CN104714834A - Space-determined task scheduling method - Google Patents
Space-determined task scheduling method Download PDFInfo
- Publication number
- CN104714834A CN104714834A CN201310689411.1A CN201310689411A CN104714834A CN 104714834 A CN104714834 A CN 104714834A CN 201310689411 A CN201310689411 A CN 201310689411A CN 104714834 A CN104714834 A CN 104714834A
- Authority
- CN
- China
- Prior art keywords
- task
- space
- code
- data
- determined
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
A space-determined task scheduling method comprises the steps that firstly, the spatial sizes of code areas and the spatial sizes of data areas are determined in the compilation process in the mode of conducting definition statically in advance; secondly, after internal storage is loaded by starting the loading process, the start physical addresses and sizes of the spaces of the code areas and the spaces of the data areas are determined statically; thirdly, safety protection is conducted on the code areas and the data areas through a safety protection mechanism, and writing access for configuration data, mapping files and an interruption vector table of the code areas and the data areas is avoided; fourthly, the specific code areas and the specific data areas are isolated; fifthly, abnormities triggered through access are taken over by an interruption and service routine, and error spreading is avoided. According to the space-determined task scheduling method, protection on an illegal pointer can be enhanced, the situation of collapsing of core data of a task scheduler can be found and positioned as soon as possible, and the safety of task scheduler platform software can be further improved.
Description
Technical field
The invention belongs to computer operating system platform software field, relate to the method for scheduling task that a kind of space is determined, the number particularly relating to a kind of task dispatcher element (task, semaphore etc.) fixed, handle space is fixed, code space data space to determine etc. that the restoration methods with bug check is determined in space.
Background technology
The operating system that built-in field is commonly used has linux, ucOS, vxWorks etc., these operating systems provide the operating system such as multitask, semaphore element and API, but these elements substantially all dynamic create and safeguard, its number ceaselessly changes, handle is discrete is distributed in internal memory, cause and quote if there is exception to these operating system elements, be difficult to check; Especially its data structure region is once produce destruction, and mistake often spreads in the application and is to a certain degree just found.In addition; the protection domain of major part operating system to code and data field is all larger; yes for this because code dynamic loads and the distribution of internal memory dynamic causes; but application program is enough determined in fact in most cases; code space and data space can be determined further, protect more accurately to improve.
Summary of the invention
In order to solve the above-mentioned technical matters existed in background technology, the invention provides and a kind ofly strengthen strick precaution to illegal pointer, to find and method for scheduling task that the collapse case of location tasks scheduler core data and the space of security that can further improve task dispatcher platform software are determined early.
Technical solution of the present invention is: the invention provides the method for scheduling task that a kind of space is determined, its special character is: the method for scheduling task that described space is determined comprises the following steps:
1) adopt the mode of static defining in advance in compilation process, determine code area and data field bulk;
2) after start-up loading process is loaded into internal memory, static state determines start physical address and the size in code area and space, data field;
3) adopt security protection mechanism to carry out security protection to code area and data field, avoid the configuration data to code area and data field, image file and interrupt vector table to carry out write access;
4) isolate particular code district and data field, described isolation comprises with zero initial determination address space, task control block (TCB), task stack space and semaphore controll block;
5) adopt interruption and service routine with the exception of adapter due to access triggers, avoid mistake to spread.
Above-mentioned steps 1) specific implementation be:
1.1) adopt the start address of macro definition code area and data field, and ensure that start address is non-vanishing;
1.2) all variablees of using of source code when compiling link just can static immobilization code area and data field to the physical location of correspondence, and calculate the size of code area and data field; All variablees that described source code uses comprise all static variable determined or dynamically apply in the fixed stack space of task and discharge of array, structure;
1.3) image file is loaded into memory address from solid-state storage, and code content is loaded into macrodefined code region by start-up loading process, having the Data import of initialization value in macrodefined data area;
1.4) code space region, interrupt vector/exception vector, data area according to position and size by MMU access control mechanism.
Above-mentioned steps 1.4) in code space region controlled by MMU mechanism, protect with minimum MMU unit integral multiple, code space no longer can be write; In start-up course, interrupt vector and exception vector are loaded into physical location, and after completing, interrupt vector and exception vector are controlled by MMU mechanism, and protect with minimum MMU unit integral multiple, this space can not be write again; The position of data area and size are controlled by MMU mechanism; protect with minimum MMU unit integral multiple, data field is read-write, but any read-write window is no longer opened in other space of the internal memory of non-data area; be that initial memory headroom no longer allows digital independent with 0, can only read by code.
Above-mentioned data area includes the bss district that the data of initialization value and initialization value are defaulted as 0.
Above-mentioned steps 4) specific implementation be:
4.1) locality protection is carried out to particular code district and data field;
4.2) particular code district and data field are carried out to tissue and the protection of task dispatcher element; Described task dispatcher element comprises maximum task number and storehouse size, peak signal amount number, task control block (TCB), task stack space and the semaphore controll block of task dispatcher.
Above-mentioned steps 4.1) specific implementation be:
Can not data access after task dispatcher initialization completes entirely with zero initial a certain size space, if application code defectiveness, the nil pointer access of frequent appearance can trigger MMU extremely immediately, the code position of exception routine meeting alignment error and corresponding task, carry out record to abnormal, and the abnormality processing function of calling task registration is to carry out state switching and Fault recovery.
Above-mentioned steps 4.2) specific implementation be:
The maximum task number of described task dispatcher and storehouse size thereof, peak signal amount number are determined by macro definition static state; Described task control block (TCB), task stack space and semaphore controll block structure are set up by the structural array of static state;
The ID of task and the ID of semaphore is the ID of system core, and additional special ID prefix is protected; Judge whether these ID are destroyed, if so, then ID can present the feature of prefix destruction or ID break bounds, during operation ID, checks ID, the situation that energy Timeliness coverage ID is destroyed; If not, then ID is abnormal, then carry out record to abnormal, trigger weaken rock, suspend the execution of application, the abnormality processing function registered by weaken rock calling task carries out state switching and Fault recovery;
Storehouse plot and the size of described each task are determined, after function enters, first carry out stack checking, confirm that stack top location is in the stack area of this task; If storehouse overflows, then to this abnormal timely record, trigger weaken rock, to suspend the execution of application, the abnormality processing function registered by weaken rock calling task carries out state switching and Fault recovery.
Advantage of the present invention is:
The invention provides the method for scheduling task that a kind of space is determined; the method for scheduling task that this space is determined carries out task scheduling as follows: code area and data field can determine size by the mode of static defining in compilation process; after start-up loading process is loaded into internal memory; its reference position and size can be decided; like this, can consider to conduct interviews for this region the protection mechanisms such as control.If Data Area data, comprise task dispatcher core element (as multitask structure, semaphore structure etc.) all static defining, the shared internal memory such as the variable that whole task dispatcher and application program use, buffering all determines size in compilation process, then can accomplish in operational process, no longer need the internal memory that dynamically application is new.The data field of such static distribution, can consider that the handle (pointer), storehouse etc. to task dispatcher element does further access control and protection.The task scheduling that the task dispatcher determined based on height provided by the present invention carries out; achieve code area, the static allocation of data field and space access protection; improve efficiency and the security of task scheduling, the scheduling requirement of hard real time, the application of highly reliable safety-critical can be met.
Embodiment
The method for scheduling task that a kind of space is determined; adopt the mode of static defining in advance in compilation process, determine code area and data field bulk; after start-up loading process is loaded into internal memory; the start physical address in code area and space, data field and size can static state be determined; and adopt the security protection mechanisms such as read and write access control for this region, avoid carrying out write access to data such as configuration data, image file, interrupt vector tables.Simultaneously, task dispatcher is isolated particular code district and data field, comprise with the zero initial key element such as determination address space, task control block (TCB), task stack space, semaphore controll block, avoid nil pointer, handle mistake is quoted, stack overflow, data access cross the border, task ID mistake quotes access to specially region, and adopt corresponding interruption and service routine with the exception of adapter due to access triggers, avoid mistake to spread.
