data abort

Hi Eric,

  In CCS, under the Registers->Cp15 you will find CP15_DATA_FAULT_ADDRESS and CP15_DATA_FAULT_STATUS registers. These registers will tell you the offending instruction. In the ARM TRM you will also find details on the DFSR (Data Fault Status Register) and DFAR (Data Fault Address Register). 

HI Eric,
If your question answered, can you please click the 'Verify Answer' button to close the thread? Thanks.

hi,

I do as you suggested. could you take a look at the process I did.

I just pause the debug and reset and restart, then the chip get in data abort.

you can see the CP15 register as the following,

then I find the offending instruction is at 0x00000660(FAR), it is a cmp instruction,

then from the FSR i can see the FAR is valid and the cause(sources) is Permission. maybe related to the MPU?

the project I used is a demo from SafeRTOS, why the permission is broken when I pause, reset, and start?

the offending instruction location is always the same.

is it possible to infer the instruction location from the stack? because I think the PC is stored into the stack before get into the data abort execption or after? the SP register is said to be banked for abort exception, I don't know how to find the system (user)'s SP register(R13) 

hi,

this is the dump file of the registers including the CP15.

the other registers is not available while I selected to save.

and I also attach the memory content at the SP of user.

7028.dump0.txt

hi,
i am sorry but i forget to tell you that the mcu I used is RM48L952

Hi Eric,
Which reset did you use? Did you use the CPU reset or the System Reset? You should use System Reset.

Hi Charles,
you are right, I use System Reset and the data abort exception didn't happen.
any difference between CPU reset and System Reset?

I still want to know the answer to the following question. (if a exception did happen)

is it possible to infer the instruction location from the stack? because I think the PC is stored into the stack before get into the data abort execption or after? the SP register is said to be banked for abort exception, I don't know how to find the system (user)'s SP register(R13)

this is an example I test
#if 1 /* test data abort */
unsigned int * pInt = (unsigned int*)0xC0000000; // a invalid address space
*pInt = 0x55;
printf("test\r\n");
#endif

the data abort is get in while the line *pInt = 0x55; is executed. the FAR is 0xC0000000;
why the FAR is 0xC0000000, isn't it supported to be the address of the offending instruction?

Hello Eric,

  In CCS the CPU reset is not really a reset to the CPU. The debugger simply forces the CPU's PC to 0x0. The processor's state is unaltered. When you use the System Reset it is a true warm reset which resets the entire device.

  You need to use the disassembly to see the assembly instructions to clearly understand how *pin=0x55 is disassembled; The high level C instruction will ultimately be disassembled to something like STR Rx, [Ry] where Rx contains 0x55 and Ry contains 0xC0000000. So this assembly instruction is telling the CPU to write 0x55 to location 0xC0000000. The instruction itself STR Rx, [Ry] is a valid instruction, Let's say this instruction is located in the flash at address 0x00001234. There is nothing wrong when fetching this instruction from location 0x00001234 which is located in the flash memory. It is when this instruction is executed it causes to the CPU to carry out a data write operation to address location 0xC0000000 which is detected by the external memory system as a invalid address. The module that actually detects this illegal address is the interconnect module (think of it as a address decoder and data router). When the interconnects detects an illegal address it replies a bus error back to the CPU. The bus error will cause the CPU to take a data abort exception.  

Hi Charles,

I am clear about the difference between CPU reset and System Reset. I think the reason why my program got in the data abort is when I pause the execution (processor mode is User and MPU is also set) and do CPU reset and continue running. the CPU restart from PC=0x0 but the processor's mode and the MPU is kept, so it will cause data abort(MPU violation). while the System Reset will change the mode and MPU into the default state.

About the exception debug I have several related questions: (according to the figure)

1. address: 00005c10 (in the disassembly window)

    ldr    r0,  [pc, #4]    // this instruction load 0x5555AAAA into r0 by addressing the memory related to PC

    my question is why pc need to be added 4?

    can I infer from it that the RM48L952 is running with a 3-stage-pipeline? (then the pc=pc+8, and +4 is reasonable to me)

2. address: 00005c00 (in the disassembly window)

    the stack is grow down, right?

    why sub 8 from sp, not 4? (from my perspective, the space reserved on the stack is used to store the pUInt pointer and it is 4 bytes) , maybe         consider the alignment?

