Stack overflow cases

Based on ARM Cortex-M4 calling conventions, when an exception occurs or the PXROS-HR does the context switching, two operations happen:

  1. Exception stacking — saving of the Exception stack frame (caller-saved registers) done by hardware

  2. Context saving — software context saving; PXROS-HR stores (callee-saved) registers that are not automatically stored by the hardware

According to what causes the MPU violation, two different situations are recognized:

  1. Hardware stack overflow during the exception stacking

    The hardware flag MSTKERR is set in the MemManage Fault Status Register. With this hardware-generated exception (trap), the CPU does not write the fault address (MMFAR register). Therefore, the user should check the MSTKERR flag in the status fault register that is passed into a user-defined trap handler as an argument.

  2. Software context saving stack overflow done by PXROS-HR

    The MSTKERR flag is not generated, but the CPU writes the fault address to the MMFAR register. This fault address is passed to the user-defined trap handler as an argument. When this address belongs to the task stack guard memory area, it is recognized as a stack overflow because the application must not use this area.

When the MSTKERR is generated, the kernel calls the PXROS-HR error reporting function first and then calls the user-defined trap handler if it exists. The error reporting function can be set by PxSetMessageFun().

Undetectable case

During PXROS-HR software context switching, PXROS-HR stores registers that are not automatically stored by the hardware. The storing also happens in the trap prologue — generic trap handler — to remember the application context before the trap occurred. The context is stored in the task stack by the 'store multiple' instruction, which can lead to stack overflow during the execution of the generic trap handler. In other words, another MM exception can occur while handling an exception. If the previous exception was MM fault already, the fault is escalated to the hard fault. In this case, it is impossible to detect stack overflow, and the kernel is in a non-recoverable state.