Method for monitoring the free space of a memory stack

Abstract

A method for monitoring the free space of a stack of a microcontroller during the execution of a process using spaces of the stack from a start address to an end address of the stack, in which the method includes: in a prior step, writing N keys in the stack at N addresses of the stack, the memory space between two consecutive keys decreasing in a direction from the start address to the end address of the stack; and, in a step of executing the process, saving the address of the current key, corresponding to the address of the existing key, among the N keys, that is closest to the stack start address.

Claims

1. A method for monitoring free space of a stack of a microcontroller during execution of a process using spaces of said stack from a start address to an end address of the stack, in which said method comprises: in a prior step, writing N keys, in the stack at N addresses of said stack, the memory space between any two consecutive keys of the N keys gradually decreases as each of the N keys are written in addresses closer to the end address of the stack; in a step of executing the process, saving the address of the current key, corresponding to the address of the existing key, among the N keys, that is closest to the start address of the stack; and comparing the address of the current key to the address of a maximum key corresponding to an address of the stack, and, in the case where the address of the current key is closer to the end address than the address of the maximum key, the address of said maximum key takes the value of the address of the current key.

2. The method for monitoring the free space of a stack according to claim 1, wherein from a predefined address of a first key A(1), the address of the i-th key, i varying from 2 to N, is equal to the whole part of $\left(\frac{2^{i-1}-1}{2^{i-1}}\times \left(\mathrm{SS}-\left(A\left(1\right)-\mathrm{SSA}\right)\right)\right),$ where SS is equal to the size of the stack, SSA being the start address of the stack.

3. The method for monitoring the free space of a stack according to claim 1, wherein said method further comprises writing two keys at each end of the stack.

4. The method for monitoring the free space of a stack according to claim 3, wherein the address of the maximum key is stored in a non-volatile memory area.

5. The method for monitoring the free space of a stack according to claim 1, wherein the addresses of the keys are stored in a data table.

6. The method for monitoring the free space of a stack according to claim 5, wherein an address of an i-th key is accessible by its index i in the data table.

7. A non-transitory computer program product, intended to be executed by a processing means of a calculation unit, said calculation unit further comprising a memory, and said program configured for the implementation of the method of claim 1.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) Other Characteristics and Advantages Will Appear Upon Reading the Description of the Following Embodiment. This Description Will be Given with Reference to the Accompanying Drawings in which:

(2) FIG. 1, already presented, schematically illustrates a microcontroller stack according to an embodiment of the prior art;

(3) FIG. 2 schematically illustrates a microcontroller stack according to an implementation mode of an aspect of the invention; and

(4) FIG. 3 schematically illustrates a method for controlling the free space of a microcontroller stack during the execution of a process according to an embodiment of the invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

(5) FIG. 2 illustrates a stack 200 of a microcontroller such as implemented according to an embodiment of the invention. The stack 200 is defined in a random access memory M by a start address 211 and an end address 212 of the stack 200.

(6) During the execution of a process using the stack 200, a method for monitoring the free space of said stack 200 makes it possible to monitor the use of the memory space.

(7) FIG. 3 illustrates steps of such a monitoring method.

(8) In a step E10, called initialization, prior to the execution of the process, the stack being empty, a plurality N+2 of keys K.sub.i (considering 0≤i<N+1) is positioned in stack 200, by writing specific predetermined initialization values, at N+1 separate addresses A.sub.i, the keys K.sub.0 and K.sub.N+1 being those of the standard process guaranteeing that the limits of the stack have never been exceeded. Ideally, the positioning is carried out in such a way that the keys K.sub.i are more present at the end of the stack than at the start of the stack. Thus, going from the start address 211 to the end address 212 of the stack, the memory space separating two consecutive keys decreases. This distribution of keys allows a gradual meshing of the stack. Consequently, a larger meshing of the margin area 230 of the stack is obtained. As explained above, this margin area 230 allows to be informed that the free space of the stack is becoming limited, while still keeping a certain number of usable addresses in the RAM.

