CN105718357A - Memory monitoring method - Google Patents

Memory monitoring method Download PDF

Info

Publication number
CN105718357A
CN105718357A CN201610041986.6A CN201610041986A CN105718357A CN 105718357 A CN105718357 A CN 105718357A CN 201610041986 A CN201610041986 A CN 201610041986A CN 105718357 A CN105718357 A CN 105718357A
Authority
CN
China
Prior art keywords
address
page
instruction
trap
monitoring
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610041986.6A
Other languages
Chinese (zh)
Other versions
CN105718357B (en
Inventor
刘应江
徐鑫
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fiberhome Telecommunication Technologies Co Ltd
Original Assignee
Fiberhome Telecommunication Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fiberhome Telecommunication Technologies Co Ltd filed Critical Fiberhome Telecommunication Technologies Co Ltd
Priority to CN201610041986.6A priority Critical patent/CN105718357B/en
Publication of CN105718357A publication Critical patent/CN105718357A/en
Application granted granted Critical
Publication of CN105718357B publication Critical patent/CN105718357B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3034Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a storage system, e.g. DASD based or network based

Landscapes

  • Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Quality & Reliability (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Debugging And Monitoring (AREA)

Abstract

一种内存监视的方法,包括:S1.记录待监视的地址信息和监视地址所在页信息,将监视地址所在页的属性设置为只读;S2.若CPU触发缺页异常,将引起缺页异常的地址所在页属性设置为可读写,若在处理过程中发现引起缺页异常的地址为监视地址,则获取并记录调用栈相关信息,并插入陷阱指令;S3.CPU执行到陷阱指令,触发陷阱异常处理,将监视地址所在页的属性恢复为只读,且清除陷阱指令。本发明监控某段内存是否被改写,可监视地址范围较大,过程简单,实际操作性强。

A method for memory monitoring, comprising: S1. recording the address information to be monitored and the information of the page where the monitoring address is located, and setting the attribute of the page where the monitoring address is located to read-only; S2. if the CPU triggers a page fault exception, the page fault exception will be caused The property of the page where the address of the address is located is set to be readable and writable. If the address that causes the page fault exception is found to be the monitoring address during the processing, the relevant information of the call stack will be obtained and recorded, and a trap instruction will be inserted; S3.CPU executes the trap instruction and triggers Trap exception handling, restore the attribute of the page where the monitoring address is located to read-only, and clear the trap instruction. The invention monitors whether a section of memory is rewritten, can monitor a large address range, has simple process and strong practical operability.

Description

一种内存监视的方法A method of memory monitoring

技术领域technical field

本发明涉及计算机内存技术领域,具体来讲涉及一种内存监视的方法。The invention relates to the technical field of computer memory, in particular to a method for monitoring memory.

背景技术Background technique

在计算机应用领域中,要监视某段内存是否被改写,一般采用专业的内存监控软件来实现。但其检测被破坏后,需要内存释放或是分配资源时才能发现错误,导致不能及时上报错误,不具有实时性,这样会极大的影响程序的除错进度。因此,目前需要解决的问题是如何实时地监控内存是否被改写,且不破坏当前运行的系统。In the field of computer applications, to monitor whether a certain section of memory is rewritten, it is generally realized by using professional memory monitoring software. However, after its detection is damaged, it is necessary to release memory or allocate resources to find errors, resulting in failure to report errors in time and not having real-time performance, which will greatly affect the debugging progress of the program. Therefore, the problem to be solved at present is how to monitor whether the memory is rewritten in real time without destroying the currently running system.

目前内存监视技术中,通常采用硬件断点和软件断点的方式来实现内存的实时监控。硬件断点处理速度快,但可监视地址范围小,且跟处理器是否支持数据断点有关。In current memory monitoring technologies, hardware breakpoints and software breakpoints are usually used to realize real-time memory monitoring. The processing speed of hardware breakpoints is fast, but the address range that can be monitored is small, and it is related to whether the processor supports data breakpoints.

软件断点可以增加断点数量即可监视地址范围,通常采用的是内存页保护机制来实现。但是目前采用的内存页保护机制,通常是通过将零散的监视地址加入到某个物理调试页中,在对调试页中数据读写时触发缺页异常,过程比较复杂,因此采用此种方法实际操作性不强。Software breakpoints can increase the number of breakpoints to monitor the address range, usually using the memory page protection mechanism to achieve. However, the currently used memory page protection mechanism usually adds scattered monitoring addresses to a physical debug page, and triggers a page fault exception when reading and writing data in the debug page. The process is relatively complicated, so this method is practical. Operability is not strong.

