This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

nRF52-DK can be made to silently reset even with all ARM fault handlers implemented

We are developing a product based on nRF52832 and we need to verify that in case of problems, the device will "fail gracefully". So we looked at implementing the ARM handlers, and also making a test setup to verify that they are working OK. The test setup runs on the nRF52-DK and contains a minimal app (we call it "kamikaze") which has a simple UART interface, and which will do various nasty things to trigger the handlers when asked. (Of course you have to reset kamikaze after.)

All handlers print stack frame and fault registers to a simple bitbash UART, and flash LEDS in an infinite loop.

We were able initially to see that our HARD FAULT handler is OK. Then we enabled the BUS FAULT, MEMMANAGE FAULT and USAGE FAULT handlers and were able to trigger them all in different ways. (We also enabled DIV_BY_ZERO and ALIGNMENT faults.)

Just to see how the controller responded, we thought we would try writing some "evil recursive" code and try to overflow the stack. It was harder thna we thought, but we did it like this:

static volatile uint32_t dummy = 1;

uint32_t evil_recursive(uint32_t i)
{
  printf("N:%d MSP: 0x%08x", i, (uint32_t *)__get_MSP());
  return evil_recursive( i + dummy);
}

main()
{
  uint32_t i = evil_recursive(1);
}

We needed to compile with the

-fno-optimize-sibling-calls

flag, but this does cause a BUS FAULT after eating stack for a few minutes. The printf is a slow, blocking call to the bit bash UART.

So far so good.

Next to speed up the test, we removed the printf, expecting the same BUS FAULT, but sooner.

To our surprise, we didn't get that. The uC immediately resets, NO handler is triggered.

We also tried replacing the long string with a single UART puct() call, to make things happen quicker - now we also got the same silent reset.

Maybe we are missing something, but this is not what we want or expect. With all handlers implemented and working, we don't want it to be possible to make the ARM core silently reset.

We realise that what we are doing is pretty abusive and not at all a usual situation, but still, cannot easily explain how this can happen.

0 danmcb over 4 years ago

I got some compiler output for the two functions. First the one that DOES trigger a BUS FAULT:

