max/embassy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

time: replace dyn clock/alarm with a global Driver trait

Browse Source
This commit is contained in:
Dario Nieuwenhuis
2021-08-03 22:08:13 +02:00
parent a4c0ee6df7
commit 0ea6a2d890
47 changed files with 663 additions and 814 deletions
Download Patch File Download Diff File Expand all files Collapse all files

372
embassy-stm32/src/clock.rs
View File

@ -1,372 +0,0 @@
#![macro_use]
use core::cell::Cell;
use core::convert::TryInto;
use core::sync::atomic::{compiler_fence, Ordering};
use atomic_polyfill::AtomicU32;
use embassy::interrupt::InterruptExt;
use embassy::time::{Clock as EmbassyClock, TICKS_PER_SECOND};
use crate::interrupt::{CriticalSection, Interrupt, Mutex};
use crate::pac::timer::TimGp16;
use crate::peripherals;
use crate::rcc::RccPeripheral;
use crate::time::Hertz;
// Clock timekeeping works with something we call "periods", which are time intervals
// of 2^15 ticks. The Clock counter value is 16 bits, so one "overflow cycle" is 2 periods.
//
// A `period` count is maintained in parallel to the Timer hardware `counter`, like this:
// - `period` and `counter` start at 0
// - `period` is incremented on overflow (at counter value 0)
// - `period` is incremented "midway" between overflows (at counter value 0x8000)
//
// Therefore, when `period` is even, counter is in 0..0x7FFF. When odd, counter is in 0x8000..0xFFFF
// This allows for now() to return the correct value even if it races an overflow.
//
// To get `now()`, `period` is read first, then `counter` is read. If the counter value matches
// the expected range for the `period` parity, we're done. If it doesn't, this means that
// a new period start has raced us between reading `period` and `counter`, so we assume the `counter` value
// corresponds to the next period.
//
// `period` is a 32bit integer, so It overflows on 2^32 * 2^15 / 32768 seconds of uptime, which is 136 years.
fn calc_now(period: u32, counter: u16) -> u64 {
((period as u64) << 15) + ((counter as u32 ^ ((period & 1) << 15)) as u64)
}
struct AlarmState {
timestamp: Cell<u64>,
#[allow(clippy::type_complexity)]
callback: Cell<Option<(fn(*mut ()), *mut ())>>,
}
impl AlarmState {
fn new() -> Self {
Self {
timestamp: Cell::new(u64::MAX),
callback: Cell::new(None),
}
}
}
const ALARM_COUNT: usize = 3;
/// Clock timer that can be used by the executor and to set alarms.
///
/// It can work with Timers 2, 3, 4, 5. This timer works internally with a unit of 2^15 ticks, which
/// means that if a call to [`embassy::time::Clock::now`] is blocked for that amount of ticks the
/// returned value will be wrong (an old value). The current default tick rate is 32768 ticks per
/// second.
pub struct Clock<T: Instance> {
_inner: T,
irq: T::Interrupt,
/// Number of 2^23 periods elapsed since boot.
period: AtomicU32,
/// Timestamp at which to fire alarm. u64::MAX if no alarm is scheduled.
alarms: Mutex<[AlarmState; ALARM_COUNT]>,
}
impl<T: Instance> Clock<T> {
pub fn new(peripheral: T, irq: T::Interrupt) -> Self {
Self {
_inner: peripheral,
irq,
period: AtomicU32::new(0),
alarms: Mutex::new([AlarmState::new(), AlarmState::new(), AlarmState::new()]),
}
}
pub fn start(&'static self) {
let inner = T::inner();
T::enable();
T::reset();
let timer_freq = T::frequency();
// NOTE(unsafe) Critical section to use the unsafe methods
critical_section::with(|_| {
unsafe {
inner.prepare(timer_freq);
}
self.irq.set_handler_context(self as *const _ as *mut _);
self.irq.set_handler(|ptr| unsafe {
let this = &*(ptr as *const () as *const Self);
this.on_interrupt();
});
self.irq.unpend();
self.irq.enable();
unsafe {
inner.start_counter();
}
})
}
fn on_interrupt(&self) {
let inner = T::inner();
// NOTE(unsafe) Use critical section to access the methods
// XXX: reduce the size of this critical section ?