发明内容Contents of the invention

针对现有技术中存在的缺陷,本发明的目的在于提供一种内存监视的方法,监控某段内存是否被改写,可监视地址范围较大,过程简单,实际操作性强。Aiming at the defects existing in the prior art, the object of the present invention is to provide a memory monitoring method to monitor whether a certain section of memory is rewritten, which can monitor a large address range, simple process, and strong operability.

为达到以上目的,本发明采取一种内存监视的方法,包括步骤:S1.记录待监视的地址信息和监视地址所在页信息,将监视地址所在页的属性设置为只读;S2.若CPU触发缺页异常,将引起缺页异常的地址所在页属性设置为可读写,若在处理过程中发现引起缺页异常的地址为监视地址,则获取并记录调用栈相关信息,并插入陷阱指令;S3.CPU执行到陷阱指令,触发陷阱异常处理,将监视地址所在页的属性恢复为只读,且清除陷阱指令。In order to achieve the above object, the present invention adopts a method for memory monitoring, comprising steps: S1. record the address information to be monitored and the page information where the monitoring address is located, and set the attribute of the page where the monitoring address is located to read-only; S2. if the CPU triggers For a page fault exception, set the page attribute of the address causing the page fault exception to be readable and writable. If the address causing the page fault exception is found to be a monitoring address during processing, obtain and record the relevant information of the call stack, and insert a trap instruction; S3. The CPU executes the trap instruction, triggers trap exception processing, restores the attribute of the page where the monitoring address is located to read-only, and clears the trap instruction.

在上述技术方案的基础上,步骤S1中,设置一个监视地址信息表,监视地址信息表用于存放所有在监视地址范围内的监视地址信息。On the basis of the above technical solution, in step S1, a monitoring address information table is set, and the monitoring address information table is used to store all monitoring address information within the monitoring address range.

在上述技术方案的基础上,步骤S1中,设置一个页地址信息表,页地址信息表用于存放所有监视地址所在页信息。On the basis of the above technical solution, in step S1, a page address information table is set, and the page address information table is used to store information about the pages where all monitoring addresses are located.

在上述技术方案的基础上,步骤S2中,当待监视地址的程序对只读属性的内存页地址进行写操作时,则CPU触发缺页异常。On the basis of the above technical solution, in step S2, when the program at the address to be monitored performs a write operation on the memory page address of the read-only attribute, the CPU triggers a page fault exception.

在上述技术方案的基础上,待监视地址的程序对只读属性的内存页地址进行写操作的指令为当前指令,插入陷阱指令具体动作为,将当前指令的下一条指令根据应用的CPU平台修改为对应的陷阱指令。On the basis of the above technical solution, the program to monitor the address writes the instruction to the memory page address of the read-only attribute as the current instruction, and the specific action of inserting the trap instruction is to modify the next instruction of the current instruction according to the applied CPU platform is the corresponding trap instruction.

在上述技术方案的基础上,若CPU在处理过程中检测引起缺页异常的地址不是监视地址,直接将当前指令的下一条指令根据应用的CPU平台修改为对应的陷阱指令。On the basis of the above technical solution, if the CPU detects that the address causing the page fault is not the monitoring address during processing, directly modify the next instruction of the current instruction to a corresponding trap instruction according to the applied CPU platform.

在上述技术方案的基础上,所述修改为对应的陷阱指令时,记录陷阱指令的指令地址以及被修改的指令信息。On the basis of the above technical solution, when the modification is made into a corresponding trap instruction, the instruction address of the trap instruction and the modified instruction information are recorded.

在上述技术方案的基础上,步骤S3中,清除陷阱指令,即,通过记录的陷阱相关信息,将陷阱指令还原为被修改的指令。On the basis of the above technical solution, in step S3, the trap instruction is cleared, that is, the trap instruction is restored to the modified instruction through the recorded trap-related information.

本发明的有益效果在于:记录待监视的地址信息和监视地址所在页信息,使得除监视地址之外,其他内存数据的访问不会触发异常,不会影响系统;当对只读内存页读写时,则触发缺页异常处理,能实时的记录下内存改写时的调用栈信息,有效提高某段内存监视的实时性。本发明的适用性广,适用于大多数嵌入式系统。The beneficial effects of the present invention are: record the address information to be monitored and the information of the page where the monitored address is located, so that in addition to the monitored address, access to other memory data will not trigger exceptions and will not affect the system; when reading and writing to a read-only memory page , triggers page fault exception processing, and can record the call stack information when the memory is rewritten in real time, effectively improving the real-time monitoring of a certain segment of memory. The invention has wide applicability and is suitable for most embedded systems.

