I'm using 1.3.2 and was playing with reducing the size of PBUF_POOL_SIZE to
save RAM. I reduced it from 15 to 13, then I sometimes get processor
exceptions. Things were really quite stable as they were, but I just
can't leave well enough alone I guess. Regardless, I would assume this sort of thing should not happen in any case.
The source of the issue seems to be in memp.c, line 325. It looks like this:
memp = memp_tab[type];
if (memp != NULL) {
memp_tab[type] = memp->next; //LINE 325
#if MEMP_OVERFLOW_CHECK
memp->next = NULL;
memp->file = file;
memp->line = line;
#endif /*
MEMP_OVERFLOW_CHECK */
MEMP_STATS_INC_USED(used, type);
LWIP_ASSERT("memp_malloc: memp properly aligned",
((mem_ptr_t)memp % MEM_ALIGNMENT) == 0);
memp = (struct memp*)((u8_t*)memp + MEMP_SIZE);
}
This
was compiled with optimization so I can't entirely trust the reported
line number. Anyway,
memp_tab[0] = 0x0, and memp_tab[1] = 0xb000a8c0, while members 2-7
contain actual RAM addresses, which are in the format of 0x200xxxx and
exist in .bss.memp_memory according to my .map file. 0xb000a8c0 is not a
valid address on this chip whatsoever. In the above code, I see that
"type" is equal to MEMP_TCP_PCB, although I cannot find that declaration
anywhere. Must be some compiler magic.
The
chain of events that seemed to get me here was calling tcp_new(), which
called memp_malloc() in tcp_alloc. Any ideas why I'm getting this
invalid address in memp_tab? This is v1.3.2 in RAW mode. My options
are below for reference.
#define TCP_MSS 1460
#define PBUF_POOL_BUFSIZE 512
#define PBUF_POOL_SIZE 13
#define TCP_WND
(TCP_MSS*4)
#define TCP_SND_BUF (TCP_MSS*10)
#define MEM_SIZE 1024
#define MEMP_NUM_PBUF 20
#define MEMP_NUM_TCP_SEG 20
#define TCP_SND_QUEUELEN 20