a problem hiding this comment.
It is looking great! The only comments I have are:
- Adding an
InvalidVarianterror for those cases in which there are reserved values within a bitmask. - Updating "infallible" functions to use their "fallible" counterpart followed by an
unwrap(). In this way, new panic messages will show a more comprehensive outcome.
rmsyn
force-pushed
the
riscv/result
branch
2 times, most recently
from
7347b51
to
768f825
Compare
|
Ok, I added the next round of |
There was a problem hiding this comment.
So far so good!
I was thinking about the correct location of the result module and maybe we should consider moving it to riscv-pac. Ideally, riscv-pac will have way less activity and act as a dependency for all the riscv ecosystem. Crates such as riscv or riscv-peripheral would re-export the result module. Moving it to riscv-pac will allow us to bump riscv versions without breaking other crates, as there will not be version issues.
I'm not sure about the "correct" location for the I think the latter makes more sense, and follows with
We could still bump Maybe I'm misunderstanding the architecture, but I thought |
|
You can get more information about the motivation of the You can think of Let us assume that we have the If we place the |
I think this makes sense. If you are planning to have In fact, if that's the plan, then moving A similar approach would still need to be taken for any additions to the I'll move it in a |
riscv/src/lib.rs
Outdated
| @@ -40,6 +40,7 @@ pub(crate) mod bits; | |||
| pub mod delay; | |||
| pub mod interrupt; | |||
| pub mod register; | |||
| pub use riscv_pac::result; | |||
There was a problem hiding this comment.
It could be handy to reexport the riscv-pac crate
| pub use riscv_pac::result; | |
| pub use riscv_pac::{self as pac, result}; |
There was a problem hiding this comment.
... or even pub use riscv_pac::*?
Adds the `result` module to contain types for fallible functions. For discussion, see: <rust-embedded#212 (comment)>
Adds fallible `try_` function variants to most `register` module macros.
Adds fallible access functions for `Mcounteren` HPM fields.
Adds fallible access functions for `Scounteren` HPM fields.
Adds fallible access functions for `Mcountinhibit` HPM fields.
Adds fallible access functions for `Satp` ASID and PPN fields.
Adds fallible conversion functions for `Pmpcfgx` permission and range fields.
|
I think this is done. The main new features are:
While there are other aspects to polish (e.g., modifying |
|
@rmsyn could you please update the |
Uses the new `Result` type for library traits.
😅 I looked for current usage of the traits, and must have missed |
Uses the `riscv_pac::result::*` types for unsafe trait implementations.
riscv-pac/src/result.rs
Outdated
| /// Invalid field value. | ||
| InvalidValue { | ||
| field: &'static str, | ||
| value: usize, | ||
| bitmask: usize, | ||
| }, | ||
| /// Invalid value of a register field that does not match any known variants. | ||
| InvalidVariant { field: &'static str, value: usize }, |
There was a problem hiding this comment.
Maybe we could differentiate errors regarding fields of a register and errors regarding the whole register/value. The idea is avoiding defining the field in the riscv-peripheral examples, as I think it is not necessary.
| /// Invalid field value. | |
| InvalidValue { | |
| field: &'static str, | |
| value: usize, | |
| bitmask: usize, | |
| }, | |
| /// Invalid value of a register field that does not match any known variants. | |
| InvalidVariant { field: &'static str, value: usize }, | |
| /// Invalid value of a register field. | |
| InvalidFieldValue { | |
| field: &'static str, | |
| value: usize, | |
| bitmask: usize, | |
| }, | |
| /// Invalid value of a register field that does not match any known variants. | |
| InvalidFieldVariant { field: &'static str, value: usize }, | |
| /// Invalid value. | |
| InvalidValue { | |
| value: usize, | |
| bitmask: usize, | |
| }, | |
| /// Invalid value that does not match any known variants. | |
| InvalidVariant(usize), |
There was a problem hiding this comment.
Maybe we could differentiate errors regarding fields of a register and errors regarding the whole register/value.
This makes sense to me. The value covers the entire structure, so this separation could be useful in other cases without subfields.
riscv-peripheral/examples/e310x.rs
Outdated
| if number > Self::MAX_HART_ID_NUMBER { | ||
| Err(number) | ||
| Err(Error::InvalidVariant { | ||
| field: "hart_id", |
There was a problem hiding this comment.
Adding field to these errors feels unnecessary to me.
Changes current `Invalid*` variants to `InvalidField*` variants to indicate their use for subfields in an outer struct. Adds the field-less counterparts for use in a context without subfields.
Added the recommended changes. Hopefully they cover the contexts you were concerned with. Agree that for contexts where the value covers the entire structure, we can get the necessary context from the conversion function, e.g. in a backtrace / panic dump. |
| _ => Err(Error::InvalidFieldValue { | ||
| field: "permission", | ||
| value: val as usize, | ||
| bitmask: 0b111, |
There was a problem hiding this comment.
| _ => Err(Error::InvalidFieldValue { | |
| field: "permission", | |
| value: val as usize, | |
| bitmask: 0b111, | |
| _ => Err(Error::InvalidValue { | |
| value: val as usize, | |
| bitmask: 0b111, |
| _ => Err(Error::InvalidFieldValue { | ||
| field: "range", | ||
| value: val as usize, | ||
| bitmask: 0b11, |
There was a problem hiding this comment.
| _ => Err(Error::InvalidFieldValue { | |
| field: "range", | |
| value: val as usize, | |
| bitmask: 0b11, | |
| _ => Err(Error::InvalidValue { | |
| value: val as usize, | |
| bitmask: 0b11, |
I can appreciate that reviews are incremental, but this could have been made clearer in the last set of changes. The It also clarifies situations where multiple fields could return/bubble-up an error. For instance, in a function parsing the |
|
Hey @rmsyn sorry if it annoyed you. After the last changes, I thought that backtracking would be enough to find out which field changed, with no need to add static strings to the binary. In any case, if you think that variants that indicate the invalid field are necessary/valuable, we can definitely leave them as is, I have no strong feelings against them. I will wait a couple of days in case anyone from @rust-embedded/riscv wants to leave their review and merge it to master. |
I think the If we did use an enum, or follow We could also just drop the |
|
Let's leave the |
Adds fallible variants to all functions that explicitly panic in the
riscvcrate.Resolves: #212