JP2007310834A - Data protection method, information processor and operating system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To protect data to be stored in a memory even though a plurality of tasks sharing the memory do not perform control for protecting the data. <P>SOLUTION: An OS associates specific information of each storage area obtained by logically partitioning the memory with writing acceptance/rejection information to be referred to by a CPU in order to determine the acceptance/rejection to write data into each storage area during writing the data in each storage area, the OS associates identification information of each task with specific information of a writable area configured by including one or more storage areas allocated to each task as a write destination during executing each task, and the OS updates the writing acceptance/rejection information of each storage area constituting a first writable area allocated to a first task to information showing write rejection and the writing acceptance/rejection information of each storage area constituting a second writable area allocated to a second task to information showing writing acceptance during switching the first task to the second task. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention relates to a method for protecting data stored in a memory in an information processing apparatus that executes a plurality of tasks, an information processing apparatus, and an operating system.

  In an information processing apparatus that executes a plurality of tasks, a technique for assigning a protection key to a real memory has been developed as a technique for protecting data stored in a memory (see, for example, Patent Document 1).

In a virtual storage system, a technique has been developed in which control information for accessing the main storage device is added to a page table that is referred to when address conversion from a virtual address to a real address is performed, and determination is performed at the time of address conversion. . According to this technique, even if the protection keys match, writing can be prohibited.
JP-A-62-100851

  By the way, a virtual area in a virtual storage system realized by an address conversion mechanism that performs conversion from a virtual address to a real address depends on the purpose of use, a system area, a space specific area, a job specific area, a program specific area, and a system common area. It is classified into a common work area between spaces.

  In the conventional technology, in the system common area and inter-space common work area, multiple tasks with different address spaces are intended to write to areas reserved by other tasks. In many cases, write protection is performed by setting a protection key.

  When write protection is performed using only the protection key, the protection key is not valid for the area of the same protection key as the execution key assigned to the task for the area that is randomly allocated by multiple tasks. It is possible to write illegally in the same protection key area secured by another task. Furthermore, in the case of write protection with a protection key, there are many unspecified tasks with the same protection key, and it may take time to specify the cause when an area destruction occurs.

  In addition, in the case of a system that performs write protection using a method that adds control information to the page table and determines at the time of address translation, the task that secures the area or the task that writes to the area requires the page as needed. It is necessary to set or cancel write protection by adding control information to the table. For this reason, the write protection may not be performed for the purpose of reducing the overhead of setting or releasing the write protection. Furthermore, the task switch being released from the write protection may be in a state in which the protection is released during the operation of another task, and the write protection as the system may be insufficient.

  The present invention provides data protection that enables write protection to be realized even if each task does not perform control for write protection in a memory such as a system common area or an inter-space common work area shared by a plurality of tasks. It is a main object to provide a method, an information processing apparatus, and an operating system.

  In order to achieve the above object, the present invention provides a method for protecting data stored in a memory in an information processing apparatus that includes a CPU and a memory and that executes an operating system and a plurality of tasks. When the system writes specific information of each storage area obtained by logically partitioning the memory and writing data to each storage area, the CPU determines whether data can be written to each storage area. Referenced write permission / rejection information is associated with each other and stored in the memory, and the operating system assigns each task identification information and data write destination during each task execution to each task. Specific information of a writable area configured to include one or more of the storage areas. The first is assigned to the first task when the operating system switches the task executed by the information processing apparatus from the first task to the second task. The writability information associated with the specific information of each storage area constituting the writable area is updated to information indicating that writing is impossible, and the second writable area allocated to the second task is updated. The write enable / disable information associated with the specific information of each storage area to be configured is updated to information indicating write enable.

  According to such an aspect, it is possible to protect the data stored on the memory without each task performing control for protecting the data stored on the memory. In other words, when the task is selected, the operating system must be able to write to the area where the task in the execution state is required, that is, the area reserved by the invoking task, and the area reserved by other tasks should be write-protected. As a result, in the common area of the system common area and the common work area between spaces, the areas reserved by multiple tasks are mixed, and the user task controls the write protection of the areas for the areas reserved by other tasks. Even without consideration, only the area reserved by the invoking task can be written, and the area reserved by other tasks can be write-protected. Thereby, the area destruction of other tasks can be prevented, and malfunction of other tasks due to the area destruction can be prevented. For this reason, for example, even if a task runs out of control and the write destination of data to the memory becomes uncontrollable, data is not written to an area that is not assigned to the task, so the data stored in the memory Can be protected. In addition, for example, even if a task is executed with malicious intent and data written by another task is illegally rewritten, according to the present data protection method, such fraud can be prevented. Therefore, the security of the information processing apparatus can be improved.

