I am using an embedded system running an STM32F205RE processor, which communicates with a fm/bluetooth/gps chip called cg2900, and it happens This error.
Using the debugger I can see that the pointer points to addresses A5 and FF respectively during several tests. However, it seems to happen at random times, and sometimes I can run the test for an hour without fail, And other times it crashes for 20 seconds.
I am running freeRTOS as a scheduler to switch between different tasks (one for radio, one for Bluetooth, and one for other regular maintenance). Interference in some way.
What could be the reason for this? Since it is running on custom hardware, it cannot be ruled out that this is a hardware problem (possibly). Any pointers (no puns) on how to debug the problem?
Edit:
After further investigation, it seems that it was very random at the time of the crash, not just that specific pointer. I used a hardfault handler to get these registers The following values (all values are expressed in hexadecimal):
Semi-long run before the crash (minutes):
R0 = 1
R1 = fffffffd
R2 = 20000400
R3 = 20007f7c
R12 = 7
LR [R14] = 200000c8 subroutine call return address
PC [R15] = 1010101 program counter
PSR = 8013d0f
BFAR = e000ed38
CFSR = 10000
HFSR = 40000000
DFSR = 0
AFSR = 0
SCB_SHCSR = 0
Very short (seconds) before the crash:
R0 = 40026088
R1 = fffffff1
R2 = cb3
R3 = 1
R12 = 34d
LR [R14] = 40026088 subroutine call return address
PC [R15] = a5a5a5a5 program counter
PSR = fffffffd
BFAR = e000ed38
CFSR = 100
HFSR = 40000000
DFSR = 0
AFSR = 0
SCB_SHCSR = 0
Another short (second ):
R0 = 0
R1 = fffffffd
R2 = 20000400
R3 = 20007f7c
R12 = 7
LR [R14] = 200000c8 subroutine call return address
PC [R15] = 1010101 program counter
PSR = 8013d0f
BFAR = e000ed38
CFSR = 1
HFSR = 40000000
DFSR = 0
AFSR = 0
SCB_SHCSR = 0
After a long time (1 hour):
R0 = e80000d0
R1 = fffffffd
R2 = 20000400
R3 = 2000877c
R12 = 7
LR [R14] = 200000c8 subroutine call return address
PC [R15] = 1010101 program counter
PSR = 8013d0f
BFAR = 200400d4
CFSR = 8200
HFSR = 40000000
DFSR = 0
AFSR = 0
SCB_SHCSR = 0
It seems to crash at the same point most of the time. I adjusted the memory according to the previous suggestions, but I still seem to have the same problem.
Thank you for your time!
Kind regards
arraytype* const ptr = array ;
This will allow the compiler to detect any explicit writes. However, pointers are more likely to be corrupted by some unrelated coding errors.
Coretx-M3 on-chip Debugging supports data access breakpoints; you should set such a breakpoint on the offending pointer in order to capture all write access to it. You will get a break at initialization, and then after modification-intentionally or unintentionally.
The possible cause is the overflow of adjacent arrays or thread stacks.
I encountered a hard error problem, which appeared at a seemingly random time, the pointer Point to address A5 or FF (the memory space I allow is much lower than 80000000 and above). It always seems to have the same pointer as these two values.
I am using a processor running STM32F205RE Embedded system, which communicates with a fm/bluetooth/gps chip named cg2900, this error occurs.
Using the debugger I can see that the pointers point to addresses A5 and FF respectively during several tests However, it seems to happen at random times, sometimes I can run the test for an hour without fail, and other times it crashes for 20 seconds.
I am running freeRTOS as a scheduler to switch between different tasks (a For radio, one for Bluetooth, one for other regular maintenance), this may interfere in some way.
What could be the reason for this? Since it is running on custom hardware, it cannot be ruled out that this is a hardware problem (possibly). Any pointers (no puns) on how to debug the problem?
Edit:
After further investigation, it seems that it was very random at the time of the crash, not just that specific pointer. I used a hardfault handler to get these registers The following values (all values are expressed in hexadecimal):
Semi-long run before the crash (minutes):
R0 = 1
R1 = fffffffd
R2 = 20000400
R3 = 20007f7c
R12 = 7
LR [R14] = 200000c8 subroutine call return address
PC [R15] = 1010101 program counter
PSR = 8013d0f
BFAR = e000ed38
CFSR = 10000
HFSR = 40000000
DFSR = 0
AFSR = 0
SCB_SHCSR = 0
Very short (seconds) before the crash:
R0 = 40026088
R1 = fffffff1
R2 = cb3
R3 = 1
R12 = 34d
LR [R14] = 40026088 subroutine call return address
PC [R15] = a5a5a5a5 program counter
PSR = fffffffd
BFAR = e000ed38
CFSR = 100
HFSR = 40000000
DFSR = 0
AFSR = 0
SCB_SHCSR = 0
Another short (second ):
R0 = 0
R1 = fffffffd
R2 = 20000400
R3 = 20007f7c
R12 = 7
LR [R14] = 200000c8 subroutine call return address
PC [R15] = 1010101 program counter
PSR = 80 13d0f
BFAR = e000ed38
CFSR = 1
HFSR = 40000000
DFSR = 0
AFSR = 0
SCB_SHCSR = 0
After a long time (1 hour):
R0 = e80000d0
R1 = fffffffd
R2 = 20000400
R3 = 2000877c
R12 = 7
LR [R14] = 200000c8 subroutine call return address
PC [R15] = 1010101 program counter
PSR = 8013d0f
BFAR = 200400d4
CFSR = 8200
HFSR = 40000000
DFSR = 0
AFSR = 0
SCB_SHCSR = 0
It seems that it crashes at the same point most of the time. According to the previous It is recommended to adjust the memory, but I still seem to have the same problem.
Thank you for your time!
Kind regards
In your comment you mentioned that this pointer is explicitly allocated once and then never written. Here In this case, you should at least declare it as const and use initialization instead of assignment, such as
arraytype* const ptr = array ;
This will allow the compiler to detect any explicit writes. However, the pointer is more likely to be corrupted by some irrelevant coding errors.
Coretx-M3 on-chip debugging supports data access breakpoints; you should have problems Set such a breakpoint on the pointer in order to capture all write access to it. You will get a break during initialization, and then after modification-intentionally or unintentionally.
The possible cause is the adjacent array or Overflow of thread stack.