CN100507878C - Access control apparatus, access control method, memory access control device, and memory access control method - Google Patents

Access control apparatus, access control method, memory access control device, and memory access control method Download PDF

Info

Publication number
CN100507878C
CN100507878C CNB2006101667893A CN200610166789A CN100507878C CN 100507878 C CN100507878 C CN 100507878C CN B2006101667893 A CNB2006101667893 A CN B2006101667893A CN 200610166789 A CN200610166789 A CN 200610166789A CN 100507878 C CN100507878 C CN 100507878C
Authority
CN
China
Prior art keywords
data
code
mask
syndrome
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2006101667893A
Other languages
Chinese (zh)
Other versions
CN1991801A (en
Inventor
金井达德
吉井谦一郎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Toshiba Corp
Original Assignee
Toshiba Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Toshiba Corp filed Critical Toshiba Corp
Publication of CN1991801A publication Critical patent/CN1991801A/en
Application granted granted Critical
Publication of CN100507878C publication Critical patent/CN100507878C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

An access control apparatus includes a parity generator that generates a parity for original data to be written into a memory; and a parity adder that generates parity-added data by adding the parity to the original data; a first syndrome generator that generates a first syndrome of first mask data to mask the parity-added data. The first syndrome is a value associated beforehand with a first access code to be used when a writer accesses the memory. The apparatus also includes a first mask generator that generates the first mask data based on the first syndrome, the first access code, and a first memory address; a first XOR unit that obtains first post-operation data by calculating an XOR between the parity-added data and the first mask data; and a writing unit that writes the first post-operation data into the memory.

