From 11caa6fcf2c14cc1e5d2cf25da6f3a096fb5e6d9 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Thu, 2 Jan 2020 18:42:19 +0100
Subject: [PATCH 1/2] heap: recognize 0x40000000 as an address terminating the
 backtrace

On Xtensa, backtrace can not recover the two most significant bits of
the address, as the window call size is encoded in these bits.
Because of this, __builtin_return_address modifies these MSBs to
match those of the callee, "fixing" the address. An unfortunate side
effect is that the zero return address, which usually terminates the
backtrace, gets converted to 0x40000000. While there is a valid
instruction at this address, its occurrence in the backtrace is
highly unlikely: this is the first instruction of WindowOverflow4
vector, and IDF apps switch VECBASE to an IRAM location very early at
startup.
---
 components/heap/heap_trace.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/components/heap/heap_trace.c b/components/heap/heap_trace.c
index 198480859a..1f27a1effe 100644
--- a/components/heap/heap_trace.c
+++ b/components/heap/heap_trace.c
@@ -271,6 +271,15 @@ inline static uint32_t get_ccount(void)
     return ccount;
 }
 
+/* Architecture-specific return value of __builtin_return_address which
+ * should be interpreted as an invalid address.
+ */
+#ifdef __XTENSA__
+#define HEAP_ARCH_INVALID_PC  0x40000000
+#else
+#define HEAP_ARCH_INVALID_PC  0x00000000
+#endif
+
 // Caller is 2 stack frames deeper than we care about
 #define STACK_OFFSET  2
 
@@ -278,8 +287,9 @@ inline static uint32_t get_ccount(void)
         if (STACK_DEPTH == N) {                                         \
             return;                                                     \
         }                                                               \
-        callers[N] = __builtin_return_address(N+STACK_OFFSET);                \
-        if (!esp_ptr_executable(callers[N])) {                          \
+        callers[N] = __builtin_return_address(N+STACK_OFFSET);          \
+        if (!esp_ptr_executable(callers[N])                             \
+             || callers[N] == (void*) HEAP_ARCH_INVALID_PC) {           \
             return;                                                     \
         }                                                               \
     } while(0);

From 19636db724505e8dcc1aa4ab58460f3417100100 Mon Sep 17 00:00:00 2001
From: Ivan Grokhotkov <ivan@espressif.com>
Date: Thu, 2 Jan 2020 18:50:32 +0100
Subject: [PATCH 2/2] test: add a (non-automated) case for backtraces with ROM
 functions

---
 components/esp32/test/test_backtrace.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/components/esp32/test/test_backtrace.c b/components/esp32/test/test_backtrace.c
index 2c1f4d8737..1520a8dde0 100644
--- a/components/esp32/test/test_backtrace.c
+++ b/components/esp32/test/test_backtrace.c
@@ -69,3 +69,15 @@ TEST_CASE("Test backtrace from interrupt watchdog timeout", "[reset_reason][rese
     backtrace_trigger_source = ACTION_INT_WDT;
     recursive_func(RECUR_DEPTH, SW_ISR_LEVEL_1);    //Trigger lvl 1 SW interrupt at max recursive depth
 }
+
+static void write_char_crash(char c)
+{
+    ets_write_char_uart(c);
+    *(char*) 0x00000001 = 0;
+}
+
+TEST_CASE("Test backtrace with a ROM function", "[reset_reason][reset=StoreProhibited,SW_CPU_RESET]")
+{
+    ets_install_putc1(&write_char_crash);
+    ets_printf("foo");
+}