adding Softdevice BLE (S140) with GPIO attached coprocessor to project without softdevice. hardfault calling existing code after Softdevice active

Hi Sam, 

Could you let me know more about "but I can't tell which interrupt invoked the handler."  ? 

Have you checked how the interrupt for SPIM is enabled ? 

It's in this struct when nrfx_spim_init() is called:

typedef struct
{
    uint8_t sck_pin;      ///< SCK pin number.
    uint8_t mosi_pin;     ///< MOSI pin number (optional).
                          /**< Set to @ref NRFX_SPIM_PIN_NOT_USED
                           *   if this signal is not needed. */
    uint8_t miso_pin;     ///< MISO pin number (optional).
                          /**< Set to @ref NRFX_SPIM_PIN_NOT_USED
                           *   if this signal is not needed. */
    uint8_t ss_pin;       ///< Slave Select pin number (optional).
                          /**< Set to @ref NRFX_SPIM_PIN_NOT_USED
                           *   if this signal is not needed. */
    bool ss_active_high;  ///< Polarity of the Slave Select pin during transmission.
    uint8_t irq_priority; ///< Interrupt priority.
    uint8_t orc;          ///< Overrun character.
                          /**< This character is used when all bytes from the TX buffer are sent,
                               but the transfer continues due to RX. */
    nrf_spim_frequency_t frequency; ///< SPIM frequency.
    nrf_spim_mode_t      mode;      ///< SPIM mode.
    nrf_spim_bit_order_t bit_order; ///< SPIM bit order.
#if NRFX_CHECK(NRFX_SPIM_EXTENDED_ENABLED) || defined(__NRFX_DOXYGEN__)
    uint8_t              dcx_pin;     ///< D/CX pin number (optional).
    uint8_t              rx_delay;    ///< Sample delay for input serial data on MISO.
                                      /**< The value specifies the delay, in number of 64 MHz clock cycles
                                       *   (15.625 ns), from the the sampling edge of SCK (leading edge for
                                       *   CONFIG.CPHA = 0, trailing edge for CONFIG.CPHA = 1) until
                                       *   the input serial data is sampled. */
    bool                 use_hw_ss;   ///< Indication to use software or hardware controlled Slave Select pin.
    uint8_t              ss_duration; ///< Slave Select duration before and after transmission.
                                      /**< Minimum duration between the edge of CSN and the edge of SCK and minimum
                                       *   duration of CSN must stay inactive between transactions.
                                       *   The value is specified in number of 64 MHz clock cycles (15.625 ns).
                                       *   Supported only for hardware-controlled Slave Select. */
#endif
} nrfx_spim_config_t;

Have you narrowed it down to exactly SPIM interrupt handling causing the crash ? You mentioned "I get an access fault trying to write to the flash in code space" what is it about ? Is it the internal flash or external flash ? 

Regarding the interrupt priority check, please note that the softdevice crash most likely not because of the new interrupt handler added but more likely of the ones that already configured (but violate the softdevice requirement) so you may want to post the whole list of interrupt priority configuration here.

thanks..

the config data looks like 20035CC0

10 11 17 14 00 03 FF 00  00 00 00 40 00 00 00 00  00 00 00 00 00 00 00 01

sck = 10

mosi = 11

miso = 17

ss_pin = 14

ss_active_high = 00

irq_priority = 03, which matches the define used,  CONFIG_SPI_UWB_IRQ_PRIORITY=3

fill char  = FF

the hard fault is a write access fault at 75B0C , app_error_fault_handler id=1001, pc=75B0C, info =1

from the link map that is 

disassembly window

00075AFE MOV.W R3, #0
anomaly_198_disable();
static void anomaly_198_disable(void)
*((volatile uint32_t *)0x40000E00) = m_anomaly_198_preserved_value;
00075B02 IT EQ
00075B04 STREQ.W R3, [R2, #0x0E00]
nrf_spim_event_clear(p_spim, NRF_SPIM_EVENT_END);
__STATIC_INLINE void nrf_spim_event_clear(NRF_SPIM_Type * p_reg,
*((volatile uint32_t *)((uint8_t *)p_reg + (uint32_t)event)) = 0x0UL;
00075B08 STR.W R3, [R0, #0x0118]
volatile uint32_t dummy = *((volatile uint32_t *)((uint8_t *)p_reg + (uint32_t)event));
00075B0C LDR.W R3, [R0, #0x0118]  <---------------------  here 
00075B10 LDRB R0, [R1, #31]
00075B12 STR R3, [SP, #4]
(void)dummy;

r3 at the time is 0x00047335, which is in the flash section of the image 

```

```

this IS one of the functions I called out before as having code optimization problems however

this line of code generated  a pointer of 2 for p_cb

    spim_control_block_t * p_cb = &m_cb[p_instance->drv_inst_idx];

I have to change it like this 

 spim_control_block_t * p_cb = m_cb+p_instance->drv_inst_idx;

I reported this in Qorvo forums, 

p_instance->drv_inst_idx = 2

rfx_err_t nrfx_spim_xfer(nrfx_spim_t const * const p_instance,
nrfx_spim_xfer_desc_t const * p_xfer_desc,
uint32_t flags)
{
spim_control_block_t * p_cb = &m_cb[p_instance->drv_inst_idx]; <---- this sets the p_cb pointer to 2!!

change to 

spim_control_block_t * p_cb = m_cb+p_instance->drv_inst_idx;

https://forum.qorvo.com/t/dw3-qm33-sdk-bug-and-some-code-optimization-questions/24569

I have fixed all of those m_cb pointers in nrfx_spim.c, but same value in r3 at fault time
and its repeatable,  across buils, so its not a random value. 

this IS one of the functions I called out before as having code optimization problems however

this line of code generated  a pointer of 2 for p_cb

    spim_control_block_t * p_cb = &m_cb[p_instance->drv_inst_idx];

I have to change it like this 

 spim_control_block_t * p_cb = m_cb+p_instance->drv_inst_idx;

I reported this in Qorvo forums, 

p_instance->drv_inst_idx = 2

rfx_err_t nrfx_spim_xfer(nrfx_spim_t const * const p_instance,
nrfx_spim_xfer_desc_t const * p_xfer_desc,
uint32_t flags)
{
spim_control_block_t * p_cb = &m_cb[p_instance->drv_inst_idx]; <---- this sets the p_cb pointer to 2!!

change to 

spim_control_block_t * p_cb = m_cb+p_instance->drv_inst_idx;

https://forum.qorvo.com/t/dw3-qm33-sdk-bug-and-some-code-optimization-questions/24569

I have fixed all of those m_cb pointers in nrfx_spim.c, but same value in r3 at fault time
and its repeatable,  across buils, so its not a random value. 

Hi Sam, 
I'm looking at this 

 app_error_fault_handler id=1001, pc=75B0C, info =1

Error ID=1001 means NRF_FAULT_ID_APP_MEMACC. Here is the description for this error: 

Application invalid memory access. The info parameter will contain 0x00000000,
in case of SoftDevice RAM access violation. In case of SoftDevice peripheral
register violation the info parameter will contain the sub-region number of
PREGION[0], on whose address range the disallowed write access caused the
memory access fault.

The info =  1 so it match with bit number 0 in the table: https://docs.nordicsemi.com/bundle/ps_nrf52840/page/memory.html#topic

I suspect it either CLOCK control or POWER control. You can try to disable the protection of the subregion to see it's actually the cause of the fault : 

NRF_MWU->PREGION[0].SUBS &= ~(MWU_PREGION_SUBS_SR0_Include << MWU_PREGION_SUBS_SR0_Pos);
__DSB(); // barrier to ensure register is set before accessing NVMC or ACL.

Both CLOCK and POWER is restricted access when the softdevice is active (see 7.1 in the softdevice SDS .pdf file) . You may want to check if you have SOFTDEVICE_PRESENT defined in your preprocessor definitions. 

I went thru all the code, found one place setting power state, only used for SPI, not SPIM, also not loaded in binary 

I put a stop of the code that fails, 

using the table link above 

R0 = 0x4002F000

which says SPIM3

if I run from there, another stop at the same place, like the interrupt is not cleared. 

if I disable the stop, I get a hard fault. 

so, added more debug info..  i save the spim object address and as the interrupts are redirected to a common interrupt handler I save the spim number all prior to the code causing the fault.

the number is 3 (spim3) 

and the saved spim pointer is the same as above , in LSB format 00 F0 02 40

anyhow.. still confused.. and in the latest fault it was saving the spim pointer address that faulted..

interesting..   directly before the fault location is this in nrfx_spim.c

```

devzone.nordicsemi.com/.../enabling-workaround-for-anomaly-198-crashes-softdevice

I have changed the define in sdk_config.h to 0 instead of 1