SWRZ153 November   2023 CC1312PSIP

 

  1.   1
  2.   Abstract
  3. 1Advisories Matrix
  4. 2Nomenclature, Package Symbolization, and Revision Identification
    1. 2.1 Device and Development Support-Tool Nomenclature
    2. 2.2 Devices Supported
    3. 2.3 Package Symbolization and Revision Identification
  5. 3Advisories
    1.     Advisory Power_03
    2.     Advisory PKA_01
    3.     Advisory PKA_02
    4.     Advisory I2C_01
    5.     Advisory I2S_01
    6.     Advisory CPU_01
    7.     Advisory CPU_02
    8.     Advisory CPU_03
    9.     Advisory CPU_Sys_01
    10.     Advisory Sys_01
    11. 3.1 Sys_05
    12.     Advisory SYSCTRL_01
    13.     IOC_01
    14.     SRAM_01
    15.     GPTM_01
    16.     ADC_01
    17.     ADC_02
    18.     ADC_03
    19.     ADC_04
    20.     ADC_05
  6.   Trademarks
  7. 4Revision History

Advisory CPU_01

Arm® Errata #838869: Store Immediate Overlapping Exception Return Operation Might Vector to Incorrect Interrupt

Revisions Affected:

Revision F

Details:

Configurations Affected:

This erratum only affects systems where writeable memory locations can exhibit more than one wait state (system SRAM does not have wait states).

The Arm®Cortex®-M4F processor includes a write buffer that permits execution to continue while a store is waiting on the bus. Under specific timing conditions, during an exception return while this buffer is still in use by a store instruction, a late change in selection of the next interrupt to be taken might result in a mismatch between the interrupt acknowledged by the interrupt controller and the vector fetched by the processor.

Conditions:

  • The handler for interrupt A is being executed.
  • Interrupt B, of the same or lower priority than interrupt A, is pending.
  • A store with immediate offset instruction is executed to a bufferable location:


    STR/STRH/STRB <Rt>, [<Rn>,#imm]
    STR/STRH/STRB <Rt>, [<Rn>,#imm]!
    STR/STRH/STRB <Rt>, [<Rn>,#imm]

  • Any number of additional data-processing instructions can be executed.
  • A BX instruction is executed that causes an exception return.
  • The store data has wait states applied to it such that the data is accepted at least two cycles after the BX is executed.
    • Minimally this is two cycles if the store and the BX instruction have no additional instructions between them.
    • The number of wait states required to observe this erratum needs to be increased by the number of cycles between the store and the interrupt service routine exit instruction.
  • Before the bus accepts the buffered store data, another interrupt C is asserted which has the same or lower priority as A, but a greater priority than B.

Implications:

The processor should execute interrupt handler C, and on completion of handler C the processor should execute the handler for B. If the previously listed conditions are met, then this erratum results in the processor erroneously clearing the pending state of interrupt C, and then twice executing the handler for B. The first time the handler for B is executed it will be at the priority level for interrupt C. If interrupt C is pended by a level-based interrupt that is cleared by C's handler then interrupt C will be pended again after the handler for B has completed and the handler for C will be executed. If interrupt C is level based, then this interrupt will eventually become re-pending and subsequently be handled. If interrupt C is a single pulse interrupt, there is a possibility that this interrupt will be lost.

This bug is triggered in a rare condition. In cases where STORE experiences more than 2 wait cycles, workarounds must be used by the software developer.

  • This erratum does not apply for TI-RTOS interrupts, which ensures that no store with immediate offset occurs within the last 5 instructions of the interrupt routine. See the following files included in all SDKs for further implementation details:
    • kernel/tirtos/packages/ti/sysbios/family/arm/m3/Hwi_asm*.sv7M
  • Zero-latency interrupts in TI-RTOS (bypassing the kernel) and the no-RTOS examples in the SDK are affected by this erratum.

Workarounds:

Software not using the Memory Protection Unit (MPU):

For software not using the Memory Protection Unit (MPU), the workaround can be to disable CPU write buffering (register CPU_SCS.ACTLR.DISDEFWBUF) at the cost of significantly reduced execution speed.

All other cases (recommended workaround):

Ensure a DSB instruction occurs between the store and the BX instruction. For exception handlers written in C, this can be achieved by inserting the appropriate set of intrinsics or inline assembly just before the end of the interrupt function, for example:

 

ARMCC:

...

__schedule_barrier(); __asm{DSB}; __schedule_barrier(); }

GCC:

...

__asm volatile (“dsb 0xf” ::: “memory”); }

Note:

The workaround for this bug will not be added automatically by the compiler.