ARM stack

Re. http://embeddedgurus.com/state-space/tag/arm-cortex-m/

At this point, I hope it makes sense to suggest that you consider pointing the stack in a safe direction. For a CPU with the stack growing “down” this means that you should place the stack at the start of RAM, below all the data sections. As illustrated in the Figure below, that way you will make sure that a stack overflow can’t corrupt anything.

And:

Second, on many systems you also get an instantaneous and free stack overflow detection in form of a hardware exception triggered in the CPU. For example, on ARM Cortex-M an attempt to read to or write from an address below the beginning of RAM causes the Hard Fault exception.

I don’t know about the specifics of the Cortex-M… But if your stack is in early memory and it writes downwards, don’t you risk an even worse situation as you trash the processor vectors if they are based at &0?
[plus, if the system does throw an exception in this situation, how does one expect to sensibly recover? doesn’t running out of stack suggest something is architecturally very very wrong?]

Surely rather than a really ugly hack like shifting the stack around to avoid stomping on something “important”, it might be a much better idea to periodically check the stack pointer (function entry?) to make sure it is within an acceptable range?

http://embeddedgurus.com/state-space/tag/arm-cortex-m/
and
But if your stack is in early memory and it writes downwards, don’t you risk an even worse situation as you trash the processor vectors if they are based at &0?

Well, the man quotes the NRA (a lot) and it’s not like they don’t know how to keep people safe is it?
No accidental gun deaths, no looneys with guns in schools, Nope, definitely a good reference.

Let’s consider it in a more friendly fashion – if you play a ball game and regularly put the ball out of the field of play, maybe, just maybe you need a bigger field of play.
When was the last time a Rooney, Lampard, or Gerrard kicked the ball out of the ground?

In the cited case the report clearly highlights Toyota not having accounted for all uses of the stack and therefore made the stack space way too small and didn’t do run time stack monitoring.

The guy isn’t too bright, it’s a size issue not direction. I bet the report summarised with a statement that a larger stack and monitoring would have prevented the problem.
In his gun example, no one in the USA has shot anyone here in the UK with a handgun.
They need a bigger range gun¹ or shorter distance.

¹ Possibly a silly idea with NRA members

Well, the man quotes the NRA (a lot) and it’s not like they don’t know how to keep people safe is it?

Yes, I noticed. The first time I read, I was looking at the technical aspects and scratching my head over the supposed “solution”.
After my post, I went back and read it again, and that time the gun nuttery really stood out, as did the images of a gun wielder superimposed on diagrams of the stack. It’s as if owning a gun is a sort of religion, isn’t it?

The guy isn’t too bright, it’s a size issue not direction.

Exactly. That and careful use of the stack. I guess the guy didn’t grow up in the eighties or else he might have remembered that without hacks, the 6502 offers a fixed location for the stack. Fair enough, you can’t go out of bounds when you are restricted to page 1, but on the other hand 256 bytes was all you got. Yet… Yet… Somehow (magic?) entire operating systems existed.

I don’t know the technical aspects of the situation (didn’t read the report) but a quick calculation shows that an 8KiB stack would have been two thousand words. 16KiB, four thousand. I have not monitored RISC OS’ use of the stack, but doesn’t this sound like a runaway loop that continually pushes to the stack without later pulling?

I bet the report summarised with a statement that a larger stack and monitoring would have prevented the problem.

I think somebody mentioned that in one of the comments and it was dismissed as taking time to execute the instructions. Well, gee, let’s see – we can take a few nanoseconds to load and check the stack pointer or we can just not bother and set up our system in a weird way to use hardware exceptions to deal with this while running the risk that we may stomp across hardware vectors so instead of trashing process pointers it’ll be a system freeze. Hope you have a hardware watchdog…

I liked the bit about the idea that a full system reset while travelling would take place in… What was it, eleven yards? Yeah, dude, if the system needs to reset at any point while the vehicle is moving, something is very seriously wrong with the design.

I liked the bit about the idea that a full system reset while travelling would take place in… What was it, eleven yards? Yeah, dude, if the system needs to reset at any point while the vehicle is moving, something is very seriously wrong with the design.

11 feet rather than yards.
That isn’t the issue though, as you say “something is very seriously wrong”

Not just with the design, but also with the thinking that leads to “turn it off and back on again” instead of “find the error and fix it”
How do you fix a memory leak? “turn it off and on again” Sorry I don’t buy that, although it’s so common in the microsoft world people think it’s normal.
I had a VBscript that played whack-a-mole with conficker on domain machines¹. Writing it took me a couple of days, fixing the memory leaks took months. I could have stopped and restarted the script to “fix” the problem.

Mind you the website name puts my back up immediately.
http://embeddedgurus.com/state-space/tag/arm-cortex-m/
really? gurus.com ?

They are happy posting on a site where they effectively self declare as gurus? It’s like the self declared “experts” who are nothing of the sort. Can you imagine Justin or Sophie declaring themselves to be gurus?

¹ It got moved to a server so I have no idea whether it is still running. AV software is not a panacea so things like this are handy.

It’s on the right track…place an unmapped page below the stack so you get a processor abort on overflow. Placing it low memory however adds complications.

I lost interest at the lawsuit section.