Hi,
We are developing a safety critical product based on Cortex-M4 CPU. In the Definitive Guide for ARM Cortex-M3/4 I read that it is recommended to use both (MSP and SPS) stacks even, if program does not use RTOS. By using both stacks, the program is supposed to be more robust. I also see in the book how this should be implemented in the startup file, but I don't understand in which cases these separate stacks would be more beneficial than just one stack (MSP).
I would be very grateful, if someone could explain this a little bit.
Best regards.
Hi matic,
you can recognize the stack of which the exception had been occurred by checking the bit 2 of the EXE_RETRUN code which is stored into r14 (aka. lr).Regarding the implementation of the hard fault handler, please refer to Re: Re: error: Hard Fault Handler .
Regarding the second issue, there would be no reason to identfy of the hard fault cause. You should imagine by the information of PC, BFAR, CFAR, HFSR, DFSR and AFSR.
Best Regards,Yasuhiko Koumoto.
Thanks for your reply.
Do you also suggest to have both stacks (MSP and PSP) guarded by the MPU at their bottom? If I understand well, then this would be advisable to detect stack overflow on any of stacks, right?
Do you also suggest to have both stacks (MSP and PSP) guarded by the MPU at their bottom?
Yes I do. I also recommend to make the stack regions never executable.
If I understand well, then this would be advisable to detect stack overflow on any of stacks, right?
No, it is not for the stack overflow but also for guarding the malicious program execution on each stack.
Best regards,Yasuhiko Koumoto.
So, I have to implement 4 MPU regions just for stacks. Two at the bottom of each stack to detect their overflow (with no access allowed) and two regions that are covered by each stack (with XN attribute). Is this correct?
yes, it is correct.
Best regards,
Yasuhiko Koumoto.