  Further, the operating system assigns at least a part of the storage area constituting the third writable area allocated to the third task as a data write destination during execution of the third task to the second task. A fourth writable area in which data can be written even during execution of the task is assigned to the second task, and the identification information of the second task and the specific information of the fourth writable area are associated with each other. Each storage area stored in the memory and constituting the fourth writable area when the operating system switches a task executed by the information processing apparatus from the first task to the second task. The writability information associated with the specific information can also be updated to information indicating writable. .

  In this manner, even if an area is secured by another task, it is possible to write data to the area by declaring an area that is known to be written in advance. . As described above, by enabling writing of data to a common storage area by a plurality of tasks, data can be transferred between tasks, and a more advanced information processing service can be provided. .

  Further, the operating system associates the specific information of the third writable area with a password for allocating the storage area constituting the third writable area as the fourth writable area. When the password that matches the password is written in the memory from the second task, the operating system stores the task executed by the information processing apparatus in the first task. When switching from the second task to the second task, the writability information associated with the specific information of each storage area constituting the fourth writable area is also updated to information indicating writable. You can also.

  By such an aspect, it becomes possible to share the storage area on the memory only between specific tasks that know the password. As a result, it is possible to prevent data written in a memory by a certain task from leaking to a task unrelated to the task, so that the security of the information processing apparatus can be improved.

  Further, the information processing apparatus executes the plurality of tasks by a virtual storage method, each storage area is each page in the virtual storage method, and the specific information of each storage area is a head address of each page The specific information of each writable area may be the top address of the top page of each page constituting each writable area and the number of pages constituting each writable area.

  In such a manner, in the common area of the system common area of the virtual storage system and the common work area between the spaces, the area secured by a plurality of tasks is mixed, and the user task is compared with the area secured by other tasks. Even without considering the write protection control of the area, only the area reserved by the invoking task can be written, and the area reserved by the other task is prohibited from being written to prevent other tasks from destroying the area. Task malfunction can be prevented.

  The CPU has an address conversion mechanism for converting a virtual address into a real address. The write enable / disable information indicates whether or not data can be written to each storage area when the CPU writes data to each storage area. Reference may be made by the address translation mechanism to determine.

  In this manner, when a CPU executes a data write instruction while executing a certain task, whether or not the page on the memory can be accessed when the address conversion mechanism converts from a virtual address to a real address. Can be determined. As a result, it is possible to increase the speed of information processing executed by the information processing apparatus.

  Even if a plurality of tasks sharing the memory do not control to protect the data stored in the memory, the data stored in the memory can be protected.

  Hereinafter, the best mode for carrying out the present invention will be described in detail with reference to the drawings.

=== Information Processing Device ===
FIG. 1 shows a hardware configuration of an information processing apparatus 100 according to the present embodiment.
The information processing apparatus 100 includes a CPU 1, a memory 4, a hard disk drive 110, an I / O interface 120, and a communication interface 130.

  The CPU 1 is a device that controls the entire information processing apparatus 100. The CPU 1 reads the operating system 200 and user program 300 stored in the hard disk drive 110 into the memory 4 and executes them. Thereby, various functions as the information processing apparatus 100 are realized. FIG. 1 shows a state in which the operating system 200 and the user program 300 are read into the memory 4. In FIG. 1, as the user program 300, a user program A310, a user program B320, a user program C330, and a user program X340 are illustrated.

  The memory 4 also stores a segment table 13, a page table 14, an actual memory management table 15, a write prohibition control table 16, a common area reservation table 17, a write declaration table 18, a task control table 19, and a common area free table 66. The Details will be described later.

  When the CPU 1 executes the user program 300, the user program 300 is managed as the user task 31 by the operating system 200. In the example illustrated in FIG. 1, the user program A310, the user program B320, the user program C330, and the user program X340 are managed as a user task A311, a user task B321, a user task C331, and a user task X341. In the following description, user task A 311, user task B 321, user task C 331, user task X 341, and user task 31 are also simply referred to as task A 311, task B 321, task C 331, task X 341, and task 31, respectively.

  Although details will be described later, the information processing apparatus 100 according to the present embodiment executes each user task 31 by a virtual storage method. The CPU 1 includes a control register 2 and an address conversion mechanism 3. The control register 2 stores the start address of the segment table 13 stored in the memory 4. The segment table 13 stores the start address of the page table 14 stored in the memory 4. The page table 14 stores the top address of the page stored in the memory 4.

  The address conversion mechanism 3 performs conversion from a virtual address to a real address by referring to the control register 2, the segment table 13, and the page table 14 when the CPU 1 executes the user task 31 and accesses the memory 4. .

  The I / O interface 120 includes an input device used to input data to the information processing apparatus 100 by an operator or the like, and an output device that outputs information to the outside, and functions as a user interface. For example, a keyboard or a mouse can be used as the input device. For example, a display or a printer can be used as the output device.

  The communication interface 130 is a device for performing communication. For example, communication with other computers performed via a communication network such as the Internet is performed via the communication interface 130.