critical_section::with(|cs| unsafe {
if inner.overflow_interrupt_status() {
inner.overflow_clear_flag();
self.next_period();
}
// Half overflow
if inner.compare_interrupt_status(0) {
inner.compare_clear_flag(0);
self.next_period();
}
for n in 1..=ALARM_COUNT {
if inner.compare_interrupt_status(n) {
inner.compare_clear_flag(n);
self.trigger_alarm(n, cs);
}
}
})
}
fn next_period(&self) {
let inner = T::inner();
let period = self.period.fetch_add(1, Ordering::Relaxed) + 1;
let t = (period as u64) << 15;
critical_section::with(move |cs| {
for n in 1..=ALARM_COUNT {
let alarm = &self.alarms.borrow(cs)[n - 1];
let at = alarm.timestamp.get();
let diff = at - t;
if diff < 0xc000 {
inner.set_compare(n, at as u16);
// NOTE(unsafe) We're in a critical section
unsafe {
inner.set_compare_interrupt(n, true);
}
}
}
})
}
fn trigger_alarm(&self, n: usize, cs: CriticalSection) {
let inner = T::inner();
// NOTE(unsafe) We have a critical section
unsafe {
inner.set_compare_interrupt(n, false);
}
let alarm = &self.alarms.borrow(cs)[n - 1];
alarm.timestamp.set(u64::MAX);
// Call after clearing alarm, so the callback can set another alarm.
if let Some((f, ctx)) = alarm.callback.get() {
f(ctx);
}
}
fn set_alarm_callback(&self, n: usize, callback: fn(*mut ()), ctx: *mut ()) {
critical_section::with(|cs| {
let alarm = &self.alarms.borrow(cs)[n - 1];
alarm.callback.set(Some((callback, ctx)));
})
}
fn set_alarm(&self, n: usize, timestamp: u64) {
critical_section::with(|cs| {
let inner = T::inner();
let alarm = &self.alarms.borrow(cs)[n - 1];
alarm.timestamp.set(timestamp);
let t = self.now();
if timestamp <= t {
self.trigger_alarm(n, cs);
return;
}
let diff = timestamp - t;
if diff < 0xc000 {
let safe_timestamp = timestamp.max(t + 3);
inner.set_compare(n, safe_timestamp as u16);
// NOTE(unsafe) We're in a critical section
unsafe {
inner.set_compare_interrupt(n, true);
}
} else {
unsafe {
inner.set_compare_interrupt(n, false);
}
}
})
}
pub fn alarm1(&'static self) -> Alarm<T> {
Alarm { n: 1, rtc: self }
}
pub fn alarm2(&'static self) -> Alarm<T> {
Alarm { n: 2, rtc: self }
}
pub fn alarm3(&'static self) -> Alarm<T> {
Alarm { n: 3, rtc: self }
}
}
impl<T: Instance> EmbassyClock for Clock<T> {
fn now(&self) -> u64 {
let inner = T::inner();
let period = self.period.load(Ordering::Relaxed);
compiler_fence(Ordering::Acquire);
let counter = inner.counter();
calc_now(period, counter)
}
}
pub struct Alarm<T: Instance> {
n: usize,
rtc: &'static Clock<T>,
}
impl<T: Instance> embassy::time::Alarm for Alarm<T> {
fn set_callback(&self, callback: fn(*mut ()), ctx: *mut ()) {
self.rtc.set_alarm_callback(self.n, callback, ctx);
}
fn set(&self, timestamp: u64) {
self.rtc.set_alarm(self.n, timestamp);
}
fn clear(&self) {
self.rtc.set_alarm(self.n, u64::MAX);
}
}
pub struct TimerInner(pub(crate) TimGp16);
impl TimerInner {
unsafe fn prepare(&self, timer_freq: Hertz) {
self.stop_and_reset();
let psc = timer_freq.0 / TICKS_PER_SECOND as u32 - 1;
let psc: u16 = psc.try_into().unwrap();
self.set_psc_arr(psc, u16::MAX);
// Mid-way point
self.set_compare(0, 0x8000);
self.set_compare_interrupt(0, true);
}
unsafe fn start_counter(&self) {
self.0.cr1().modify(|w| w.set_cen(true));
}
unsafe fn stop_and_reset(&self) {
let regs = self.0;
regs.cr1().modify(|w| w.set_cen(false));
regs.cnt().write(|w| w.set_cnt(0));
}
fn overflow_interrupt_status(&self) -> bool {
// NOTE(unsafe) Atomic read with no side-effects
unsafe { self.0.sr().read().uif() }
}
unsafe fn overflow_clear_flag(&self) {
self.0.sr().modify(|w| w.set_uif(false));
