gma pcode: Move and revise mailbox handling
Unify the PCODE mailbox implementations (Linux' i915 uses the same
implementation since Sandy Bridge, too) and add `Wait` and `Success`
parameters so we can act correctly if something failed. This adds
a lot of boilerplate. But we keep it contained in the new package
`PCode` and the code outside it looks cleaner and handles errors
more gracefully.
In GNATprove, we track state of the mailbox' readiness in a ghost
variable `Mailbox_Ready`. This allows us to skip the initial wait
loop if we know that we already waited at the end of a previous
call. The first call to a mailbox procedure has to be made with
`Wait_Ready => True`.
Also, start to experiment with a `use` clause for the `Register`
package. It allows us to write a little more condensed code, with-
out sacrificing much (in this program we can expect that `Read`/
`Write` means register access?) So far it looks good?
Change-Id: I5daa3effb7ab774e4a35bd8794b0f67f57e4caa4
Signed-off-by: Nico Huber <nico.h@gmx.de>
Reviewed-on: https://review.coreboot.org/c/libgfxinit/+/35710
Reviewed-by: Angel Pons <th3fanbus@gmail.com>
diff --git a/common/hw-gfx-gma-pcode.ads b/common/hw-gfx-gma-pcode.ads
new file mode 100644
index 0000000..ef2564a
--- /dev/null
+++ b/common/hw-gfx-gma-pcode.ads
@@ -0,0 +1,60 @@
+--
+-- Copyright (C) 2016, 2019 secunet Security Networks AG
+--
+-- This program is free software; you can redistribute it and/or modify
+-- it under the terms of the GNU General Public License as published by
+-- the Free Software Foundation; either version 2 of the License, or
+-- (at your option) any later version.
+--
+-- This program is distributed in the hope that it will be useful,
+-- but WITHOUT ANY WARRANTY; without even the implied warranty of
+-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+-- GNU General Public License for more details.
+--
+
+with HW.GFX.GMA.Registers;
+
+private package HW.GFX.GMA.PCode is
+
+ -- We have to ensure that previous usage of the mailbox finished
+ -- (Wait_Ready) or know that we already did so (Mailbox_Ready).
+ --
+ -- If we wait for the other side to acknowledge (Wait_Ack), we
+ -- know that it's ready (=> Mailbox_Ready).
+
+ -- XXX: Supposed to be a `Ghost` variable, but GNAT seems too broken?
+ Mailbox_Ready : Boolean with Part_Of => HW.GFX.GMA.State;
+
+ -- Just send a command, discard the reply.
+ procedure Mailbox_Write
+ (MBox : in Word32;
+ Command : in Word64;
+ Wait_Ready : in Boolean := False;
+ Wait_Ack : in Boolean := True;
+ Success : out Boolean)
+ with
+ Pre => Mailbox_Ready or Wait_Ready,
+ Post => (if Wait_Ack and Success then Mailbox_Ready);
+
+ -- Repeatedly send a request command the expected reply is received.
+ procedure Mailbox_Request
+ (MBox : in Word32;
+ Command : in Word64;
+ Reply_Mask : in Word64;
+ Reply : in Word64 := 16#ffff_ffff_ffff_ffff#;
+ TOut_MS : in Natural := Registers.Default_Timeout_MS;
+ Wait_Ready : in Boolean := False;
+ Success : out Boolean)
+ with
+ Pre => Mailbox_Ready or Wait_Ready,
+ Post => (if Success then Mailbox_Ready);
+
+ -- For final mailbox commands that don't have to wait.
+ procedure Mailbox_Write
+ (MBox : Word32;
+ Command : Word64;
+ Wait_Ready : Boolean := False)
+ with
+ Pre => Mailbox_Ready or Wait_Ready;
+
+end HW.GFX.GMA.PCode;