  The information processing apparatus 100 illustrated in FIG. 1 is configured to include only one CPU 1, but may be configured to include a plurality of CPUs 1.

=== Address translation mechanism ===
The address conversion mechanism 3 converts a virtual address into a real address when the CPU 1 accesses the memory 4.

  The operating system 200 according to the present embodiment can provide the user program 300 with a virtual address space different from the real address space provided by the memory 4. Therefore, each instruction constituting the user program 300 is described based on a virtual address. When the CPU 1 executes each instruction of the user program 300 and accesses the memory 4, the address conversion mechanism 3 converts the virtual address into a real address.

The translation from the virtual address to the real address by the address translation mechanism 3 is performed by the address translation mechanism 3 referring to the control register 2, the segment table 13, and the page table 14.
That is, first, the address translation mechanism 2 refers to the control register 2 and acquires the head address of the segment table 13.
Then, the address translation mechanism 2 accesses the address on the memory 4 obtained by adding the value of the start address of the segment table 13 and the segment number described in the instruction being executed by the CPU 1, and Get the start address.
Then, the address translation mechanism 2 accesses the address on the memory 4 obtained by adding the value of the top address of the page table 14 and the page number described in the instruction being executed by the CPU 1 to obtain the top address of the page. get.
Then, the address conversion mechanism 2 obtains an address on the memory 4 obtained by adding the value of the head address of the page and the offset described in the instruction being executed by the CPU 1 as a real address to be accessed by the CPU 1. .
The segment table 13 and the page table 14 are created when the operating system 200 starts execution.

  Here, the address translation mechanism 3 refers only to the page table 14 shown in the segment table 13 shown in the control register 2. In other words, the page table 14 indicated by the segment table 13 not indicated by the control register 2 is not referred to. When a certain page table 14 is specific to a certain segment table 13, a segment managed by the page table 14 is a virtual memory area (space specific area 24) specific to the virtual address space managed by the segment table 13. ). When a certain page table 14 is shared by a plurality of segment tables 13, segments managed by the page table 14 can be shared by a plurality of virtual address spaces respectively managed by the plurality of segment tables 13. Are common virtual memory areas (common areas 25).

=== Control register ===
The control register 2 stores the start address of the segment table 13 stored in the memory 4. The address translation mechanism 3 can obtain the head address of the segment table 13 by referring to the control register 2.
A plurality of virtual address spaces can be formed by changing the top address of the segment table 13 set in the control register 2. The start address of the segment table 13 set in the control register 2 can be changed by the CPU 1 executing a privileged instruction.

=== Operating System ===
The operating system 200 includes a task control unit 5 and a memory control unit 8.
The task control unit 5 includes a task selection unit 6 and a task end unit 7.
The memory control unit 8 includes an area allocation / release unit 9, a user write prohibition setting / cancellation unit 69, a task control write prohibition setting / cancellation unit 10, a write declaration registration / cancellation unit 11, and a real storage control unit 12.

<Task control unit>
The task control unit 5 schedules the execution order of each user task 31. The task control unit 5 switches the user task 31 executed by the CPU 1 by sequentially selecting one user task 31 from a plurality of user tasks 31 according to a predetermined algorithm. For example, the task control unit 5 switches the task 31 executed by the CPU 1 by sequentially selecting the task 31 from the user task A 311, the user task B 321, the user task C 331, and the user task X 341.

  Further, along with the switching of the task 31 by the task control unit 5, “ON” or “OFF” of a write protection bit (corresponding to write permission / prohibition information described in claims) of the page table 14 to be described later is set. Is called. This enables write protection control (write prohibition and release) in the address translation mechanism 3.

<Memory control unit>
The memory control unit 8 sets “ON” or “OFF” of the write protection bit of the page table 14 in accordance with the switching of the user task 31.

  Further, when the memory control unit 8 receives a request for securing the common area 25 from the user task 31, the memory control section 8 secures the common area 25. The securing of the common area 25 means that when the user task 31 is executed, the user task 31 receives an allocation of the common area 25 in which data can be written. When the requested common area 25 can be secured, the memory control unit 8 creates a common area securing table 17 to be described later, and sets the reserved virtual memory start address, secured size (number of pages), and password. To do. Further, the memory control unit 8 turns on the write protection bit of the page table 14 corresponding to the virtual memory in the secured common area 25. The area reserved for the user task 31 corresponds to the writable area described in the claims.

  Further, when a page exception interrupt occurs, the memory control unit 8 refers to a real memory management table 15 to be described later and obtains unused real memory in units of pages. Then, the memory control unit 8 sets the top address of each page in the page table 14. When the real memory is allocated to the virtual memory, the memory control unit 8 registers the virtual address of the allocated page in the real memory management table 15.

  Further, the memory control unit 8 sets the top address of the page table 14 in the segment table 13.