}
unsafe fn set_psc_arr(&self, psc: u16, arr: u16) {
use crate::pac::timer::vals::Urs;
let regs = self.0;
regs.psc().write(|w| w.set_psc(psc));
regs.arr().write(|w| w.set_arr(arr));
// Set URS, generate update and clear URS
regs.cr1().modify(|w| w.set_urs(Urs::COUNTERONLY));
regs.egr().write(|w| w.set_ug(true));
regs.cr1().modify(|w| w.set_urs(Urs::ANYEVENT));
}
fn compare_interrupt_status(&self, n: usize) -> bool {
if n > 3 {
false
} else {
// NOTE(unsafe) Atomic read with no side-effects
unsafe { self.0.sr().read().ccif(n) }
}
}
unsafe fn compare_clear_flag(&self, n: usize) {
if n > 3 {
return;
}
self.0.sr().modify(|w| w.set_ccif(n, false));
}
fn set_compare(&self, n: usize, value: u16) {
if n > 3 {
return;
}
// NOTE(unsafe) Atomic write
unsafe {
self.0.ccr(n).write(|w| w.set_ccr(value));
}
}
unsafe fn set_compare_interrupt(&self, n: usize, enable: bool) {
if n > 3 {
return;
}
self.0.dier().modify(|w| w.set_ccie(n, enable));
}
fn counter(&self) -> u16 {
// NOTE(unsafe) Atomic read with no side-effects
unsafe { self.0.cnt().read().cnt() }
}
}
// ------------------------------------------------------
pub(crate) mod sealed {
use super::*;
pub trait Instance {
type Interrupt: Interrupt;
fn inner() -> TimerInner;
}
}
pub trait Instance: sealed::Instance + Sized + RccPeripheral + 'static {}
macro_rules! impl_timer {
($inst:ident) => {
impl sealed::Instance for peripherals::$inst {
type Interrupt = crate::interrupt::$inst;
fn inner() -> crate::clock::TimerInner {
const INNER: TimerInner = TimerInner(crate::pac::$inst);
INNER
}
}
impl Instance for peripherals::$inst {}
};
}
crate::pac::peripherals!(
(timer, TIM2) => { impl_timer!(TIM2); };
(timer, TIM3) => { impl_timer!(TIM3); };
(timer, TIM4) => { impl_timer!(TIM4); };
(timer, TIM5) => { impl_timer!(TIM5); };
);

6
embassy-stm32/src/lib.rs
View File

@ -20,13 +20,12 @@ pub mod time;
pub mod dma;
pub mod gpio;
pub mod rcc;
mod time_driver;
// Sometimes-present hardware
#[cfg(adc)]
pub mod adc;
#[cfg(timer)]
pub mod clock;
#[cfg(dac)]
pub mod dac;
#[cfg(dbgmcu)]
@ -87,6 +86,9 @@ pub fn init(config: Config) -> Peripherals {
exti::init();
rcc::init(config.rcc);
// must be after rcc init
time_driver::init();
}
p

319
embassy-stm32/src/time_driver.rs Normal file
View File

@ -0,0 +1,319 @@
use atomic_polyfill::{AtomicU32, AtomicU8};
use core::cell::Cell;
use core::convert::TryInto;
use core::sync::atomic::{compiler_fence, Ordering};
use core::{mem, ptr};
use embassy::interrupt::InterruptExt;
use embassy::time::driver::{AlarmHandle, Driver};
use embassy::time::TICKS_PER_SECOND;
use stm32_metapac::timer::regs;
use crate::interrupt;
use crate::interrupt::{CriticalSection, Interrupt, Mutex};
use crate::pac::timer::{vals, TimGp16};
use crate::peripherals;
use crate::rcc::sealed::RccPeripheral;
use self::sealed::Instance as _;
const ALARM_COUNT: usize = 3;
type T = peripherals::TIM3;
// Clock timekeeping works with something we call "periods", which are time intervals
// of 2^15 ticks. The Clock counter value is 16 bits, so one "overflow cycle" is 2 periods.
//
// A `period` count is maintained in parallel to the Timer hardware `counter`, like this:
// - `period` and `counter` start at 0
// - `period` is incremented on overflow (at counter value 0)
// - `period` is incremented "midway" between overflows (at counter value 0x8000)
//
// Therefore, when `period` is even, counter is in 0..0x7FFF. When odd, counter is in 0x8000..0xFFFF
// This allows for now() to return the correct value even if it races an overflow.
