reject programs with invalid memory layout #142

japaric · 2021-02-05T13:11:23Z

it's not uncommon to get the memory.x file (which describes the memory layout of the device) wrong when you have to write it manually (e.g. the HAL doesn't provide one). The file looks like this:

MEMORY
{
  FLASH : ORIGIN = 0x00000000, LENGTH = 64K
  RAM : ORIGIN = 0x20000000, LENGTH = 48K
}

If you get FLASH wrong then probe-rs will error with a reasonable error message so that's covered.

If you get RAM wrong, however, probe-rs will say nothing (probably because it doesn't write to RAM when loading the program).

What can go wrong there is: you specify a LENGTH greater than what the amount of RAM the device has. The result is: your stack pointer (whose initial value is stored in the vector table) starts outside physical RAM so your program won't even start.

If LENGTH is smaller than the amount of RAM the device has then nothing bad happens but you end up under-using the device resources.

What we should do:

as a first solution, check that the initial stack pointer value (we already read parts of the vector table so we may already have this value available) is within the device's physical RAM (this info is available via probe-rs; we probably already have this value as well). Error if the initial stack pointer value lies outside the range of physical RAM
as a more thorough solution, we should consider static variables. if you are using flip link, static variables lie above the stack so even if the stack lies in a valid RAM location, static variables may lie outside RAM if you specify a wrong RAM LENGTH.
bonus feature: print a warning if RAM LENGTH (in memory.x) is smaller than device's actual amount of RAM. This is tricky in the presence of flip-link because the last static variable may not be exactly aligned to the RAM boundary due to alignment requirements of static variables (so there may be a "gap", unused RAM, near to the upper RAM boundary). Some heuristics may need to be applied here, e.g. "if the gap is greater than 1K then likely RAM LENGTH was under specified".

The text was updated successfully, but these errors were encountered:

japaric · 2021-05-10T14:16:28Z

in addition to the information that comes from probe-rs (--chip) we can also do a write random bits, readback+check operation on RAM to see if it's writable at all. The reason to do this extra check is that it's possible to specify the wrong --chip part (less or more RAM) and still be able to write a program to the target device's Flash.

japaric added the type: enhancement Enhancement or feature request label Feb 5, 2021

Urhengulas added this to Incoming in Issue Triage via automation Feb 7, 2021

Urhengulas self-assigned this Feb 7, 2021

Urhengulas added the status: needs PR Issue just needs a Pull Request implementing the changes label Feb 8, 2021

Urhengulas added difficulty: medium Somewhat difficult to solve priority: medium Medium priority for the Knurling team labels Mar 1, 2021

Urhengulas moved this from Incoming to Triaged in Issue Triage Mar 1, 2021

Urhengulas mentioned this issue Mar 1, 2021

Check initial_sp is within RAM #166

Closed

Urhengulas removed their assignment May 10, 2021

Urhengulas added help wanted and removed help wanted labels Feb 11, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

reject programs with invalid memory layout #142

reject programs with invalid memory layout #142

japaric commented Feb 5, 2021 •

edited by Urhengulas

japaric commented May 10, 2021

reject programs with invalid memory layout #142

reject programs with invalid memory layout #142

Comments

japaric commented Feb 5, 2021 • edited by Urhengulas

japaric commented May 10, 2021

japaric commented Feb 5, 2021 •

edited by Urhengulas