Description

Access control apparatus, method and memory access control device, method
Invention field
The present invention relates to the access control apparatus that to be controlled memory access.The invention still further relates to access control system, processor, access control method, memory access control device, memory access control system and memory access control method.
Technical background
In modem computer systems, adopted multiprogramming approach, can between several processes (program, task or work), switch by this method, can effectively utilize the various resources in the computer system like this, as storer or CPU.
In a kind of like this system, may be seen by another process or be destroyed by the data of a process specific in the storer by covering.
In order to address this problem, widely used a kind of method is by the storer key value of the key value of process with the storer that will visit being compared, judging whether allow visit.Described " storer key value " be at storer each pre-sizing (such as, 4KB) and the record information.In Dec, 2000, the 3-9 page or leaf of the patent SA22-7832-00 that is entitled as " z/ArchitecturePrinciples of Operation " of IBM disclosed this technology in the 3-12 page or leaf.
But, in the storage protection system that adopts above-mentioned storer key value technology, both needed to be provided for storing memory of data, also need to be provided for storing the storer of described storer key value.So, will increase hardware quantity.
Also have, such as, suppose that shielded unit is every page of 4KB.When being in a small amount data, in storer, will be left untapped storage area when shielded.This problem can be by distributing a storer key value to solve for each less storage area.But such solution needs more storer to store described storer key value.
In addition, when breaking down in the storer, just can conduct interviews to storer, this can cause undelegated data read operation.
Summary of the invention
According to an aspect of the present invention, a kind of access control apparatus is used for controlling the visit between write device, reader and the storer, comprising: the parity checking code generator at the raw data of wanting write store, generates parity check code; The parity check code totalizer by adding the parity check code that the parity checking code generator generates to raw data, generates the data that are added with parity check code; The first syndrome maker generates first syndrome, promptly writes the value that the first used fetcher code of raw data is associated with the write device request to storer; First mask code generator based on first syndrome, first fetcher code and first memory address, generates first mask data, and wherein, write device writes raw data in the first memory address; The first XOR unit by carry out XOR between the data that are added with parity check code and first mask data, obtains data after first computing; Writing unit is in writing data into memory after first computing; The second syndrome maker is used to generate second syndrome, i.e. the value that is associated from the second used fetcher code of memory read data with reader request; Second mask code generator based on second syndrome, second fetcher code and second memory address, generates second mask data, and wherein, reader is from the second memory address reading data; Reading unit reads data after first computing from storer; The second XOR unit by carrying out XOR between the data after second mask data and first computing, obtains data after second computing; The sub-counter of the adjustment of data based on data after second computing, calculates real data syndrome; And the output judging unit, based on real data syndrome, judge whether data after second computing are exported as raw data.
According to a further aspect in the invention, a kind of access control system, the memory access control device that comprises processor, Memory Controller and be used for the control store visit, this memory access control device comprises: the parity checking code generator, at the raw data of wanting write store, generate parity check code; The parity check code totalizer by adding the parity check code that the parity checking code generator generates to raw data, generates the data that are added with parity check code; The first syndrome maker, generate first syndrome of first mask data, so that the data that are added with parity check code are carried out mask, first syndrome is the value that is associated with first fetcher code in advance, first fetcher code is the information that will use when the write device reference-to storage, and the write device request is the raw data write store; First mask code generator based on first syndrome, first fetcher code and first memory address, generates first mask data, wherein in the first memory address raw data is write; The first XOR unit by carry out XOR between the data that are added with parity check code and first mask data, obtains data after first computing; Writing unit is writing data into memory after first computing; The second syndrome maker, generate second syndrome of second mask data, so that data after first computing are carried out mask, second syndrome is the value that is associated with second fetcher code in advance, second fetcher code is an information used when the access by readers storer, and reader request is from memory read data; Second mask code generator based on second syndrome, second fetcher code and second memory address, generates second mask data, wherein from the second memory address reading data; Reading unit reads data after first computing from storer; The second XOR unit by carrying out XOR between the data after second mask data and first computing, obtains data after second computing; The sub-counter of the adjustment of data based on data after second computing, calculates actual adjustment of data; And the output judging unit, based on real data syndrome, judge whether data after second computing are exported as raw data.
According to another aspect of the present invention, a kind of access control system comprises: processor; And memory access control device, control is to the visit of storer.Memory access control device comprises: the parity checking code generator at the raw data of wanting write store, generates parity check code; The parity check code totalizer by adding the parity check code that the parity checking code generator generates to raw data, generates the data that are added with parity check code; The first syndrome maker, generate first syndrome of first mask data, so that the data that are added with parity check code are carried out mask, first syndrome is the value that is associated with first fetcher code in advance, first fetcher code is an information used when the write device reference-to storage, and the write device request is the raw data write store; First mask code generator based on first syndrome, first fetcher code and first memory address, generates first mask data, wherein in the first memory address raw data is write; The first XOR unit by carry out XOR between the data that are added with parity check code and first mask data, obtains data after first computing; Writing unit is writing data into memory after first computing; The second syndrome maker, generate second syndrome of second mask data, so that data after first computing are carried out mask, second syndrome is the value that is associated with second fetcher code in advance, second fetcher code is an information used when the access by readers storer, and reader request is from memory read data; Second mask code generator based on second syndrome, second fetcher code and second memory address, generates second mask data, and wherein reader is from the second memory address read-outing data; Reading unit is read data after first computing from storer; The second XOR unit by carrying out XOR between the data after second mask data and first computing, obtains data after second computing; The sub-counter of the adjustment of data based on data after second computing, calculates actual adjustment of data; And the output judging unit, based on real data syndrome, judge whether data after second computing are exported as raw data.
According to another aspect of the present invention, a kind of processor that is equipped with Memory Controller and memory access control device, this memory access control device is used to control the visit to storer, this processor comprises: the parity checking code generator, at the raw data that will write described storer, generate parity check code; The parity check code totalizer by adding the parity check code that the parity checking code generator generates to raw data, generates the data that are added with parity check code; The first syndrome maker, generate first syndrome of first mask data, so that the data that are added with parity check code are carried out mask, first syndrome is the value that is associated with first fetcher code in advance, first fetcher code is an information used when the write device reference-to storage, and the write device request is the raw data write store; First mask code generator based on first syndrome, first fetcher code and first memory address, generates first mask data, wherein writes raw data in the first memory address; The first XOR unit by carry out XOR between the data that are added with parity check code and first mask data, obtains data after first computing; Writing unit is writing data into memory after first computing; The second syndrome maker, generate second syndrome of second mask data, so that data after first computing are carried out mask, second syndrome is the value that is associated with second fetcher code in advance, second fetcher code is an information used when the access by readers storer, and wherein reader request is from memory read data; Second mask code generator based on second syndrome, second fetcher code and second memory address, generates second mask data, wherein from the second memory address reading data; Reading unit reads data after first computing from storer; The second XOR unit by carrying out XOR between the data after second mask data and first computing, obtains data after second computing; The sub-counter of the adjustment of data based on data after second computing, calculates actual adjustment of data; And the output judging unit, based on real data syndrome, judge whether data after second computing are exported as raw data.
According to another aspect of the present invention, a kind of access control method comprises: at the primary data that will be written into storer, generate parity check code; By adding the parity check code that is generated, generate the data that are added with parity check code to raw data; Generate first syndrome of first mask data, so that the data that are added with parity check code are carried out mask, first syndrome is the value that is associated with first fetcher code in advance, first fetcher code is an information used when the write device reference-to storage, and the write device request is the raw data write store; Based on first syndrome, first fetcher code and first memory address, generate first mask data, wherein write raw data in the first memory address; By between the data that are added with parity check code and first mask data, carrying out XOR, obtain data after first computing; With writing data into memory after first computing; Generate second syndrome of second mask data, so that data after first computing are carried out mask, second syndrome is the value that is associated with second fetcher code in advance, and second fetcher code is an information used when the access by readers storer, and reader request is from memory read data; Maker generates second mask data based on second syndrome, second fetcher code and second memory address, and wherein data read from the second memory address; Read data after first computing from storer; By carrying out XOR between the data after second mask data and first computing, obtain data after second computing; Based on data after second computing, calculate actual adjustment of data; And, judge whether data after second computing are exported as raw data based on real data syndrome.
According to another aspect of the present invention, a kind of memory access control device, comprise: the read request getter, obtain data that will read from storer and the storage address that is used for reading of data, data and storage address are obtained from a reader, and reader request is from memory read data; The memory buffer watch-dog, judge whether the storage address that the read request getter obtains is stored in the memory buffer, memory buffer is stored data, memory of data address and supplicant access code interrelatedly, ask the write device request of writing data into memory writing data into memory, perhaps reader request is from memory read data, and the supplicant access code is an information used when allowing the write device of visit data or access by readers storer; The fetcher code comparer, when the memory buffer watch-dog determines that storage address is stored in the memory buffer, the supplicant access code is compared with second fetcher code, the supplicant access code is associated with storage address in the memory buffer, and second fetcher code used information when being the access by readers storer; And output unit, when supplicant access code and second fetcher code are complementary, the data that are associated with storage address in the memory buffer are outputed to reader.
According to a further aspect in the invention, a kind of access control system comprises: processor; Memory buffer; And memory access control device, control is to the visit of storer, the data that buffer memory stores has write device or reader to ask, memory of data address and supplicant access code, the write device request is writing data into memory, and reader request is from memory read data, the supplicant access code is an information used when write device that allows visit data or access by readers storer, data and storage address are associated with the supplicant access code, memory access control device comprises: the read request getter, and obtaining from reader will be from data and the memory of data address that storer reads; The memory buffer watch-dog judges whether the storage address that the read request getter obtains is stored in the memory buffer; The fetcher code comparer, determining storage address when the memory buffer watch-dog is when being stored in the memory buffer, the supplicant access code and second fetcher code are compared, the supplicant access code is associated with storage address in the memory buffer, and second fetcher code used information when being the access by readers storer; And output unit, when supplicant access code and second fetcher code were complementary, the data that will be associated with the storage address in the memory buffer outputed to reader.
According to another aspect of the present invention, a kind of memory access control method, comprise: the storage address of obtaining the data that will read and be used for reading of data from storer, data and storage address are that the reader from the storage reading of data obtains from request; Judge whether the storage address of obtaining is stored in the memory buffer, memory buffer is stored data, memory of data address and supplicant access code interrelatedly, ask the write device request of writing data into memory writing data into memory, perhaps reader request is from memory read data, and the supplicant access code is an information used when having the right the write device of visit data or access by readers storer; When storage address is stored in the memory buffer, the supplicant access code and second fetcher code are compared, the supplicant access code is associated with storage address in the memory buffer, and second fetcher code used information when being the access by readers storer; And when supplicant access code and second fetcher code were complementary, the data that will be associated with the storage address in the memory buffer outputed to reader.
Description of drawings
Describe the present invention below with reference to the drawings and specific embodiments, wherein:
Fig. 1 shows the access control system according to first embodiment of the invention;
The operation that Fig. 2 will carry out when showing writing data into memory;
Fig. 3 shows the operation that reading of data D ' carry out;
It is the example that under the situation of 64 bits check matrix and HsiaoSEC-DED sign indicating number is used together that Fig. 4 shows at data length;
Fig. 5 show with Fig. 4 in the corresponding generator matrix of check matrix H;
The block diagram of Fig. 6 shows the concrete function structure of access control apparatus;
Fig. 7 shows the address space of seeing from processor;
The block diagram of Fig. 8 shows the functional structure of mask value generative circuit;
Fig. 9 shows the structure of data mask generative circuit;
Figure 10 A shows visit ID syndrome generative circuit;
Figure 10 B also shows visit ID syndrome generative circuit;
Figure 11 shows the process flow diagram of write operation, and write operation is the part of access control operation in the access control system;
Figure 12 shows the data stream in the write operation process;
Figure 13 shows the used management of process table of visit ID setting operation;
Figure 14 shows the process flow diagram of visit ID setting operation detailed process;
Figure 15 shows the process flow diagram of the detailed process of the mask value generating run that the mask value generative circuit carries out;
Figure 16 shows in the access control system process flow diagram from memory read data;
Figure 17 shows and reads the operation that writes on the data in the storer;
The block diagram of Figure 18 shows the functional structure according to the access control apparatus of second embodiment of the present invention;
The block diagram of Figure 19 shows the functional structure of visit ID management circuit;
Figure 20 shows the data structure of visit ID table;
Figure 21 shows the structure of visit ID management circuit;
Figure 22 shows the process flow diagram that obtains the detailed process of operation according to visit ID in the access control system of second embodiment;
Figure 23 shows the data structure according to the visit ID table of visit ID management circuit in the access control system of third embodiment of the invention;
Figure 24 shows the structure of visit ID management circuit;
Figure 25 shows the process flow diagram that obtains the detailed process of operation according to visit ID in the access control system of the 3rd embodiment;
Figure 26 shows the data structure according to the visit ID table of the 4th embodiment of the present invention;
Figure 27 shows the structure of visit ID management circuit;
Figure 28 shows the process flow diagram that obtains the detailed process of operation according to visit ID in the access control system of the 4th embodiment;
The block diagram of Figure 29 shows the functional structure according to the data mask generative circuit of fifth embodiment of the invention;
Figure 30 shows the data structure that data mask generates information table;
Figure 31 illustrates in greater detail the structure that a LFSR postpones counting circuit;
Figure 32 shows a circuit that is included in the LFSR delay counting circuit;
Figure 33 shows another and is included in LFSR and postpones circuit in the counting circuit;
The block diagram of Figure 34 shows the functional structure according to the data mask generative circuit of sixth embodiment of the invention;
The block diagram of Figure 35 shows the functional structure according to the data mask generative circuit of seventh embodiment of the invention;
Figure 36 shows the address separation circuit;
Figure 37 shows the address separation circuit according to first correction of the 7th embodiment;
The block diagram of Figure 38 shows the data mask generative circuit that includes only zero shift circuit;
The block diagram of Figure 39 shows the data mask generative circuit that includes only the address separation circuit;
The block diagram of Figure 40 shows the data mask generative circuit according to the 3rd correction of the 7th embodiment;
The block diagram of Figure 41 shows the data mask generative circuit according to the 4th correction of the 7th embodiment;
The block diagram of Figure 42 shows the data mask generative circuit according to the 5th correction of the 7th embodiment;
The block diagram of Figure 43 shows the functional structure according to the access control apparatus of eighth embodiment of the invention;
Figure 44 shows address-translating device;
Figure 45 shows the address-translating device according to first correction of the 8th embodiment;
Figure 46 shows the address-translating device according to second correction of the 8th embodiment;
Figure 47 shows the address-translating device according to the 3rd correction of the 8th embodiment;
Figure 48 shows the access control system of first correction of the present invention;
Figure 49 shows the access control system of second correction;
Figure 50 shows the access control system of the 3rd correction;
Figure 51 shows the access control system of the 4th correction;
Figure 52 shows the access control system of the 5th correction;
Figure 53 shows the access control system of the 6th correction;
Figure 54 shows the access control system of the 7th correction;
Figure 55 shows the access control system according to ninth embodiment of the invention;
The block diagram of Figure 56 shows the functional structure of access control apparatus;
The block diagram of Figure 57 shows the functional structure of processor end Buffer control circuit;
The block diagram of Figure 58 shows the functional structure of memory buffer;
The block diagram of Figure 59 shows the functional structure of storer end Buffer control circuit;
Figure 60 shows the process flow diagram of write operation, and write operation is the part according to access control operation in the access control system of the 9th embodiment of the present invention;
Figure 61 shows the process flow diagram of read operation, and read operation is the part according to access control operation in the access control system of the 9th embodiment of the present invention;
The block diagram of Figure 62 shows the functional structure according to the access control apparatus of tenth embodiment of the invention;
The block diagram of Figure 63 shows the functional structure according to the mask value generative circuit of the tenth embodiment;
Figure 64 shows the data structure of information of address conversion table;
Figure 65 shows a storage address;
Figure 66 A shows the address translation operation that address-translating device is carried out;
Figure 66 B also shows the address translation operation that address-translating device is carried out;
Figure 67 shows address-translating device;
Figure 68 shows the address translation table that realizes address translation feature among Figure 66 A and Figure 66 B;
Figure 69 shows the process flow diagram according to the write operation in the access control system of the tenth embodiment;
Figure 70 shows the process flow diagram according to the read operation in the access control system of the tenth embodiment;
Figure 71 shows the address-translating device according to first correction of the tenth embodiment;
Figure 72 shows the data structure that generates information table according to the data mask of second correction of the tenth embodiment;
The block diagram of Figure 73 shows the functional structure according to the memory access control device of eleventh embodiment of the invention;
Figure 74 shows reorder buffer;
Figure 75 shows the process flow diagram of the operation that the burst-transfer controller will carry out when storer writes data;
Figure 76 illustrates in greater detail the write operation shown in Figure 75;
The process flow diagram of the operation that will carry out when Figure 77 shows the burst-transfer controller from memory read data;
Figure 78 illustrates in greater detail the read operation shown in Figure 77;
The block diagram of Figure 79 shows the functional structure according to the storer end Buffer control circuit of the correction of the 11 embodiment;
Figure 80 shows the access control system according to the 12 embodiment of the present invention;
Figure 81 shows the functional structure of memory access control device;
The block diagram of Figure 82 shows the functional structure of bus encryption equipment;
The mask operation that signal example shown in Figure 83 is not carried out through bus encryption equipment;
Signal example shown in Figure 84 has been passed through the mask operation that bus encryption equipment is carried out;
The block diagram of Figure 85 shows the functional structure according to the bus encryption equipment of second correction of the 12 embodiment;
The block diagram of Figure 86 shows the functional structure according to the memory access control device of the 3rd correction of the 12 embodiment;
The block diagram of Figure 87 shows the functional structure according to the memory access control device of the 4th correction of the 12 embodiment; And
The block diagram of Figure 88 shows the functional structure according to the memory access control device of the 5th correction of the 12 embodiment;
