• Locked Locked
  • Replies 8 replies
  • Subscribers 119 subscribers
  • Views 4960 views
  • Users 0 members are here
2025 survey

We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.

Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unexpected address range accesses from bare metal code

Rich Podraza
Note: This was originally posted on 12th September 2012 at http://forums.arm.com

My test system (Carbon SoCD running a Cortex A9 model) has a memory map with entry point 0xFFFF0000, with a valid memory range from 0xFFFF0000-0xFFFFFFFF, as well as 0x50000000-0x8FFFFFFF where some stack, heap, data, etc. lives. My code is a simple dhrystone app and makes some printf calls to display the app's actions and status. However, I am strangely seeing access to low memory, reads going to 0xA or 0x38 for example. I've tried to debug where these are coming from but whatever is happening is hidden in some system library. Using the disassembly and my .map linker output I see that the code is in flsbuf.o or printf_char_common.o at the time. Depending on whether I comment out certain printf statements, the place/time the out of range access occurs is different. Does anyone have any clues as to what might be happening? Or more information that I can provide to help debug this?

If I comment out all the printfs, none of the out of range accesses occur. Also, if I adjust the system memory to be valid at those low memory addresses, the program executes and completes just fine. So I have a workaround of sorts but I want to make sure this won't be a problem for actual hardware.

Thanks,
Rich
Parents
  • Arm Employee Badge
    Note: This was originally posted on 20th September 2012 at http://forums.arm.com

    This continues to smell like heap corruption.

    How are you setting the heap boundaries?  And to what values?

    More random thoughts:

    [] 256MB should be plenty of heap (unless there's been a lot more allocation that is shown)

    [] What other code is running before the first printf?  Any special startup code or just the standard library startup?

    [] Are the values printed for Next_Ptr_Glob and Ptr_Glob reasonable? (that is, within you heap and not within your globals or stack)  It's good that they are multiples of 8.

    [] stdout is probably line buffered so flsbuf will be called every "\n" (and every buffer, maybe 512 characters) which explains a bit why changing the format strings changes the timing of the wild access.

    [] the first printf (or puts, etc.) will cause a buffer for stdout to be created (via malloc)

    [] if the "%x"s that you changed to "%d"s are the only "%x"s then the main effect will be that image code gets smaller (possibly affecting the globals and heap base) because the formatting code for %x can be removed.  Also, of course the contents of the buffer are different after the printf.

    It's hard to say if tracking down the problem will ultimately be worthwhile, but if I was in your position I'm the sort of person that tends to get obsessed by this sort of thing until I understand it.  Changing stdout to unbuffered might possibly avoid the problem (like mapping in the low memory) but it might just come back in some worse way.
Reply
  • Arm Employee Badge
    Note: This was originally posted on 20th September 2012 at http://forums.arm.com

    This continues to smell like heap corruption.

    How are you setting the heap boundaries?  And to what values?

    More random thoughts:

    [] 256MB should be plenty of heap (unless there's been a lot more allocation that is shown)

    [] What other code is running before the first printf?  Any special startup code or just the standard library startup?

    [] Are the values printed for Next_Ptr_Glob and Ptr_Glob reasonable? (that is, within you heap and not within your globals or stack)  It's good that they are multiples of 8.

    [] stdout is probably line buffered so flsbuf will be called every "\n" (and every buffer, maybe 512 characters) which explains a bit why changing the format strings changes the timing of the wild access.

    [] the first printf (or puts, etc.) will cause a buffer for stdout to be created (via malloc)

    [] if the "%x"s that you changed to "%d"s are the only "%x"s then the main effect will be that image code gets smaller (possibly affecting the globals and heap base) because the formatting code for %x can be removed.  Also, of course the contents of the buffer are different after the printf.

    It's hard to say if tracking down the problem will ultimately be worthwhile, but if I was in your position I'm the sort of person that tends to get obsessed by this sort of thing until I understand it.  Changing stdout to unbuffered might possibly avoid the problem (like mapping in the low memory) but it might just come back in some worse way.
Children
No data