附图说明Description of drawings

图1为本发明实施例内存监视的方法的流程图;Fig. 1 is the flow chart of the method for memory monitoring of the embodiment of the present invention;

图2为图1中步骤S2的详细流程图。FIG. 2 is a detailed flowchart of step S2 in FIG. 1 .

具体实施方式detailed description

以下结合附图及实施例对本发明作进一步详细说明。The present invention will be described in further detail below in conjunction with the accompanying drawings and embodiments.

如图1所示,本发明内存监视的方法,具体包括如下步骤:As shown in Figure 1, the method for memory monitoring of the present invention specifically comprises the following steps:

S1.设置一个监视地址信息表和一个页地址信息表,分别记录待监视的地址(即监视地址)信息和监视地址所在页信息,其中,在监视地址范围内,监视地址信息表用于存放所有的监视地址信息,页地址信息表用于存放所有监视地址所在页信息。并且,将监视地址所在页的属性设置为只读。S1. A monitoring address information table and a page address information table are set, respectively record the address to be monitored (i.e. monitoring address) information and the page information where the monitoring address is located, wherein, within the scope of the monitoring address, the monitoring address information table is used to store all The monitoring address information, the page address information table is used to store the page information where all the monitoring addresses are located. And, set the attribute of the page where the monitoring address is located to read-only.

S2.若CPU触发缺页异常,将引起缺页异常的地址所在页属性设置为可读写,若在处理过程中发现引起缺页异常的地址为监视地址,则获取并记录调用栈相关信息,并插入陷阱指令。S2. If the CPU triggers a page fault exception, set the page attribute of the address causing the page fault exception to be readable and writable. If the address causing the page fault exception is found to be a monitoring address during processing, obtain and record the relevant information of the call stack. And insert the trap instruction.

如图2所示,具体的步骤如下:As shown in Figure 2, the specific steps are as follows:

S201.当待监视地址的程序对只读属性的内存页地址进行写操作时,CPU触发缺页异常。S201. When the program at the address to be monitored writes a read-only memory page address, the CPU triggers a page fault exception.

S202.将引起缺页异常的地址所在页属性设置为可读写。S202. Set the property of the page where the address causing the page fault exception is located to be readable and writable.

S203.检查引起缺页异常的地址是否为待检测地址,即,是否在监视地址信息表中查找到对应的引起缺页异常的地址,若是,进入S204;若否,进入S205。S203. Check whether the address causing the page fault is the address to be detected, that is, whether the corresponding address causing the page fault is found in the monitoring address information table, if yes, go to S204; if not, go to S205.

S204.分析当前寄存器信息,获取调用栈信息并记录,进入S205。S204. Analyze the current register information, obtain and record the call stack information, and enter S205.

S205.将当前指令的下一条指令,根据应用的CPU平台修改为对应的陷阱指令。其中,当前指令为:待监视地址的程序对只读属性的内存页地址进行写操作的指令。并且,需要记录陷阱指令的指令地址以及被修改的指令信息。S205. Modify the next instruction of the current instruction to a corresponding trap instruction according to the applied CPU platform. Wherein, the current instruction is: an instruction for the program at the address to be monitored to perform a write operation on the memory page address of the read-only attribute. In addition, it is necessary to record the instruction address of the trap instruction and the modified instruction information.

S3.当CPU执行到陷阱指令时,触发陷阱异常处理,将监视地址所在页的属性恢复为只读。并且清除陷阱指令,即,通过记录的陷阱相关信息,将陷阱指令还原为被修改的指令。S3. When the CPU executes the trap instruction, the trap exception processing is triggered, and the attribute of the page where the monitoring address is located is restored to read-only. And the trap instruction is cleared, that is, the trap instruction is restored to the modified instruction through the recorded trap-related information.

上述步骤S1至S3为插入断点的过程,当需要删除断点时,将监视地址从监视地址信息表中删除,并将所在页的页地址信息中对应的属性设置为可读写。The above steps S1 to S3 are the process of inserting a breakpoint. When a breakpoint needs to be deleted, the monitoring address is deleted from the monitoring address information table, and the corresponding attribute in the page address information of the page is set as readable and writable.

