mcspr
diff --git a/‎README.md
+3-3 b/‎README.md
+3-3
diff --git a/‎cores/esp8266/core_esp8266_features.cpp
+7-7 b/‎cores/esp8266/core_esp8266_features.cpp
+7-7
diff --git a/‎cores/esp8266/core_esp8266_main.cpp
+5 b/‎cores/esp8266/core_esp8266_main.cpp
+5
diff --git a/‎cores/esp8266/core_esp8266_postmortem.cpp
+12-2 b/‎cores/esp8266/core_esp8266_postmortem.cpp
+12-2
diff --git a/‎cores/esp8266/umm_malloc/Notes.h
+11 b/‎cores/esp8266/umm_malloc/Notes.h
+11
diff --git a/‎cores/esp8266/umm_malloc/umm_local.c
+5-2 b/‎cores/esp8266/umm_malloc/umm_local.c
+5-2
diff --git a/‎cores/esp8266/umm_malloc/umm_malloc.cpp
+22-8 b/‎cores/esp8266/umm_malloc/umm_malloc.cpp
+22-8
diff --git a/‎cores/esp8266/umm_malloc/umm_malloc_cfg.h
+15-1 b/‎cores/esp8266/umm_malloc/umm_malloc_cfg.h
+15-1
diff --git a/‎cores/esp8266/umm_malloc/umm_poison.c
+12-7 b/‎cores/esp8266/umm_malloc/umm_poison.c
+12-7
@@ -28,9 +28,9 @@ ESP8266 Arduino core comes with libraries to communicate over WiFi using TCP and
 
 Starting with 1.6.4, Arduino allows installation of third-party platform packages using Boards Manager. We have packages available for Windows, Mac OS, and Linux (32 and 64 bit).
 
-- Install the current upstream Arduino IDE at the 1.8.9 level or later. The current version is on the [Arduino website](https://www.arduino.cc/en/software).
-- Start Arduino and open the Preferences window.
-- Enter ```https://arduino.esp8266.com/stable/package_esp8266com_index.json``` into the *File>Preferences>Additional Boards Manager URLs* field of the Arduino IDE. You can add multiple URLs, separating them with commas.
+- [Download and install Arduino IDE 1.x or 2.x](https://www.arduino.cc/en/software)
+- Start Arduino and open the Preferences window
+- Enter `https://arduino.esp8266.com/stable/package_esp8266com_index.json` into the *File>Preferences>Additional Boards Manager URLs* field of the Arduino IDE. You can add multiple URLs, separating them with commas.
 - Open Boards Manager from Tools > Board menu and install *esp8266* platform (and don't forget to select your ESP8266 board from Tools > Board menu after installation).
 
 #### Latest release [![Latest release](https://img.shields.io/github/release/esp8266/Arduino.svg)](https://github.com/esp8266/Arduino/releases/latest/)
 
@@ -38,13 +38,13 @@ void precache(void *f, uint32_t bytes) {
   // page (ie 1 word in 8) for this to work.
   #define CACHE_PAGE_SIZE 32
 
-  uint32_t a0;
-  __asm__("mov.n %0, a0" : "=r"(a0));
-  uint32_t lines = (bytes/CACHE_PAGE_SIZE)+2;
-  volatile uint32_t *p = (uint32_t*)((f ? (uint32_t)f : a0) & ~0x03);
-  uint32_t x;
-  for (uint32_t i=0; i<lines; i++, p+=CACHE_PAGE_SIZE/sizeof(uint32_t)) x=*p;
-  (void)x;
+  uint32_t lines = (bytes / CACHE_PAGE_SIZE) + 2;
+  uint32_t *p = (uint32_t*)((uint32_t)(f ? f : __builtin_return_address(0)) & ~0x03);
+  do {
+    __asm__ volatile ("" : : "r"(*p));  // guarantee that the value of *p will be in some register (forced load)
+    p += CACHE_PAGE_SIZE / sizeof(uint32_t);
+  } while (--lines);
+  __sync_synchronize();  // full memory barrier, mapped to MEMW in Xtensa
 }
 
 /** based on efuse data, we could determine what type of chip this is
 
@@ -166,6 +166,11 @@ extern "C" void __esp_delay(unsigned long ms) {
 extern "C" void esp_delay(unsigned long ms) __attribute__((weak, alias("__esp_delay")));
 
 bool esp_try_delay(const uint32_t start_ms, const uint32_t timeout_ms, const uint32_t intvl_ms) {
+    if (!timeout_ms) {
+        esp_yield();
+        return true;
+    }
+
     uint32_t expired = millis() - start_ms;
     if (expired >= timeout_ms) {
         return true; // expired
 
