|
225 | 225 | //! - `DefaultHandler`. This is the default handler. If not overridden using `#[exception] fn |
226 | 226 | //! DefaultHandler(..` this will be an infinite loop. |
227 | 227 | //! |
228 | | -//! - `HardFaultTrampoline`. This is the real hard fault handler. This function is simply a |
229 | | -//! trampoline that jumps into the user defined hard fault handler named `HardFault`. The |
230 | | -//! trampoline is required to set up the pointer to the stacked exception frame. |
231 | | -//! |
232 | | -//! - `HardFault`. This is the user defined hard fault handler. If not overridden using |
233 | | -//! `#[exception] fn HardFault(..` it will default to an infinite loop. |
| 228 | +//! - `HardFault` and `_HardFault`. These function handle the hard fault handling and what they |
| 229 | +//! do depends on whether the hard fault is overridden and whether the trampoline is enabled (which it is by default). |
| 230 | +//! - No override: Both are the same function. The function is an infinite loop defined in the cortex-m-rt crate. |
| 231 | +//! - Trampoline enabled: `HardFault` is the real hard fault handler defined in assembly. This function is simply a |
| 232 | +//! trampoline that jumps into the rust defined `_HardFault` function. This second function jumps to the user-defined |
| 233 | +//! handler with the exception frame as parameter. This second jump is usually optimised away with inlining. |
| 234 | +//! - Trampoline disabled: `HardFault` is the user defined function. This means the user function is called directly |
| 235 | +//! from the vector table. `_HardFault` still exists, but is an empty function that is purely there for compiler |
| 236 | +//! diagnostics. |
234 | 237 | //! |
235 | 238 | //! - `__STACK_START`. This is the first entry in the `.vector_table` section. This symbol contains |
236 | 239 | //! the initial value of the stack pointer; this is where the stack will be located -- the stack |
@@ -724,16 +727,27 @@ pub use macros::entry; |
724 | 727 | /// |
725 | 728 | /// # Usage |
726 | 729 | /// |
727 | | -/// `#[exception] unsafe fn HardFault(..` sets the hard fault handler. The handler must have |
728 | | -/// signature `unsafe fn(&ExceptionFrame) -> !`. This handler is not allowed to return as that can |
729 | | -/// cause undefined behavior. |
| 730 | +/// ## HardFault handler |
| 731 | +/// |
| 732 | +/// `#[exception(trampoline = true)] unsafe fn HardFault(..` sets the hard fault handler. |
| 733 | +/// If the trampoline parameter is set to true, the handler must have signature `unsafe fn(&ExceptionFrame) -> !`. |
| 734 | +/// If set to false, the handler must have signature `unsafe fn() -> !`. |
| 735 | +/// |
| 736 | +/// This handler is not allowed to return as that can cause undefined behavior. |
| 737 | +/// |
| 738 | +/// To maintain backwards compatibility the attribute can be used without trampoline parameter (`#[exception]`), |
| 739 | +/// which sets the trampoline to true. |
| 740 | +/// |
| 741 | +/// ## Default handler |
730 | 742 | /// |
731 | 743 | /// `#[exception] unsafe fn DefaultHandler(..` sets the *default* handler. All exceptions which have |
732 | 744 | /// not been assigned a handler will be serviced by this handler. This handler must have signature |
733 | 745 | /// `unsafe fn(irqn: i16) [-> !]`. `irqn` is the IRQ number (See CMSIS); `irqn` will be a negative |
734 | 746 | /// number when the handler is servicing a core exception; `irqn` will be a positive number when the |
735 | 747 | /// handler is servicing a device specific exception (interrupt). |
736 | 748 | /// |
| 749 | +/// ## Other handlers |
| 750 | +/// |
737 | 751 | /// `#[exception] fn Name(..` overrides the default handler for the exception with the given `Name`. |
738 | 752 | /// These handlers must have signature `[unsafe] fn() [-> !]`. When overriding these other exception |
739 | 753 | /// it's possible to add state to them by declaring `static mut` variables at the beginning of the |
|
0 commit comments