tags:

views:

93

answers:

4
+2  Q: 

ARM Cortex M3 How do I determine the program counter value before a hard fault?

Hi all,

I have an embedded project using a STM32F103 (ARM Cortex M3), it is getting a occasionally getting hard fault in release mode. As part of recovery, I would like to retrieve the PC value from before the hard fault and store it for later debugging in the battery backed region.

How would I determine the value of the program counter at the point of the hard fault? Obviously, the PC is now set to its location within the hardfault interrupt.

Where should I look? It there an address for the normal mode register bank?

Thanks!

+3  A: 

You should look into the ARM Architecture Reference Manual in the section on Exceptions. You need to register to get it.

Typically a relevant address will be put in the link register LR (R14), but the precise meaning varies according to the exception, and there are varying offsets.

W.r.t. accessing the User/System mode register bank, I think you need to switch the mode to access it.

starblue  2010-09-21 20:31:03
Ahh, cool! Just checked it while debugging (have no clue how to invoke a hard fault currently ;p ) and it indeed shows the address of the caller. Thanks a lot!
leppie  2010-09-21 20:37:03
OK, I see it is not the caller, but the return address.
leppie  2010-09-21 20:45:37
I generated the hard fault by: *((char *)0x00) = 5;
JeffV  2010-09-22 10:35:31
A: 

I found a common cause for these issues are those 'for loop' delays. When using -O3 they simply get optimized away if you are are not referring to volatile variables. Personally, I prefer the SysTick approach.

leppie  2010-09-21 20:31:45
Thanks @leppie, whole heartedly agree. No for loop delays here, I;m also using SysTick for my counting. Every thing is in a state machine as well, to avoid blocking. I think the problem would present itself in debug mode if I gave it enough time.
JeffV  2010-09-21 22:23:21
+1  A: 

When an exception occurs, the processor state change from the current state to the abort state. In the abort state the processor shifts to use a new set of registers for sp and lr (sp_abt and sp_lr respectively. For a data abort, the offending instruction can be found in lr_abt + 8 for an prefect about in lr_abt + 4 (as per the ARMv7 Architecure reference manual)

doron  2010-09-21 20:49:47
Awesome, thanks!
JeffV  2010-09-21 22:25:30
changed sp_abt to lr_abt quite a bad mistake on my part - fixed now
doron  2010-09-22 00:26:29
This is valid for classic ARM but not Cortex-M3
Igor Skochinsky  2010-09-22 09:36:47
+1  A: 

Cortex-M3 uses a quite different model of exception handling from the "classic" ARM, e.g. it doesn't have "abort mode" mentioned in the other post. I suggest you to read this app note. For example, for the Hard Fault:

The value of SCB->BFAR indicates the memory address that caused a Bus Fault and is valid if the bit BFARVALID in the SCB->CFSR register is set. The value of SCB->MMFAR indicates the memory address that caused a Memory Management Fault and is valid if the bit MMFARVALID in the SCB->CFSR register is set.

To determine the PC value at the time of exception you need to examine the stack; the processor pushes R0-R3, R12, PC and LR before executing the handler. The stack used can be either Main (if bit 2 of LR is 0) or Process (otherwise). See page 13 of the app note for details.

Igor Skochinsky  2010-09-22 09:31:15
Thanks Igor, how do I fetch the PC from the stack?
JeffV  2010-09-22 10:30:36
You need to fetch PSP or MSP and get a word at offset 0x18 from it. See an example implementation here: http://embdev.net/topic/170640#1636052
Igor Skochinsky  2010-09-22 10:37:24
Still trying to figure this out. Is this offset 24 bytes above the MSP?: uint32_t *pc = (uint32_t *) ((char *)_get_MSP() + 24);
JeffV  2010-09-22 19:42:24
You should do it in assembler, the compiler might adjust the stack value before it gets to your code.
Igor Skochinsky  2010-09-22 21:18:49
Yes, I'm seeing that. Just correcting for the offset and getting the proper PC value now. I'll need to test in release mode to ensure the offset doesn't change. Thanks again!
JeffV  2010-09-22 23:48:08

related questions

How does vxWorks deal with two tasks at the same priority?
How are the vxWorks "kernel shell" and "host shell" different?
Bursty writes to SD/USB stalling my time-critical apps on embedded Linux
Rich User Interface on Embedded Linux Device
Test framework for black box regression testing
What are some Real-Time Operating Systems for 32-bit processors?
How do you start running the program over again in gdb with 'target remote'?
How you disable the processor cache on a PowerPC processor?
What simple method can I use to debug an embedded processor without serial port or video?
How do you measure the time a function takes to execute?
Unit Testing C Code
Misra standard for embedded software.
Power Efficient Software Coding
Learning kernel hacking and embedded development at home?
C (or any) compilers deterministic performance
GPS and Embedded Development - Where to find resources?
How to support multiple languages on a microcontroller?
Windows XP support for Remote NDIS
Is there an alternative to using % (modulus) in C/C++?
What is a jump table?
How do you set, clear and toggle a single bit in C?
What are the best practices for embedded systems development?
How do I get started in embedded programming?
Best Ways to Debug a Release Mode Application
When should I use type abstraction in embedded systems