@@ -110,6 +110,10 @@ static void cut_here() {
     ets_putc('\n');
 }
 
+static inline bool is_pc_valid(uint32_t pc) {
+    return pc >= XCHAL_INSTRAM0_VADDR && pc < (XCHAL_INSTROM0_VADDR + XCHAL_INSTROM0_SIZE);
+}
+
 /*
   Add some assembly to grab the stack pointer and pass it as an argument before
   it grows for the target function. Should stabilize the stack offsets, used to
@@ -125,7 +129,7 @@ asm(
     "\n"
 "__wrap_system_restart_local:\n\t"
     "mov          a2,     a1\n\t"
-    "j            postmortem_report\n\t"
+    "j.l          postmortem_report, a3\n\t"
     ".size __wrap_system_restart_local, .-__wrap_system_restart_local\n\t"
 );
 
@@ -181,7 +185,13 @@ static void postmortem_report(uint32_t sp_dump) {
             exccause, epc1, rst_info.epc2, rst_info.epc3, rst_info.excvaddr, rst_info.depc);
     }
     else if (rst_info.reason == REASON_SOFT_WDT_RST) {
-        ets_printf_P(PSTR("\nSoft WDT reset\n"));
+        ets_printf_P(PSTR("\nSoft WDT reset"));
+        const char infinite_loop[] = { 0x06, 0xff, 0xff };  // loop: j loop
+        if (is_pc_valid(rst_info.epc1) && 0 == memcmp_P(infinite_loop, (PGM_VOID_P)rst_info.epc1, 3u)) {
+            // The SDK is riddled with these. They are usually preceded by an ets_printf.
+            ets_printf_P(PSTR(" - deliberate infinite loop detected"));
+        }
+        ets_putc('\n');
         ets_printf_P(PSTR("\nException (%d):\nepc1=0x%08x epc2=0x%08x epc3=0x%08x excvaddr=0x%08x depc=0x%08x\n"),
             rst_info.exccause, /* Address executing at time of Soft WDT level-1 interrupt */ rst_info.epc1, 0, 0, 0, 0);
     }
 
@@ -341,5 +341,16 @@ Enhancement ideas:
       * For multiple Heaps builds, add a dedicated function that always reports
         DRAM results.
 
+
+  April 22, 2023
+
+  The umm_poison logic runs outside the UMM_CRITICAL_* umbrella. When interrupt
+  routines do alloc calls, it is possible to interrupt an in-progress allocation
+  just before the poison is set, with a new alloc request resulting in a false
+  "poison check fail" against the in-progress allocation. The SDK does mallocs
+  from ISRs. SmartConfig can illustrate this issue.
+
+  Move get_poisoned() within UMM_CRITICAL_* in umm_malloc() and umm_realloc().
+
 */
 #endif
@@ -142,8 +142,11 @@ void *umm_poison_realloc_fl(void *ptr, size_t size, const char *file, int line)
 
     add_poison_size(&size);
     ret = umm_realloc(ptr, size);
-
-    ret = get_poisoned(ret, size);
+    /*
+      "get_poisoned" is now called from umm_realloc while still in a critical
+      section. Before umm_realloc returned, the pointer offset was adjusted to
+      the start of the requested buffer.
+    */
 
     return ret;
 }
 
@@ -909,6 +909,8 @@ void *umm_malloc(size_t size) {
 
     ptr = umm_malloc_core(_context, size);
 
+    ptr = POISON_CHECK_SET_POISON(ptr, size);
+
     UMM_CRITICAL_EXIT(id_malloc);
 
     return ptr;
@@ -926,7 +928,7 @@ void *umm_realloc(void *ptr, size_t size) {
 
     uint16_t c;
 
-    size_t curSize;
+    [[maybe_unused]] size_t curSize;
 
     UMM_CHECK_INITIALIZED();
 
@@ -1068,7 +1070,7 @@ void *umm_realloc(void *ptr, size_t size) {
         //  Case 2 - block + next block fits EXACTLY
     } else if ((blockSize + nextBlockSize) == blocks) {
         DBGLOG_DEBUG("exact realloc using next block - %i\n", blocks);
-        umm_assimilate_up(c);
+        umm_assimilate_up(_context, c);
         STATS__FREE_BLOCKS_UPDATE(-nextBlockSize);
         blockSize += nextBlockSize;
 
