CN104461886A - Control flow error detection method - Google Patents
Control flow error detection method Download PDFInfo
- Publication number
- CN104461886A CN104461886A CN201410756465.XA CN201410756465A CN104461886A CN 104461886 A CN104461886 A CN 104461886A CN 201410756465 A CN201410756465 A CN 201410756465A CN 104461886 A CN104461886 A CN 104461886A
- Authority
- CN
- China
- Prior art keywords
- module
- software
- check code
- control flow
- check
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Stored Programmes (AREA)
Abstract
The invention provides a control flow error detection method. The method includes: preliminarily generating module check code sets according to a calling path set, dynamically generating software check codes during running, and comparing the software check codes to elements in the current module check code set. The control flow error detection method has the advantages that the problem that control flow anomaly of aerospace software is caused due to single event upset of a software code area, anomaly of an instruction counter and the like can be effectively detected and processed, implementing is simple, and extra hardware support is not required. The method has the advantages that implementing is simple and feasible, any extra software-hardware support is barely needed, and first-level control flow anomaly of software modules can be effectively detected.
Description
Technical field
The present invention relates to detection method, particularly relate to a kind of Space Mission Software control flow check method for detecting abnormality.
Background technology
Space Mission Software often needs in the face of causing software code control flow check to perform the problem of entanglement because of space environments such as single-particles.The CPU that aerospace is special and internal memory generally provide the error correction and detection means for single event at hardware view, but along with civilian goods shelf products and device obtain application more and more widely at space industry, software anomaly that space environment causes is necessary all the more to rely on pure software means to deal with.
The way tackling code control flow check exception traditionally mainly contains hardware watchdog and EDAC (ErrorDetection And Correction, Error Checking and Correcting) technology etc.
Hardware watchdog is a kind of system exception treatment mechanism provided by computer hardware, generally include a house dog counter, this counter upon initialization its count value constantly can add up along with the time, once the maximal value arriving default can cause computer hardware to reset (being called " dog stings "), application software code can, periodically to this counter O reset (being called " feeding dog " operation), prevent dog to sting generation.Once cause software cannot feed dog because some software and hardware is abnormal on time, computing machine will reset and restart, thus makes whole system recover normal.
EDAC Error Checking and Correcting technology is the means effectively resisting single-particle provided by the special star load computer hardware of space flight.Computer hardware can be the data genaration check code in storer automatically, and when these data contents are rewritten, the check code of its correspondence also can be rewritten by computer hardware automatically.When application software reads data from storer, the data read out can automatically be mated with its check code by computer hardware, once a small amount of bit-errors (as 1bit or 2bit mistake) be detected, can automatically correct data, if the multi-bit errors that cannot correct detected, then spaceborne computer can be made to reset.The method can be protected the storer of store software code, thus the software control throat floater effectively preventing software code ANOMALOUS VARIATIONS from causing.
In addition, also having scholar to propose some in recent years only relies on Software-only method to carry out the method for control flow check abnormality detection, but it is general comparatively complicated, and need to transform compiler, automatically some machine instruction is inserted in particular code segment at compile duration, it is comparatively large that it realizes difficulty, and general enterprises is difficult to possess rewrites the such ability of compiler.
The essential of house dog is pre-protection computer deadlock or tasks carrying time-out, at the appointed time interiorly can perform " feeding dog " operation and might not mean that software control stream does not go wrong.Though EDAC Memory Checkout effect is good, need hardware supported, civilian chip is usually without this function.For reducing microsatellite development cost and development threshold, current civilian shelf device has been widely used on satellite, and the reliability improving software task under the condition not possessing hardware EDAC function is significant undoubtedly.
