From ce97696bcd4515b5b2556163aa50c1b4723e7c0f Mon Sep 17 00:00:00 2001
From: Ian McIntyre <me@mciantyre.dev>
Date: Tue, 9 Sep 2025 08:29:25 -0400
Subject: Reserve address 0 by shifting ITCM start address

The runtime previously allowed function placement at address 0 in ITCM.
However, if you ever formed a pointer to the function placed there, it
would look like a null pointer. And you would never be able to call that
function if you relied on null pointer optimization. Also, most MCU
reference manuals (RM) recommend against this placement.

This commit reduces the total capacity of ITCM by 32 bytes, the smallest
possible size of a MPU region. Note that this is greater than the RM's
recommendation of a four byte reservation. It affects all supported
MCUs, except the 1180. If you're so inclined, your MPU could disallow
loads, stores, and execution from this reservation.

Revised unit tests should cover this change. Additionally, you can
manually verify that the ITCM region lengths are reduced by 32 bytes by
opening the linker scripts generated by the ELF test suite.
---
 src/host.rs | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/host.rs b/src/host.rs
index 43472fe..ba299dd 100644
--- a/src/host.rs
+++ b/src/host.rs
@@ -946,7 +946,7 @@ impl Family {
 
     /// Returns the start and size of the ITCM memory region.
     const fn itcm_start_size(self, itcm_banks: u32) -> (u32, u32) {
-        let itcm_size = itcm_banks * self.flexram_bank_size();
+        let mut itcm_size = itcm_banks * self.flexram_bank_size();
         let itcm_start = match self {
             Family::Imxrt1010
             | Family::Imxrt1015
@@ -956,7 +956,13 @@ impl Family {
             | Family::Imxrt1060
             | Family::Imxrt1064
             | Family::Imxrt1160
-            | Family::Imxrt1170 => 0x00000000,
+            | Family::Imxrt1170 => {
+                // Establish a reservation for null pointers.
+                // Note that this reservation is the minimum
+                // size of an MPU region.
+                itcm_size = itcm_size.saturating_sub(32);
+                32
+            }
             Family::Imxrt1180 => 0x10000000 - itcm_size,
         };
         (itcm_start, itcm_size)
@@ -1252,11 +1258,16 @@ mod tests {
     #[test]
     fn itcm_start_size() {
         // Most parts have an ITCM that could touch address 0.
+        // However, the implementation reserves an MPU region
+        // at address 0.
         for family in MOST_FAMILIES {
             for itcm_banks in 0..=family.flexram_bank_count() {
                 let (start, size) = family.itcm_start_size(itcm_banks);
-                assert_eq!(start, 0);
-                assert_eq!(size, family.flexram_bank_size() * itcm_banks);
+                assert_eq!(start, 32);
+                assert_eq!(
+                    size,
+                    (family.flexram_bank_size() * itcm_banks).saturating_sub(32)
+                );
             }
         }
 
-- 
cgit v1.2.3