Undetectable error scenario

When the stack is almost full — there is enough space to save the exception stack frame but not enough space to store the context saved by the PXROS-HR. If, at this time, an MM fault occurs, the hardware will successfully do the exception stacking, and the PXROS-HR generic trap handler will try to save the context. However, there is not enough space on the stack to save the context and the MM fault is generated because the PXROS-HR tried to access the task stack guard memory area. This new MM fault cannot be handled because there already was an MM fault. Therefore, it will be escalated to the hard fault. The problem is that current PXROS-HR exception handling does not clear the MM fault status register and the MMFAR register before the software context saving. Therefore, these registers are not updated from the first MM fault, and the hard fault handler gets the content of the first MM fault.

If the registers are cleared before the context saving, the hard fault handler will get the new fault address from the MMFAR register as an argument to the handler. This address would be within the task stack guard memory area and could be detected as it is in the case of no escalation to the hard fault.