CN108804080A - A kind of High Reliability Design method of multiple interrupt embedded program - Google Patents
A kind of High Reliability Design method of multiple interrupt embedded program Download PDFInfo
- Publication number
- CN108804080A CN108804080A CN201810417634.5A CN201810417634A CN108804080A CN 108804080 A CN108804080 A CN 108804080A CN 201810417634 A CN201810417634 A CN 201810417634A CN 108804080 A CN108804080 A CN 108804080A
- Authority
- CN
- China
- Prior art keywords
- critical zone
- resource
- program
- embedded
- interrupt
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/20—Software design
- G06F8/22—Procedural
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Debugging And Monitoring (AREA)
Abstract
A kind of High Reliability Design method of multiple interrupt embedded program is a kind of for improving the embedded reliable method of high-level language software security for carrying multiple interruption demands.It usually will appear during the embedded software running with multiple interrupt demand and changed extremely due to interrupting certain variables; lead to program behavior and expected inconsistent phenomenon; in order to solve this problem; it is typically chosen and the similar processing method such as multiple assignment is carried out to variable to ensure to be changed extremely even if variable; it can also be corrected, to avoid dysfunction is caused.The method of the invention includes the method for determining critical zone, and how to critical zone access two aspect, greatly improve the reliability and stability of embedded software running.
Description
Technical field
The present invention relates to a kind of High Reliability Design methods of multiple interrupt embedded program, for the feelings to no operating system
Under condition, the reliability design of the embedded program of multiple interrupt configuration solves in the case of multiple interrupt random walk, in existing mostly
The problem of program reliability when disconnected non-synchronized random access conflict improves.
Background technology
With continuous fashionable, the place of one single chip of medical electronics, smart home, logistics management and Electric control etc.
Reason ability enhances further abundant with integrated interface so that the application of embedded system obtains larger growth.Embedded system
The design core of system is to run on the software program with specific function in microprocessor or microcontroller.With embedded system
The demand of system becomes increasingly complex, and the program scale run in microprocessor is also increasing, and the logic run is also increasingly
It is complicated.The burden of embedded applied software development programmer is alleviated to the introducing portion of embedded OS, but for reality
The more demanding application field of when property, the embedded program of no operating system is still by as preferred design scheme.In this way, embedded
The reliability and safety Design of formula program just become more important.Microprocessor is in addition to carrying out and applying some relevant arithmetic
Outside logical operation, most important function is exactly response external input.There are three types of the sides of the extraneous input of response for usual microprocessor
Method:Inquiry, interruption and DMA, wherein it is a kind of common and convenient design method to interrupt.But interruption in use will
It is related to the access problem of critical zone.If the same variable is not added with when modifying and accessing in interruption and outside interrupting
Protection, then the operation logic of program is likely to different from the design object of designer, or even can cause system function larger
It influences or endangers.Increase with the complexity of embedded software function, this problem can become more serious, and the knowledge of critical zone
Can it not become more difficult yet.More it is difficult to, in the operational process of program, program function caused by the access conflict of critical zone
Abnormal problem can with small probability in the case of occur at random, this can bring huge manpower and materials cost to debugging process.
Invention content
The present invention is mainly directed towards embedded program design field, proposes that a kind of high reliability of multiple interrupt embedded program is set
Meter method mainly solves the problems, such as the identification and secure access of critical zone in the design of multiple interrupt embedded program.
The main technical schemes of the present invention are as follows:A kind of High Reliability Design method of multiple interrupt embedded program, passes through
The non-synchronized random access conflict in multiple interrupt embedded program is solved, the uncertainty of program operation result is prevented, improves program
Designed reliability.
Further, the non-synchronized random access conflict solved in multiple interrupt embedded program is accomplished in the following manner:
The critical zone of multiple interrupt embedded program is identified first;
Then, multiple processing roles are avoided in synchronization while accesses the principle of critical zone, accessed to critical zone
Control;The processing role includes interrupt handling routine and main program two types.
