CN104714834B - The method for scheduling task that a kind of space determines - Google Patents
The method for scheduling task that a kind of space determines Download PDFInfo
- Publication number
- CN104714834B CN104714834B CN201310689411.1A CN201310689411A CN104714834B CN 104714834 B CN104714834 B CN 104714834B CN 201310689411 A CN201310689411 A CN 201310689411A CN 104714834 B CN104714834 B CN 104714834B
- Authority
- CN
- China
- Prior art keywords
- task
- space
- code
- data field
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 230000003068 static effect Effects 0.000 claims abstract description 29
- 230000004224 protection Effects 0.000 claims abstract description 27
- 230000007246 mechanism Effects 0.000 claims abstract description 18
- 230000008569 process Effects 0.000 claims abstract description 17
- 230000002159 abnormal effect Effects 0.000 claims description 15
- 230000006870 function Effects 0.000 claims description 13
- 230000005856 abnormality Effects 0.000 claims description 8
- 238000011084 recovery Methods 0.000 claims description 8
- 230000001960 triggered effect Effects 0.000 claims description 5
- 230000006378 damage Effects 0.000 claims description 4
- 238000003860 storage Methods 0.000 claims description 4
- 230000002950 deficient Effects 0.000 claims description 3
- 238000002955 isolation Methods 0.000 claims description 2
- 235000013399 edible fruits Nutrition 0.000 claims 1
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000014759 maintenance of location Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Landscapes
- Storage Device Security (AREA)
- Debugging And Monitoring (AREA)
Abstract
The method for scheduling task that a kind of space determines, including:1)Code area and data field bulk are determined in compilation process by the way of advance static defining;2)After start-up loading process is loaded into internal memory, static state determines the start physical address and size in code area and data field space;3)Security protection is carried out to code area and data field using security protection mechanism, avoids carrying out write access to the configuration data of code area and data field, image file and interrupt vector table;4)Particular code area and data field are isolated;5)Interruption and service routine is used to avoid wrong sprawling to take over the exception due to access triggers.The invention provides a kind of strick precaution strengthened to illegal pointer, early find and location tasks scheduler core data collapse case and the security that can further improve task dispatcher platform software space determine method for scheduling task.
Description
Technical field
The invention belongs to computer operating system platform software field, is related to the method for scheduling task that a kind of space determines,
More particularly to a kind of number of task dispatcher element (task, semaphore etc.) is fixed, handle space is fixed, code space and
The spaces such as data space determination determine and the restoration methods of error checking.
Background technology
The conventional operating system of built-in field has linux, ucOS, vxWorks etc., and these operating systems provide more
The operating system such as business, semaphore element and API, but these elements substantially all can dynamic creation and maintenance, its number ceaselessly becomes
Change, handle is discrete is distributed in internal memory, cause the reference to these operating system elements if there is exception, it is difficult to check;Especially
It is that its data structure region once produces destruction, and mistake often spreads in the application to be just found to a certain extent.Except this it
Outside, most of operating system is all bigger to code and the protection domain of data field, and this is certainly because code can dynamic load
Can be caused by dynamically distributes with internal memory, but actually application program determines enough in most cases, may further determine that generation
Code space and data space, to improve more accurate protection.
The content of the invention
In order to solve above-mentioned technical problem present in background technology, the invention provides one kind can strengthen to illegal pointer
Strick precaution, find early and the collapse case of location tasks scheduler core data and can further improve task dispatcher and put down
The method for scheduling task that the space of the security of platform software determines.
The present invention technical solution be:The invention provides the method for scheduling task that a kind of space determines, its is special
Part is:The method for scheduling task that the space determines comprises the following steps:
1) code area and data field bulk are determined in compilation process by the way of advance static defining;
2) after start-up loading process is loaded into internal memory, the starting in static state determination code area and data field space is physically
Location and size;
3) security protection is carried out to code area and data field using security protection mechanism, avoided to code area and data
Configuration data, image file and the interrupt vector table in area carry out write access;
4) particular code area and data field are isolated, the isolation includes with the determination address space of zero starting, appointed
Business control block, task stack space and semaphore control block;
5) interruption and service routine is used to avoid wrong sprawling to take over the exception due to access triggers.
Above-mentioned steps 1) specific implementation be:
1.1) using the initial address of macrodefinition code area and data field, and ensure that initial address is not zero;
1.2) all variables that source code uses just can static immobilization code area and data field when compiling link
To corresponding physical location, and calculate the size of code area and data field;All variables that the source code uses include
The all static variable for determining or dynamically applying and discharge in the fixed stack space of task of array, structure;
1.3) image file is loaded into memory address from solid-state storage, and code content is loaded into macrodefinition by start-up loading process
Code region, the data for having initialization value are loaded into the data area of macrodefinition;
1.4) code space region, interrupt vector, exception vector, data area are controlled according to position and size by MMU
Access mechanism.