The mode of static defining determines code area and data field bulk in compilation process in advance, namely to general location and the protection of code area and data field, comprises the start address adopting macro definition code area and data field; All variablees that source code uses when compiling link just can static immobilization code area and data field to the physical location of correspondence, and calculate the size of code and data field; Image file is loaded into memory address from solid-state storage such as Flash and determines; Code space region, interrupt vector/exception vector, data area, are avoided writing by MMU access control mechanism according to position and size.
Task dispatcher is isolated particular code district and data field, the tissue of i.e. locality protection, task dispatcher element and protection, ensure that application program obtains the code area of minimum zone and the MMU protection of data field, it is abnormal that the data access determining outside space triggers MMU equally, further like this take precautions against wrong indicator use and mistake spread; Simultaneously the maximum task number of task dispatcher and storehouse size thereof, peak signal amount number are determined by macro definition static state; the corresponding structure such as task control block (TCB), task stack space, semaphore controll block is set up by the structural array of static state; ensure that the Memory Allocation static state of task dispatcher core element is determined, for the mistake of relevant handle quote, stack overflow provides protection mechanism.
The general location of code area and data field and protection:
By the start address of macro definition code area and data field, and ensure start address non-vanishing (mistake for convenience of intercepting and capturing nil pointer), all variablees that source code (comprising task dispatcher and application program) uses, comprise that array, structure etc. are all static to be determined or dynamically application and release in the fixed stack space of task, task dispatcher itself does not reoffer the interface function of dynamic memory distribution and release, when such compiling link just can static immobilization code area and data field to the physical location of correspondence, and calculate the size of code and data field.
After image file is loaded into internal memory from solid-state storage such as Flash, start-up loading process can be loaded into macrodefined code region code content, having the Data import of initialization value to macrodefined data area.
Code space region is controlled by MMU mechanism, and protect with minimum MMU unit integral multiple, code space no longer can be write.
In start-up course, the content such as interrupt vector, exception vector can be loaded into the physical location relevant with concrete CPU hardware, and after having loaded, this region is also controlled by MMU mechanism, and protect with minimum MMU unit integral multiple, this space can not be write again.
Position and the size of data area (including the bss district that the data of initialization value and initialization value are defaulted as 0) are also controlled by MMU mechanism; protect with minimum MMU unit integral multiple; data field is read-write; but any read-write window is no longer opened in other space of the internal memory of non-data area; be that initial memory headroom no longer allows digital independent with 0, can only read by code.
For the exceptional space such as flash space, PCI address space, dual port RAM space that system data bus also may have access to, open corresponding MMU during employing access to control, access terminates the mode of closing corresponding MMU control, makes to only have the driving code determined just can have access to these addresses.
The effect of locality protection:
Can not data access after task dispatcher initialization completes entirely with zero initial a certain size space; so not only protect code area; if and the nil pointer access that application code defectiveness often occurs can trigger MMU extremely immediately; the code position of exception routine meeting alignment error and corresponding task; carry out record to abnormal, and the abnormality processing function of calling task registration is to carry out state switching, Fault recovery etc.
Like this; application program obtains the code area of minimum zone and the MMU protection of data field; even if physical memory space is very large; but in MMU list item, access open is refused to unnecessary physical memory space; it is abnormal that the data access determining outside space triggers MMU equally, further like this take precautions against wrong indicator use and mistake spread.
The tissue of task dispatcher element and protection:
The maximum task number of task dispatcher of the present invention and storehouse size thereof, peak signal amount number are determined by macro definition static state, the corresponding structure such as task control block (TCB), task stack space, semaphore controll block is set up by the structural array of static state, the Memory Allocation static state of these task dispatcher core elements is determined like this, for the mistake of relevant handle quote, the condition that provides the foundation such as stack overflow inspection.