Further, the critical zone can determine as follows:
Step 1, all global variables involved in multiple interrupt embedded program, hardware interface are searched for, by search
As a result it is used as public resource;
Step 2, all public resources in step 1 are divided into three classes according to following definitions:
The first kind, all processing roles only carry out read operation to it;
Second class, only there are one processing roles to carry out write operation to it, other processing roles are only to carrying out read operation;
Third class, more than one processing role carry out write operation to it;
Step 3, for first kind resource, without critical area definition;
Second class resource is needed when reading public resource as condition and being used to whether carry out subsequent operation judgement
Part will be read and subsequent operation part is used as critical zone simultaneously, wherein the public resource for judgement is defined as the critical zone
Focus resource;
For third class resource, needed when changing public resource using all processes of write operation as critical zone,
The public resource for being wherein used for judgement is defined as the focus resource of the critical zone.
Further, public resource is read as condition and with then to described the working as in the second class resource in step 3
When no progress subsequent operation judgement, condition therein includes independent condition judgment branch and cycle exit criteria two types.
Further, the access control to critical zone includes the following steps:
Step 1, compare the difference interrupted between set Sc for needing the interruption set Sm closed and currently having been switched off;
Step 2, set difference ∑=Sm-Sc is sought, before entering critical zone, closes all interruptions in set ∑;
Step 3, into critical zone, critical zone is accessed, critical zone is exited;
Step 4, all interruptions defined in ∑ are gathered in opening steps 2.
Further, the Sm includes the interruption that all focus resources to corresponding to critical zone are modified operation.
In multiple interrupt embedded program implementation procedure, due to the randomness of interrupt processing, cause to be different to resource access
What step carried out, if multiple interrupt processings need to access the same public resource, the correctness for handling logic can be by public affairs
The influence of the access order of resource altogether.The program operation result brought in order to avoid this non-synchronized random access public resource is not
Certainty, the present invention propose a kind of design method, it is ensured that in this case, the correctness of program operation, to improve journey
The reliability of sequence.Method proposed by the invention mainly has the advantage that compared with prior art:
1. the present invention proposes the reliability method of a set of raising multiple interrupt embedded program design.It passes through to critical zone
Definition and critical zone access method design, multiple interrupt non-synchronized random access public resource is determined in the design phase, produce
Access rule when raw competition conflict, avoids in program operation process, caused by the conflict of multiple interrupt non-synchronized random access
Uncertain or implementing result exception the complete method of program implementing result.
2. method proposed by the invention specifies all public affairs that may will produce critical zone when embedded program designs
Resource, especially hardware interface altogether, avoid due to program output abnormality caused by the random access to it;
The discrimination method of critical zone involved by 3., in particular for usually ignored public resource only at one
Write operation is carried out in reason role, the confirmation method of the critical zone of read operation is carried out in other processing roles, is avoided due to condition
It is changed at random, leads to the processing operation abnormal behavior carried out based on condition.
4. being the range of secure access outside critical zone defined in method proposed by the invention, will not occur due to more
The randomness for interrupting program implementing result caused by non-synchronized random access conflict, to save the test of reliability quality work
Cost.
By practice using verification, this method can effectively improve embedded program design, especially interrupt more embedding
The correctness, reliability and safety for entering formula programming, the high quality of programming is ensured that from the design phase, to subtract
Light later stage debugging, test and maintenance cost.
Description of the drawings
Fig. 1 is that the critical zone of the present invention handles logical schematic.
Specific implementation mode
It elaborates to the present invention with reference to example.A kind of high reliability of multiple interrupt embedded program of the present invention is set
Meter method prevents the uncertain of program operation result by solving the non-synchronized random access conflict in multiple interrupt embedded program
Property, improve programming reliability.The non-synchronized random access conflict wherein solved in multiple interrupt embedded program passes through following sides
Formula is realized:
(1) critical zone of multiple interrupt embedded program is identified;
Instantiation explanation is carried out to the confirmation part of critical zone below.
