[harri]

hi,
Sorry for this basic question.

I find hard to understand why the Link Register can be corrupted in this below scenario:
1. IRQ interrupt occur.
2. IRQ ISR call a function foo(). (assume inside ISR, the IRQ interrupt is reenabled)
3. foo() is interrupted by another IRQ interrupt.

From what I understand:

*During (1):

STACK content:
some general purpose registers
LR_irq_1 (let call like that to indicate that the content is point to address of interrupted function by scenario-1)

LR_irq = address-1 (see LR_irq_1)

*During (2):

STACK content:
some general purpose registers
LR_irq_2
some general purpose registers
LR_irq_1

LR_irq = address-2 (address of a line within ISR)

*During (3):

STACK content:
some general purpose registers
LR_irq_3
some general purpose registers
LR_irq_2
some general purpose registers
LR_irq_1

LR_irq = address-3 (address of a line within foo() where second IRQ interrupt occur)


Assuming that we have enough IRQ stack size, then from above context, seem no reason for LR to be corrupted.

Any body could help me explain what causing LR to be corrupted?

Thanks!

This post has been edited by harri: 13 June 2012 - 10:51 AM

[harri]

OK, finally I found out what happen after view some dis-assembly of function calling.
The root cause to the possibility of corruption on LR register is because compiler optimization, i.e. compiler will only generate function prologue for saving registers to stack only on registers that *are used in caller* AND *used in callee*. So when function callee doesn't have any function call inside (will doesn't have BL -branch with update LR- instruction), the function prologue WILL NOT push the LR to the stack!
So now I understand why if another IRQ interrupt interrupting a function that is called by IRQ interrupt, it will destroy LR_irq of the function as it's not pushed to stack.
Example, if this foo() function is called by ISR:

void foo(void)
{
    bState = 0;
    MACRO_THING(bState);
    bState = bar(bState); // i call another function here
    bState++;
}
char bar(char state)
{
    state &= GLOBAL_SOMETHING;
    return (state >> 4);
}

Because foo() contain another function call, its prologue will save LR to stack. So when another IRQ interrupt interrupting foo(), no issue.
BUT, because bar() doesn't call any other function, the prologue will not save LR to stack; so bar() is vulnerable to another IRQ interrupt!



Clear crystal to me

Thanks.

This post has been edited by harri: 14 June 2012 - 05:58 AM

[scott]

Once IRQs have been reenabled in IRQ mode there is a possibility of LR corruption even if the callee saves/restores LR. Consider the case where the processor is executing 'BL bar2' when the IRQ is signalled. The current instruction (the BL) will be completed and will store the return address in LR and set the PC to bar2. But before the first instruction of bar2 can execute, the IRQ will be handled and overwrite/corrupt LR (game over).

Another corruption possibility is that in a function like your foo, once the initial value of LR has been stacked the compiler may use LR as a temporary register (with the understanding that BL will use/corrupt LR). If the compiler is using LR as a temporary when an IRQ is handled, similar problems will result.

[harri]

Ouch!, yes that could happen. Although the possibility is lower (only one place is vulnerable) than in "leaf function" (where any place is vulnerable). But if LR is used as temporary, then "game over" (borrow your term ).
Nice analysis, scott! Really improve my understanding.

So as suggested by many books/sources, we can rid off all that problems by switching to SYS mode before executing interrupt handler. (does it really rid off ALL the problems? any "hole"?)

This post has been edited by harri: 15 June 2012 - 02:35 AM

[scott]

Making sure that you only enable the IRQ interrupt when in a different mode than IRQ will definitely fix the "LR_irq might be corrupted at any time" problem. I won't promise it will fix ALL of your problems. In particular, I've never liked the idea of my interrupts sharing their stack with USR mode* (which is what happens if you simply switch to SYS mode before re-enabling IRQs). I'm sure there are ways of avoiding this problem but I haven't investigated it enough to give advice. Good luck.

[*] I think USR mode might do pretty much anything to SP_usr and IRQs still need to work.

  ...
  MOV r0, sp
  MOV sp, #-1
  ... ; IRQ happens here
  MOV sp, r0
  ...