Skip to content

Un-publish crate::rcc::Config::get_clocks #438

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 28, 2022
Merged

Un-publish crate::rcc::Config::get_clocks #438

merged 1 commit into from
Aug 28, 2022

Conversation

horazont
Copy link
Contributor

@horazont horazont commented Aug 28, 2022
edited
Loading

The existence of a crate::rcc::Clocks value is supposed to assert that
the MCU clocks have been configured and that they cannot be changed
anymore. That works by consuming the only instance of CFGR in the
corresponding function and then returning a Clocks value.

However, having crate::rcc::config::Config::get_clocks public implies
that external code can, at any time, generate a Clocks value: by simply
constructing a Config instance (all fields are public) and calling the
function.

#![no_std]
#![no_main]

use panic_halt as _;

use stm32f1xx_hal as hal;

use cortex_m_rt::entry;

#[entry]
fn main() -> ! {
        let clocks: hal::rcc::Clocks = hal::rcc::Config{
                hse: Some(8000000),
                pllmul: Some(8),
                hpre: hal::rcc::HPre::DIV1,
                ppre1: hal::rcc::PPre::DIV2,
                ppre2: hal::rcc::PPre::DIV1,
                adcpre: hal::rcc::AdcPre::DIV8,
                usbpre: hal::rcc::UsbPre::DIV1,
        }.get_clocks();

        loop{}
}

This is a breaking change, obviously, but there are no non-breaking
alternatives.

Fixes #437.

@horazont
Un-publish crate::rcc::Config::get_clocks
4909f29 
The existence of a crate::rcc::Clocks value is supposed to assert that
the MCU clocks have been configured and that they cannot be changed
anymore. That works by consuming the only instance of CFGR in the
corresponding function and then returning a Clocks value.

However, having crate::rcc::config::Config::get_clocks public implies
that external code can, at any time, generate a Clocks value: by simply
constructing a Config instance (all fields are public) and calling the
function.

```rust
#![no_std]
#![no_main]

use panic_halt as _;

use stm32f1xx_hal as hal;

use cortex_m_rt::entry;

#[entry]
fn main() -> ! {
	let clocks: hal::rcc::Clocks = hal::rcc::Config{
		hse: Some(8000000),
		pllmul: Some(8),
		hpre: hal::rcc::HPre::DIV1,
		ppre1: hal::rcc::PPre::DIV2,
		ppre2: hal::rcc::PPre::DIV1,
		adcpre: hal::rcc::AdcPre::DIV8,
		usbpre: hal::rcc::UsbPre::DIV1,
	}.get_clocks();

	loop{}
}
```

This is a breaking change, obviously, but there are no non-breaking
alternatives.

Fixes stm32-rs#437.
@horazont horazont force-pushed the fix/pub-get_clocks branch from 1a0750b to 4909f29 Compare August 28, 2022 11:51
@horazont horazont mentioned this pull request Aug 28, 2022
Closed
@burrbull
Copy link
Member

bors r+

@bors
Copy link
Contributor

bors bot commented Aug 28, 2022

Build succeeded:

@bors bors bot merged commit f063d5b into stm32-rs:master Aug 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@burrbull burrbull burrbull approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

crate::rcc::Clocks struct can be created trivially, violating its invariants
2 participants
@horazont @burrbull