Above-mentioned steps 1.4) in code space region be controlled by MMU mechanism, with minimum MMU unit integral multiples enter
Row protection, code space are no longer writeable;In start-up course, interrupt vector and exception vector are loaded into physical location, complete
Afterwards, interrupt vector and exception vector are controlled by MMU mechanism, are protected with the MMU unit integral multiples of minimum, the sky
Between it is not re-writable;The position of data area and size are controlled by MMU mechanism, are carried out with the MMU units integral multiple of minimum
Protection, data field is read-write, but any read-write window is no longer opened in the other spaces of internal memory of non-data area, with 0 in starting
Depositing space no longer allows digital independent, can only code reading.
Above-mentioned data area includes the data of initialization value and initialization value be defaulted as 0 bss areas.
Above-mentioned steps 4) specific implementation be:
4.1) locality protection is carried out to particular code area and data field;
4.2) tissue and the protection of task dispatcher element are carried out to particular code area and data field;The task dispatcher
Element includes maximum task number and its storehouse size, peak signal amount number, task control block, the task heap of task dispatcher
Stack space and semaphore control block.
Above-mentioned steps 4.1) specific implementation be:
With a certain size space of zero starting after the completion of task dispatcher initialization is complete can not data access, using generation
If code is defective, the nil pointer that often occurs, which accesses, can trigger that MMU is abnormal immediately, exception routine can alignment error code bit
Put with corresponding task, recorded to abnormal, and the abnormality processing function of calling task registration so as to carry out state switching with
And Fault recovery.
Above-mentioned steps 4.2) specific implementation be:
Maximum task number and its storehouse size, the peak signal amount number of the task dispatcher are static really by macrodefinition
It is fixed;The task control block, task stack space and semaphore control block structure are established by the structural array of static state;
The ID of the task and ID of semaphore is the ID of system core, adds special ID prefixes and is protected;Judge these
Whether ID is destroyed, if so, the characteristics of then prefix destruction or ID break bounds can be presented in ID, when operating ID, checks ID, energy
The situation that ID is destroyed is found in time;If it is not, then ID is abnormal, is then recorded to abnormal, trigger traps, suspend application
Perform, the abnormality processing function registered by traps calling task carries out state switching and Fault recovery;
The storehouse plot and size of each task determine, carry out stack checking first after function entrance, confirm stack
Position is pushed up in the stack area of the task;If storehouse overflows, to the abnormal record in time, traps are triggered, so as to temporary
Stop the execution of application, the abnormality processing function registered by traps calling task carries out state switching and Fault recovery.
It is an advantage of the invention that:
The invention provides the method for scheduling task that a kind of space determines, the method for scheduling task that the space determines is by such as
Lower method carries out task scheduling:Code area and data field can be determined greatly by way of static defining in compilation process
Small, after start-up loading process is loaded into internal memory, its original position and size can be decided, so, it may be considered that
For the region conduct interviews control etc. protection mechanism.If Data Area data, including task dispatcher core element (such as more
It is engaged in structure, semaphore structure etc.) institute such as all static defining, variable that whole task dispatcher and application program use, buffering
Account for internal memory and size is all determined in compilation process, then can accomplish in the process of running, it is no longer necessary to dynamically apply for new internal memory.
So data field of static distribution, it may be considered that handle (pointer), storehouse to task dispatcher element etc. do further access
Control and protection.The task scheduling carried out based on the high task dispatcher determined provided by the present invention, realizes code area, number
Protected according to the static allocation and space access in area, improve the efficiency and security of task scheduling, hard real time, highly reliable can be met
Safety-critical application scheduling requirement.
Embodiment
The method for scheduling task that a kind of space determines, code is determined by the way of advance static defining in compilation process
Area and data field bulk, after start-up loading process is loaded into internal memory, the starting physics in code area and data field space
Address and size static can determine, and for the region using security protection mechanisms such as read and write access controls, avoid pair
The data such as configuration data, image file, interrupt vector table carry out write access.Meanwhile task dispatcher is to particular code area sum
Isolated according to area, including with the determination address space of zero starting, task control block, task stack space, semaphore control block
Etc. key element, nil pointer, the reference of handle mistake are avoided, stack overflow, data access is crossed the border, task ID mistake is quoted to specially region
Access, and use it is corresponding interrupt and service routine is to take over the exception due to access triggers, avoid wrong sprawling.
