Skip to content
Snippets Groups Projects
Commit 4a9cc3ce authored by Julien Cretin's avatar Julien Cretin
Browse files

Add more details to the store documentation

parent b798b195
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/embedded_flash/store/format.rs
+ 5
2
View file @ 4a9cc3ce
...@@ -61,10 +61,13 @@ pub struct Format { ...@@ -61,10 +61,13 @@ pub struct Format {
/// Whether a user entry has sensitive data. /// Whether a user entry has sensitive data.
/// ///
/// When a user entry with sensitive data is deleted, the data is overwritten with zeroes.
///
/// - 0 for sensitive data. /// - 0 for sensitive data.
/// - 1 for non-sensitive data. /// - 1 for non-sensitive data.
///
/// When a user entry with sensitive data is deleted, the data is overwritten with zeroes. This
/// feature is subject to the same guarantees as all other features of the store, in particular
/// deleting a sensitive entry is atomic. See the store module-level documentation for more
/// information.
sensitive_bit: usize, sensitive_bit: usize,
/// The data length of a user entry. /// The data length of a user entry.
......
src/embedded_flash/store/mod.rs
+ 22
0
View file @ 4a9cc3ce
...@@ -43,6 +43,28 @@ ...@@ -43,6 +43,28 @@
//! The data-structure can be configured with the `StoreConfig` trait. By implementing this trait, //! The data-structure can be configured with the `StoreConfig` trait. By implementing this trait,
//! the number of possible tags and the association between keys and entries are defined. //! the number of possible tags and the association between keys and entries are defined.
//! //!
//! # Properties
//!
//! The data-structure provides the following properties:
//! - When an operation returns success, then the represented multi-set is updated accordingly. For
//! example, an inserted entry can be find with alteration until replaced or deleted.
//! - When an operation returns an error, the resulting multi-set state is described in the error
//! documentation.
//! - When power is lost before an operation returns, the operation will either succeed or be
//! rolled-back on the next initialization. So the multi-set would be either left unchanged or
//! updated accordingly.
//!
//! Those properties rely on the following assumptions:
//! - Writing a word to flash is atomic. When power is lost, the word is either fully written or not
//! written at all.
//! - Reading a word from flash is deterministic. When power is lost while writing or erasing a word
//! (erasing a page containing that word), reading that word repeatedly returns the same result
//! (until it is written or its page is erased).
//! - To decide whether a page has been erased, it is enough to test if all its bits are equal to 1.
//!
//! The properties still hold outside those assumptions but with weaker probabilities as the usage
//! diverges from the assumptions.
//!
//! # Implementation //! # Implementation
//! //!
//! The store is a page-aligned sequence of bits. It matches the following grammar: //! The store is a page-aligned sequence of bits. It matches the following grammar:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment