I am concerned about the way ChibiOS/RT handles unexpected exceptions. The current approach is to simply drop into an infinite loop (e.g. see /os/common/startup/ARMCMx/compilers/GCC/vectors.c for Cortex Ms). This can be quite dangerous, as the application may need to perform some emergency safe de-activation protocol in the event of such a catastrophic failure. The existing failure hook CH_CFG_SYSTEM_HALT_HOOK handles this well. However, the current approach to handling unexpected interrupts bypassess that mechanism. This surprised me in an unpleasant way while I was debugging my application, since I expected that the system halt hook will be invoked for all failure modes recognized by the OS. Besides, since the unexpected exception handler doesn't disable other interrupts, the MCU may still continue to perform some functions, which can further aggravate the consequences.
I propose to apply a trivial modification to the unexpected exception hook as follows (assuming ARM Cortex M in this example, I expect the fix to be identical for all other architectures):
Code: Select all
--- a/os/common/startup/ARMCMx/compilers/GCC/vectors.c
+++ b/os/common/startup/ARMCMx/compilers/GCC/vectors.c
@@ -45,9 +45,13 @@
/*lint -save -e9075 [8.4] All symbols are invoked from asm context.*/
void _unhandled_exception(void) {
/*lint -restore*/
-
- while (true) {
- }
+ chSysHalt("UNDEFINED IRQ");
}
Would this be accepted upstream?