ARM Cortex-M processors have multiple modes to provide different levels of access and functionality. The main modes are Thread Mode, Handler Mode, and Privileged Mode. Understanding these modes and when the processor switches between them is key to developing robust and secure embedded systems.
Thread Mode
Thread Mode is where the Cortex-M processor spends most of its time executing application code. This is the default mode that the processor starts in after reset. In Thread Mode, the processor has limited access to certain regions of memory and peripheral registers.
Code executes in Thread Mode with minimal exceptions and interrupts. This allows for deterministic and real-time behavior which is critical in many embedded applications. The limited permissions in Thread Mode also improve security by preventing accidental or malicious access to protected system resources.
When an exception occurs, such as a divide by zero or memory fault, the processor switches from Thread Mode to Handler Mode to handle the exception. Interrupts triggered by peripherals will also cause the switch to Handler Mode.
Handler Mode
Handler Mode is where the processor handles exceptions and interrupts. This mode has more permissions than Thread Mode, allowing access to system resources needed to process the exception or interrupt routine and handle the event.
There are different types of exceptions and interrupts, each associated with a specific handler function. For example, the SVC (Supervisor Call) exception is triggered by the SVCall instruction and jumps to the SVCall handler. The PendSV (Pendable Service Call) and SysTick (System Timer Tick) exceptions also have dedicated handler functions.
In Handler Mode, the processor can access System region memory which stores the vector table. This table contains the memory addresses for all exception and interrupt handler functions. The appropriate handler is looked up in the vector table and executed when an exception or interrupt occurs.
Handler Mode also permits access to system peripherals registers used for interrupt handling and context saving. For example, the System Control Block registers which hold processor state information when switching between threads.
After completing the handler routine, the processor switches back to Thread Mode and resumes application code execution. This ensures deterministic timing by keeping interrupt handling separate from main program execution.
Privileged Mode
Privileged Mode (formerly known as Supervisor Mode) is the highest level mode in Cortex-M processors. It has complete access permissions to all system resources. Privileged Mode is used to execute privileged operating system code, configure memory protections, and implement multithreading.
The processor can only switch to Privileged Mode from Thread Mode by executing the MSR (Modify Status Register) instruction. This checks that the executing code has the privilege to perform the mode switch. Jumping directly to Privileged Mode code is not possible.
From Privileged Mode, the operating system kernel has full control over hardware resources. It can set up memory regions for different processes, enable and assign priorities for interrupts, and switch between threads. This level of access control prevents application code errors from corrupting or locking up the whole system.
When multitasking between threads, the kernel saves context switch information for one thread and restores the context for another using Privileged Mode access. This allows seamlessly resuming each thread as if no switch had occurred.
Privileged Mode also manages exceptions escalation. If an exception occurs while in Handler Mode and cannot be resolved, it gets escalated to Privileged Mode. Escalated exceptions have a dedicated handler located in the Privileged region of memory.
Mode Switching Sequence
The Cortex-M processor modes follow a hierarchical switching structure. The typical sequence is:
- Execution in Thread Mode
- Exception or interrupt occurs
- Switch to Handler Mode
- Execute specific handler routine
- Return to Thread Mode
- Escalated exception occurs
- Switch to Privileged Mode
- Execute privileged exception handler
- Return to original Thread or Handler Mode
Direct switching between Thread Mode and Privileged Mode is also possible using the MSR instruction. This allows the operating system to regain control without having to wait for an exception.
Mode Permissions
Each Cortex-M mode provides progressively higher levels of permissions to memory and peripherals. This prevents unauthorized access and improves system robustness.
Thread Mode only permits execution of code and access to data stored in Code and SRAM regions. Attempted access outside these regions will cause a fault exception.
Handler Mode allows access to Code, SRAM, and System regions. The System region contains vectors tables, system control registers, and stack pointers. Handler Mode cannot access OS resources or memory marked as Privileged access only.
Privileged Mode has read/write access to all memory and peripherals. This permits full configuration control but also incurs a greater risk of unintentional access errors so must be used carefully.
Setting up the different memory regions and assigning access permissions is performed during the booting and system initialization stages by code executing in Privileged Mode.
Debug Exceptions
Debug exceptions permit external debugger tools to halt normal execution and take control of the processor. The debugger enters Debug Mode which has the same privileges as Privileged Mode.
Debug Mode allows the debugger to set breakpoints, inspect memory and registers, single step through code, and perform other program trace operations. This facilitates identifying bugs and verifying correct code execution.
Debug exceptions can be enabled/disabled and set to halt only on certain types of debug events. Monitor code executing in Debug Mode can communicate with the external debugger, allow execution to resume, and notify the debugger if a set breakpoint is reached.
Secure and Non-secure State
Some Cortex-M processors also implement Arm TrustZone security extensions. This adds Secure and Non-secure states that operate in parallel to the privilege modes.
Non-secure state executes normal application code and system code. Secure state runs trusted code and has access to protected resources not available in the Non-secure state.
Transitions between the Secure and Non-secure states occur on interrupt or exception entry and exits. This allows flexible switching while keeping security firewalls intact.
Assigning resources, peripherals and memory regions to either the Secure or Non-secure state is done via configuration options. This enables building systems with mixed criticality requirements.
Summary
The modes of ARM Cortex-M processors provide a layered approach to balancing performance, determinism, and security in embedded systems. Thread Mode executes main application code. Handler Mode responds to system exceptions and interrupts. Privileged Mode allows an operating system kernel to control hardware resources and threading.
The modes have progressively higher access permissions, enabling each to carry out its specific functions while limiting unintended consequences. Developers can leverage these modes to build robust and secure real-time embedded systems.
