-
Notifications
You must be signed in to change notification settings - Fork 145
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some input files are written incompletely to flash #918
Comments
We've had this discussion before, and I still disagree. |
What about The problem is that fileio() thinks the chip is erased, but it isn't necessarily so, because the user (for whatever reason) has asked |
For -D it's simply the user's responsibility to not attempt to write anything on non-erased cells. |
The given real example is an input file that requires 18 pages to be programmed, but only 17 pages get written.
How is this not a bug? In my view the workings of NOR memory is a red herring. |
It doesn't. |
The crux of the matter is that avrdude does not send all of the input file to the programmer. If that were correct behaviour, then, out of necessity the programmer would then need to erase all of the remaining flash all of the time just in case that the input file had trailing 0xff bytes that avrdude decided to withhold. To the best of my knowledge, it is not common practice for programmers to erase the remainder of the flash. Hence, avrdude should send all of the input file to the programmer unless it can be sure that the chip had been erased. |
The respective command is called "chip erase". So yes, the programmer is supposed to erase everything. |
How does that work with a bootloader? |
I mean, would chip erase not destroy the bootloader, too? |
Sure, but then, the expectation is of course always that the bootloader will protect itself – against a chip erase, but also against any input file that attempts to overwrite it (and apart from that, it cannot e.g. modify fuses). But upon being told to erase the chip, it must erase the application area (and usually also the EEPROM), as its closest possible approximation of erasing the chip. Things would be different if we started to implement page erases (I think recent Atmel/Microchip tools allow for that): then, I agree, any page of 0xffff in the input file would have to communicate a page erase to the programmer. |
[edited to replace mistakenly written -U with -D what was meant] And what if the user specifies -D? The programmer still would have to erase the remainder of the flash every time avrdude sends a file because it cannot know whether avrdude withheld trailing 0xffs. And do they really do that in practice? In virtually all circumstances this would have little utility and only make the user wait longer for programming to finish. Bootloaders have a legitimate interest to save space. Even if a bootloader did implement chip erase, the user could still decide to issue -D. It would be good if avrdude did not withhold trailing 0xffs from the programmer when the user specifies -D. What do other people think? Or has everyone gotten a packet of popcorn for watching the discussion ;) |
I'm here for the popcorn! 🍿 I'll have to admit, this has never really been a problem I've encountered before. Optiboot always does what it should when using the -D flag. When uploading using an ISP, it works perfectly even when not using the -e flag before -U. Not sure if this is a bug or a feature though. |
This thread is kind of fun to read. From what I understand is that the -D has serious implications that people failed to understand. This includes me personally, and sadly, also the Arduino people (they use -D with Optiboot, too). As I understand Jörg, the -D option must only be used if it is guaranteed that the entire flash has been previously erased. This severely limits its use, for instance for a sequence of programming commands, where the first programming command already included the chip erase (i.e. without the -D). I used to interpret the -D option as "if the programmer is capable of doing a page erase, it is OK to skip the chip erase". Now, I knew about the 0xFF optimization in avrdude, but I failed to understand the implications. That said, it is always frustrating for me, trying to do everything right, only to find out that I walked into a trap that was not obvious to me. Meaning after some years of AVR programming, I would need to change my makefiles :-(. Now, I am a great fan of software that "just works" also for casual users. From that perspective, I support the idea of defusing this bomb. Disabling the 0xFF optimizations when -D is used seems like a reasonable suggestion that would avoid unpleasant surprises. The fact that a verification command only verifies 2160 bytes is an undebatable bug to me:
|
It's exactly the point: if optiboot claims to act as an STK500 (by implementing its protocol), it has to work the way the STK500 used to work. (Obviously, modulo everything that would try to touch the bootloader area itself.) As the STK500 protocol has a chip erase as the only erase option, that one needs to ensure the application part of the flash is erased in order to be compatible. |
It only surfaces when one puts data at the end of the application (PROGMEM puts it at the beginning) and if there is a trailing section of 0xff bytes that ends up in a page of its own. Very difficult to debug, because every tool keeps telling you all is hunky-dory.
