Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

On MSP430, what will happen when I dereference a null pointer?

I know dereferencing a null pointer is undefined - but I would like to know what happens on a specific target - an MSP430.

I don't have a board to load this on in front of me to test this out right now.

What would happen if I did this (or similar)?

int * foo = NULL;
(*foo)++; //Crash?

Location 0x0 is in the SFR range and is reserved.

Would it generate a PUC/POR? Or would it silently "work"?

The assembly generated is

;int * foo = NULL;
clr.w   R15
;(*foo)++;
inc.w   R15

So location 0x0 is literally being incremented by 1.

When I run this in the simulator I see the value at address 0x0 go from 0 to 1. I get no warnings in the debug log and the program exits normally.

I am using the IAR EW430 compiler/assembler/simulator.

like image 730
Nick Avatar asked Dec 28 '14 01:12

Nick


1 Answers

Not only writing and reading the address 0x0 will not cause a crash or a reboot, it actually a completely legal operation that is often used by MSP430 applications.

The initial portion or MSP430 memory map is reserved for I/O ports and control registers: http://en.wikipedia.org/wiki/TI_MSP430#MSP430_address_space

In particular, the control registers at 0x0 and subsequent addresses are:

 #define IE1_                  0x0000    /* Interrupt Enable 1 */
 #define IE2_                  0x0001    /* Interrupt Enable 2 */
 #define IFG1_                 0x0002    /* Interrupt Flag 1 */
 #define IFG2_                 0x0003    /* Interrupt Flag 2 */

So for example writing zero to that memory address by dereferencing a uint8_t * or uint16_t * pointer is going to disable interrupts. Writing zero by dereferencing an uint32_t * it is also going to clear the flags. Incrementing the value of these registers does not make a lot of sense, but should be completely legal.

At least this is the case on msp430 Series 1, Series 2 and Series 4. By checking the header files I was not able to find anything mapped to 0x0 on Series 5 (the interrupt control registers are mapped to region starting from 0x0100).

So if you want to catch places in code where the NULL pointer is dereferenced, you're completely on your own.

like image 129
kfx Avatar answered Nov 15 '22 04:11

kfx