HOW TO DEBUG A FAULT EXCEPTION ON ARM CORTEX-M MCU

Alvin Liu
2022-08-15

CONFIDENTIAL AND PROPRIETARY

Agenda
How To Debug A Fault Exception On ARM Cortex-M(V7M) MCU(S32K3X)
• Fault Exception Model Overview
• Registers Used To Control And Status Fault Exceptions
• Practice On Fault Exception Debugging
• Fault Exception Handling

1 CONFIDENTIAL AND PROPRIETARY

 FAULT EXCEPTION MODEL OVERVIEW

2 CONFIDENTIAL AND PROPRIETARY

Cortex-M Series Productions

3 CONFIDENTIAL AND PROPRIETARY

Exception Model

4 CONFIDENTIAL AND PROPRIETARY

Fault Exception Model

5 CONFIDENTIAL AND PROPRIETARY

Fault Exception Model
▪ HardFault: is the default exception and can be triggered because of an error during exception
processing, or because an exception cannot be managed by any other exception mechanism.
▪ MemManage Fault: detects memory access violations to regions that are defined in the Memory
Management Unit (MPU)
▪ BusFault: detects memory access errors on instruction fetch, data read/write, interrupt vector fetch,
and register stacking (save/restore) on interrupt (entry/exit).
▪ UsageFault: detects execution of undefined instructions, unaligned memory access for load/store
multiple. When enabled, divide-by-zero and other unaligned memory accesses are detected.

6 CONFIDENTIAL AND PROPRIETARY

Fault Escalation
Faults escalated to HardFault :
▪ A fault handler causes the same kind of fault as the one it is servicing. This escalation to HardFault
occurs because a handler cannot preempt itself (it must have the same priority as the current priority
level).
▪ A fault handler causes a fault with the same or lower priority as the fault it is servicing. This is
because the handler for the new fault cannot preempt the currently executing fault handler.
▪ An exception handler causes a fault for which the priority is the same as or lower than the currently
executing exception.
▪ A fault occurs and the handler for that fault is not enabled.
Only Reset and NMI can preempt the fixed priority HardFault. A HardFault can
preempt any exception.

7 CONFIDENTIAL AND PROPRIETARY

 REGISTERS USED TO CONTROL AND STATUS
FAULT EXCEPTIONS

8 CONFIDENTIAL AND PROPRIETARY

Fault Types

9 CONFIDENTIAL AND PROPRIETARY

Fault Exception Relevant Status Registers

10 CONFIDENTIAL AND PROPRIETARY

Fault Exception Relevant Status Registers - HFSR
• HardFault Status Register (HFSR) - 0xE000ED2C
This registers explains the reason a HardFault exception was triggered

DEBUGEVT - Indicates that a debug event occurred while the debug subsystem was not enabled

FORCED - This means a configurable fault was escalated to a HardFault, either because the configurable fault handler was not enabled or a fault occurred within the handler.

VECTTBL - Indicates a fault occurred because of an issue reading from an address in the vector table.
This is pretty a typical but could happen if there is a bad address in the vector table and an unexpected interrupt fires.

11 CONFIDENTIAL AND PROPRIETARY

 Fault Relevant Status Registers - MMFSR
• MemManage Status Register (MMFSR) - 0xE000ED28
The MemManage fault status register (MMFSR) indicates a memory access violation detected by the
Memory Protection Unit (MPU). Privileged access permitted only. Unprivileged accesses generate a
BusFault.

MMARVALID - Indicates that the MemManage Fault Address Register (MMFAR), a 32 bit register located at 0xE000ED34, holds the address which triggered the MemManage fault.

MLSPERR & MSTKERR - Indicates that a MemManage fault occurred during lazy state preservation or exception entry, respectively.

MUNSTKERR - Indicates that a fault occurred while returning from an exception

DACCVIOL - Indicates that a data access triggered the MemManage fault.

IACCVIOL - Indicates that an attempt to execute an instruction triggered an MPU or Execute Never (XN) fault .

12 CONFIDENTIAL AND PROPRIETARY

Fault Relevant Status Registers - MMFAR
• MemManage Fault Address Register (MMFAR)- 0xE000ED34
The BFAR address is associated with a precise data access BusFault. Privileged access permitted
only. Unprivileged accesses generate a BusFault.

Data address for a MemManage fault. This register is updated with the address of a location that produced a MemManage fault. The MMFSR shows the cause of the fault.
This field is valid only when MMFSR.MMARVALID is set. In implementations without unique BFAR and MMFAR registers, the value of this register is UNKNOWN if
BFSR.BFARVALID is set.

