Development Guidelines

From flashprog
Revision as of 17:46, 3 December 2023 by Nico@flashrom.org/ (talk) ("Nico@flashrom.org/: fix typo")
Jump to navigation Jump to search

Branches

Historical

Till the release of flashrom 0.9.9 there was basically a single branch (trunk) where linear development happened. After 0.9.9 it was decided to switch to Git and a two branch model, a stable and a staging branch. This led to some confusion and as nobody who had access to the stable branch had the time to work on it, development continued about one year after the 0.9.9 release on a staging branch at coreboot.org. Despite its name, we strived to keep flashrom's quality and hoped that everything would be merged to stable once work continues there.

master branch

The historical staging branch was finally renamed to master. As usual there is no quality promise for the state of the code on the master branch. Even though we will try to keep the regression rate as low as possible, the main purpose of the branch is to merge new commits and make them available to a broader audience for testing.

Release branches (e.g. 1.0.x)

Branching for a new release can happen at any point in time when a commit (branch point) on master seems to be in good shape and was reasonably tested after previous invasive changes. Between the branch point and the release, every fix pushed for master for a problem that also persists on the release branch shall be backported. The same also applies after the release for the latest release branch and, optionally, for any earlier release branch that is still maintained for other reasons (e.g. part of a long term distribution).

Whenever a release branch has no further unmerged commits in queue and is not awaiting backported fixes, a release candidate (RC) can be tagged on that branch. This can also be the original branch point. The RC shall undergo extensive build tests and be publicly advertised as ready for testing. Not less than three days after the last RC that included code changes, a release can be tagged if no regressions showed up.

Release-branch names follow the pattern <major>.<minor>.x (e.g. 1.0.x). The first release of a branch is tagged v<major>.<minor>, without a point-release number (e.g. v1.0). Every following release from the same branch, will have a point-release number starting with .1 (e.g. v1.0.1).

Patch submission

Currently there are three ways to submit patches:

1. Via our mailing list

2. Via gerrit on coreboot.org, i.e. git push origin HEAD:refs/for/staging

3. Via pull request on flashrom's github mirror

Our guidelines borrow heavily from the coreboot development guidelines, and most of them apply to flashrom as well. The really important part is about the Signed-off-by procedure which is quoted below.

We try to reuse as much code as possible and create new files only if absolutely needed, so if you find a function somewhere in the tree which already does what you want (even if it is for a totally different chip), please use it. See also Command set secrets.

The patch reviews may sound harsh, but please don't get discouraged. We try to merge simple patches after one or two iterations and complicated ones as soon as possible, but we have quite high standards regarding code quality.

If you introduce new features (not flash chips, but stuff like partial programming, support for new external programmers, voltage handling, etc) please discuss your plans on the mailing list first. That way, we can avoid duplicated work and know about how flashrom internals need to be adjusted and you avoid frustration if there is some disagreement about the design.

For patches that modify convoluted tables like struct flashchip flashchips[] in flashchips.c it may make sense to increase the lines of context to include enough information directly in the patch for reviewers (for example to include the chip names when changing other parameters like .voltage). To do this with git use git format-patch -U5 where 5 is an example for the number of lines of context you want.

Sign-off Procedure

We employ a similar sign-off procedure as the Linux kernel developers do. Please add a note such as

Signed-off-by: Random J Developer <random@developer.example.org>

to your email/patch if you agree with the following Developer's Certificate of Origin 1.1.

You have to use your real name in the Signed-off-by line and in any copyright notices you add. Patches without an associated real name cannot be committed!

Developer's Certificate of Origin 1.1:

By making a contribution to this project, I certify that:
(a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or
(b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or
(c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it; and
(d) In the case of each of (a), (b), or (c), I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license indicated in the file.

Note: The Developer's Certificate of Origin 1.1 is licensed under the terms of the Creative Commons Attribution-ShareAlike 2.5 License.

Reviews

All patches finally have to go through Gerrit. Though, if the author prefers, the actual reviewing process can also take place on the mailing list or on github.

All contributions should receive at least a preliminary review within one week of submission by some flashrom developer (if that doesn't happen in time, please be patient). At minimum this should include a broad indication of acceptance or rejection of...

  • the idea/rationale/motivation,
  • the implementation

respectively.

In general, reviews should focus on the architectural changes and things that affect flashrom as a whole. This includes (but is by no means limited to) changes in APIs and types, safety, portability, extensibility, and maintainability. The purpose of reviews is not to create perfect patches, but to steer development in the right direction and produce consensus within the community. The goal of each patch should be to improve the state of the project - it does not need to fix all problems of the respective field perfectly. NB: New contributors may need more detailed advices and should be told about minor issues like formatting problems more precisely. The result of a review should either be an accepted patch or a guideline how the existing code should be changed to be eventually accepted.

