ardupilot/libraries/AP_FlashStorage/AP_FlashStorage.h
Andrew Tridgell 6e1e89bb70 AP_FlashStorage: fixed a corruption bug
many thanks to @sh83 for tracking down this bug. When write_all() is
called with non-zero offset in init it ends up calling write with an
invalid offset, triggering a full reset

This fixes issue #10874
2019-03-28 14:33:44 +11:00

152 lines
4.9 KiB
C++

/*
Please contribute your ideas! See http://dev.ardupilot.org for details
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*
a class to allow for FLASH to be used as a memory backed storage
backend for any HAL. The basic methodology is to use a log based
storage system over two flash sectors. Key design elements:
- erase of sectors only called on init, as erase will lock the flash
and prevent code execution
- write using log based system
- read requires scan of all log elements. This is expected to be called rarely
- assumes flash that erases to 0xFF and where writing can only clear
bits, not set them
- assumes flash sectors are much bigger than storage size. If they
aren't then caller can aggregate multiple sectors. Designed for
128k flash sectors with 16k storage size.
- assumes two flash sectors are available
*/
#pragma once
#include <AP_HAL/AP_HAL.h>
/*
The StorageManager holds the layout of non-volatile storeage
*/
class AP_FlashStorage {
private:
static const uint8_t block_size = 8;
static const uint16_t num_blocks = HAL_STORAGE_SIZE / block_size;
static const uint8_t max_write = 64;
public:
// caller provided function to write to a flash sector
FUNCTOR_TYPEDEF(FlashWrite, bool, uint8_t , uint32_t , const uint8_t *, uint16_t );
// caller provided function to read from a flash sector. Only called on init()
FUNCTOR_TYPEDEF(FlashRead, bool, uint8_t , uint32_t , uint8_t *, uint16_t );
// caller provided function to erase a flash sector. Only called from init()
FUNCTOR_TYPEDEF(FlashErase, bool, uint8_t );
// caller provided function to indicate if erasing is allowed
FUNCTOR_TYPEDEF(FlashEraseOK, bool);
// constructor.
AP_FlashStorage(uint8_t *mem_buffer, // buffer of storage_size bytes
uint32_t flash_sector_size, // size of each flash sector in bytes
FlashWrite flash_write, // function to write to flash
FlashRead flash_read, // function to read from flash
FlashErase flash_erase, // function to erase flash
FlashEraseOK flash_erase_ok); // function to check if erasing allowed
// initialise storage, filling mem_buffer with current contents
bool init(void);
// re-initialise storage, using current mem_buffer
bool re_initialise(void);
// switch full sector - should only be called when safe to have CPU
// offline for considerable periods as an erase will be needed
bool switch_full_sector(void);
// write some data to storage from mem_buffer
bool write(uint16_t offset, uint16_t length);
// fixed storage size
static const uint16_t storage_size = block_size * num_blocks;
private:
uint8_t *mem_buffer;
const uint32_t flash_sector_size;
FlashWrite flash_write;
FlashRead flash_read;
FlashErase flash_erase;
FlashEraseOK flash_erase_ok;
uint8_t current_sector;
uint32_t write_offset;
uint32_t reserved_space;
bool write_error;
// 24 bit signature
static const uint32_t signature = 0x51685B;
// 8 bit sector states
enum SectorState {
SECTOR_STATE_AVAILABLE = 0xFF,
SECTOR_STATE_IN_USE = 0xFE,
SECTOR_STATE_FULL = 0xFC
};
// header in first word of each sector
struct sector_header {
uint32_t state:8;
uint32_t signature:24;
};
enum BlockState {
BLOCK_STATE_AVAILABLE = 0x3,
BLOCK_STATE_WRITING = 0x1,
BLOCK_STATE_VALID = 0x0
};
// header of each block of data
struct block_header {
uint16_t state:2;
uint16_t block_num:11;
uint16_t num_blocks_minus_one:3;
};
// amount of space needed to write full storage
static const uint32_t reserve_size = (storage_size / max_write) * (sizeof(block_header) + max_write) + max_write;
// load data from a sector
bool load_sector(uint8_t sector);
// erase a sector and write header
bool erase_sector(uint8_t sector);
// erase all sectors and reset
bool erase_all();
// write all of mem_buffer to current sector
bool write_all();
// return true if all bytes are zero
bool all_zero(uint16_t ofs, uint16_t size);
// switch to next sector for writing
bool switch_sectors(void);
};