Embodiment
Below in conjunction with accompanying drawing, describe the embodiment of access control apparatus, access control system, processor, access control method, memory access control device, memory access control system and memory access control method in detail.But, the invention is not restricted to the following examples.
Fig. 1 shows the general structure according to a kind of access control system 1 of first embodiment.Access control system 1 comprises access control apparatus 10, processor 20, Memory Controller 30 and storer 40.
Processor 20 and storer 40 interconnect, and link to each other with access control apparatus 10 with Memory Controller 30.Memory Controller 30 provides arbitration for the difference between the agreement of the agreement of processor bus 22 (the directly signal wire that extends out from processor) and memory bus 42.In other words, 30 pairs of Memory Controllers be used for reading or write from processor 20 be transferred to processor bus 22 data signal and be used for the difference that storer 40 carries out between the signal of read or write operation is arbitrated.
Such as, specified the address and sent read request if storer 40 is DRAM and processor 20, then need this address is divided into high address and low order address, then they are sent to storer 40.Memory Controller 30 can be changed the difference on the program between them.
Between access control apparatus 10 connected storage controllers 30 and the storer 40.When from storer 40 reading of data, access control apparatus 10 can judge whether the reader of these data has the authority of these data of visit.Processor 20 is by Memory Controller 30, about the information setting of access rights to visiting in the opertaing device 10.More particularly, processor 20 can be provided with as visit information such as ID, also will be described this below.
Access control apparatus 10 also possesses ECC (error correcting code or error control code) function.More particularly, access control apparatus 10 wants the data of write store 40 to add ECC to processor 20.Access control apparatus 10 is also checked the incidental ECC of data that reads from storer 40.By ECC, access control or protection are carried out to storer 40 in the unit of access control apparatus 10 usefulness and each ECC unit 32 bits of a size or 64 bits.Thereby storer 40 can be protected by junior unit.
This is conducted interviews control of authority of the resource of management request reference-to storage data in processor 20, the i.e. reader of data and write device, access control apparatus 10.
Next ECC is described.Fig. 2 and Fig. 3 show ECC.Fig. 2 shows the operation that will carry out when storer 40 writes data.Generally speaking, if with the data D write once memory 40 of n bit size, then the parity check code with the m bit that calculates according to the value of data D adds on the data D, as shown in Figure 2.As a result, in the data D ' write store 40 with the n+m bit.
Such as, if with 64 (=n) in the data write once memory 40 of bit, will according to the value of described 64 Bit datas calculate 8 (=m) parity check code of bit adds on the data of described 64 bits, the data that will be added with 72 bits of parity check code then are written in the storer 40.
Fig. 3 shows the operation that reading of data D ' time will carry out.For data D ' is read out, calculate the value of m Bit data according to the product of the transposed matrix of data D ' and check matrix " H " from storer 40.The value of this m Bit data b referred to as syndrome (syndrome).If syndrome is " 0 ", in this n Bit data, just be free from mistakes so.
If syndrome is not " 0 ", mistake is just arranged among the data D '.If mistake is repairable, just should correct it.If mistake can not be corrected, will go wrong by interruption or similar means report processor 20, this processor 20 is promoters of request reference-to storage data.
The kind of ECC has a lot.The method of the number of parity check bit, computation of parity bits number, the detection matrix that computing syndrome adopted and the method for determining the bit position that needs are corrected according to syndrome are along with the difference of ECC kind changes.
What extensively adopt in the storer of computer system is SEC-DED (single error correction and two false retrieval are surveyed) sign indicating number.When an incorrect bit (perhaps mistake) is arranged in data or the parity check code, can specifically determine the position of mistake by the SEC-DED sign indicating number.When two incorrect bits (perhaps two mistakes), can check out mistake by the SEC-DED sign indicating number, but can't specifically determine the mistake bit position.In general, the parity check code of 7 bits is added to as ECC on the data of 32 bits, the parity check code of 8 bits is added on the data of 64 bits as ECC, and, the parity check code of 9 bits is added on the data of 128 bits as ECC.
According to the method for the method of calculating parity check code and generation detection matrix, the SEC-DED sign indicating number also has a variety of.Wherein the maximum of usefulness are expansion Hamming code and Hsiao sign indicating number.Particularly, Hsiao SEC-DED sign indicating number is fit to the circuit assembling, so obtained using widely.The expansion Hamming code is to disclose in the Richard E.Blahut that Cambridge University Press in 2003 publishes shows " Algebraic Code for Data Transmission " the 63rd page.The Hsiao sign indicating number is openly to come out in 395 to 401 pages of " the A Class of OptimalMinimum Odd-weight-column SEC-DED Codes " that M.Y.Hsiao showed of 1970 " IBM research and development periodical (IBM Journal of Researchand Development) " publication.Value to syndrome between this two class SEC-DED sign indicating number has different explanations, but error correction and error detection are carried out after the same method.
In access control system 1 according to first embodiment, employing be the Hsiao sign indicating number that will 8 bit parity sign indicating numbers be added on 64 Bit datas.But data length is not limited to this.Can carry out identical access control to the data of different length, as 32 Bit datas, 16 Bit datas and 128 Bit datas.In addition, can carry out identical access control with other SEC-DED sign indicating number, such as the error correcting code of expansion Hamming code or other type.
It is the example that under the situation of 64 bits check matrix and HsiaoSEC-DED sign indicating number is used together that Fig. 4 shows at data length.This check matrix is made up of 8 row and 72 row.The the 1st to the 64th corresponding to 64 each bit position of bit storage data from the left side, and remaining 8 corresponding to the parity checking bit position.From the 1st to the 8th row on the right side is the unit matrix of one 8 x 8, corresponding to described parity check code.
Fig. 5 shows the generator matrix corresponding with the check matrix H among Fig. 4.This generator matrix " G " is used to calculate parity check code, and it is added on those raw data of not adding parity check code as yet.Generator matrix " G " is made up of 64 row and 72 row.The the 1st to the 64th row have been formed the unit matrix of one 64 x 64 from the left side, and have constituted the transposed matrix of the from the 1st to the 64th row of described generator matrix " G " from residue 8 row on the right side.
The block diagram of Fig. 6 shows the concrete function structure of access control apparatus 10.Access control apparatus 10 comprises parity checking code generation circuit 100, first XOR circuit 102, visit ID register 110, mask value generative circuit 112, second XOR circuit 114, syndrome computations circuit 120 and error correction circuit 122.
Except traditional ECC circuit structure, access control apparatus 10 also comprises: generate mask value to be used for the circuit of test access authority; Data and parity check code are recorded in circuit in the storer 40 together; The use mask value detects the circuit about the access rights of the data that read from storer 40.Except first XOR circuit 102, visit ID register 110, mask value generative circuit 112 and second XOR circuit 114, access control apparatus 10 has and the same circuit structure of traditional E CC circuit.
When the Memory Controller 30 that links to each other with access control apparatus 10 had the ECC circuit, access control apparatus 10 can utilize the ECC circuit of Memory Controller 30, and did not comprise the function of ECC circuit.
Parity checking code generation circuit 100 generates parity check code at the data of obtaining from processor 20 via Memory Controller 30.Then parity check code is added on these data.
More particularly, obtain the data of 64 bits from processor 20 by Memory Controller 30.Then, go out the parity check code of 8 bits, and it is outputed to first XOR circuit 102 according to the data computation of being obtained." G " carries out this calculating with generator matrix shown in Fig. 5.
These input data " d " of 64 are represented with the vector of being made up of 64 elements shown in the equation (1), and represent with the vector of forming by 72 elements shown in the equation (2) through the word " x " of coding, comprising the 8 bit parity sign indicating numbers of interpolation to data " d ".
d=(d1,d2,d3,...d64) (1)
x=(d1,d2,d3,...d64,p1,p2,...p8) (2)
Relation between word (data that have parity check code) " x ", generator matrix " G " and the data " d " of this process coding is represented with equation (3):
x=dG (3)
Thereby, can multiply each other by the data of generator matrix " G " with this 64 bit, obtain the word " x " of this process coding.Last eight elements that pass through the word " x " of encoding that obtain are exported as the parity check code of 8 bits.
As everyone knows, parity checking code generation circuit 100 can be embodied as combinational circuit, and it calculates parity check code with above-described vector sum matrix multiple.
Visit ID (fetcher code) register 110 obtains visit ID by Memory Controller 30 from processor 20.Used information when visit ID is process (that is, request visit is stored in the requesting party of the data in the storer 40) reference-to storage 40.In this embodiment, the parity check code of 8 bits is added data to 64 bits, can manage 128 different visit ID like this.Such as, with 7 numerals of expressing, 0 to 127 conduct visit ID.
When the process of operation in processor 20 is wanted reference-to storage 40, at first visit ID is set in the visit ID register 110 of access control apparatus 10.
Fig. 7 shows the address space of seeing from processor 20.As shown in Figure 7, be mapped to can be from the I/O space the address space that processor 20 is seen for the visit ID register 110 of access control apparatus 10.When processor 20 when visit ID register 110 is mapped to the write-access ID of place, address in the I/O space, should visit in the ID write-access ID register 110.But, also can with above-mentioned diverse ways, will visit ID and be set in the visit ID register 110.
When according to the preset sequence that will carry out given visit ID being set in processor 20, these access rights are just no longer protected.Therefore, verify that by operation system (OS) or hardware in processor 20 it is more satisfactory that visit ID is set afterwards again.Like this, have only when executory program has access rights, just the visit ID of this executory program can be set in the visit ID register 110.Here, visit ID register 110 is visited the ID getter as the first visit ID getter and second and is moved.
Get back among Fig. 6, mask value generative circuit 112 generates mask value according to the address value of the storer 40 that exists visit ID in the visit ID register 110 and processor 20 to visit.Mask value is to be used for to the data of wanting write store 40 or to will carrying out the data of mask from the data that storer 40 reads, and can and want the address of accessed storer 40 to be determined uniquely by visit ID.Mask value generative circuit 112 among this embodiment is as first mask code generator and second mask code generator and move.
When storer 40 writes data, first XOR circuit 102 is carried out nonequivalence operation between right data of mask value and an assembly and parity check code.This centering, data will write to storer 40, and parity check code generates according to these data.Then in the combination write store 40 with these results.More particularly, the mask value that mask value generative circuit 112 generates is in conjunction with described data and parity check code, then, and in this combination write store 40.This value is known as data after first computing.
When from storer 40 reading of data, second XOR circuit 114 is carried out nonequivalence operation between data that read from storer 40 and mask value, thereby removes this mask value.
According to the result of calculation of second XOR circuit 114, syndrome computations circuit 120 calculates syndrome.If necessary, according to the syndrome that syndrome computations circuit 120 calculates, error correction circuit 122 is carried out error correction.
Now, describe the operation of syndrome computations circuit 120 and error correction circuit 122 in detail.In order to detect or correct the mistake in the data that are added with parity check code that from storer 40, read, will computing syndrome.More particularly, syndrome computations circuit 120 obtains the data of 64 bits that read from storer 40 and calculates the parity check code of 8 bits according to this 64 Bit data.Utilize to detect matrix " H ", can calculate the syndrome of 8 bits according to the parity check code of the data of this 64 bit and 8 bits.This syndrome is outputed in the error correction circuit 122.
The syndrome of 8 bits " s " equation (4) expression, and will represent with equation (5) as output and by the vector " x " that 64 Bit datas and 8 bit parity sign indicating numbers are formed:
s=(s1,s2,...s8) (4)
x=(d1,d2,d3,...d64,p1,p2,...p8) (5)
In this case, set up equation (6) with syndrome " s ", vector " x " and detection matrix " H ":
s=xH T (6)
Wherein, H TExpression detects the transposed matrix of matrix " H ".Like this, syndrome computations circuit 120 calculates and exports the syndrome of this 8 bit.
If be free from mistakes, so, the value of the syndrome of obtaining with the SEC-DED sign indicating number is " 0 ".If a mistake is arranged, so, this syndrome will show with the row that detect matrix " H " in corresponding to the identical value of the element of mistake bit position.If syndrome is not " 0 ", but mistake is arranged, then the corresponding position of column vector is exactly an incorrect bit with that (if any) that syndrome has identical value in detecting matrix " H ".In this case, will come just can correct mistake with corresponding that bit reversal in incorrect bit position in data or the parity check code.
When the column vector that this syndrome is not " 0 " and demonstration with syndrome has an identical value does not exist when detecting in the matrix " H ", just there is the mistake that to correct.In other words, two or more incorrect bits are arranged.
In the Hsiao sign indicating number, each column mean of text matrix is the number odd number always of the element of " 1 ".Therefore, when the odd number incorrect bit, the number of " 1 " odd number always in the syndrome of being obtained, and when the even number incorrect bit, the number of " 1 " even number always in the syndrome of being obtained.
If two incorrect bits are arranged, so, the number of " 1 " always is not 0 even number in the syndrome, and therefore a Hsiao sign indicating number should be able to detect two or more mistakes.If odd number (three or more) incorrect bit is arranged, the number of " 1 " odd number always in the syndrome, but this syndrome can not be separated with the syndrome area obtained under the situation of having only a mistake.Therefore, if the syndrome that this syndrome is obtained when having only a mistake is the same, so, testing result just only shows an incorrect bit, and the correction of execution error operation.In other cases, can detect the mistake that to correct.
When the even number incorrect bit, promptly four or more for a long time, the number of " 1 " even number always in the syndrome.But the number of " 1 " may be 0.Under these circumstances, can not detect mistake.In other cases, can detect the mistake that to correct.Generally speaking, the SEC-DED sign indicating number is that the maximum number at the hypothesis incorrect bit is to use under 2 the situation.
Generally speaking, even in parity check code, go wrong, also can carry out error-correction operation with the SEC-DED sign indicating number.On the other hand, in this embodiment, do not use parity check code error correction value afterwards, therefore, parity check code is not carried out error-correction operation.But, in other embodiments, may carry out error-correction operation to parity check code fully.
The block diagram of Fig. 8 shows the functional structure of mask value generative circuit.Mask value generative circuit 112 generates mask value, thereby makes the syndrome that generates according to the visit ID that has obtained about this mask demonstrate predetermined value.
Mask value generative circuit 112 comprises data mask generative circuit 130, visit ID syndrome generative circuit 132, parity checking code generation circuit 134 and XOR circuit 136.
Fig. 9 shows the structure of data mask generative circuit 130.Data mask generative circuit 130 is at the data output masking of 64 bits, and these data are corresponding to the address of input reference ID with the storer 40 that will visit.In brief, data mask of data mask generative circuit 130 outputs.In fact, data mask generative circuit 130 is random number memories as shown in Figure 9.This random number memories forms with conventional memory device.
In random number memories, write random number.Visit ID and address are connected on the address terminal of random number memories, like this can be as of the data terminal output of a data mask value from random number memories with this visit ID and the corresponding random value in address.
Data mask generative circuit 130 is not limited to the structure among this embodiment, and is just passable as long as it can be exported based on address and the well-determined value of visit ID.Data mask generative circuit 130 is as the first data mask maker and the second data mask maker and move.
Figure 10 A shows visit ID syndrome generative circuit 132.This visit syndrome generative circuit 132 is determined the syndrome of parity check code, and this parity check code is to generate according to the visit ID that obtains.The structure of visit ID syndrome generative circuit 132 is shown in Figure 10 A, so the number of all " 1 " all is odd number as described above in the syndrome.
When the number of all " 1 " in the syndrome was even number, the structure of visit ID syndrome generative circuit 132 was shown in Figure 10 B.Number by " 1 " in the syndrome of visit ID syndrome generative circuit 132 generations will be described in the back.
Visit ID syndrome generative circuit 132 generates first syndrome of first mask data, and as the second syndrome maker, generates second syndrome of second mask data as the first syndrome maker.
Parity checking code generator 134 is determined parity check code for the data mask that data mask generative circuit 130 generates.XOR circuit 136 is carried out nonequivalence operation between the visit ID syndrome that parity check code that parity checking code generation circuit 134 generates and visit ID syndrome generative circuit 132 generate, and operation result is exported as the parity check code mask.XOR circuit 136 is as the first parity check code mask code generator and the operation of the second parity check code mask code generator.
As a rule, give given data and the syndrome of the parity check code that goes out according to this data computation is " 0 ".But when according to a new parity check code, when promptly the distance value between this parity check code and the set-point " x " was carried out computing, syndrome can become " x ".
This be because, with the part of the corresponding detection matrix of parity check code " H " be a unit matrix.Characteristic above utilizing generates the parity check code mask, thereby obtains the visit ID syndrome that visit ID syndrome generative circuit 132 generates, and this visit ID syndrome is relevant with the data mask that data mask generative circuit 130 generates.
Figure 11 shows the process flow diagram of write operation, and write operation is the part of the access control operation of execution in the access control system 1.At first, obtain visit ID (step S102) from visit ID register 110.Then, parity checking code generation circuit 100 generates at the data of wanting write store 40 and interpolation parity check code (step S104).Mask value generative circuit 112 generates mask value (step S106).More particularly, mask value generative circuit 112 generates data mask and parity check code mask.
Then, first XOR circuit 102 is carried out nonequivalence operation between right data of mask value and an assembly and parity check code.The mask that is used for nonequivalence operation generates (step S108) by mask value generative circuit 112.More particularly, first XOR circuit 102 is carried out nonequivalence operation between the data mask of data of obtaining from processor 20 and 112 generations of mask value generative circuit.First XOR circuit 102 is also carried out nonequivalence operation between the parity check code mask that parity check code that parity checking code generation circuit 100 generates and mask value generative circuit 112 generate.Data are written to (step S110) in the storer 40 after first computing that first XOR circuit 102 is obtained.So write operation leaves it at that.
Figure 12 shows the data stream in the write operation process.When the process of carrying out will be written to storer 40 to data D, by means of ECC parity check code is added on the data D, so just formed the data D ' that is added with parity check code.
Below, will be in the XOR result between the mask value " Ka " that the data D ' that is added with parity check code and mask value generative circuit 112 generates:
D ′ ⊕ Ka ,
I.e. data D after first computing ", be written in the storer 40.
Now, will describe in detail about the information setting of the visit ID visit ID setting operation in the visit opertaing device 10.Figure 13 shows used management of process table in the visit ID setting operation.This management of process table provides in operating system.When two or more processes will be moved in processor 20, operating system is these processes good at managing usually.In this process, use management of process table shown in Figure 13.
The management of process table comprises priority information, access authority information, programmable counter, register holds zone and the page table pointers that is associated with process ID.The visit id information that is associated with process ID also is recorded in the management of process table.Management of process table information of managing be not limited to above-mentioned these, but change along with dissimilar operating system.
Figure 14 shows in detail the process flow diagram of visit ID setting operation.When the operating system handover process, carry out this operation by processor 20.When executory process stops (step S120), the context of current executed process, promptly executing state such as register value and program counter value, all is stored in (step S122) in the management of process table.By the lookup process admin table, the context of the process that the next one will be carried out, promptly register value, program counter value and page table all are set to (step S124) in the processor 20.
Then, will also be set in the access control apparatus 10 (step S126) about the visit id information of next step process that will carry out.The visit id information comprises visit ID used when process conducts interviews.
Then, refresh buffer (step S128).If the previous used data of process also remained in the impact damper, can conduct interviews under the situation of access rights not having.Refresh buffer is exactly for fear of such unscheduled event.Then, with regard to beginning the process that the next one will be carried out is controlled (step S130).Here, visit ID setting operation this end of arriving.
In this embodiment, carry out refreshing by operating system to memory buffer.But other parts also can be carried out refreshing of memory buffer.In addition, the refreshing of memory buffer (step S128) can next process begin (step S130) before and the context of executed process storage (step S122) any time afterwards begin.In another example, when being provided with of visit ID register 110 changed, access control apparatus 10 can interrupt handler 20, and, can in interrupt handling program, refresh memory buffer.
Figure 15 shows the process flow diagram that mask value generative circuit 112 is carried out mask value generating run (step S106).At first, data mask generative circuit 130 generates data mask value (step S140) according to visit ID and the address that will visit.Visit ID syndrome generative circuit 132 generates visit ID syndrome (step S142) according to visit ID.