=== Virtual address space ===
2 shows that the task A311 is selected by the task selection process by the task control unit 5 among the tasks A311, B321, C331, and X341 sequentially executed by the information processing apparatus 100 according to the present embodiment. In this case, the virtual memory allocation state to each task 31 is shown.

  The virtual memory according to the present embodiment includes a space specific area 24 that can be referred to and updated by only one task 31 and a common area 25 that can be referenced and updated by a plurality of tasks 31.

  The space specific area 24 is composed of n virtual address spaces (virtual address space 1 (20) to virtual address space n (23)). A task 31 is assigned to each virtual address space. Each task 31 can secure the common area 25 individually.

  When assigning a real memory to a virtual memory, the CPU 1 assigns a protection key to the real memory with a prepared privileged instruction. The protection key is a key assigned to the real memory. When the protection key assigned to the real memory matches the execution key assigned to each task 31 (the key set in the PSW (Processor Status Word)), the CPU 1 writes the task 31 to the real memory. If it does not match, write is disabled (prohibited).

  The PSW includes a control bit for controlling the operation of the CPU 1 in addition to an address on the memory 4 where the instruction exists (also referred to as an instruction address). The control bits include bits for enabling or disabling the execution key and the address translation mechanism 3 described above.

  The CPU 1 operates according to the control bit of this PSW. When the bit for enabling the address conversion mechanism 3 is ON, the CPU 1 refers to the segment table 13 and the page table 14 on the memory 4 and reads an instruction from the instruction address stored in the PSW. If the instruction is an update instruction, the address translation mechanism 3 obtains a real address from the virtual address described in the update instruction. When the CPU 1 accesses the memory 4 and the write protection bit of the page table 14 is ON, the CPU 1 inhibits writing without executing the update instruction. Then, the CPU 1 generates a program check interrupt. This realizes write protection. As described above, when the address translation mechanism 3 obtains the real address from the virtual address, it is possible to quickly determine whether or not the update instruction can be executed by referring to the write protection bit of the page table 14. The processing at 100 can be speeded up.

  The information processing apparatus 100 designates, for each task 31, the same execution key as the protection key assigned to the real memory of each space specific area 24 in the PSW. At this time, different execution keys are assigned to tasks 31 in adjacent virtual address spaces. However, when the number of virtual address spaces is larger than the type of protection key, the same protection key is assigned as an execution key to different virtual address spaces. In this embodiment, it is assumed that the virtual address space 1 (20) and the virtual address space 3 (22) are the same protection key. It is assumed that a protection key different from the virtual address space 1 (20) and the virtual address space 3 (22) is assigned to the virtual address space 2 (21).

<Common area>
When each task 31 secures the common area 25, the same protection key area is assigned to each task 31 continuously or discontinuously depending on the order of the tasks 31 that require securing and the size of the area to be secured.
The common area 25 includes an area 26 secured by the task A 311, an area 27 secured by the task B 321, an area 28 secured by the task C 331, an area 29 secured by the task x 341, and an unallocated (released) area 30. In this case, the task A 311 only needs to be able to write to the area 26 secured by the task A 311, and there is no problem even if it cannot write to the other areas 27 to 30.
Therefore, for example, when the task control unit 5 selects the task A 311 and the task A 311 is in the execution state, only the area 26 reserved by the task A 311 needs to be writable, and the other areas 27 to 30 can be written. May be write-protected.
The area 26 reserved by the task A 311 and the area 28 reserved by the task C 331 have the same protection key. However, since the task A 311 does not need to write to the area 28 reserved by the task C 331, writing is prohibited. Good.

=== Task switching processing ===
FIG. 3 shows the state of the common area 25 when the task A311 is switched to the task B321.
By switching from the task A 311 to the task B 321, the task A 311 is changed from the execution state to the executable state. In addition, the task B321 is changed from the executable state to the execution state.
Along with this, the area 26 secured by the task A 311 is made writable to write prohibited. In addition, the area 27 secured by the task B 321 is made writable from write prohibition.
As described above, writing to the common area 25 can be performed only to the area secured by the task 31 in the execution state, and writing to the area secured by the other tasks 31 is prohibited in principle. As a result, it is possible to prevent the currently executing task 31 from destroying the area secured by the other task 31 by mistake and causing the other task 31 to malfunction. A method of writing prohibition and cancellation at the time of task selection will be described later.

=== Segment table ===
FIG. 4 shows an example of the contents of the segment table 13.
The segment table 13 stores the start address on the memory 4 of the page table 14. The segment table 13 is referred to by the address translation mechanism 3.
The segment table 13 includes a “page table address” field, an “effective bit” field, a “common bit” field, and a “page table length” field.

  In the “page table address” column, the top address of the page table 14 is described. In the “valid bit” column, information indicating whether the address of the page table 14 is valid is described. When “ON” is described, it indicates that it is valid, and when “OFF” is described, it indicates that it is invalid. In the “common bit” column, information indicating whether or not the page table 14 shown in the “page table address” column is used in common with other segment tables 13 is described. When “ON” is described, it indicates that the segment table 13 is shared, and when “OFF” is described, it is not shared. The page table length is written in the “page table length” column.

