Stack overflow detection using the ST9 timer/watchdog
1 Introduction
In real time applications, implementation of software protection is not always easy, but it is
needed to reach a high level of security against software malfunction. This is particularly
true for on-board applications in noisy environments, such as automotive, power meter or
industrial applications.
To help avoid un-controlled operations and damage to real time systems due to any possible
disturbance of the ST9 microcontroller core and I/O ports, a special peripheral acting as a
watchdog is available on all ST9 family members: the Timer/Watchdog.
The periodic restarting of the Timer/Watchdog by the application software, associated with
the automatic detection of any stack overflow, provide enhanced protection to real time
application software.
This application note shows how to detect stack overflow by using the Timer/Watchdog in
watchdog mode.
AN421
Application note
November 2011 Doc ID 2476 Rev 2 1/11
www.st.com
Contents AN421
Contents
1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
2 Stack overflow detection principle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1 Summary of timer/watchdog features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2 Stack overflow detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3 Software description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.1 Stack initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
3.2 Timer/watchdog programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.3 Timer/Watchdog restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
5 Revision history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2/11 Doc ID 2476 Rev 2
AN421 List of figures
List of figures
Figure 1. Example of stack overflow detection in register file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Figure 2. System stack initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Figure 3. Timer/watchdog initialization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Figure 4. Restarting the timer/watchdog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Doc ID 2476 Rev 2 3/11
Stack overflow detection principle AN421
2 Stack overflow detection principle
2.1 Summary of timer/watchdog features
The ST9 core includes a 16-bit down counter with an 8-bit prescaler capable of operating in
watchdog mode. This timer, driven by a clock at a frequency of INTCLK divided by 4, is able
to provide time periods within the range of 333 ns to 5.59 s (using a 12 MHz internal clock).
In watchdog mode, the Timer/Watchdog generates a fixed time base depending on the
Timer/Watchdog registers and prescaler, and to INTCLK. This time base can be modified on
the fly by changing the prescaler value. The new value will be taken into account only after
an End Of Count event. In watchdog mode, the End Of Count occurrence generates a
system reset.
In order to prevent the reset, the byte sequence AAh, 55h should be written into the Timer
Watchdog register Low. Once the write of 55h has been performed, the timer reloads the
prescaler register and the counting restarts from this value (the prescaler register value may
be modified between two End Of Count events).
Note: 1 For a better understanding of this application note; please refer to the ST9 Technical Manual
chapter on the 16-bit programmable Timer/Watchdog.
2 INTCLK: Internal Clock. This clock issued from the oscillator circuitry, divided or not by 2, is
the ST9 Internal Clock driving the peripherals. The maximum frequency allowed for INTCLK
is 12MHz.
2.2 Stack overflow detection
In many software applications, for example when running on ST9 ROMLESS versions or
without external memory space, the size of the stack is limited.
On ST9 devices, the system stack may be located in the Register File or in data memory
space. The ST9 stack pointer moves from the top to the bottom of the stack area.
A solution to detect stack overflow is to reserve the first two bytes after the bottom of the
stack and to store in these locations the Timer Watchdog restart value, AAh, 55h.
In the case of stack overflow, the data will be overwritten and thus destroyed and a system
reset will be generated on the next Timer Watchdog End Of Count.
4/11 Doc ID 2476 Rev 2