Crash during flash programming

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

Crash during flash programming

6,874 次查看
Lundin
Senior Contributor IV
I'm using HCS12 DG128, CW3.1 and P&E Cyclone.

I'm trying to write my own flash programming routines.
They work fine if I single-step through the code in the CW debugger, but when I let the program run I get a crash after setting the CBEIF flag in FSTAT.

I get the message "Other BGND, illegal BP" in the debugger, and the program counter gets set to a value that doesn't make sense. When I try without debugger and BDM, the program hangs at the same spot, and sometimes it starts to behave strange (probably because the PC is corrupted).

I have no flash security, no interrupts, no wdog. The flash prescaler clock seems to be correct, 192kHz for 20MHz oscillator (value 0xCC in the clock register). I get the same behaviour on more than one MCU.

static FlashResult _write_word(uint8 CMD, uint16* far dest, uint16* source)
{
uint8 page = farToPage(dest); /* Get page address from far pointer */
uint16* near_ptr = farToNear(dest); /* Get 16-bit address from far pointer */
uint8 bank = flashGetBank(dest); /* Get bank 1 or 0 for DG128 */
volatile uint8 fstat;

FCNFG = 0x01; /* select bank 1 */
FSTAT = 0x30; /* clear error flags BANK 1 */
FCNFG = 0x00; /* select bank 0 */
FSTAT = 0x30; /* clear error flags BANK 0 */

FCNFG = bank; /* set correct bank for paged memory */

if((FSTAT & CBEIF)==0)
return FLASH_ROUTINE_FAILURE;

if(page)
{
uint8 tmp;
tmp = PPAGE;
PPAGE = page;
*near_ptr = *source;
PPAGE = tmp;
}
else
*near_ptr = *source;

FCMD = CMD;
FSTAT = CBEIF; /* program/MCU crashes here */


fstat = FSTAT;

if(fstat & PVIOL)
return FLASH_PVIOL_FAILURE;

if(fstat & ACCERR)
return FLASH_ACCERR_FAILURE;

while(!(FSTAT & CCIF))
;

return FLASH_OK;
}


Any ideas?
标签 (1)
0 项奖励
回复
6 回复数

1,710 次查看
Sten
Contributor IV
You do not write anything about where your routine resides; is it in RAM or Flash. The DG128 has two separate 64k Flash blocks, so it is possible to program one block with a routine that resides in the other block, but if you are programming the block that containes the interrupt vectors, you must have the interrupts disabled (and hope that you do not get any kind of unmaskable interrupts, e.g. reset or watchdog).
0 项奖励
回复

1,710 次查看
Lundin
Senior Contributor IV
Thanks for your reply.

The routine is located in non-banked flash on 0xC000 (bank 0).

I do a sector erase + program of 512 bytes. I get the same error no matter if attempt to program at 0x4000 (bank 0) or 0x3A8000 (bank 1). It works fine to program either location if I single-step through the whole code.

I'm not touching the vector table, interrupts are disabled and none of them are activated.

There shouldn't be any unmaskable interrupts and the reset pin is high all the time. I don't think it is a hw issue since the circuit board has been used for a couple of years without any trouble. And I get the same result on every board.

(I'm using the old 0L85D mask "DG128B" but can't find anything in the errata related to the problem.)
0 项奖励
回复

1,710 次查看
Sten
Contributor IV
I still think that it can be related to access conflicts; when you program or erase any location in block 0 (banks 3C..3F and unbanked addresses at 4000..7fff and c000..ffff), the whole block is unaccessable, so no code or data may be read from any location of the block. I do not understand how it can work when you are singlestepping, perhaps the Flash works differently under BDM-control.
0 项奖励
回复

1,710 次查看
Lundin
Senior Contributor IV

Yes, you are right! Upon further investigation, I found that the data was actually allocated in page 3C and not 3A. I moved it to 3A and now it gets programmed correctly. Thanks for pointing me in the right direction! :smileyhappy:

The strange thing is that I can actually program 0x4000 from code running in 0xC000 when I single step???

0 项奖励
回复

1,710 次查看
imajeff
Contributor III
That would have to do with timing, and accessing the Flash, and have a similar effect as waiting for the command-complete flag. When single stepping, two things are different:
  1. The primary execution is in BDM firmware instead of the Flash code that you are debugging
  2. Every single-step makes a long delay after it, so the programming pulses are done before the next instruction (in other words, you are waiting in BDM firmware while the Flash word is programmed)
0 项奖励
回复

1,710 次查看
Gizzzmo
Contributor I
Hi,

I would know if we can erase/programm flash from code located in flash ? I'm using the HCS12E128.

If it's not, what are the solutions ?

Thanks.
0 项奖励
回复