堆栈内存溢出
  简体   繁体   English

malloc崩溃了嵌入式系统

[英]malloc crashes embedded system

 原文  2015-05-05 12:12:21       c/ matrix/ malloc/ cortex-m

问题描述

I am trying to multiply matrices of arbitrary sizes on a cortex M4-core. 我试图在皮质M4核心上增加任意大小的矩阵。 I DO need a malloc... But I don't understand why at the first call it works and at the second call it doesnt work any more. 我需要一个malloc ...但我不明白为什么在第一次调用时它起作用,而在第二次调用时它不再起作用了。 it just jumps to the default interrupt handler FaultISR. 它只是跳转到默认的中断处理程序FaultISR。

hereby the dissasembly code: 特此解散代码:

在此输入图像描述

It fails when executing the BL command 执行BL命令时失败

function calls: 函数调用: 

multiplyMatrices( &transFRotMatrix[0][0],3, 3, &sunMeasurements[0][0], 3, 1, *orbitalSunVector); //Works fine

multiplyMatrices( &firstRotMatrix[0][0],3, 3, &orbitalTMFV[0][0], 3, 1, *inertialTMFV); //doesn t work fine

code: 码: 

void multiplyMatrices(float *transposedMatrix, int height1, int width1, float *iSunVector,int height2, int width2, float *orbitalSunVector)
{

    int y=0;
    int x = 0;
    int row=0;
    int column =0;
    int k=0;
    int k2=0;
    float result = 0;
    float *output2=NULL;

    int i=0;
    int j=0;

    i=0;
    k=0;
    k2 = 0;


    if(width1 != height2)
    {
        //printf("unmatching matrices, error.\n\n");
        return;
    }

    output2 = malloc(height1 * width2 * sizeof(float)); //<---- jumps o FaultISR


    while(k<width1) //aantal rijen 1ste matrix
    {
        for(j=0;j<height2;j++) //aantal rijen 2de matrix
        {
            result += (*((transposedMatrix+k*width1)+j)) * (*((iSunVector+j*width2)+k2));  //1ste var:aantal kolommen 2de matrix  --2de variabele na de plus = aantal kolommen 2de matrix
            //printf("%f * %f\t + ", (*((transposedMatrix+k*width1)+j)), (*((iSunVector+j*width2)+k2)));
        }

         output2[row* width1 + column] = result;

        k2++;
        x++;
        column++;

        if(x==width2) //aantal kolommen 2de Matrix
        {
            k2=0;
            x=0;
            column=0;
            row++;
            y++;
            k++;
        }
        result = 0;

    }

    //tussenresultaat
    for(i=0;i<height1;i++)
    {
        for(j=0;j<width2;j++)
        {
             orbitalSunVector[j * height1 + i] = output2[i* width1 + j]; //output2[i][j];

        }
    }

    free(output2);
}

2 个解决方案

解决方案1
 0  2015-05-05 12:40:42

You are overflowing your output2 matrix in both loops due to an incorrect index calculation. 由于索引计算不正确,导致两个循环中的output2矩阵溢出。 You have: 你有: 

output2[row*width1 + column] = result;
...
orbitalSunVector[j*height1 + i] = output2[i*width1 + j];

but you should be using width2 in both cases since the final matrix is width2 * height1 in size (as it is allocated): 但是你应该在两种情况下使用width2 ,因为最终矩阵的大小是width2 * height1 (因为它被分配): 

output2[row*width2 + column] = result;
...
orbitalSunVector[j*height1 + i] = output2[i*width2 + j];

I didn't check any of your other indexes but I would test the function with a few known cases to make sure it outputs the correct results. 我没有检查你的任何其他索引,但我会用一些已知的情况测试该函数,以确保它输出正确的结果。 If you had done more debugging and checked the array indexes it should have been easy to spot. 如果您已经完成了更多调试并检查了数组索引,那么应该很容易发现它。

Note that the reason it worked for you the first time but not the second time is due to undefined behaviour (UB). 请注意,它第一次为您工作但不是第二次的原因是由于未定义的行为(UB)。 As soon as you write past the end of output2 you invoke UB and anything can happen. 只要你写过去的结束output2调用UB和任何事情都有可能发生。 For you it happened to show up as a fault on the second call. 对你而言,它恰好在第二次通话中显示为故障。 For me it happened to fault on the first call. 对我来说,第一次通话就发生了错误。 If you're really unlucky it may not ever fault and just silently corrupt data. 如果你真的不走运,它可能永远不会出错,只是默默地破坏数据。

解决方案2
 0  2015-05-06 11:10:49

Do you use printf in other places of your code? 你在代码的其他地方使用printf吗?

This page recommends starting at 0x400 for heap size, which is 1024 decimal: 此页面建议从0x400开始,堆大小为1024十进制:

It is recommended to start with a reasonable heap size like 0x400 when there is limited dynamic allocation (like printf() calls in the code), and increase it as needed depending on the application. 当动态分配有限(如代码中的printf()调用)时,建议以合理的堆大小(如0x400)开始,并根据应用程序根据需要增加它。

You have 512 today, you could at least try to double that if possible, as per TI's recommendation, and see where this leads you. 您今天有512个,根据TI的建议,如果可能的话,您至少可以尝试加倍,并看看这会带给您什么。

This is a related question. 是一个相关的问题。 If you do not have a tool to watch heap allocation on the fly, try to manually fill the heap at startup ( memcpy it with known values, such as ASCII '#==#', 0xDEADBEEF, or whatever recognizable value), then run to just before you usually crash, and watch the content of the heap in the Memory window. 如果您没有工具来动态观察堆分配,请尝试在启动时手动填充堆(使用已知值memcpy它,例如ASCII'#==#',0​​xDEADBEEF或任何可识别的值),然后运行在你通常崩溃之前,在Memory窗口中观察堆的内容。 My best guess is that you'll find the heap is full. 我最好的猜测是你会发现堆满了。

Please also look if you can see error flag registers while you are in the FaultISR. 当您在FaultISR中时,还要查看是否可以看到错误标志寄存器。 Often there is something somewhere telling you why you came here. 经常会有某处告诉你为什么来这里。

I am not sure about TI's implementation of malloc , but they may save an error value. 我不确定TI的malloc实现,但它们可能会保存错误值。 I'd not bet on that one, since it would probably return NULL in that case, rather than crash. 我不打赌那个,因为在这种情况下它可能会返回NULL,而不是崩溃。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 嵌入式系统上的malloc行为 - malloc behaviour on an embedded system 没有操作系统的嵌入式系统中的malloc - malloc in an embedded system without an operating system 对malloc的调用永远不会在嵌入式系统上返回 - 很奇怪 - Call to malloc never returns on an embedded system - weird one malloc 调用 realloc,然后崩溃 - malloc calls realloc, then crashes malloc()函数崩溃 - malloc() function crashes Malloc在递归函数中崩溃 - Malloc crashes in recursive function 嵌入式RTOS并使用malloc / free - Embedded RTOS and using malloc/free 程序崩溃malloc / free,C - Program crashes malloc/free, C 大malloc上的系统malloc vs DLMalloc - System malloc vs DLMalloc on large malloc libc和malloc是操作系统的一部分吗? - Are libc and malloc part of the operating system?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM