devif_poll_tcp_timer shouldn't be skipped in the multiple card case #4

xiaoxiang781216 · 2019-12-24T15:01:45Z

devif_timer will be called multiple time in one period if the multiple card exist,
the elapsed time calculated for the first callback is right, but the flowing callback
in the same period is wrong(very short) because the global variable g_polltimer is
used in the calculation.

so let's pass the delay time to devif_timer and remove g_polltimer.

Change-Id: I6ac3d1135e08cc0f34c51916fa713bd6e6892d04
Signed-off-by: Xiang Xiao xiaoxiang@xiaomi.com

devif_timer will be called multiple time in one period if the multiple card exist, the elapsed time calculated for the first callback is right, but the flowing callback in the same period is wrong(very short) because the global variable g_polltimer is used in the calculation. so let's pass the delay time to devif_timer and remove g_polltimer. Change-Id: I6ac3d1135e08cc0f34c51916fa713bd6e6892d04 Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>

patacongo · 2019-12-24T15:04:03Z

This PR is against master. Under the current guidelines I can take only PRs on the dev branch. I can take this PR as a patch from https://patch-diff.githubusercontent.com/raw/apache/incubator-nuttx/pull/4.patch and apply that to the dev branch on your behalf. Is this acceptable to you?

Alternatively, you could copy your changes to the dev and branch an submit a new PR. Totally up to you.

patacongo · 2019-12-24T16:32:13Z

I have already taken this change as a patch and will be merging soon. I am running nxstyle against all affect files... takes awile.

patacongo · 2019-12-24T16:39:56Z

Merged via patch.

ASAN trace: ... ==32087==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4502120 at pc 0x56673ca3 bp 0xff9b6a08 sp 0xff9b69f8 WRITE of size 1 at 0xf4502120 thread T0 #0 0x56673ca2 in strcpy string/lib_strcpy.c:64 0xf4502120 is located 0 bytes to the right of 8224-byte region [0xf4500100,0xf4502120) allocated by thread T0 here: #0 0xf7a60f54 in malloc (/usr/lib32/libasan.so.4+0xe5f54) #1 0x5667725d in up_create_stack sim/up_createstack.c:135 #2 0x56657ed8 in nxthread_create task/task_create.c:125 #3 0x566580bb in kthread_create task/task_create.c:297 #4 0x5665935f in work_start_highpri wqueue/kwork_hpthread.c:149 #5 0x56656f31 in nx_workqueues init/nx_bringup.c:181 #6 0x56656fc6 in nx_bringup init/nx_bringup.c:436 apache#7 0x56656e95 in nx_start init/nx_start.c:809 apache#8 0x566548d4 in main sim/up_head.c:95 apache#9 0xf763ae80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80) CALLSTACK: apache#8 0xf79de7a5 in __asan_report_store1 () from /usr/lib32/libasan.so.4 apache#9 0x565fd4d7 in strcpy (dest=0xf4a02121 "", src=0xf5c00895 "k") at string/lib_strcpy.c:64 apache#10 0x565e4eb2 in nxtask_setup_stackargs (tcb=0xf5c00810, argv=0x0) at task/task_setup.c:570 apache#11 0x565e50ff in nxtask_setup_arguments (tcb=0xf5c00810, name=0x5679e580 "hpwork", argv=0x0) at task/task_setup.c:714 apache#12 0x565e414e in nxthread_create (name=0x5679e580 "hpwork", ttype=2 '\002', priority=224, stack=0x0, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:143 apache#13 0x565e42e3 in kthread_create (name=0x5679e580 "hpwork", priority=224, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:297 apache#14 0x565e5557 in work_start_highpri () at wqueue/kwork_hpthread.c:149 apache#15 0x565e3e32 in nx_workqueues () at init/nx_bringup.c:181 apache#16 0x565e3ec7 in nx_bringup () at init/nx_bringup.c:436 apache#17 0x565e3d96 in nx_start () at init/nx_start.c:809 apache#18 0x565e3195 in main (argc=1, argv=0xffe6b954, envp=0xffe6b95c) at sim/up_head.c:95 Change-Id: I096f7952aae67d055daa737e967242eb217ef8ac Signed-off-by: chao.an <anchao@xiaomi.com>

ASAN trace: ... ==32087==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf4502120 at pc 0x56673ca3 bp 0xff9b6a08 sp 0xff9b69f8 WRITE of size 1 at 0xf4502120 thread T0 #0 0x56673ca2 in strcpy string/lib_strcpy.c:64 0xf4502120 is located 0 bytes to the right of 8224-byte region [0xf4500100,0xf4502120) allocated by thread T0 here: #0 0xf7a60f54 in malloc (/usr/lib32/libasan.so.4+0xe5f54) #1 0x5667725d in up_create_stack sim/up_createstack.c:135 #2 0x56657ed8 in nxthread_create task/task_create.c:125 #3 0x566580bb in kthread_create task/task_create.c:297 #4 0x5665935f in work_start_highpri wqueue/kwork_hpthread.c:149 #5 0x56656f31 in nx_workqueues init/nx_bringup.c:181 #6 0x56656fc6 in nx_bringup init/nx_bringup.c:436 #7 0x56656e95 in nx_start init/nx_start.c:809 #8 0x566548d4 in main sim/up_head.c:95 #9 0xf763ae80 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18e80) CALLSTACK: #8 0xf79de7a5 in __asan_report_store1 () from /usr/lib32/libasan.so.4 #9 0x565fd4d7 in strcpy (dest=0xf4a02121 "", src=0xf5c00895 "k") at string/lib_strcpy.c:64 #10 0x565e4eb2 in nxtask_setup_stackargs (tcb=0xf5c00810, argv=0x0) at task/task_setup.c:570 #11 0x565e50ff in nxtask_setup_arguments (tcb=0xf5c00810, name=0x5679e580 "hpwork", argv=0x0) at task/task_setup.c:714 #12 0x565e414e in nxthread_create (name=0x5679e580 "hpwork", ttype=2 '\002', priority=224, stack=0x0, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:143 #13 0x565e42e3 in kthread_create (name=0x5679e580 "hpwork", priority=224, stack_size=8192, entry=0x565e54e1 <work_hpthread>, argv=0x0) at task/task_create.c:297 #14 0x565e5557 in work_start_highpri () at wqueue/kwork_hpthread.c:149 #15 0x565e3e32 in nx_workqueues () at init/nx_bringup.c:181 #16 0x565e3ec7 in nx_bringup () at init/nx_bringup.c:436 #17 0x565e3d96 in nx_start () at init/nx_start.c:809 #18 0x565e3195 in main (argc=1, argv=0xffe6b954, envp=0xffe6b95c) at sim/up_head.c:95 Change-Id: I096f7952aae67d055daa737e967242eb217ef8ac Signed-off-by: chao.an <anchao@xiaomi.com>

Note: dlsymtab is not in standards. but just in case. (gdb) bt #0 getpid () at task/task_getpid.c:91 apache#1 0x00000000004fbc9d in modlib_registry_lock () at modlib/modlib_registry.c:89 apache#2 0x0000000000719ee0 in modsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at module/mod_modsym.c:92 apache#3 0x000000000071597d in dlsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at dlfcn/lib_dlsym.c:164 apache#4 0x00007fa7ebdbeb39 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 apache#5 0x00007fa7ebd79b28 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 apache#6 0x00007fa7ebd9d7a7 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 apache#7 0x00007fa7ec6ce03a in ?? () from /lib64/ld-linux-x86-64.so.2 apache#8 0x00007fa7ec6ce141 in ?? () from /lib64/ld-linux-x86-64.so.2 apache#9 0x00007fa7ec6be13a in ?? () from /lib64/ld-linux-x86-64.so.2 apache#10 0x0000000000000001 in ?? () apache#11 0x00007fff028f686b in ?? () apache#12 0x0000000000000000 in ?? () (gdb) quit

Note: dlsymtab is not in standards. but just in case. (gdb) bt #0 getpid () at task/task_getpid.c:91 #1 0x00000000004fbc9d in modlib_registry_lock () at modlib/modlib_registry.c:89 #2 0x0000000000719ee0 in modsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at module/mod_modsym.c:92 #3 0x000000000071597d in dlsym (handle=0xffffffffffffffff, name=0x7fa7ebdde8c7 "mmap") at dlfcn/lib_dlsym.c:164 #4 0x00007fa7ebdbeb39 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 #5 0x00007fa7ebd79b28 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 #6 0x00007fa7ebd9d7a7 in ?? () from /lib/x86_64-linux-gnu/libasan.so.5 #7 0x00007fa7ec6ce03a in ?? () from /lib64/ld-linux-x86-64.so.2 #8 0x00007fa7ec6ce141 in ?? () from /lib64/ld-linux-x86-64.so.2 #9 0x00007fa7ec6be13a in ?? () from /lib64/ld-linux-x86-64.so.2 #10 0x0000000000000001 in ?? () #11 0x00007fff028f686b in ?? () #12 0x0000000000000000 in ?? () (gdb) quit

This reverts commit 21cff9f. It broke sim on macOS. In the following backtrace, the host socket() should be used instead of nuttx's. (lldb) bt * thread apache#1, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1 * frame #0: 0x00000001000f5391 nuttx`socket(domain=1, type=1, protocol=0) at socket.c:192:12 frame apache#1: 0x000000010012b682 nuttx`vpnkit_connect at up_vpnkit.c:75:8 frame apache#2: 0x000000010012b60b nuttx`vpnkit_init at up_vpnkit.c:136:3 frame apache#3: 0x0000000100034b56 nuttx`netdriver_init at up_netdriver.c:334:3 frame apache#4: 0x0000000100033294 nuttx`up_initialize at up_initialize.c:260:3 frame apache#5: 0x00000001000031e3 nuttx`nx_start at nx_start.c:701:3 frame apache#6: 0x0000000100000b12 nuttx`main(argc=1, argv=0x00007ffeefbfd6c8, envp=0x00007ffeefbfd6d8) at up_head.c:96:7 frame apache#7: 0x00007fff7831b3d5 libdyld.dylib`start + 1 frame apache#8: 0x00007fff7831b3d5 libdyld.dylib`start + 1 (lldb)

(gdb) b longjmp Breakpoint 1 at 0x8270 (gdb) r Starting program: /home/chao/code/m3/nuttx/nuttx [ 0.000000] Assertion failed at file:task/task_onexit.c line: 99 Breakpoint 1, 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 (gdb) (gdb) bt |#0 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 |#1 0xf7f9c3dc in siglongjmp_alias () from /lib/i386-linux-gnu/libpthread.so.0 |#2 0x5655d668 in up_assert (filename=0x56641018 "task/task_onexit.c", line=99) at sim/up_head.c:132 |#3 0x56567413 in _assert (filename=0x56641018 "task/task_onexit.c", linenum=99) at assert/lib_assert.c:36 |#4 0x565f8cfd in on_exit (func=0x565f8c12 <exitfunc>, arg=0x565fd780 <simuart_restoremode>) at task/task_onexit.c:99 |#5 0x565f8c89 in atexit (func=0x565fd780 <simuart_restoremode>) at task/task_atexit.c:109 |#6 0x565fd819 in simuart_start () at sim/up_simuart.c:112 |apache#7 0x5656c844 in up_uartinit () at sim/up_uart.c:496 |apache#8 0x5656ba7a in up_initialize () at sim/up_initialize.c:234 |apache#9 0x5655da56 in nx_start () at init/nx_start.c:701 |apache#10 0x5655d5e9 in main (argc=1, argv=0xffffd6f4, envp=0xffffd6fc) at sim/up_head.c:96 Change-Id: Ifd7196b2de7bf9fc7cea764c19a5c0eacf08fdb6 Signed-off-by: chao.an <anchao@xiaomi.com>