The ID of task and the ID of semaphore is as the ID of system core; additional special ID prefix is protected; if these ID are destroyed; then ID can present the feature of prefix destruction or ID break bounds in most cases; in time operating these ID; ID is checked, then can Timeliness coverage ID situation about being destroyed, this causes owing to crossing the border to certain data manipulation in application program often.Once find that ID is abnormal, then to abnormal timely record, trigger weaken rock, to suspend the execution of application, the abnormality processing function registered by weaken rock calling task carries out state switching, Fault recovery etc.
The storehouse plot of each task and size are determined, after function enters, first carry out stack checking, confirm that stack top location is in the stack area of this task.If storehouse overflows, then to this abnormal timely record, trigger weaken rock, to suspend the execution of application, the abnormality processing function registered by weaken rock calling task carries out state switching, Fault recovery etc.
The effect of element protection:
Task dispatcher element is system-critical data, and the mistake amendment, pointer error, spilling etc. of these data can cause the collapse of system, bring very large potential safety hazard.More timely to the checksum protection of these elements, then more can reduce security incident.A lot of mistakes of application program all can cause the unrest of pointer to operate, data field is damaged, the element ID variable interspersing among data field becomes a kind of checkpoint of data corruption, and can find earlier to destroy and collapse than pure application process, the triggering of weaken rock then can stop spreading of mistake in time.
Claims (7)
1. the method for scheduling task determined of space, is characterized in that: the method for scheduling task that described space is determined comprises the following steps:
1) adopt the mode of static defining in advance in compilation process, determine code area and data field bulk;
2) after start-up loading process is loaded into internal memory, static state determines start physical address and the size in code area and space, data field;
3) adopt security protection mechanism to carry out security protection to code area and data field, avoid the configuration data to code area and data field, image file and interrupt vector table to carry out write access;
4) isolate particular code district and data field, described isolation comprises with zero initial determination address space, task control block (TCB), task stack space and semaphore controll block;
5) adopt interruption and service routine with the exception of adapter due to access triggers, avoid mistake to spread.
2. the method for scheduling task determined of space according to claim 1, is characterized in that: the specific implementation of described step 1) is:
1.1) adopt the start address of macro definition code area and data field, and ensure that start address is non-vanishing;
1.2) all variablees of using of source code when compiling link just can static immobilization code area and data field to the physical location of correspondence, and calculate the size of code area and data field; All variablees that described source code uses comprise all static variable determined or dynamically apply in the fixed stack space of task and discharge of array, structure;
1.3) image file is loaded into memory address from solid-state storage, and code content is loaded into macrodefined code region by start-up loading process, having the Data import of initialization value in macrodefined data area;
1.4) code space region, interrupt vector/exception vector, data area according to position and size by MMU access control mechanism.
3. the method for scheduling task determined of space according to claim 2, is characterized in that: described step 1.4) in code space region controlled by MMU mechanism, protect with minimum MMU unit integral multiple, code space no longer can be write; In start-up course, interrupt vector and exception vector are loaded into physical location, and after completing, interrupt vector and exception vector are controlled by MMU mechanism, and protect with minimum MMU unit integral multiple, this space can not be write again; The position of data area and size are controlled by MMU mechanism; protect with minimum MMU unit integral multiple, data field is read-write, but any read-write window is no longer opened in other space of the internal memory of non-data area; be that initial memory headroom no longer allows digital independent with 0, can only read by code.
4. the method for scheduling task determined of space according to claim 3, is characterized in that: described data area includes the bss district that the data of initialization value and initialization value are defaulted as 0.
5. the method for scheduling task determined of space according to claim 4, is characterized in that: the specific implementation of described step 4) is:
4.1) locality protection is carried out to particular code district and data field;
4.2) particular code district and data field are carried out to tissue and the protection of task dispatcher element; Described task dispatcher element comprises maximum task number and storehouse size, peak signal amount number, task control block (TCB), task stack space and the semaphore controll block of task dispatcher.