本发明不局限于上述实施方式,对于本技术领域的普通技术人员来说,在不脱离本发明原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也视为本发明的保护范围之内。本说明书中未作详细描述的内容属于本领域专业技术人员公知的现有技术。The present invention is not limited to the above-mentioned embodiments. For those of ordinary skill in the art, without departing from the principle of the present invention, some improvements and modifications can also be made, and these improvements and modifications are also considered protection of the present invention. within range. The content not described in detail in this specification belongs to the prior art known to those skilled in the art.

Claims (8)

1. the method for an internal memory monitoring, it is characterised in that include step:
S1. record address information to be monitored and monitor address place page information, the attribute of monitor address place page is set to read-only;
If S2. CPU triggers page fault, being set to read-write by place, the address page attribute causing page fault, if finding in processing procedure, the address causing page fault is monitor address, then obtain and record call stack relevant information, and inserting trap instruction;
S3.CPU goes to trap instruction, triggers trap abnormality processing, reverts to read-only by the attribute of monitor address place page, and removes trap instruction.
2. the method for internal memory monitoring as claimed in claim 1, it is characterised in that: in step S1, arranging a monitor address information table, monitor address information table is for depositing all monitor address information within the scope of monitor address.
3. the method for internal memory monitoring as claimed in claim 1, it is characterised in that: in step S1, arranging a page address information table, page address information table is used for depositing all monitor address places page information.
4. the method for internal memory monitoring as claimed in claim 1, it is characterised in that: in step S2, when the page address of read only attribute is carried out write operation by the program of address to be monitored, then CPU triggers page fault.
5. the method for internal memory monitoring as claimed in claim 4, it is characterized in that: it is present instruction that the page address of read only attribute is carried out the instruction of write operation by the program of address to be monitored, inserting the concrete action of trap instruction is, by next instruction of present instruction according to the trap instruction that the CPU platform modifying of application is correspondence.
6. the method for internal memory monitoring as claimed in claim 5, it is characterized in that: if it is not monitor address that CPU detects the address causing page fault in processing procedure, directly by next instruction of present instruction according to the trap instruction that the CPU platform modifying of application is correspondence.
7. the method for the internal memory monitoring as described in claim 5 or 6, it is characterised in that: described in when being revised as the trap instruction of correspondence, the instruction address of logging trap instruction and the command information being modified.
8. the method for internal memory monitoring as claimed in claim 1, it is characterised in that: in step S3, remove trap instruction, i.e. by the trap relevant information recorded, trap instruction is reduced to the instruction being modified.
CN201610041986.6A 2016-01-22 2016-01-22 A kind of method of internal memory monitoring Active CN105718357B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610041986.6A CN105718357B (en) 2016-01-22 2016-01-22 A kind of method of internal memory monitoring

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610041986.6A CN105718357B (en) 2016-01-22 2016-01-22 A kind of method of internal memory monitoring

Publications (2)

Publication Number Publication Date
CN105718357A true CN105718357A (en) 2016-06-29
CN105718357B CN105718357B (en) 2018-12-28

Family

ID=56154932

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610041986.6A Active CN105718357B (en) 2016-01-22 2016-01-22 A kind of method of internal memory monitoring

Country Status (1)

Country Link
CN (1) CN105718357B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108255746A (en) * 2017-12-29 2018-07-06 北京元心科技有限公司 Memory rewrites detection method and device
CN111400096A (en) * 2020-03-16 2020-07-10 杭州涂鸦信息技术有限公司 Memory mirroring method based on linux page missing mechanism and system and device thereof
CN114741272A (en) * 2022-04-28 2022-07-12 阿里巴巴(中国)有限公司 Statistical method and device for NUMA memory access

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1924826A (en) * 2005-09-02 2007-03-07 中兴通讯股份有限公司 Detecting method for illegal memory reading and writing
CN101561775A (en) * 2009-05-12 2009-10-21 华为技术有限公司 Method and device for monitoring memory
CN102388368A (en) * 2011-09-20 2012-03-21 华为技术有限公司 Method and device for monitoring memory
US8688917B2 (en) * 2008-12-30 2014-04-01 Intel Corporation Read and write monitoring attributes in transactional memory (TM) systems
CN105159838A (en) * 2015-08-27 2015-12-16 华为技术有限公司 Memory access method and computer system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1924826A (en) * 2005-09-02 2007-03-07 中兴通讯股份有限公司 Detecting method for illegal memory reading and writing
US8688917B2 (en) * 2008-12-30 2014-04-01 Intel Corporation Read and write monitoring attributes in transactional memory (TM) systems
CN101561775A (en) * 2009-05-12 2009-10-21 华为技术有限公司 Method and device for monitoring memory
CN102388368A (en) * 2011-09-20 2012-03-21 华为技术有限公司 Method and device for monitoring memory
CN105159838A (en) * 2015-08-27 2015-12-16 华为技术有限公司 Memory access method and computer system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
何川,陈莉君: ""Linux内核中的内存访问监控框架的设计与实现"", 《微电子学与计算机》 *
朱世鸿等: "《80*86微机原理和接口技术》", 30 November 2014, 合肥:中国科学技术大学出版社 *
麦库斯克: "《4.4BSD操作系统设计与实现》", 31 January 2012, 北京:机械工业出版社 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108255746A (en) * 2017-12-29 2018-07-06 北京元心科技有限公司 Memory rewrites detection method and device
CN111400096A (en) * 2020-03-16 2020-07-10 杭州涂鸦信息技术有限公司 Memory mirroring method based on linux page missing mechanism and system and device thereof
CN111400096B (en) * 2020-03-16 2023-05-02 杭州涂鸦信息技术有限公司 Memory mirroring method based on linux page-missing mechanism and system and device thereof
CN114741272A (en) * 2022-04-28 2022-07-12 阿里巴巴(中国)有限公司 Statistical method and device for NUMA memory access

Also Published As

Publication number Publication date
CN105718357B (en) 2018-12-28

Similar Documents

Publication Publication Date Title
CN102388368B (en) Method and device for monitoring memory
CN109583200B (en) A program exception analysis method based on dynamic taint propagation
US9772894B2 (en) Systems, methods, and machine-readable media to perform state data collection
CN103455424B (en) Based on Dram leakage detection method and the device of vxworks operating system
JP5523872B2 (en) Program dynamic analysis method and apparatus
CN111756575A (en) Performance analysis method and device for storage server, and electronic equipment
US20130254748A1 (en) Partial Recording of a Computer Program Execution for Replay
CN108089971B (en) Log service method and system based on embedded real-time system
US20080222215A1 (en) Method for Deleting Virus Program and Method to Get Back the Data Destroyed by the Virus
US8037529B1 (en) Buffer overflow vulnerability detection and patch generation system and method
CN103399812A (en) Magnetic disc file operation monitoring system and monitoring method based on Xen hardware virtualization
CN101046765A (en) Method for positioning fault of software
CN103473158A (en) Disk pressure testing method for Linux server
CN105159819B (en) A kind of method and system for recording kernel exception stack and Debugging message
CN113987507B (en) Heap memory vulnerability detection method, device, storage medium and electronic device
CN101154185A (en) Software Runtime Execution Recovery and Replay Method
US20120246518A1 (en) Operating a computer system
US10268558B2 (en) Efficient breakpoint detection via caches
US8752025B2 (en) Protecting breakpoints in a software debugger
US20120260138A1 (en) Error logging in a storage device
CN111240879B (en) SAS card firmware log collection method, system, device and storage medium
CN102662799B (en) Data backup method, server and hot backup system
US20120151267A1 (en) System for extending use of a data address break point register to implement multiple watch points
CN107168773A (en) Positioning problems and the processing method and processing device of application recovery after a kind of JVM collapses
CN103226499A (en) Method and device for restoring abnormal data in internal memory

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20180323

Address after: 430074 Wuhan, Hongshan Province District Road, Department of mail, No. 88 hospital

Applicant after: FIBERHOME TELECOMMUNICATION TECHNOLOGIES Co.,Ltd.

Applicant after: WUHAN FIBERHOME TECHNICAL SERVICES Co.,Ltd.

Address before: 430074 East Lake Development Zone, Hubei, Optics Valley Venture Street, No. 67, No.

Applicant before: FIBERHOME TELECOMMUNICATION TECHNOLOGIES Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20241217

Address after: 430000 No. 6, High-tech Fourth Road, Donghu High-tech Development Zone, Wuhan City, Hubei Province

Patentee after: FIBERHOME TELECOMMUNICATION TECHNOLOGIES Co.,Ltd.

Country or region after: China

Address before: 430074, No. 88, postal academy road, Hongshan District, Hubei, Wuhan

Patentee before: FIBERHOME TELECOMMUNICATION TECHNOLOGIES Co.,Ltd.

Country or region before: China

Patentee before: WUHAN FIBERHOME TECHNICAL SERVICES Co.,Ltd.

TR01 Transfer of patent right