Adding/reviewing a new flash chip

  1. Get the datasheet of the exact type of chip.
  2. Open flashchips.c and flashchips.h.
  3. First, find the best* IDs in the datasheet (*FIXME: this needs to be explained together with the probing somewhere else in detail) and check if the ID exists in flashchips.h already
    • If it does but is named after a different chip,
      then add a comment regarding the twin and continue by comparing the definition in flashchips.c with the datasheet of the twin/new chip as if you would add it but leave out the next step (see below). First you should change the .name to reflect the additional chip model (see other chips of naming examples). If you find significant* differences in the chips behavior you have found a so called evil twin (*judging the significance of a difference is quite hard and requires some understanding of flashrom behavior, examples of significant differences are: different sizes of blocks or different opcodes for operations). In that case copy the entry and continue to change that (don't forget to undo the previous changes before).
    • If it does and the name matches too,
      the chip is either already added or only the ID was added and you should use that define.
    • If it does not,
      then you should add it conforming to the standards/comments in the file.
    Usually the chip IDs follow a simple scheme: They are all uppercase; first the manufacturer name (like for the manufacturer IDs on top of each paragraph in flashchips.h) followed by an underscore and then the chipname. The latter should in general equal the .name, with dots (and other disallowed characters) replaced by underscores. Shared chip IDs typically use the macro name that happened to be added first to flashrom (which is also probably the first one manufactured) and which usually matches the other chips of that series in flashchips.h.
  4. If possible copy an existing, similar entry in the giant array in flashchips.c or start a new one at the right position (according to the comment on top of the array)
  5. Add .vendor, .name, IDs selected as explained above and .total_size.
  6. .page_size is really hard. Please read this long explanation, or ignore it for now and set it to 256.
  7. We encode various features of flash chips in a bitmask named .feature_bits. The various possibilities can be found in flash.h.
  8. .tested is used to indicate if the code was tested to work with real hardware, its possible values are defined in flash.h. Without any tests it should be set to TEST_UNTESTED.
  9. .probe indicates which function is called to fetch IDs from the chip and to compare them with the ones in .manufacture_id and .model_id. This requires some knowledge or source reading. For most SPI flash chips probe_spi_rdid is the right one if the datasheets mentions 0x9f as an identification/probing opcode.
  10. .probe_timing is only used for non-SPI chips. It indicates the delay after "enter/exit ID mode" commands in microseconds (see flash.h for special values).
  11. .block_erasers stores an array of pairs of erase functions (.block_erase) with their respective layout (.eraseblocks).
    1. .block_erase is similar to the probing function. You should at least check that the opcode named in the function name is matching the respective opcode in the datasheet.
    2. Two forms of .eraseblocks can be distinguished: symmetric and asymmetric layouts. Symmetric means that all blocks that can be erased by an opcode are sized equal. In that case a single range can define the whole layout (e.g. {4 * 1024, 256} means 256 blocks of 4 kB each). Asymmetric layouts on the other hand contain differently sized blocks, ordered by their base addresses (e.g. {{8 * 1024, 1}, {4 * 1024, 2}, {16 * 1024, 7}} describes a layout that starts with a single 8 kB block, followed by two 4 kB blocks and 7 16 kB blocks at the end).
  12. .printlock is a misnomer to some extent. It is misused not only to print (write) protected address ranges of the chip, but also to pretty print the values of the status register(s) - especially true for SPI chips. There are a lot of existing functions for that already and you should reuse one if possible. Comparing the description of the status register in the datasheet of an already supported chip with that of your chip can help to determine if you can reuse a printlock function.
  13. .unlock is called before flashrom wants to modify the chip's contents to disable possible write protections. It is tightly related to the .printlock function as it tries to change some of the bits displayed by .printlock.
  14. .write and .read are function pointers with the obvious meaning. Currently flashrom does only support a single function each. The one that is best supported by existing programmers should be used for now, but others should be noted in a comment if available.
  15. .voltage defines the upper and lower bounds of the supply voltage of the chip. If there are multiple chip models with different allowed voltage ranges, the intersection should be used and an appropriate comment added.
  16. The write granularity can be expressed by the .gran field. If you think you need something else than the default (write_gran_256bytes) then you should definitely ask one of the regular flashrom hackers first. Possible values can be found in flash.h.

Merging to branches

Merging to branches is limited to the "flashrom developers" group on Gerrit. This means every patch reviewed somewhere else (e.g. mailing list or github) must finally be pushed to Gerrit. The following rules apply, some are already enforced by Gerrit:

  • Every commit has to be reviewed and needs at least one +2 that was not given by the commit's author.
  • Except, if a commit is authored by more than one person, each author may +2 the other author's changes.
  • Merging should not take place within less than 24 hours after the review started (i.e. the first message by a reviewer on Gerrit).
  • Finally, before hitting Submit, one is reponsible to check that all comments have been addressed, especially if there was a negative review (-1).