6. the method for scheduling task determined of space according to claim 5, is characterized in that: described step 4.1) specific implementation be:
Can not data access after task dispatcher initialization completes entirely with zero initial a certain size space, if application code defectiveness, the nil pointer access of frequent appearance can trigger MMU extremely immediately, the code position of exception routine meeting alignment error and corresponding task, carry out record to abnormal, and the abnormality processing function of calling task registration is to carry out state switching and Fault recovery.
7. the method for scheduling task determined of space according to claim 6, is characterized in that: described step 4.2) specific implementation be:
The maximum task number of described task dispatcher and storehouse size thereof, peak signal amount number are determined by macro definition static state; Described task control block (TCB), task stack space and semaphore controll block structure are set up by the structural array of static state;
The ID of task and the ID of semaphore is the ID of system core, and additional special ID prefix is protected; Judge whether these ID are destroyed, if so, then ID can present the feature of prefix destruction or ID break bounds, during operation ID, checks ID, the situation that energy Timeliness coverage ID is destroyed; If not, then ID is abnormal, then carry out record to abnormal, trigger weaken rock, suspend the execution of application, the abnormality processing function registered by weaken rock calling task carries out state switching and Fault recovery;
Storehouse plot and the size of described each task are determined, after function enters, first carry out stack checking, confirm that stack top location is in the stack area of this task; If storehouse overflows, then to this abnormal timely record, trigger weaken rock, to suspend the execution of application, the abnormality processing function registered by weaken rock calling task carries out state switching and Fault recovery.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310689411.1A CN104714834B (en) | 2013-12-14 | 2013-12-14 | The method for scheduling task that a kind of space determines |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310689411.1A CN104714834B (en) | 2013-12-14 | 2013-12-14 | The method for scheduling task that a kind of space determines |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104714834A true CN104714834A (en) | 2015-06-17 |
| CN104714834B CN104714834B (en) | 2018-01-12 |
Family
ID=53414204
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310689411.1A Active CN104714834B (en) | 2013-12-14 | 2013-12-14 | The method for scheduling task that a kind of space determines |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104714834B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107103234A (en) * | 2017-03-01 | 2017-08-29 | 北京龙鼎源科技股份有限公司 | Multitask partition method and device |
| WO2019001334A1 (en) * | 2017-06-27 | 2019-01-03 | 阿里巴巴集团控股有限公司 | Stack overflow processing method and device |
| CN111538579A (en) * | 2020-04-23 | 2020-08-14 | 山东华芯半导体有限公司 | Multitask operation method under embedded platform |
| CN116483586A (en) * | 2023-06-21 | 2023-07-25 | 广东广宇科技发展有限公司 | Data efficient processing method based on dynamic array |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5524244A (en) * | 1988-07-11 | 1996-06-04 | Logic Devices, Inc. | System for dividing processing tasks into signal processor and decision-making microprocessor interfacing therewith |
| CN1737761A (en) * | 2004-08-18 | 2006-02-22 | 中兴通讯股份有限公司 | Method for protecting assigned course private data area and stack area |
| CN1820252A (en) * | 2003-01-06 | 2006-08-16 | 松下电器产业株式会社 | Compiler program, a computer-readable storage medium storing a compiler program, a compiling method and a compiling unit |
| US7296271B1 (en) * | 2000-06-28 | 2007-11-13 | Emc Corporation | Replaceable scheduling algorithm in multitasking kernel |
| CN101251810A (en) * | 2008-03-11 | 2008-08-27 | 浙江大学 | Method for optimizing embedded type operating system process scheduling based on SPM |
| US20080244239A1 (en) * | 2003-10-09 | 2008-10-02 | International Business Machines Corporation | Method and System for Autonomic Monitoring of Semaphore Operations in an Application |
-
2013