00026678 <evil_recursive>:
   26678:   b5f0         push   {r4, r5, r6, r7, lr}
   2667a:   4e4c         ldr   r6, [pc, #304]   ; (267ac <evil_recursive+0x134>)
   2667c:   b083         sub   sp, #12
   2667e:   4604         mov   r4, r0
   26680:   212f         movs   r1, #47   ; 0x2f
   26682:   4630         mov   r0, r6
   26684:   f004 fb8f    bl   2ada6 <strrchr>
   26688:   f3ef 8308    mrs   r3, MSP
   2668c:   4f48         ldr   r7, [pc, #288]   ; (267b0 <evil_recursive+0x138>)
   2668e:   4d49         ldr   r5, [pc, #292]   ; (267b4 <evil_recursive+0x13c>)
   26690:   9301         str   r3, [sp, #4]
   26692:   1c41         adds   r1, r0, #1
   26694:   463b         mov   r3, r7
   26696:   9400         str   r4, [sp, #0]
   26698:   223c         movs   r2, #60   ; 0x3c
   2669a:   2000         movs   r0, #0
   2669c:   f004 fa14    bl   2aac8 <project_log>
   266a0:   682b         ldr   r3, [r5, #0]
   266a2:   212f         movs   r1, #47   ; 0x2f
   266a4:   4630         mov   r0, r6
   266a6:   441c         add   r4, r3
   266a8:   f004 fb7d    bl   2ada6 <strrchr>
   266ac:   f3ef 8308    mrs   r3, MSP
   266b0:   223c         movs   r2, #60   ; 0x3c
   266b2:   9301         str   r3, [sp, #4]
   266b4:   1c41         adds   r1, r0, #1
   266b6:   9400         str   r4, [sp, #0]
   266b8:   463b         mov   r3, r7
   266ba:   2000         movs   r0, #0
   266bc:   f004 fa04    bl   2aac8 <project_log>
   266c0:   682b         ldr   r3, [r5, #0]
   266c2:   212f         movs   r1, #47   ; 0x2f
   266c4:   4630         mov   r0, r6
   266c6:   441c         add   r4, r3
   266c8:   f004 fb6d    bl   2ada6 <strrchr>
   266cc:   f3ef 8308    mrs   r3, MSP
   266d0:   223c         movs   r2, #60   ; 0x3c
   266d2:   9301         str   r3, [sp, #4]
   266d4:   1c41         adds   r1, r0, #1
   266d6:   9400         str   r4, [sp, #0]
   266d8:   463b         mov   r3, r7
   266da:   2000         movs   r0, #0
   266dc:   f004 f9f4    bl   2aac8 <project_log>
   266e0:   682b         ldr   r3, [r5, #0]
   266e2:   212f         movs   r1, #47   ; 0x2f
   266e4:   4630         mov   r0, r6
   266e6:   441c         add   r4, r3
   266e8:   f004 fb5d    bl   2ada6 <strrchr>
   266ec:   f3ef 8308    mrs   r3, MSP
   266f0:   223c         movs   r2, #60   ; 0x3c
   266f2:   9301         str   r3, [sp, #4]
   266f4:   1c41         adds   r1, r0, #1
   266f6:   9400         str   r4, [sp, #0]
   266f8:   463b         mov   r3, r7
   266fa:   2000         movs   r0, #0
   266fc:   f004 f9e4    bl   2aac8 <project_log>
   26700:   682b         ldr   r3, [r5, #0]
   26702:   212f         movs   r1, #47   ; 0x2f
   26704:   4630         mov   r0, r6
   26706:   441c         add   r4, r3
   26708:   f004 fb4d    bl   2ada6 <strrchr>
   2670c:   f3ef 8308    mrs   r3, MSP
   26710:   223c         movs   r2, #60   ; 0x3c
   26712:   9301         str   r3, [sp, #4]
   26714:   1c41         adds   r1, r0, #1
   26716:   9400         str   r4, [sp, #0]
   26718:   463b         mov   r3, r7
   2671a:   2000         movs   r0, #0
   2671c:   f004 f9d4    bl   2aac8 <project_log>
   26720:   682b         ldr   r3, [r5, #0]
   26722:   212f         movs   r1, #47   ; 0x2f
   26724:   4630         mov   r0, r6
   26726:   441c         add   r4, r3
   26728:   f004 fb3d    bl   2ada6 <strrchr>
   2672c:   f3ef 8308    mrs   r3, MSP
   26730:   223c         movs   r2, #60   ; 0x3c
   26732:   9301         str   r3, [sp, #4]
   26734:   1c41         adds   r1, r0, #1
   26736:   9400         str   r4, [sp, #0]
   26738:   463b         mov   r3, r7
   2673a:   2000         movs   r0, #0
   2673c:   f004 f9c4    bl   2aac8 <project_log>
   26740:   682b         ldr   r3, [r5, #0]
   26742:   212f         movs   r1, #47   ; 0x2f
   26744:   4630         mov   r0, r6
   26746:   441c         add   r4, r3
   26748:   f004 fb2d    bl   2ada6 <strrchr>
   2674c:   f3ef 8308    mrs   r3, MSP
   26750:   223c         movs   r2, #60   ; 0x3c
   26752:   9301         str   r3, [sp, #4]
   26754:   1c41         adds   r1, r0, #1
   26756:   9400         str   r4, [sp, #0]
   26758:   463b         mov   r3, r7
   2675a:   2000         movs   r0, #0
   2675c:   f004 f9b4    bl   2aac8 <project_log>
   26760:   682b         ldr   r3, [r5, #0]
   26762:   212f         movs   r1, #47   ; 0x2f
   26764:   4630         mov   r0, r6
   26766:   441c         add   r4, r3
   26768:   f004 fb1d    bl   2ada6 <strrchr>
   2676c:   f3ef 8308    mrs   r3, MSP
   26770:   223c         movs   r2, #60   ; 0x3c
   26772:   9301         str   r3, [sp, #4]
   26774:   1c41         adds   r1, r0, #1
   26776:   9400         str   r4, [sp, #0]
   26778:   463b         mov   r3, r7
   2677a:   2000         movs   r0, #0
   2677c:   f004 f9a4    bl   2aac8 <project_log>
   26780:   682b         ldr   r3, [r5, #0]
   26782:   4630         mov   r0, r6
   26784:   212f         movs   r1, #47   ; 0x2f
   26786:   441c         add   r4, r3
   26788:   f004 fb0d    bl   2ada6 <strrchr>
   2678c:   f3ef 8308    mrs   r3, MSP
   26790:   223c         movs   r2, #60   ; 0x3c
   26792:   1c41         adds   r1, r0, #1
   26794:   e9cd 4300    strd   r4, r3, [sp]
   26798:   2000         movs   r0, #0
   2679a:   463b         mov   r3, r7
   2679c:   f004 f994    bl   2aac8 <project_log>
   267a0:   6828         ldr   r0, [r5, #0]
   267a2:   4420         add   r0, r4
   267a4:   f7ff ff68    bl   26678 <evil_recursive>
   267a8:   b003         add   sp, #12
   267aa:   bdf0         pop   {r4, r5, r6, r7, pc}
   267ac:   0002bd28    .word   0x0002bd28
   267b0:   0002bd3c    .word   0x0002bd3c
   267b4:   20003310    .word   0x20003310

and here is the version with no print statements that causes the silent reset:

00026678 <evil_recursive>:
   26678:   b510         push   {r4, lr}
   2667a:   4a0b         ldr   r2, [pc, #44]   ; (266a8 <evil_recursive+0x30>)
   2667c:   6813         ldr   r3, [r2, #0]
   2667e:   6811         ldr   r1, [r2, #0]
   26680:   440b         add   r3, r1
   26682:   6811         ldr   r1, [r2, #0]
   26684:   6814         ldr   r4, [r2, #0]
   26686:   440b         add   r3, r1
   26688:   6811         ldr   r1, [r2, #0]
   2668a:   4423         add   r3, r4
   2668c:   440b         add   r3, r1
   2668e:   6811         ldr   r1, [r2, #0]
   26690:   440b         add   r3, r1
   26692:   6811         ldr   r1, [r2, #0]
   26694:   440b         add   r3, r1
   26696:   6811         ldr   r1, [r2, #0]
   26698:   6812         ldr   r2, [r2, #0]
   2669a:   440b         add   r3, r1
   2669c:   4413         add   r3, r2
   2669e:   4418         add   r0, r3
   266a0:   f7ff ffea    bl   26678 <evil_recursive>
   266a4:   bd10         pop   {r4, pc}
   266a6:   bf00         nop
   266a8:   20003310    .word   0x20003310
Cancel
Vote Up 0 Vote Down

Cancel
0 Einarh over 4 years ago in reply to danmcb

Hello!

Have you checked the reset reason register?

You can read this on boot to check if you had a LOCKUP reset (hardfault in hardfault) (this can only happen when you're not in debug interface mode)

Best regards,

Einar
Cancel
Vote Up 0 Vote Down

Cancel
0 danmcb over 4 years ago

trying to reply to Einar - but for some reason the reply button is not under your post. Yes, lockup turned out to be the cause. Thank you!
Cancel
Vote Up 0 Vote Down

Cancel