Issue #20: Move stack checker to safety folder

doc/source/Doxyfile.in

@@ -2138,7 +2138,7 @@ ENABLE_PREPROCESSING   = YES
 # The default value is: NO.
 # This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
 
-MACRO_EXPANSION        = NO
+MACRO_EXPANSION        = YES
 
 # If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES then
 # the macro expansion is limited to the macros specified with the PREDEFINED and
@@ -2146,7 +2146,7 @@ MACRO_EXPANSION        = NO
 # The default value is: NO.
 # This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
 
-EXPAND_ONLY_PREDEF     = NO
+EXPAND_ONLY_PREDEF     = YES
 
 # If the SEARCH_INCLUDES tag is set to YES, the include files in the
 # INCLUDE_PATH will be searched if a #include is found.
@@ -2178,7 +2178,8 @@ INCLUDE_FILE_PATTERNS  =
 # recursively expanded use the := operator instead of the = operator.
 # This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
 
-PREDEFINED             =
+PREDEFINED             = __atribute(x)__= \
+			 IN_SECTION(x)=
 
 # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then this
 # tag can be used to specify a list of macro names that should be expanded. The

stm-firmware/Makefile

@@ -36,18 +36,18 @@ DEFINES += -DSHELLMATTA_HELP_ALIAS=\"?\"
 # RCC Manager
 CFILES += stm-periph/clock-enable-manager.c
 CFILES += stm-periph/uart.c stm-periph/dma-ring-buffer.c stm-periph/backup-ram.c
+CFILES += stm-periph/rng.c
 CFILES += digio.c
 CFILES += stm-periph/unique-id.c
 CFILES += calibration.c
 CFILES += temp-converter.c
 CFILES += rotary-encoder.c button.c
-CFILES += stack-check.c
 CFILES += ui/lcd.c ui/menu.c reflow-menu.c
 CFILES += fatfs/diskio.c fatfs/ff.c fatfs/ffsystem.c fatfs/ffunicode.c fatfs/shimatta_sdio_driver/shimatta_sdio.c
 CFILES += pid-controller.c oven-driver.c
 CFILES += settings/settings.c settings/settings-sd-card.c
 CFILES += stm-periph/crc-unit.c
-CFILES += safety/safety-adc.c safety/safety-controller.c safety/watchdog.c safety/fault.c safety/safety-memory.c
+CFILES += safety/safety-adc.c safety/safety-controller.c safety/watchdog.c safety/fault.c safety/safety-memory.c safety/stack-check.c
 
 DEBUG_DEFINES = -DDEBUGBUILD
 RELEASE_DEFINES =

stm-firmware/doxygen/Doxyconfig

@@ -1,4 +1,4 @@
-# Doxyfile 1.8.18
+# Doxyfile 1.8.20
 
 # This file describes the settings to be used by the documentation system
 # doxygen (www.doxygen.org) for a project.
@@ -227,6 +227,14 @@ QT_AUTOBRIEF           = NO
 
 MULTILINE_CPP_IS_BRIEF = NO
 
+# By default Python docstrings are displayed as preformatted text and doxygen's
+# special commands cannot be used. By setting PYTHON_DOCSTRING to NO the
+# doxygen's special commands can be used and the contents of the docstring
+# documentation blocks is shown as doxygen documentation.
+# The default value is: YES.
+
+PYTHON_DOCSTRING       = YES
+
 # If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the
 # documentation from any documented member that it re-implements.
 # The default value is: YES.
@@ -449,6 +457,19 @@ TYPEDEF_HIDES_STRUCT   = NO
 
