找到这个文件下面的lst文件
根据pc指针找到当前运行的地方,在zephyr.lst文件中可以定位到pc地址
MMFA:MemManage Fault Address Register
BFAR: bus fault address register
HFSR; hardfault status register
CFSR:configurable fault status register
ICSR:interrupt control and state register
下面以zephyr为例举例说明:
测试代码:
bool is_key_down = false;//该变量在按键中断里面触发,当按键按下,该位被置位为true
int main(void)
{
for(;;)
{
if(is_key_down){
uint8_t *hardfault_data = NULL;
*hardfault_data = 7;//对空指针进行赋值会导致死机
}
}
}
死机分析:
debug过程中代码会停在fault.S的汇编代码这个地方:
SECTION_SUBSEC_FUNC(TEXT,__fault,z_arm_exc_spurious)
mrs r0, MSP
mrs r1, PSP
push {r0, lr}
#if defined(CONFIG_EXTRA_EXCEPTION_INFO)
/* Build _callee_saved_t. To match the struct
* definition we push the psp & then r11-r4
*/
push { r1, r2 }
#if defined(CONFIG_ARMV6_M_ARMV8_M_BASELINE)
mov r3, r11
mov r2, r10
push {r2, r3}
mov r3, r9
mov r2, r8
push {r2, r3}
push {r4-r7}
#elif defined(CONFIG_ARMV7_M_ARMV8_M_MAINLINE)
push {r4-r11}
#endif
mov r3, sp /* pointer to _callee_saved_t */
#endif /* CONFIG_EXTRA_EXCEPTION_INFO */
mov r2, lr /* EXC_RETURN */
bl z_arm_fault //这个函数是c语言写的,主要功能是打印16个内核寄存器信息,以及复位
#if defined(CONFIG_EXTRA_EXCEPTION_INFO)
/* We do not need to restore any register state here
* because we did not use any callee-saved registers
* in this routine. Therefore, we can just reset
* the MSP to its value prior to entering the function
*/
add sp, #40
#endif
pop {r0, pc}
.end
z_arm_fault()函数在fault.c中
void z_arm_fault(uint32_t msp, uint32_t psp, uint32_t exc_return,
_callee_saved_t *callee_regs)
{
uint32_t reason = K_ERR_CPU_EXCEPTION;
int fault = SCB->ICSR & SCB_ICSR_VECTACTIVE_Msk;
bool recoverable, nested_exc;
z_arch_esf_t *esf;
/* Create a stack-ed copy of the ESF to be used during
* the fault handling process.
*/
z_arch_esf_t esf_copy;
/* Force unlock interrupts */
arch_irq_unlock(0);
/* Retrieve the Exception Stack Frame (ESF) to be supplied
* as argument to the remainder of the fault handling process.
*/
esf = get_esf(msp, psp, exc_return, &nested_exc);
__ASSERT(esf != NULL,
"ESF could not be retrieved successfully. Shall never occur.");
esf_cp_for_info(esf, fault);
#ifdef CONFIG_DEBUG_COREDUMP
z_arm_coredump_fault_sp = POINTER_TO_UINT(esf);
#endif
reason = fault_handle(esf, fault, &recoverable);
if (recoverable) {
return;
}
/* Copy ESF */
#if !defined(CONFIG_EXTRA_EXCEPTION_INFO)
memcpy(&esf_copy, esf, sizeof(z_arch_esf_t));
ARG_UNUSED(callee_regs);
#else
/* the extra exception info is not present in the original esf
* so we only copy the fields before those.
*/
memcpy(&esf_copy, esf, offsetof(z_arch_esf_t, extra_info));
esf_copy.extra_info = (struct __extra_esf_info) {
.callee = callee_regs,
.exc_return = exc_return,
.msp = msp
};
#endif /* CONFIG_EXTRA_EXCEPTION_INFO */
/* Overwrite stacked IPSR to mark a nested exception,
* or a return to Thread mode. Note that this may be
* required, if the retrieved ESF contents are invalid
* due to, for instance, a stacking error.
*/
//LOG_INF("-->nested_exc:0x%x\r\n\r\n",nested_exc);
if (nested_exc) {
if ((esf_copy.basic.xpsr & IPSR_ISR_Msk) == 0) {
esf_copy.basic.xpsr |= IPSR_ISR_Msk;
}
} else {
esf_copy.basic.xpsr &= ~(IPSR_ISR_Msk);
}
//while(1);当你想在debug模式下看层级调用关系,而不是要代码自动复位,把while(1)加上就行了
z_arm_fatal_error(reason, &esf_copy);
}
z_arm_fatal_error(reason, &esf_copy);这个函数就是就是读取内核的16个寄存器信息
void z_arm_fatal_error(unsigned int reason, const z_arch_esf_t *esf)
{
if (esf != NULL) {
esf_dump(esf);
}
z_fatal_error(reason, esf);
}
static void esf_dump(const z_arch_esf_t *esf)
{
LOG_ERR("r0/a1: 0x%08x r1/a2: 0x%08x r2/a3: 0x%08x",
esf->basic.a1, esf->basic.a2, esf->basic.a3);
LOG_ERR("r3/a4: 0x%08x r12/ip: 0x%08x r14/lr: 0x%08x",
esf->basic.a4, esf->basic.ip, esf->basic.lr);
LOG_ERR(" xpsr: 0x%08x", esf->basic.xpsr);
#if defined(CONFIG_FPU) && defined(CONFIG_FPU_SHARING)
for (int i = 0; i < 16; i += 4) {
LOG_ERR("s[%2d]: 0x%08x s[%2d]: 0x%08x"
" s[%2d]: 0x%08x s[%2d]: 0x%08x",
i, (uint32_t)esf->s[i],
i + 1, (uint32_t)esf->s[i + 1],
i + 2, (uint32_t)esf->s[i + 2],
i + 3, (uint32_t)esf->s[i + 3]);
}
LOG_ERR("fpscr: 0x%08x", esf->fpscr);
#endif
#if defined(CONFIG_EXTRA_EXCEPTION_INFO)
const struct _callee_saved *callee = esf->extra_info.callee;
if (callee != NULL) {
LOG_ERR("r4/v1: 0x%08x r5/v2: 0x%08x r6/v3: 0x%08x",
callee->v1, callee->v2, callee->v3);
LOG_ERR("r7/v4: 0x%08x r8/v5: 0x%08x r9/v6: 0x%08x",
callee->v4, callee->v5, callee->v6);
LOG_ERR("r10/v7: 0x%08x r11/v8: 0x%08x psp: 0x%08x",
callee->v7, callee->v8, callee->psp);
}
#endif /* CONFIG_EXTRA_EXCEPTION_INFO */
LOG_ERR("Faulting instruction address (r15/pc): 0x%08x",
esf->basic.pc);
}
参考手册:STM32 Cortex®-M33 MCUs programming manual