Summary of the invention
In order to solve problem in prior art, the invention provides a kind of control flow check error-detecting method, step is as follows:
Step 1: list the fan-in between all software modules, fan-out relation, generate call graph, wherein F1 is most top-level module, and it represents the program entry of software, be called fan-in module by upper level calling software module, call next stage software module and be called fan-out modular;
Step 2: to each software module establishment respective digital signature, represent with S, in same software, the digital signature of each module is not reproducible;
Step 3: to all fan-in modules of the bottom-up traversal of each module, obtains by all possible the call path of most top-level module to this module, thus forms the set of paths of calling of this module;
Step 4: utilize most top-level module to call the digital signature of each module on path to this module, uniform rules function H is adopted to generate the set of each module check code and carry out pre-stored, each check code in check code set and each path one_to_one corresponding in the verification set of paths formed before; Rule function H meets following character:
Character 1H (H (Si, Sj), Sk)=H (Si, Sj, Sk);
Step 5: when writing code, need current for this module check code be imported into next stage calling module, and carry out check code calculating and comparison at each module head, if current check code calculated value is not within this module check code set prestored, then call abnormality processing; Once the situation of generation check code calculated value not within the set of this module check code, then find software control throat floater, now can execute exception handling procedure.
As a further improvement on the present invention, step 1 adopts software static analysis tools to generate call graph to the analysis of software source file scan.
As a further improvement on the present invention, in step 2, digital signature adopts unsigned number to represent.
As a further improvement on the present invention, in step 4, F1 because there is no fan-in, its check code set be C1}, and have C1=S1, and namely digital signature and check code equivalent.
As a further improvement on the present invention, rule function H use cumulative sum, XOR and, parity checking or CRC check code rule, only need meet character 1.CRC (Cyclic Redundancy Check) is cyclic redundancy check (CRC) code, is a kind of error check code the most frequently used in data communication field
The invention has the beneficial effects as follows:
Software control throat floater detection method of the present invention, can effectively detect and process the control flow check abnormal problem that Space Mission Software causes because of software code district single-particle inversion, instruction counter exception etc.Implementation method of the present invention is simple, almost without any need for extra software and hardware support.Can the control flow check of effective inspection software module one-level abnormal.
Accompanying drawing explanation
Fig. 1 is control flow check mistake schematic diagram of the present invention;
Fig. 2 is call relation illustrated example of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the present invention will be further described.
As shown in Figure 1, provide the abnormal schematic diagram of control flow check, F1, F2, F3 tri-software modules are sequence call relation, because single event etc. causes program code area abnormal change extremely, software control stream has jumped to the F6 without direct correlation mistakenly by F2, namely there occurs control flow check abnormal.How not relying on hardware and only relying on software self effectively to detect this type of abnormal is patent of the present invention problem to be solved.
The specific implementation step of this method is as follows:
Step 1: list the fan-in between all software modules (function), fan-out relation, generate call graph, this step can adopt the software static analysis tools such as such as TestBed conveniently to realize the analysis of software source file scan, and Fig. 2 gives a simple call relation illustrated example.Wherein F1 is most top-level module, and it represents the program entry of software, such as, main function in C language, or the main task scheduling function of Space Mission Software.Being called fan-in module by upper level calling software module, calling next stage software module and be called fan-out modular, there is fan-in module, i.e. a F1 in such as F3, there are three fan-out modulars, i.e. F6, F7 and F8 simultaneously.
Step 2: each software module establishment respective digital signature (is represented with S, the digital signature of such as F3 is S3), this digital signature can adopt and represent without symbol, also can adopt other form, and in same software, the digital signature of each module is not reproducible.
Step 3: to all fan-in modules of the bottom-up traversal of each module, obtains by all possible the call path of most top-level module to this module, thus form this module call set of paths.Set of paths may be called for { F1F2F6, F1F6, F1F3F6} such as by F1 to F6.
Step 4: utilize most top-level module to call the digital signature of each module on path to this module, uniform rules function H is adopted to generate the set of each module check code and carry out pre-stored, each check code in check code set and each path one_to_one corresponding in the verification set of paths formed before.The check code set of such as F6 is { C126, C16, C136}, wherein C126=H (S1, S2, S6), C16=H (S1, S6), C136=H (S1, S3, S6), and F1 is not because having fan-in, and its check code set is { C1}, and have C1=S1, i.e. digital signature and check code equivalence.Note, rule function H must meet following character:
Character 1H (H (Si, Sj), Sk)=H (Si, Sj, Sk).
Step 5: when writing code, need current for this module check code be imported into next stage calling module, and carry out check code calculating and comparison at each module head, if current check code calculated value is not within this module check code set prestored, then call abnormality processing.Such as call by F1 this paths that F3 calls F6 again, self check code C1 first imports in F3 by F1, and F3 calculates current check code at head according to the check code C1 imported into and self digital signature, obtains check code calculated value D 3=H (C1, S3)=H (S1, S3)=C13.And the check code set of F3 be C13}, calculated value is in this set, and verification is passed through; When F3 calls F6, current check code C13 is passed to F6, at the head calculation check code currency of F6, there is D6=H (C13, S6)=H (H (S1 according to character 1, S2), S6)=H (S1, S2, S6)=C126, also, within the check code set of F6, verification is passed through.Subsequent calls module by that analogy, once the situation of generation check code calculated value not within the set of this module check code, then finds software control throat floater, now can execute exception handling procedure.
In actual use, rule function H can use cumulative sum, XOR and, parity checking, the multiple rule such as CRC check code, only need meet character 1, developer Comprehensive Analysis Software operational efficiency and wrong recall rate can select most suitable check code create-rule.
Above content is in conjunction with concrete preferred implementation further description made for the present invention, can not assert that specific embodiment of the invention is confined to these explanations.For general technical staff of the technical field of the invention, without departing from the inventive concept of the premise, some simple deduction or replace can also be made, all should be considered as belonging to protection scope of the present invention.
Claims (5)
1. a control flow check error-detecting method, is characterized in that, step is as follows:
Step 1: list the fan-in between all software modules, fan-out relation, generate call graph, wherein F1 is most top-level module, and it represents the program entry of software, be called fan-in module by upper level calling software module, call next stage software module and be called fan-out modular;
Step 2: to each software module establishment respective digital signature, represent with S, in same software, the digital signature of each module is not reproducible;
Step 3: to all fan-in modules of the bottom-up traversal of each module, obtains by all possible the call path of most top-level module to this module, thus forms the set of paths of calling of this module;
Step 4: utilize most top-level module to call the digital signature of each module on path to this module, uniform rules function H is adopted to generate the set of each module check code and carry out pre-stored, each check code in check code set and each path one_to_one corresponding in the verification set of paths formed before; Rule function H meets following character:
Character 1H (H (Si, Sj), Sk)=H (Si, Sj, Sk);
Step 5: when writing code, need current for this module check code be imported into next stage calling module, and carry out check code calculating and comparison at each module head, if current check code calculated value is not within this module check code set prestored, then call abnormality processing; Once the situation of generation check code calculated value not within the set of this module check code, then find software control throat floater, now can execute exception handling procedure.
2. a kind of control flow check error-detecting method according to claim 1, is characterized in that: step 1 adopts software static analysis tools to generate call graph to the analysis of software source file scan.
3. a kind of control flow check error-detecting method according to claim 1, is characterized in that: in step 2, and digital signature adopts unsigned number to represent.
4. a kind of control flow check error-detecting method according to claim 1, is characterized in that: in step 4, F1 because there is no fan-in, its check code set be C1}, and have C1=S1, and namely digital signature and check code equivalent.
