• State TI Thinks Resolved
  • Locked Locked
  • Replies 15 replies
  • Answers 2 answers
  • Subscribers 51 subscribers
  • Views 759 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CC2340R5: System Stack Overflow

Ryan Li
Intellectual 490 points
Part Number: CC2340R5
Other Parts Discussed in Thread: SYSCONFIG

Tool/software:



I found that running CC2340 for a long time may cause a crash. I turned on the Debug mode to observe and found System Stack Overflow but CC2340 was still running normally. Is it normal that CC2340 will not immediately enter functions such as faultISR if System Stack Overflow occurs? Or how to make CC2340 enter faultISR whenever System Stack Overflow occurs? I tried adjusting the System Stack Size to 1200, the default is 800, and then used ROV to observe the same. I found that when I tried to connect, the Stack Peak was about 804, and when I used Notify, the Stack Peak reached 936.

  • 0
    TI__Guru** 101490 points

    Hi, 

    Thank you for reaching out. 

    It sounds like you have found the way to solve your issue - i.e. increase the stack size. Well done. 

    To your question - Is it normal that CC2340 will not immediately enter functions such as faultISR if System Stack Overflow occurs? -  A stack overflow does not lead directly to a crash, as it depends where the system writes the data, and what got altered. In general, the system will crash the next time the data that got altered by the stack overflow will be used. In your case, the data seems to be written at the end of the heap, so the system may actually never crash. The issue should be fixed anyway - and the fix you have found is the proper one. 

    To your question - Or how to make CC2340 enter faultISR whenever System Stack Overflow occurs? - FreeRTOS offers some mechanisms for this purpose - see https://www.freertos.org/Documentation/02-Kernel/02-Kernel-features/09-Memory-management/02-Stack-usage-and-stack-overflow-checking#stack-overflow-detection---method-1. In the TI projects, these options can be selected through SysConfig > FREERTOS > FreeRTOS > Stack Overflow Checking

    I hope this will help, 

    Best regards, 

  • 0 in reply to Clément
    Intellectual 490 points

    Hi Clément,
    First of all, thank you for your reply. I still have some questions that I want to understand clearly.

    1. When my System Stack does not have Stack Overflow, that is, there will be a piece of information composed of 0xA5 starting from 0x20008CE0 in the picture. Does this mean that I have not used the area where 0xA5 appears?

    2. When I make a Bluetooth connection and use Notify, I find that the addresses before 0x20008CE0, such as 0x20008C50 to 0x20008CDF, will change from the original 0x00 to written data. Does this mean that the System Stack overflow overflows? Is the data written forward?

    3. Following the first question, if System Stack is writing, I found that it will write from the bottom of the address first, so some bytes starting from 0x20008CE0 will appear as 0xA5 when they are not used. This understanding is correct. Yes, then when Stack does not need to use so much, will the data return to 0xA5 after release?

    4.What is the effect of the Validate at task switch in SysConfig > FREERTOS > FreeRTOS > Stack Overflow Checking? and What is the difference between this and the default 16-byte sentinel mode? Is there any relevant documentation I can refer to?

  • 0 in reply to Ryan Li
    TI__Guru** 101490 points

    Hi Ryan, 

    Ryan Li said:
    1. When my System Stack does not have Stack Overflow, that is, there will be a piece of information composed of 0xA5 starting from 0x20008CE0 in the picture. Does this mean that I have not used the area where 0xA5 appears?

    The "0xA5" values are usually canary meant to help the developers (and tools) to detect stack overflow. You can assume the the area filled with 0xA5 has not be touched - even if you cannot be 100% sure as if you are very unlucky you may have basically write 0xA5 to this area (in practice. I have never experienced this case). 

    Ryan Li said:
    2. When I make a Bluetooth connection and use Notify, I find that the addresses before 0x20008CE0, such as 0x20008C50 to 0x20008CDF, will change from the original 0x00 to written data. Does this mean that the System Stack overflow overflows? Is the data written forward?

    I am not sure. What you describe could indeed a stack overflow. This could also be simply some regular dynamic allocations. Are the tools reporting any issue or malfunctioning when experience this?
    If you increase the stack size, do you experience the same? (if yes, then I believe this is not a stack overflow) 

    Ryan Li said:
    3. Following the first question, if System Stack is writing, I found that it will write from the bottom of the address first, so some bytes starting from 0x20008CE0 will appear as 0xA5 when they are not used. This understanding is correct. Yes, then when Stack does not need to use so much, will the data return to 0xA5 after release?

