Previous logic was allowing external storage to be tampered by setting
write-protected keys, so values could not be updated, but it was still
used by get().
For GCC we're being cautious by passing the
`-fno-delete-null-pointer-checks`. This option prevents some
optimisation opportunities, so removing it can reduce code size.
One particular optimisation loss occurs in `Callback` where a test
similar to this occurs:
extern void myfunc();
inline void foo(void (*fnptr)())
{
if (fnptr) {
do A;
} else {
do B;
}
};
foo(myfunc);
With `-fno-delete-null-pointer-checks`, the compiler does not assume
that `&myfunc` is non-null, and inserts the "null check" - seeing if the
address is 0. But performing that test of the address is incorrect
anyway - if myfunc actually could be at address 0, we'd still want to do
A.
Anyway, we do not have an equivalent option enabled for either Clang or
IAR, and we have performed clean-ups avoiding issues with
apparently-null vector tables in Clang already, for example #10534.
Therefore it should(TM) be safe to remove the option for GCC. We do not
have general data or code at address 0, only vectors are likely to be
there, so it does not make sense to be globally restricting code
generation for that.
TDBStore used to rely on Flash devices erase value.
This logic has been removed, and TDBStore can do the entire erase
logic itself, in case the given BlockDevice does not offer erase().
This relies on BlockDevice to properly return -1 in BlockDevice::get_erase_value().
Previous logic caused garbage collection to kick in, if the init() was
called on empty storage. This has effect of erasing areas twice, if both
areas were empty.
Re-write logic so that we erase areas only on garbage_collect() or reset().
The init() logic already chooses the active area, so no need to touch,
until keys are modified.
Removed also the is_erase_unit_erased() as this is working only on
FLASH devices, and TDBStore should be refactored to work on all storages.
Change the "reserved data" logic so that every time we erase and area,
the content of reserved data is then immediately copied to newly erased
area. This keeps two copies of the data.
When data is requested, return only if checksum is matching.
When data is written, only allow if BOTH checksums are incorrect, meaning
that areas are either corrupted or erased.
Only exception is TDBStore::reset() which erases all keys and reserved data.
Removed all logic that tried to detect, if reserved are was erased or
corrupted. Rely entirely on checksum.
Add moduletest for reserved data.
Seppo Takalo
jeromecoutant
Martin Kojtal
Filip Jagodzinski
Marcin Tomczyk
Kevin Bracey
Antti Yli-Tokola
Piotr Stolarz
Veijo Pesonen
Hugues Kamba