@@ -1087,8 +1089,10 @@ void *umm_realloc(void *ptr, size_t size) {
         STATS__FREE_BLOCKS_UPDATE(-prevBlockSize);
         STATS__FREE_BLOCKS_ISR_MIN();
         blockSize += prevBlockSize;
+        // Fix new allocation such that poison checks from an ISR pass.
+        POISON_CHECK_SET_POISON_BLOCKS((void *)&UMM_DATA(c), blockSize);
         UMM_CRITICAL_SUSPEND(id_realloc);
-        memmove((void *)&UMM_DATA(c), ptr, curSize);
+        UMM_POISON_MEMMOVE((void *)&UMM_DATA(c), ptr, curSize);
         ptr = (void *)&UMM_DATA(c);
         UMM_CRITICAL_RESUME(id_realloc);
         //  Case 5 - prev block + block + next block fits
@@ -1108,8 +1112,9 @@ void *umm_realloc(void *ptr, size_t size) {
         #else
         blockSize += (prevBlockSize + nextBlockSize);
         #endif
+        POISON_CHECK_SET_POISON_BLOCKS((void *)&UMM_DATA(c), blockSize);
         UMM_CRITICAL_SUSPEND(id_realloc);
-        memmove((void *)&UMM_DATA(c), ptr, curSize);
+        UMM_POISON_MEMMOVE((void *)&UMM_DATA(c), ptr, curSize);
         ptr = (void *)&UMM_DATA(c);
         UMM_CRITICAL_RESUME(id_realloc);
 
@@ -1119,8 +1124,9 @@ void *umm_realloc(void *ptr, size_t size) {
         void *oldptr = ptr;
         if ((ptr = umm_malloc_core(_context, size))) {
             DBGLOG_DEBUG("realloc %i to a bigger block %i, copy, and free the old\n", blockSize, blocks);
+            (void)POISON_CHECK_SET_POISON(ptr, size);
             UMM_CRITICAL_SUSPEND(id_realloc);
-            memcpy(ptr, oldptr, curSize);
+            UMM_POISON_MEMCPY(ptr, oldptr, curSize);
             UMM_CRITICAL_RESUME(id_realloc);
             umm_free_core(_context, oldptr);
         } else {
@@ -1181,8 +1187,10 @@ void *umm_realloc(void *ptr, size_t size) {
             blockSize = blocks;
             #endif
         }
+        // Fix new allocation such that poison checks from an ISR pass.
+        POISON_CHECK_SET_POISON_BLOCKS((void *)&UMM_DATA(c), blockSize);
         UMM_CRITICAL_SUSPEND(id_realloc);
-        memmove((void *)&UMM_DATA(c), ptr, curSize);
+        UMM_POISON_MEMMOVE((void *)&UMM_DATA(c), ptr, curSize);
         ptr = (void *)&UMM_DATA(c);
         UMM_CRITICAL_RESUME(id_realloc);
     } else if (blockSize >= blocks) { // 2
@@ -1198,8 +1206,9 @@ void *umm_realloc(void *ptr, size_t size) {
         void *oldptr = ptr;
         if ((ptr = umm_malloc_core(_context, size))) {
             DBGLOG_DEBUG("realloc %d to a bigger block %d, copy, and free the old\n", blockSize, blocks);
+            (void)POISON_CHECK_SET_POISON(ptr, size);
             UMM_CRITICAL_SUSPEND(id_realloc);
-            memcpy(ptr, oldptr, curSize);
+            UMM_POISON_MEMCPY(ptr, oldptr, curSize);
             UMM_CRITICAL_RESUME(id_realloc);
             umm_free_core(_context, oldptr);
         } else {
@@ -1223,8 +1232,9 @@ void *umm_realloc(void *ptr, size_t size) {
         void *oldptr = ptr;
         if ((ptr = umm_malloc_core(_context, size))) {
             DBGLOG_DEBUG("realloc %d to a bigger block %d, copy, and free the old\n", blockSize, blocks);
+            (void)POISON_CHECK_SET_POISON(ptr, size);
             UMM_CRITICAL_SUSPEND(id_realloc);
-            memcpy(ptr, oldptr, curSize);
+            UMM_POISON_MEMCPY(ptr, oldptr, curSize);
             UMM_CRITICAL_RESUME(id_realloc);
             umm_free_core(_context, oldptr);
         } else {
@@ -1250,6 +1260,8 @@ void *umm_realloc(void *ptr, size_t size) {
 
     STATS__FREE_BLOCKS_MIN();
 