Then, parity checking code generator 134 generates parity check code (step S144) at the data mask that data mask generative circuit 130 generates.The syndrome that parity check code that 136 pairs of parity checking code generation circuits of XOR circuit 134 generate and visit ID syndrome generative circuit 132 generate is carried out XOR.Like this, XOR circuit 136 has just generated parity check code mask (step S146).So far, generate the EO (step S106) of mask value.Data mask can generate in any time before parity check code generates, but parity check code can not generate before visit ID syndrome generates.
The process flow diagram of Figure 16 shows from the operation of storer 40 reading of data, and it is the part of access control operation.At first, obtain visit ID (step S102) from visit ID register 110.Then, mask value generative circuit 112 generates mask value (step S106).The mask value generating run (step S106) here is identical with the mask value generating run of describing in conjunction with Figure 14 and Figure 15 (step S106).
Data D " reads (step S204) after 114 first computings that write in the storer 40 of second XOR circuit.Then, " and the mask value of mask value generative circuit 112 generations carries out XOR (step S206) to data D after 114 pairs first computings of second XOR circuit.
Syndrome computations circuit 120 usefulness ECC calculate syndrome (step S208).If this syndrome is " 0 ", if perhaps do not detected mistake (among the step S210 " YES "), so, with regard to reading of data D (step S212).
If this syndrome is not the number of " 1 " in " 0 " and the syndrome is odd number (among the step S210 among " NO " and the step S214 " YES "), has then detected a mistake, so error correction circuit 122 is just carried out error-correction operation (step S216).Read the data D (step S212) after the error correction.If syndrome is not " 0 " and detected mistake (step S210 " NO " and step S214 " NO ") more than one, then is the mistake that can not correct.Therefore, output " 0 " data, rather than data D (step S218).Like this, data read operation finishes.
What export among the step S218 in this embodiment, is " 0 " data.But, output data not in the correction of this embodiment.In addition, in another correction of this embodiment, can export the data of reading from storer 40.
In another correction, when detecting the mistake that can not correct, error correction circuit 122 can be indicated this error-detecting by the output error detection signal, and processor 20 can be learnt this error-detecting by interruption or other similar approach according to this signal.
Figure 17 shows and reads the operation that writes on the data in the storer 40.When the process of moving will be from storer 40 during reading of data, according to
D ′ ′ ⊕ Kb = D ′ ⊕ ( Ka ⊕ Kb )
Calculate data D after first computing of reading from storer ": D ′ ⊕ Ka And the XOR value between the mask " Kb ", this mask " Kb " is to generate according to the visit ID that is arranged on the term of execution of process in the visit ID register 110.
This value just is equivalent to data after second computing.According to the result of calculation of syndrome computations circuit 120, read the value of having carried out the error detection and correction that has ECC.
When the identical Ka=Kb of being of the mask that generates in the mask that generates in the read operation and the write operation, just can read out correct data D.When the mask that generates in mask that generates in the read operation and the write operation Ka of being inequality ≠ Kb, after first computing that storer 40 reads, exist the data and this value in the mistake Ka ⊕ Kb of figure place same number of " 1 ".Therefore, in this example, error correction circuit 120 output datas " 0 ".
In the correction of this embodiment, if the mask that generates in mask that generates in the read operation and the write operation is inequality, so, error correction circuit 112 can not exported any data.
As described above, in the access control system 1 of this embodiment, when storer 40 writes data, data and parity check code all can be written in the storer 40, and parity check code is to obtain by the interior XOR of carrying out between mask value data to be written and its parity check code and requesting party.When requester during from storer 40 reading of data, the interior XOR of carrying out between mask value by the data that read from storer 40 and parity check code and requesting party generates these data and parity check code.Then data and parity check code are carried out error-correction operation, and the data after the error correction are returned to requester.
If it is identical to storer 40 with asking the requesting party that storer 40 is carried out write operation that the requesting party of read operation is carried out in request, their visit ID equates that their mask value also equates so.Therefore, the mask value that is used for carrying out the mask value of XOR and is used for carrying out XOR in read operation in write operation equates.So the mask effect has just been offset, so, reading of data correctly.
In this embodiment, if request is inequality to the requesting party that storer 40 carries out write operation to requesting party and request that storer 40 carries out read operation, will mask value be set so that error correction circuit 122 can detect mistake.Therefore, being used for carrying out the mask value of XOR in read operation is different with the mask value that is used for carrying out XOR in write operation.So, just can prevent other requesting party's read data.
In order to prevent other requesting party's unauthorized access, what the mask value that generates in mask value that the mask value of selection should be able to generate in read operation and the write operation did not generate simultaneously that syndrome indicates mistake can not correct state.More particularly, the distance value between syndrome value that calculates according to the mask value in the write operation and the syndrome value that calculates according to the mask value in the read operation can not be " 0 ", and the number of " 1 " should be an even number in the distance value.
Therefore, the number of " 1 " should or all be an odd number in the syndrome of calculating according to corresponding mask value, or all is even number.According to the number of " 1 ", visit ID syndrome generative circuit should adopt the structure shown in the structure shown in Figure 10 A or Figure 10 B selectively.
Like this, when being provided with mask value, manageable requesting party's number equates with the number that satisfies the syndrome of above-mentioned condition.More particularly, employing is added with the structure of 64 Bit datas of 8 bit parity sign indicating numbers, the number that is in syndrome " 1 " all is under the situation of odd number or the number of " 1 " all is under the even number situation of (comprising 0) in syndrome, all 128 different requesting parties can be made a distinction.
Mask is according to making each process all have the mode of unique mask value to be provided with.Therefore, if a process attempts to read the data that write by a predetermined process, so, in the access control system 1 of this embodiment, can not carry out this read operation.Therefore, can protected data exempt from any other process visit.
When protected data exempts from unauthorized process visit, the operation of access control system 1 execute protection, thereby make have only those be authorized at first can write data process could write data.More particularly, before writing data into memory 40, to read the data that write in the storer 40 earlier.So, because matching, mask can not carry out the address of read access at each, all can forbid writing data.Like this, just can provide accurate protection to prevent undelegated write operation visit.
In addition, the address according to the visit ID of identification request side's process and the memory area that will visit generates the mask value that is used in the access control system 1.So, can be at each requesting party with at the control that conducts interviews of each memory area that will visit.
The block diagram of Figure 18 shows the functional structure according to the access control apparatus 10 of second embodiment.Be according to the access control apparatus 10 of second embodiment and difference, replaced visit ID register 110 with visiting ID management circuit 140 according to the access control apparatus 10 of first embodiment.
The block diagram of Figure 19 shows in detail the concrete function structure of visit ID management circuit 140.Visit ID management circuit 140 comprises that visit ID table 142 and visit ID select circuit 144.
Figure 20 shows the data structure of visit ID table 142.Visit ID table 142 has comprised the start address of the memory area that can visit with the visit requesting party that ID identified and the visit ID that the end address is associated.Visit ID table 142 among this embodiment is as the first fetcher code getter and the second fetcher code getter.
When the process that will carry out in the processor 20 was switched, the visit ID that processor 20 can be preserved the process that will carry out after switching and be written to by the set of the essential quantity that constitutes with visit corresponding memory area start address of ID and end address visited in the ID table 142.Therefore, during each handover process, the related data of the process that will carry out after the switching will record in the visit ID table 142.
Visit id information in the management of process table shown in Figure 13 comprised to be recorded in the visit ID table 142 with the corresponding data of each visit.When process switching, among the step S126 that in first embodiment, describes, the data that comprise in the visit id information are set in the visit ID table 142 in conjunction with Figure 14.
Visit ID table 142 is mapped on the I/O space of the address space that can see from processor 20.Therefore, processor 20 can directly write to visit ID table 142.
The request that visit ID selects circuit 114 to obtain reference-to storage 40 from processor 20.This request of access has comprised the address of the memory area that will visit.Then, visit ID selects circuit 114 queried access ID tables 142, and output is corresponding to the visit ID of this memory area.Visit ID among this embodiment selects circuit 144 to specify the device and second fetcher code to specify device as first fetcher code.
Figure 21 shows the concrete structure of visit ID management circuit 140.As shown in Figure 21, record start address, end address and visit ID, and carry out computing at these data, select circuit 144 to specialize with this to visit ID table 142 and visit ID.
Figure 22 shows in detail the process flow diagram of the operation (step S102) of obtaining visit ID in the access control system 1 of second embodiment.
As mentioned above, at first obtain address A (step S150) from processor 20.Visit ID selects circuit 114 queried access ID tables 142 and selects a visit ID, and this visit ID is relevant with the end address with such start address: address A is more than or equal to this start address and be less than or equal to this end address (step S152).The visit ID that selects is outputed to (step S154) in the mask value generative circuit 112.Like this, obtain the end of operation (step S102) of visit ID.
In the access control system 1 according to second embodiment, the visit ID for a plurality of memory areas distribution different access requesting parties so just can carry out access control to each memory area.
When the process shared memory area that will carry out in the processor 20, preferably the course allocation that allows visit to each memory area, so just can check access rights.Can check the access rights of each memory area according to the access control apparatus 10 in the access control system 1 of second embodiment.
Still in this embodiment, access control apparatus 10 is wanted interrupt handler 20 after visit ID table 142 changes, refresh memory buffer in the interrupt handling program of Zhi Hanging at this moment.
Is identical according to the operation of the access control system 1 of second embodiment and the others of structure with the access control system 1 according to first embodiment.
Next access control system 1 according to the 3rd embodiment will be described.Similar with the access control system 1 according to second embodiment, this access control system 1 comprises visit ID management circuit 140.But the operation of carrying out according to the visit ID management circuit 140 of the 3rd embodiment is different from the operation of carrying out according to the visit ID management circuit 140 of second embodiment.According to the visit ID management circuit 140 of this embodiment as write device ID acquiring unit and reader ID acquiring unit.Obtain requesting party ID according to the visit ID management circuit 140 of the 3rd embodiment and come identification request side, and select to visit ID according to requesting party ID.
Data structure according to the visit ID table 142 that provides in the visit ID management circuit 140 in the access control system 1 of the 3rd embodiment is provided Figure 23.As shown in figure 23, visit ID table 142 is preserved the requesting party ID that is associated with visit ID.Visit ID table 142 according to this embodiment is preserved the unit as the first fetcher code storer and second fetcher code.
Visit ID selects circuit 144 to obtain requesting party ID rather than is used for identification access requesting party's address.Usually, the signal which equipment of sign is sent request of access is transferred on the processor bus 22, has more than one processor 20 to link to each other with this bus.Visit ID selects circuit 144 to judge requesting party ID according to this signal.Then, visit ID selects circuit 144 queried access ID tables 142, and selects the visit ID that is associated with the requesting party ID that is obtained.Visit ID among this embodiment selects circuit 144 to specify the device and second fetcher code to specify device as first fetcher code.
Figure 24 shows the concrete structure of visit ID management circuit 140.As shown in figure 24, write down requesting party ID and visit ID in advance, and these data have been carried out computing, selected circuit 144 to specialize to visit ID table 142 and visit ID with this.
Figure 25 shows in detail the process flow diagram of the operation (step S102) of obtaining visit ID in the access control system 1 of the 3rd embodiment.
At first, obtain requesting party ID (step S160) from processor bus 22.Visit ID selects circuit 114 queried access ID tables 142 and selects the visit ID (step S162) of this requesting party ID correspondence.The visit ID that selects is outputed to (step S164) in the mask value generative circuit 112.Like this, obtaining the operation (step S102) of visiting ID just is through with.
As mentioned above, directly obtain requesting party ID, rather than obtain visit ID from the requesting party.Therefore, can realize higher security.Such as, when a more than processor 20 or input-output apparatus are connected to processor bus 22, can be connected its access rights of equipment inspection on the processor bus 22 at each.
Is identical according to the others of the operation of the access control system 1 of the 3rd embodiment and structure with the access control system 1 according to the embodiment of front.
Next access control system 1 according to the 4th embodiment will be described.Have simultaneously according to the visit ID management circuit 140 in the access control system 1 of second embodiment with according to the function of the visit ID management circuit 140 in the access control system 1 of the 3rd embodiment according to the visit ID management circuit 140 in the access control system 1 of the 4th embodiment.Visit ID management circuit 140 according to the 4th embodiment is determined visit ID according to the address of the memory area that will visit and the requesting party ID of request of access side.
Figure 26 has shown the data structure according to the visit ID table 142 of the 4th embodiment.This visit ID table 142 comprises be mutually related requesting party ID, start address and end address and visit ID.Visit ID selects the address of circuit 144 definite memory areas that comprise from the request of access that processor 20 obtains, and obtains requesting party ID from processor bus 22.
Figure 27 shows the concrete structure of visit ID management circuit 140.As shown in Figure 27, record start address, end address, requesting party ID and visit ID in advance, and these data are carried out computing, select circuit 144 to specialize with this to visit ID table 142 and visit ID.
Figure 28 shows in detail the process flow diagram of the operation (step S102) of obtaining visit ID in the access control system 1 according to the 4th embodiment.Visit ID selects circuit 114 to obtain address A (step S170) from processor 20.Visit ID selects circuit 114 also to obtain requesting party ID (step S172) from processor bus 22.Then, visit ID selects circuit 114 queried access ID tables 142 and selects requesting party ID and the visit ID of address A correspondence (step S174).The visit ID that selects is outputed to (step S176) in the mask value generative circuit 112.Like this, obtaining the operation (step S102) of visiting ID just is through with.
Is identical according to the others of the operation of the access control system 1 of the 4th embodiment and structure with the access control system 1 according to the embodiment of front.
Next access control system 1 according to the 5th embodiment will be described.Access control apparatus 10 according to the 5th embodiment is all inequality at operating aspect and other any one embodiment of generating random mask.
The block diagram of Figure 29 shows the functional structure according to the data mask generative circuit 130 of the 5th embodiment.Data mask generative circuit 130 comprises that data mask generates information specified circuit 1301, data mask generates information table 1302 and LFSR (linear feedback shift register) postpones counting circuit 1303a, 1303b, 1303c.
Figure 30 shows the data structure that data mask generates information table 1302.Data mask generates information table 1302 and comprises the data mask generation information that is associated with visit ID.The various parameters that will use when data mask generation information comprises according to each visit ID generation data mask.These parameters comprise proper polynomial coefficient, retardation coefficient and will be input to LFSR and postpone initial mask among counting circuit 1303a, 1303b and the 1303c.But, in the 5th embodiment, do not need to write down the data of initial mask, because the LFSR among the 5th embodiment postpones counting circuit 1303a, 1303b and 1303c does not use initial mask.
Get back among Figure 29, data mask generates information specified circuit 1301 and at first obtains visit ID from visit ID register 110 or visit ID management circuit 140.Then, data mask generates information specified circuit 1301 data query masks and generates information table 1302, and the specified data mask generates information, the i.e. various parameters that are associated with the visit ID that obtains.
Data mask is generated information specified circuit 1301 definite parameters to be input among LFSR delay counting circuit 1303a, 1303b and the 1303c.The address of the storer 40 that will visit also is input to LFSR to postpone among counting circuit 1303a, 1303b and the 1303c.According to these input data, LFSR postpones counting circuit 1303a, 1303b and 1303c calculates data mask.
Generally speaking, primitive polynomial is called M progression as the progression that proper polynomial generates, and well-known, this progression has the same good feature with pseudo random number.In this embodiment, corresponding with certain proper polynomial LFSR is the original state of the address setting of the storer 40 that will visit for it.The internal state that the pairing step of visit ID is carried out from original state after the displacement of being scheduled to is used as data mask.
In this embodiment, each address of employing is made of 24 basis polynomial expressions, 24 step LFSR as proper polynomial 24 bits and three.The internal state of each 24 step LFSR is made up of 24 bits.Therefore, can postpone the mask that counting circuit 1303a, 1303b and 1303c obtain maximum 72 bits from these three LFSR.But, can only obtain 64 bits in this embodiment.Therefore, postpone counting circuit 1303a from LFSR and obtain 22 bits, and respectively obtain 21 bits from LFSR delay counting circuit 1303b and 1303c.
This address is placed on LFSR to postpone in the original state of counting circuit 1303a, 1303b and 1303c, and obtain the internal state " Mx " that obtains after the LFSR displacement, this shifting function is to finish by the pairing step of retardation coefficient that visit ID determines.The value of those internal states is added up, so that export as data mask.Be used for postpone the not special restriction of arrangement mode that value that counting circuit 1303a, 1303b and 1303c obtain is converted to the signal wire of data mask from three LFSR.
The operation that LFSR postpones counting circuit 1303a is described now in more detail.It is to be noted that it is identical with the operation of LFSR delay counting circuit 1303a that LFSR postpones the operation of counting circuit 1303b and LFSR delay counting circuit 1303c.The proper polynomial of equation (7) expression LFSR:
f(x)=A 0x 0+A 1x 1+A 2x 2+...+A 24x 24 (7)
In this case, the value of d output after the step among the LFSR be obtained, x will be determined dDivided by f (x) remainder g (x) afterwards.Here, equation (8) expression g (x):
g(x)=B 0x 0+B 1x 1+B 2x 2+...+B 23x 23 (8)
Calculate the coefficient (B of g (x) 0, B 1... B 23) and the sum of products of the internal state of LFSR (vector that the value in each step constitutes in the shift register), to obtain the number of " 1 " that d occurs after the step.Coefficient B 0, B 1... B 23Just be called retardation coefficient.
Data mask generates information table 1302 and comprises proper polynomial coefficient A 0, A 1... A N-1, retardation coefficient B 0, B 1... B N-1And as the internal state S of initial value 0, S 1... S N-1, the highest ordered coefficients A in the proper polynomial coefficient nAlways equal 1, so need not preserve A in advance n
LFSR postpones counting circuit 1303a, 1303b and 1303c by initial value and retardation coefficient B 0, B 1... B N-1Output valve M after the step of determining 0, M 1... M M-1In this embodiment, n is 24.And, postponing among counting circuit 1303a, 1303b and the 1303c at LFSR, the value of m Bit data is different.Because will postpone counting circuit 1303b and 1303c respectively obtains 21 bits, respectively be 21 bits so LFSR postpones the m Bit data of counting circuit 1303b and 1303c from LFSR.Obtaining 22 bits because will postpone counting circuit 1303a from LFSR, is exactly 21 bits so LFSR postpones the m Bit data of counting circuit 1303a.
Figure 31 shows the structure more specifically that LFSR postpones counting circuit 1303a.The structure that other each LFSR postpones counting circuit 1303b and 1303c is identical with the structure that LFSR postpones counting circuit 1303a.A circuit 200 that provides among the LFSR delay counting circuit 1303a is provided Figure 32.A circuit 202 that provides among the LFSR delay counting circuit 1303a is provided Figure 33.
Circuit 200 shown in Figure 32 is formed the first order circuit that LFSR postpones counting circuit 1303a, and it calculates the bit M that is determined by retardation coefficient B after time lag of first order.More particularly, first order circuit computing relay coefficient B 0, B 1... B 23With initial value S 0, S 1... S N-1The sum of products, and this result exported as M0.
Be made up of the circuit shown in Figure 33 202 and be arranged in LFSR and postpone the second level of counting circuit 1303a or the circuit of back level, it calculates this bit after the delay of later step.More particularly, according to the proper polynomial of retardation coefficient and upper level, circuit 202 calculates retardation coefficient at the corresponding levels, then the sum of products of calculating and output delay coefficient and initial value.
According to the methods below, the retardation coefficient according to upper level calculates retardation coefficient at the corresponding levels.Wherein, g (x) represents the d retardation coefficient in step, the retardation coefficient that on behalf of d+1, the remainder g ' that g (x) x obtains divided by f (x) (x) go on foot.Utilize this relation, the retardation coefficient of upper level just is moved 1.If the highest ordered coefficients is " 1 ", it is just greater than f (x).Therefore, can be by it be determined retardation coefficient at the corresponding levels divided by f (x).Carry out operation by between f (x) and coefficient, carrying out XOR divided by f (x).
Concerning each visit ID, the retardation coefficient that be stored in explicitly in the data mask generation information table 1302 with visit ID all is different.In addition, for each visit ID, also inequality with the retardation coefficient that visit ID is associated.
