00:11 <re_irc> Based on the bootloader design I use in production at Akiles (my company), so it's battle tested :)

00:11 <re_irc> <dirbaio> jkelleyrtp: https://github.com/embassy-rs/embassy/tree/master/embassy-boot/nrf

00:11 <re_irc> It's a farily recent addition to embassy, sorry for so little docs! feel free to ping me with questions

00:11 <re_irc> <dirbaio> sorry guys I couldn't attend the meeting, catching up with the spi thing now

00:17 <re_irc> <dirbaio> GrantM11235: yes and no, there's no trait for it, but bus-sharing-providers could do the "configure" closure trick from rahix and the user could call hal-specific methods from there

00:17 <re_irc> <dirbaio> I think it's best to leave it to HALs for now

00:18 <re_irc> <dirbaio> maybe we can have set_mode, set_frequency traits in the future (but the time traits stuff is blocking for freq probably heh)

00:34 <re_irc> <dirbaio> GrantM11235: done, nice catch!

00:35 <re_irc> <dirbaio> GrantM11235: why? :D

04:45 <re_irc> <GrantM11235> dirbaio: I like the configure closure trick, but I don't think it will work for reconfiguring the word size with hals that use a word type parameter

04:48 <re_irc> <dirbaio> why?

04:48 <re_irc> <dirbaio> the HAL would support all word szies on the same struct at the same time

04:48 <re_irc> impl SpiBus<u8> for Spi {..}

04:48 <re_irc> impl SpiBus<u16> for Spi {..}

04:48 <re_irc> <dirbaio> struct Spi {..}

04:48 <re_irc> impl SpiBus<u32> for Spi {..}

04:49 <re_irc> <dirbaio> a driver could do "where T: SpiDevice, T::Bus: SpiBus<u8> + SpiBus<u16>"

04:49 <re_irc> <dirbaio> and even mix word sizes in the same transaction

04:50 <re_irc> <dirbaio> spi.transaction(|bus| {

04:50 <re_irc> bus.write(&my_u8_buf);

04:50 <re_irc> bus.write(&my_u16_buf);

04:50 <re_irc> });

04:50 <re_irc> <GrantM11235> Most HALs do "impl<Word> SpiBus<Word> for Spi<Word>"

04:55 <re_irc> <GrantM11235> So if you have a "&mut Spi<u8>" there is no way to turn it in to anything that impls "SpiBus<u16>"

04:55 <re_irc> <dirbaio> then hals shouldn't do that :P

09:39 <re_irc> <vhakulinen> I asked the same question on rust science channel, but going to throw this here too.

09:39 <re_irc> Has anyone used nalgebra on embedded systems? When ever I'm trying to use it (create a matrix/vector and/or accessing it's data), it causes hard fault on a cortex m4 system. My setup includes a c++ sdk to which the rust code is statically linked to, and I dont have access to the SDK's source code so debugging it is quite a challenge (+ I'm not that experienced on it), so I can't really get to the source of the issue from the...

09:39 <re_irc> ... debugger.

09:48 <re_irc> <burrbull> Using of nalgebra should not be problem if you are using static allocations. But linking with c++. Too many reasons to fail

09:52 <re_irc> <burrbull> Any way you try to catch HardFault exception with cortex-m-rt

09:55 <re_irc> <vhakulinen> The SDK provides that exception handler, but I'm not really sure what to do in the debugger once I get there... From what I managed to gather, it seems that there is another exception before the hard fault (bus fault?).

09:57 <re_irc> <burrbull> So you link rust to c++, not c++ to rust

09:57 <re_irc> <vhakulinen> Yes

09:59 <re_irc> <vhakulinen> Also, the static library that is compiled from rust has some conflicting compiler builtins (intrinsics?) that I need to strip out in order to make the linking part work.

10:04 <re_irc> <burrbull> Have you tried to test your library on host machine?

10:06 <re_irc> <vhakulinen> I have used nalgebra before, but not the static library I'm compiling to the target. I guess thats up next, with some similar c++ setup

12:28 <re_irc> <rahix> vhakulinen: can you narrow it down to a particular function call? then you can look at the assembly, I think that might give some clues

12:29 <re_irc> <rahix> the intrinsics you mentioned could also play a role, depending on how broken that c++ blob is

12:30 <re_irc> <vhakulinen> I just did some testing and as soon as I add nalgebra types (the storage or matrix), the function fails to "start" (e.g. if I step through in debugger, I get to the start of the function, but I guess the function stack fails to load or something like that)

12:30 <re_irc> <vhakulinen> regarding intrinsics, after I mentioned it here I tried and now it links fine without stripping them. Perhaps I changed some linking options at some point

12:30 <re_irc> <rahix> be careful with the debugger, it does not always tell the truth

12:30 <re_irc> <vhakulinen> +that made it work

12:32 <re_irc> <rahix> you mean adding a local variable of some nalgebra type to your function?