 LOOKUP_CACHE_SIZE      = 0
 
+# The NUM_PROC_THREADS specifies the number threads doxygen is allowed to use
+# during processing. When set to 0 doxygen will based this on the number of
+# cores available in the system. You can set it explicitly to a value larger
+# than 0 to get more control over the balance between CPU load and processing
+# speed. At this moment only the input processing can be done using multiple
+# threads. Since this is still an experimental feature the default is set to 1,
+# which efficively disables parallel processing. Please report any issues you
+# encounter. Generating dot graphs in parallel is controlled by the
+# DOT_NUM_THREADS setting.
+# Minimum value: 0, maximum value: 32, default value: 1.
+
+NUM_PROC_THREADS       = 1
+
 #---------------------------------------------------------------------------
 # Build related configuration options
 #---------------------------------------------------------------------------
@@ -553,7 +574,7 @@ INTERNAL_DOCS          = NO
 # names in lower-case letters. If set to YES, upper-case letters are also
 # allowed. This is useful if you have classes or files whose names only differ
 # in case and if your file system supports case sensitive file names. Windows
-# (including Cygwin) ands Mac users are advised to set this option to NO.
+# (including Cygwin) and Mac users are advised to set this option to NO.
 # The default value is: system dependent.
 
 CASE_SENSE_NAMES       = NO
@@ -1375,7 +1396,7 @@ CHM_FILE               =
 HHC_LOCATION           =
 
 # The GENERATE_CHI flag controls if a separate .chi index file is generated
-# (YES) or that it should be included in the master .chm file (NO).
+# (YES) or that it should be included in the main .chm file (NO).
 # The default value is: NO.
 # This tag requires that the tag GENERATE_HTMLHELP is set to YES.
 
@@ -1541,8 +1562,8 @@ EXT_LINKS_IN_WINDOW    = NO
 # tool (see https://github.com/dawbarton/pdf2svg) or inkscape (see
 # https://inkscape.org) to generate formulas as SVG images instead of PNGs for
 # the HTML output. These images will generally look nicer at scaled resolutions.
-# Possible values are: png The default and svg Looks nicer but requires the
+# Possible values are: png (the default) and svg (looks nicer but requires the
-# pdf2svg tool.
+# pdf2svg or inkscape tool).
 # The default value is: png.
 # This tag requires that the tag GENERATE_HTML is set to YES.
 
@@ -1842,9 +1863,11 @@ LATEX_EXTRA_FILES      =
 
 PDF_HYPERLINKS         = YES
 
-# If the USE_PDFLATEX tag is set to YES, doxygen will use pdflatex to generate
+# If the USE_PDFLATEX tag is set to YES, doxygen will use the engine as
-# the PDF file directly from the LaTeX files. Set this option to YES, to get a
+# specified with LATEX_CMD_NAME to generate the PDF file directly from the LaTeX
-# higher quality PDF documentation.
+# files. Set this option to YES, to get a higher quality PDF documentation.
+#
+# See also section LATEX_CMD_NAME for selecting the engine.
 # The default value is: YES.
 # This tag requires that the tag GENERATE_LATEX is set to YES.
 
@@ -2083,6 +2106,10 @@ DOCBOOK_PROGRAMLISTING = NO
 
 GENERATE_AUTOGEN_DEF   = NO
 
+#---------------------------------------------------------------------------
+# Configuration options related to Sqlite3 output
+#---------------------------------------------------------------------------
+
 #---------------------------------------------------------------------------
 # Configuration options related to the Perl module output
 #---------------------------------------------------------------------------
@@ -2138,7 +2165,7 @@ ENABLE_PREPROCESSING   = YES
 # The default value is: NO.
 # This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
 
-MACRO_EXPANSION        = NO
+MACRO_EXPANSION        = YES
 
 # If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES then
 # the macro expansion is limited to the macros specified with the PREDEFINED and
@@ -2146,7 +2173,7 @@ MACRO_EXPANSION        = NO
 # The default value is: NO.
 # This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
 
-EXPAND_ONLY_PREDEF     = NO
+EXPAND_ONLY_PREDEF     = YES
 
 # If the SEARCH_INCLUDES tag is set to YES, the include files in the
 # INCLUDE_PATH will be searched if a #include is found.
@@ -2178,7 +2205,8 @@ INCLUDE_FILE_PATTERNS  =
 # recursively expanded use the := operator instead of the = operator.
 # This tag requires that the tag ENABLE_PREPROCESSING is set to YES.
 
