Hi Dialog,
my device run away after booting for several minutes or hours. It happened not regularly. Exception location is in SDK internal code. The followings are 3 exceptions information captured by UART. SDK is 5.0.3. Could you help me?
Exception 1:
--- HF STATUS
r0 =0x00000080
r1 =0x0000000d
r2 =0x0000000d
r3 =0x00000002
r12=0x00000028
lr =0x200013cb
pc =0x0002401a
psr=0x21000000
map file has this:
lld_data_ind_handler 0x00023fef Thumb Code 0 rom_symdef.txt ABSOLUTE
llm_le_enc_cmp_evt_handler 0x000241cf Thumb Code 0 rom_symdef.txt ABSOLUTE
gapm_adv_sanity 0x200012d5 Thumb Code 170 gapm_util.obj(.text)
.text 0x20001384 Section 0 ke_task.obj(.text)
ke_task_schedule 0x20001385 Thumb Code 146 ke_task.obj(.text)
.text 0x2000143c Section 0 smpc.obj(.text)
.text 0x20001598 Section 0 smpc_task.obj(.text)
。text x200017ac节0 llc.obj(。text)
my_llc_le_con_update_cmd_handler 0x200017ad Thumb Code 30 llc.obj(.text)
Exception 2:
--- HF STATUS
r1 =0x0000000d
r2 =0x0000000d
r3 =0x00000002
r12=0x00000028
lr = 0x2000141b
pc = 0x0002401a
psr=0x21000000
map file has this:
lld_data_ind_handler 0x00023fef Thumb Code 0 rom_symdef.txt ABSOLUTE
llm_le_enc_cmp_evt_handler 0x000241cf Thumb Code 0 rom_symdef.txt ABSOLUTE
gapm_adv_sanity 0x20001325 Thumb Code 170 gapm_util.obj(.text)
.text 0x200013d4 Section 0 ke_task.obj(.text)
ke_task_schedule 0x200013d5 Thumb Code 146 ke_task.obj(.text)
.text 0x2000148c Section 0 smpc.obj(.text)
.text 0x200015e8 Section 0 smpc_task.obj(.text)
.text 0x200017fc Section 0 llc.obj(.text)
my_llc_le_con_update_cmd_handler 0x200017fd Thumb Code 30 llc.obj(.text)
Exception 3:
--- HF STATUS
r0 =0x240027fd
r1 =0x00000000
r2 =0x0000003f
r3 =0x00000050
r12=0x00080ec8
lr =0xfffffff9
pc =0x240027fc
psr=0x01000014
didn't found lr and pc address in map file.
Hi ericxiong,
Thats a tricky one, its a bit difficult to pin point the problem in something like that since the pc crashed in a ROM function. What i can suggest is to check the allocation of messages you send, perhaps somethings goes wrong, or check if there are any memcpy functions, perhaps there is a mistake with a wrong size etc that corrupts the data in the memory.
Thanks MT_dialog
Exception 1 and 2 seems identical. Exception 3 is hard to tell anything about.
In exception 1 and 2, it seems like the lld_data_ind_handler is handling a BLE event even though there is currently no connection established, therefore crashes with a null pointer exception.
我胡乱猜想连接流泪wn just before this happened.
How is your setup? Is your DA14580 a peripheral or central?
Do you have a permanent active connection to a peer or are you manually connecting/disconnecting when this happens?
Are you sending a lot of data over the BLE link or is it idling most of the time?
Are you sending connection parameter update requests or other kind of non-GATT requests?
How often does this happen?
Hi Joacimwe:
Do you mean lld_data_ind_handler is handling a BLE event which is an indication to central device?
I build a new app referring to prox_reporter peripheral sample code. My DA14580 is a peripheral with a 128-bit UUID service which has a 150 bytes size characteric and a 20 bytes size characteric and several 2 or 4 bytes size characterics.
Central device is iOS or Android. connection time is for several minutes and central device will disconnect manually.
After connected, central device will read( or write) about 50 bytes from( to) DA14580. It is idling most of the time.
I use SDK default connection parameters and not sure if iOS or Android will send connection parameter update requests.
This happens about 1 time per day if my test iOS app works which firstly do scanning, then connect to discovered DA14580 and read a few bytes and keep connection for 1 minute, then disconnect with DA14580 and keep idle for 1 minute, periodically. when testing, I sometimes will press key which will trigger a indication to notify central device.
Two new exceptions:
Exception 4:
--- NMI STATUS
r0 =0x00000000
r1 =0x00000000
r2 =0x000805e4
r3 =0x00000002
r12=0x00000028
lr =0x00026079
pc =0x00032102
psr=0x61000000
map file is:
lld_evt_schedule 0x00026041 Thumb Code 0 rom_symdef.txt ABSOLUTE
lld_evt_init_func 0x000260e9 Thumb Code 0 rom_symdef.txt ABSOLUTE
ke_event_clear 0x000320dd Thumb Code 0 rom_symdef.txt ABSOLUTE
ke_event_get 0x00032109 Thumb Code 0 rom_symdef.txt ABSOLUTE
Exception 5:
--- NMI STATUS
r0 =0x00080fa4
r1 =0x00008000
r2 =0xffffffff
r3 =0x00000025
r12=0x00000028
lr =0x00025d29
pc =0x0002572e
psr=0x01000000
map file:
lld_data_tx_flush 0x00025603 Thumb Code 0 rom_symdef.txt ABSOLUTE
lld_evt_int_extract 0x00025877 Thumb Code 0 rom_symdef.txt ABSOLUTE
lld_evt_init 0x00025f5f Thumb Code 0 rom_symdef.txt ABSOLUTE
These exceptions seem very strange... Are you sure you don't corrupt your stack or something?
Hi Joacimwe:
What kinds of thing will corrupt stack? when testing, my iOS app just read several bytes data from DA14580. Could you give some advise to avoid those situation? Thanks!
Hi,
In Exception 3, the address 0x240027fc the pc pointed to was invalid, which is in a reserved region.
If stack corruption is the primary suspect so far, one thing you could start with is to check if any illegal accesses to data array in your project.
Hi LT_Dialog:
My all data are stored in database, and operated via the pointer got by attmdb_att_get_value in profile and App layers. Does attmdb_att_get_value maybe return invalid pointer?
Hi Eric,
I mean if there's any illegal accesses in your local buffers, variables, pointers and etc
There's no illegal access in my program. Sometimes It seems a kind of Exceptions maybe happen when program access da14580 register. my device hardware is designed according to dialog reference design. here is an exception happened in GPIO_ConfigurePin which didn't be modified.
lr=0x200019cd
pc=0xfffffffe
map file:
GPIO_ConfigurePin 0x200019b3 Thumb Code 38 gpio.o(.text)
GPIO_GetPinStatus 0x200019d9 Thumb Code 26 gpio.o(.text)