Andrew Zonenberg on Nostr: You write safe Rust. I disabled SIGSEGV in my C++. We are not the same. In all ...
You write safe Rust.
I disabled SIGSEGV in my C++.
We are not the same.
In all seriousness, I'd love if anyone had a better solution to this problem. But there doesn't seem to be any SFR bit I can set to make the STM32H7 flash not throw a bus fault on an ECC failure.
So if you ever have a bug in your firmware that writes to the same flash address twice without erasing it, that flash address will become toxic and any future attempt to deref it will segfault. Not good if you're trying to make a robust, log-structured data store (in which any bug or unexpected power cycle poisons the entire key-value store, segfaulting future reads).
Turning off faults when writing, or when doing CRC checks on read data, allows graceful degradation when things go wrong.
Still trying to figure out why the bootloader seems to be stepping on non-blank flash cells (it should be appending at the end), but at least it's not soft-bricking the board by throwing the bootloader into a fault handler before it reaches the DFU flow.
I disabled SIGSEGV in my C++.
We are not the same.
In all seriousness, I'd love if anyone had a better solution to this problem. But there doesn't seem to be any SFR bit I can set to make the STM32H7 flash not throw a bus fault on an ECC failure.
So if you ever have a bug in your firmware that writes to the same flash address twice without erasing it, that flash address will become toxic and any future attempt to deref it will segfault. Not good if you're trying to make a robust, log-structured data store (in which any bug or unexpected power cycle poisons the entire key-value store, segfaulting future reads).
Turning off faults when writing, or when doing CRC checks on read data, allows graceful degradation when things go wrong.
Still trying to figure out why the bootloader seems to be stepping on non-blank flash cells (it should be appending at the end), but at least it's not soft-bricking the board by throwing the bootloader into a fault handler before it reaches the DFU flow.