Should be when visit ID generates according to random number or wait to determine and visit the retardation coefficient that ID is associated.Here, should determine to postpone the quantity d of step according to random number, and should calculate the retardation coefficient corresponding with quantity d.In a correction, the value of random number itself just can be used as retardation coefficient.
Is identical according to the others of the operation of the access control system 1 of the 5th embodiment and structure with the access control system 1 according to the embodiment of front.
Correction according to the access control system 1 of the 5th embodiment is described now.Though determine each proper polynomial also can preestablish the proper polynomial that to use according to visit ID in this embodiment.In other words, fixing proper polynomial can be set.LFSR postpones proper polynomial that counting circuit 1303a, 1303b and 1303c will use can be identical, also can be different.
Under these circumstances, data mask generates information table 1302 and can not preserve the coefficient of proper polynomial.In addition, the delay of the LFSR shown in Figure 31 counting circuit 1303a can be embodied as a simpler circuit.
Below, the access control system 1 according to the 6th embodiment is described.Except the operation that data mask generative circuit 130 is carried out, be the same basically with access control system 1 according to the 5th embodiment according to the access control system 1 of the 6th embodiment.
The block diagram of Figure 34 shows the functional structure according to the data mask generative circuit 130 of the 6th embodiment.Data mask generative circuit 130 according to the 6th embodiment comprises that data mask generates information specified circuit 1301, data mask generates information table 1302, LFSR delay counting circuit 1303a, 1303b, 1303c, 1303d, 1303e and 1303f and XOR circuit 1304a, 1304b and 1304c.
Data mask generative circuit 130 according to the 6th embodiment combines two LFSR delay counting circuits 1303, and the XOR result between the value of exporting from these two circuit is used as data mask.
Such as, LFSR postpones counting circuit 1303a and LFSR delay counting circuit 1303b combines as a set.XOR circuit 1304a carries out XOR to the value M that value M and LFSR from LFSR delay counting circuit 1303a output postpone counting circuit 1303b output.Set and XOR circuit 1304b that LFSR postpones counting circuit 1303c and LFSR delay counting circuit 1303d formation work according to the method described above.Set and XOR circuit 1304c that LFSR postpones counting circuit 1303e and LFSR delay counting circuit 1303f formation work according to the method described above.
As mentioned above, be not that independent each LFSR that uses postpones counting circuit according to the data mask generative circuit 130 of the 6th embodiment, but per two LFSR delay counting circuit combined and obtain XOR result between per two outputs.So the randomness between the data mask of data mask generative circuit 130 outputs can increase.
Is the same according to the operation of the access control system 1 of the 6th embodiment and the others of structure with the access control system 1 according to the 5th embodiment.
Though will carry out XOR to the output valve that per two LFSR postpone counting circuit in this embodiment, combine as a set but can postpone counting circuit to three or more LFSR, and these LFSR are postponed the XOR value of counting circuit output valve as data mask.Certainly, the set of the set of two LFSR delay counting circuit formations and three LFSR delay counting circuit formations also can coexist.
Next, description is according to the access control system 1 of the 7th embodiment.Except the operation that data mask generative circuit 130 is carried out, be the same basically with access control system 1 according to the 5th embodiment according to the access control system 1 of the 7th embodiment.
The block diagram of Figure 35 shows the functional structure according to the data mask generative circuit 130 of the 7th embodiment.This data mask generative circuit 130 also comprises zero shift circuit 1305a, 1305b and 1305c, and address separation circuit 1306a, 1306b and 1306c.
LFSR postpones counting circuit 1303a, 1303b and 1303c directly receives the address as input, is carried out the zero passage displacement and is carried out the address that separate the address by address separation circuit 1306a, 1306b with 1306c by zero shift circuit 1305a, 1305b and 1305c but receive.
Zero shift circuit 1305a, 1305b and 1305c carry out identical operations, and address separation circuit 1306a, 1306b and 1306c also carry out identical operations.Zero shift circuit 1305a and address separation circuit 1306a only described therefore.
Zero shift circuit 1305a is converted to another address to zero-address.When the address was " zero ", LFSR postponed the always zero of counting circuit 1303a output.Therefore, when the address is " zero ", just the output of address former state, even this address has postponed the processing of counting circuit 1303a through LFSR.Therefore, zero shift circuit 1305a just is converted to another value to " zero " value.
More particularly, zero shift circuit 1305a adds initial mask to an OPADD, and the result is added in output.Initial mask is recorded in data mask and generates in the information table 1302.Data mask generates information specified circuit 1301 and reads initial mask, and they are sent to zero shift circuit 1305a, 1305b and 1305c respectively.
In a correction, can be with the XOR value output between Input Address and the initial mask.
The address translation that address separation circuit 1306a will have the approaching value of comparison is each other apart from address far away.When two addresses of continuous input, an address in two addresses just might with another address correspondence on have only one different.This can cause a kind of unexpected situation, that is: may exist relevant between the mask value of neighbor address.In order to prevent the correlativity between the mask value, with per two addresses that adjacent address translation is an apart from each other.
Figure 36 shows the instantiation structure of address separation circuit 1306a.Address separation circuit 1306a comprises separation mask memory 1307a.Separate among the mask memory 1307a and record an address clastotype in advance.When to address of address separation circuit 1306a input, separate mask memory 1307a according to the low order tagmeme inquiry of this address, and calculate the XOR value between the high order tagmeme of this value and this address.Like this, even input is two continuous addresses, they also can be converted to the address of apart from each other each other before output.
Is the same according to the operation of the access control system 1 of the 7th embodiment and the others of structure with the access control system 1 according to the 5th embodiment.
First correction according to the data mask generative circuit 130 of the 7th embodiment is described now.Figure 37 shows the concrete structure according to the address separation circuit 1306a of first correction.Address separation circuit 1306a according to first correction comprises demoder 1308a.Demoder 1308 is selected a high order sequence address from the low order tagmeme of destination address, and by calculating the value counter-rotating of XOR value with the address selected.Similar with the address separation circuit 1306a of the 7th embodiment, can be according to the address separation circuit 1306a of this correction the address of apart from each other each other, two neighbor addresss conversion positions.
In second correction, the data mask generative circuit 130 of access control system 1 can include only zero shift circuit 1305a, 1305b and 1305c or include only address separation circuit 1306a, 1306b and 1306c, also comprises address separation circuit 1306a, 1306b and 1306c although data mask generative circuit 130 has both comprised zero shift circuit 1305a, 1305b and 1305c.
Data mask generative circuit 130 shown in the block diagram of Figure 38 includes only zero shift circuit 1305a, 1305b and 1305c, and does not comprise address separation circuit 1306a, 1306b and 1306c.Data mask generative circuit 130 shown in the block diagram of Figure 39 includes only address separation circuit 1306a, 1306b and 1306c, and does not comprise zero shift circuit 1305,1305b and 1305c.
The block diagram of Figure 40 shows the data mask generative circuit 130 according to the 3rd correction.According to the data mask generative circuit 130 of this correction is according to the data mask generative circuit 130 of the 7th embodiment with according to the combination of the data mask generative circuit 130 of the 6th embodiment.As shown in Figure 40, can provide zero shift circuit 1305 and address separation circuit 1306 for each set that two LFSR delay counting circuits 1303 constitute.
In this correction, as mentioned above, can use zero shift circuit 1305, and not use address separation circuit 1306.Certainly, also can use address separation circuit 1306, and not use zero shift circuit 1305.
The block diagram of Figure 41 shows the data mask generative circuit 130 according to the 4th correction.Similar with the data mask generative circuit 130 shown in Figure 40, the data mask generative circuit 130 shown in Figure 41 postpones counting circuit 1303 to per two LFSR as a set.In each set, one in these two LFSR delay counting circuits 1303 provides zero shift circuit 1305, and another provides address separation circuit 1306.Therefore, each LFSR postpones counting circuit 1303 or zero shift circuit 1305 is arranged, and address separation circuit 1306 is perhaps arranged.
The block diagram of Figure 42 shows the data mask generative circuit 130 according to the 5th correction.Similar with the data mask generative circuit 130 shown in Figure 40, the data mask generative circuit 130 shown in Figure 42 postpones counting circuit 1303 to per two LFSR as a set.In each set, one in these two LFSR delay counting circuits 130 provides zero shift circuit 1305 and address separation circuit 1306 simultaneously, and another provides address separation circuit 1306.But the combining form of zero shift circuit 1305 and address separation circuit 1306 is not limited to top described, but can become along with different situations.
Below, the access control system 1 according to the 8th embodiment is described.The block diagram of Figure 43 shows the functional structure according to the access control apparatus 10 of the 8th embodiment.Be that according to the access control apparatus 10 of the 8th embodiment and difference it also comprises address-translating device 150 according to the access control apparatus 10 of any one embodiment of front.
Address-translating device 150 is another address to an address translation of obtaining from processor 20.Mask value generative circuit 112 is through obtaining address-translating device 150 conversion addresses afterwards.According to the address after the conversion, mask value generative circuit 112 generates mask value.
As mentioned above, in the access control apparatus 10 according to the 8th embodiment, mask value generative circuit 112 generates mask value according to the address after changing.Therefore, compare from the situation that the address that processor 20 obtains generates mask value with basis, the mask value generative circuit can generate a mask value that has less correlativity with the address that obtains from processor 20.
Figure 44 shows the concrete structure of address-translating device 150.Address-translating device 150 has address conversion memory 151.In address conversion memory 151, write down a corresponding tables, which address translation it shows is for which address.To changing and with its output of Input Address than the low order tagmeme.
Being recorded in corresponding tables in the address conversion memory 151, preferably should to visit ID be unique to each.Mask value generative circuit 112 is preserved corresponding tables for each visit ID.More particularly, it being stored in data mask generates in the information table 1302.When handover access ID, corresponding tables is written in the address conversion memory 151.
Is the same according to the others of the operation of the access control system 1 of the 8th embodiment and structure with the access control system 1 according to any one embodiment of front.
Figure 45 shows the structure according to the address-translating device 150 of first correction of the 8th embodiment.Calculate according to the address-translating device 150 of first correction position of middle order of Input Address and low order between the XOR value.Then, the address-translating device 150 outputs address next by the initial input address translation.Therefore, the quantity than low order tagmeme translative mode that is stored in the address conversion memory 151 will increase.
Figure 46 shows the structure according to the address-translating device 150 of second correction of the 8th embodiment.In this correction, can carry out XOR in the higher-order position of an Input Address with between than the low order tagmeme.
Figure 47 shows the structure according to the address-translating device 150 of the 3rd correction of the 8th embodiment.In this correction, can carry out XOR at middle time tagmeme with between than the low order tagmeme, can between this operation result and higher-order position, carry out XOR then.
So far, described according to access control system 1 from first to the 8th embodiment.But, have the system that any access control apparatus 10 of feature of the present invention can be applied to describe below.
Figure 48 shows the general structure according to the access control system 1 of first correction.Similar with access control system 1 according to any example in front, comprise access control apparatus 10 according to the access control system 1 of first correction.
In access control system 1 according to first correction, processor 20 about the information setting of access rights in visit opertaing device 10.Therefore, access control system 1 also comprises industrial siding 24.
Because the information about access rights is carried out input and output by industrial siding, so, undelegated visit can be prevented.
Figure 49 shows the general structure according to the access control system 1 of second correction.Access control system 1 according to second correction comprises processor 20a and 20b.Processor 20a and 20b can be the requesting party of reference-to storage 40 separately.Access control apparatus 10 can be controlled visit to storer 40 by each processor 20a and 20b.More particularly, be each processor 20a and 20b assigns access ID, so that by processor 20a and 20b visit.
Figure 50 shows the complete structure according to the access control system 1 of the 3rd correction.In the access control system 1 according to the 3rd correction, processor 20 comprises Memory Controller 30.Processor 20 is connected with storer 40 via access control apparatus 10.
Figure 51 shows the general structure according to the access control system 1 of the 4th correction.In the access control system 1 according to the 4th correction, processor 20 comprises Memory Controller 30 and access control apparatus 10.Processor 20 is connected with storer 40 via access control apparatus 10.
Figure 52 shows the general structure according to the access control system 1 of the 5th correction.Access control system 1 according to the 5th correction comprises processor 20, storer 40, bridge 32 and peripherals 60a, 60b and 60c.
Bridge 32 is connected with processor bus 22, and comprises Memory Controller 30 and access control apparatus 10.When the bridge 32 that links to each other with peripheral bus 34 comprised the controller of peripherals, access control apparatus 10 can merge in the bridge 32.Certainly, also can between bridge 32 and storer 40, provide access control apparatus 10.
Figure 53 shows the general structure according to the access control system 1 of the 6th correction.Access control system 1 according to the 6th correction structurally is a LSI (integrated on a large scale) system.Shown in Figure 53, access control apparatus 10 and Memory Controller 30 are arranged in the system LSI, and this Memory Controller 30 is connected with processor 20 by a high-speed internal bus 76.
Figure 54 shows the general structure according to the access control system 1 of the 7th correction.Similar with access control system 1 according to the 6th correction, structurally also be a system LSI according to the access control system 1 of the 7th correction.This access control system 1 comprises an industrial siding 78 that is exclusively used in processor 20, be used for about the information setting of access rights in visit opertaing device 10.Therefore, processor 20 can be via high-speed internal bus 76 access opertaing devices 10.
Certainly, also Memory Controller 30 and access control apparatus 10 can be assembled into an integrated circuit.
(the 9th embodiment)
Below, the access control system 1 according to the 9th embodiment is described.1 pair of memory buffer of access control system according to the 9th embodiment is carried out access control.Figure 55 shows the general structure according to the access control system 1 of the 9th embodiment.This access control system 1 comprises that processor 20a is to 20c, Video Controller 21, storer 40 and the access control apparatus 50 that has been equipped with memory buffer.
This access control apparatus 50 is connected with memory bus 42 with processor bus 22.50 pairs of visits from processor 20a to 20c to memory buffer of access control apparatus are controlled, and control the Video Controller 21 that links to each other with access control apparatus 50 via processor bus 22.If desired, access control apparatus 50 can also replace processor 20a etc., writes data or from storer 40 reading of data to storer 40.Like this, access control apparatus 50 also has the function of the Memory Controller 30 among each embodiment of front.
When in the access control system 1 of the 9th embodiment, adopting the input-output apparatus of two or more processors and similar Video Controller 21, between these parts, improve memory access speed by shared buffer memory.
The block diagram of Figure 56 shows the functional structure of access control apparatus 50.Access control apparatus 50 comprises the Buffer control circuit 56 of Buffer control circuit 52, memory buffer 54 and the storer end of processor end.According to the instruction that processor sends, the Buffer control circuit 52 of processor end writes data or reading of data therefrom to memory buffer 54.Memory buffer 54 is stored data and reservoir address etc. temporarily explicitly.
According to the instruction that the Buffer control circuit 52 of processor end sends, the Buffer control circuit 52 of storer end writes data or reading of data therefrom to memory buffer 54.
The block diagram of Figure 57 shows the functional structure of the Buffer control circuit 52 of processor end.The Buffer control circuit 52 of processor end comprises visit ID management circuit 140, visit ID check circuit 522 and sequence controller 524.
The functional structure of the functional structure of visit ID management circuit 140 and the visit ID management circuit 140 of second embodiment shown in Figure 19 is identical, and determines visit ID according to the address.Visit ID check circuit 522 compares visit ID management circuit 140 visit ID that determines and the visit ID that are stored in the memory buffer 54, thereby judges whether they mate.The complete operation of the Buffer control circuit 52 of sequence controller 524 processor controls ends.
The block diagram of Figure 58 shows the functional structure of memory buffer 54.Memory buffer 54 comprises: data area 544 is used for storing over the data of having visited; Tag memory areas 542 is used for the address of data in the memory 40; Visit ID storage area 546 is used for storing the visit ID that allows visit data.In these zones, address, data and visit ID are mutually related.
When data storage in memory buffer 54 and when the request of this data address of visit is arranged, will be returned with the data that this address is stored in data area 544 explicitly, so just can reduce the delay that is brought owing to reference-to storage 40.Memory buffer 54 can be directly to shine upon type, also can be set associative (set associative) type.But the type of the memory buffer 54 of this embodiment is not limited to this, but can be any other type.
The block diagram of Figure 59 shows the functional structure of the Buffer control circuit 56 of storer end.The Buffer control circuit 56 of storer end comprises parity checking code generation circuit 100, first XOR circuit 102, mask value generative circuit 112, second XOR circuit 114, syndrome generative circuit 120, error correction circuit 122 and sequence controller 562.
Whole operations of the Buffer control circuit 56 of sequence controller 562 control store ends.The functional structure of parity checking code generation circuit 100, first XOR circuit 102, mask value generative circuit 112, second XOR circuit 114, syndrome generative circuit 120 and error correction circuit 122 is identical with parity checking code generation circuit 100, first XOR circuit 102, mask value generative circuit 112, second XOR circuit 114, the syndrome generative circuit 120 of first embodiment with error correction circuit 122 respectively.
But in the Buffer control circuit 56 of the storer end of the 9th embodiment, the data that read from storer 40 are stored in the memory buffer 54 explicitly with corresponding visit ID.In the time of in writing data into storer 40, just can obtain this data from buffering storer 54.
The process flow diagram of Figure 60 shows according to the write operation in the access control system 1 of the 9th embodiment, i.e. the part of access control operation.At first, whether 140 decision processor 20 of the visit ID management circuit in the Buffer control circuit 52 of processor end have the right to carry out write operation (step S300).More particularly, obtain the destination address of visit ID and write operation from processor 20.Visit ID management circuit 140 judges whether visit ID that is obtained and the address that is obtained are to interlink in visit ID table 142.
If this visit ID and address interlink, can determine that then this processor 20 has the right to carry out write operation.If this processor 20 haves no right to carry out write operation (among the step S300 " NO "), to processor 20 reporting errors (step S304), and this operation also is through with.
On the other hand, if processor 20 has the right to carry out write operation (among the step S300 " YES "), so, the data that will obtain from processor 20 and visit ID interrelated ground write buffering memory 54 (step S302).
Then, the Buffer control circuit 56 of sequence controller 524 instruction memory ends writes data (step S310).More particularly, sequence controller 524 sends instruction with the form of control signal.In case receive write command, the sequence controller 562 in the Buffer control circuit 56 of storer end just indicates memory buffer 54 to remove reading of data and visit ID, and obtains these data and visit ID (step S320) from buffering storer 54.
Then, mask value generative circuit 112 is received the instruction (step S322) that sends storage purpose address and visit ID and generate mask value.According to this instruction, mask value generative circuit 112 generates mask value according to this address and visit ID.Then, sequence controller 562 sends the instruction of writing data into memory 40 (step S324).According to this instruction, operation by first XOR circuit 102 and 114 execution of second XOR circuit, add parity check code and these data and mask value are carried out XOR, thereby obtain data after first computing, and data after first computing are write the address of processor 20 appointments.
Finished after storer 40 writes the operation of data, (step S326) finished in Buffer control circuit 52 write operations of sequence controller 562 notification processor ends.So far, write operation finishes.
Under the situation that adopts write-through (write through) system, processor 20 is preferably finishing the rear tube control from buffering storer 54 to the write operation of storer 40.Write back in employing under the situation of formula (write back) system, processor 20 was preferably just being taken over control from buffering storer 54 before the write operation of storer 40 finishes.
In a correction, the visit ID of the visit ID of permission write operation and permission read operation is associated with the address in visiting ID table 142.Like this, even between the read and write operation, be provided with different restrictions, also can carry out correct operation.
The process flow diagram of Figure 61 shows according to the read operation in the access control system 1 of the 9th embodiment, i.e. the part of access control operation.In case receive read data request from processor 20, the sequencing circuit 524 in the Buffer control circuit 52 of processor end just judges whether these data are stored in (step S400) in the memory buffer 54.If this data storage is (among the step S400 " YES ") in memory buffer 54, visit ID check circuit 522 judges whether the visit ID that obtains from processor 20 is correct, and promptly whether processor 20 has access rights (step S402).
If visit ID is correct (among the step S402 " YES "), then reads these data and be sent to processor 20 (step S404) from buffering storer 54.If visit ID incorrect (among the step S402 " NO ") is then to processor 20 reporting errors (step S406).
By comparing, determine the correctness of this visit ID to the visit ID that is associated with these data with from the visit ID that processor 20 obtains.If these two visit ID are identical, just can determine that the visit ID that obtains from processor 20 is correct.
On the other hand, if these data are not stored in (among the step S400 " NO ") in the memory buffer 54, then send the instruction (step S410) of reading of data to the Buffer control circuit 56 of storer end.In case receive the instruction of reading of data, the sequence controller 562 in the Buffer control circuit 56 of storer end is just delivered to mask value generative circuit 112 to address and visit ID, and indicates this mask value generative circuit 112 to generate mask value (S420).According to this instruction, mask value generative circuit 112 generates a mask value.
Afterwards, send instruction (step S422) from storer 40 reading of data.According to this instruction, from storer 40 reading of data.By the operation of first XOR circuit 102 and second XOR circuit 114, data after first computing of reading this moment are converted to raw data.
Then, send the data obtained, visit ID and address are written to instruction in the memory buffer 54, so these data, visit ID and address are stored in (step S424) in the memory buffer 54.So raw data just is stored in the memory buffer 54.After data storage was arrived the EO of memory buffer 54, sequence controller 562 can notify the Buffer control circuit 52 read datas operation of storer ends to finish (step S426).In case receive the notice of read data EO, the Buffer control circuit 52 of processor end just changes step S402 over to.
As mentioned above, in the access control system 1 of the 9th embodiment, all once the data of accessed mistake all be stored in the memory buffer 54.Therefore, when visiting again these data later on, just can directly read this data, thereby can improve processing speed from buffering storer 54.Before buffering storer 54 sense datas, check just whether visit ID is consistent.So,, can improve processing speed with comparing from the situation of storer 40 reading of data.
Is the same according to the operation of the access control system 1 of the 9th embodiment and the others of structure with the access control system 1 according to first embodiment.In addition, the access control system 1 distinctive memory buffer of the 9th embodiment also can be with among any one embodiment in front.
The block diagram of Figure 62 shows the functional structure according to the access control apparatus 10 of the tenth embodiment.Except the functional structure in the memory access control device 10 that comprises second embodiment, also increased address-translating device 160 according to the access control apparatus 10 of the tenth embodiment.The access control apparatus 10 of this embodiment is another address to each address translation of obtaining from processor 20, and carries out data access by the address after the conversion.According to the information of address conversion that is stored in the mask value generative circuit 112, the conversion of address-translating device 10 executive addresss.
The block diagram of Figure 63 shows in detail the functional structure of the mask value generative circuit 112 of the tenth embodiment.Mask value generative circuit 112 comprises information of address conversion table 138 and address information designating unit 139, also comprises data mask generative circuit 130, syndrome generative circuit 132 and parity checking code generation circuit 134.Address information designating unit 139 inquire address transitional information tables 138, and according to the visit ID determine information of address conversion.
Figure 64 shows the data structure of information of address conversion table 138.Information of address conversion table 138 connects visit ID and information of address conversion.Like this, be more satisfactory for each visit ID distributes different information of address conversion.
After conversion was paid a visit and asked ID in information of address conversion table 138,139 information of address conversion that are associated with visit ID of information of address conversion designating unit sent.
In the operation of address translation that address-translating device 160 will be carried out, the most basic is exactly: be not identical address with certain address translation, and, be not identical address with two or more a plurality of address translation.As long as satisfy these conditions, the method for reference address is not limited to the method used among this embodiment.
Figure 65 shows a storage address.Generally speaking, a storage address will have fixing figure place, this be the visit scope (s) corresponding with alignment buffer size, with the big or small corresponding scope (r+s) of the page or leaf of memory device and necessary with page big or small corresponding scope (q+r+s) of page table management.
Such as, if storer is formed by 256 at 64 of word uses and every alignment buffer, so, the scope (s) corresponding with the alignment buffer size is exactly 2.Such as, the scope (r+s) corresponding with the page or leaf size of memory device promptly is to carry out the scope of burst-transfer at 128 words that seven bits constitute.Come the executive address conversion operations according to this relation, thereby prevent that memory access speed from descending.
Such as, under the preferable case, the word that belongs to same alignment buffer in the storer should be converted to continuous address, thereby can read or write these words at a high speed by burst-transfer.Can between them, rearrange continuous address.
Under the preferable case, the word in one page of memory device should be converted to the continuation address in this page, thereby can read or write these words at a high speed by burst-transfer.Can between them, rearrange continuous address.
Address-translating device 160 is to satisfy the mode executive address conversion operations of following condition.Figure 66 A and Figure 66 B show the address translation operation that address-translating device 160 will be carried out.In Figure 66 A and Figure 66 B, have only low 7 in each storage address.160 of address-translating devices are changed low seven.In this example, an alignment buffer formed in four words.
As shown in the figure, the bit in each set that is made of four words is random transition all, but the still continuation address that rearranges of the process in each set of the address after the conversion.But the address after the address translation on two or more the alignment buffers is just discontinuous.Therefore, can prevent the decline of transmission efficiency.
Figure 67 shows in detail the structure of address-translating device 160.Information of address conversion is stored in the address translation table 162 that is made of storer.Figure 68 shows the address translation table that realizes the operation of address translation shown in Figure 66 A and the 66B.
When inquire address conversion table 162, use higher 5 that hang down 7 in each address.High 5 in 13 information being obtained replace high 5 among low 7 of each appropriate address.In addition, low 2 according to each appropriate address selected 2 from 8 of remainder.2 low 2 of replacing in each appropriate address that select.
Figure 69 shows the process flow diagram of the write operation that will carry out according to the access control system 1 of the tenth embodiment.Carry out (step S108) after the XOR, carry out above-mentioned address translation operation (step S109).Then, data are write storage address (step S110) after the conversion.
Figure 70 shows the process flow diagram of the read operation that will carry out according to the access control system 1 of the tenth embodiment.After the generation mask value (step S106), executive address conversion operations (S203).Storage address after address translation reads data (step S204) after first computing.
Is the same according to the operation of the access control system 1 of the tenth embodiment and the others of structure with the access control system 1 according to first embodiment.
Figure 71 shows the structure according to the address-translating device 160 of first correction of the tenth embodiment.In this correction, can when inquire address conversion table 162, utilize the high position of each address and the XOR value of low level to realize a greater variety of conversions.Like this, with regard to more difficult estimation address translation pattern.
Though information of address conversion is stored in the data mask generative circuit 130 in the tenth embodiment, it also can be stored in some other parts.In second correction of the tenth embodiment, operate the access control system 1 that also is applicable to according to the 5th embodiment according to the address translation of the tenth embodiment, and information of address conversion is stored in the data mask generation information table 1302.
Figure 72 shows the data structure that generates information table 1302 according to the data mask of second correction.Generate in the information table 1302 at data mask, information of address conversion is associated with visit ID.Can visit ID according to each and generate information table 1302, determine information of address conversion by the data query mask.
The block diagram of Figure 73 shows the functional structure according to the memory access control device 10 of the 11 embodiment.According to the access control apparatus 10 of the 11 embodiment functional structure, also comprise burst-transfer controller 164 and reorder buffer 166 except the memory access control device 10 that comprises the tenth embodiment.
In the time will carrying out burst-transfer according to the sequence of addresses in the storer 40, burst-transfer controller 164 these burst-transfer of control.In burst-transfer, use reorder buffer 166.When address conversion equipment 160 rearranges the word in every alignment buffer,, just can not utilize the burst-transfer function of each memory device if conduct interviews according to the sequence after rearranging.As a result, cause to realize transmission efficiency faster.In order to address this problem, burst-transfer controller 164 conducts interviews by carrying out burst-transfer according to the address sequence in the storer 40, and the address sequence after address sequence in 166 pairs of storeies 40 of reorder buffer and address-translating device 160 conversions rearranges.
Figure 74 illustrates the structure of the reorder buffer 166 of knowing clearly.In this structure, every alignment buffer is made up of 256 bits, and each word in the storer is made up of 64 bits, and an alignment buffer formed in per four words.
Shown in Figure 74, reorder buffer 166 comprises register 0 to register 3, and they are corresponding to four words of an alignment buffer.The instruction of sending according to burst-transfer controller 164 is written to the data that read from processor 20 or storer 40 in the register of appointment these four registers.In addition, read and be stored in the data of specifying in these four registers in the register, and send it to processor 20 or storer 40.
The process flow diagram of Figure 75 shows burst-transfer controller 164 and writes the operation that data will be carried out to storer 40.If there is not burst-transfer instruction (among the step S500 " NO "), just carry out conventional write operation (step S510).Here said " conventional write operation " is the same with the write operation among the tenth embodiment, and data are written to the storage address of being obtained by address-translating device 160.
If burst-transfer instruction (among the step S500 " YES ") is arranged, then the data of sending from processor 20, promptly want the data of write store 40, write (step S502) in the reorder buffer 166 temporarily.Then, the information of address conversion table 138 from mask value generative circuit 112 obtains information of address conversion (step S504).Then, write data in the storer 40 by burst-transfer according to the storage address sequence, this storage address sequence converts (step S506) according to information of address conversion.This operation leaves it at that.
Figure 76 shows the described write operation as Figure 75.In the example shown in Figure 76, processor 20 is data A, B, C and D that the word of " 1010000 " is write four words from low seven of address.
Here, the address-translating device shown in Figure 67 160 is converted to address " 0110011 " to address " 1010000 ".Similarly, address " 1010001 " are converted to " 0110010 ", and address " 1010010 " are converted to " 0110000 ", and address " 1010011 " are converted to " 0110001 ".
In the time will writing data, can't carry out burst-transfer according to the storage address sequence after the conversion.Therefore, burst-transfer controller 164 stores data in the reorder buffer 166 temporarily.According to information of address conversion, data rearrangement, thus regenerate continuation address.In the example shown in Figure 76, data C writes on address " 0110000 ", and data D writes on address " 0110001 ", and data B writes on address " 0110010 ", and data A writes on address " 0110011 ".Then,, press the burst-transfer of the order of C, D, B and A, carry out write operation by from the address " 0110000 ".
The process flow diagram of Figure 77 shows the operation that burst-transfer controller 164 will be carried out from storer 40 reading of data.If there is not burst-transfer instruction (among the step S520 " NO "), just carry out conventional write operation (step S530).Here said " conventional write operation " is the same from the read operation of storage address reading of data in order with address-translating device 160 among the tenth embodiment.
If burst-transfer instruction (among the step S520 " YES ") is arranged, then from the information of address conversion table 138 of mask value generative circuit 112, obtains information of address conversion (step S522).According to the storage address sequence that converts according to information of address conversion, read four words that begin from location superlatively from storer 40, and it is written to (step S524) in the reorder buffer 166 temporarily.Then, by burst-transfer, the data that are stored in the reorder buffer 166 are returned to processor 20 according to the storage address sequence, this storage address sequence converts (step S526) according to information of address conversion.This operation leaves it at that.
Figure 78 illustrates in greater detail above-mentioned read operation.In example shown in Figure 78, processor 20 is to read four words the word of " 1010000 " from low seven of address.
Here, address-translating device shown in Figure 67 160 is converted to address " 0110011 " to address " 1010000 ".Similarly, address " 1010001 " are converted to " 0110010 ", and address " 1010010 " are converted to " 0110000 ", and address " 1010011 " are converted to " 0110001 ".
Burst-transfer controller 164 at first reads four words from " 0110000 ", the location superlatively after the conversion of " 0110000 " presentation address.These four words are temporarily stored in the reorder buffer 166.In these data that read constantly is data A, B, C and D.
According to information of address conversion, burst-transfer controller 164 rearranges data according to the original address sequence.In example shown in Figure 78, data D from the address " 0110000 " read, data C from the address " 0110001 " read, data A from the address " 0110010 " read, and data B from the address " 0110011 " read.Then, these data return to processor 20 by the burst-transfer with D, C, A and B order of " 0110000 " beginning from the address.
As mentioned above, in access control system 1, revise the true address in the storer, thereby eliminate the correlativity between true address and the mask value according to the 11 embodiment.Like this, can reduce the possibility of correct estimation mask value.Therefore, can realize higher security.
Is the same according to the operation of the access control system 1 of the 11 embodiment and the others of structure with the access control system 1 according to the tenth embodiment.
Below, a correction according to the address translation operation of the 11 embodiment is described.In this correction, the operation of the address translation of the 11 embodiment also is applicable to the access control system 1 of the 9th embodiment.The block diagram of Figure 79 shows the functional structure according to the Buffer control circuit 56 of the storer end of this embodiment.Except comprising functional structure, also comprise address-translating device 160 according to the Buffer control circuit 56 of the storer end of this embodiment according to the access control apparatus 10 of the 11 embodiment.
Sequence controller 562 is carried out and burst-transfer controller 164 identical operations.Therefore, the access control system 1 of the 9th embodiment can be carried out and the 11 embodiment identical operations, and also can reach identical effect.
The Buffer control circuit 56 of the storer end in this correction does not have reorder buffer.In this structure, data do not rearrange in reorder buffer when burst-transfer, but specify the memory buffer 54 can be by this word access.Like this, memory buffer 54 just can be used as reorder buffer.
Figure 80 shows the general structure according to the access control system 1 of the 12 embodiment.In the access control system 1 according to the 12 embodiment, memory access control device 10 has identical bus encryption equipment 170 and 410 with storer 40. Bus encryption equipment 170 and 410 shared keys.The random number that utilization generates according to this key, bus encryption equipment 170 and 410 pairs of signals via memory bus 42 transmission are encrypted.
Figure 81 shows the functional structure of memory access control device 10.Except comprising functional structure, also comprise bus encryption equipment 170 according to the memory access control device 10 of the 12 embodiment according to the memory access control device 10 of first embodiment.Bus encryption equipment 170 generates and is used for control signal mask that control signal is encrypted, generation is used for address mask that storage address is encrypted, generation is used for data are carried out the ciphered data mask, and generates and to be used for parity check code mask that parity check code is encrypted.In these signals each is all carried out mask and is exported by memory bus 42.
The block diagram of Figure 82 shows in detail the functional structure of bus encryption equipment 170.Bus encryption equipment 170 comprises public keys treatment circuit 171, public keys storage unit 172, initial value counting circuit 173 and circuit for generating random number 174.
Public keys treatment circuit 171 is carried out the operation of shared key between bus encryption equipment 170 and 410.Can adopt multiple mode to realize the shared of public PKI.Such as, when access control system 1 carries out initialization, initial key is write in each bus encryption equipment 170 and 410.After a while, generate a new key in the regular interval, then with the public keys between the new key replacement bus encryption equipment 170 and 410.
Public keys storage unit 172 storage keys.According to this key, initial value counting circuit 173 generates the initial value of circuit for generating random number 174.Preferably adopt one-way function, to prevent from correctly to estimate key.Such as, can be used as initial value by hash function according to the value that this key generates.Circuit for generating random number 174, the value that initial value counting circuit 173 is calculated is used as initial value, generates random number sequence with this.
The functional structure of the bus encryption equipment 410 of storer 40 is identical with the functional structure of bus encryption equipment 170.The shared key of the public keys treatment circuit of these two encryption devices.The circuit for generating random number of these two encryption devices generates random number simultaneously according to this key.Under the situation of mask being encrypted, calculate XOR value via the signal of memory bus 42 transmission at transmission ends and receiving end with the random number that generates.Therefore, the signal via memory bus 42 transmission is disseminated.
Like this, in order to check access rights, generate mask value with access control apparatus according to the address raw data is carried out mask, and the mask value with bus encryption equipment generates by xor operation under the situation of not considering the address carries out mask to raw data.Therefore, data estimator and this two classes mask value can become more difficult.Thereby, can realize higher security.
Figure 83 and Figure 84 show the signal flow via memory bus 42 transmission according to the 12 embodiment.Signal example shown in Figure 83 is not operated through the mask of bus encryption equipment 170 and 410.Sequentially read, write and read from address A36 at address A35 from address A34.In this case, corresponding memory address, corresponding data and corresponding parity check code are all via memory bus 42 transmission.
Signal example shown in Figure 84 has been passed through the mask operation of bus encryption equipment 170 and 410.In Figure 84, Ri.c, Ri.a, Ri.d, Ri.p represent control signal encryption mask, address encryption mask, data encryption mask and the parity check code encryption mask of Ri respectively.Shown in Figure 84, bus encryption equipment 170 and 410 generates the random number that is used for carrying out mask by clock.By xor operation, via the signal of storer 42 transmission and the random value that is used for carrying out mask combine.
In first correction of the 12 embodiment, bus encryption equipment 170 does not have initial value counting circuit 173, and the initial value of key as circuit for generating random number 174 provided.But from the angle of safety, the preferred initial value that is calculated by initial value counting circuit 173 that adopts is to avoid the correct estimation to key.
In second correction, circuit for generating random number 174 has adopted LFSR.The block diagram of Figure 85 shows the functional structure according to the bus encryption equipment 170 of second correction.Circuit for generating random number 174 comprises that random number register 175 and LFSR postpone counting circuit 176.
Current state records in the random number register 175, and is calculated according to the state after the step delay of certain quantity of current state process by LFSR delay counting circuit 176.State after postponing is made as NextState, and its value is exported as encryption mask.
The block diagram of Figure 86 shows the functional structure according to the memory access control device 10 of the 3rd correction.Except comprising, also comprise bus encryption equipment 170 according to the memory access control device 10 of the 3rd correction according to the functional structure of the memory access control device 10 of the 8th embodiment.
The block diagram of Figure 87 shows the functional structure according to the memory access control device 10 of the 4th correction.Except comprising, also comprise bus encryption equipment 170 according to the memory access control device 10 of the 4th correction according to the functional structure of the memory access control device 10 of the tenth embodiment.
The block diagram of Figure 88 shows the functional structure according to the memory access control device 10 of the 5th correction.Except comprising, also comprise bus encryption equipment 170 according to the memory access control device 10 of the 5th correction according to the functional structure of the Buffer control circuit 56 of the storer end of the 9th embodiment.
As mentioned above, the bus encryption equipment 170 of the 12 embodiment can be applied in the access control system 1 of other embodiment.Like this, in order to check access rights, generate mask value with access control apparatus according to the address raw data is carried out mask, and the mask value with bus encryption equipment generates by xor operation under the situation of not considering the address carries out mask to raw data.Data estimator and this two classes mask value can become more difficult.Thereby, can realize higher security.
Described in other embodiment of front, the 9th the access control system 1 peculiar access control apparatus 10 to the 12 embodiment also goes for Figure 48 to other system shown in Figure 54.
To those skilled in the art, other advantages and modification will be easy to associate.Therefore, the present invention is not limited to detail described herein and representative embodiment with regard to its more wide in range aspect.Therefore, under the prerequisite that does not deviate from claims and the present general inventive concept that equivalent limited thereof, can make various modifications.

Claims (26)

1, a kind of access control apparatus is used to control the visit between write device, reader and the storer, comprising:
The parity checking code generator at the raw data that will write described storer, generates parity check code;
The parity check code totalizer by add the described parity check code that described parity checking code generator generates to described raw data, generates the data that are added with parity check code;
The first syndrome maker generates first syndrome, promptly writes the value that the first used fetcher code of described raw data is associated with the request of said write device to described storer;
First mask code generator based on described first syndrome, described first fetcher code and first memory address, generates first mask data, and wherein, the said write device will write described raw data in described first memory address;
The first XOR unit by carry out XOR between described data that are added with parity check code and described first mask data, obtains data after first computing;
Writing unit writes data after described first computing in the described storer;
The second syndrome maker is used to generate second syndrome, i.e. the value that is associated from the second used fetcher code of described memory read data with described reader request;
Second mask code generator based on described second syndrome, described second fetcher code and second memory address, generates second mask data, and wherein, described reader will read described data from described second memory address;
Reading unit reads data after described first computing from described storer;
The second XOR unit by carrying out XOR between the data after described second mask data and described first computing, obtains data after second computing;
The sub-counter of the adjustment of data based on data after described second computing, calculates real data syndrome; And
The output judging unit based on described real data syndrome, judges whether data after described second computing are exported as described raw data.
2. access control apparatus as claimed in claim 1 also comprises:
The first code getter obtains described first fetcher code from the said write device; And
The second code getter obtains described second fetcher code from described reader, wherein
The described first syndrome maker generates described first syndrome based on described first fetcher code that described first code getter obtains, and
The described second syndrome maker generates described second syndrome based on described second fetcher code that described second code getter obtains.
3. access control apparatus as claimed in claim 2, wherein
Described first code getter obtains described first fetcher code via first industrial siding that is connected with the said write device; And
Described second code getter obtains described second fetcher code via second industrial siding that is connected with described reader.
4. access control apparatus as claimed in claim 1 also comprises:
Write device ID getter obtains the write device ID that is used to identify the said write device;
First code is specified device, and the said write device ID based on said write device ID getter obtains determines described first fetcher code;
Reader ID getter obtains the reader ID that is used to identify described reader; And
Second code is specified device, and the described reader ID based on described reader ID getter obtains determines described second fetcher code; Wherein
Described first fetcher code that the described first syndrome maker specifies device to determine based on described first code generates described first syndrome, and
Described second fetcher code that the described second syndrome maker specifies device to determine based on described second code generates described second syndrome.
5. access control apparatus as claimed in claim 4 also comprises:
The first code storer is stored be mutually related said write device ID and described first fetcher code; And
The second code storer is stored be mutually related described reader ID and described second fetcher code, wherein
Described first code specifies device to determine described first fetcher code, and wherein, described first fetcher code is stored in the described first code storer and is associated with said write device ID that said write device ID getter obtains, and
Described second code specifies device to determine described second fetcher code, and wherein, described second fetcher code is stored in the described second code storer and is associated with described reader ID that described reader ID getter obtains.
6. access control apparatus as claimed in claim 5 also comprises:
The first address getter obtains described first memory address from the said write device; And
The second address getter obtains described second memory address from described reader; Wherein
Described first code storer is also stored the described first memory address that is associated with described first fetcher code,
Described first code specifies device to determine described first fetcher code, and wherein, described first fetcher code is stored in the described first code storer and is associated with first memory address that the described first address getter obtains,
Described second code storer is also stored the described second memory address that is associated with described second fetcher code, and
Described second code specifies device to determine described second fetcher code, and wherein, described second fetcher code is stored in the described second code storer and is associated with second memory address that the described second address getter obtains.
7. access control apparatus as claimed in claim 1 also comprises:
The first address getter obtains described first memory address from the said write device;
The first code storer is stored be mutually related described first memory address and described first fetcher code;
First code is specified device, described first fetcher code of determining to be stored in the described first code storer and being associated with described first memory address that the described first address getter obtains;
The second address getter obtains described second memory address from described reader;
The second code storer is stored be mutually related described second memory address and described second fetcher code; And
Second code is specified device, described second fetcher code of determining to be stored in the described second code storer and being associated with described second memory address that the described second address getter obtains, wherein
Described first fetcher code that the described first syndrome maker specifies device to determine based on described first code generates described first syndrome, and
Described second fetcher code that the described second syndrome maker specifies device to determine based on described second code generates described second syndrome.
8. access control apparatus as claimed in claim 1, wherein,
Described first mask code generator comprises:
The first data mask maker based on described first fetcher code and described first memory address, generates the data mask that is used for described raw data is carried out mask; And
The first parity check code mask code generator, generation is used for the described parity check code that described parity checking code generator generates is carried out the parity check code mask of mask, wherein, described parity check code mask is to carry out XOR between syndrome by the described data mask that generates at described data mask maker and described first syndrome that the described first syndrome maker generates to obtain;
Described second mask code generator comprises:
The second data mask maker, based on described second fetcher code and described second memory address, generate be used for to described first computing of the corresponding part of described raw data after data carry out the data mask of mask; And
The second parity check code mask code generator, generation be used for to described first computing of the corresponding part of described parity check code after data carry out the parity check code mask of mask, wherein, described parity check code mask is to carry out XOR between syndrome by the described data mask that generates at described data mask maker and described second syndrome that the described second syndrome maker generates to obtain;
XOR is carried out in the described first XOR unit between the described data mask of described raw data and the generation of the described first data mask maker, and between the described parity check code mask of described parity check code and the generation of the described first parity check code mask code generator, carry out XOR, and
The described second XOR unit carries out XOR between the described data mask that the data division of data after described first computing and the described second data mask maker generate, and, partly and between the described parity check code mask of described second parity check code mask code generator generation carry out XOR at the parity check code of data after described first computing.
9. access control apparatus as claimed in claim 8, wherein said first data mask maker and the described second data mask maker respectively comprise the linear feedback shift register delay calculator.
10. access control apparatus as claimed in claim 9, wherein said linear feedback shift register delay calculator carries out computing to described first fetcher code with the different parameter of each employing in described second fetcher code.
11. access control apparatus as claimed in claim 8, wherein said first data mask maker and the described second data mask maker respectively comprise:
A plurality of linear feedback shift register delay calculators; And
XOR is carried out between at least two linear feedback shift register delay calculator output valves in described a plurality of linear feedback shift register delay calculator output valves in an XOR unit.
12. access control apparatus as claimed in claim 11, wherein said linear feedback shift register delay calculator carries out computing to described first fetcher code with the different parameter of each employing in described second fetcher code.
13. access control apparatus as claimed in claim 12 also comprises:
Data mask generates information-storing device, the parameter of storing described linear feedback shift register delay calculator, and described parameter is associated with described first fetcher code or described second fetcher code, wherein
The utilization of described linear feedback shift register delay calculator is stored in the described data mask generation information-storing device and the described parameter that is associated with described first fetcher code or described second fetcher code is carried out computing.
14. access control apparatus as claimed in claim 8, wherein said first data mask maker and the described second data mask maker respectively comprise the zero shift unit that each storage address is shifted.
15. access control apparatus as claimed in claim 8, wherein said first data mask maker and the described second data mask maker respectively comprise the address separation vessel, and described address separation vessel is converted to continuous memory address value the value of apart from each other.
16. access control apparatus as claimed in claim 1 also comprises:
The write device address translator is described first memory address translation different addresses; And
The reader address translator is described second memory address translation different addresses, wherein
Described first memory address after the described first syndrome maker is changed based on said write device address translator generates described first syndrome,
Described first memory address after described first mask code generator is changed based on said write device address translator generates described first mask data,
Described second memory address after the described second syndrome maker is changed based on described reader address translator generates described second syndrome, and
Described second memory address after described second mask code generator is changed based on described reader address translator generates described second mask data.
17. access control apparatus as claimed in claim 1, wherein said write device and described reader are processor or process.
18. access control apparatus as claimed in claim 1 also comprises:
Random number generator, generate with described storer in the identical random number of random number that generates;
XOR is carried out between the storage address in the zone that will visit in XOR unit at random in described random number that described random number generator generates and described storer; And
Address transfer device after the computing, the address after the transmission computing, the operation result of promptly described XOR at random unit.
19. an access control system comprises:
Processor; And
Memory access control device, control is to the visit of storer, and described processor and described storer all are connected to described memory access control device,
Described memory access control device comprises:
The parity checking code generator at the raw data that will write described storer, generates parity check code;
The parity check code totalizer by add the described parity check code that described parity checking code generator generates to described raw data, generates the data that are added with parity check code;
The first syndrome maker, generate first syndrome of first mask data, so that the described data that are added with parity check code are carried out mask, described first syndrome is the value that is associated with first fetcher code in advance, described first fetcher code is the information that will use when write device is visited described storer, and the request of said write device writes described storer to described raw data;
First mask code generator based on described first syndrome, described first fetcher code and first memory address, generates described first mask data, wherein will described raw data be write in described first memory address;
The first XOR unit by carry out XOR between described data that are added with parity check code and described first mask data, obtains data after first computing;
Writing unit writes described storer to data after described first computing;
The second syndrome maker, generate second syndrome of second mask data, so that data after described first computing are carried out mask, described second syndrome is the value that is associated with second fetcher code in advance, described second fetcher code is the information that will use when the described storer of access by readers, and described reader request is from described memory read data;
Second mask code generator based on described second syndrome, described second fetcher code and second memory address, generates described second mask data, wherein will read described data from described second memory address;
Reading unit reads data after described first computing from described storer;
The second XOR unit by carrying out XOR between the data after described second mask data and described first computing, obtains data after second computing;
The sub-counter of the adjustment of data based on data after described second computing, calculates actual adjustment of data; And
The output judging unit based on described real data syndrome, judges whether data after described second computing are exported as described raw data.
20. access control system as claimed in claim 19 also comprises:
Memory Controller is connected between described processor and the described memory access control device.
21. a processor that is equipped with Memory Controller and memory access control device, described memory access control device are used to control the visit to storer,
Described memory access control device comprises:
The parity checking code generator at the raw data that will write described storer, generates parity check code;
The parity check code totalizer by add the described parity check code that described parity checking code generator generates to described raw data, generates the data that are added with parity check code;
The first syndrome maker, generate first syndrome of first mask data, so that the described data that are added with parity check code are carried out mask, described first syndrome is the value that is associated with first fetcher code in advance, described first fetcher code is the information that will use when write device is visited described storer, and the request of said write device writes described storer to described raw data;
First mask code generator based on described first syndrome, described first fetcher code and first memory address, generates described first mask data, wherein will write described raw data in described first memory address;
The first XOR unit by carry out XOR between described data that are added with parity check code and described first mask data, obtains data after first computing;
Writing unit writes described storer to data after described first computing;
The second syndrome maker, generate second syndrome of second mask data, so that data after described first computing are carried out mask, described second syndrome is the value that is associated with second fetcher code in advance, described second fetcher code is the information that will use when the described storer of access by readers, and described reader request is from described memory read data;
Second mask code generator based on described second syndrome, described second fetcher code and second memory address, generates described second mask data, wherein will read described data from described second memory address;
Reading unit reads data after described first computing from described storer;
The second XOR unit by carrying out XOR between the data after described second mask data and described first computing, obtains data after second computing;
The sub-counter of the adjustment of data based on data after described second computing, calculates actual adjustment of data; And
The output judging unit based on described real data syndrome, judges whether data after described second computing are exported as described raw data.
22. an access control method comprises:
At the primary data that will be written into storer, generate parity check code;
By adding the described parity check code that is generated, generate the data that are added with parity check code to described raw data;
Generate first syndrome of first mask data, so that the described data that are added with parity check code are carried out mask, described first syndrome is the value that is associated with first fetcher code in advance, described first fetcher code is the information that will use when write device is visited described storer, and the request of said write device writes described storer to described raw data;
Based on described first syndrome, described first fetcher code and first memory address, generate described first mask data, wherein to write described raw data in described first memory address;
By between described data that are added with parity check code and described first mask data, carrying out XOR, obtain data after first computing;
Data after described first computing are write described storer;
Generate second syndrome of second mask data, so that data after described first computing are carried out mask, described second syndrome is the value that is associated with second fetcher code in advance, described second fetcher code is the information that will use when the described storer of access by readers, and described reader request is from described memory read data;
Maker generates described second mask data based on described second syndrome, described second fetcher code and second memory address, and wherein said data will read from described second memory address;
Read data after described first computing from described storer;
By carrying out XOR between the data after described second mask data and described first computing, obtain data after second computing;
Based on data after described second computing, calculate actual adjustment of data; And
Based on described real data syndrome, judge whether data after described second computing are exported as described raw data.
23. a memory access control device comprises:
The read request getter obtains the data that will read from storer and reads the used storage address of described data, and described data and described storage address are obtained from a reader, and described reader request reads described data from described storer;
The memory buffer watch-dog, judge whether the described storage address that described read request getter obtains is stored in the memory buffer, described memory buffer is with data, described memory of data address and supplicant access code are stored interrelatedly, request writes described storer to the write device request that described data write described storer with described data, perhaps described reader request reads described data from described storer, and described request side's fetcher code is the information that will use when allowing the described storer of the write device of the described data of visit or access by readers;
The fetcher code comparer, when described memory buffer watch-dog determines that described storage address is stored in the described memory buffer, described request side's fetcher code is compared with second fetcher code, described request side's fetcher code is associated with described storage address in the described memory buffer, and the information that will use during described second fetcher code to be described access by readers described storer;
Output unit when described request side's fetcher code and described second fetcher code are complementary, outputs to described reader to the described data that are associated with described storage address in the described memory buffer;
The parity checking code generator at the described data that are stored in the described data-carrier store, generates parity check code;
The parity check code totalizer by add the described parity check code that described parity checking code generator generates to described data, generates the data that are added with parity check code;
The first syndrome maker, generate first syndrome of first mask data, so that the described data that are added with parity check code are carried out mask, described first syndrome is the value that is associated with described first fetcher code in advance, and described first fetcher code is an information used when the said write device writes described storer with described data;
First mask code generator based on described first syndrome, described first fetcher code and described storage address, generates described first mask data;
The first XOR unit by carry out XOR between described data that are added with parity check code and described first mask data, obtains data after first computing;
Writing unit writes described storer with data after described first computing as described data;
The second syndrome maker, when described memory buffer watch-dog determines that the described storage address of the described data that described read request getter obtains is not stored in the described memory buffer, generate second syndrome of second mask data, so that the described data that are stored in the described storer are carried out mask, described second syndrome is the value that is associated in advance with described second fetcher code;
Second mask code generator based on described second syndrome, described second fetcher code and described storage address, generates described second mask data;
Reading unit reads data after described first computing from described storer;
The second XOR unit by carrying out XOR between the data after described first computing of reading in described second mask data with from described reading unit, obtains data after second computing;
The sub-counter of the adjustment of data based on data after described second computing, calculates actual adjustment of data; And
The output judging unit based on described adjustment of data, judges whether the described data output of data after described second computing as described reader request.
24. memory access control device as claimed in claim 23 also comprises:
The write request getter obtains the data that will write described storer and writes the used storage address of described data, and described data and described storage address are to obtain to the write device that storer writes described data from request;
Code memory is stored described storage address and described first fetcher code explicitly; And
Data-carrier store, when the described storage address of obtaining when described write request getter was associated with described first fetcher code of write device described in the described fetcher code storer, described data that described write request getter is obtained and described storage address and described first fetcher code were stored explicitly.
25. an access control system comprises:
Processor;
Memory access control device, control is to the visit of storer, and described processor and described storer all are connected to described memory access control device, and described memory access control device comprises a memory buffer,
Data, described data storage device address and supplicant access code that described buffer memory stores has write device or reader to ask; The request of said write device writes described memory to described data; And described reader request reads described data from described memory; Described request side's fetcher code is the information that will use when the write device that allows the described data of access or the described memory of access by readers; Described data and described storage address are associated with described request side's fetcher code
Described memory access control device comprises:
The read request getter obtains the described data that will read from described storer and the described storage address of described data from described reader;
The memory buffer watch-dog judges whether the described storage address that described read request getter obtains is stored in the described memory buffer;
The fetcher code comparer, when described memory buffer watch-dog determines that described storage address is stored in the described memory buffer, the described request side's fetcher code and second fetcher code are compared, described request side's fetcher code is associated with described storage address in the described memory buffer, and the information that will use during described second fetcher code to be described access by readers described storer; And
Output unit, when described request side's fetcher code and described second fetcher code were complementary, the described data that will be associated with the described storage address in the described memory buffer outputed to described reader
The parity checking code generator at the described data that are stored in the described data-carrier store, generates parity check code;
The parity check code totalizer by add the described parity check code that described parity checking code generator generates to described data, generates the data that are added with parity check code;
The first syndrome maker, generate first syndrome of first mask data, so that the described data that are added with parity check code are carried out mask, described first syndrome is the value that is associated with described first fetcher code in advance, and described first fetcher code is an information used when the said write device writes described storer with described data;
First mask code generator based on described first syndrome, described first fetcher code and described storage address, generates described first mask data;
The first XOR unit by carry out XOR between described data that are added with parity check code and described first mask data, obtains data after first computing;
Writing unit writes described storer with data after described first computing as described data;
The second syndrome maker, when described memory buffer watch-dog determines that the described storage address of the described data that described read request getter obtains is not stored in the described memory buffer, generate second syndrome of second mask data, so that the described data that are stored in the described storer are carried out mask, described second syndrome is the value that is associated in advance with described second fetcher code;
Second mask code generator based on described second syndrome, described second fetcher code and described storage address, generates described second mask data;
Reading unit reads data after described first computing from described storer;
The second XOR unit by carrying out XOR between the data after described first computing of reading in described second mask data with from described reading unit, obtains data after second computing;
The sub-counter of the adjustment of data based on data after described second computing, calculates actual adjustment of data; And
The output judging unit based on described adjustment of data, judges whether the described data output of data after described second computing as described reader request.
26. a memory access control method comprises:
Obtain the data that will read and read the used storage address of described data from storer, described data and described storage address are obtained from a reader, and described reader request reads described data from described storage;
Judge whether the described storage address of obtaining is stored in the memory buffer, described memory buffer is stored data, described memory of data address and supplicant access code interrelatedly, request writes described storer to the write device request that described data write described storer with described data, perhaps described reader request reads described data from described storer, and described request side's fetcher code is the information that will use when visiting the write device of described data or the described storer of access by readers when having the right;
When described storage address is stored in the described memory buffer, the described request side's fetcher code and second fetcher code are compared, described request side's fetcher code is associated with described storage address in the described memory buffer, and the information that will use during described second fetcher code to be described access by readers described storer;
When described request side's fetcher code and described second fetcher code are complementary, the described data output that will be associated with the described storage address in the described memory buffer;
Generate parity check code, and it is stored in the described storer;
By adding described parity check code, generate the data that are added with parity check code to described data;
Generate first syndrome of first mask data, so that the described data that are added with parity check code are carried out mask, described first syndrome is the value that is associated with first fetcher code in advance, and described first fetcher code is the information that will use when write device writes described storer to described data;
Based on described first syndrome, described first fetcher code and storage address, generate described first mask data;
By between described data that are added with parity check code and described first mask data, carrying out XOR, obtain data after first computing;
Data after described first computing are write described storer as described data;
Determining the storage address of fetched data when the monitor of described memory buffer is not stored in when in the described memory buffer, generate second syndrome of second mask data, so that the data that are stored in the described storer are carried out mask, described second syndrome is the value that is associated with second fetcher code in advance;
Based on described second syndrome, described second fetcher code and second memory address, generate described second mask data;
Read data after described first computing from described storer;
By carrying out XOR between the data after described second mask data and described first computing, obtain data after second computing;
Based on data after described second computing, calculate actual adjustment of data; And
Based on described real data syndrome, judge whether the data output of data after described second computing as described reader request.
CNB2006101667893A 2005-11-30 2006-11-30 Access control apparatus, access control method, memory access control device, and memory access control method Expired - Fee Related CN100507878C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2005346518 2005-11-30
JP346518/2005 2005-11-30
JP079691/2006 2006-03-22

Publications (2)

Publication Number Publication Date
CN1991801A CN1991801A (en) 2007-07-04
CN100507878C true CN100507878C (en) 2009-07-01

Family

ID=38214063

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2006101667893A Expired - Fee Related CN100507878C (en) 2005-11-30 2006-11-30 Access control apparatus, access control method, memory access control device, and memory access control method

Country Status (1)

Country Link
CN (1) CN100507878C (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102023884A (en) * 2010-11-25 2011-04-20 深圳市科陆电子科技股份有限公司 Method for automatically generating check code of development program of embedded system
CN102567241A (en) * 2010-12-27 2012-07-11 北京国睿中数科技股份有限公司 Memory controller and memory access control method
GB201114831D0 (en) * 2011-08-26 2011-10-12 Univ Oxford Brookes Circuit with error correction
CN104268483B (en) * 2014-09-19 2017-04-19 福州瑞芯微电子股份有限公司 Data protecting system, device and method
CN105743652B (en) * 2014-12-11 2019-01-22 上海华虹集成电路有限责任公司 Data/address bus encryption method based on address exclusive or
US10140175B2 (en) * 2015-11-20 2018-11-27 Qualcomm Incorporated Protecting an ECC location when transmitting correction data across a memory link
GB2550929A (en) * 2016-05-31 2017-12-06 Advanced Risc Mach Ltd An apparatus and method for generating an error code for a block comprising a plurality of data bits and a plurality of address bits
EP3582134B1 (en) * 2018-06-15 2021-02-24 STMicroelectronics Srl A cryptography method and circuit, corresponding device
WO2020181002A1 (en) * 2019-03-05 2020-09-10 Cryptography Research, Inc. Side-channel-attack-resistant memory access on embedded central processing units
CN112700814A (en) * 2021-01-05 2021-04-23 潍柴动力股份有限公司 EEPROM data reading method, device, electric control equipment and medium
US11677560B2 (en) * 2021-03-09 2023-06-13 Micron Technology, Inc. Utilization of a memory device as security token
CN113141289B (en) * 2021-05-18 2022-07-26 卡斯柯信号有限公司 Bus data transmission method for trackside safety platform

Also Published As

Publication number Publication date
CN1991801A (en) 2007-07-04

Similar Documents

Publication Publication Date Title
CN100507878C (en) Access control apparatus, access control method, memory access control device, and memory access control method
US7979641B2 (en) Cache arrangement for improving raid I/O operations
US7761780B2 (en) Method, apparatus, and system for protecting memory
US7546393B2 (en) System for asynchronous DMA command completion notification wherein the DMA command comprising a tag belongs to a plurality of tag groups
US7761779B2 (en) Access control apparatus, access control system, processor, access control method, memory access control apparatus, memory access control system, and memory access control method
US7644348B2 (en) Method and apparatus for error detection and correction
JP4643479B2 (en) ACCESS CONTROL DEVICE, ACCESS CONTROL SYSTEM, PROCESSOR, ACCESS CONTROL METHOD, AND MEMORY ACCESS CONTROL METHOD
CN101438230B (en) Method and system compatible for different form of addressing different address space
US7840780B2 (en) Shared resources in a chip multiprocessor
US7328326B2 (en) Storage device
EP1890239B1 (en) Memory contoller and method of controlling memory
CN104598162A (en) Method and system for writing data across storage devices
CN103348330A (en) Dynamic higher-level redundancy mode management with independent silicon elements
US20200326673A1 (en) Optimization device and method for controlling optimization device
JP6213345B2 (en) Transfer device, determination method, and data processing device
JP6824929B2 (en) Memory control system and memory control method
CN102171658B (en) Poison bit error checking code scheme
Koushanfar et al. Error-tolerant multimodal sensor fusion
JP5360666B2 (en) Method and system for performing I / O operations of multiple disk arrays
WO2007097027A1 (en) Degeneration controller and degeneration control program
Longofono et al. A CASTLE With TOWERs for Reliable, Secure Phase-Change Memory
CN100583048C (en) Method and system for transferring data
Agrawal et al. Coding-based replication schemes for distributed systems
Moldaschl et al. Fault tolerant communication-optimal 2.5 D matrix multiplication
Liang et al. An optimal recovery approach for liberation codes in distributed storage systems

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090701

Termination date: 20161130