The mode of advance static defining determines code area and data field bulk in compilation process, i.e., to code area with
The general location of data field and protection, including the initial address using macrodefinition code area and data field;What source code used
All variables just energy static immobilization code area and data field physical location corresponding to, and calculate generation when compiling link
Code and the size of data field;Image file is loaded into memory address from solid-state storages such as Flash and determined;Code space region, interrupt
Vector, exception vector, data area control access mechanism according to position and size by MMU, avoid writeable.
Task dispatcher is isolated to particular code area and data field, i.e. locality protection, the group of task dispatcher element
Knit and protect, ensure that application program obtains the MMU protections of the code area and data field of minimum zone, determine the data outside space
Same triggering MMU exceptions are accessed, the use and mistake for so further having taken precautions against wrong indicator spread;While task dispatcher is most
Big task number and its storehouse size, peak signal amount number are by the static determination of macrodefinition, corresponding task control block, task heap
The structures such as stack space, semaphore control block are established by the structural array of static state, ensure the internal memory of task dispatcher core element
Distribution is static to be determined, protection mechanism is provided for the mistake reference of related handle, stack overflow.
The general location and protection of code area and data field:
By the initial address of macrodefinition code area and data field, and ensure that initial address is not zero (for convenience of intercepting and capturing
The mistake of nil pointer), all variables that source code (including task dispatcher and application program) uses, including array, structure
Dynamically apply and discharge Deng all static determination or in the fixed stack space of task, task dispatcher no longer provides dynamic in itself
The interface function of random memory, when such compiling link just can static immobilization code area and data field to corresponding
Physical location, and calculate the size of code and data field.
In image file after the solid-state storages such as Flash are loaded into internal memory, start-up loading process can be loaded into code content
The code region of macrodefinition, the data for having initialization value are loaded into the data area of macrodefinition.
Code space region is controlled by MMU mechanism, is protected with the MMU unit integral multiples of minimum, and code is empty
Between it is no longer writeable.
In start-up course, the content such as interrupt vector, exception vector can be loaded into the physical bit relevant with specific CPU hardware
Put, after the completion of loading, the region is controlled also by MMU mechanism, is protected with the MMU unit integral multiples of minimum, the sky
Between it is not re-writable.
Data area (include the data of initialization value and initialization value be defaulted as 0 bss areas) position and size
It is controlled, is protected with the MMU unit integral multiples of minimum, data field is read-write, but non-data area is interior by MMU mechanism
Deposit other spaces and no longer open any read-write window, digital independent is no longer allowed with 0 memory headroom for starting, can only code reading
Take.
The flash spaces that are also possible to have access to for system data bus, PCI address spaces, dual port RAM space etc. are extra
Space, using corresponding MMU controls are opened when accessing, access the mode for terminating to close corresponding MMU controls so that the drive only determined
Dynamic code can just have access to these addresses.
The effect of locality protection:
With a certain size space of zero starting after the completion of task dispatcher initialization is complete can not data access, so not
Only protect code area, and if the defective nil pointer that often occurs of application code access that to trigger MMU immediately abnormal, it is different
The code position and corresponding task of common practice journey meeting alignment error, are recorded to abnormal, and the exception of calling task registration
Function is managed to carry out state switching, Fault recovery etc..
So, application program obtains the MMU protections of the code area and data field of minimum zone, even if physical memory space
It is very big, but unnecessary physical memory space is not accessed in MMU table item and opened, determine that the data access outside space is same
MMU exceptions are triggered, the use and mistake for so further having taken precautions against wrong indicator spread.
The tissue of task dispatcher element and protection:
Maximum task number and its storehouse size, the peak signal amount number of the task dispatcher of the present invention are quiet by macrodefinition
State determines that the structure such as corresponding task control block, task stack space, semaphore control block is built by the structural array of static state
Vertical, the Memory Allocation of so these task dispatcher core elements is static to be determined, is that the mistake of related handle is quoted, stack overflow
The conditions that provide the foundation such as inspection.
The ID of the ID of task and the ID of semaphore as system core, add special ID prefixes and protected, if this
The characteristics of a little ID are destroyed, then prefix destruction or ID break bounds can be presented in ID in most cases, when these ID are operated,
ID is checked, then can find the situation that ID is destroyed in time, this often caused by application program to certain data manipulation
Caused by crossing the border.Once it was found that ID is abnormal, then to abnormal timely record, traps are triggered, to suspend the execution of application, by soft
The abnormality processing function of interrupt call task registration carries out state switching, Fault recovery etc..