- 2013-12-14 CN CN201310689411.1A patent/CN104714834B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5524244A (en) * | 1988-07-11 | 1996-06-04 | Logic Devices, Inc. | System for dividing processing tasks into signal processor and decision-making microprocessor interfacing therewith |
| US7296271B1 (en) * | 2000-06-28 | 2007-11-13 | Emc Corporation | Replaceable scheduling algorithm in multitasking kernel |
| CN1820252A (en) * | 2003-01-06 | 2006-08-16 | 松下电器产业株式会社 | Compiler program, a computer-readable storage medium storing a compiler program, a compiling method and a compiling unit |
| US20080244239A1 (en) * | 2003-10-09 | 2008-10-02 | International Business Machines Corporation | Method and System for Autonomic Monitoring of Semaphore Operations in an Application |
| CN1737761A (en) * | 2004-08-18 | 2006-02-22 | 中兴通讯股份有限公司 | Method for protecting assigned course private data area and stack area |
| CN101251810A (en) * | 2008-03-11 | 2008-08-27 | 浙江大学 | Method for optimizing embedded type operating system process scheduling based on SPM |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107103234A (en) * | 2017-03-01 | 2017-08-29 | 北京龙鼎源科技股份有限公司 | Multitask partition method and device |
| CN107103234B (en) * | 2017-03-01 | 2020-06-26 | 北京龙鼎源科技股份有限公司 | Multitask isolation method and device |
| WO2019001334A1 (en) * | 2017-06-27 | 2019-01-03 | 阿里巴巴集团控股有限公司 | Stack overflow processing method and device |
| CN111538579A (en) * | 2020-04-23 | 2020-08-14 | 山东华芯半导体有限公司 | Multitask operation method under embedded platform |
| CN111538579B (en) * | 2020-04-23 | 2023-02-03 | 山东华芯半导体有限公司 | Multitask operation method under embedded platform |
| CN116483586A (en) * | 2023-06-21 | 2023-07-25 | 广东广宇科技发展有限公司 | Data efficient processing method based on dynamic array |
| CN116483586B (en) * | 2023-06-21 | 2023-09-26 | 广东广宇科技发展有限公司 | Data efficient processing method based on dynamic array |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104714834B (en) | 2018-01-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10467407B2 (en) | Method and system for detecting kernel corruption exploits | |
| US9589132B2 (en) | Method and apparatus for hypervisor based monitoring of system interactions | |
| US5991856A (en) | System and method for computer operating system protection | |
| Kirat et al. | Barebox: efficient malware analysis on bare-metal | |
| US9176763B2 (en) | Apparatus and method thereof for efficient execution of a guest in a virtualized environment | |
| US10545851B2 (en) | Breakpoint insertion into kernel pages | |
| CN103064784B (en) | Towards Xen environment run-time memory leakage detection method and realize system | |
| WO2009113394A1 (en) | Multi-operating system (os) start device, multi-os start program, recording medium, and multi-os start method | |
| US10228993B2 (en) | Data dump for a memory in a data processing system | |
| US10380336B2 (en) | Information-processing device, information-processing method, and recording medium that block intrusion of malicious program to kernel | |
| US9189620B2 (en) | Protecting a software component using a transition point wrapper | |
| KR20150063417A (en) | A data processing apparatus and method for protecting secure data and program code from non-secure access when switching between secure and less secure domains | |
| US10114948B2 (en) | Hypervisor-based buffer overflow detection and prevention | |
| US10120738B2 (en) | Hypervisor techniques for performing non-faulting reads in virtual machines | |
| US9733976B2 (en) | Method and apparatus for SYSRET monitoring of system interactions | |
| CN104714834A (en) | Space-determined task scheduling method | |
| CN101625659A (en) | Method for monitoring memory in real time by embedded system | |
| US10198280B2 (en) | Method and apparatus for hypervisor based monitoring of system interactions | |
| US20220366036A1 (en) | An apparatus and method for handling exceptions | |
| CN107643943A (en) | The management method and device of a kind of task stack | |
| JP2006338426A (en) | Calculator system | |
| US20210157601A1 (en) | Exception interception | |
| Zheng et al. | Achieving high reliability on Linux for k2 system | |
| CN117234729B (en) | Dynamic memory protection method, device, computer equipment and storage medium | |
| CN108563491A (en) | A kind of automatic management of examining oneself based on virtual machine configures and method of examining oneself |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |