Reputation: 111
Bus error debugging on arm cortex m4
I am trying to debug a precise bus error on a Arm cortex m4 chip. The board is a teensy 3.1 with a freescale MK20DX256VLH7. The error only happens when i actually send characters with the uart and results in a forced hard fault because i dont have buserror and memory error handlers. The fault happens after a random amount of time between 1 second and 1 minute when sending 30 integers per second with the uart. Also when i print the values in binary, not the uartPutInt() but the uartPutBin() function, the fault does not happen.
I "hacked" the teensy so i can use SWD debugging. I use a arm-none-eabi toolchain gcc, gdb.
I tried to double stack size but that doesn't help. I tried different itoa() approaches, doesn't help.
full code can be accessed here: https://github.com/paulusbrand/tricopter
The problem occurs in uartPutInt() function, its not the prettiest function but i tried different approaches and this one is the easiest to debug and understand.
original:
void uartPutInt(int32_t data) {
char buf[16] = {0};
uint32_t tmpData;
uint8_t neg = 0;
int8_t tmp = 0;
if(data<0) { // check negative
tmpData = -data;
neg=1;
}
else {
tmpData = data;
}
while(tmpData) { // convert to chars
uint8_t num = tmpData % 10;
buf[tmp++]=num+48;
tmpData/=10;
}
if(neg) { // add minus sign
buf[tmp++] = 45;
}
while(tmp>=0) {
uartPutChar(buf[tmp--]);
}
}
new version:
void uartPutInt(int32_t data) {
char buf[16] = {0};
uint32_t tmpData;
uint8_t neg = 0;
int8_t tmp = 0;
if(data<0) { // check negative
tmpData = -data;
neg=1;
}
else {
tmpData = data;
}
do { // convert te chars
uint8_t num = tmpData % 10;
buf[tmp++]=num+'0';
tmpData/=10;
} while(tmpData);
if(neg) { // add minus sign
buf[tmp++] = '-';
}
while(tmp>0) {
uartPutChar(buf[--tmp]);
}
}
When the bus error occurs i check the CFSR register in the SCB and find precise bus error and BFAR valid.
The value of BFAR and thus the problematic memory address is 0x01007fd2. Which is, as far as i can tell, in the code area of the memory but far beyond the end of the code. I not really sure what to do with this number.
The program counter PC when the error occurs is 0x1033. Which is in the uartPutInt() function. Disassembled below.
00000f6c <uartPutInt>:
f6c: b580 push {r7, lr}
f6e: b088 sub sp, #32
f70: af00 add r7, sp, #0
f72: 6078 str r0, [r7, #4]
f74: f107 0308 add.w r3, r7, #8
f78: 2200 movs r2, #0
f7a: 601a str r2, [r3, #0]
f7c: 3304 adds r3, #4
f7e: 2200 movs r2, #0
f80: 601a str r2, [r3, #0]
f82: 3304 adds r3, #4
f84: 2200 movs r2, #0
f86: 601a str r2, [r3, #0]
f88: 3304 adds r3, #4
f8a: 2200 movs r2, #0
f8c: 601a str r2, [r3, #0]
f8e: 3304 adds r3, #4
f90: 2300 movs r3, #0
f92: 76fb strb r3, [r7, #27]
f94: 687b ldr r3, [r7, #4]
f96: 2b00 cmp r3, #0
f98: da05 bge.n fa6 <uartPutInt+0x3a>
f9a: 687b ldr r3, [r7, #4]
f9c: 425b negs r3, r3
f9e: 61fb str r3, [r7, #28]
fa0: 2301 movs r3, #1
