FILLing unused Memory with the GNU Linker

In many of my applications I use a CRC/checksum to verify that the code/flash on the target is not modified. For this, not only the code/data in flash counts, but as well all the unused gaps in the memory map. Instead to leave it up to the flasher/debugger (which usually erases it to 0xFF), I want to fill it with my pattern. The GNU linker is using the pattern 0x00 for unused bytes inside sections. So this post is about to use the GNU linker to ‘fill’ the uninitalized FLASH memory with a pattern.

FLASH with DeadBeef Pattern

FLASH with DeadBeef Pattern

=fill Linker File Command

The GNU linker has a way to fill a section. The GNU linker documenation lists the SECTIONS syntax as:

SECTIONS {
...
secname start BLOCK(align) (NOLOAD) : AT ( ldadr )
{ contents } >region :phdr =fill
...
}

The interesting thing is the =fill at the end: here I can specify an expression which then is used to fill the section:

=fill

Including =fill in a section definition specifies the initial fill value for that section. You may use any expression to specify fill. Any unallocated holes in the current output section when written to the output file will be filled with the two least significant bytes of the value, repeated as necessary. You can also change the fill value with a FILL statement in the contents of a section definition.

For example

.text :
  {
    . = ALIGN(4);
    *(.text)           /* .text sections (code) */
    *(.text*)          /* .text* sections (code) */
    *(.rodata)         /* .rodata sections (constants, strings, etc.) */
    *(.rodata*)        /* .rodata* sections (constants, strings, etc.) */
    *(.glue_7)         /* glue arm to thumb code */
    *(.glue_7t)        /* glue thumb to arm code */
    *(.eh_frame)

    KEEP (*(.init))
    KEEP (*(.fini))

    . = ALIGN(4);

    _etext = .;        /* define a global symbols at end of code */
  } > m_text =0xEE

Will fill my section with the 0xEE byte pattern. I can verify this when I compare the generated S19 files (see “Binary (and S19) Files for the mbed Bootloader with Eclipse and GNU ARM Eclipse Plugins“):

Inserted Fill Byte

Inserted Fill Byte

❗ The =fill applies only *inside* an output section, so does not fill the space between output sections!

FILL() Linker Command

The =fill applies to the output section. But if I want to fill different parts within an output section, then the FILL command should be used:

FILL(expression)
Specify the “fill pattern” for the current section. Any otherwise unspecified regions of memory within the section (for example, regions you skip over by assigning a new value to the location counter ‘.’) are filled with the two least significant bytes from the expression argument. A FILL statement covers memory locations after the point it occurs in the section definition; by including more than one FILL statement, you can have different fill patterns in different parts of an output section.

My favorite FILL command is this one:

FILL(0xDEADBEEF)

or

FILL(0xDEADC0DE)

🙂

Filling Memory *Outside* Sections

While the above =fill and FILL() examples are fine, they only fill *inside* a section.

For example for my KL25Z I have following MEMORY defined in the linker file:

MEMORY {
  m_interrupts (RX) : ORIGIN = 0x00000000, LENGTH = 0x000000C0
  m_cfmprotrom  (RX) : ORIGIN = 0x00000400, LENGTH = 0x00000010
  m_text      (RX) : ORIGIN = 0x00000410, LENGTH = 0x0001FBF0
  m_data      (RW) : ORIGIN = 0x1FFFF000, LENGTH = 0x00004000
}

The linker will place my code and constant data into the m_text output section. I will not fill up all the 128 KByte of FLASH, so the end of m_text will not be filled with the above examples. So how to fill the rest of m_text up to the address 0x1’FFFF (end of FLASH memory)?

The trick is to add a special output section at the end which then gets filled with a pattern. For this I need find what is the last section put into m_text. Looking at my linker script file there is this:

  .fini_array :
  {
    PROVIDE_HIDDEN (__fini_array_start = .);
    KEEP (*(SORT(.fini_array.*)))
    KEEP (*(.fini_array*))
    PROVIDE_HIDDEN (__fini_array_end = .);

    ___ROM_AT = .;
  } > m_text

So .fini_array is the last thing for m_text, and it defines a linker symbol ___ROM_AT which marks the end of the ROM. What I do now is to create a new output section .fill and move the ___ROM_AT symbol:

  .fini_array :
  {
    PROVIDE_HIDDEN (__fini_array_start = .);
    KEEP (*(SORT(.fini_array.*)))
    KEEP (*(.fini_array*))
    PROVIDE_HIDDEN (__fini_array_end = .);

    /*___ROM_AT = .; */
  } > m_text
  
  .fill :
  {
    FILL(0xDEADBEEF);
    . = ORIGIN(m_text) + LENGTH(m_text) - 1;
    BYTE(0xAA)
    ___ROM_AT = .;
  } > m_text
  • Using the FILL command to define the pattern (0xdeadbeef)
  • Setting the current section cursor (.) at the last byte of the m_text MEMORY area
  • Writing a value to that location with the BYTE() command. Note that this byte is technically needed, as the linker needs to have something in the output section.
  • Defining the ___ROM_AT symbol. My linker file is using that symbol later. If your linker file does not need this, you do not need this line.

After that, I get the unused FLASH filled with a DEADBEEF pattern:

Filled FLASH Memory with 0xdeadbeef

Filled FLASH Memory with 0xdeadbeef

And the end has as expected at 0x1FFFF the 0x00 byte:

0x1FFFF filled with 0xAA

0x1FFFF filled with 0xAA

Summary

Filling the unused FLASH memory with a defined pattern is a very useful thing: it makes the memory defined e.g. for a checksum calculation. Additionally it can increase the reliability of an application: I can fill the FLASH memory with an illegal instruction or HALT instruction: so when my application would jump into undefined memory, I can bring the system to a screeching halt.

To use a fill pattern inside a section is very easy with the GNU linker (ld). To fill unused memory outside of output sections, I’m using a dedicated .fill section as shown in this post.

Happy FILLing 🙂

Links:

Advertisements

5 thoughts on “FILLing unused Memory with the GNU Linker

  1. How do you deal with the data sections that use AT(__ROM_AT), actually getting put into flash section and cause an overlap? If you use =fill in the last text section, it doesn’t get used because the data sections are put next. If you use the .fill section in the text area, it will fill to the end of flash but then try to load the data section after the end of flash. If you use the .fill section in the data area, it will fill up to the size of the sram. I don’t see a way to have uninitialized data in flash and have a fill to the end of flash.

    Like

  2. Pingback: CRC Checksum Generation with ‘SRecord’ Tools for GNU and Eclipse | MCU on Eclipse

  3. Hi Erich,

    Followed the steps but the project did not build -> “region m_text overflowed with text and data”. Although got some idea after reading above comment…but didn’t get the complete idea. What I am doing wrong ?

    Like

    • It means that the pieces going into m_text were too large. I recommend that you artificially increase the m_text memory are in the linker file in order to sucessfully link. Then inspect the linker .map file what is causing the problem (check the objects going into m_text).
      I hope this helps,
      Erich

      Like

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s