如何使用简单的指令或指令获取硬故障异常
[英]How to get a hard fault exception with a simple or instruction on arm
问题描述
Currently we are hunting a phantom, which is in the form that when we compile in some code (without calling it) one specific call to memset generates an hard fault exception.
目前我们正在寻找一个幻象,它的形式是当我们在某些代码中编译(不调用它)时,对 memset 的一个特定调用会生成一个硬故障异常。
The address and length given to memset are valid.给 memset 的地址和长度是有效的。 Stepping through it in single instruction mode showed that it always fails at an OR instruction.在单指令模式下单步执行它表明它总是在 OR 指令处失败。 But instead of calculating the value, the processor decides to call 0xfffffff9, and then jumps into the hardfault handler, with the reason of an unknown instruction.但是处理器决定调用 0xfffffff9,而不是计算该值,然后跳转到硬故障处理程序,原因是一条未知指令。
The disassembly of memset where it happens: memset 发生的地方的反汇编:
0x80192f0 <+0x0020> 03 2c cmp r4, #3
0x80192f2 <+0x0022> 2e d9 bls.n 0x8019352 <memset+130>
0x80192f4 <+0x0024> cd b2 uxtb r5, r1
# The following line crashes
0x80192f6 <+0x0026> 45 ea 05 25 orr.w r5, r5, r5, lsl #8
0x80192fa <+0x002a> 0f 2c cmp r4, #15
0x80192fc <+0x002c> 45 ea 05 45 orr.w r5, r5, r5, lsl #16
Disassembly of 0xfffffff9: 0xffffff9 的反汇编:
0xfffffff7 00 00 movs r0, r0
0xfffffff9 00 00 movs r0, r0
0xfffffffb 00 00 movs r0, r0
Where can we look to find the source of this exception?我们在哪里可以找到这个异常的来源?
We run the software on a STM32F429II, which is a Cortex-M4.我们在 STM32F429II(Cortex-M4)上运行该软件。
2 个解决方案
解决方案1
2 2019-03-12 15:40:31
Bear in mind that for Cortex-M, the link register value indicates how to return from an exception, not the address to return to.请记住,对于 Cortex-M,链接寄存器值指示如何从异常中返回,而不是要返回的地址。 The relevant address will be on the stack (assuming that stacking didn't fail as well).相关地址将在堆栈上(假设堆栈也没有失败)。
0xFFFFFFF1 Return to Handler mode.
0xFFFFFFF1 返回处理程序模式。
Exception return gets state from the main stack.异常返回从主堆栈中获取状态。 Execution uses MSP after return.返回后执行使用MSP。0xFFFFFFF9 Return to Thread mode.
0xFFFFFFF9 返回线程模式。Exception Return get state from the main stack.
异常返回从主堆栈中获取状态。 Execution uses MSP after return.返回后执行使用MSP。0xFFFFFFFD Return to Thread mode.
0xFFFFFFFD 返回线程模式。Exception return gets state from the process stack.
异常返回从进程堆栈中获取状态。 Execution uses PSP after return.返回后执行使用PSP。
Cortex-M can also never execute code from the 'local peripheral' memory space. Cortex-M 也永远无法从“本地外设”内存空间执行代码。
解决方案2
1 2019-06-19 21:25:19
@Rudi! @鲁迪! I hope you are already solved this.我希望你已经解决了这个问题。 I've just encountered same issue and would like to share my experience.我刚刚遇到了同样的问题,想分享我的经验。
The fact MCU goes HardFault from orr.w instruction does not mean that your problem is in instruction itself. MCU 从orr.w指令变为 HardFault 的事实并不意味着您的问题出在指令本身。 I used HFSR register (mentioned by @starblue) to find a moment when it changes.我使用 HFSR 寄存器(由@starblue 提到)来查找它发生变化的时刻。 If you use Eclipse - just add memory watchpoint or如果您使用 Eclipse - 只需添加内存观察点或
(uint32_t)*((uint32_t *) 0xE000ED2C)
to expressions and find the line in which the value becoming not equal to zero.到表达式并找到值变得不等于零的那一行。
In my case it was line with null pointer value assignment.在我的情况下,它与空指针值分配一致。 And it was 15 assembly lines before the jump to Hardfault handler.在跳转到 Hardfault 处理程序之前是 15 条装配线。 In your case it could be even in other thread.在您的情况下,它甚至可能在其他线程中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.