embeddedgo
commented
4 years ago We setup MPU to make the first 16 words of memory inaccessible. It seems that this affects data access only. Instruction access is unaffected so the CPU can fetch exception vectors on instruction bus. This catches nil pointer dereferences both in privileged and unprivileged mode.
Current nil checking code bases on the fact that loading from or store to pageZero causes a segmentation fault. This usually doesn't work in case of embedded system.
Possible solutions for ARMv7-M:
Use MPU if available to make the beginning of memory unreadable. This doesn't change the current nil check implementation but the MPU is optional peripheral. I don't know how this solution interfere with exception vector fetch which is performed on instruction bus. In the last resort, we can accept that nil checks work only in unprivileged mode.
Use test and branch or conditional UNDEF. This requires couple of additional instructions and unset faultOnNilArg0 for all load instructions. In case of UNDEF we need to implement UsageFault handler to handle Undefined Instruction exception.
We alseo need to handle nil checking for stores. In most cases the beginning of memory is read-only but in case of STM32F7 and maybe other Cortex-M7 based MCUs the ITCM-RAM can be mapped at address 0.