3. can I confirm that the FAR in the CP15 stores the address of accessing the memory while violation occur, not the address of the offending instruction.

4. how to find the address of the offending instruction when an exception occurs?

    could you give me some detail information?

1. The LDR r0, [pc, #4] is at location 0x5c10. The CPU architecture is pipelined so the PC is already at 0x5c18. The literal value 0x5555AAAA is at location 0x5c1c. Therefore, you need to add PC which is 0x5c18 with 4 to get 0x5c1c.

2. You might already have something else pushed to stack at sp and sp-4 the compiler determines that pc-8 is the next free spot to push the stack. yes, the stack is growing down for CortexR4 architecture.

3. Yes, the DFAR will store the offending memory access.

4. Let's say the LDR r0, [pc, #4] itself has a double bit error ECC violation then the CPU will take a prefetch abort exception and you can find the address and status in the instruction fault address register (IFAR) and instruction fault status register (IFSR). 

Hi,

1. can you confirm that the PC is equal to PC+8 (the second PC means the address of the instruction which is executing) for the cortex-R4 architecture.

2. I don't think so. when enter the main() (by BL  instruction) the SP is updated. after getting in the main, SUB sp, sp, #8, this instruction is used to reserve            space for local variables, from my perspective. but is seems that 4 bytes is enough for the pointer variable pUInt, right?

3. ok I got it.

4. I find the following information (see the picture), does it mean I can calculate the IA from the LR?

Hi Charles,

1. Can you confirm that the PC is equal to PC + 8 (the second PC means the location of the instruction which is executing) on the RM48L952 CPU architecture.

2. I don't think so because when getting in main() the SP is updated (maybe updated by the BL instruction automatically, right?), the SUB sp, sp, #8 is only to reserve space for the local variable. but it seems there is only one local vairable i.e. the pointer pUInt, so in my opinion, the sp should be substracted 4, right?

3. OK, I got it.

4. I find some information about the execption as the following picture. can I say I can calculate the IA of offending instruction from the LR?

Hi Charles,

1. Can you confirm that the PC is equal to PC + 8 (the second PC means the location of the instruction which is executing) on the RM48L952 CPU architecture.

2. I don't think so because when getting in main() the SP is updated (maybe updated by the BL instruction automatically, right?), the SUB sp, sp, #8 is only to reserve space for the local variable. but it seems there is only one local vairable i.e. the pointer pUInt, so in my opinion, the sp should be substracted 4, right?

3. OK, I got it.

4. I find some information about the execption as the following picture. can I say I can calculate the IA of offending instruction from the LR?

Hi Charles,

1. Can you confirm that the PC is equal to PC + 8 (the second PC means the location of the instruction which is executing) on the RM48L952 CPU architecture.

2. I don't think so because when getting in main() the SP is updated (maybe updated by the BL instruction automatically, right?), the SUB sp, sp, #8 is only to reserve space for the local variable. but it seems there is only one local vairable i.e. the pointer pUInt, so in my opinion, the sp should be substracted 4, right?

3. OK, I got it.

4. I find some information about the execption as the following picture. can I say I can calculate the IA of offending instruction from the LR?

Hi Charles,

1. Can you confirm that the PC is equal to PC + 8 (the second PC means the location of the instruction which is executing) on the RM48L952 CPU architecture.

2. I don't think so because when getting in main() the SP is updated (maybe updated by the BL instruction automatically, right?), the SUB sp, sp, #8 is only to reserve space for the local variable. but it seems there is only one local vairable i.e. the pointer pUInt, so in my opinion, the sp should be substracted 4, right?

3. OK, I got it.

4. I find some information about the execption as the following picture. can I say I can calculate the IA of offending instruction from the LR?

Hi Charles,

1. Can you confirm that the PC is equal to PC + 8 (the second PC means the location of the instruction which is executing) on the RM48L952 CPU architecture.

2. I don't think so because when getting in main() the SP is updated (maybe updated by the BL instruction automatically, right?), the SUB sp, sp, #8 is only to reserve space for the local variable. but it seems there is only one local vairable i.e. the pointer pUInt, so in my opinion, the sp should be substracted 4, right?

3. OK, I got it.

4. I find some information about the execption as the following picture. can I say I can calculate the IA of offending instruction from the LR?