5. a kind of control flow check error-detecting method according to claim 1, it is characterized in that: rule function H use cumulative sum, XOR and, parity checking or CRC check code rule, only need meet character 1, CRC:Cyclic Redundancy Check, be cyclic redundancy check (CRC) code.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410756465.XA CN104461886A (en) | 2014-12-10 | 2014-12-10 | Control flow error detection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410756465.XA CN104461886A (en) | 2014-12-10 | 2014-12-10 | Control flow error detection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104461886A true CN104461886A (en) | 2015-03-25 |
Family
ID=52907975
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410756465.XA Pending CN104461886A (en) | 2014-12-10 | 2014-12-10 | Control flow error detection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104461886A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104834603A (en) * | 2015-05-26 | 2015-08-12 | 牟永敏 | Regression-testing-oriented control flow change influence domain analyzing method and system |
| CN105868043A (en) * | 2016-03-25 | 2016-08-17 | 南京南瑞继保电气有限公司 | Visualization page program modification consistency verification method |
| CN106708732A (en) * | 2016-12-12 | 2017-05-24 | 中国航空工业集团公司西安航空计算技术研究所 | Software running detection method based on feature codes |
| CN107038084A (en) * | 2016-02-03 | 2017-08-11 | 北京邮电大学 | A kind of program detecting method and device |
| CN107402764A (en) * | 2017-07-28 | 2017-11-28 | 南京南瑞继保电气有限公司 | A kind of graphical page program functional character code calculates method for refreshing |
| CN109101427A (en) * | 2018-08-17 | 2018-12-28 | 四川航天系统工程研究所 | A kind of source code level error-detecting method of embedded software |
| CN109829260A (en) * | 2019-03-29 | 2019-05-31 | 江苏精研科技股份有限公司 | A kind of emulation design method of 5G high speed fan |
| CN116450402A (en) * | 2023-06-15 | 2023-07-18 | 北京智芯微电子科技有限公司 | Program flow monitoring method, compiling device, processor and computer equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1905076A (en) * | 2006-06-30 | 2007-01-31 | 浙江大学 | Method for implementing dynamic storage error static detecting of embedded system |
| CN101339519A (en) * | 2008-08-13 | 2009-01-07 | 哈尔滨工程大学 | Soft and hard combined control stream checking method facing to embedded microprocessor |
| CN101763291A (en) * | 2009-12-30 | 2010-06-30 | 中国人民解放军国防科学技术大学 | Method for detecting error of program control flow |
| CN101847122A (en) * | 2010-06-01 | 2010-09-29 | 北京邮电大学 | Method and system for testing software by using abnormal control flow set |
| CN103345445A (en) * | 2013-07-02 | 2013-10-09 | 华中科技大学 | Security chip design method based on control flow detection and resistant to error injection attack |
-
2014
- 2014-12-10 CN CN201410756465.XA patent/CN104461886A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1905076A (en) * | 2006-06-30 | 2007-01-31 | 浙江大学 | Method for implementing dynamic storage error static detecting of embedded system |
| CN101339519A (en) * | 2008-08-13 | 2009-01-07 | 哈尔滨工程大学 | Soft and hard combined control stream checking method facing to embedded microprocessor |
| CN101763291A (en) * | 2009-12-30 | 2010-06-30 | 中国人民解放军国防科学技术大学 | Method for detecting error of program control flow |
| CN101847122A (en) * | 2010-06-01 | 2010-09-29 | 北京邮电大学 | Method and system for testing software by using abnormal control flow set |
| CN103345445A (en) * | 2013-07-02 | 2013-10-09 | 华中科技大学 | Security chip design method based on control flow detection and resistant to error injection attack |
Non-Patent Citations (1)
| Title |
|---|
| 崔宝江等: ""基于基本块签名和跳转关系的二进制文件比对技术"", 《清华大学学报(自然科学版)》 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104834603B (en) * | 2015-05-26 | 2017-12-01 | 牟永敏 | A kind of controlling stream towards regression test changes domain of influence analysis method and system |
| CN104834603A (en) * | 2015-05-26 | 2015-08-12 | 牟永敏 | Regression-testing-oriented control flow change influence domain analyzing method and system |