And it does what it should even when not specifying -D. Optiboot simply ignores the chip erase command that avrdude sends. Avrdude's arduino programmer uploads the sketch page by page to optiboot. Fun fact: avrdude sends even pages that only consist of 0xff unless they're part of the trailing 0xffs; no optimisation is actually taking place here. And optiboot, as every bootloader worth its salt, carries out a page erase, loads the page into the chip buffer and writes the page to flash, all with the avr SPM opcode. I know Optiboot vvv well, because I wrote my own much smaller bootloaders, called urboot, initially based on optiboot. Mine has typically 256 bytes (flash only) or 384 bytes (flash + EEPROM r/w) but can be as small as 224 bytes (for the ATtiny2313). In contrast, optiboot is 512 bytes. The really small sizes need a different programmer than avrdude's arduino. That issues chip erase, parameter get and set commands, software version queries, fuse read etc commands. Even just ignoring all these cost some 50 bytes to keep the protocol up. Then there is avrdude's signature byte request, which again costs some 30 bytes code to serve even if only the compile-time constants SIGNATURE_0...2 bytes are sent. I found a truly magnificent side-channel of telling the programmer which chip the bootloader runs on for 0 bytes extra code. And that doesn't require that the signatures of avrdude and avr-gcc match up (something I found out the hard way they don't necessarily). So, I wrote my own programmer for avrdude (called urclock) that still uses by and large the STK500v1 protocol, but significantly reduces the overhead of getting business done. Small parts don't have bootloader support, but there is @WestfW 's wonderful idea of a vector bootloader (I think he calls it a virtual bootloader). The idea is that the bootloader patches the reset vector to jump to itself while using an otherwise unused ISR vector to jump to the application. Patching while uploading and verifying the sketch costs some 110 bytes in optiboot. However, if you shift the burden of patching to the programmer (which probably runs on a 16+ Gigabyte PC and doesn't even care about megabytes) then implementing this costs 0 (zero) extra bytes in the bootloader. I know, I've counted twice. And if you're unsure whether there is an ISR vector that is truly unused in all applications then you're always free to extend the .vectors section by one last entry for the bootloader (OK, that'll cost you 2-4 bytes). The only other change (apart from adding the urclock programmer code to the project) is that avrdude needs to provide a read-hook function in the programmer definition that is called when an input file is read, so the programmer can patch the vector table before upload. @WestfW's optiboot would equally benefit from the availability of such an avrdude programmer. Actually, this read-hook might give the programmer the control over whether or not the 0xff-haircut we are talking about here should be done, rather than fileio(). So, my whole philosophy has been to shift as much effort as possibly to the programmer rather than the bootloader. That requires a certain level of co-operation of the programmer with the bootloader. In that sense this discussion is like a multi-billionaire (16 GByte PC) asking someone just managing (8k AVR) to work for them rather than the other way round. Hang on a second, ... that is probably not the greatest analogy I have ever come up with :) Over the years I have come to realise that I benefitted a lot from the open-source community and people like @dl8dtl, @WestfW and yourself, so made a New-Year resolution to give some of my work back to the community. Publishing the urboot bootloader necessitates that I publish the urclock programmer, too. My preference would be to eventually make this part of the avrdude project rather than one of the many forks that are out there. Anyway, I deviate... | When uploading using an ISP, it works perfectly even when not using the -e flag before -U. Feature: Avrdude by default erases flash (either page by page or by issuing a chip erase) unless -D is specified. So the explicit -e isn't needed for flash programming. |
And btw, ... most bootloaders wouldn't implement the full monty of STK500. They typically only ever implement a skeleton of what's needed. Otherwise we'd all work with 8k bootloaders which doesn't leave much change in small devices... |
I disagree. The entire STK500 fits into an ATmega8535, and that also includes all the HV programming algorithms for all supported chips. |
OK - I suspect in this case that the ATmega8535 acts as physical device to program other chips (in collaboration with avrdude) and does nothing else. In the case of bootloaders they (often) only provide the own chip with application code and data but then the chip does something completely different. It is not in the interest of bootloaders to do everything. |
@stefanrueger The Micronucleus bootloader (for ATtinys) needs to patch the reset vectors while programming. I managed that by hooking into the Line 342 in 7e26a15
|
@mariusgreuel Yes, correct - my code is a little different, because a compiled sketch may use an rjmp to the application on a large part that requires a jmp to the bootloader, so yes by and large this type of thing. Hadn't thought of using the paged_write() hook. How do you verify? |
Micronucleus does not implement reading. I guess one could do something similar in |
... in which case the user wouldn't get what's actually on the chip. I decided to put a readhook in |
... and ... does it erase the remainder of the flash all the way up to the bootloader? just in case there are 0xff? |
I agree with this. Another way to make everyone happy, would it make sense to add a new flag, |
I thought about something like this, too. Turning the optimization off, by default. It may be possible for avrdude to somehow "know" which programmers are "-D compatible" (for instance via a whitelist), but this is going to be tricky, as you do not necessarily know the real programmer behind a given protocol.
