Fault - CortexM3

jorsborn wrote on Friday, January 25, 2013:

I am experiencing numerous faults on a project. I am guessing that the problem is related to interrupts as the fault only occurs in the presence of an interrupt (analog comparator). Take the interrupt source away and it seems to run fine forever (in limited testing). Leave the interrupt source and it faults in tens of minutes… though never predictable.

The PC at fault is never the same, which also leads me to believe it’s interrupt related. However, it’s in the general vicinity of the vApplicationIdleHook() call or manipulating the list (pxList).

For reference, here is my config:

#define configUSE_PREEMPTION            0
#define configUSE_IDLE_HOOK	            1
#define configUSE_TICK_HOOK	            0
#define configCPU_CLOCK_HZ	            ( ( unsigned long ) 6000000 )
#define configTICK_RATE_HZ              ( ( portTickType ) 1000 )
#define configMINIMAL_STACK_SIZE        ( ( unsigned short ) 128 )
#define configTOTAL_HEAP_SIZE           ( ( size_t ) ( 10000 ) )
#define configMAX_TASK_NAME_LEN         ( 10 )
#define configUSE_TRACE_FACILITY        0
#define configUSE_16_BIT_TICKS          0
#define configIDLE_SHOULD_YIELD         0
#define configUSE_CO_ROUTINES           0
#define configUSE_TIMERS                0
#define configTIMER_TASK_PRIORITY       1
#define configTIMER_QUEUE_LENGTH        20
#define configTIMER_TASK_STACK_DEPTH    80
#define configMAX_PRIORITIES		    ( ( unsigned portBASE_TYPE ) 5 )
#define configMAX_CO_ROUTINE_PRIORITIES ( 2 )
/* Set the following definitions to 1 to include the API function, or zero
to exclude the API function. */
#define INCLUDE_vTaskPrioritySet		0
#define INCLUDE_uxTaskPriorityGet		0
#define INCLUDE_vTaskDelete				0
#define INCLUDE_vTaskSuspend			0
#define INCLUDE_vTaskDelayUntil			1
#define INCLUDE_vTaskDelay				1
/* !!!! configMAX_SYSCALL_INTERRUPT_PRIORITY must not be set to zero !!!!
See http://www.FreeRTOS.org/RTOS-Cortex-M3-M4.html. */
#define configMAX_SYSCALL_INTERRUPT_PRIORITY 	191 /* equivalent to 0xa0, or priority 5. */

rtel wrote on Friday, January 25, 2013:

Does the analog interrupt use a FreeRTOS API call, and if so, what is the interrupt’s priority?


jorsborn wrote on Friday, January 25, 2013:

No, it simply increments a counter and clears the interrupt. There are no FreeRTOS API calls involved. I ran a test where I poll the interrupt bit (raw status) instead of enabling the interrupt. That would eliminate the problem if it was truly the interrupt…. yet the fault still persists. However, there is still a link between interrupt source present and the fault occurring….

dumarjo wrote on Friday, January 25, 2013:

When you look the PC, you check the real PC or the one stacked on the stack ?


jorsborn wrote on Friday, January 25, 2013:

I think I am analyzing this correctly but let me tell you what I am doing…

First, I grab the PSP and head over to that location in memory. I subtract 5 from that to get the LR and then subtract 6 from that to get the PC. I’ve been ignoring all other register values on the stack because they don’t seem useful to me in this situation. Sound right?

dumarjo wrote on Friday, January 25, 2013:


i’ dont’ remember where exactly is the PC, but I have use this handler very well. here the code That I used.

// Use the 'naked' attribute so that C stacking is not used.
void HardFault_Handler(void){
         * Get the appropriate stack pointer, depending on our mode,
         * and use it as the parameter to the C handler. This function
         * will never return
        __asm(  "MOVS   R0, #4  \n"
                        "MOV    R1, LR  \n"
                        "TST    R0, R1  \n"
                        "BEQ    _MSP    \n"
                        "MRS    R0, PSP \n"
                        "B      HardFault_HandlerC      \n"
                "_MSP:  \n"
                        "MRS    R0, MSP \n"
                        "B      HardFault_HandlerC      \n") ;
 * HardFaultHandler_C:
 * This is called from the HardFault_HandlerAsm with a pointer the Fault stack
 * as the parameter. We can then read the values from the stack and place them
 * into local variables for ease of reading.
 * We then read the various Fault Status and Address Registers to help decode
 * cause of the fault.
 * The function ends with a BKPT instruction to force control back into the debugger
void HardFault_HandlerC(unsigned long *hardfault_args){
		volatile unsigned long stacked_r0 ;
        volatile unsigned long stacked_r1 ;
        volatile unsigned long stacked_r2 ;
        volatile unsigned long stacked_r3 ;
        volatile unsigned long stacked_r12 ;
        volatile unsigned long stacked_lr ;
        volatile unsigned long stacked_pc ;
        volatile unsigned long stacked_psr ;
        volatile unsigned long _CFSR ;
        volatile unsigned long _HFSR ;
        volatile unsigned long _DFSR ;
        volatile unsigned long _AFSR ;
        volatile unsigned long _BFAR ;
        volatile unsigned long _MMAR ;
        stacked_r0 = ((unsigned long)hardfault_args[0]) ;
        stacked_r1 = ((unsigned long)hardfault_args[1]) ;
        stacked_r2 = ((unsigned long)hardfault_args[2]) ;
        stacked_r3 = ((unsigned long)hardfault_args[3]) ;
        stacked_r12 = ((unsigned long)hardfault_args[4]) ;
        stacked_lr = ((unsigned long)hardfault_args[5]) ;
        stacked_pc = ((unsigned long)hardfault_args[6]) ;
        stacked_psr = ((unsigned long)hardfault_args[7]) ;
        // Configurable Fault Status Register
        // Consists of MMSR, BFSR and UFSR
        _CFSR = (*((volatile unsigned long *)(0xE000ED28))) ;
        // Hard Fault Status Register
        _HFSR = (*((volatile unsigned long *)(0xE000ED2C))) ;
        // Debug Fault Status Register
        _DFSR = (*((volatile unsigned long *)(0xE000ED30))) ;
        // Auxiliary Fault Status Register
        _AFSR = (*((volatile unsigned long *)(0xE000ED3C))) ;
        // Read the Fault Address Registers. These may not contain valid values.
        // Check BFARVALID/MMARVALID to see if they are valid values
        // MemManage Fault Address Register
        _MMAR = (*((volatile unsigned long *)(0xE000ED34))) ;
        // Bus Fault Address Register
        _BFAR = (*((volatile unsigned long *)(0xE000ED38))) ;
	        __asm("BKPT #0\n") ; // Break into the debugger
        //To see where the faulty source is do this in gdb
        //list *stacked_pc

Hope this can help you !


edwards3 wrote on Friday, January 25, 2013:

There is also some code here http://www.freertos.org/Debugging-Hard-Faults-On-Cortex-M-Microcontrollers.html maybe it is the same as yours.