+    ptr = POISON_CHECK_SET_POISON(ptr, size);
+
     /* Release the critical section... */
     UMM_CRITICAL_EXIT(id_realloc);
 
@@ -1258,6 +1270,7 @@ void *umm_realloc(void *ptr, size_t size) {
 
 /* ------------------------------------------------------------------------ */
 
+#if !defined(UMM_POISON_CHECK) && !defined(UMM_POISON_CHECK_LITE)
 void *umm_calloc(size_t num, size_t item_size) {
     void *ret;
 
@@ -1273,6 +1286,7 @@ void *umm_calloc(size_t num, size_t item_size) {
 
     return ret;
 }
+#endif
 
 /* ------------------------------------------------------------------------ */
 
 
@@ -618,6 +618,17 @@ extern bool  umm_poison_check(void);
 // Local Additions to better report location in code of the caller.
 void *umm_poison_realloc_fl(void *ptr, size_t size, const char *file, int line);
 void  umm_poison_free_fl(void *ptr, const char *file, int line);
+#define POISON_CHECK_SET_POISON(p, s) get_poisoned(p, s)
+#define POISON_CHECK_SET_POISON_BLOCKS(p, s) \
+    do { \
+        size_t super_size = (s * sizeof(umm_block)) - (sizeof(((umm_block *)0)->header)); \
+        get_poisoned(p, super_size); \
+    } while (false)
+#define UMM_POISON_SKETCH_PTR(p) ((void *)((uintptr_t)p + sizeof(UMM_POISONED_BLOCK_LEN_TYPE) + UMM_POISON_SIZE_BEFORE))
+#define UMM_POISON_SKETCH_PTRSZ(p) (*(UMM_POISONED_BLOCK_LEN_TYPE *)p)
+#define UMM_POISON_MEMMOVE(t, p, s) memmove(UMM_POISON_SKETCH_PTR(t), UMM_POISON_SKETCH_PTR(p), UMM_POISON_SKETCH_PTRSZ(p))
+#define UMM_POISON_MEMCPY(t, p, s) memcpy(UMM_POISON_SKETCH_PTR(t), UMM_POISON_SKETCH_PTR(p), UMM_POISON_SKETCH_PTRSZ(p))
+
 #if defined(UMM_POISON_CHECK_LITE)
 /*
     * We can safely do individual poison checks at free and realloc and stay
@@ -637,9 +648,12 @@ void  umm_poison_free_fl(void *ptr, const char *file, int line);
 #else
 #define POISON_CHECK() 1
 #define POISON_CHECK_NEIGHBORS(c) do {} while (false)
+#define POISON_CHECK_SET_POISON(p, s) (p)
+#define POISON_CHECK_SET_POISON_BLOCKS(p, s)
+#define UMM_POISON_MEMMOVE(t, p, s) memmove((t), (p), (s))
+#define UMM_POISON_MEMCPY(t, p, s) memcpy((t), (p), (s))
 #endif
 
-
 #if defined(UMM_POISON_CHECK) || defined(UMM_POISON_CHECK_LITE)
 /*
  * Overhead adjustments needed for free_blocks to express the number of bytes
 
@@ -163,8 +163,11 @@ void *umm_poison_malloc(size_t size) {
     add_poison_size(&size);
 
     ret = umm_malloc(size);
-
-    ret = get_poisoned(ret, size);
+    /*
+      "get_poisoned" is now called from umm_malloc while still in a critical
+      section. Before umm_malloc returned, the pointer offset was adjusted to
+      the start of the requested buffer.
+    */
 
     return ret;
 }
@@ -177,17 +180,16 @@ void *umm_poison_calloc(size_t num, size_t item_size) {
     // Use saturated multiply.
     // Rely on umm_malloc to supply the fail response as needed.
     size_t size = umm_umul_sat(num, item_size);
+    size_t request_sz = size;
 
     add_poison_size(&size);
 
     ret = umm_malloc(size);
 
     if (NULL != ret) {
-        memset(ret, 0x00, size);
+        memset(ret, 0x00, request_sz);
     }
 
-    ret = get_poisoned(ret, size);
-
     return ret;
 }
 
@@ -200,8 +202,11 @@ void *umm_poison_realloc(void *ptr, size_t size) {
 
     add_poison_size(&size);
     ret = umm_realloc(ptr, size);
-
-    ret = get_poisoned(ret, size);
+    /*
+      "get_poisoned" is now called from umm_realloc while still in a critical
+      section. Before umm_realloc returned, the pointer offset was adjusted to
+      the start of the requested buffer.
+    */
 
     return ret;
 }