Dear Andrew,
In message c166aa9f0811270906p6252c2b5m26adaeab4f154b89@mail.gmail.com you wrote:
What about suicidal things like accessing a bus region that hangs the machine, hitting the one address that resets the whole thing? Yes, I know that's broken design, but hardware like that exists, and is not going to change because we wish it so.
No, it's not broken design - it may even be intentional.
And you may want to be able to test if the system really resets when you write to that address - and U-Boot shall allow this.
U-Boot really shall allow you to do all things.
Remember that the U-Boot user is not the average Johnny Loser who cannot write a signle line of code without all Eclipse and a bunch of other graphical tools on his system - U-Boot is for developers who bring up new hardware.
I (sometimes) know what I'm doing, but I have customers who (sometimes) don't.
Such customers are not supposed to be allowed access to the U-Boot console, right? Or they need adequate training. Would you let everybody in the cockpit of a A380?
How about this - have a weak function or #ifdef/#endif to call out to a platform address checking routine (only on parsing an address, not every access), but only if an environment variable is set. That would leave the default way of things, but allow people who are distributing u-boot to others to try and make their system a bit more robust.
That would be a restriction of the freedom of things you can do with U-Boot. We didn't have anything like that for the last 8+ years, and I still see no need for it.
Best regards,
Wolfgang Denk