FreeRTOS stack overflow detection and prevention method

nilesh291 wrote on Friday, November 01, 2019:

Hi,

I’m using STM32F412 module with freeRTOS (CMSIS_V2) middleware in STCube IDE.

Is freeRTOS supporting below functionality as a stack overflow feature?

  1. Detect corruption of a function return address before the function returns to that address. I.e., the corrupted return address will not be used and appropriate remediation action will be performed instead, such as rebooting the product into a good known state.
  2. Detect corruption of other variables in the stack frame, again before the function completes.
  3. Be present in functions that have one or more arrays declared in the functions stack frame (this includes third party library code within the same runtime environment as the application code).

If freeRTOS supporting all above points, please describe in detail how it supporting this.

richard_damon wrote on Friday, November 01, 2019:

FreeRTOS does NOT have a preemptive stack overflow detection, it only provides some reactive measures.

I know of 2 types of stack checks in FreeRTOS (both are optional). One is every time a task is switched out, the stack can be checked to see if an overflow has occured. This check is at that point in time the stack pointer has moved beyond that provided stack, or it can check that a fill pattern is still present in the stack. This can only check for issues after they have inflected their damage, and are not 100% effective, as the program can still have corrupted memory beyond the stack frame.

The second test is that the program can manually check how much space is left a tasks stack to detect tasks that are running low on stack space.

There also is, only on processors with a Memory Protection Unit (or Memory Management Unit) the ability to make a task restricted, so it can only write to limited chuncks of memory, but this doesn’t check for some of the issues you are asking for, like checking if a program has corrupted its stack by overwriting parts of it.

The sort of protection you are asking about is really hard to get in general, It really requires support in the language to prevent, which C does not provide.

rtel wrote on Friday, November 01, 2019:

Richard D is correct in that what you are asking for is not really stack
overflow detection, but general memory corruption detection, and would
not be a feature of the RTOS but a feature of the processor or other
supervisory hardware - such things exist but it is far from mainstream
and not something you will find on an STM32.

The best stack overflow detection FreeRTOS can provide is in the MPU
(memory protected) port where the stack is placed into a memory
protection region and you will get a memory fault BEFORE the stack
overflows, other methods provided by FreeRTOS will only find an overflow
AFTER it has occurred - as like the first paragraph above, this can’t be
done without hardware assistance (I suppose a special compiler could be
used, Visual Studio does some of this kind of thing, but only at the
cost of a severe run time overhead and low confidence level as if the
software is corrupt you cannot rely on the software to find the corruption).

nilesh291 wrote on Monday, November 04, 2019:

Thanks for a quick response.