STM32F756 jumps unknown address "BX LR"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-10-17 01:45 AM
Hello everyone,
I and my collegue have more than 20 years experience on embedded desing with MCUs. We have a problem which we haven't seen this kind of problem before. I guess someone can help us in here.
MCU: STM32F756
IDE: Project created from cubeMX and toughgfx, coded from IAR
- The main problem is our code jumps unknown address. We have custom bootloader, it runs first and jumps application. After it jumps user application, we initialize every peripherals again. We start freeRTOS kernel and toughgfx task. Actually the code runs well but, sometimes it couldn't run after user application starts.
- When we dig on it, we saw the code try to jump unknown address which is not on address space. (We get Hard fault or Bus fault or Mem Fault exeption)
- Anyway, we decided to remove bootloader and try to user code alone. At that moment the code started to do same thing at same location.
- The code starts from Reset_Handler, initializes stack pointer, goes to SystemInit, iar_program_start and jumps main.
- You can see the main code below. The code jumps unknown address from inside HAL_Init().
This is the main code starts as simple as possible. Here is the debug pictures:
It jumps to HAL_Init() function and then HAL_TickInit() function.
Then it goes to HAL_NVIC_EanbleIRQ function after system tick timer initialized.
And it goes to NVIC_Enable function.
Finally it reaches NVIC->ISER[(((uint32_t)IRQn) >> 5UL)] = (uint32_t)(1UL << (((uint32_t)IRQn) & 0x1FUL));
At that moment we continue to single step on disassembly window.
We saw everything is ok on CPU Registers
But when we go single step at "BX LR", it jumps unknown address.
Actually there was return address on LR register (0x08032a4d) and we were hopping to jump this address in LR, but it jumps unknown address. At this moment IAR fault exception viewer says "A bus fault occurred on an instruction prefetch (CFSR.IBUSERR, BFAR)...".
MCU voltages are stable, VCAP voltages are stables. PDR_ON pin = 1, BYPASS_REG pin=0. Boot0 pin=0.
We checked it with ST Link and also JLink, same things happened.
Thanks for all for any suggestion.
Solved! Go to Solution.
- Labels:
-
STM32CubeMX
-
STM32F7 Series
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-11-02 02:19 AM
Hi I had same problem and I solved it. I highley recommend you review the following document.
Cortex M7 have some limitations. Some of theese have solutions , some doesnt, so You have to find another way to solve problem.
Especially you have to look
CORE -> Cortex-M7 data corruption when using Data cache configured in write-through
FMC
QUADSPI
sections.
Best luck
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-10-17 03:13 AM
Hello @MuratUnal,
A first thought is timing issues related to I-Cache and D-Cache, if the caches are not properly invalidated or synchronized, the CPU fetch incorrect instructions
To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-10-17 02:02 PM
So likely going to the IRQ Handler, and that's trashing the stack.
Most likely the one you're enabling.
Check stack depth, auto/local variables, context switching if you're doing any of that.
Any subroutine/function that calls something else, pushes LR first, typically in the prologue, and popping PC in the epilogue.
The 0xFFFFFFF9 is a call-gate, lets the fault/handler know which stack to pull return context from.
I prefer to dump as many registers as I can, the stack, and the instruction stream
https://github.com/cturvey/RandomNinjaChef/blob/main/KeilHardFault.c
Up vote any posts that you find helpful, it shows what's working..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-11-02 02:19 AM
Hi I had same problem and I solved it. I highley recommend you review the following document.
Cortex M7 have some limitations. Some of theese have solutions , some doesnt, so You have to find another way to solve problem.
Especially you have to look
CORE -> Cortex-M7 data corruption when using Data cache configured in write-through
FMC
QUADSPI
sections.
Best luck
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
‎2024-11-02 03:17 AM
As RTOS probably doing a context switch via SysTick into a task structure that hasn't be initialized yet, or the wrong structure.
Check also that SCB->VTOR points to your current Vector Table. Usually set up in SystemInit () best to use a Linker symbol rather than defines so you don't have to mod multiple files.
Up vote any posts that you find helpful, it shows what's working..