  The segment table 13 can indicate a virtual address space. Also, by setting the “common bit” field to “ON”, the page table 14 indicated by the page address can be shared with other virtual address spaces. In this case, the address of the page table 14 described in the “page table address” column indicates a common address space (common area 25). The relationship with the page table 14 will be described later.

=== Page table ===
FIG. 5 shows an example of the contents of the page table 14.
The page table 14 stores the top address of the page on the memory 4. The page table 14 is a table that is referred to by the address translation mechanism 3 in the same manner as the segment table 13. By storing the page top address in the page table 14, the CPU 1 can refer to the contents of the real memory.

The page table 14 includes a “page address” column, a “valid bit” column, and a “write protection bit” column.
In the “page address” column, the top address of the page is described. Each page is associated with a virtual memory in units of 4 kB (kilobytes). In the “valid bit” column, information indicating whether or not a real memory is allocated to the virtual memory corresponding to the page is described. When “ON” is described, it indicates that the real memory is allocated to the virtual memory corresponding to the page. When “OFF” is described, it indicates that the real memory is not allocated to the virtual memory corresponding to the page. In the “write protection bit” column, information indicating whether or not the CPU 1 can write to the page is described. When “ON” is described, the CPU 1 cannot perform writing on the page. When writing is attempted, the CPU 1 generates an exception and inhibits execution of writing.

  Whether the real memory is allocated to the virtual memory can be determined by whether “ON” is described in the “valid bit” of the page table 14 or “OFF” is described. If “ON” is described, it is determined that the real memory is allocated to the virtual memory corresponding to the page, and the real address can be obtained from the page table 14. If “OFF” is described, it is determined that the real memory is not allocated to the virtual memory corresponding to the page, and the CPU 1 generates a page exception interrupt.

  When a page exception interrupt occurs, the memory control unit 8 refers to the real memory management table 8 shown in FIG. 6 to obtain unused real memory in units of pages. Then, the memory control unit 8 sets the top address of the page in the page table 14. At this time, the real memory is allocated to the virtual memory by setting the valid bit indicating the validity of the page to “ON”.

  In addition, when the “write protection bit” column on the page table 14 is “ON”, the address translation mechanism 3 does not perform writing on the page. A program interrupt occurs when trying to write.

  In the present embodiment, the memory control unit 8 sets the write protection bit of the page table 14 to “ON” or “OFF”. As a result, the write protection operation in the address translation mechanism 3 is controlled (write prohibition and release). As a result, the write protection bits “ON” and “OFF” executed by the operating system 200 can be performed without the user program individually considering them.

  Although details will be described later, the memory control unit 8 sets the write prohibition control table 16 and the write declaration table 18 created by the memory control unit 8 when setting the write protection bit “ON” or “OFF”. refer.

=== Real memory management table ===
FIG. 6 shows an example of the contents of the real memory management table 15.
The real memory management table 15 is a table for managing real memory in units of pages. That is, the real memory management table 15 is a table indicating to which address in the virtual memory each page in the real memory is assigned. In the “virtual address” column of the real memory management table 15, the virtual address of the virtual memory to which each page is allocated is described. For pages not allocated to virtual memory, 0 is written in the “virtual address” column.
When the real memory is allocated to the virtual memory, the memory control unit 8 registers the address of the allocated virtual memory in the real memory management table 15. If real memory is not allocated to virtual memory, 0 is registered in this embodiment.

=== Write prohibition control table ===
FIG. 7 shows an example of the contents of the write prohibition control table 16.
The write prohibition control table 16 is a table indicating whether or not the write protection bit of each page table 14 is released by the method shown in this embodiment.

  That is, when canceling the write prohibition, the memory control unit 8 sets the bit for the CPU 1 that is going to cancel the write prohibition described in the “release flag” column to “1”. Further, if a real address is set in the page table 14 specified by the virtual address described in the “page table address” column, the memory control unit 8 is used to cancel the write prohibition for the real memory. Turns off the write protection bit of the page table 14.

  When performing the write prohibition setting, the memory control unit 8 sets the bit for the own CPU of the release flag of the write prohibition control table 16 to “0”. If all the bits of the release flag are “0”, the write prohibition release by other CPUs is eliminated, so the memory control unit 8 determines the page specified by the virtual address described in the “page table address” column. The write protection bit of table 14 is turned ON.

  In this way, by assigning the release flag to the bits corresponding to the CPU, it is possible to control the setting / release of the write protection for the page whose write prohibition is being canceled by another CPU. In this embodiment, the “page table address” column is provided in the write prohibition control table 16 so that the write prohibition control table 16 and the page table 14 are in a one-to-one correspondence.

The “inhibition bit” column is a column in which data for preventing the memory control unit 8 from setting / releasing the write protection bit of the page table 14 is described.
That is, conventionally, when the user makes a write prohibition setting request and sets the write protection bit of the page table 14 to “ON”, the user request is prioritized and the write prohibition setting / cancellation in the memory control unit 8 is suppressed. There is a need. For this reason, the “prohibit bit” column is provided in the write prohibition control table 16 and when the user request write prohibition is set, the “suppress bit” column is turned ON and the write protection bit of the page table 14 is set / released. Do not do it.

=== Common area reservation table ===
FIG. 8 shows an example of the contents of the common area reservation table 17.
The common area reservation table 17 has a “virtual address” column, a “size” column, and a “password” column. In the “virtual address” column, the head address of the virtual address of the common area 25 secured by the user task 31 is described. In the “size” column, the size of the common area 25 starting from the virtual address is described. The size can be in units of pages. A password is written in the “password” column. The reason for storing the password is that a certain task 31 may make a write declaration to the common area 25 secured by another task 31.
When the memory control unit 8 receives an area allocation request parameter 67 (to be described later) from the user task 31, the area allocation / release unit 9 refers to a common area free table 66 (to be described later) and allocates an area having the requested number of pages. To do. When the area of the requested number of pages can be secured, the memory control unit 8 creates the common area securing table 17. Then, the start address of the reserved virtual memory, the reserved size (number of pages), and the password are set.

=== Common area free table ===
FIG. 9 shows an example of the contents of the common area empty table 66.
The common area empty table 66 has a “virtual address” column, a “size” column, and a “password” column. In the “virtual address” column, the virtual address of the common area 25 that is not yet secured for any task 31 is described. In the “size” column, the size of the common area 25 starting from the virtual address is described. The size can be in units of pages. In the “password” column, a password initialized with X′00 ′ is described.

=== Write declaration table ===
FIG. 10 shows an example of the contents of the write declaration table 18.
The write declaration table 18 has a “virtual address” column, a “size” column, and a “password” column. In the “virtual address” column, the virtual address of the area where the write declaration is made is described. In the “size” column, the size (page unit) of the area starting from the virtual address is described. In the “password” column, a password for receiving write permission for the area is described.

  When the user task 31 intends to write in an area secured by another user task 31, the user task 31 makes a write declaration for the common area 25 secured by the other user task 31 to the memory control unit 8. Then, the write declaration registration / cancellation unit 11 of the memory control unit 8 creates the write declaration table 18 and chains from the task control table 19 of the task 31 that has made the write declaration. That is, the address of the created write declaration table 18 is described in a “write declaration table address” column of the task control table 19 described later.

  The write declaration table 18 is created every time the task 31 makes a write declaration. In the write declaration table 18, a size is set for the case where the write declaration table 18 is continuously performed with the virtual address (page boundary) of the virtual memory to be written. In creating the write declaration table 18, it is possible to determine whether or not to allow writing to the requested virtual area based on whether or not it matches the password registered in the common area securing table 17. .

=== Task control table ===
FIG. 11 shows an example of the contents of the task control table 19.
The task control table 19 has a “task identifier” column, a “reserved table address” column, and a “write declaration table address” column.
In the “task identifier” column, a task identifier indicating task identification information is described. In the “reserved table address” column, the head address of the common area securing table 17 of the task is described. That is, in this embodiment, the write area management table described in the claims is realized by the task control table 19 and the common area securing table 17. In the “write declaration table address” column, the head address of the write declaration table 18 registered when the task makes a write declaration is described. That is, in the present embodiment, the write area expansion table described in the claims is realized by the task control table 19 and the write declaration table 18.

<When securing a common area>
When the task 31 requests the memory control unit 8 to secure the common area 25, the area securing / releasing unit 9 describes the identifier of the request source task 31 in the “task identifier” column of the task control table 19, In the “reserved table address” column, the head address of the common area securing table 17 indicating the virtual address of the secured common area 25 is described. As a result, the common area reservation table 17 indicating the area reserved from the task control table 19 of the request source task 31 is chained. The common area securing table 17 is chained every time the task 31 secures an area.
When the memory control unit 8 secures the common area 25, the memory control unit 8 turns on the write protection bit of the page table 14 corresponding to the virtual memory. After that, when returning to the request source task 31 via the task control unit 5, the write protection bit of the corresponding page table 14 is turned OFF and the release bit of the write prohibition control table 16 is turned ON in order to release the write prohibition. .

<When writing declaration>
When the user task 31 needs to write to an area reserved by another user task 31, the user task 31 makes a write declaration for the common area 25 reserved by the other user task 31 to the memory control unit 8. Then, the write declaration registration / cancellation unit 11 creates the write declaration table 18 and writes the address of the write declaration table 18 in the “write declaration table address” column of the task control table 19 of the task 31 that has made the write declaration. . The write declaration table 18 is created every time the task 31 makes a write declaration.

=== Area allocation request parameter, write declaration request parameter ===
FIG. 12 shows an area securing request parameter 67 when the task 31 secures the common area 25 and a write declaration request parameter 68 when performing a write declaration.

<Area allocation request parameter>
The area allocation request parameter 67 includes “number of allocation request pages” and “password”. The password is designated in order to perform control for determining whether or not to permit writing to the task 31 when another task 31 declares writing to the secured common area 25.
When the area securing / releasing unit 9 of the memory control unit 8 detects that the area securing request parameter 67 is written to the memory 4 from the user task 31, the area securing / releasing unit 9 secures an area having the requested number of pages. When the area of the requested number of pages can be secured, the memory control unit 8 creates the common area securing table 17. Then, the start address of the reserved virtual memory, the reserved size (number of pages), and the password are set.

<Write declaration request parameter>
The write declaration request parameter 68 includes “request address”, “request page number”, and “password”. In the “request address”, a virtual address (page boundary) of the common area 25 reserved by another task 31 is described.

When the write declaration registration / cancellation unit 11 of the memory control unit 8 detects that the write declaration request parameter 68 has been written to the memory 4 from the user task 31, it is the same as the virtual address described in the “request address” column. The common area reservation table 17 in which the virtual address is described is searched. The write declaration registration / cancellation unit 11 compares the password described in the “password” column of the searched common area reservation table 17 with the password described in the write declaration request parameter 68. If the two passwords match, the write declaration registration / cancellation unit 11 generates a write declaration table 18. Then, the write declaration registration / cancellation unit 11 writes the address of the write declaration table 18 in the “write declaration table address” column of the task control table 19 of the task 31 that has made the write declaration, and chains.
If there is no corresponding common area allocation table 17, the number of requested pages is not included, or the passwords do not match, the write declaration is not permitted, and an error is returned to the requester of the write declaration. If a password is not set in the common area securing table 17, a write declaration is permitted even if the passwords do not match.

=== Task switching control, Memory protection control ===
FIG. 13 shows a functional configuration of each software of the task control unit 5, the memory control unit 8, and the user task 31.

The memory control unit 8 includes an area reservation / release unit 9, a user write prohibition setting / cancellation unit 69, a task control write prohibition setting / cancellation unit 10, a write declaration registration / cancellation unit 11, and a real storage control unit 12.
The task control write prohibition setting / cancellation unit 10 sets the write protection bit of the page table 14 to ON or OFF. This makes it possible to prohibit or permit writing to the virtual memory when selecting a task.
The write declaration registration / cancellation unit 11 is a function necessary when data needs to be written in an area secured by the other task 31 in the interface with the other task 31. The task control write prohibition setting / cancellation unit 10 and the write declaration registration / cancellation unit 11 will be described later.
The area securing / releasing unit 9 receives a request from the user task 31 and secures or releases the area.
The real storage control unit 12 assigns real memory to virtual memory.
The user write prohibition setting / cancelling unit 69 sets or cancels the write prohibition in response to the write protection setting / cancellation requesting unit 70 or the write prohibition canceling requesting unit 71 of the user task 31. Set up.

On the other hand, the task control unit 5 includes a task selection unit 6 and a task end unit 7.
The task selection unit 6 calls the task control write prohibition setting / cancellation unit 10 of the memory control unit 8 when a task is selected. As a result, the task control write prohibition setting / cancelling unit 10 turns the write protection bit of the page table 14 ON or OFF in order to enable writing to the virtual memory in each area and enable writing.

<Securing common areas>
When the area securing / releasing unit 9 of the memory control unit 8 receives the area securing request from the area securing / releasing unit 32 of the user task 31, the area securing / releasing unit 9 searches the common area free table 66 and secures an area for the requested size. Then, the virtual address, size, and password of the secured common area 25 are added to the common area securing table 17 and deleted from the common area free table 66.
At this time, the task control write prohibition setting / cancellation unit 10 obtains the virtual address of the reserved area from the common area reservation table 17, and turns ON the write protection bit of the page table 14 corresponding to the virtual address. Further, the bit corresponding to the own CPU of the release flag of the write prohibition control table 16 corresponding to the virtual address is turned OFF. Thereby, write protection is performed on the area secured by the user task 31.

<Release area>
When the area allocation / release unit 32 of the user task 31 transmits an area release request to the memory control unit 8, the task control write prohibition setting / release unit 10 of the memory control unit 8 sets the virtual address of the common area 25 to be released. Is obtained from the common area securing table 17. Then, the task control write prohibition setting / cancelling unit 10 turns off the valid bit of the page table 14 corresponding to the virtual address and turns off the write protection bit. Further, the virtual address, size, and password of the released common area 25 are deleted from the common area securing table 17 and added to the common area free table 66.
When the user task 31 is completed, the task end unit 7 of the task control unit 5 issues an area release request to the task control write prohibition setting / release unit 10 of the memory control unit 8. Thereby, when the user task 31 ends, the area reserved by the user task 31 is released.