-PREDEFINED             =
+PREDEFINED             = __attribute__(x)= \
+			 IN_SECTION(x)=
 
 # If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then this
 # tag can be used to specify a list of macro names that should be expanded. The

stm-firmware/include/reflow-controller/safety/stack-check.h

@@ -50,4 +50,8 @@ static inline uint32_t read_stack_pointer()
 	return stack_pointer;
 }
 
+int stack_check_init_corruption_detect_area(void);
+
+int stack_check_corruption_detect_area(void);
+
 #endif /* __STACK_CHECK_H__ */

stm-firmware/include/stm-periph/rng.h

@@ -0,0 +1,42 @@
+/* Reflow Oven Controller
+ *
+ * Copyright (C) 2020  Mario Hüttel <mario.huettel@gmx.net>
+ *
+ * This file is part of the Reflow Oven Controller Project.
+ *
+ * The reflow oven controller is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * GDSII-Converter is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with the reflow oven controller project.
+ * If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __STM_RNG_H__
+#define __STM_RNG_H__
+
+#include <stdint.h>
+#include <stdbool.h>
+
+enum random_number_error {
+	RNG_ERROR_OK = 0,
+	RNG_ERROR_INACT,
+	RNG_ERROR_INTERNAL_ERROR,
+	RNG_ERROR_NOT_READY
+};
+
+void random_number_gen_init(bool int_enable);
+
+void random_number_gen_deinit();
+
+void random_number_gen_reset(bool int_en);
+
+enum random_number_error random_number_gen_get_number(uint32_t *random_number, bool wait_for_valid_value);
+
+#endif /* __STM_RNG_H__ */

stm-firmware/safety/safety-controller.c

@@ -27,7 +27,7 @@
 #include <reflow-controller/safety/safety-config.h>
 #include <reflow-controller/safety/watchdog.h>
 #include <reflow-controller/safety/safety-adc.h>
-#include <reflow-controller/stack-check.h>
+#include <reflow-controller/safety/stack-check.h>
 #include <helper-macros/helper-macros.h>
 #include <stm-periph/crc-unit.h>
 #include <reflow-controller/systick.h>
@@ -347,6 +347,8 @@ void safety_controller_init()
 	/* This is usually done by the safety memory already. But, since this module also uses the CRC... */
 	crc_unit_init();
 
+	stack_check_init_corruption_detect_area();
+
 	init_safety_flag_weight_table_from_default();
 
 	if (found_memory_state == SAFETY_MEMORY_INIT_CORRUPTED)
@@ -374,6 +376,10 @@ static void safety_controller_check_stack()
 	free_stack = stack_check_get_free();
 	if (free_stack < SAFETY_MIN_STACK_FREE)
 		safety_controller_report_error(ERR_FLAG_STACK);
+
+	if (stack_check_corruption_detect_area()) {
+		safety_controller_report_error(ERR_FLAG_STACK);
+	}
 }
 
 static void safety_controller_handle_safety_adc()
@@ -430,7 +436,7 @@ static int safety_controller_handle_memory_checks(void)
 	enum safety_memory_state found_state;
 	int panic_request = 0;
 
-	if (systick_ticks_have_passed(ts, 1000)) {
+	if (systick_ticks_have_passed(ts, 250)) {
 		ts = systick_get_global_tick();
 
 		/* Check the safety memory */

stm-firmware/safety/stack-check.c

@@ -0,0 +1,110 @@
+/* Reflow Oven Controller
+*
+* Copyright (C) 2020  Mario Hüttel <mario.huettel@gmx.net>
+*
+* This file is part of the Reflow Oven Controller Project.
+*
+* The reflow oven controller is free software: you can redistribute it and/or modify
+* it under the terms of the GNU General Public License version 2 as
+* published by the Free Software Foundation.
+*
+* The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU General Public License for more details.
+*
+* You should have received a copy of the GNU General Public License
+* along with the reflow oven controller project.
+* If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <reflow-controller/safety/stack-check.h>
+#include <stdint.h>
+#include <stm-periph/rng.h>
+#include <stm-periph/crc-unit.h>
+
+extern char __ld_top_of_stack;
+extern char __ld_end_stack;
+
+int32_t stack_check_get_usage()
+{
+	uint32_t stack_top;
+	uint32_t stack_ptr;
+
+	stack_ptr = read_stack_pointer();
+	stack_top = (uint32_t)&__ld_top_of_stack;
+
+	return stack_top - stack_ptr;
+}
+
+int32_t stack_check_get_free()
+{
+	uint32_t upper_heap_boundary;
+	uint32_t stack_ptr;
+
+	stack_ptr = read_stack_pointer();
+	upper_heap_boundary = (uint32_t)&__ld_end_stack;
+
+	return stack_ptr - upper_heap_boundary;
+}
+
+
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Warray-bounds"
+
+extern uint32_t __ld_start_stack_corruption_detect_area;
+extern uint32_t __ld_end_stack_corruption_detect_area;
+
+int stack_check_init_corruption_detect_area(void)
+{
+	uint32_t *ptr = &__ld_start_stack_corruption_detect_area;
+	uint32_t *end_ptr = &__ld_end_stack_corruption_detect_area;
+	const uint32_t area_size_in_words = &__ld_end_stack_corruption_detect_area -
+						&__ld_start_stack_corruption_detect_area;
+	enum random_number_error rng_stat;
+	uint32_t rng_number;
+	uint32_t crc_val;
+	int ret = 0;
+
+	random_number_gen_init(false);
+
+	while (ptr < &end_ptr[-1]) {
+		rng_stat = random_number_gen_get_number(&rng_number, true);
+
+		if (rng_stat != RNG_ERROR_OK) {
+			ret = -1;
+			goto exit_deinit_rng;
+		}
+
+		*ptr = rng_number;
+		ptr++;
+	}
+
+	/* Init CRC unit and leave it on */
+	crc_unit_init();
+	crc_unit_reset();
+
+	crc_unit_input_array(&__ld_start_stack_corruption_detect_area, area_size_in_words - 1);
+	crc_val = crc_unit_get_crc();
+	end_ptr[-1] = crc_val;
+
+exit_deinit_rng:
+	random_number_gen_deinit();
+
+	return ret;
+}
+
+#pragma GCC diagnostic pop
+
+int stack_check_corruption_detect_area(void)
+{
+	const uint32_t area_size_in_words = &__ld_end_stack_corruption_detect_area -
+						&__ld_start_stack_corruption_detect_area;
+	crc_unit_reset();
+	crc_unit_input_array(&__ld_start_stack_corruption_detect_area, area_size_in_words);
+	if (crc_unit_get_crc() == 0UL) {
+		return 0;
+	} else {
+		return -1;
+	}
+}

stm-firmware/shell.c

@@ -33,7 +33,7 @@
 #include <reflow-controller/calibration.h>
 #include <reflow-controller/temp-converter.h>
 #include <fatfs/ff.h>
-#include <reflow-controller/stack-check.h>
+#include <reflow-controller/safety/stack-check.h>
 #include <reflow-controller/rotary-encoder.h>
 #include <reflow-controller/safety/safety-controller.h>
 #include <reflow-controller/settings/settings.h>

stm-firmware/stack-check.c

@@ -1,47 +0,0 @@
-/* Reflow Oven Controller
-*
-* Copyright (C) 2020  Mario Hüttel <mario.huettel@gmx.net>
-*
-* This file is part of the Reflow Oven Controller Project.
-*
-* The reflow oven controller is free software: you can redistribute it and/or modify
-* it under the terms of the GNU General Public License version 2 as
-* published by the Free Software Foundation.
-*
-* The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-* GNU General Public License for more details.
-*
-* You should have received a copy of the GNU General Public License
-* along with the reflow oven controller project.
-* If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include <reflow-controller/stack-check.h>
-#include <stdint.h>
-
-extern char __ld_top_of_stack;
-extern char __ld_eheap;
-
-int32_t stack_check_get_usage()
-{
-	uint32_t stack_top;
-	uint32_t stack_ptr;
-
-	stack_ptr = read_stack_pointer();
-	stack_top = (uint32_t)&__ld_top_of_stack;
-
-	return stack_top - stack_ptr;
-}
-
-int32_t stack_check_get_free()
-{
-	uint32_t upper_heap_boundary;
-	uint32_t stack_ptr;
-
-	stack_ptr = read_stack_pointer();
-	upper_heap_boundary = (uint32_t)&__ld_eheap;
-
-	return stack_ptr - upper_heap_boundary;
-}

stm-firmware/stm-periph/rng.c

@@ -0,0 +1,70 @@
+/* Reflow Oven Controller
+ *
+ * Copyright (C) 2020  Mario Hüttel <mario.huettel@gmx.net>
+ *
+ * This file is part of the Reflow Oven Controller Project.
+ *
+ * The reflow oven controller is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * The Reflow Oven Control Firmware is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with the reflow oven controller project.
+ * If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <stm-periph/rng.h>
+#include <stm-periph/clock-enable-manager.h>
+#include <stm32/stm32f4xx.h>
+
+void random_number_gen_init(bool int_enable)
+{
+	rcc_manager_enable_clock(&RCC->AHB2ENR, BITMASK_TO_BITNO(RCC_AHB2ENR_RNGEN));
+	__DSB();
+
+	random_number_gen_reset(int_enable);
+}
+
+void random_number_gen_deinit()
+{
+	RNG->CR = 0;
+	__DSB();
+	rcc_manager_disable_clock(&RCC->AHB2ENR, BITMASK_TO_BITNO(RCC_AHB2ENR_RNGEN));
+}
+
+void random_number_gen_reset(bool int_en)
+{
+	RNG->CR = 0;
+	__DSB();
+	RNG->CR = RNG_CR_RNGEN | (int_en ? RNG_CR_IE : 0U);
+}
+
+enum random_number_error random_number_gen_get_number(uint32_t *random_number, bool wait_for_valid_value)
+{
+	bool value_ready;
+
+	if (!(RNG->CR & RNG_CR_RNGEN))
+		return RNG_ERROR_INACT;
+
+	if (RNG->SR & RNG_SR_SEIS || RNG->SR & RNG_SR_CEIS) {
+		/* Error detected */
+		return RNG_ERROR_INTERNAL_ERROR;
+	}
+
+	/* Check if the value is ready. Wait if wait_for_valid_value is true */
+	do {
+		value_ready = !!(RNG->SR & RNG_SR_DRDY);
+	} while (!value_ready && wait_for_valid_value);
+
+	/* If the value is valid, return it */
+	if (value_ready && random_number)
+		*random_number = RNG->DR;
+
+	/* Return from function with proper status */
+	return (value_ready ? RNG_ERROR_OK : RNG_ERROR_NOT_READY);
+}

stm-firmware/stm32f407vet6_flash.ld

@@ -25,6 +25,7 @@
 /* USER PARAMETERS */
 __ld_stack_size = 0x3000;
 __ld_heap_size  = 0x2100;
+__stack_corruption_area_size = 128;
 
 /* END OF USER PARAMETERS */
 ENTRY(Reset_Handler)
@@ -150,6 +151,12 @@ SECTIONS
 		__ld_sheap = .;
 		. = . + __ld_heap_size;
 		__ld_eheap = .;
+		. = ALIGN(4);
+		__ld_start_stack_corruption_detect_area = .;
+		. = . + __stack_corruption_area_size;
+		. = ALIGN(4);
+		__ld_end_stack_corruption_detect_area = .;
+		__ld_end_stack = .;
 		. = . + __ld_stack_size;
 		. = ALIGN(4);
 	} >RAM