    Overwriting the canary (0xA5) should be considered as a stack overflow - i.e. you should increase the stack to avoid this. 
    The canary is not reverted after being overwritten. This ensures a stack overflows can be detected even after pausing the program execution. 

    Ryan Li said:
    4.What is the effect of the Validate at task switch in SysConfig > FREERTOS > FreeRTOS > Stack Overflow Checking? and What is the difference between this and the default 16-byte sentinel mode? Is there any relevant documentation I can refer to?

    I'd recommend referring to FreeRTOS documentation - https://www.freertos.org/Documentation/02-Kernel/02-Kernel-features/09-Memory-management/02-Stack-usage-and-stack-overflow-checking#stack-overflow-detection---method-1 

    Best regards, 

  • 0 in reply to Clément
    Intellectual 490 points

    Hi Clément,
    Thank you for your reply. I have increased the system stack to 2048, but after a few days of testing, I found that CC2340 still crashes.I tested 50 CC2340s and 3 crashed in 10 days.

    1. I would like to ask if CC2340 can call the Bluetooth function to disconnect the connection when it is not connected. Or when CC2340 is connected and notifying, if the connection is suddenly disconnected or other interruptions occur, will it cause a crash?

    2.I am wondering if it is not recommended to call the function directly in the Bluetooth framework, even if it can run successfully in the case BLEAPPUTIL_ADV_START of app_peripheral.c in the example project, as shown in the attached picture, BLEAppUtil_invokeFunctionNoData is still required.

  • 0 in reply to Ryan Li
    TI__Guru** 101490 points

    Hi,

    May I kindly ask which SDK version you are using? Can you also specify which 

    Ryan Li said:
    1. I would like to ask if CC2340 can call the Bluetooth function to disconnect the connection when it is not connected. Or when CC2340 is connected and notifying, if the connection is suddenly disconnected or other interruptions occur, will it cause a crash?

    In the case of sudden disconnection, and assuming the Bluetooth connection status has not been properly updated, there might be a risk for the scenario you have described to lead to a crash. 
    In such case, enabling the watchdog (or triggering a reset in the error handler) should allow to recover the system with limited side effects (because the connection is already lost anyway). Let me know if you need more details.

    Ryan Li said:
    2.I am wondering if it is not recommended to call the function directly in the Bluetooth framework, even if it can run successfully in the case BLEAPPUTIL_ADV_START of app_peripheral.c in the example project, as shown in the attached picture, BLEAppUtil_invokeFunctionNoData is still required.

    With all due respect, I would not recommend the approach you have chosen. I would recommend leveraging the BLEAppUtil framework when enabling/disabling an advertisement set - i.e. the function BLEAppUtil_advStop(). 
    Also, as the BLEAPPUTIL_ADV_START event is passed in a task context, there is no need to use the BLEAppUtil_invokeFunctionNoData() function - you can directly call the function instead.
    In summary, I recommend basically calling BLEAppUtil_advStop(peripheralAdvHandle_1);

    I hope this will help,

    Best regards, 

  • 0 in reply to Clément
    Intellectual 490 points

    Hi Clément,
    Thanks for your answer, I will do more detailed testing.

    I have another question. During the test, I found that if I use UART2_write to transfer data while using Bluetooth Notify, CC2340 will crash within two hours. As shown in the attached picture, when I change UART2_writemode from The situation seems to improve when BLOCKING is changed to NONBLOCKING. I want to ask why?

  • 0 in reply to Ryan Li
    TI__Guru** 101490 points

    Hi Ryan, 

    On the "UART blocking" topic - Your observation is expected. Blocking calls impact the timing. The Bluetooth stack is extremely timing sensitive, so I would generally recommend to avoid such blocking calls. 

    Best regards,  

  • 0 in reply to Clément
    Intellectual 490 points

    Hi Clément,
    Sorry I overlooked an answer, I'm currently using version 7.40.00.64 of the SDK

    1.If UART2_readMode is callback, blocking callback will not be used. Am I right?


    2.But I added sem_wait() after UART2_read(). Will this affect Bluetooth?

  • 0 in reply to Ryan Li
    TI__Guru** 101490 points

    Hi Ryan, 

    Ryan Li said:
    I'm currently using version 7.40.00.64 of the SDK

    I would highly recommend migrating to the newest SDK (8.40 as of today) as several bugs have been addressed. 

    Ryan Li said:

    1.If UART2_readMode is callback, blocking callback will not be used. Am I right?