The storehouse plot and size of each task determine, carry out stack checking first after function entrance, confirm stack top position
Put in the stack area of the task.If storehouse overflows, to the abnormal record in time, traps are triggered, should to suspend
Execution, the abnormality processing function registered by traps calling task carry out state switching, Fault recovery etc..
The effect of element protection:
Task dispatcher element is system-critical data, the mistake modifications of these data, pointer error, spilling etc. can cause be
The collapse of system, bring very big potential safety hazard.It is more timely to the checksum protection of these elements, then more it can reduce safe thing
Therefore.Many mistakes of application program can all cause the random operation of pointer, and data field is damaged, intersperses among the element of data field
ID variables turn into a kind of checkpoint of data corruption, can find to destroy and collapse earlier than pure application process, the triggering of traps
The sprawling of mistake can then be stopped in time.
Claims (4)
- A kind of 1. method for scheduling task that space determines, it is characterised in that:The method for scheduling task that the space determines include with Lower step:1) code area and data field bulk are determined in compilation process by the way of advance static defining;2) after start-up loading process is loaded into internal memory, static state determine code area and data field space start physical address and Size;3) security protection is carried out to code area and data field using security protection mechanism, avoided to code area and data field Configuration data, image file and interrupt vector table carry out write access;4) particular code area and data field are isolated, the isolation is included with the determination address space of zero starting, task control Clamp dog, task stack space and semaphore control block;5) interruption and service routine is used to avoid wrong sprawling to take over the exception due to access triggers;The specific implementation of the step 4) is:4.1) locality protection is carried out to particular code area and data field;4.2) tissue and the protection of task dispatcher element are carried out to particular code area and data field;The task dispatcher element Maximum task number and its storehouse size, peak signal amount number, task control block including task dispatcher, task stack are empty Between and semaphore control block;The specific implementation of the step 4.1) is:With a certain size space of zero starting after the completion of task dispatcher initialization is complete can not data access, application code is such as Fruit is defective, and the nil pointer that often occurs, which accesses, can trigger that MMU is abnormal immediately, exception routine can alignment error code position and Corresponding task, recorded to abnormal, and the abnormality processing function of calling task registration is to carry out state switching and mistake Recover by mistake;The specific implementation of the step 4.2) is:Maximum task number and its storehouse size, the peak signal amount number of the task dispatcher are determined by macrodefinition is static; The task control block, task stack space and semaphore control block structure are established by the structural array of static state;The ID of the task and ID of semaphore is the ID of system core, adds special ID prefixes and is protected;Judging these ID is It is no to be destroyed, if so, the characteristics of then prefix destruction or ID break bounds can be presented in ID, when operating ID, checks ID, can be in time It was found that the situation that ID is destroyed;If it is not, then ID is abnormal, is then recorded to abnormal, trigger traps, suspend holding for application OK, the abnormality processing function registered by traps calling task carries out state switching and Fault recovery;The storehouse plot and size of each task determine, carry out stack checking first after function entrance, confirm stack top position Put in the stack area of the task;If storehouse overflows, to the abnormal record in time, traps are triggered, should to suspend Execution, the abnormality processing function registered by traps calling task carry out state switching and Fault recovery.
- 2. the method for scheduling task that space according to claim 1 determines, it is characterised in that:The specific reality of the step 1) Now mode is:1.1) using the initial address of macrodefinition code area and data field, and ensure that initial address is not zero;1.2) all variables that source code uses when compiling link just can static immobilization code area and data field to pair The physical location answered, and calculate the size of code area and data field;All variables that the source code uses include array, The all static variable for determining or dynamically applying and discharge in the fixed stack space of task of structure;1.3) image file is loaded into memory address from solid-state storage, and code content is loaded into the generation of macrodefinition by start-up loading process Code region, the data for having initialization value is loaded into the data area of macrodefinition;1.4) code space region, interrupt vector, exception vector, data area are controlled by MMU according to position and size and accessed Mechanism.
- 3. the method for scheduling task that space according to claim 2 determines, it is characterised in that:Code in the step 1.4) Area of space is controlled by MMU mechanism, is protected with the MMU unit integral multiples of minimum, code space is no longer writeable; In start-up course, interrupt vector and exception vector are loaded into physical location, after the completion of, interrupt vector and exception vector pass through MMU mechanism is controlled, and is protected with the MMU unit integral multiples of minimum, the space is not re-writable;The position of data area and Size is controlled by MMU mechanism, is protected with the MMU unit integral multiples of minimum, data field is read-write, but non-data area The other spaces of internal memory no longer open any read-write window, with 0 for starting memory headroom no longer allow digital independent, Zhi Nengdai Code is read.
- 4. the method for scheduling task that space according to claim 3 determines, it is characterised in that:The data area includes The data and initialization value of initialization value are defaulted as 0 bss areas.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310689411.1A CN104714834B (en) | 2013-12-14 | 2013-12-14 | The method for scheduling task that a kind of space determines |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310689411.1A CN104714834B (en) | 2013-12-14 | 2013-12-14 | The method for scheduling task that a kind of space determines |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104714834A CN104714834A (en) | 2015-06-17 |
| CN104714834B true CN104714834B (en) | 2018-01-12 |
Family
ID=53414204
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310689411.1A Active CN104714834B (en) | 2013-12-14 | 2013-12-14 | The method for scheduling task that a kind of space determines |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104714834B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107103234B (en) * | 2017-03-01 | 2020-06-26 | 北京龙鼎源科技股份有限公司 | Multitask isolation method and device |
| CN109144756A (en) * | 2017-06-27 | 2019-01-04 | 阿里巴巴集团控股有限公司 | A kind of method and device of stack overflow processing |
| CN111538579B (en) * | 2020-04-23 | 2023-02-03 | 山东华芯半导体有限公司 | Multitask operation method under embedded platform |
| CN112363950B (en) * | 2020-11-30 | 2024-06-14 | 杭州海康汽车软件有限公司 | Application program debugging method and device |
| CN116483586B (en) * | 2023-06-21 | 2023-09-26 | 广东广宇科技发展有限公司 | Data efficient processing method based on dynamic array |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5287511A (en) * | 1988-07-11 | 1994-02-15 | Star Semiconductor Corporation | Architectures and methods for dividing processing tasks into tasks for a programmable real time signal processor and tasks for a decision making microprocessor interfacing therewith |
| US7296271B1 (en) * | 2000-06-28 | 2007-11-13 | Emc Corporation | Replaceable scheduling algorithm in multitasking kernel |
| CN100388200C (en) * | 2003-01-06 | 2008-05-14 | 松下电器产业株式会社 | Compilation method, compilation unit, target program execution method and unit |
| US7421681B2 (en) * | 2003-10-09 | 2008-09-02 | International Business Machines Corporation | Method and system for autonomic monitoring of semaphore operation in an application |
| CN1324471C (en) * | 2004-08-18 | 2007-07-04 | 中兴通讯股份有限公司 | Method for protecting assigned course private data area and stack area |
| CN101251810A (en) * | 2008-03-11 | 2008-08-27 | 浙江大学 | Process Scheduling Optimization Method for Embedded Operating System Based on SPM |
-
2013
- 2013-12-14 CN CN201310689411.1A patent/CN104714834B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN104714834A (en) | 2015-06-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9037873B2 (en) | Method and system for preventing tampering with software agent in a virtual machine | |
| EP3591565A1 (en) | Computing device with increased resistance against rowhammer attacks | |
| CN109558211A (en) | The method for protecting the interaction integrality and confidentiality of trusted application and common application | |
| KR102075369B1 (en) | A data processing apparatus and method for protecting secure data and program code from non-secure access when switching between secure and less secure domains | |
| CN104714834B (en) | The method for scheduling task that a kind of space determines | |
| KR102075372B1 (en) | Exception handling in a data processing apparatus having a secure domain and a less secure domain | |
| US20180285561A1 (en) | Method and system for detecting kernel corruption exploits | |
| US9213807B2 (en) | Detection of code injection attacks | |
| CN107357666A (en) | A kind of multi-core parallel concurrent system processing method based on hardware protection | |
| CN103620614A (en) | Secure handling of interrupted events | |
| US12248562B2 (en) | Domain transition disable configuration parameter | |
| US10114948B2 (en) | Hypervisor-based buffer overflow detection and prevention | |
| KR20130033416A (en) | Methods and apparatus to protect segments of memory | |
| US9189620B2 (en) | Protecting a software component using a transition point wrapper | |
| US20190347155A1 (en) | Mitigating actions | |
| CN112970019B (en) | Apparatus and method for strengthening hardware-assisted memory security | |
| US20170371733A1 (en) | Hypervisor techniques for performing non-faulting reads in virtual machines | |
| CN110532767A (en) | Internal insulation method towards SGX security application | |
| CN113918371B (en) | Memory processing method and device | |
| CN107643943A (en) | The management method and device of a kind of task stack | |
| CN107851032B (en) | Computing device, system, and method for executing services in containers | |
| CN117234729B (en) | Dynamic memory protection method, device, computer equipment and storage medium | |
| EP4390708B1 (en) | Selective memory duplication control | |
| CN103955649A (en) | Method for safely starting terminal equipment | |
| CN120256337A (en) | Automatic memory protection method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |