Hi,
We are developing a safety critical product based on Cortex-M4 CPU. In the Definitive Guide for ARM Cortex-M3/4 I read that it is recommended to use both (MSP and SPS) stacks even, if program does not use RTOS. By using both stacks, the program is supposed to be more robust. I also see in the book how this should be implemented in the startup file, but I don't understand in which cases these separate stacks would be more beneficial than just one stack (MSP).
I would be very grateful, if someone could explain this a little bit.
Best regards.
Let say there is an error where MPU violation triggers HardFault (writing to some RO address). In HardFault I would like to read a PC counter to locate this fault. With a single stack (MSP only) this works great. Will this work also with separate stacks?
Second, let say that I have separate stacks (PSP for program, MSP for interrupts and exceptions). For somewhat reason PSP overflow occurs during program and at the bottom of the stack it hits a protected region (by MPU). This also triggers HardFault. Am I able to recognize there what went wrong? Even if MPU violation occurred before all 8 registers were pushed to the stack?
Thank you
Hi matic,
you can recognize the stack of which the exception had been occurred by checking the bit 2 of the EXE_RETRUN code which is stored into r14 (aka. lr).Regarding the implementation of the hard fault handler, please refer to Re: Re: error: Hard Fault Handler .
Regarding the second issue, there would be no reason to identfy of the hard fault cause. You should imagine by the information of PC, BFAR, CFAR, HFSR, DFSR and AFSR.
Best Regards,Yasuhiko Koumoto.
Thanks for your reply.
Do you also suggest to have both stacks (MSP and PSP) guarded by the MPU at their bottom? If I understand well, then this would be advisable to detect stack overflow on any of stacks, right?
Do you also suggest to have both stacks (MSP and PSP) guarded by the MPU at their bottom?
Yes I do. I also recommend to make the stack regions never executable.
If I understand well, then this would be advisable to detect stack overflow on any of stacks, right?
No, it is not for the stack overflow but also for guarding the malicious program execution on each stack.
Best regards,Yasuhiko Koumoto.
So, I have to implement 4 MPU regions just for stacks. Two at the bottom of each stack to detect their overflow (with no access allowed) and two regions that are covered by each stack (with XN attribute). Is this correct?
yes, it is correct.
Best regards,
Yasuhiko Koumoto.