12:32 <re_irc> <adamgreig> vhakulinen: https://interrupt.memfault.com/blog/cortex-m-fault-debug is a great reference for finding out what's causing the hardfault

12:32 <re_irc> <vhakulinen> Yea, I've noticed that its a bit on-and-off over the jlink debugger. But either way, if I have a line like "let a = 10" as a first line of code in the function body, it doesn't get there if there is that na storage/matrix stuff when stepping through. Too mad that I don't know assembly that well the make any guesses on what its doing at that point

12:33 <re_irc> <adamgreig> if it's a bus fault you should be able to isolate it to a particular memory access and hopefully then work out what that's coming from

12:33 <re_irc> <adamgreig> is it possible you're just overflowing the stack or something like that?

12:33 <re_irc> <adamgreig> especially with nalgebra it might be easy to accidentally create a very large data structure on the stack

12:34 <re_irc> <rahix> that is also what it sounds like to me...

12:36 <re_irc> <adamgreig> it would be instructive to see what SP is when it faults, for example

12:36 <re_irc> <ryan-summers> Doesn't a lot of context get pushed into various debug registers for cortex-m?

12:37 <re_irc> <adamgreig> yep, that memfault blog post ^ covers them nicely

12:37 <re_irc> <ryan-summers> I remember it being super opaque, but the data _is_ available somewhere

12:37 <re_irc> <vhakulinen> I've been browsing that memfault article, but I guess its time to read it through again. Regarding overflowing the stack: is that possible with statically allocated things? As far as I've understood it, if the program loads its shouldn't overflow because everything is already loaded into memory, right?

12:37 <re_irc> <adamgreig> you're always going to be using _some_ stack just for function calls and function-local variables

12:37 <re_irc> <ryan-summers> Depends - are you using flip-link?

12:37 <re_irc> <adamgreig> if your large data structures are statically allocated that's OK

12:37 <re_irc> <adamgreig> but it's very easy to accidentally stack allocate some large objects, and then copy them into statics

12:37 <re_irc> <ryan-summers> If you're not using flip-link, large static variables still make stack overflows more dangerous

12:38 <re_irc> <ryan-summers> Or rather, more likely, since you effectively have less stack

12:38 <re_irc> <adamgreig> yea, but if you're already faulting it's not going to change that (maybe it will fault slightly earlier)

12:39 <re_irc> <adamgreig> if you have a debugger attached, look at the sp register after the fault, see if it's below the start of ram

12:39 <re_irc> <adamgreig> or single-step through the faulting region and watch sp

12:39 <re_irc> <adamgreig> it might be something else besides a stack overflow of course! just a thought

12:40 <re_irc> <adamgreig> the memfault blog procedure should narrow down what caused the fault, if it's a memory access to just before the start of RAM then it was probably a stack overflow

12:42 <re_irc> <vhakulinen> Okay, thanks for the tip. I'll have another look at it 👍️

14:30 <re_irc> <omar_u8> I was trying today to execute semi hosting (and also ITM) examples on the Stm32f401re, however when trying to build the examples I get a rust-lld error regarding interrupt vectors being missing. I’ve done some searching about similar errors and tried a few things to no avail. Any leads where I should look?

14:34 <re_irc> <ryan-summers> That's usually caused by the device not being properly specified, isn't it?

14:34 <re_irc> <ryan-summers> Are you specifying your exact chip for the HAL? E.g. enabling the "stm32f401re" feature for the HAL?

14:37 <re_irc> <omar_u8> in the cargo.toml?

14:38 <re_irc> <omar_u8> [dependencies.stm32f4xx-hal]

14:38 <re_irc> version = "0.10"

14:38 <re_irc> features = ["rt", "stm32f401"]

14:38 <re_irc> <omar_u8> Thats what I have in there.

14:39 <re_irc> <ryan-summers> This is a pretty common "getting-setup" issue from what I remember and is usually w.r.t feature and device selection, but my memory isn't perfect here

14:39 <re_irc> <ryan-summers> I think it means that somehow "cortex-m-rt" isn't getting pulled in?

14:39 <re_irc> <omar_u8> ryan-summers: Yeah, at least the error seems to indicate that.

14:41 <re_irc> <ryan-summers> Are you building from within the "stm32f4xx-hal" repo, or from your own repo?

14:45 <re_irc> <omar_u8> My own repo

14:48 <re_irc> <omar_u8> Well I cloned the cortex m quick start some time back and did some mods to make debug work.

14:48 <re_irc> <ryan-summers> My guess this is that this is related to the Cargo.toml dependencies

14:49 <re_irc> <ryan-summers> You can try the "cargo tree" command to see if cortex-m-rt is being pulled in by the HAL

14:50 <re_irc> <omar_u8> Ok I’ll check on that. Thanks!