    2.But I added sem_wait() after UART2_read(). Will this affect Bluetooth?

    1. Correct!

    2. If the sem_wait() affects the execution of the task interfacing the Bluetooth task, then you should for sure review the impacts. For reference, adding a "sem_wait()" after UART2_read(), is technically really close as setting the UART in blocking mode so behavior may not change. 

    Best regards, 

  • 0 in reply to Clément
    Intellectual 490 points

    Hi Clément,

    1. I would like to ask, what bugs are fixed in the SDK version 8.40.00.61? Because I checked the latest news in the Release Note, it seems that there are only descriptions of fixing some bugs, but no more detailed fix information, so I can't Determine if it is related to the situation I am experiencing

    2. If I don't use sem_wait(), how can I wait for Rx to receive data?

  • 0 in reply to Ryan Li
    TI__Guru** 101490 points

    Hi, 

    Ryan Li said:
    1. I would like to ask, what bugs are fixed in the SDK version 8.40.00.61? Because I checked the latest news in the Release Note, it seems that there are only descriptions of fixing some bugs, but no more detailed fix information, so I can't Determine if it is related to the situation I am experiencing

    Please reference the BLEStack release notes for details. 
    You can also refer to the Comprehensive List of Fixed Issues - fixed issues in SDK 8.40 can be found in the TI BLE5-Stack Release Notes

    Ryan Li said:
    2. If I don't use sem_wait(), how can I wait for Rx to receive data?

    The data is passed in a callback. The solution is then to trigger the handling of the data - using BLEAppUtil_invokeFunction() or similar - from the callback itself. 

    I hope this will help,

    Best regards,

  • 0 in reply to Clément
    Intellectual 490 points

    Hi Clément,

    I seem to have found the reason why it is stuck in a loop. After testing today, I wrote a lot of data and enabled Notify after the Bluetooth connection, and then suddenly lost the connection, which caused GATTServApp_ProcessCharCfg in SimpleGattProfile_setParameter() to return 0x16. That is, it is currently in the pending state and then enters a loop. 

    1. I tested SDK versions 7.40 and 8.40 and both have this problem. But I checked the fix records you provided. Are there any issues similar to my current situation in EXT_EP-11778 and EXT_EP-11752? The situation is different from these two topics?

    2. The original SDK added while(1), I guess it was to facilitate debugging for users, so if it is removed, will it affect the Bluetooth task? Or if while(1) is not used, Is there any better solution? For example, if the response is not successful, execute GATTServApp_ProcessCharCfg again.

  • 0 in reply to Ryan Li
    TI__Guru** 101490 points

    Hi,

    Ryan Li said:
    1. I tested SDK versions 7.40 and 8.40 and both have this problem. But I checked the fix records you provided. Are there any issues similar to my current situation in EXT_EP-11778 and EXT_EP-11752? The situation is different from these two topics?

    I don't belive the tickets mentioned are related.

    • EXT_EP-11778 is related to a "blePending" error returned in cases where a lot of notifications are sent. It is not related to connection lost. 
    • EXT_EP-11752 will create a memory leak when a connection is terminated. 
    Ryan Li said:
    2. The original SDK added while(1), I guess it was to facilitate debugging for users, so if it is removed, will it affect the Bluetooth task? Or if while(1) is not used, Is there any better solution? For example, if the response is not successful, execute GATTServApp_ProcessCharCfg again.

    The "while(1)" you refer to was actually - per my personal opinion - a bad way to handle the error. As you mentioned it was making debugging easy but it was pretty dramatic for the system as the system was basically crashed. 

    Best regards,  

  • 0 in reply to Clément
    Intellectual 490 points

    Hi Clément,

    Thanks for the instructions. I will comment out while(1) and test again to see if there are other exceptions.
    I also want to ask two things

    1. Can I set the path of commom -> Profiles -> simple_gatt_profile.c to the simple_gatt_profile.c in the project? I found that even if I reset the path, it will still read the simple_gatt_profile.c in the SDK instead of the one in the project.

    2. SDK 8.40 seems to have a new MCUBoot feature. Does this mean adding a Bootloader in front of the Application? If so, can I use UART to update the program in the Application area, like a ROM Bootloader?

  • 0 in reply to Ryan Li
    TI__Guru** 101490 points

    Hi Ryan, 

    Could you please open a new thread to continue the discussion? 

    I'll be out of the office for some time and won't be able to follow-up. 

    Appreciate your comprehension and thank you for the quality of the discussion so far. 

    Best regards,