(gdb) b longjmp Breakpoint 1 at 0x8270 (gdb) r Starting program: /home/chao/code/m3/nuttx/nuttx [ 0.000000] Assertion failed at file:task/task_onexit.c line: 99 Breakpoint 1, 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 (gdb) (gdb) bt |#0 0xf7b905e0 in siglongjmp () from /lib/i386-linux-gnu/libc.so.6 |#1 0xf7f9c3dc in siglongjmp_alias () from /lib/i386-linux-gnu/libpthread.so.0 |#2 0x5655d668 in up_assert (filename=0x56641018 "task/task_onexit.c", line=99) at sim/up_head.c:132 |#3 0x56567413 in _assert (filename=0x56641018 "task/task_onexit.c", linenum=99) at assert/lib_assert.c:36 |#4 0x565f8cfd in on_exit (func=0x565f8c12 <exitfunc>, arg=0x565fd780 <simuart_restoremode>) at task/task_onexit.c:99 |#5 0x565f8c89 in atexit (func=0x565fd780 <simuart_restoremode>) at task/task_atexit.c:109 |#6 0x565fd819 in simuart_start () at sim/up_simuart.c:112 |#7 0x5656c844 in up_uartinit () at sim/up_uart.c:496 |#8 0x5656ba7a in up_initialize () at sim/up_initialize.c:234 |#9 0x5655da56 in nx_start () at init/nx_start.c:701 |#10 0x5655d5e9 in main (argc=1, argv=0xffffd6f4, envp=0xffffd6fc) at sim/up_head.c:96 Change-Id: Ifd7196b2de7bf9fc7cea764c19a5c0eacf08fdb6 Signed-off-by: chao.an <anchao@xiaomi.com>

Deadlock during recursive access if unionfs overlays procfs, check the critical segment only and remove the useless protection part. |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 ... |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |apache#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 original call stack: (gdb) bt |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 |#1 0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119 |#2 0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90 |#3 0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193 |#4 0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169 |#5 0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537 |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |apache#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 |apache#8 0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110 |apache#9 0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175 |apache#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206 |apache#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116 |apache#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73 |apache#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061 |apache#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741 |apache#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578 |apache#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662 |apache#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191 |apache#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115 |apache#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168 |apache#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165 |apache#21 0x08049713 in nxtask_start () at task/task_start.c:144 |apache#22 0x00000000 in ?? () Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca Signed-off-by: chao.an <anchao@xiaomi.com>