(9) In a preferred embodiment, the distribution of the keys K.sub.i is performed according to an exponential distribution law. For example, the keys are written to addresses of the stack according to the law

(10) $A\left(i\right)=A\left(1\right)+\left(\frac{2^{i-1}-1}{2^{i-1}}\times \left(\mathrm{SS}-\left(A\left(1\right)-\mathrm{SSA}\right)\right)\right)$
where A(i) represents the address of the i-th key K.sub.i, SSA the start address of the stack, and SS the size of the stack and i varying from 2 to N. Following the writing of the N+2 initialization values, still in step E10, the first key (corresponding to A(1)) is saved and corresponds to a current index CI. The address of the first key A(1) is ideally defined by an address such that that the size of the stack remaining free is considered acceptable and safe. Thus, the address of the key may be set to half the stack, or, for example, to 70% or 80% of the stack size.

(11) Ideally, the number of keys K.sub.i is understood and determined according to the size of the stack and the desired final granularity which is equal to the size of the last space determined by the keys, namely

(12) $\frac{\left(\mathrm{SS}-\left(A\left(1\right)-\mathrm{SSA}\right)\right)}{2^{N-1}}$
for N keys.

(13) In a step E20, during the execution of a process using stack 200, at regular intervals (ideally, at the smallest of the recurrences of all the processes managed by a system executing said processes), the first key is verified. Thus, at address A(1), the method verifies that the initialization value of the first key is present. In the case where the value is changed, the process has therefore used the space of the stack up to the level of the current key, which means that the key has been reached. In the case where the value is unchanged, the key has not been reached. If the key has been reached, the method verifies that the next key has not been reached, and so on until detecting a key K.sub.i not reached. The i-th key thus determined is saved and the value of the current index CI is updated to correspond to this key.

(14) The address of a key K.sub.i can be automatically calculated or, ideally, during initialization, the addresses of the keys K.sub.i are stored in a data structure, such as a table, for example, the indices of the table being matched with the indices i of the keys.

(15) In a step E30, when the last key K.sub.N+1 is reached or if the key K.sub.0 has been corrupted, as for the standard method, a reinitialization of the process is triggered to find a stable and safe state of execution of the process. This reinitialization also entails reinitializing the stack 200. Thus, step E10 of key distribution and reinitialization of the current index CI is carried out again.

(16) In a step E40, a maximum index value MI is also saved. When the stack is initialized for the first time, for example, following the first power-up of a system executing the process, MI is equal to the current index CI. Thereafter, when the value of the current index CI is updated, the method verifies that this value is not greater than the value of the maximum index MI. If this value is higher, MI is updated with the value of the current index CI. The maximum index MI is saved in a non-volatile memory area, for example, a non-volatile RAM memory (NVRAM). Thus, during the reinitialization of the stack following the reinitialization of the process caused in a step E30, the value of the maximum index MI is not affected.

(17) The maximum index MI can be recovered in a later step, thus allowing verification of the measurement of the stack size remaining free. This remaining free size TL is between and TLinf(MI) and TLsup(MI) such that TLinf(MI)≤TL<TLsup(MI) with

(18) $\mathrm{TLinf}\left(\mathrm{MI}\right)=\frac{2^{\mathrm{MI}-1}-1}{2^{\mathrm{MI}-1}}\times \left(A\left(1\right)-\mathrm{SSA}\right)\mathrm{and}\mathrm{TLsup}\left(\mathrm{MI}\right)=\frac{2^{\mathrm{MI}}-1}{2^{\mathrm{MI}}}\times \left(A\left(1\right)-\mathrm{SSA}\right)$
for MI>1 and TLinf(1)=SS and TLsup(1)=A(1)−SSA.

(19) Consequently, by implementing this monitoring method, it is possible to determine with precision a maximum amount of memory used during, for example, the design phases of an embedded system. Therefore, the stack size can optimally be defined. In addition, the use of such a method uses few processor resources, allowing the use of these resources for other tasks.