fa2: 76fb strb r3, [r7, #27]
fa4: e001 b.n faa <uartPutInt+0x3e>
fa6: 687b ldr r3, [r7, #4]
fa8: 61fb str r3, [r7, #28]
faa: e01f b.n fec <uartPutInt+0x80>
fac: 69f9 ldr r1, [r7, #28]
fae: 4b23 ldr r3, [pc, #140] ; (103c <uartPutInt+0xd0>)
fb0: fba3 2301 umull r2, r3, r3, r1
fb4: 08da lsrs r2, r3, #3
fb6: 4613 mov r3, r2
fb8: 009b lsls r3, r3, #2
fba: 4413 add r3, r2
fbc: 005b lsls r3, r3, #1
fbe: 1aca subs r2, r1, r3
fc0: 4613 mov r3, r2
fc2: 767b strb r3, [r7, #25]
fc4: 7eba ldrb r2, [r7, #26]
fc6: b2d3 uxtb r3, r2
fc8: 3301 adds r3, #1
fca: b2db uxtb r3, r3
fcc: 76bb strb r3, [r7, #26]
fce: b253 sxtb r3, r2
fd0: 7e7a ldrb r2, [r7, #25]
fd2: 3230 adds r2, #48 ; 0x30
fd4: b2d2 uxtb r2, r2
fd6: f107 0120 add.w r1, r7, #32
fda: 440b add r3, r1
fdc: f803 2c18 strb.w r2, [r3, #-24]
fe0: 69fb ldr r3, [r7, #28]
fe2: 4a16 ldr r2, [pc, #88] ; (103c <uartPutInt+0xd0>)
fe4: fba2 2303 umull r2, r3, r2, r3
fe8: 08db lsrs r3, r3, #3
fea: 61fb str r3, [r7, #28]
fec: 69fb ldr r3, [r7, #28]
fee: 2b00 cmp r3, #0
ff0: d1dc bne.n fac <uartPutInt+0x40>
ff2: 7efb ldrb r3, [r7, #27]
ff4: 2b00 cmp r3, #0
ff6: d00b beq.n 1010 <uartPutInt+0xa4>
ff8: 7eba ldrb r2, [r7, #26]
ffa: b2d3 uxtb r3, r2
ffc: 3301 adds r3, #1
ffe: b2db uxtb r3, r3
1000: 76bb strb r3, [r7, #26]
1002: b253 sxtb r3, r2
1004: f107 0220 add.w r2, r7, #32
1008: 4413 add r3, r2
100a: 222d movs r2, #45 ; 0x2d
100c: f803 2c18 strb.w r2, [r3, #-24]
1010: e00d b.n 102e <uartPutInt+0xc2>
1012: 7eba ldrb r2, [r7, #26]
1014: b2d3 uxtb r3, r2
1016: 3b01 subs r3, #1
1018: b2db uxtb r3, r3
101a: 76bb strb r3, [r7, #26]
101c: b253 sxtb r3, r2
101e: f107 0220 add.w r2, r7, #32
1022: 4413 add r3, r2
1024: f813 3c18 ldrb.w r3, [r3, #-24]
1028: 4618 mov r0, r3
102a: f7ff ff87 bl f3c <uartPutChar>
102e: f997 301a ldrsb.w r3, [r7, #26]
1032: 2b00 cmp r3, #0
1034: daed bge.n 1012 <uartPutInt+0xa6>
1036: 3720 adds r7, #32
1038: 46bd mov sp, r7
103a: bd80 pop {r7, pc}
103c: cccccccd stclgt 12, cr12, [ip], {205} ; 0xcd
Can somebody please help me with this?
Thanks!
Upvotes: 4
Views: 1694
Answers (1)
Reputation: 1
tmp is uninitialized:
void uartPutInt(int32_t data) {
char buf[16] = {0};
uint32_t tmpData;
uint8_t neg = 0;
int8_t tmp; // not initialized
if(data<0) { // check negative
tmpData = -data;
neg=1;
}
else {
tmpData = data;
}
while(tmpData) { // convert to chars
uint8_t num = tmpData % 10;
// what's in tmp right now?!?!
buf[tmp++]=num+48;
tmpData/=10;
}
if(neg) { // add minus sign
buf[tmp++] = 45;
}
while(tmp>=0) {
uartPutChar(buf[tmp--]);
}
}
Upvotes: 1
Related Questions
- Cycle counter on ARM Cortex M4 (or M3)?
- fatal error: Python.h: No such file or directory
- What is a bus error? Is it different from a segmentation fault?
- gcc makefile error: "No rule to make target ..."
- Compile for ARM Cortex M3 using standard GCC?
- ARM Cortex-M4: Running code from external flash
- Enable external interrupts ARM Cortex-M0+ (STM32G070)