40 lines
1.6 KiB
ReStructuredText
40 lines
1.6 KiB
ReStructuredText
.. _safety_stack_checking:
|
|
|
|
Safety Stack Checking
|
|
=====================
|
|
|
|
To ensure correct operation of the controller, the stack is continuously monitored. For this, the :ref:`firmware_safety` checks the stack in each run.
|
|
These checks include:
|
|
|
|
1. Checking of used stack space and limit to end of stack
|
|
2. Checking a protection area between heap and stack for memory corruption
|
|
|
|
Any detected error will set the :ref:`safety_flags_stack` error flag.
|
|
|
|
Stack Pointer Checking
|
|
----------------------
|
|
|
|
The stack pointer is checked using :c:func:`stack_check_get_free`. The returned value for the remaining stack space is checked against
|
|
|
|
.. doxygendefine:: SAFETY_MIN_STACK_FREE
|
|
|
|
.. doxygenfunction:: stack_check_get_free
|
|
|
|
|
|
Stack and Heap Corruption Checking
|
|
----------------------------------
|
|
|
|
A section of memory is located between the stack and the heap. It is defined inside the linker script. It's size is configured by the linker script parameter ``__stack_corruption_area_size``, which is set to ``128`` by default.
|
|
This section is filled at the initializazion of the safety controller by a call to
|
|
|
|
.. doxygenfunction:: stack_check_init_corruption_detect_area
|
|
|
|
On each run of the safety controller's handling function (:c:func:`safety_controller_handle`) the following function is called:
|
|
|
|
.. doxygenfunction:: stack_check_corruption_detect_area
|
|
|
|
|
|
This function checks the memory area for write modifications, and therefore detects, if the stack or heap have grown outside their boundaries. This canary approach does, however, not guarantee a full protection against heap or stack overflows.
|
|
|
|
|