ARM7TDMI
I am trying to understand how effective the undefined instruction exception is at stopping uncontrolled execution in arm mode.
Out of the entire 32bit arm mode instruction space, how many patterns are considered invalid instructions? The docs say that some invalid patterns are not caught by the undefined instruction exception. How many?
OK, so I was a bit off in my count... If random corruption is only detected on average once out of every 16 words, it is a bit less immediate, but it still seems worth mentioning as a safety feature.
Similarly, it is useful to quantify the number of instructions susceptible to data abort and prefetch abort.
Corruption of instruction memory would also corrupt address fields. A given system will have a memory map that is a tiny fraction of the address space, so if every access outside the valid map could be caught, it would be a plus.
It seems that ARM devices supporting external memory do not take into account the actual device sizes for the purposes of generating exceptions. If the chip select space is 16MB but with only 1MB attached, no exception is generated for accesses beyond 1MB.
Custom external logic may be needed to add that level of safetly.
From my personal experience, when working with a Coldfire V2 MCU, it is often possible to find what caused an exception by just decoding the exception stack frame. On the other hand, a similar application on an ARM7TDMI-based MCU (STR710 family) would be long lost in the woods before it hit a CPU exception. That's because most exceptions were caused by corrupt pointers (I know, but it was early debugging stage) and the Coldfire CPU would generate an exception on the very first illegal memory access because legal memory space is very limited. I guess the moral of the story is: if you want to catch illegal memory accesses efficiently, get an MCU that supports it.