A new test patch. Basic idea
1) create a task that fills 64 words of stack, (more than a full set of registers)
2) adjust SP so it's "free"
3) sit in a tight loop comparing the first past sp with the fill value.
4) if it ever becomes not equal, record the values and end.
For convenience, this is exposed as two lua functions
test_start creates the task if it isn't already running. Returns nil if already running
test_get_info returns
boolean: test is running or not
number: number of iterations
string: 256 byte binary values recorded in step 3 above
This triggers very fast, and I think conclusively shows our problem.
example run
=return test_start()
!status,run,count,buf=con:execwait('return test_get_info()') if status and not run then printf('%d\n%s',count,util.hexdump_words(buf)) else return status, run end
63381
0x00000000: 0xdeadbeef 0xdeadbeef 0xdeadbeef 0xdeadbeef
0x00000010: 0xdeadbeef 0xdeadbeef 0xdeadbeef 0xdeadbeef
0x00000020: 0xdeadbeef 0xdeadbeef 0xdeadbeef 0xdeadbeef
0x00000030: 0xdeadbeef 0xdeadbeef 0xdeadbeef 0xdeadbeef
0x00000040: 0xdeadbeef 0xdeadbeef 0xdeadbeef 0xdeadbeef
0x00000050: 0xdeadbeef 0xdeadbeef 0xdeadbeef 0xdeadbeef
0x00000060: 0xdeadbeef 0xdeadbeef 0xdeadbeef 0xdeadbeef
0x00000070: 0xdeadbeef 0xdeadbeef 0xdeadbeef 0xdeadbeef
0x00000080: 0xdeadbeef 0xdeadbeef 0xdeadbeef 0xdeadbeef
0x00000090: 0xdeadbeef 0xdeadbeef 0xdeadbeef 0xdeadbeef
0x000000a0: 0xdeadbeef 0xdeadbeef 0xdeadbeef 0xdeadbeef
0x000000b0: 0xdeadbeef 0xdeadbeef 0xdeadbeef 0xdeadbeef
0x000000c0: 0x00000033 0xdeadbeef 0xdeadbeef 0x00333524
0x000000d0: 0x0000f795 0x001694dc 0x19980218 0x19980218
0x000000e0: 0x19980218 0x19980218 0x19980218 0x19980218
0x000000f0: 0x19980218 0x00000000 0x00146aa9 0x00146a66
We see it happened after 63381 iterations this time.
Note the values are "backwards" since the stack grows down. The last value is the value closest to SP.
Looking up 0x00146a66 in main.bin.dump:
146a66: 6023 str r3, [r4, #0]
The address of the instruction that stores the counter. The next value is the LR value of the function.
Running a few more times on d10 gave trigger counts of 57888, 56407, 57380, 73440, 10889
Top values included 0x00146a60 (cmp r0, r1), 0x00146a5e (ldr r0, [r2, #0]), 0x00146a62 (bne.n 146a6a)
It hits fast enough to do in one command:
!status,run,count,buf=con:execwait('test_start(); sleep(10) ; return test_get_info()') if status and not run then printf('%d\n%s',count,util.hexdump_words(buf)) else return status, run end
on vxworks (a540) it hangs the camera, presumably because it doesn't want a task sitting in a tight loop like that.