CCS C Software and Maintenance Offers
FAQFAQ   FAQForum Help   FAQOfficial CCS Support   SearchSearch  RegisterRegister 

ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

CCS does not monitor this forum on a regular basis.

Please do not post bug reports on this forum. Send them to CCS Technical Support

using #FILL_ROM to add safety backup on PIC24

 
Post new topic   Reply to topic    CCS Forum Index -> General CCS C Discussion
View previous topic :: View next topic  
Author Message
Oli
Guest







using #FILL_ROM to add safety backup on PIC24
PostPosted: Wed May 26, 2010 3:50 am     Reply with quote

Hi All

I'm looking to fill all the unused space on the processor with an instruction that will 'recover' the program if it goes into the weeds. I guess I have 2 options

1/ use a reset instruction, which will reset the whole processor (I think this is the best option)

2/ use a GOTO instruction to point it to the beginning of the program.

Are there any best practices in doing this? Could somebody also point me in the direction of how to implement this i.e. calculating the hex values.

Many thanks
Jerson



Joined: 31 Jul 2009
Posts: 126
Location: Bombay, India

View user's profile Send private message Visit poster's website

PostPosted: Wed May 26, 2010 8:46 am     Reply with quote

Have you considered using the watch dog timer in your pic? It's meant for things like this.
_________________
Regards
Jerson Fernandes
bkamen



Joined: 07 Jan 2004
Posts: 1615
Location: Central Illinois, USA

View user's profile Send private message

PostPosted: Wed May 26, 2010 7:29 pm     Reply with quote

Watchdog is the way to go.

-Ben
_________________
Dazed and confused? I don't think so. Just "plain lost" will do. :D
Oli
Guest







PostPosted: Thu May 27, 2010 9:14 am     Reply with quote

I'm already using it, but I asked because this is actually specified in the PIC24F WDT timer reference

Quote:
Question 2: What are good techniques for using the WDT in my application?
Answer: There are many techniques for using the WDT to prevent applications from locking up
or running away. When they are carefully analyzed, most of them depend on three basic princi-
ples:
1. Use one, and only one, CLRWDT instruction in your application. Placing multiple
occurrences throughout the application makes it more difficult to troubleshoot time-out
issues.
2. Place the CLRWDT instruction inside the main body of the application and not inside a
subroutine or an Interrupt Service Routine (ISR). If the instruction is located inside a
frequently called routine, there is a good chance that the WDT will constantly be reset and
never time-out.
3. Once the application is compiled and sized, place unconditional branch instructions (such
as, “GOTO .”) throughout the unused area of program memory. If something should hap-
pen that makes the code “run away” by branching into unused code space, the GOTO
instructions can bring the microcontroller back to your code, where the WDT can help
bring the application back under control.


Perhaps filling it with NOOPS (0x00?) would be more suitable?
bkamen



Joined: 07 Jan 2004
Posts: 1615
Location: Central Illinois, USA

View user's profile Send private message

PostPosted: Thu May 27, 2010 9:17 am     Reply with quote

Ahhh..

Well, if you're going to fill ROM with a value, fill it with the opcode to jump/goto/branch to the reset location OR (maybe better) to a loop in memory that lacks the WDT reset. (I forget what it is.)

IIRC, when you erase the device, the default opcode is NOP. (I think)

-Ben
_________________
Dazed and confused? I don't think so. Just "plain lost" will do. :D
FvM



Joined: 27 Aug 2008
Posts: 2337
Location: Germany

View user's profile Send private message

PostPosted: Thu May 27, 2010 10:58 am     Reply with quote

I don't think, that it's necessary to fill the ROM under normal condition. I also don't like it, because it would increase the size of firmware image files. WDT operation should be sufficient in most cases. In addition, you can "guard" critical functions or code parts, e.g. the code triggering the watchdog or writing to flash/EEPROM by preceeding while (1); or reset_cpu(); calls.
bkamen



Joined: 07 Jan 2004
Posts: 1615
Location: Central Illinois, USA

View user's profile Send private message

PostPosted: Thu May 27, 2010 11:14 am     Reply with quote

I've never had to fill either.

I do find the recommendation he found interesting though.

-Ben
_________________
Dazed and confused? I don't think so. Just "plain lost" will do. :D
SET



Joined: 15 Nov 2005
Posts: 161
Location: Glasgow, UK

View user's profile Send private message Send e-mail Visit poster's website

PostPosted: Fri May 28, 2010 9:01 am     Reply with quote

I think the recommendation is for a scenario where 'out of control' code might actually execute the watchdog kick, and therefore will never recover. If 'Goto here' instructions were executed then it's guaranteed that the timer would expire and do a reset.
balmer



Joined: 31 May 2010
Posts: 6

View user's profile Send private message

PostPosted: Mon May 31, 2010 5:59 pm     Reply with quote

In the event that code runaway occurs, the MCU could continue accessing memory until it reaches
an illegal address where, finally, a system reset will occur.
In the meantime, many undesired events could happen as a result of the code running where it should not.
To protect from the potentially harmful effects of code runaway, it is generally good practice to fill unused memory
with known values such as software RESET op-codes, SWI, or NOPs.
Ttelmah



Joined: 11 Mar 2010
Posts: 19589

View user's profile Send private message

PostPosted: Tue Jun 01, 2010 2:03 am     Reply with quote

Key is that the manufacturers of the chip have taken care of this for you.

The important things for the 'fill' instruction are:
1) It must not reset the watchdog.
2) It must not affect any I/O.

Obvious candidate is 'NOP'.
Microchip, on all their chips have made the reset memory value '0xFF', a NOP.
This is deliberate, and avoids the need to write anything into erased memory.

Best Wishes
bkamen



Joined: 07 Jan 2004
Posts: 1615
Location: Central Illinois, USA

View user's profile Send private message

PostPosted: Tue Jun 01, 2010 6:49 am     Reply with quote

The problem with the NOP is that if it's encountered somewhere in between code, the cpu can slide into another section of code.

So the default NOP is not really an answer for the truly paranoid.

-Ben
_________________
Dazed and confused? I don't think so. Just "plain lost" will do. :D
Ttelmah



Joined: 11 Mar 2010
Posts: 19589

View user's profile Send private message

PostPosted: Tue Jun 01, 2010 8:02 am     Reply with quote

This then simply 'behoves you' to always put a dummy leader in front of such code sections. The only one that is likely, is a bootloader at the top of memory, and I do exactly this.
There was a 'rule' years agao, that any code containing a watchdog reset, or calling a watchdog reset, should have a single instruction in front of it, that either jumps back to address zero, or jumps round it, to prevent 'walkthrough'. This is still good advice.
Filling the ROM, though it sounds nice, increases programming time so much, on some chips, that it really has to be avoided.

Best Wishes
Oli
Guest







PostPosted: Wed Jun 02, 2010 4:51 am     Reply with quote

I think I will leave it as it is. Thanks for your replies and advice

Oli
Display posts from previous:   
Post new topic   Reply to topic    CCS Forum Index -> General CCS C Discussion All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group