Above-mentioned code describes a code snippet for automatically controlling elevator door switch, and the function of realizing is described as, when
When door open switch is such as pressed in system reception external drive, chip will receive an interruption, to call interrupt service routine to call
OpenDoor () function opens elevator door, and in the program outside interruption whether has reached the time that cycle detection is opened the door
To 8s, if having reached 8s, CloseDoor () function is called to close elevator door;In this section of program,
DwUpdateTimeMs, dwCurrentTimeMs are the global variables read and write inside and outside interruption, and dwCurrentTimeMs belongs to
The public a resource of the first kind, dwUpdateTimeMs belong to the second class resource, and critical zone is protected before accessing
It protects (i.e. access control), the form that existing common guard method can be written as:
When interruption appears in dwCurrentTimeMs=GetSysTimeMs ();When after sentence, above-mentioned critical zone is protected
Shield mode obviously cannot meet with design idea.After this situation occurs, variable dwCurrentTimeMs has been set to
Current time, and dwUpdateTimeMs is updated to the time value newer than dwCurrentTimeMs after which, in this way
The value of variable dwCurrentTimeMs is less than the value of dwUpdateTimeMs, and variable overflows after subtracting each other, to be more than
8000ms, and dwUpdateTimeMs also meets the value of statistical indicant not equal to 0xFFFFFFFF, so if conditions are met, to
Execute door-closing operation.But the last time interval for opening the door the moment of distance is obviously unsatisfactory for the condition of 8s this moment.It was applying
Cheng Zhong, such case but often occur, and such as when elevator door will close, and have carried out a passenger and have prepared to take elevator,
He presses door open button when elevator door will close at this time, if that run in embedded system is above-mentioned guarantor this moment
Shield mode, then elevator door will be closed, without respond open the door request.
Method according to the present invention, then the critical zone in this example be:
The focus resource of the critical zone is dwUpdateTimeMs.Its protected mode should be designed to following form:
At this point, this section of program will be in above-mentioned scene, and the request that normal response is opened the door, passenger's holding newly to arrive again
The enabling stand-by period of 8s.
Then, multiple processing roles are avoided in synchronization while accesses the principle of critical zone, accessed to critical zone
Control, as shown in Figure 1;The processing role includes interrupt handling routine and main program two types.
The embodiment of the present invention selects the SoC of SparcV8 structures to run chip, and adopts and be implemented in C language the present invention
The critical zone access instances.
In embodiment, relatively low relative to the performance of SoC due to the performance requirement to embedded software, and each interrupt clothes
The execution time for program of being engaged in is also shorter, therefore, before entering critical zone, most of interrupt is closed by unified.In order to make code compared with
To be succinct, we are to the entrance of critical zone and exit code and done macrodefinition, in this way in application, only a line statement can be completed
The entrance of critical protection zone is exited.The secure access of critical zone is realized as follows:
Macrodefinition ENTER_INT_PROTECTED is completed before entering critical zone, is accessed the focus resource in critical zone
Defencive function is limited, EXIT_INT_PROTECTED completes to exit the recovery before protection zone to the resource access rights in critical zone
Function.In this way, the entrance of critical zone can be implemented as following form:
In the realization that critical zone enters control logic, INT_I_PRIORITY_MASK is the control deposit of SoC interrupt responses
Device, is 32 bit registers, and each of low 16 respectively controls the response whether an interrupt requests can be processed device, position
Value is 1 and indicates that respective interrupt response is shielded, and indicates that corresponding interrupt response is opened for 0.
CloseIndividualInt () function is used to close interrupt response according to mask defined in parameter, and
OpenIndividualInt () function is used to open interrupt response according to mask defined in parameter.
TestInterruptStatus () function mainly completes the checking function to Current interrupt on off state.In order to ensure in program
During realization, critical zone can carry out safe nesting, need to check current impeding shutdown state before entering critical zone,
After exiting critical zone, impeding shutdown state is reverted into the state before critical zone.Otherwise it will appear interruption in critical zone
The case where fetcher code abnormal opening is controlled by lock nested critical zone.The nesting of so-called critical zone calls packet that is, in critical zone
The code of the protection containing critical zone, in this case, critical zone relay protective scheme, which can simplify, is described as following form:
In this way, entering protection processing logical gate in critical zone, if not checking the impeding shutdown shape before entering critical zone first
State, and interrupt response is uniformly closed, it is unified to open interrupt response when exiting critical zone, then, the critical zone protection control of internal layer
Logic processed can be opened when releasing internal layer critical zone by all interrupting, and the critical zone for not yet exiting outer layer at this time accesses, from
And the critical zone of outer layer is caused to access shielding failure, it is not inconsistent with design and operation function.
The non-detailed description of the present invention is known to the skilled person technology.
Claims (6)
1. a kind of High Reliability Design method of multiple interrupt embedded program, it is characterised in that by solving the embedded journey of multiple interrupt
Non-synchronized random access conflict in sequence prevents the uncertainty of program operation result, improves programming reliability.
2. according to the method described in claim 1, it is characterized in that:Solve the non-synchronized random access in multiple interrupt embedded program
Conflict is accomplished in the following manner:
The critical zone of multiple interrupt embedded program is identified first;
Then, multiple processing roles are avoided in synchronization while accesses the principles of critical zone, accessed control to critical zone;
The processing role includes interrupt handling routine and main program two types.
3. according to the method described in claim 2, it is characterized in that:The critical zone can determine as follows:
Step 1, all global variables involved in multiple interrupt embedded program, hardware interface are searched for, by the result of search
As public resource;
Step 2, all public resources in step 1 are divided into three classes according to following definitions:
The first kind, all processing roles only carry out read operation to it;
Second class, only there are one processing roles to carry out write operation to it, other processing roles are only to carrying out read operation;
Third class, more than one processing role carry out write operation to it;
Step 3, for first kind resource, without critical area definition;
For the second class resource, when reading public resource as condition and being used to whether carry out subsequent operation judgement, need by
It reads part and subsequent operation part is used as critical zone simultaneously, wherein the public resource for judgement is defined as the coke of the critical zone
Point resource;
For third class resource, need all processes using write operation as critical zone when changing public resource, wherein
Public resource for judgement is defined as the focus resource of the critical zone.
4. according to the method described in claim 3, it is characterized in that, being read to described the working as in the second class resource in step 3
For public resource as condition and when being used to whether carry out subsequent operation judgement, condition therein includes independent condition judgment branch
With cycle exit criteria two types.
5. according to the method described in claim 2, it is characterized in that:The access control to critical zone includes following step
Suddenly:
Step 1, compare the difference interrupted between set Sc for needing the interruption set Sm closed and currently having been switched off;
Step 2, set difference ∑=Sm-Sc is sought, before entering critical zone, closes all interruptions in set ∑;
Step 3, into critical zone, critical zone is accessed, critical zone is exited;
Step 4, all interruptions defined in ∑ are gathered in opening steps 2.
6. according to the method described in claim 5, it is characterized in that:The Sm includes all focuses to corresponding to critical zone
Resource is modified the interruption of operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810417634.5A CN108804080B (en) | 2018-05-04 | 2018-05-04 | High-reliability design method of multi-interrupt embedded program |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810417634.5A CN108804080B (en) | 2018-05-04 | 2018-05-04 | High-reliability design method of multi-interrupt embedded program |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108804080A true CN108804080A (en) | 2018-11-13 |
| CN108804080B CN108804080B (en) | 2022-06-03 |
Family
ID=64093591
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810417634.5A Active CN108804080B (en) | 2018-05-04 | 2018-05-04 | High-reliability design method of multi-interrupt embedded program |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108804080B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022001303A1 (en) * | 2020-06-29 | 2022-01-06 | 华为技术有限公司 | Lock management method, apparatus, and device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005062170A2 (en) * | 2003-12-18 | 2005-07-07 | Koninklijke Philips Electronics N.V. | Method and compilation system for translating source code into executable code |
| US20060174248A1 (en) * | 2005-02-03 | 2006-08-03 | Zeidman Robert M | Software tool for automatically protecting shared resources within software source code |
| CN101145134A (en) * | 2006-09-15 | 2008-03-19 | 三星电子株式会社 | Apparatus and method for handling interrupt disabled section and page pinning apparatus and method |
| CN101482833A (en) * | 2009-02-18 | 2009-07-15 | 杭州华三通信技术有限公司 | Critical resource related interruption handling method and apparatus, and real-time operating system |
| CN101819539A (en) * | 2010-04-28 | 2010-09-01 | 中国航天科技集团公司第五研究院第五一三研究所 | Interrupt nesting method for transplanting muCOS-II to ARM7 |
| CN103092784A (en) * | 2011-10-27 | 2013-05-08 | 飞思卡尔半导体公司 | Systems and methods for semaphore-based protection of shared system resources |
| US20140108690A1 (en) * | 2012-10-11 | 2014-04-17 | Wind River Systems, Inc. | System And Method for Operating System Aware Low Latency Interrupt Handling |
-
2018
- 2018-05-04 CN CN201810417634.5A patent/CN108804080B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2005062170A2 (en) * | 2003-12-18 | 2005-07-07 | Koninklijke Philips Electronics N.V. | Method and compilation system for translating source code into executable code |
| US20060174248A1 (en) * | 2005-02-03 | 2006-08-03 | Zeidman Robert M | Software tool for automatically protecting shared resources within software source code |
| CN101145134A (en) * | 2006-09-15 | 2008-03-19 | 三星电子株式会社 | Apparatus and method for handling interrupt disabled section and page pinning apparatus and method |
| CN101482833A (en) * | 2009-02-18 | 2009-07-15 | 杭州华三通信技术有限公司 | Critical resource related interruption handling method and apparatus, and real-time operating system |
| CN101819539A (en) * | 2010-04-28 | 2010-09-01 | 中国航天科技集团公司第五研究院第五一三研究所 | Interrupt nesting method for transplanting muCOS-II to ARM7 |
| CN103092784A (en) * | 2011-10-27 | 2013-05-08 | 飞思卡尔半导体公司 | Systems and methods for semaphore-based protection of shared system resources |
| US20140108690A1 (en) * | 2012-10-11 | 2014-04-17 | Wind River Systems, Inc. | System And Method for Operating System Aware Low Latency Interrupt Handling |
Non-Patent Citations (2)
| Title |
|---|
| 余倩倩等: ""虚拟环境下硬件事务内存辅助的同步机制"", 《计算机科学与探索》 * |
| 白烁等: "嵌入式软件资源冲突自动检测系统设计", 《电子设计工程》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022001303A1 (en) * | 2020-06-29 | 2022-01-06 | 华为技术有限公司 | Lock management method, apparatus, and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108804080B (en) | 2022-06-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8117660B2 (en) | Secure control flows by monitoring control transfers | |
| CN108255728B (en) | Method and device for identifying failure mode of software | |
| CN109117362B (en) | PLC program verification system based on intermediate language | |
| CN104169888A (en) | Run-time instrumentation directed sampling | |
| CN112817787B (en) | Automatic detection method for data competition of interrupt-driven embedded system | |
| CN104732152A (en) | Buffer overflow loophole automatic detection method based on symbolic execution path pruning | |
| CN106980576B (en) | A kind of built-in system software debugging system based on run time verification technology | |
| Barthe et al. | Security of multithreaded programs by compilation | |
| JP2021533487A (en) | Systems and methods for parallel execution and comparison of related processes for fault protection | |
| CN108804080A (en) | A kind of High Reliability Design method of multiple interrupt embedded program | |
| CN108830078A (en) | A kind of malicious code discovery method for industrial control equipment | |
| CN106845235B (en) | A kind of Android platform call back function detection method based on machine learning method | |
| Kang et al. | Iotbox: Sandbox mining to prevent interaction threats in iot systems | |
| CN110705974A (en) | Complete intelligent contract form specification implementation method | |
| CN114428733A (en) | Kernel data competition detection method based on static program analysis and fuzzy test | |
| CN116484439B (en) | Rust language-based safety enhancement model development method and system | |
| CN117081818A (en) | Attack transaction identification and interception method and system based on intelligent contract firewall | |
| CN109753451A (en) | Memory means of defence and device | |
| US20100169618A1 (en) | Identifying concurrency control from a sequential proof | |
| CN112905995A (en) | Method and system for detecting abnormal behaviors of register group in processor in real time | |
| CN107967426B (en) | Detection method, defense method and system for Linux kernel data attack | |
| Liu | [Retracted] Software Vulnerability Mining Techniques Based on Data Fusion and Reverse Engineering | |
| CN109753822A (en) | Method for protecting EMS memory and device | |
| CN109753450A (en) | Prevent the method and device of memory injection attacks | |
| Mozhaiev et al. | Analysis and comparative researches of methods for improving the software |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |