While the hard fault handler prints the offending program counter, it
does not print information about the context triggering the hard fault.
This commit adds a line printing the thread ID and name that triggered
the hard fault. If the hard fault is triggered during an ISR, it only
prints that the hard fault happened during ISR context, not which ISR
triggered it.
In most places, picolibc and newlib are the same, so use
the existing newlib code when compiling with picolibc.
Signed-off-by: Keith Packard <keithp@keithp.com>
Allocate and initialize a thread-local block for each thread at the
top of the stack.
Set the tls base when switching to a new thread.
Add tdata/tbss linker instructions to cortex_m and risc-v scripts.
Signed-off-by: Keith Packard <keithp@keithp.com>
---
v2:
Squash fixes
v3:
Replace tabs with spaces
v4:
Add tbss to fe310 linker script
Support for picolibc as alternative libc implementation is added with
this commit. For now only cortex-m CPU's are supported.
Enable via PICOLIBC=1
---
v2:
squash fixes in
v3:
Remove picolibc integer printf/scanf stuff from sys/Makefile.include,
it gets set in makefiles/libc/picolibc.mk
fixup for dependency
The PendSV interrupt is used to request a scheduling operation. An
interrupt during the idle sleep can re-request the PendSV interrupt,
while the PendSV is still busy scheduling the next thread. This clears
the request after sleep to prevent triggering an extra PendSV interrupt
after the current PendSV handler finished.
Not all MCUs ≥ Cortex-M3 provide the Bit-Banding feature.
It is up to the manufacturer to implement it.
Instead, rely on the CPU_HAS_BITBAND being set in `periph_cpu.h`.
A race condition is present where an IRQ is serviced between the
priority increase of the PENDSV and the sleep. When the IRQ
is serviced before the WFI sleep, the core will sleep until the next
IRQ and the thread activated by the IRQ will not be scheduled until
a new IRQ triggers.
This commit wraps an IRQ disable and restore around the priority
modification and sleep to prevent interrupts from being serviced until
the WFI call returns.
- Add libstdcpp feature to indicate a platform is providing a libstdc++
implementation ready for use
- The existing cpp feature now only indicates a working C++ toolchain without
libstdc++. (E.g. still useful for the Arduino compatibility layer.)
- Added libstdcpp as required feature were needed
- Added some documentation on C++ on RIOT
The `ldr r1, =sched_active_thread` instruction couldn't be assembled with
LTO, as the no immediate offset could be found to construct the address of
`sched_active_thread`. This commit instructs the assembler to generate a
literate pool which can be used to construct the address. While this issue
was only triggered during LTO, it theoretically could also pop up without LTO
due to unrelated changes. Thus, it is a good idea to create the literate pool
even without LTO enabled.
- Use `irq_enable()` over `bl irq_enable`, as `irq_enable()` is an inline
function and not a C function any more
- Drop `__attribute__((naked))` qualifier
- It must be used with the declaration of the function, but there it is
missing. (And it cannot be added there, as this function would need to
be implemented as "naked" by every platform; which is impossible for
platforms not supporting `__attribute__((naked))`.)
- Only functions consisting completely of basic asm may be marked as naked.
But both the assembly used to trigger the SVC interrupt as well as the
assembly used in `irq_enable()` are extended asm, not basic asm
- Use ` UNREACHABLE();` over a custom asm construct
All bits in the ICSR register in the cortexm system control block are
either read-only or don't have an effect when writing a zero. A
read-modify-write cycle is thus not required when writing bit flags in
the register. This commit removes the reads in the read-modify-store
patterns for this register.
__set_PRIMASK(state) had been directly inlined to avoid a hardfault that
occured when branching after waking up from sleep with DBG_STANDBY,
DBG_STOP or DBG_SLEEP set in DBG_CR.
The hardfault occured when returning from the branch to irq_restore,
since the function is now inlined the branch does not happen either.
Refer to #14015 for more details.
irq_% are not inlined by the compiler which leads to it branching
to a function that actually implement a single machine instruction.
Inlining these functions makes the call more efficient as well as
saving some bytes in ROM.
The ARM CortexM vector table has some reserved fields which are used by
some manufacturers to store their custom image information. In
particular, NXP QN908X stores the checksum, Code Read Protection, image
type and boot block pointer in this region.
This patch allows the cpu and board modules to define the value of these
fields at build time by defining a macro.
This commit enables Cortex-M CPU interrupt sub-priorities
and allows the PendSV interrupt to have a priority different
from the default one. Together these two preprocessor
defines can be used to have PendSV always run as the last interrupt
before returning from the interrupt stack back to the user space.
Running PendSV as the last interrupt before returning to the
user space is recommended by ARM, as it increases efficiency.
Furthermore, that change enhances stability a lot with the
new nRF52 SoftDevice support, currently being worked in
PR #9473.
This commit merely enables sub-priorities and a separate
PendSV priority to be used without changing the default
RIOT behaviour.
This adds cortexm_fpu to the DEFAULT_MODULE list when the feature
cortexm_fpu is provided by the architecture. It also moves the
dependency resolution of this module to the architecture-specific
Makefile.dep file.
This moves the following modules to a architecture-specific Makefile.dep
file:
- cortexm_common
- cortexm_common_periph
- newlib
- newlib_nano
- periph
From the ARMv7-M ARM section B3.5.3:
Where there is an overlap between two regions, the register with
the highest region number takes priority.
We want to make sure the mpu_noexec_ram region has the lowest
priority to allow the mpu_stack_guard region to overwrite the first N
bytes of it.
This change fixes using mpu_noexec_ram and mpu_stack_guard together.
Many MCUs contain some Backup or Low Power SRAM that is retained'even
in the deepest sleep modes.
In such sleep modes the MCU is essentually turned off with only the RTC
still running.
It can be woken by a GPIO or a RTC alarm. When this happens, a reset is
triggered and the normal startup routine is invoked.
This adds bss & data section for this memory in the linker script.
This allows for structures to be placed in it e.g.:
e.g.:
static uint8_t persistent_buffer[64] __attribute__((section(".backup.bss")));
static uint32_t persistent_counter __attribute__((section(".backup.data"))) = 1234;
- The __NOP() that was added in #8518 is now remooved.
- When DBG_STANDBY, DBG_STOP or DBG_SLEEP are set in DBG_CR a hardfault
occurs on wakeup from sleep. This was first diagnosed in #8518. When
enabled, a hardfault occured when returning from a branch to irq_restore()
we avoid the call by inlining the function call. See #11830 for more
details.
- Since the Vector table must be naturally aligned to the next power
of two of the amount of supported ISR, and the table will be
placed after riotboot_hdr, we must ensure RIOTBOOT_HRD_LEN has the
same alignment.
If the .noinit section starts at the beginning of the RAM,
a bootloader that is unaware of it will clear it.
Instead, move it behind the .bss section, hoping that a bootloader
will always use less .bss memory than RIOT proper.
Make it possible to specify a section of RAM that is not touched by
the init routing so data can be kept across resets.
This should behave the same as on atmega & lpc2387.
gcc9 started realizing that _sram is basically an uint8_t[1] and thus
HARDFAULT_HANDLER_REQUIRED_STACK_SPACE cannot be added to it without
exceeding the one-sized array.
This commit casts _sram to (uintptr_t) where that happens.
A second slot is defined with a calculated size, from the
remaining flash after the bootloader and the first slot.
Both slots are defined as equal size, but it can be overriden.
RIOTBOOT_SLOT_LEN is calculated as an hexadecimal value and
handles ROM_LEN defined as kilobytes like '512K'
This enables support for all the cortex-m0+/3/4/7 arch,
so most boards embedding these are potentially supported.
One needs just to ensure that the CPU can be initialised
at least twice.
Co-authored-by: Gaëtan Harter <gaetan.harter@fu-berlin.de>
This new function allows to jump to another execution
environment (VTOR) located at a certain (aligned) address.
It's used to boot firmwares at another location than
`CPU_FLASH_BASE`.
The user needs to ensure that the CPU using this feature
is able to be initialised at least twice while jumping
to the RIOT `reset_handler_default` function, since it
initialises the CPU again (calls cpu_init()).
Co-authored-by: Kaspar Schleiser <kaspar@schleiser.de>
Refactor cortexm_init to allow bits and pieces of
it to be called separately, while retaining the
current API, too. Needed for non-standard
Cortex-M initialisation, such as with nRF52
SoftDevice.
Allow defining a specific rom length to use for linking the firmware,
_fw_rom_length, instead of the default configuration to use the whole rom from
_rom_offset to the end.
* Add cortexm_common/Makefile.include FW_ROM_SIZE configuration
* Add an assertion that _fw_rom_length still respects _rom_length
Define _rom_offset with a conditional evaluated at execution time to allow
setting it in compilation rules and generate in the same make instance different
elf files with different configurations.
Before this change, if one tried to build a Cortex-M0+ target that had
an MPU, compilation would fail due to missing
'SCB_SHCSR_MEMFAULTENA_Msk' in SCB structure. Cortex-M0+ is a ARMv6-M
arch (unlike most other targets that have MPU support). ARMv6-M has more
limited support for fault conditions, see ARMv6-M Architecture Reference
Manual, D3.6.2.
The required space for the hardfault handler is defined by
HARDFAULT_HANDLER_REQUIRED_STACK_SPACE, which is given in bytes,
this length is added to &_sram to find a lower limit on the amount of
stack space that the hard fault handler can work with. The _sram
variable, was mistakenly defined as a uint32_t, which makes &_sram into
a uint32_t*, which through pointer addition, made the required space 4
times as big as it was supposed to. By changing the type of _sram to
uint8_t, the required stack space is correctly computed.
The symptom was that the hardfault handler always reported that the
stack pointer had been corrupted and it was impossible to get any useful
information from the crash text.
Instead of using `weak` function definitions, this PR handles
default implementations using `PROVIDES_x` defines, allowing
for cpus/pm realted modules to use their own implementations.