//
// To get `now()`, `period` is read first, then `counter` is read. If the counter value matches
// the expected range for the `period` parity, we're done. If it doesn't, this means that
// a new period start has raced us between reading `period` and `counter`, so we assume the `counter` value
// corresponds to the next period.
//
// `period` is a 32bit integer, so It overflows on 2^32 * 2^15 / 32768 seconds of uptime, which is 136 years.
fn calc_now(period: u32, counter: u16) -> u64 {
((period as u64) << 15) + ((counter as u32 ^ ((period & 1) << 15)) as u64)
}
struct AlarmState {
timestamp: Cell<u64>,
// This is really a Option<(fn(*mut ()), *mut ())>
// but fn pointers aren't allowed in const yet
callback: Cell<*const ()>,
ctx: Cell<*mut ()>,
}
unsafe impl Send for AlarmState {}
impl AlarmState {
const fn new() -> Self {
Self {
timestamp: Cell::new(u64::MAX),
callback: Cell::new(ptr::null()),
ctx: Cell::new(ptr::null_mut()),
}
}
}
struct State {
/// Number of 2^15 periods elapsed since boot.
period: AtomicU32,
alarm_count: AtomicU8,
/// Timestamp at which to fire alarm. u64::MAX if no alarm is scheduled.
alarms: Mutex<[AlarmState; ALARM_COUNT]>,
}
const ALARM_STATE_NEW: AlarmState = AlarmState::new();
static STATE: State = State {
period: AtomicU32::new(0),
alarm_count: AtomicU8::new(0),
alarms: Mutex::new([ALARM_STATE_NEW; ALARM_COUNT]),
};
impl State {
fn init(&'static self) {
let r = T::regs();
T::enable();
T::reset();
let timer_freq = T::frequency();
// NOTE(unsafe) Critical section to use the unsafe methods
critical_section::with(|_| unsafe {
r.cr1().modify(|w| w.set_cen(false));
r.cnt().write(|w| w.set_cnt(0));
let psc = timer_freq.0 / TICKS_PER_SECOND as u32 - 1;
let psc: u16 = psc.try_into().unwrap();
r.psc().write(|w| w.set_psc(psc));
r.arr().write(|w| w.set_arr(u16::MAX));
// Set URS, generate update and clear URS
r.cr1().modify(|w| w.set_urs(vals::Urs::COUNTERONLY));
r.egr().write(|w| w.set_ug(true));
r.cr1().modify(|w| w.set_urs(vals::Urs::ANYEVENT));
// Mid-way point
r.ccr(0).write(|w| w.set_ccr(0x8000));
// Enable CC0, disable others
r.dier().write(|w| w.set_ccie(0, true));
let irq: <T as sealed::Instance>::Interrupt = core::mem::transmute(());
irq.unpend();
irq.enable();
r.cr1().modify(|w| w.set_cen(true));
})
}
fn on_interrupt(&self) {
let r = T::regs();
// NOTE(unsafe) Use critical section to access the methods
// XXX: reduce the size of this critical section ?
critical_section::with(|cs| unsafe {
let sr = r.sr().read();
let dier = r.dier().read();
// Clear all interrupt flags. Bits in SR are "write 0 to clear", so write the bitwise NOT.
// Other approaches such as writing all zeros, or RMWing won't work, they can
// miss interrupts.
r.sr().write_value(regs::SrGp(!sr.0));
if sr.uif() {
self.next_period();
}
// Half overflow
if sr.ccif(0) {
self.next_period();
}
for n in 0..ALARM_COUNT {
if sr.ccif(n + 1) && dier.ccie(n + 1) {
self.trigger_alarm(n, cs);
}
}
})
}
fn next_period(&self) {
let r = T::regs();
let period = self.period.fetch_add(1, Ordering::Relaxed) + 1;
let t = (period as u64) << 15;
critical_section::with(move |cs| unsafe {
r.dier().modify(move |w| {
for n in 0..ALARM_COUNT {
let alarm = &self.alarms.borrow(cs)[n];
let at = alarm.timestamp.get();
if at < t + 0xc000 {
// just enable it. `set_alarm` has already set the correct CCR val.
w.set_ccie(n + 1, true);
}
}
})
})
}
fn now(&self) -> u64 {
let r = T::regs();
let period = self.period.load(Ordering::Relaxed);
compiler_fence(Ordering::Acquire);
// NOTE(unsafe) Atomic read with no side-effects
let counter = unsafe { r.cnt().read().cnt() };
calc_now(period, counter)
}
fn get_alarm<'a>(&'a self, cs: CriticalSection<'a>, alarm: AlarmHandle) -> &'a AlarmState {
// safety: we're allowed to assume the AlarmState is created by us, and
// we never create one that's out of bounds.
unsafe { self.alarms.borrow(cs).get_unchecked(alarm.id() as usize) }
}
fn trigger_alarm(&self, n: usize, cs: CriticalSection) {
let alarm = &self.alarms.borrow(cs)[n];
alarm.timestamp.set(u64::MAX);
// Call after clearing alarm, so the callback can set another alarm.
// safety:
// - we can ignore the possiblity of `f` being unset (null) because of the safety contract of `allocate_alarm`.
// - other than that we only store valid function pointers into alarm.callback
let f: fn(*mut ()) = unsafe { mem::transmute(alarm.callback.get()) };
f(alarm.ctx.get());
}
fn allocate_alarm(&self) -> Option<AlarmHandle> {
let id = self
.alarm_count
.fetch_update(Ordering::AcqRel, Ordering::Acquire, |x| {
if x < ALARM_COUNT as u8 {
Some(x + 1)
} else {
None
}
});
match id {
Ok(id) => Some(unsafe { AlarmHandle::new(id) }),
Err(_) => None,
}
}
fn set_alarm_callback(&self, alarm: AlarmHandle, callback: fn(*mut ()), ctx: *mut ()) {
critical_section::with(|cs| {
let alarm = self.get_alarm(cs, alarm);
// safety: it's OK to transmute a fn pointer into a raw pointer
let callback_ptr: *const () = unsafe { mem::transmute(callback) };
alarm.callback.set(callback_ptr);
alarm.ctx.set(ctx);
})
}
fn set_alarm(&self, alarm: AlarmHandle, timestamp: u64) {
critical_section::with(|cs| {
let r = T::regs();
let n = alarm.id() as _;
let alarm = self.get_alarm(cs, alarm);
alarm.timestamp.set(timestamp);
let t = self.now();
if timestamp <= t {
unsafe { r.dier().modify(|w| w.set_ccie(n + 1, false)) };
self.trigger_alarm(n, cs);
return;
}
let safe_timestamp = timestamp.max(t + 3);
// Write the CCR value regardless of whether we're going to enable it now or not.
// This way, when we enable it later, the right value is already set.
unsafe { r.ccr(n + 1).write(|w| w.set_ccr(safe_timestamp as u16)) };
// Enable it if it'll happen soon. Otherwise, `next_period` will enable it.
let diff = timestamp - t;
// NOTE(unsafe) We're in a critical section
unsafe { r.dier().modify(|w| w.set_ccie(n + 1, diff < 0xc000)) };
})
}
}
struct RtcDriver;
embassy::time_driver_impl!(RtcDriver);
impl Driver for RtcDriver {
fn now() -> u64 {
STATE.now()
}
unsafe fn allocate_alarm() -> Option<AlarmHandle> {
STATE.allocate_alarm()
}
fn set_alarm_callback(alarm: AlarmHandle, callback: fn(*mut ()), ctx: *mut ()) {
STATE.set_alarm_callback(alarm, callback, ctx)
}
fn set_alarm(alarm: AlarmHandle, timestamp: u64) {
STATE.set_alarm(alarm, timestamp)
}
}
#[interrupt]
fn TIM3() {
STATE.on_interrupt()
}
pub(crate) fn init() {
STATE.init()
}
// ------------------------------------------------------
pub(crate) mod sealed {
use super::*;
pub trait Instance {
type Interrupt: Interrupt;
fn regs() -> TimGp16;
}
}
pub trait Instance: sealed::Instance + Sized + RccPeripheral + 'static {}
macro_rules! impl_timer {
($inst:ident) => {
impl sealed::Instance for peripherals::$inst {
type Interrupt = crate::interrupt::$inst;
fn regs() -> TimGp16 {
crate::pac::$inst
}
}
impl Instance for peripherals::$inst {}
};
}
crate::pac::peripherals!(
(timer, TIM2) => { impl_timer!(TIM2); };
(timer, TIM3) => { impl_timer!(TIM3); };
(timer, TIM4) => { impl_timer!(TIM4); };
(timer, TIM5) => { impl_timer!(TIM5); };
);