Compiler/TM4C123GH6PM: Calling a pointer to function initialized with integer value

Sahar Elnagar

Prodigy 130 points

Part Number: TM4C123GH6PM

Tool/software: TI C/C++ Compiler

I need to understand what exactly happens why the following code gives a hardfault

int main()

{

void (*FP)() = 0x4;

FP();

while(1)

{

}

over 5 years ago

0 Bob Crosby over 5 years ago

TI__Guru 72500 points

The code you wrote generates a branch to address 0x4. The value at address 0x4 is not an instruction, rather it is an address. You probably generated an illegal instruction fault.

0 Sahar Elnagar over 5 years ago in reply to Bob Crosby

Prodigy 130 points

I think the address of the Reset_ Handler is saved there. so what is the difference between me calling it and the processor calling it ?

0 Keith Barkley over 5 years ago in reply to Sahar Elnagar

Guru 42195 points

AFAIU, you tried jumped to address 4 and executed what you found there. You need another level of indirection. You need to set a pointer to 4 and then use another pointer to store that.

something like:

void *ptr = 4;

void (*FP)() = *ptr; // load FP with the address that 4 points to.

0 Bob Crosby over 5 years ago in reply to Sahar Elnagar

TI__Guru 72500 points

You are correct, it is the address of the reset handler, it is not the reset handler itself. What happens on a CPU reset (among other things) is that the value stored at address 0x4 is placed in the program counter. The code you wrote puts 0x4 in the program counter. On reset the CPU is doing the equivalent of an indirect branch. Your code is trying to do a direct branch. Try:

    (*((void (*)(void))(*(uint32_t *)0x4)))();

0 Chester Gillon over 5 years ago in reply to Sahar Elnagar

Guru 92251 points

EDIT: Ignore the following. Keith was correct.

Sahar Elnagar said:
I think the address of the Reset_ Handler is saved there. so what is the difference between me calling it and the processor calling it ?

See https://e2e.ti.com/support/tools/ccs/f/81/p/584084/2144820#2144820

As a result try changing to call the Reset_Handler in THUMB mode by setting the least significant bit of the address:

void (*FP)() = 0x5;

0 Keith Barkley over 5 years ago in reply to Chester Gillon

Guru 42195 points

Another way to think of it is that what is stored at address 4 is a vector to the reset routine, not the code of the reset routine itself.

0 Keith Barkley over 5 years ago in reply to Keith Barkley

Guru 42195 points

While ruminating on this last night, I came up with another solution.

This might not work - but I wish it does - , so be warned. It is also worthy of an obfuscated C contest.

void (*FP)() = NULL[5];

0 Chester Gillon over 5 years ago in reply to Keith Barkley

Guru 92251 points

Keith Barkley said:
This might not work - but I wish it does - , so be warned.

Interesting idea, but the compilers don't like it.

arm-none-eabi-gcc-7.3.1 reports:

../main.c:5:24: warning: dereferencing 'void *' pointer
     void (*FP)() = NULL[5];
                        ^
../main.c:5:20: error: void value not ignored as it ought to be
     void (*FP)() = NULL[5];
                    ^~~~

And ti-cgt-arm_20.2.1.LTS reports:

"../main.c", line 5: error #143: expression must have pointer-to-object type
      void (*FP)() = NULL[5];
                          ^

0 Keith Barkley over 5 years ago in reply to Chester Gillon

Guru 42195 points

Darn. Though one is just a warning.

Strangely, one of the few confusions we get on these boards is over the NULL pointer, it is just not used much.

Code Composer Studio™︎

Code Composer Studio forum

Compiler/TM4C123GH6PM: Calling a pointer to function initialized with integer value