Deadlock during recursive access if unionfs overlays procfs, check the critical segment only and remove the useless protection part. |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 ... |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 original call stack: (gdb) bt |#0 unionfs_statfs (mountpt=0xf3df4540, buf=0xf3de2f0c) at unionfs/fs_unionfs.c:2136 |#1 0x08071629 in mountpoint_filter (node=0xf3df4540, dirpath=0xf3df4a28 "/proc", arg=0xf3de2fc4) at mount/fs_foreachmountpoint.c:119 |#2 0x0807171b in foreach_inodelevel (node=0xf3df4540, info=0xf3df4a20) at inode/fs_foreachinode.c:90 |#3 0x08071898 in foreach_inode (handler=0x8071530 <mountpoint_filter>, arg=0xf3de2fc4) at inode/fs_foreachinode.c:193 |#4 0x080716c1 in foreach_mountpoint (handler=0x8070e2f <blocks_entry>, arg=0xf3de300c) at mount/fs_foreachmountpoint.c:169 |#5 0x08071399 in mount_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at mount/fs_procfs_mount.c:537 |#6 0x08069429 in procfs_read (filep=0xf3df4574, buffer=0xf3df4610 "...", buflen=1024) at procfs/fs_procfs.c:412 |#7 0x0806c339 in unionfs_read (filep=0xf3de219c, buffer=0xf3df4610 "...", buflen=1024) at unionfs/fs_unionfs.c:1026 |#8 0x080657a2 in file_read (filep=0xf3de219c, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:110 |#9 0x0806581a in nx_read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:175 |#10 0x08065847 in read (fd=3, buf=0xf3df4610, nbytes=1024) at vfs/fs_read.c:206 |#11 0x0805a242 in nsh_catfile (vtbl=0xf3df3f10, cmd=0xf3df4378 "df", filepath=0x808d5ed "/proc/fs/blocks") at nsh_fsutils.c:116 |#12 0x0805b1de in cmd_df (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_mntcmds.c:73 |#13 0x08056370 in nsh_command (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0) at nsh_command.c:1061 |#14 0x08053b16 in nsh_execute (vtbl=0xf3df3f10, argc=1, argv=0xf3de32c0, redirfile=0x0, oflags=0) at nsh_parse.c:741 |#15 0x08055998 in nsh_parse_command (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2578 |#16 0x08055a7b in nsh_parse (vtbl=0xf3df3f10, cmdline=0xf3df4378 "df") at nsh_parse.c:2662 |#17 0x0805d691 in nsh_session (pstate=0xf3df3f10, login=1 '\001', argc=1, argv=0xf3de34b0) at nsh_session.c:191 |#18 0x0805b542 in nsh_consolemain (argc=1, argv=0xf3de34b0) at nsh_consolemain.c:115 |#19 0x0805346c in nsh_main (argc=1, argv=0xf3de34b0) at nsh_main.c:168 |#20 0x0805075a in nxtask_startup (entrypt=0x805340a <nsh_main>, argc=1, argv=0xf3de34b0) at sched/task_startup.c:165 |#21 0x08049713 in nxtask_start () at task/task_start.c:144 |#22 0x00000000 in ?? () Change-Id: Ic4c7aff0ea50388a371c525745e817a787dabcca Signed-off-by: chao.an <anchao@xiaomi.com>

``` Program received signal SIGSEGV, Segmentation fault. getpid () at task/task_getpid.c:76 76 task/task_getpid.c: No such file or directory. rax 0x2feeb4 3141300 rbx 0xc53f83 12926851 rcx 0x6837665ee4c00 1833394399759360 rdx 0x472080 4661376 rsi 0xc53f83 12926851 rdi 0xffffffffffffffff -1 rbp 0x7ffe4cdfe140 0x7ffe4cdfe140 rsp 0x7ffe4cdfe0f0 0x7ffe4cdfe0f0 r8 0xffffffffffffffff -1 r9 0x0 0 r10 0x22 34 r11 0x246 582 r12 0x472080 4661376 r13 0x7ffe4cdfe3e8 140730188162024 r14 0x472080 4661376 r15 0xf60398 16122776 rip 0x4e9b93 0x4e9b93 <getpid+35> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 #0 getpid () at task/task_getpid.c:76 apache#1 0x00000000006ad25a in modlib_registry_lock () at modlib/modlib_registry.c:89 apache#2 0x0000000000c3648d in modsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at module/mod_modsym.c:77 apache#3 0x0000000000c2cd3a in dlsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at dlfcn/lib_dlsym.c:149 apache#4 0x00000000004a0034 in __interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long) () apache#5 0x000000000048181e in InitializeCommonInterceptors() () apache#6 0x000000000048106a in __asan::InitializeAsanInterceptors() () apache#7 0x000000000049b85e in __asan::AsanInitInternal() () apache#8 0x00007f09cfb04ce6 in ?? () from /lib64/ld-linux-x86-64.so.2 apache#9 0x00007f09cfaf413a in ?? () from /lib64/ld-linux-x86-64.so.2 apache#10 0x0000000000000001 in ?? () apache#11 0x00007ffe4cdfff56 in ?? () apache#12 0x0000000000000000 in ?? () ```

Fixes the following crash with CONFIG_SIM_SANITIZE=y on Linux. ``` Program received signal SIGSEGV, Segmentation fault. getpid () at task/task_getpid.c:76 76 task/task_getpid.c: No such file or directory. rax 0x2feeb4 3141300 rbx 0xc53f83 12926851 rcx 0x6837665ee4c00 1833394399759360 rdx 0x472080 4661376 rsi 0xc53f83 12926851 rdi 0xffffffffffffffff -1 rbp 0x7ffe4cdfe140 0x7ffe4cdfe140 rsp 0x7ffe4cdfe0f0 0x7ffe4cdfe0f0 r8 0xffffffffffffffff -1 r9 0x0 0 r10 0x22 34 r11 0x246 582 r12 0x472080 4661376 r13 0x7ffe4cdfe3e8 140730188162024 r14 0x472080 4661376 r15 0xf60398 16122776 rip 0x4e9b93 0x4e9b93 <getpid+35> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 #0 getpid () at task/task_getpid.c:76 apache#1 0x00000000006ad25a in modlib_registry_lock () at modlib/modlib_registry.c:89 apache#2 0x0000000000c3648d in modsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at module/mod_modsym.c:77 apache#3 0x0000000000c2cd3a in dlsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at dlfcn/lib_dlsym.c:149 apache#4 0x00000000004a0034 in __interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long) () apache#5 0x000000000048181e in InitializeCommonInterceptors() () apache#6 0x000000000048106a in __asan::InitializeAsanInterceptors() () apache#7 0x000000000049b85e in __asan::AsanInitInternal() () apache#8 0x00007f09cfb04ce6 in ?? () from /lib64/ld-linux-x86-64.so.2 apache#9 0x00007f09cfaf413a in ?? () from /lib64/ld-linux-x86-64.so.2 apache#10 0x0000000000000001 in ?? () apache#11 0x00007ffe4cdfff56 in ?? () apache#12 0x0000000000000000 in ?? () ```

Fixes the following crash with CONFIG_SIM_SANITIZE=y on Linux. ``` Program received signal SIGSEGV, Segmentation fault. getpid () at task/task_getpid.c:76 76 task/task_getpid.c: No such file or directory. rax 0x2feeb4 3141300 rbx 0xc53f83 12926851 rcx 0x6837665ee4c00 1833394399759360 rdx 0x472080 4661376 rsi 0xc53f83 12926851 rdi 0xffffffffffffffff -1 rbp 0x7ffe4cdfe140 0x7ffe4cdfe140 rsp 0x7ffe4cdfe0f0 0x7ffe4cdfe0f0 r8 0xffffffffffffffff -1 r9 0x0 0 r10 0x22 34 r11 0x246 582 r12 0x472080 4661376 r13 0x7ffe4cdfe3e8 140730188162024 r14 0x472080 4661376 r15 0xf60398 16122776 rip 0x4e9b93 0x4e9b93 <getpid+35> eflags 0x10206 [ PF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 #0 getpid () at task/task_getpid.c:76 #1 0x00000000006ad25a in modlib_registry_lock () at modlib/modlib_registry.c:89 #2 0x0000000000c3648d in modsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at module/mod_modsym.c:77 #3 0x0000000000c2cd3a in dlsym (handle=0xffffffffffffffff, name=0xc53f83 "mmap") at dlfcn/lib_dlsym.c:149 #4 0x00000000004a0034 in __interception::InterceptFunction(char const*, unsigned long*, unsigned long, unsigned long) () #5 0x000000000048181e in InitializeCommonInterceptors() () #6 0x000000000048106a in __asan::InitializeAsanInterceptors() () #7 0x000000000049b85e in __asan::AsanInitInternal() () #8 0x00007f09cfb04ce6 in ?? () from /lib64/ld-linux-x86-64.so.2 #9 0x00007f09cfaf413a in ?? () from /lib64/ld-linux-x86-64.so.2 #10 0x0000000000000001 in ?? () #11 0x00007ffe4cdfff56 in ?? () #12 0x0000000000000000 in ?? () ```

This reverts commit 2335b69. It seems that the commit is question broke sim/Linux and sim/macOS. Both of the following crashes are fixed by this revert. My app running with sim/Linux started crashing with the commit. ``` Program received signal SIGSEGV, Segmentation fault. 0x00000000004583ad in snprintf (buf=0x7f6260682b30 "\020", size=140060500962096, format=0xffffffffffffffff <error: Cannot access memory at address 0xffffffffffffffff>) at stdio/lib_snprintf.c:41 41 stdio/lib_snprintf.c: No such file or directory. rax 0x0 0 rbx 0x0 0 rcx 0x1 1 rdx 0x5515d0 5576144 rsi 0x10 16 rdi 0x7f6260682858 140060500961368 rbp 0x7f6260682808 0x7f6260682808 rsp 0x7f6260682628 0x7f6260682628 r8 0x7f62606825e0 140060500960736 r9 0x0 0 r10 0x8 8 r11 0x246 582 r12 0x0 0 r13 0x0 0 r14 0x0 0 r15 0x0 0 rip 0x4583ad 0x4583ad <snprintf+13> eflags 0x10246 [ PF ZF IF RF ] cs 0x33 51 ss 0x2b 43 ds 0x0 0 es 0x0 0 fs 0x0 0 gs 0x0 0 ``` sim:ostest on macOS crashes like the following. ``` spacetanuki% lldb ./nuttx (lldb) target create "./nuttx" Current executable set to './nuttx' (x86_64). (lldb) run Process 67434 launched: '/Users/yamamoto/git/nuttx/nuttx/nuttx' (x86_64) Process 67434 stopped * thread apache#1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) frame #0: 0x00007fff6f1633a6 libdyld.dylib`stack_not_16_byte_aligned_error libdyld.dylib`stack_not_16_byte_aligned_error: -> 0x7fff6f1633a6 <+0>: movdqa %xmm0, (%rsp) 0x7fff6f1633ab <+5>: int3 libdyld.dylib`_dyld_fast_stub_entry: 0x7fff6f1633ac <+0>: pushq %rbp 0x7fff6f1633ad <+1>: movq %rsp, %rbp Target 0: (nuttx) stopped. (lldb) bt * thread apache#1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT) * frame #0: 0x00007fff6f1633a6 libdyld.dylib`stack_not_16_byte_aligned_error frame apache#1: 0x0000000101002048 frame apache#2: 0x000000010001682d nuttx`tty_send(dev=0x000000010002f370, ch=115) at up_uart.c:447:3 frame apache#3: 0x000000010000d7df nuttx`uart_xmitchars(dev=0x000000010002f370) at serial_io.c:68:7 frame apache#4: 0x0000000100016a95 nuttx`tty_txint(dev=0x000000010002f370, enable='\x01') at up_uart.c:462:7 frame apache#5: 0x000000010000ce48 nuttx`uart_write(filep=0x00000001010011e8, buffer="", buflen=0) at serial.c:1260:7 frame apache#6: 0x0000000100024ef3 nuttx`file_write(filep=0x00000001010011e8, buf=0x0000000100027a30, nbytes=23) at fs_write.c:89:10 frame apache#7: 0x0000000100024f6a nuttx`nx_write(fd=1, buf=0x0000000100027a30, nbytes=23) at fs_write.c:138:13 frame apache#8: 0x0000000100024fab nuttx`file_write(filep=0x0000000100027a30, buf=0x0000000000000017, nbytes=0) at fs_write.c:76:7 frame apache#9: 0x000000010002215e nuttx`stdio_test at ostest_main.c:574:3 frame apache#10: 0x0000000100021f1b nuttx`ostest_main(argc=1, argv=0x0000000101001300) at ostest_main.c:602:3 frame apache#11: 0x000000010000ff05 nuttx`nxtask_startup(entrypt=(nuttx`ostest_main at ostest_main.c:592), argc=1, argv=0x0000000101001300) at task_startup.c:150:8 frame apache#12: 0x000000010000a580 nuttx`nxtask_start at task_start.c:129:7 (lldb) ```

…system boot So avoid to use vmov.i32 instruction before FPU is ready. Before modification: 3c03b35c <nx_vsyslog>: 3c03b35c: f2c00010 vmov.i32 d16, #0 ; 0x00000000 3c03b360: f2c02050 vmov.i32 q9, #0 ; 0x00000000 3c03b364: e92d40f0 push {r4, r5, r6, r7, lr} 3c03b368: e24dd08c sub sp, sp, apache#140 ; 0x8c 3c03b36c: e28d301c add r3, sp, apache#28 3c03b370: e2505000 subs r5, r0, #0 3c03b374: edcd0b0f vstr d16, [sp, apache#60] ; 0x3c 3c03b378: edcd0b01 vstr d16, [sp, apache#4] After modification: 3c03b35c <nx_vsyslog>: 3c03b35c: e92d40f0 push {r4, r5, r6, r7, lr} 3c03b360: e2505000 subs r5, r0, #0 3c03b364: e24dd08c sub sp, sp, apache#140 ; 0x8c 3c03b368: e1a06001 mov r6, r1 3c03b36c: e1a07002 mov r7, r2 3c03b370: e28d000c add r0, sp, apache#12 3c03b374: 1a00003a bne 3c03b464 <nx_vsyslog+0x108> Change-Id: I643c19f5416c94a529764fdaa81f3088fcf95355 Signed-off-by: Jiuzhu Dong <dongjiuzhu1@xiaomi.com>

…system boot So avoid to use vmov.i32 instruction before FPU is ready. Before modification: 3c03b35c <nx_vsyslog>: 3c03b35c: f2c00010 vmov.i32 d16, #0 ; 0x00000000 3c03b360: f2c02050 vmov.i32 q9, #0 ; 0x00000000 3c03b364: e92d40f0 push {r4, r5, r6, r7, lr} 3c03b368: e24dd08c sub sp, sp, #140 ; 0x8c 3c03b36c: e28d301c add r3, sp, #28 3c03b370: e2505000 subs r5, r0, #0 3c03b374: edcd0b0f vstr d16, [sp, #60] ; 0x3c 3c03b378: edcd0b01 vstr d16, [sp, #4] After modification: 3c03b35c <nx_vsyslog>: 3c03b35c: e92d40f0 push {r4, r5, r6, r7, lr} 3c03b360: e2505000 subs r5, r0, #0 3c03b364: e24dd08c sub sp, sp, #140 ; 0x8c 3c03b368: e1a06001 mov r6, r1 3c03b36c: e1a07002 mov r7, r2 3c03b370: e28d000c add r0, sp, #12 3c03b374: 1a00003a bne 3c03b464 <nx_vsyslog+0x108> Change-Id: I643c19f5416c94a529764fdaa81f3088fcf95355 Signed-off-by: Jiuzhu Dong <dongjiuzhu1@xiaomi.com>

current sizeof(struct sockaddr_in) is 66 arp/arp_table.c:241:28: runtime error: member access within misaligned address 0xe5f134e6 for type 'struct sockaddr_in', which requires 4 byte alignment 0xe5f134e6: note: pointer points here 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ #0 0x543287c1 in arp_get_arpreq arp/arp_table.c:241 #1 0x5432a11f in arp_snapshot arp/arp_table.c:574 #2 0x5435f0be in netlink_fill_arptable netlink/netlink_route.c:547 apache#3 0x5435ffca in netlink_get_neighbor netlink/netlink_route.c:715 apache#4 0x54360116 in netlink_get_neighborlist netlink/netlink_route.c:743 apache#5 0x54363b20 in netlink_route_sendto netlink/netlink_route.c:1382 apache#6 0x542ef1b1 in netlink_sendmsg netlink/netlink_sockif.c:625 apache#7 0x542be94d in psock_sendmsg socket/sendmsg.c:96 apache#8 0x542bc94b in psock_sendto socket/sendto.c:134 apache#9 0x542bcb28 in sendto socket/sendto.c:247 apache#10 0x542bc5ea in send socket/send.c:163 apache#11 0x542aa715 in netlib_get_arptable /home/mi/gaofengzhi/code/dev1025/apps/netutils/netlib/netlib_getarptab.c:152 apache#12 0x54279109 in cmd_arp /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_netcmds.c:1197 apache#13 0x54257faf in nsh_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_command.c:1263 apache#14 0x54231982 in nsh_execute /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:718 apache#15 0x5423da42 in nsh_parse_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2619 apache#16 0x5423e12a in nsh_parse /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2706 apache#17 0x5424088f in nsh_session /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_session.c:245 apache#18 0x5422efc9 in nsh_consolemain /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_consolemain.c:75 apache#19 0x5419e89f in nsh_main /home/mi/gaofengzhi/code/dev1025/apps/system/nsh/nsh_main.c:74 apache#20 0x54067ee1 in nxtask_startup sched/task_startup.c:70 apache#21 0x53f366c6 in nxtask_start task/task_start.c:116 apache#22 0x5409e1a4 in pre_start sim/sim_initialstate.c:52 Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>

current sizeof(struct sockaddr_in) is 66 arp/arp_table.c:241:28: runtime error: member access within misaligned address 0xe5f134e6 for type 'struct sockaddr_in', which requires 4 byte alignment 0xe5f134e6: note: pointer points here 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ #0 0x543287c1 in arp_get_arpreq arp/arp_table.c:241 #1 0x5432a11f in arp_snapshot arp/arp_table.c:574 #2 0x5435f0be in netlink_fill_arptable netlink/netlink_route.c:547 #3 0x5435ffca in netlink_get_neighbor netlink/netlink_route.c:715 #4 0x54360116 in netlink_get_neighborlist netlink/netlink_route.c:743 #5 0x54363b20 in netlink_route_sendto netlink/netlink_route.c:1382 #6 0x542ef1b1 in netlink_sendmsg netlink/netlink_sockif.c:625 #7 0x542be94d in psock_sendmsg socket/sendmsg.c:96 #8 0x542bc94b in psock_sendto socket/sendto.c:134 #9 0x542bcb28 in sendto socket/sendto.c:247 #10 0x542bc5ea in send socket/send.c:163 #11 0x542aa715 in netlib_get_arptable /home/mi/gaofengzhi/code/dev1025/apps/netutils/netlib/netlib_getarptab.c:152 #12 0x54279109 in cmd_arp /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_netcmds.c:1197 #13 0x54257faf in nsh_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_command.c:1263 #14 0x54231982 in nsh_execute /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:718 #15 0x5423da42 in nsh_parse_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2619 #16 0x5423e12a in nsh_parse /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2706 #17 0x5424088f in nsh_session /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_session.c:245 #18 0x5422efc9 in nsh_consolemain /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_consolemain.c:75 #19 0x5419e89f in nsh_main /home/mi/gaofengzhi/code/dev1025/apps/system/nsh/nsh_main.c:74 #20 0x54067ee1 in nxtask_startup sched/task_startup.c:70 #21 0x53f366c6 in nxtask_start task/task_start.c:116 #22 0x5409e1a4 in pre_start sim/sim_initialstate.c:52 Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>

Summary: 1.Modified the i_crefs from int16_t to atomic_int 2.Modified the i_crefs add, delete, read, and initialize interfaces to atomic operations The purpose of this change is to avoid deadlock in cross-core scenarios, where A Core blocks B Core’s request for a write operation to A Core when A Core requests a read operation to B Core. Signed-off-by: chenrun1 <chenrun1@xiaomi.com>

current sizeof(struct sockaddr_in) is 66 arp/arp_table.c:241:28: runtime error: member access within misaligned address 0xe5f134e6 for type 'struct sockaddr_in', which requires 4 byte alignment 0xe5f134e6: note: pointer points here 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ^ #0 0x543287c1 in arp_get_arpreq arp/arp_table.c:241 apache#1 0x5432a11f in arp_snapshot arp/arp_table.c:574 apache#2 0x5435f0be in netlink_fill_arptable netlink/netlink_route.c:547 apache#3 0x5435ffca in netlink_get_neighbor netlink/netlink_route.c:715 apache#4 0x54360116 in netlink_get_neighborlist netlink/netlink_route.c:743 apache#5 0x54363b20 in netlink_route_sendto netlink/netlink_route.c:1382 apache#6 0x542ef1b1 in netlink_sendmsg netlink/netlink_sockif.c:625 apache#7 0x542be94d in psock_sendmsg socket/sendmsg.c:96 apache#8 0x542bc94b in psock_sendto socket/sendto.c:134 apache#9 0x542bcb28 in sendto socket/sendto.c:247 apache#10 0x542bc5ea in send socket/send.c:163 apache#11 0x542aa715 in netlib_get_arptable /home/mi/gaofengzhi/code/dev1025/apps/netutils/netlib/netlib_getarptab.c:152 apache#12 0x54279109 in cmd_arp /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_netcmds.c:1197 apache#13 0x54257faf in nsh_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_command.c:1263 apache#14 0x54231982 in nsh_execute /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:718 apache#15 0x5423da42 in nsh_parse_command /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2619 apache#16 0x5423e12a in nsh_parse /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_parse.c:2706 apache#17 0x5424088f in nsh_session /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_session.c:245 apache#18 0x5422efc9 in nsh_consolemain /home/mi/gaofengzhi/code/dev1025/apps/nshlib/nsh_consolemain.c:75 apache#19 0x5419e89f in nsh_main /home/mi/gaofengzhi/code/dev1025/apps/system/nsh/nsh_main.c:74 apache#20 0x54067ee1 in nxtask_startup sched/task_startup.c:70 apache#21 0x53f366c6 in nxtask_start task/task_start.c:116 apache#22 0x5409e1a4 in pre_start sim/sim_initialstate.c:52 Signed-off-by: zhanghongyu <zhanghongyu@xiaomi.com>

test code hello_main int main(int argc, FAR char *argv[]) { uint32_t *p = 0xdeedbeff; *p = 0xffffff; printf("%p\n %x\n", p, *p); return 0; } qemu mps3-an547 hello_main : Triggering an exception, and gdb backtrace is: before: (gdb) bt /#0 0x0001168a in systick_getstatus (lower_=0x100010c <g_systick_lower>, status=0x1000a30 <g_intstackalloc+1600>) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_systick.c:142 /#1 0x000122f4 in current_usec () at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:105 /#2 0x0001234c in udelay_accurate (microseconds=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:115 /apache#3 0x000124bc in up_udelay (microseconds=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:463 /apache#4 0x0001249e in up_mdelay (milliseconds=250) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:446 /apache#5 0x0000920c in reset_board () at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:830 /apache#6 0x0000937c in _assert (filename=0x393f8 "/arch/arm/src/armv8-m/arm_busfault.c", linenum=113, msg=0x393f0 "panic", regs=0x1008500) at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:940 /apache#7 0x00000e2c in arm_busfault (irq=3, context=0x1008500, arg=0x0 <up_ndelay>) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_busfault.c:113 /apache#8 0x000012d2 in arm_hardfault (irq=3, context=0x1008500, arg=0x0 <up_ndelay>) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_hardfault.c:142 /apache#9 0x00008b20 in irq_dispatch (irq=3, context=0x1008500) at /home/ajh/work/vela_system/nuttx/sched/irq/irq_dispatch.c:145 /apache#10 0x0000041a in arm_doirq (irq=3, regs=0x1008500) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_doirq.c:103 /apache#11 0x0000034e in exception_common () at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_exception.S:224 after: (gdb) bt /#0 systick_is_running () at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_systick.c:106 /#1 0x000125c0 in systick_getstatus (lower_=0x1000114 <g_systick_lower>, status=0x1007a20) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_systick.c:141 /#2 0x0001323c in current_usec () at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:105 /apache#3 0x00013294 in udelay_accurate (microseconds=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:115 /apache#4 0x00013404 in up_udelay (microseconds=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:463 /apache#5 0x000133e6 in up_mdelay (milliseconds=250) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:446 /apache#6 0x00008c5c in reset_board () at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:816 /apache#7 0x00008e88 in _assert (filename=0x39408 "/arch/arm/src/armv8-m/arm_busfault.c", linenum=113, msg=0x39400 "panic", regs=0x1007cf0) at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:915 /apache#8 0x00000ce4 in arm_busfault (irq=3, context=0x1007cf0, arg=0x0 <up_ndelay>) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_busfault.c:113 /apache#9 0x0000118a in arm_hardfault (irq=3, context=0x1007cf0, arg=0x0 <up_ndelay>) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_hardfault.c:142 /apache#10 0x000086cc in irq_dispatch (irq=3, context=0x1007cf0) at /home/ajh/work/vela_system/nuttx/sched/irq/irq_dispatch.c:145 /apache#11 0x0000041e in arm_doirq (irq=3, regs=0x1007cf0) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_doirq.c:99 /apache#12 0x00000360 in exception_common () at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_exception.S:230 /apache#13 0x00027a8c in hello_main (argc=1, argv=0x1006e20) at /home/ajh/work/vela_system/apps/examples/hello/hello_main.c:39 /apache#14 0x00014968 in nxtask_startup (entrypt=0x27a7d <hello_main>, argc=1, argv=0x1006e20) at /home/ajh/work/vela_system/nuttx/libs/libc/sched/task_startup.c:72 /apache#15 0x0000f450 in nxtask_start () at /home/ajh/work/vela_system/nuttx/sched/task/task_start.c:116 /apache#16 0x00000000 in ?? () (gdb) qemu armv7a nsh, hello_main: before: (gdb) bt /#0 udelay_coarse (microseconds=156000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:67 /#1 up_ndelay (nanoseconds=nanoseconds@entry=250000000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:431 /#2 0x0060c630 in up_udelay (microseconds=microseconds@entry=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:416 /apache#3 0x0060c644 in up_mdelay (milliseconds=milliseconds@entry=250) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:401 /apache#4 0x006056bc in reset_board () at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:816 /apache#5 _assert (filename=filename@entry=0x63047f "/arch/arm/src/armv7-a/arm_dataabort.c", linenum=linenum@entry=157, msg=msg@entry=0x62f56d "panic", regs=<optimized out>, regs@entry=0x4020af10) at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:915 /apache#6 0x0060bd74 in arm_dataabort (regs=0x4020af10, dfar=<optimized out>, dfsr=<optimized out>) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv7-a/arm_dataabort.c:157 /apache#7 0x0060bc04 in arm_vectordata () at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv7-a/arm_vectors.S:438 Backtrace stopped: previous frame identical to this frame (corrupt stack?) (gdb) after: (gdb) bt /#0 udelay_coarse (microseconds=192000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:67 /#1 up_ndelay (nanoseconds=nanoseconds@entry=250000000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:431 /#2 0x0060c650 in up_udelay (microseconds=microseconds@entry=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:416 /apache#3 0x0060c664 in up_mdelay (milliseconds=milliseconds@entry=250) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:401 /apache#4 0x006056bc in reset_board () at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:816 /apache#5 _assert (filename=filename@entry=0x63047f "/arch/arm/src/armv7-a/arm_dataabort.c", linenum=linenum@entry=157, msg=msg@entry=0x62f56d "panic", regs=<optimized out>, regs@entry=0x4020af10) at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:915 /apache#6 0x0060bd94 in arm_dataabort (regs=0x4020af10, dfar=<optimized out>, dfsr=<optimized out>) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv7-a/arm_dataabort.c:157 /apache#7 0x0060bc08 in arm_vectordata () at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv7-a/arm_vectors.S:453 /apache#8 0x00620cd4 in hello_main (argc=4999, argv=0x0) at /home/ajh/work/vela_system/apps/examples/hello/hello_main.c:41 /apache#9 0x0060d320 in nxtask_startup (entrypt=0x620cc4 <hello_main>, argc=1, argv=0x4020a088) at /home/ajh/work/vela_system/nuttx/libs/libc/sched/task_startup.c:72 /apache#10 0x00609b50 in nxtask_start () at /home/ajh/work/vela_system/nuttx/sched/task/task_start.c:116 /apache#11 0x00000000 in ?? () qemu risc-v nsh before: (gdb) bt /#0 udelay_coarse (microseconds=228000, microseconds@entry=891896832) at timers/arch_alarm.c:67 /#1 up_ndelay (nanoseconds=nanoseconds@entry=250000000) at timers/arch_alarm.c:431 /#2 0x8000397e in up_udelay (microseconds=microseconds@entry=250000) at timers/arch_alarm.c:416 /apache#3 0x80003988 in up_mdelay (milliseconds=milliseconds@entry=250) at timers/arch_alarm.c:401 /apache#4 0x80011f1c in reset_board () at misc/assert.c:813 /apache#5 0x80011f7a in _assert (filename=filename@entry=0x0, linenum=linenum@entry=0, msg=msg@entry=0x8002114c "panic", regs=<optimized out>, regs@entry=0x80030704) at misc/assert.c:915 /apache#6 0x80006ad6 in riscv_exception (mcause=<optimized out>, regs=0x80030704, args=<optimized out>) at common/riscv_exception.c:129 /apache#7 0x80000d9e in riscv_doirq (irq=7, regs=<optimized out>) at common/riscv_doirq.c:99 /apache#8 0x80000164 in exception_common () at common/riscv_exception_common.S:210 Backtrace stopped: frame did not save the PC (gdb) after (gdb) bt /#0 0x80003922 in udelay_coarse (microseconds=90000, microseconds@entry=891896832) at timers/arch_alarm.c:67 /#1 up_ndelay (nanoseconds=nanoseconds@entry=250000000) at timers/arch_alarm.c:431 /#2 0x8000397e in up_udelay (microseconds=microseconds@entry=250000) at timers/arch_alarm.c:416 /apache#3 0x80003988 in up_mdelay (milliseconds=milliseconds@entry=250) at timers/arch_alarm.c:401 /apache#4 0x80011f2a in reset_board () at misc/assert.c:816 /apache#5 0x80011f7a in _assert (filename=filename@entry=0x0, linenum=linenum@entry=0, msg=msg@entry=0x8002114c "panic", regs=<optimized out>, regs@entry=0x80030704) at misc/assert.c:915 /apache#6 0x80006ad6 in riscv_exception (mcause=<optimized out>, regs=0x80030704, args=<optimized out>) at common/riscv_exception.c:129 /apache#7 0x80000d9e in riscv_doirq (irq=7, regs=<optimized out>) at common/riscv_doirq.c:99 /apache#8 0x80000166 in exception_common () at common/riscv_exception_common.S:215 /apache#9 0x8001792a in hello_main (argc=<optimized out>, argv=<optimized out>) at hello_main.c:41 /apache#10 0x80004b52 in nxtask_startup (entrypt=0x80030704, argc=1, argv=0x800300e8) at sched/task_startup.c:72 /apache#11 0x80001e72 in nxtask_start () at task/task_start.c:116 /apache#12 0x00000000 in ?? () Backtrace stopped: frame did not save the PC (gdb) Signed-off-by: anjiahao <anjiahao@xiaomi.com>

test code hello_main int main(int argc, FAR char *argv[]) { uint32_t *p = 0xdeedbeff; *p = 0xffffff; printf("%p\n %x\n", p, *p); return 0; } qemu mps3-an547 hello_main : Triggering an exception, and gdb backtrace is: before: (gdb) bt /#0 0x0001168a in systick_getstatus (lower_=0x100010c <g_systick_lower>, status=0x1000a30 <g_intstackalloc+1600>) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_systick.c:142 /#1 0x000122f4 in current_usec () at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:105 /#2 0x0001234c in udelay_accurate (microseconds=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:115 /#3 0x000124bc in up_udelay (microseconds=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:463 /#4 0x0001249e in up_mdelay (milliseconds=250) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:446 /#5 0x0000920c in reset_board () at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:830 /#6 0x0000937c in _assert (filename=0x393f8 "/arch/arm/src/armv8-m/arm_busfault.c", linenum=113, msg=0x393f0 "panic", regs=0x1008500) at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:940 /#7 0x00000e2c in arm_busfault (irq=3, context=0x1008500, arg=0x0 <up_ndelay>) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_busfault.c:113 /#8 0x000012d2 in arm_hardfault (irq=3, context=0x1008500, arg=0x0 <up_ndelay>) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_hardfault.c:142 /#9 0x00008b20 in irq_dispatch (irq=3, context=0x1008500) at /home/ajh/work/vela_system/nuttx/sched/irq/irq_dispatch.c:145 /#10 0x0000041a in arm_doirq (irq=3, regs=0x1008500) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_doirq.c:103 /#11 0x0000034e in exception_common () at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_exception.S:224 after: (gdb) bt /#0 systick_is_running () at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_systick.c:106 /#1 0x000125c0 in systick_getstatus (lower_=0x1000114 <g_systick_lower>, status=0x1007a20) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_systick.c:141 /#2 0x0001323c in current_usec () at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:105 /#3 0x00013294 in udelay_accurate (microseconds=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:115 /#4 0x00013404 in up_udelay (microseconds=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:463 /#5 0x000133e6 in up_mdelay (milliseconds=250) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_timer.c:446 /#6 0x00008c5c in reset_board () at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:816 /#7 0x00008e88 in _assert (filename=0x39408 "/arch/arm/src/armv8-m/arm_busfault.c", linenum=113, msg=0x39400 "panic", regs=0x1007cf0) at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:915 /#8 0x00000ce4 in arm_busfault (irq=3, context=0x1007cf0, arg=0x0 <up_ndelay>) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_busfault.c:113 /#9 0x0000118a in arm_hardfault (irq=3, context=0x1007cf0, arg=0x0 <up_ndelay>) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_hardfault.c:142 /#10 0x000086cc in irq_dispatch (irq=3, context=0x1007cf0) at /home/ajh/work/vela_system/nuttx/sched/irq/irq_dispatch.c:145 /#11 0x0000041e in arm_doirq (irq=3, regs=0x1007cf0) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_doirq.c:99 /#12 0x00000360 in exception_common () at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv8-m/arm_exception.S:230 /#13 0x00027a8c in hello_main (argc=1, argv=0x1006e20) at /home/ajh/work/vela_system/apps/examples/hello/hello_main.c:39 /#14 0x00014968 in nxtask_startup (entrypt=0x27a7d <hello_main>, argc=1, argv=0x1006e20) at /home/ajh/work/vela_system/nuttx/libs/libc/sched/task_startup.c:72 /#15 0x0000f450 in nxtask_start () at /home/ajh/work/vela_system/nuttx/sched/task/task_start.c:116 /#16 0x00000000 in ?? () (gdb) qemu armv7a nsh, hello_main: before: (gdb) bt /#0 udelay_coarse (microseconds=156000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:67 /#1 up_ndelay (nanoseconds=nanoseconds@entry=250000000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:431 /#2 0x0060c630 in up_udelay (microseconds=microseconds@entry=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:416 /#3 0x0060c644 in up_mdelay (milliseconds=milliseconds@entry=250) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:401 /#4 0x006056bc in reset_board () at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:816 /#5 _assert (filename=filename@entry=0x63047f "/arch/arm/src/armv7-a/arm_dataabort.c", linenum=linenum@entry=157, msg=msg@entry=0x62f56d "panic", regs=<optimized out>, regs@entry=0x4020af10) at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:915 /#6 0x0060bd74 in arm_dataabort (regs=0x4020af10, dfar=<optimized out>, dfsr=<optimized out>) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv7-a/arm_dataabort.c:157 /#7 0x0060bc04 in arm_vectordata () at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv7-a/arm_vectors.S:438 Backtrace stopped: previous frame identical to this frame (corrupt stack?) (gdb) after: (gdb) bt /#0 udelay_coarse (microseconds=192000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:67 /#1 up_ndelay (nanoseconds=nanoseconds@entry=250000000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:431 /#2 0x0060c650 in up_udelay (microseconds=microseconds@entry=250000) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:416 /#3 0x0060c664 in up_mdelay (milliseconds=milliseconds@entry=250) at /home/ajh/work/vela_system/nuttx/drivers/timers/arch_alarm.c:401 /#4 0x006056bc in reset_board () at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:816 /#5 _assert (filename=filename@entry=0x63047f "/arch/arm/src/armv7-a/arm_dataabort.c", linenum=linenum@entry=157, msg=msg@entry=0x62f56d "panic", regs=<optimized out>, regs@entry=0x4020af10) at /home/ajh/work/vela_system/nuttx/sched/misc/assert.c:915 /#6 0x0060bd94 in arm_dataabort (regs=0x4020af10, dfar=<optimized out>, dfsr=<optimized out>) at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv7-a/arm_dataabort.c:157 /#7 0x0060bc08 in arm_vectordata () at /home/ajh/work/vela_system/nuttx/arch/arm/src/armv7-a/arm_vectors.S:453 /#8 0x00620cd4 in hello_main (argc=4999, argv=0x0) at /home/ajh/work/vela_system/apps/examples/hello/hello_main.c:41 /#9 0x0060d320 in nxtask_startup (entrypt=0x620cc4 <hello_main>, argc=1, argv=0x4020a088) at /home/ajh/work/vela_system/nuttx/libs/libc/sched/task_startup.c:72 /#10 0x00609b50 in nxtask_start () at /home/ajh/work/vela_system/nuttx/sched/task/task_start.c:116 /#11 0x00000000 in ?? () qemu risc-v nsh before: (gdb) bt /#0 udelay_coarse (microseconds=228000, microseconds@entry=891896832) at timers/arch_alarm.c:67 /#1 up_ndelay (nanoseconds=nanoseconds@entry=250000000) at timers/arch_alarm.c:431 /#2 0x8000397e in up_udelay (microseconds=microseconds@entry=250000) at timers/arch_alarm.c:416 /#3 0x80003988 in up_mdelay (milliseconds=milliseconds@entry=250) at timers/arch_alarm.c:401 /#4 0x80011f1c in reset_board () at misc/assert.c:813 /#5 0x80011f7a in _assert (filename=filename@entry=0x0, linenum=linenum@entry=0, msg=msg@entry=0x8002114c "panic", regs=<optimized out>, regs@entry=0x80030704) at misc/assert.c:915 /#6 0x80006ad6 in riscv_exception (mcause=<optimized out>, regs=0x80030704, args=<optimized out>) at common/riscv_exception.c:129 /#7 0x80000d9e in riscv_doirq (irq=7, regs=<optimized out>) at common/riscv_doirq.c:99 /#8 0x80000164 in exception_common () at common/riscv_exception_common.S:210 Backtrace stopped: frame did not save the PC (gdb) after (gdb) bt /#0 0x80003922 in udelay_coarse (microseconds=90000, microseconds@entry=891896832) at timers/arch_alarm.c:67 /#1 up_ndelay (nanoseconds=nanoseconds@entry=250000000) at timers/arch_alarm.c:431 /#2 0x8000397e in up_udelay (microseconds=microseconds@entry=250000) at timers/arch_alarm.c:416 /#3 0x80003988 in up_mdelay (milliseconds=milliseconds@entry=250) at timers/arch_alarm.c:401 /#4 0x80011f2a in reset_board () at misc/assert.c:816 /#5 0x80011f7a in _assert (filename=filename@entry=0x0, linenum=linenum@entry=0, msg=msg@entry=0x8002114c "panic", regs=<optimized out>, regs@entry=0x80030704) at misc/assert.c:915 /#6 0x80006ad6 in riscv_exception (mcause=<optimized out>, regs=0x80030704, args=<optimized out>) at common/riscv_exception.c:129 /#7 0x80000d9e in riscv_doirq (irq=7, regs=<optimized out>) at common/riscv_doirq.c:99 /#8 0x80000166 in exception_common () at common/riscv_exception_common.S:215 /#9 0x8001792a in hello_main (argc=<optimized out>, argv=<optimized out>) at hello_main.c:41 /#10 0x80004b52 in nxtask_startup (entrypt=0x80030704, argc=1, argv=0x800300e8) at sched/task_startup.c:72 /#11 0x80001e72 in nxtask_start () at task/task_start.c:116 /#12 0x00000000 in ?? () Backtrace stopped: frame did not save the PC (gdb) Signed-off-by: anjiahao <anjiahao@xiaomi.com>

When enable CONFIG_STACK_CANARIES, in general, the stack check in the __gcov_fork function is: " return fork(); 18: e59f3020 ldr r3, [pc, #32] @ 40 <__gcov_fork+0x40> 1c: e5932000 ldr r2, [r3] 20: e59d3004 ldr r3, [sp, #4] 24: e0332002 eors r2, r3, r2 28: e3a03000 mov r3, #0 2c: 1a000002 bne 3c <__gcov_fork+0x3c>" r3 is obtained by taking the value of sp offset. But after opening thumb, the second comparison value in "8c6: 4a06 ldr r2, [pc, #24] @ (8e0 <__gcov_fork+0x30>) 8c8: 6811 ldr r1, [r2, #0] 8ca: 687a ldr r2, [r7, #4] 8cc: 4051 eors r1, r2" is obtained through r7. Since r7 stores the stack address at this time, which stores the address of the parent process, the stack out of bounds will occur in the child process Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>

When enable CONFIG_STACK_CANARIES, in general, the stack check in the __gcov_fork function is: " return fork(); 18: e59f3020 ldr r3, [pc, apache#32] @ 40 <__gcov_fork+0x40> 1c: e5932000 ldr r2, [r3] 20: e59d3004 ldr r3, [sp, apache#4] 24: e0332002 eors r2, r3, r2 28: e3a03000 mov r3, #0 2c: 1a000002 bne 3c <__gcov_fork+0x3c>" r3 is obtained by taking the value of sp offset. But after opening thumb, the second comparison value in "8c6: 4a06 ldr r2, [pc, apache#24] @ (8e0 <__gcov_fork+0x30>) 8c8: 6811 ldr r1, [r2, #0] 8ca: 687a ldr r2, [r7, apache#4] 8cc: 4051 eors r1, r2" is obtained through r7. Since r7 stores the stack address at this time, which stores the address of the parent process, the stack out of bounds will occur in the child process Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>

When enable CONFIG_STACK_CANARIES, in general, the stack check in the __gcov_fork function is: " return fork(); 18: e59f3020 ldr r3, [pc, #32] @ 40 <__gcov_fork+0x40> 1c: e5932000 ldr r2, [r3] 20: e59d3004 ldr r3, [sp, #4] 24: e0332002 eors r2, r3, r2 28: e3a03000 mov r3, #0 2c: 1a000002 bne 3c <__gcov_fork+0x3c>" r3 is obtained by taking the value of sp offset. But after opening thumb, the second comparison value in "8c6: 4a06 ldr r2, [pc, #24] @ (8e0 <__gcov_fork+0x30>) 8c8: 6811 ldr r1, [r2, #0] 8ca: 687a ldr r2, [r7, #4] 8cc: 4051 eors r1, r2" is obtained through r7. Since r7 stores the stack address at this time, which stores the address of the parent process, the stack out of bounds will occur in the child process Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>

…d -march=armv8.1-m.main+mve.fp+fp.dp The above combination of compilation causes the compiler to crash: apache#1 0x0000000001fbe154 llvm::sys::CleanupOnSignal(unsigned long) (clang18/bin/clang-19+0x1fbe154) apache#2 0x0000000001f21203 llvm::CrashRecoveryContext::HandleExit(int) (clang18/bin/clang-19+0x1f21203) apache#3 0x0000000001fb7b7e llvm::sys::Process::Exit(int, bool) (clang18/bin/clang-19+0x1fb7b7e) apache#4 0x0000000000b25f0d (clang18/bin/clang-19+0xb25f0d) ................................................................................ ................................................................................ This problem occurs in clang18 and above, and there are compilation instructions that are incompatible with GCC. By following the recommended v8.1m corresponding fpu modification, no crash will occur ➜ NX git:(master) ✗ clang --target=arm-none-eabi -mfpu=help clang: note: available multilibs are: --target=aarch64-unknown-none-elf --target=aarch64-unknown-none-elf -fno-exceptions -fno-rtti --target=armv4t-unknown-none-eabi -mfpu=none --target=armv4t-unknown-none-eabi -mfpu=none -fno-exceptions -fno-rtti --target=armv5e-unknown-none-eabi -mfpu=none --target=armv5e-unknown-none-eabi -mfpu=none -fno-exceptions -fno-rtti --target=thumbv6m-unknown-none-eabi -mfpu=none --target=thumbv6m-unknown-none-eabi -mfpu=none -fno-exceptions -fno-rtti --target=armv7-unknown-none-eabi -mfpu=none --target=armv7-unknown-none-eabi -mfpu=none -fno-exceptions -fno-rtti --target=armv7-unknown-none-eabihf -mfpu=vfpv3-d16 --target=armv7-unknown-none-eabihf -mfpu=vfpv3-d16 -fno-exceptions -fno-rtti --target=armv7-unknown-none-eabi -mfpu=vfpv3-d16 --target=armv7-unknown-none-eabi -mfpu=vfpv3-d16 -fno-exceptions -fno-rtti --target=armv7r-unknown-none-eabi -mfpu=none --target=armv7r-unknown-none-eabi -mfpu=none -fno-exceptions -fno-rtti --target=armv7r-unknown-none-eabihf -mfpu=vfpv3xd --target=armv7r-unknown-none-eabihf -mfpu=vfpv3xd -fno-exceptions -fno-rtti --target=armv7r-unknown-none-eabihf -mfpu=vfpv3-d16 --target=armv7r-unknown-none-eabihf -mfpu=vfpv3-d16 -fno-exceptions -fno-rtti --target=armv7r-unknown-none-eabi -mfpu=vfpv3-d16 --target=armv7r-unknown-none-eabi -mfpu=vfpv3-d16 -fno-exceptions -fno-rtti --target=thumbv7m-unknown-none-eabi -mfpu=fpv4-sp-d16 --target=thumbv7m-unknown-none-eabi -mfpu=fpv4-sp-d16 -fno-exceptions -fno-rtti --target=thumbv7m-unknown-none-eabihf -mfpu=fpv4-sp-d16 --target=thumbv7m-unknown-none-eabihf -mfpu=fpv4-sp-d16 -fno-exceptions -fno-rtti --target=thumbv7m-unknown-none-eabihf -mfpu=fpv5-d16 --target=thumbv7m-unknown-none-eabihf -mfpu=fpv5-d16 -fno-exceptions -fno-rtti --target=thumbv7m-unknown-none-eabi -mfpu=none --target=thumbv7m-unknown-none-eabi -mfpu=none -fno-exceptions -fno-rtti --target=thumbv8m.main-unknown-none-eabi -mfpu=none --target=thumbv8m.main-unknown-none-eabi -mfpu=none -fno-exceptions -fno-rtti --target=thumbv8m.main-unknown-none-eabihf -mfpu=fpv5-sp-d16 --target=thumbv8m.main-unknown-none-eabihf -mfpu=fpv5-sp-d16 -fno-exceptions -fno-rtti --target=thumbv8.1m.main-unknown-none-eabi -mfpu=none --target=thumbv8.1m.main-unknown-none-eabi -mfpu=none -fno-exceptions -fno-rtti --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+fp16 -mfpu=fp-armv8-fullfp16-sp-d16 --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+fp16 -mfpu=fp-armv8-fullfp16-sp-d16 -fno-exceptions -fno-rtti --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+fp16 -mfpu=fp-armv8-fullfp16-d16 --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+fp16 -mfpu=fp-armv8-fullfp16-d16 -fno-exceptions -fno-rtti --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+mve -mfpu=none --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+mve -mfpu=none -fno-exceptions -fno-rtti Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>

…d -march=armv8.1-m.main+mve.fp+fp.dp The above combination of compilation causes the compiler to crash: apache#1 0x0000000001fbe154 llvm::sys::CleanupOnSignal(unsigned long) (clang18/bin/clang-19+0x1fbe154) apache#2 0x0000000001f21203 llvm::CrashRecoveryContext::HandleExit(int) (clang18/bin/clang-19+0x1f21203) apache#3 0x0000000001fb7b7e llvm::sys::Process::Exit(int, bool) (clang18/bin/clang-19+0x1fb7b7e) apache#4 0x0000000000b25f0d (clang18/bin/clang-19+0xb25f0d) ................................................................................ ................................................................................ This problem occurs in clang18 and above, and there are compilation instructions that are incompatible with GCC. By following the recommended v8.1m corresponding fpu modification, no crash will occur ➜ NX git:(master) ✗ clang --target=arm-none-eabi -mfpu=help clang: note: available multilibs are: --target=thumbv8m.main-unknown-none-eabi -mfpu=none --target=thumbv8m.main-unknown-none-eabi -mfpu=none -fno-exceptions -fno-rtti --target=thumbv8m.main-unknown-none-eabihf -mfpu=fpv5-sp-d16 --target=thumbv8m.main-unknown-none-eabihf -mfpu=fpv5-sp-d16 -fno-exceptions -fno-rtti --target=thumbv8.1m.main-unknown-none-eabi -mfpu=none --target=thumbv8.1m.main-unknown-none-eabi -mfpu=none -fno-exceptions -fno-rtti --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+fp16 -mfpu=fp-armv8-fullfp16-sp-d16 --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+fp16 -mfpu=fp-armv8-fullfp16-sp-d16 -fno-exceptions -fno-rtti --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+fp16 -mfpu=fp-armv8-fullfp16-d16 --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+fp16 -mfpu=fp-armv8-fullfp16-d16 -fno-exceptions -fno-rtti --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+mve -mfpu=none --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+mve -mfpu=none -fno-exceptions -fno-rtti Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>

…d -march=armv8.1-m.main+mve.fp+fp.dp The above combination of compilation causes the compiler to crash: #1 0x0000000001fbe154 llvm::sys::CleanupOnSignal(unsigned long) (clang18/bin/clang-19+0x1fbe154) #2 0x0000000001f21203 llvm::CrashRecoveryContext::HandleExit(int) (clang18/bin/clang-19+0x1f21203) #3 0x0000000001fb7b7e llvm::sys::Process::Exit(int, bool) (clang18/bin/clang-19+0x1fb7b7e) #4 0x0000000000b25f0d (clang18/bin/clang-19+0xb25f0d) ................................................................................ ................................................................................ This problem occurs in clang18 and above, and there are compilation instructions that are incompatible with GCC. By following the recommended v8.1m corresponding fpu modification, no crash will occur ➜ NX git:(master) ✗ clang --target=arm-none-eabi -mfpu=help clang: note: available multilibs are: --target=thumbv8m.main-unknown-none-eabi -mfpu=none --target=thumbv8m.main-unknown-none-eabi -mfpu=none -fno-exceptions -fno-rtti --target=thumbv8m.main-unknown-none-eabihf -mfpu=fpv5-sp-d16 --target=thumbv8m.main-unknown-none-eabihf -mfpu=fpv5-sp-d16 -fno-exceptions -fno-rtti --target=thumbv8.1m.main-unknown-none-eabi -mfpu=none --target=thumbv8.1m.main-unknown-none-eabi -mfpu=none -fno-exceptions -fno-rtti --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+fp16 -mfpu=fp-armv8-fullfp16-sp-d16 --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+fp16 -mfpu=fp-armv8-fullfp16-sp-d16 -fno-exceptions -fno-rtti --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+fp16 -mfpu=fp-armv8-fullfp16-d16 --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+fp16 -mfpu=fp-armv8-fullfp16-d16 -fno-exceptions -fno-rtti --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+mve -mfpu=none --target=thumbv8.1m.main-unknown-none-eabihf -march=thumbv8.1m.main+mve -mfpu=none -fno-exceptions -fno-rtti Signed-off-by: wangmingrong1 <wangmingrong1@xiaomi.com>

How to setup coredump ? 1. Build config coredump: $ ./tools/configure.sh ./boards/arm/imx6/sabre-6quad/configs/coredump $ make 2. Run qemu and get the coredump snapshot: $ qemu-system-arm -semihosting -M sabrelite -m 1024 -smp 4 -nographic -kernel ./nuttx -s ABCDGHIJKNOPQ NuttShell (NSH) NuttX-10.4.0 nsh> coredump [CPU0] [ 6] Start coredump: [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A [CPU0] [ 6] 060C0000E85D831040030018200E400300072003403C601F06100000F8518310400340574003E0041F00142003025683106003A000E0081F005A201B4003A000 [CPU0] [ 6] E0071F03987F831040030060200E4003E0041F209003288A8310400300B820104003E0041F061C0000D09283104003609C2003C01F00202006007C2003000320 [CPU0] [ 6] 0308435055302049444C45200BE02700E0333BE01B0040A70094200340CFE0576BE0070040730006200340000424A782101420030474A482102020074137400B [CPU0] [ 6] 0030200B4027422309F51880108E8A80107F0161AA600040BFE102670031E01FBF4053E00300E0233BE02B0040A7E10267E02C6B403BE05700436B019319A167 [CPU0] [ 6] 200F20005A560100A703FF010000200000202003007C20030003200308435055322049444C45200BE0170000022003E00300E0233BE02B0040A7009420030001 [CPU0] [ 6] 2003E02F6BE007B3E04C00025683102005E0080040BFE102670033E01FBF402FE00300E0233BE02B0040A7E10267E02C6BE007B3E04C00005AE1196706687077 [CPU0] [ 6] 6F726B00E01CBF00042003E00300A03BE0500040A7C167A06BE01CA7E00300E007B3E0170042FF05BC748310785C213B00005A560100F303FF0A000074A48210 [CPU0] [ 6] 38748310242007010100E00D0008987F8310998C8010A4200303FF000020201260004008007C200300032003076E73685F6D61696E200AE0180000052003E003 [CPU0] [ 6] 00E0233BE02B0040A70094200340DFE02F6BE007B3E0170000022003078480831088998310200A0200F08E2007200FC1674003400004CC8A8310042007006420 [CPU0] [ 6] 030028200BE1176707636F726564756D70200AE0180000062003E00300E0233BE02B0040A7C167E02F6BE007B3E017000BDC458310E0988310780A0000415B03 [CPU0] [ 6] 6C9A8310416B408B4133408F01788F217BA000405F00B0202F02EB21816003035F0000602012E0EB000100005A5601002103FF0E000000005E831000A27C3F00 [CPU0] [ 6] 005080200DE0FF00E0FF00E0FF00E0CA000100005A5601001203FF010000E0FF00E0FF00E0FF00E0DA000100005A5601005403FF01000020000838748310D037 [CPU0] [ 6] 8310DF200B0487328010C8200B400F400720120000400B00AB2017005F200B04432B80101520030002200B0101012004E00600028137806033E0FF00E0FF00E0 [CPU0] [ 6] FF00E083000100005A560100F203FF010000600007808310BC8F8310DF200A088732801084FFFFFFA0200F0006200F04848A83105F200704E92D8110F1200340 [CPU0] [ 6] 1303108C8310202200FF200A0900988E8310FD248010F7A01B061BD3801054AC826033C0004023403304CDD2801001200FE00300030FA2801020061200C15080 [CPU0] [ 6] 103081821089678010A18E8310B35CE0092B400F0333EC8010404F4003200EE0640040C34003407B0D08F781107F7B801071F28010A99480C340000291938060 [CPU0] [ 6] 2340AB4003400B05A1928010F883E005AF01F99080DF40174003009DA00F00642003400F0071A00F013F692063200B018D37E00163E0FF00E0FF00E02E000100 [CPU0] [ 6] 005A5601003A03FF010000600003589083102006E0080001F092801707636F726564756D70200A600003EFBEADDEE0FF03E0FF03E0FF03E01B032342E07A0001 [CPU0] [ 6] 00005A560101C003FF010000E095000BF08E83100927801054AC8210400B201201005F2003400BE00717E0CB0040DBE007E7E00FFF40170055200F0043201720 [CPU0] [ 6] 0A6023401F4017400006111D8010207183600F047D40831018200B4023E003470794818210D91A8010E0174701E43FE00173403306F49A8310DF4C8160170448 [CPU0] [ 6] 99831041201704CE1F841002200704CD3F81100C2007049D34811040201B200A05002EF781106C200B008D200B001D201F05893E81107978806F000A200300D8 [CPU0] [ 6] 204F01D57B800F00882027400300F1E0020F009F202B40434027C06B122F798010789B8310F803000008040000C89683600F04277A80108C200700BC2037202A [CPU0] [ 6] 01008F202B20060200D092200F000820082003006C20470730A7821000FCFFFF201160000533208110D0072008201F410340230020202301B12220BB200B2019 [CPU0] [ 6] 010006200301992420DF0323000001200B01001C805740034037400340420000208F60000504000534002040166000046BE88110F0213F200A000040AB00FF20 [CPU0] [ 6] 0000E120E7400B020B188160174000400F201A00FF402B048517811065200340FB201260B000FD203303F7528110408300A9A00700E84083E00200033F698010 [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 [CPU0] [ 6] Finish coredump (Compression Enabled). 3. Copy the hex body and save to file: $ cat elf.dump [CPU0] [ 6] 5A5601013D03FF077F454C4601010100C0000304002800C00D003420036000070400053400200008200A4000000420030034C024200001D8092004E00200601A ... [CPU0] [ 6] 401B018D37814720005A5601000800090100006000010000 4. Run tools/coredump.py to convert hex dump to elf coredump: $ ./tools/coredump.py elf.dump Chunk apache#1 is compressed, 317 bytes (original size: 1023 bytes) ... Chunk apache#10 is compressed, 8 bytes (original size: 9 bytes) $ ls elf.core elf.core 5. Pass core(elf.core) and bin elf(nuttx) to gdb: !!(Toolchain(arm-none-eabi-gdb) version must be newer than 11.3) !! $ arm-none-eabi-gdb -c elf.core nuttx GNU gdb (Arm GNU Toolchain 11.3.Rel1) 12.1.90.20220802-git ... Reading symbols from nuttx... [New process 6] [New process 1] [New process 2] [New process 3] [New process 4] [New process 5] [New process 6] Core was generated by `'. #0 0x10808a8e in up_idle () at chip/imx_idle.c:61 61 } [Current thread is 1 (process 6)] (gdb) (gdb) info thread Id Target Id Frame * 1 process 6 0x10808a8e in up_idle () at chip/imx_idle.c:61 2 process 1 0x10808a8e in up_idle () at chip/imx_idle.c:61 3 process 2 0x00000000 in ?? () 4 process 3 0x00000000 in ?? () 5 process 4 up_switch_context (tcb=0x1082a474 <g_idletcb>, rtcb=rtcb@entry=0x10837438) at common/arm_switchcontext.c:95 6 process 5 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 7 process 6 elf_emit_tcb_note (cinfo=0x10839a6c, tcb=0x10838ef0) at libelf/libelf_coredump.c:272 (gdb) thread 6 [Switching to thread 6 (process 5)] #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 95 arm_switchcontext(&rtcb->xcp.regs, tcb->xcp.regs); (gdb) bt #0 up_switch_context (tcb=0x10838ef0, rtcb=rtcb@entry=0x10838000) at common/arm_switchcontext.c:95 apache#1 0x10803286 in nxsem_wait (sem=0x10838fbc) at semaphore/sem_wait.c:176 apache#2 0x10812de8 in nxsched_waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:169 apache#3 0x10812df6 in waitpid (pid=pid@entry=6, stat_loc=stat_loc@entry=0x10838a84, options=options@entry=4) at sched/sched_waitpid.c:639 apache#4 0x1080d31a in nsh_builtin (vtbl=vtbl@entry=0x10838c10, cmd=0x10838e98 <error: Cannot access memory at address 0x10838e98>, argv=argv@entry=0x10838adc, redirfile=redirfile@entry=0x0, oflags=oflags@entry=0) at nsh_builtin.c:162 apache#5 0x1080a20e in nsh_execute (oflags=0, redirfile=0x0, argv=0x10838adc, argc=1, vtbl=0x10838c10) at nsh_parse.c:641 apache#6 nsh_parse_command (vtbl=vtbl@entry=0x10838c10, cmdline=<optimized out>) at nsh_parse.c:2742 apache#7 0x1080a510 in nsh_parse (vtbl=vtbl@entry=0x10838c10, cmdline=cmdline@entry=0x10838e98 <error: Cannot access memory at address 0x10838e98>) at nsh_parse.c:2826 apache#8 0x10809390 in nsh_session (pstate=0x10838c10, login=login@entry=1, argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_session.c:245 apache#9 0x108090f8 in nsh_consolemain (argc=argc@entry=1, argv=argv@entry=0x108383f8) at nsh_consolemain.c:71 apache#10 0x1080909c in nsh_main (argc=1, argv=0x108383f8) at nsh_main.c:74 apache#11 0x1080693e in nxtask_startup (entrypt=0x10809071 <nsh_main>, argc=1, argv=0x108383f8) at sched/task_startup.c:70 apache#12 0x1080378c in nxtask_start () at task/task_start.c:134 apache#13 0x00000000 in ?? () Backtrace stopped: previous frame identical to this frame (corrupt stack?) Signed-off-by: chao an <anchao@xiaomi.com>