14:50 <re_irc> <adamgreig> Maybe you need to use the HAL

14:50 <re_irc> <adamgreig> It's not enough to have it in cargo.toml if your source doesn't also use it (and cortex m rt)

14:51 <re_irc> <ryan-summers> Ah, so "use stm32f4xx_hal as _;" in "main.rs" or something?

14:52 <re_irc> <omar_u8> We’ll as HAL yes

14:52 <re_irc> <omar_u8> I took the discovery example as is from what I recall

14:53 <re_irc> <omar_u8> Just modified the imports.

14:53 <re_irc> <omar_u8> I’m away from my pc now but I’ll give it a check and see if I missed something there.

15:13 <re_irc> <yruama_lairba> hi, does somoen have guideline about what to mark unsafe or not in a embed context ?

15:21 <re_irc> <ryan-summers> The best guideline is the language definition of unsafe: https://doc.rust-lang.org/std/keyword.unsafe.html - specifically, only use unsafe if it regards memory safety

15:21 <re_irc> <ryan-summers> In general, I think the consensus is that you shouldn't use it to indicate other things, since it has a well defined meaning in Rust

15:22 <re_irc> <yruama_lairba> ok, so a command that may cause synchronisation issue when executed is not unsafe

15:23 <re_irc> <ryan-summers> It depends what you mean by synchronization. If you mean e.g. memory synchronization between two cores, then yes it would likely be unsafe

15:24 <re_irc> <ryan-summers> If you mean like a frame synchronization issue on a display, I wouldn't call that unsafe

15:24 <re_irc> <yruama_lairba> no, just clock synchronisation

15:24 <re_irc> <ryan-summers> I would just document potential side effects of the function and how to use it to avoid the issues described

15:25 <re_irc> <ryan-summers> But don't mark it as unsafe unless it conforms with Rust's definition of unsafe

15:25 <re_irc> <yruama_lairba> but a command that can cause invalid combination of register values is unsafe

15:27 <re_irc> <ryan-summers> Err, I don't think even that's considered unsafe under Rust's definitions

15:28 <re_irc> <ryan-summers> Hmm, well https://doc.rust-lang.org/std/keyword.unsafe.html#the-different-meanings-of-unsafe seems to indicate it can be used to indicate some contract must be upheld

15:28 <re_irc> <ryan-summers> So maybe it would work in your case if there's something the programmer must do

15:30 <re_irc> <yruama_lairba> yes, my intend was to put unsafe to things than can cause undefined behaviours.

15:32 <re_irc> <yruama_lairba> but with this definition, too many thing are unsafe

15:36 <re_irc> <yruama_lairba> so i was wandering it they was a consensus about "unsafe" idication in embedded world

15:36 <re_irc> <yruama_lairba> * if

15:44 <re_irc> <adamgreig> The contracts that page refers to are about upholding memory safety

15:46 <re_irc> <ryan-summers> I think some HALs may violate this rule though (see https://github.com/stm32-rs/stm32h7xx-hal/blob/master/src/ethernet/eth.rs#L440, where "new_unchecked", which constructs the ETH without requiring configured pins, is marked unsafe)

15:47 <re_irc> <adamgreig> Yea, my opinion is such a method shouldn't be unsafe, but it's not like the rust police will come stop you

15:47 <re_irc> <ryan-summers> Yeah, agreed :P

15:50 <re_irc> <adamgreig> There's also https://doc.rust-lang.org/reference/behavior-considered-undefined.html

15:50 <re_irc> <yruama_lairba> not agree, the unsafty is related to a DMA stuff

15:53 <re_irc> <adamgreig> Then why is new() safe?

15:54 <re_irc> <adamgreig> The only difference is the pins, both still consume a singleton peripheral

15:57 <re_irc> <yruama_lairba> right, didn't see the incoherence

16:02 <re_irc> <yruama_lairba> so i suck to write API for a codec.

16:03 <re_irc> <yruama_lairba> i finished to write a version yesterday that looked nice, until i tried to really use it :/

16:07 <re_irc> <yruama_lairba> i tried to imitate Peripherals Access crate by doing "set_my_register(|w| ...)" but it' not conveninet to use because you can't store the W to reuse it after

16:07 <re_irc> <yruama_lairba> *reuse it later

16:12 <re_irc> <yruama_lairba> a previous version was just "write(register)" but IMHO this was making "write" actually unsafe because some combination of values across register are not valid

16:13 <re_irc> <jannic> Designing a good API without actually trying it out on a real project is really hard. (And even with a specific use case it's still hard, as the next use case will be different...)

16:19 <re_irc> <yruama_lairba> jannic: technically, i just wanted to do something that can write all configuration register. quite simple until i wanted to use unsafe to declare unsafe stuff

16:22 <re_irc> <firefrommoonlight> I think that's what bites many EH libs

16:23 <re_irc> <firefrommoonlight> I find it easier to work the other way around - write a module for a specific project, then make it more generic or feature -rich after as required

16:24 <re_irc> <firefrommoonlight> I think that's what bites EH libs

16:31 <re_irc> <yruama_lairba> firefrommoonlight: this what i should did, writting a hal for a specific use

16:37 <re_irc> EH as an abstraction layer is extra difficult: its usefulness for a single project is very limited by definition. You need a lot of examples to extract a common API which is both easy to use and generic enough.

16:37 <re_irc> <jannic> > I think that's what bites EH libs

16:38 <re_irc> <yruama_lairba> what mean EH ?

16:38 <re_irc> <ryan-summers> embedded-hal

16:39 <re_irc> <omar_u8> adamgreig: Using the HAL resolved the error issu

16:39 <re_irc> e, though now when running the code it keeps breaking at the below line in the lib.rs and doesnt print anything to the console. #[cfg(all(thumb, not(feature = "inline-asm"), not(feature = "no-semihosting")))]

16:39 <re_irc> () => __c_m_sh_syscall(_nr, _arg),

16:39 <re_irc> <omar_u8> Using the HAL resolved the error issue, though now when running the code it keeps breaking at the below line in the lib.rs and doesnt print anything to the console. ```#[cfg(all(thumb, not(feature = "inline-asm"), not(feature = "no-semihosting")))]

16:39 <re_irc> () => __c_m_sh_syscall(_nr, _arg),

16:39 <re_irc> <omar_u8> Using the HAL resolved the error issue, though now when running the code it keeps breaking at the below line in the lib.rs and doesnt print anything to the console.

16:39 <re_irc> #[cfg(all(thumb, not(feature = "inline-asm"), not(feature = "no-semihosting")))]

16:39 <re_irc> () => __c_m_sh_syscall(_nr, _arg),

16:42 <re_irc> <omar_u8> +linker

16:52 <re_irc> <ryan-summers> Without more context on what your app looks like, it's going to be impossible to help debug

16:57 <re_irc> <omar_u8> ryan-summers: Sure, I am trying to run the semihosting example from the discovery book as is but on a different board with the STM32F401RE.

16:58 <re_irc> <omar_u8> #![no_main]

16:58 <re_irc> use cortex_m_rt::entry;

16:58 <re_irc> #![no_std]

16:58 <re_irc> use panic_halt as _;

16:58 <re_irc> ... long message truncated: https://psion.agg.io/_matrix/media/r0/download/psion.agg.io/e331758a422c3ffea66ec9dd9ed1e9eaefd98a81992d4da6cf0100d034d3fd63 (11 lines)

16:58 <re_irc> <omar_u8> Thats the code

16:58 <re_irc> <ryan-summers> Where's the "__c_m_sh_syscall" stuff coming from?

16:59 <re_irc> <ryan-summers> Also, any particular reason you want to use semihosting instead of RTT? Semihosting is incredibly slow

16:59 <re_irc> <ryan-summers> Also, I'm assuming you have a debugger attached to the board?

16:59 <re_irc> <omar_u8> The full setup is working with other code, GPIO and what have you. Though when I run the semihosting example the code breaks at the "__c_m_sh_syscall" line

17:00 <re_irc> <omar_u8> Its a nucleo board with the STlink

17:00 <re_irc> <omar_u8> ryan-summers: Well no particular reason, I just want to tray getting examples goign and see the difference.

17:00 <re_irc> <omar_u8> * try getting examples going

17:01 <re_irc> <ryan-summers> Are you enabling semihosting in your debugger setup? Semihosting is a bit weird and not super common nowadays

17:01 <re_irc> <ryan-summers> You should have something along the lines of "monitor arm semihosting enable" in your GDB / Openocd config file

17:02 <re_irc> <omar_u8> Yes in the openocd.gdb

17:03 <re_irc> <omar_u8> I tried stepping through the code using the debugger as well. It goes through a bunch of lines before breaking at that particular line and always returning to it.

17:04 <re_irc> <omar_u8> /// Performs a semihosting operation, takes one integer as an argument

17:04 <re_irc> pub unsafe fn syscall1(_nr: usize, _arg: usize) -> usize {

17:04 <re_irc> #[inline(always)]

17:04 <re_irc> ... long message truncated: https://psion.agg.io/_matrix/media/r0/download/psion.agg.io/cbaa12dbdfcdf51e5c6dac9019a9d93f59a50e3b84108fe1f410f501bbfe48e5 (20 lines)

17:04 <re_irc> match () {

17:05 <re_irc> <omar_u8> It particularly breaks at line 6 of the above in the lib.rs