| CN107038084B (en) * | 2016-02-03 | 2021-04-13 | 北京邮电大学 | Program detection method and device |
| CN107038084A (en) * | 2016-02-03 | 2017-08-11 | 北京邮电大学 | A kind of program detecting method and device |
| CN105868043B (en) * | 2016-03-25 | 2018-11-13 | 南京南瑞继保电气有限公司 | A kind of visual page modification of program consistency desired result method |
| CN105868043A (en) * | 2016-03-25 | 2016-08-17 | 南京南瑞继保电气有限公司 | Visualization page program modification consistency verification method |
| CN106708732A (en) * | 2016-12-12 | 2017-05-24 | 中国航空工业集团公司西安航空计算技术研究所 | Software running detection method based on feature codes |
| CN107402764A (en) * | 2017-07-28 | 2017-11-28 | 南京南瑞继保电气有限公司 | A kind of graphical page program functional character code calculates method for refreshing |
| CN107402764B (en) * | 2017-07-28 | 2020-09-08 | 南京南瑞继保电气有限公司 | Graphical page program function feature code calculation and refreshing method |
| CN109101427A (en) * | 2018-08-17 | 2018-12-28 | 四川航天系统工程研究所 | A kind of source code level error-detecting method of embedded software |
| CN109829260A (en) * | 2019-03-29 | 2019-05-31 | 江苏精研科技股份有限公司 | A kind of emulation design method of 5G high speed fan |
| CN109829260B (en) * | 2019-03-29 | 2023-04-18 | 江苏精研科技股份有限公司 | Simulation design method of 5G high-speed fan |
| CN116450402A (en) * | 2023-06-15 | 2023-07-18 | 北京智芯微电子科技有限公司 | Program flow monitoring method, compiling device, processor and computer equipment |
| CN116450402B (en) * | 2023-06-15 | 2023-08-18 | 北京智芯微电子科技有限公司 | Program flow monitoring method, compiling device, processor and computer equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104461886A (en) | Control flow error detection method | |
| US10176323B2 (en) | Method, apparatus and terminal for detecting a malware file | |
| CN104115154B (en) | Secure data is maintained to be isolated with dangerous access when switching between domain | |
| US9069953B2 (en) | Method for checking data consistency in a system on chip | |
| US20110277035A1 (en) | Detection of Malicious System Calls | |
| Machida | N-version machine learning models for safety critical systems | |
| US11055416B2 (en) | Detecting vulnerabilities in applications during execution | |
| US10318790B2 (en) | Code fingerprint-based processor malfunction detection | |
| US10331513B2 (en) | Zero overhead code coverage analysis | |
| Li et al. | On-line control flow error detection using relationship signatures among basic blocks | |
| US10185635B2 (en) | Targeted recovery process | |
| Goncalves et al. | Selective fault tolerance for register files of graphics processing units | |
| McIntyre et al. | Trustworthy computing in a multi-core system using distributed scheduling | |
| US8365281B2 (en) | Determining whether method of computer program is a validator | |
| US10558556B2 (en) | Introspective fault and workload injection for service assurance | |
| US11263313B2 (en) | Securing execution of a program | |
| Vargas et al. | Preliminary results of SEU fault-injection on multicore processors in AMP mode | |
| KR102603835B1 (en) | Method and apparatus for protecting the program counter structure of a processor system and monitoring processing of interrupt requests | |
| US8478923B2 (en) | Interrupt suppression by processing just first interrupt of a same type | |
| Nezzari et al. | ACEDR: Automatic compiler error detection and recovery for COTS CPU and caches | |
| CN104199778B (en) | The method of test software registration algorithm mistake | |
| US10846162B2 (en) | Secure forking of error telemetry data to independent processing units | |
| Heidergott | System level single event upset mitigation strategies | |
| US10684908B2 (en) | Method for fault detection in an operating system | |
| US20150199228A1 (en) | Conditional branch programming technique |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150325 |
|
| RJ01 | Rejection of invention patent application after publication |