(gdb) bt #0 memset () at machine/arm/armv7-a/gnu/arch_memset.S:45 #1 0x0407222e in memset (n=4, c=65, s=0x40269d94) at /home/mi/ssd/dev-system/nuttx/include/string.h:203 #2 test_memset () at hello_main.c:57 apache#3 hello_main (argc=<optimized out>, argv=<optimized out>) at hello_main.c:66 apache#4 0x0403f1de in nxtask_startup (entrypt=0x40721b1 <hello_main>, argc=1, argv=0x40269628) at sched/task_startup.c:72 apache#5 0x0400c66a in nxtask_start () at task/task_start.c:104 apache#6 0x00000000 in ?? () Signed-off-by: yangao1 <yangao1@xiaomi.com>

(gdb) bt #0 arch_strlen () at machine/arm64/gnu/arch_strlen.S:119 #1 0x000000004043a2c0 in strchr (s=s@entry=0x408e5e40 "HELLO WORLD", c=c@entry=87) at machine/arch_libc.c:252 #2 0x0000000040504c6c in strchr (c=87, s=0x408e5e40 "HELLO WORLD") at /home/mi/ssd/dev-system/nuttx/include/string.h:306 apache#3 test_strchr () at hello_main.c:79 apache#4 hello_main (argc=argc@entry=1, argv=argv@entry=0x40b5c090) at hello_main.c:132 apache#5 0x000000004043d958 in nxtask_startup (entrypt=0x40504ba0 <hello_main>, argc=argc@entry=1, argv=argv@entry=0x40b5c090) at sched/task_startup.c:72 apache#6 0x00000000403f1ab4 in nxtask_start () at task/task_start.c:104 apache#7 0x0000000000000000 in ?? () Signed-off-by: yangao1 <yangao1@xiaomi.com>

(gdb) bt #0 memset () at machine/arm/armv7-a/gnu/arch_memset.S:45 #1 0x0407222e in memset (n=4, c=65, s=0x40269d94) at /home/mi/ssd/dev-system/nuttx/include/string.h:203 #2 test_memset () at hello_main.c:57 apache#3 hello_main (argc=<optimized out>, argv=<optimized out>) at hello_main.c:66 apache#4 0x0403f1de in nxtask_startup (entrypt=0x40721b1 <hello_main>, argc=1, argv=0x40269628) at sched/task_startup.c:72 apache#5 0x0400c66a in nxtask_start () at task/task_start.c:104 apache#6 0x00000000 in ?? () Signed-off-by: yangao1 <yangao1@xiaomi.com>

(gdb) bt #0 arch_strlen () at machine/arm64/gnu/arch_strlen.S:119 #1 0x000000004043a2c0 in strchr (s=s@entry=0x408e5e40 "HELLO WORLD", c=c@entry=87) at machine/arch_libc.c:252 #2 0x0000000040504c6c in strchr (c=87, s=0x408e5e40 "HELLO WORLD") at /home/mi/ssd/dev-system/nuttx/include/string.h:306 apache#3 test_strchr () at hello_main.c:79 apache#4 hello_main (argc=argc@entry=1, argv=argv@entry=0x40b5c090) at hello_main.c:132 apache#5 0x000000004043d958 in nxtask_startup (entrypt=0x40504ba0 <hello_main>, argc=argc@entry=1, argv=argv@entry=0x40b5c090) at sched/task_startup.c:72 apache#6 0x00000000403f1ab4 in nxtask_start () at task/task_start.c:104 apache#7 0x0000000000000000 in ?? () Signed-off-by: yangao1 <yangao1@xiaomi.com>

(gdb) bt #0 memset () at machine/arm/armv7-a/gnu/arch_memset.S:45 #1 0x0407222e in memset (n=4, c=65, s=0x40269d94) at /home/mi/ssd/dev-system/nuttx/include/string.h:203 #2 test_memset () at hello_main.c:57 #3 hello_main (argc=<optimized out>, argv=<optimized out>) at hello_main.c:66 #4 0x0403f1de in nxtask_startup (entrypt=0x40721b1 <hello_main>, argc=1, argv=0x40269628) at sched/task_startup.c:72 #5 0x0400c66a in nxtask_start () at task/task_start.c:104 #6 0x00000000 in ?? () Signed-off-by: yangao1 <yangao1@xiaomi.com>

(gdb) bt #0 arch_strlen () at machine/arm64/gnu/arch_strlen.S:119 #1 0x000000004043a2c0 in strchr (s=s@entry=0x408e5e40 "HELLO WORLD", c=c@entry=87) at machine/arch_libc.c:252 #2 0x0000000040504c6c in strchr (c=87, s=0x408e5e40 "HELLO WORLD") at /home/mi/ssd/dev-system/nuttx/include/string.h:306 #3 test_strchr () at hello_main.c:79 #4 hello_main (argc=argc@entry=1, argv=argv@entry=0x40b5c090) at hello_main.c:132 #5 0x000000004043d958 in nxtask_startup (entrypt=0x40504ba0 <hello_main>, argc=argc@entry=1, argv=argv@entry=0x40b5c090) at sched/task_startup.c:72 #6 0x00000000403f1ab4 in nxtask_start () at task/task_start.c:104 #7 0x0000000000000000 in ?? () Signed-off-by: yangao1 <yangao1@xiaomi.com>

…ptimization When compiling with O2 optimization, the compiler optimizes the code in a way that causes irq variable to be corrupted. The getipsr() function reads IPSR into r0, but the subsequent inline assembly that sets FPSCR also uses r0 without declaring it as clobbered. This causes the compiler to reuse r0 for the immediate value (0x40000), overwriting the IRQ number read from IPSR. The issue manifests as: - getipsr() correctly reads IPSR (e.g., 0xf for IRQ 15) - Compiler optimizes and reuses r0 for ARM_FPSCR_LTPSIZE_NONE (0x40000) - irq variable gets the wrong value 0x40000 instead of actual IRQ number - This leads to assertion failures in irq_dispatch due to invalid IRQ Root cause analysis from disassembly: mrs r0, IPSR ; Read IPSR to r0 mov.w r0, #262144 ; Compiler overwrites r0 with 0x40000! vmsr fpscr, r0 ; Set FPSCR str r0, [sp, apache#4] ; Store corrupted 0x40000 as irq ... ldr r0, [sp, apache#4] ; Load corrupted value bl irq_dispatch ; Call with wrong IRQ number 0x40000 Fix by adding r0 to the clobber list in the inline assembly, which forces the compiler to save irq value before using r0 for FPSCR setup. This issue only occurs at O2 optimization level and affects ARMv8-M architecture with FPU enabled. Signed-off-by: xuxingliang <xuxingliang@xiaomi.com>

…ptimization When compiling with O2 optimization, the compiler optimizes the code in a way that causes irq variable to be corrupted. The getipsr() function reads IPSR into r0, but the subsequent inline assembly that sets FPSCR also uses r0 without declaring it as clobbered. This causes the compiler to reuse r0 for the immediate value (0x40000), overwriting the IRQ number read from IPSR. The issue manifests as: - getipsr() correctly reads IPSR (e.g., 0xf for IRQ 15) - Compiler optimizes and reuses r0 for ARM_FPSCR_LTPSIZE_NONE (0x40000) - irq variable gets the wrong value 0x40000 instead of actual IRQ number - This leads to assertion failures in irq_dispatch due to invalid IRQ Root cause analysis from disassembly: mrs r0, IPSR ; Read IPSR to r0 mov.w r0, #262144 ; Compiler overwrites r0 with 0x40000! vmsr fpscr, r0 ; Set FPSCR str r0, [sp, #4] ; Store corrupted 0x40000 as irq ... ldr r0, [sp, #4] ; Load corrupted value bl irq_dispatch ; Call with wrong IRQ number 0x40000 Fix by adding r0 to the clobber list in the inline assembly, which forces the compiler to save irq value before using r0 for FPSCR setup. This issue only occurs at O2 optimization level and affects ARMv8-M architecture with FPU enabled. Signed-off-by: xuxingliang <xuxingliang@xiaomi.com>

xiaoxiang781216 closed this Dec 24, 2019

xiaoxiang781216 deleted the fix_tcp_timer branch December 24, 2019 16:54

anchao mentioned this pull request Jun 15, 2020

arch/stackframe: fix heap buffer overflow #1234

Merged

xiaoxiang781216 mentioned this pull request Oct 22, 2020

Refactor arm interrupt stack related code #2061

Merged

sebastianene07 mentioned this pull request Oct 31, 2020

sim:nxwm Test failure #2093

Closed

GUIDINGLI mentioned this pull request Nov 4, 2020

arch/sim: add sim audio support #2124

Merged

anchao mentioned this pull request Nov 9, 2020

boards/sim: add atexit(2) into naming list #2259

Merged

anchao mentioned this pull request Dec 14, 2020

fs/unionfs: remove excessive protection to avoid deadlock #2532

Merged

Donny9 mentioned this pull request Jul 26, 2021

syslog: reslove crash because vmov.i32 instruction is not ready #4226

Merged

zhuyanlinzyl mentioned this pull request Nov 9, 2021

debug: add tools for task aware debug #4810

Merged

hujun260 mentioned this pull request Nov 1, 2024

remove up_cpu_pause up_cpu_resume up_cpu_paused up_cpu_pausereq #13863

Merged

lipengfei28 mentioned this pull request Nov 12, 2024

arch/arm64: bug fix,arm64_fatal_handler need regs parms #14730

Merged

blacksun-V mentioned this pull request Nov 20, 2024

[HELP] <title> arch/arm/src/armv6-m/arm_svcall.c There seems to be a problem #14862

Closed

1 task

jerpelea mentioned this pull request Dec 19, 2024

{bp-15258} gcc/gcov: fix problems with fork #15281

Merged

W-M-R mentioned this pull request Jul 11, 2025

toolchain/arm: Fix crash caused by clang compiling with -mfpu=fpv5-d16 and -march=armv8.1-m.main+mve.fp+fp.dp #16711

Merged

husong2 mentioned this pull request Nov 29, 2025

sched/group: move task group into task_tcb_s to improve performance #11832

Merged

guohao15 mentioned this pull request Dec 23, 2025

driver/note: make SIZEOF_NOTE_START return the right size #17557

Merged

XuNeo mentioned this pull request Dec 26, 2025

arch/armv8-m: Fix IRQ number corruption in exception_direct with O2 optimization #17684

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

devif_poll_tcp_timer shouldn't be skipped in the multiple card case #4

devif_poll_tcp_timer shouldn't be skipped in the multiple card case #4

Uh oh!

xiaoxiang781216 commented Dec 24, 2019

Uh oh!

patacongo commented Dec 24, 2019 •

edited

Loading

Uh oh!

patacongo commented Dec 24, 2019

Uh oh!

patacongo commented Dec 24, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

devif_poll_tcp_timer shouldn't be skipped in the multiple card case #4

devif_poll_tcp_timer shouldn't be skipped in the multiple card case #4

Uh oh!

Conversation

xiaoxiang781216 commented Dec 24, 2019

Uh oh!

patacongo commented Dec 24, 2019 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

patacongo commented Dec 24, 2019

Uh oh!

patacongo commented Dec 24, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

patacongo commented Dec 24, 2019 •

edited

Loading