I was pretty sure To me, this means the 0xFF optimization just became obsolete - no matter whether |
A good and workable solution is to piggy-back on I suggest changing I am happy to do the PR. @dl8dtl? Rationale Bootloaders effectively are a distinct type of avr programmer ("SPM programmer"). They
SPM programmers have a different abstraction model than SPI programming through an intermediary device. Although they could strictly emulate STK500 programmers, in practice they don't necessarily do that. This requires the removal of 0xff optimisation for SPM programmers. It is natural to piggy-back this onto
Currently, stk500.c's The only 0xff optimisation (that is relevant for bootloaders) happens in While the critical part is to remove the trailing-0xff optimisation in With this intervention, avrdude can now zap the contents of the flash below the bootloader by uploading an appropriat hex file consisting of only 0xff. What's the effect of the suggested solution for people who do not program via a bootloader and use |
Not sure if I missed something, but that does not sound like a robust solution. Per my understanding, Optiboot currently does not work correctly independent of whether -D is used or not. Requiring -D in order to disable the 0xFF optimization is just the next trap for people to walk in. |
Whether or not optiboot has the right to ignore chip erase commands is a matter of debate. In practice it works, and has millions of times. It is edge cases (with real-word use) like the one I demonstrated that don't work. I don't know how the arduino environment flashes its sketches, but I strongly suspect it issues a -D (as is good practice for flashing chips already containing a bootloader). I know that Sudar's arduino Makefile does this. And, if not, well at least the user has a way of remedy, and avrdude has the reasonable excuse of saying well, the chip erase was sent, wasn't it? And the -D documentation tells you to use that with bootloaders. Disabling 0xff optimisation by default, I fear there might be some downsides for non-bootloader users who all of a sudden always have to wait the full hog for a download of the application from the chip, and I predict they will complain. That's why I suggested piggy-backing on -D. Other than that (as someone who rarely uses an intermediate device for programming) I would also be happy to go along with another option, eg, '-d' defaulting to either on or off, or with removal of the 0xff optimisation everywhere, with its removal in |
... and it's likely that something else would have to go in optiboot if the code to erase all up to boot were to be included. How many bytes would that code take? 40-50 bytes, perhaps. Some 10% of the 512 bytes... |
Se we have the following choice to enable
My ever so slight preference is for actually doing two things: 1 (immediately) and 4 (later on, after careful analysis how best to implement this abstraction layer) Also happy with 2 and 4 or 3 and 4 (C precedence rules :) Doing nothing is not an option for me. |
Not so sure what is the best lable for this one, I label it as "enhancement" first. |
Fix Issue #918: Enable avrdude to send full input file incl trailing 0xff
Closed with PR #936 |
Avrdude does not necessarily write flash correctly when the input file ends in a series of one or more
0xff
. This can happen because avrdude'sfileio()
unconditionally asksavr_mem_hiaddr()
to remove the0xff
bytes at the end of the input file even when auto-erase is disabled with-D
or when using a programmer that cannot perform a chip erase, eg, upload via the popular arduino optiboot bootloader.avr_mem_hiaddr()
also incorrectly forces input for flash to always contain an even number of bytes, but that is normally less of a problem though it can be.This sketch-ending-in-ff.hex for an
ATmega328P
has 2185 bytes, but only 2160 bytes are reported to have been written; well, it'll probably be 17 pages, ie, 2176 bytes, still falling short of 9 vital bytes:Correcting this bug would be easy --- simply condition the line
rc = avr_mem_hiaddr(mem);
infileio.c
withif(
chiperased)
--- was it not for the fact that it's kinda hard forfileio()
to figure out whether or not the chip will have been erased before programming commences.Thoughts? Global variable? Remove the haircut in
fileio.c
altogether?BTW, the sketch was created using avr-gcc 5.4.0 (tight code) and the following source
It can be helpful to store data at the top of a large flash memory, particularly when
PROGMEM
data threaten to flow beyond the bottom 64 kB space. In this casePROGMEM
data are not guaranteed to be reachable by*_P()
functions. Not all*_P()
functions have a*_PF()
equivalent in theavr-libc
library (which can reach beyond 64 kB). Hence, it makes sense to put all those data at the top of the sketch that only need be processed by*_PF()
functions. This leaves (more of) the remainingPROGMEM
data in reach of*_P()
functions.The text was updated successfully, but these errors were encountered: