Add extra exception tests for Cortex-R52

jonathanpallant · jonathanpallant · commit 16ac5160a2c0 · 2025-04-09T18:27:56.000+01:00
I had to move the DFSR read to after the alignment check was disabled, otherwise it double-faulted.

Also it turns out the versatileab tests were running with the Cortex-A linker script not the Cortex-R linker script, and the Cortex-R linker script had a bug in it that we previously missed (it wasn't calling the new exception handlers).
diff --git a/cortex-r-rt/link.x b/cortex-r-rt/link.x
@@ -92,11 +92,13 @@ ASSERT(_abt_stack_size % 8 == 0, "ERROR(cortex-r-rt): size of ABT stack is not 8
 ASSERT(_und_stack_size % 8 == 0, "ERROR(cortex-r-rt): size of UND stack is not 8-byte aligned");
 ASSERT(_svc_stack_size % 8 == 0, "ERROR(cortex-r-rt): size of SVC stack is not 8-byte aligned");
 
-PROVIDE(_asm_undefined_handler =_asm_default_handler);
-PROVIDE(_asm_prefetch_handler  =_asm_default_handler);
-PROVIDE(_asm_abort_handler     =_asm_default_handler);
+/* Weak aliases for ASM default handlers */
+PROVIDE(_asm_undefined_handler =_asm_default_undefined_handler);
+PROVIDE(_asm_prefetch_handler  =_asm_default_prefetch_handler);
+PROVIDE(_asm_abort_handler     =_asm_default_abort_handler);
 PROVIDE(_asm_fiq_handler       =_asm_default_fiq_handler);
 
+/* Weak aliases for C default handlers */
 PROVIDE(_undefined_handler     =_default_handler);
 PROVIDE(_abort_handler         =_default_handler);
 PROVIDE(_prefetch_handler      =_default_handler);
diff --git a/examples/mps3-an536/reference/abt-exception-armv8r-none-eabihf.out b/examples/mps3-an536/reference/abt-exception-armv8r-none-eabihf.out
@@ -0,0 +1,9 @@
+Hello, this is an data abort exception example
+data abort occurred
+DFSR (Fault Status Register): DFSR { ext=false wnr=false Domain=0b0010 Status=0b00001 }
+DFSR Status: Ok(AlignmentFault)
+DFAR (Faulting Address Register): Dfar(4097)
+data abort occurred
+DFSR (Fault Status Register): DFSR { ext=false wnr=false Domain=0b0010 Status=0b00001 }
+DFSR Status: Ok(AlignmentFault)
+DFAR (Faulting Address Register): Dfar(4097)
diff --git a/examples/mps3-an536/reference/prefetch-exception-a32-armv8r-none-eabihf.out b/examples/mps3-an536/reference/prefetch-exception-a32-armv8r-none-eabihf.out
@@ -0,0 +1,11 @@
+Hello, this is a prefetch exception example
+prefetch abort occurred
+IFSR (Fault Status Register): IFSR { ext=false Domain=0b0010 Status=0b00010 }
+IFSR Status: Ok(DebugEvent)
+IFAR (Faulting Address Register): Ifar(0)
+caught bkpt_from_a32
+prefetch abort occurred
+IFSR (Fault Status Register): IFSR { ext=false Domain=0b0010 Status=0b00010 }
+IFSR Status: Ok(DebugEvent)
+IFAR (Faulting Address Register): Ifar(0)
+caught bkpt_from_a32
diff --git a/examples/mps3-an536/reference/prefetch-exception-t32-armv8r-none-eabihf.out b/examples/mps3-an536/reference/prefetch-exception-t32-armv8r-none-eabihf.out
@@ -0,0 +1,11 @@
+Hello, this is a prefetch exception example
+prefetch abort occurred
+IFSR (Fault Status Register): IFSR { ext=false Domain=0b0010 Status=0b00010 }
+IFSR Status: Ok(DebugEvent)
+IFAR (Faulting Address Register): Ifar(0)
+caught bkpt_from_t32
+prefetch abort occurred
+IFSR (Fault Status Register): IFSR { ext=false Domain=0b0010 Status=0b00010 }
+IFSR Status: Ok(DebugEvent)
+IFAR (Faulting Address Register): Ifar(0)
+caught bkpt_from_t32
diff --git a/examples/mps3-an536/reference/undef-exception-a32-armv8r-none-eabihf.out b/examples/mps3-an536/reference/undef-exception-a32-armv8r-none-eabihf.out
@@ -0,0 +1,5 @@
+Hello, this is a undef exception example
+undefined abort occurred
+caught udf_from_a32
+undefined abort occurred
+caught udf_from_a32
diff --git a/examples/mps3-an536/reference/undef-exception-t32-armv8r-none-eabihf.out b/examples/mps3-an536/reference/undef-exception-t32-armv8r-none-eabihf.out
@@ -0,0 +1,5 @@
+Hello, this is a undef exception example
+undefined abort occurred
+caught udf_from_t32
+undefined abort occurred
+caught udf_from_t32
diff --git a/examples/mps3-an536/src/bin/abt-exception.rs b/examples/mps3-an536/src/bin/abt-exception.rs
@@ -0,0 +1,85 @@
+//! Example triggering an data abort exception.
+
+#![no_std]
+#![no_main]
+
+use core::sync::atomic::AtomicU32;
+
+use cortex_ar::register::{Dfar, Dfsr, Sctlr};
+// pull in our start-up code
+use mps3_an536 as _;
+
+use semihosting::println;
+
+static COUNTER: AtomicU32 = AtomicU32::new(0);
+
+/// The entry-point to the Rust application.
+///
+/// It is called by the start-up.
+#[no_mangle]
+pub extern "C" fn kmain() -> ! {
+    main();
+}
+
+/// The main function of our Rust application.
+#[export_name = "main"]
+#[allow(unreachable_code)]
+fn main() -> ! {
+    // Enable alignment check for Armv7-R. Was not required
+    // on Cortex-A for some reason, even though the bit was not set.
+    enable_alignment_check();
+
+    println!("Hello, this is an data abort exception example");
+    // Unaligned read
+    unsafe {
+        let addr: *const u32 = 0x1001 as *const u32; // Unaligned address (not 4-byte aligned)
+        core::arch::asm!(
+            "ldr r0, [{addr}]",  // Attempt unaligned load (should trigger Data Abort)
+            addr = in(reg) addr, // Pass unaligned pointer
+            options(nostack, preserves_flags) // No stack usage, preserves flags
+        );
+    }
+
+    unreachable!("should never be here!");
+}
+
+fn enable_alignment_check() {
+    let mut sctrl = Sctlr::read();
+    sctrl.set_a(true);
+    Sctlr::write(sctrl);
+}
+
+fn disable_alignment_check() {
+    let mut sctrl = Sctlr::read();
+    sctrl.set_a(false);
+    Sctlr::write(sctrl);
+}
+
+#[unsafe(no_mangle)]
+unsafe extern "C" fn _undefined_handler(_addr: u32) {
+    panic!("unexpected undefined exception");
+}
+
+#[unsafe(no_mangle)]
+unsafe extern "C" fn _prefetch_handler(_addr: u32) {
+    panic!("unexpected prefetch exception");
+}
+
+#[unsafe(no_mangle)]
+unsafe extern "C" fn _abort_handler(_addr: u32) {
+    println!("data abort occurred");
+    // If this is not disabled, reading DFAR will trigger an alignment fault on Armv8-R, leading
+    // to a loop.
+    disable_alignment_check();
+    let dfsr = Dfsr::read();
+    println!("DFSR (Fault Status Register): {:?}", dfsr);
+    println!("DFSR Status: {:?}", dfsr.status());
+    let dfar = Dfar::read();
+    println!("DFAR (Faulting Address Register): {:?}", dfar);
+    enable_alignment_check();
+    // For the first iteration, we do a regular exception return, which should
+    // trigger the exception again. The second time around we quit.
+    if COUNTER.fetch_add(1, core::sync::atomic::Ordering::Relaxed) == 1 {
+        semihosting::process::exit(0);
+    }
+}
diff --git a/examples/mps3-an536/src/bin/prefetch-exception-a32.rs b/examples/mps3-an536/src/bin/prefetch-exception-a32.rs
@@ -0,0 +1,85 @@
+//! Example triggering a prefetch exception.
+
+#![no_std]
+#![no_main]
+
+use core::sync::atomic::{AtomicU32, Ordering};
+use cortex_ar::register::{Ifar, Ifsr};
+use semihosting::println;
+
+// pull in our start-up code
+use mps3_an536 as _;
+
+static COUNTER: AtomicU32 = AtomicU32::new(0);
+
+/// The entry-point to the Rust application.
+///
+/// It is called by the start-up.
+#[no_mangle]
+pub extern "C" fn kmain() -> ! {
+    println!("Hello, this is a prefetch exception example");
+
+    // A BKPT instruction triggers a Prefetch Abort except when Halting debug-mode is enabled.
+    // See p. 2038 of ARMv7-M Architecture Reference Manual
+    unsafe {
+        // trigger an prefetch exception, from A32 (Arm) mode
+        bkpt_from_a32();
+    }
+
+    // this should be impossible because returning from the fault handler will
+    // immediately trigger the fault again.
+
+    unreachable!("should never be here!");
+}
+
+// These functions are written in assembly
+extern "C" {
+    fn bkpt_from_a32();
+}
+
+core::arch::global_asm!(
+    r#"
+    // fn bkpt_from_a32();
+    .arm
+    .global bkpt_from_a32
+    .type bkpt_from_a32, %function
+    bkpt_from_a32:
+        bkpt    #0
+        bx      lr
+    .size bkpt_from_a32, . - bkpt_from_a32
+"#
+);
+
+#[unsafe(no_mangle)]
+unsafe extern "C" fn _undefined_handler(_addr: usize) {
+    panic!("unexpected undefined exception");
+}
+
+#[unsafe(no_mangle)]
+unsafe extern "C" fn _prefetch_handler(addr: usize) {
+    println!("prefetch abort occurred");
+    let ifsr = Ifsr::read();
+    println!("IFSR (Fault Status Register): {:?}", ifsr);
+    println!("IFSR Status: {:?}", ifsr.status());
+    let ifar = Ifar::read();
+    println!("IFAR (Faulting Address Register): {:?}", ifar);
+
+    if addr == bkpt_from_a32 as usize {
+        println!("caught bkpt_from_a32");
+    } else {
+        println!(
+            "Bad fault address {:08x} is not {:08x}",
+            addr, bkpt_from_a32 as usize
+        );
+    }
+
+    if COUNTER.fetch_add(1, Ordering::Relaxed) == 1 {
+        // we've faulted twice - time to quit
+        semihosting::process::exit(0);
+    }
+}
+
+#[unsafe(no_mangle)]
+unsafe extern "C" fn _abort_handler(_addr: usize) {
+    panic!("unexpected abort exception");
+}
diff --git a/examples/mps3-an536/src/bin/prefetch-exception-t32.rs b/examples/mps3-an536/src/bin/prefetch-exception-t32.rs
@@ -0,0 +1,88 @@
+//! Example triggering a prefetch exception.
+
+#![no_std]
+#![no_main]
+
+use core::sync::atomic::{AtomicU32, Ordering};
+use cortex_ar::register::{Ifar, Ifsr};
+use semihosting::println;
+
+// pull in our start-up code
+use mps3_an536 as _;
+
+static COUNTER: AtomicU32 = AtomicU32::new(0);
+
+/// The entry-point to the Rust application.
+///
+/// It is called by the start-up.
+#[no_mangle]
+pub extern "C" fn kmain() -> ! {
+    println!("Hello, this is a prefetch exception example");
+
+    // A BKPT instruction triggers a Prefetch Abort except when Halting debug-mode is enabled.
+    // See p. 2038 of ARMv7-M Architecture Reference Manual
+    unsafe {
+        // trigger an prefetch exception, from T32 (Thumb) mode
+        bkpt_from_t32();
+    }
+
+    // this should be impossible because returning from the fault handler will
+    // immediately trigger the fault again.
+
+    unreachable!("should never be here!");
+}
+
+// These functions are written in assembly
+extern "C" {
+    fn bkpt_from_t32();
+}
+
+core::arch::global_asm!(
+    r#"
+    // fn bkpt_from_t32();
+    .thumb
+    .global bkpt_from_t32
+    .type bkpt_from_t32, %function
+    bkpt_from_t32:
+        bkpt    #0
+        bx      lr
+    .size bkpt_from_t32, . - bkpt_from_t32
+"#
+);
+
+#[unsafe(no_mangle)]
+unsafe extern "C" fn _undefined_handler(_addr: usize) {
+    panic!("unexpected undefined exception");
+}
+
+#[unsafe(no_mangle)]
+unsafe extern "C" fn _prefetch_handler(addr: usize) {
+    println!("prefetch abort occurred");
+    let ifsr = Ifsr::read();
+    println!("IFSR (Fault Status Register): {:?}", ifsr);
+    println!("IFSR Status: {:?}", ifsr.status());
+    let ifar = Ifar::read();
+    println!("IFAR (Faulting Address Register): {:?}", ifar);
+
+    if (addr + 1) == bkpt_from_t32 as usize {
+        // note that thumb functions have their LSB set, despite always being a
+        // multiple of two - that's how the CPU knows they are written in T32
+        // machine code.
+        println!("caught bkpt_from_t32");
+    } else {
+        println!(
+            "Bad fault address {:08x} is not {:08x}",
+            addr, bkpt_from_t32 as usize
+        );
+    }
+
+    if COUNTER.fetch_add(1, Ordering::Relaxed) == 1 {
+        // we've faulted twice - time to quit
+        semihosting::process::exit(0);
+    }
+}
+
+#[unsafe(no_mangle)]
+unsafe extern "C" fn _abort_handler(_addr: usize) {
+    panic!("unexpected abort exception");
+}
diff --git a/examples/mps3-an536/src/bin/undef-exception-a32.rs b/examples/mps3-an536/src/bin/undef-exception-a32.rs
diff --git a/examples/mps3-an536/src/bin/undef-exception-t32.rs b/examples/mps3-an536/src/bin/undef-exception-t32.rs