13 CONFIDENTIAL AND PROPRIETARY

 Fault Relevant Status Registers - BFSR
• BusFault Status Register (BFSR) - 0xE000ED29
The BusFault Status Register shows the status of bus errors resulting from instruction fetches and data
accesses and indicates memory access faults detected during a bus operation. Only privileged access is
permitted. Unprivileged access will generate a BusFault.

BFARVALID - Indicates that the Bus Fault Address Register (BFAR), a 32 bit register located at 0xE000ED38, holds the address which triggered the fault.

LSPERR & STKERR - Indicates that a fault occurred during lazy state preservation or during exception entry, respectively. Both are situations where the hardware is
automatically saving state on the stack. One way this error may occur is if the stack in use overflows off the valid RAM address range while trying to service an exception

UNSTKERR - Indicates that a fault occurred trying to return from an exception. This typically arises if the stack was corrupted while the exception was running
or the stack pointer was changed and its contents were not initialized correctly

IMPRECISERR - This flag is very important. It tells us whether or not the hardware was able to determine the exact location of the fault

PRECISERR - Indicates that the instruction which was executing prior to exception entry triggered the fault.

14 CONFIDENTIAL AND PROPRIETARY

Fault Relevant Status Registers - BFAR
• BusFault Address Register (BFAR) - 0xE000ED38
The BFAR address is associated with a precise data access BusFault. Privileged access permitted
only. Unprivileged accesses generate a BusFault.

Data address for a precise BusFault. This register is updated with the address of a location that produced a BusFault. The BFSR shows the reason for the fault. This field is
valid only when BFSR.BFARVALID is set. In implementations without unique BFAR and MMFAR registers, the value of this register is UNKNOWN if MMFSR.MMARVALID
is set.

15 CONFIDENTIAL AND PROPRIETARY

 Fault Relevant Status Registers - UFSR
• UsageFault Status Register (UFSR) - 0xE000ED2A
The UsageFault Status Register UFSR contains the status for some instruction execution faults, and for
data access. Privileged access permitted only. Unprivileged accesses generate a BusFault.

DIVBYZERO - Indicates a divide instruction was executed where the denominator was zero. This fault is configurable.

UNALIGNED - Indicates an unaligned access operation occurred. Unaligned multiple word accesses.

NOCP - Indicates that a Cortex-M coprocessor instruction was issued but the coprocessor was disabled or not present.

INVPC - Indicates an integrity check failure on EXC_RETURN.

INVSTATE - Indicates the processor has tried to execute an instruction with an invalid Execution Program Status Register (EPSR) value.

UNDEFINSTR - Indicates an undefined instruction was executed. This can happen on exception exit if the stack got corrupted.

16 CONFIDENTIAL AND PROPRIETARY

Fault Relevant Status Registers - ABFSR
• Auxiliary Bus Fault Status Register (ABFSR Cortex-M7 only) - 0xE000EFA8

When an IMPRECISE error occurs it will at least give us an indication of

what memory bus the fault occurred on

AXIMTYPE: Indicates the type of fault on the AXIM interface. The values are valid only when AXIM=1.
0b00 = OKAY
0b01 = EXOKAY
0b10 = SLVERR
0b11= DECERR
EPPB: Asynchronous fault on EPPB interface
AXIM: Asynchronous fault on AXIM interface
AHBP: Asynchronous fault on AHBP interface
DTCM: Asynchronous fault on DTCM interface
ITCM: Asynchronous fault on ITCM interface

17 CONFIDENTIAL AND PROPRIETARY

Fault Exception Relevant Control Registers

18 CONFIDENTIAL AND PROPRIETARY

Fault Relevant Control Registers - CCR
• Configuration and Control Register (CCR)- 0xE000ED14

DIV_0_TRP - Controls whether or not divide by zeros will trigger a fault.

UNALIGN_TRP - Controls whether or not unaligned accesses will always generate a fault .

19 CONFIDENTIAL AND PROPRIETARY

Fault Relevant Control Registers - SHCSR
• System Handler Control and State Register (SHCSR) - 0xE000ED24
This register lets you view the status of or enable various built in exception handlers:

MEMFAULTACT: Memory Management Fault exception active bit, reads as 1 if exception is active.
BUSFAULTACT: BusFault exception active bit, reads as 1 if exception is active.
USGFAULTACT: UsageFault exception active bit, reads as 1 if exception is active.
USGFAULTPENDED: UsageFault exception pending bit, reads as 1 if exception is pending.
MEMFAULTPENDED: Memory Management Fault exception pending bit, reads as 1 if exception is pending.
BUSFAULTPENDED: BusFault exception pending bit, reads as 1 if exception is pending.
MEMFAULTENA: Memory Management Fault exception enable bit, set to 1 to enable; set to 0 to disable.
BUSFAULTENA: BusFault exception enable bit, set to 1 to enable; set to 0 to disable.
20 CONFIDENTIAL AND PROPRIETARY
USGFAULTENA: UsageFault exception enable bit, set to 1 to enable; set to 0 to disable.
 PRACTICE ON FAULT EXCEPTION DEBUGGING

21 CONFIDENTIAL AND PROPRIETARY

Debug Fault Exception & Fault Type
• When a Fault Exception occurred, we need know which Fault Exception triggered and Fault Type
that leading the Fault Exception.
• To debug the Fault Exception and Fault Types, we can check relevant status registers as descripted
in previous slides.
• To debug the Fault on S32K3XX with S32DS V3.4, more efficient way is to use Exception Catching
Feature

22 CONFIDENTIAL AND PROPRIETARY

Debug Fault Exception & Fault Type – MemManage Fault

23 CONFIDENTIAL AND PROPRIETARY

Debug Fault Exception & Fault Type – MemManage Fault

24 CONFIDENTIAL AND PROPRIETARY

Debug Fault Exception & Fault Type – Usage Fault

25 CONFIDENTIAL AND PROPRIETARY

Debug Fault Exception & Fault Type – Bus Fault

26 CONFIDENTIAL AND PROPRIETARY

Debug Fault Exception & Fault Type – Bus Fault

27 CONFIDENTIAL AND PROPRIETARY

Debug Fault Address

28 CONFIDENTIAL AND PROPRIETARY

Debug Fault Address
• At exception entry, the processor saves R0-R3, R12, LR, PC and PSR on the stack, and LR is
updated with EXC_RETURN, Bit 2 of EXC_RETURN indicate the MSP or PSP used. If Bit 2 is 1,
PSP used, if Bit 2 is 0, MSP used.

• So, we can locate the Fault Address by stack Backtrace.

29 CONFIDENTIAL AND PROPRIETARY

Debug Fault Address – Stack Backtrace Manaully

30 CONFIDENTIAL AND PROPRIETARY

Debug Fault Address – Stack Backtrace Automation
• .gdbinit script
When GDB launching, it will look for the .gdbinit script, if found, GDB will conduct the CMD from list.
Stand CMD can be found from:
C:\NXP\S32DS.3.4\S32DS\tools\gdb-arm\arm32-eabi\arm-none-eabi\share\docs\pdf\GDB.pdf

31 CONFIDENTIAL AND PROPRIETARY

Debug Fault Address – Stack Backtrace Automation
• Define Stack Backstrace CMD in .gdbinit script
Apart from stand GDB CMD, we also can define ourself CMD in .gdbint, it can be recognized by GDB,
then later we can use this CMD just stand CMD anywhere.
Here we defined the CMD “armex” to do Stack Backtrace.

32 CONFIDENTIAL AND PROPRIETARY

Debug Fault Address – Stack Backtrace Automation
• Configure .gdbinit PATH in S32DS V3.4

33 CONFIDENTIAL AND PROPRIETARY

Debug Fault Address – Stack Backtrace Automation
• Run the Stack Backtrace CMD to locate the Fault Address

34 CONFIDENTIAL AND PROPRIETARY

 FAULT EXCEPTION HANDLING

35 CONFIDENTIAL AND PROPRIETARY

Fault Exception Handling - Common
• For a final application, a fault handler may be implemented that performs
System Reset: by setting bit 2 (SYSRESETREQ) in AIRCR (Application Interrupt and Reset Control Register). This will reset
most parts of the system apart from the debug logic. If you do not want to reset the whole system, just set the bit 0
(VECTRESET) in AIRCR which causes only a processor reset.
Recovery: in some cases, it might be possible to resolve the problem that caused the fault exception. For example, in case of a
coprocessor instruction, the handler may emulate the instruction in software.
Task termination: for systems running a real-time operating system (RTOS), the task that created the fault may be terminated
and restarted if needed.
• Suggest to enable MemFault, BusFault and UsageFault, to handle them separately

36 CONFIDENTIAL AND PROPRIETARY

Fault Exception Handling - Baremetal
• Handling for MemFault

37 CONFIDENTIAL AND PROPRIETARY

Fault Exception Handling - Baremetal
• Handling for MemFault

38 CONFIDENTIAL AND PROPRIETARY

Fault Exception Handling - Baremetal
• Handling for UsageFault

39 CONFIDENTIAL AND PROPRIETARY

Fault Exception Handling - FreeRTOS
• Do not implement Exception Handling in OS level, leave the handling to user. Just Example Code.

40 CONFIDENTIAL AND PROPRIETARY

Fault Exception Handling – AutoSAR OS

41 CONFIDENTIAL AND PROPRIETARY