<Write declaration>
When it is necessary to write data to an area secured by another task 31, the write declaration / cancellation unit 33 of the user task 31 makes a write declaration. The write declaration is performed by transmitting a request to the memory control unit 8 using the necessary virtual memory address, size, and password as parameters.

  When the write declaration registration / cancellation unit 11 of the memory control unit 8 receives the write declaration request parameter 68 from the user task 31, the same virtual address as the virtual address described in the “request address” column of the write declaration request parameter 68. Is searched for the common area securing table 17 in which is written. The write declaration registration / cancellation unit 11 compares the password described in the “password” column of the searched common area reservation table 17 with the password described in the write declaration request parameter 68. If the two passwords match, the write declaration registration / cancellation unit 11 generates a write declaration table 18. Then, the write declaration registration / cancellation unit 11 writes the address of the write declaration table 18 in the “write declaration table address” column of the task control table 19 of the task 31 that has made the write declaration, and chains.

  Further, the task control write prohibition setting / cancellation unit 10 turns off the write protection bit of the page table 14 for the area declared to be written, and sets the bit corresponding to the own CPU of the release flag of the write prohibition control table 16 " 1 "to enable writing by the user task 31 that has made the write declaration.

<Release write declaration>
When the write declaration / cancellation unit 33 of the user task 31 transmits a write declaration cancellation request to the memory control unit 8, the write declaration registration / cancellation unit 11 of the memory control unit 8 cancels the write declaration. A virtual address is obtained from the write declaration table 18. Then, the write declaration registration / cancellation unit 11 turns on the valid bit of the page table 14 corresponding to the virtual address and deletes the write declaration table 18.

  When the user task 31 is completed, the task end unit 7 of the task control unit 5 makes a write declaration release request to the write declaration registration / release unit 11 of the memory control unit 8. As a result, when the user task 31 ends, the writing declaration of the user task 31 is canceled.

=== Flow of processing when switching tasks ===
Next, a flow of processing when the task control unit 5 switches the task 31 to be executed by the CPU 1 will be described.
Here, a case where the task A311 is switched to the task B321 will be described as an example.
First, the task control unit 5 shifts the task A311 that is currently in the execution state to an executable state.
At this time, the memory control unit 8 prohibits writing to the common area 25 reserved by the task A 311 and prohibits writing to the common area 25 declared to be written by the task A 311.
Then, the task control unit 5 causes the task B321 to be executed next by the CPU 1 to transition from the executable state to the execution state.
At this time, the memory control unit 8 permits writing to the common area 25 reserved by the task B321 and permits writing to the common area 25 declared to be written by the task B321.

  Hereinafter, a process when the task control unit 5 switches the task 31 to be executed by the CPU 1 from the task A 311 to the task B 321 will be described in detail with reference to FIGS.

<Processing when task A is transitioned from an execution state to an executable state>
FIG. 14 is a flowchart showing a flow of processing when the task A 311 selected by the task selection unit 6 is changed from an execution state to an executable state or a wait state.

First, the memory control unit 8 prohibits writing to the common area 25 secured by the task A 311 (S50).
That is, the task control write prohibition setting / releasing unit 10 refers to the common area reservation table 17 for the common area 25 reserved by the task A 311, and starts from the virtual address indicated in the common area reservation table 17. The page table 14 and the write prohibition control table 16 are obtained. Then, the task control write prohibition setting / cancellation unit 10 turns on the write protection bit of the page table 14 and sets the bit corresponding to the own CPU of the release flag of the write prohibition control table 16 to 0. As a result, a table setting for prohibiting writing to the common area 25 reserved by the task A 311 is performed. The process of S50 will be described in detail below with reference to FIG.

  FIG. 15 is a flowchart showing the flow of processing when setting for prohibiting writing to the common area 25 secured by the task A 311 is performed.

First, the task control write prohibition setting / releasing unit 10 refers to the common area securing table 17 and determines whether or not the selected task A 311 has secured the common area 25 (S53).
The task control write prohibition setting / cancelling unit 10 does nothing when the selected task A 311 does not secure the common area, but does not do anything when the common area 25 is secured. The common area allocation table 17 is referred to one by one, and the page table 14 and the write prohibition control table 16 are obtained from the virtual address (S54).
Then, the task control write prohibition setting / cancelling unit 10 performs a write prohibition setting process (S55). In the write prohibition setting process, the write protection bit of the page table 14 is turned ON, and the bit corresponding to the CPU of the release flag of the write prohibition control table 16 is set to 0. In this way, a table is set to prohibit writing to the common area 25 reserved by the task A311. The write prohibition setting process will be described in detail below with reference to FIG.

FIG. 17 is a flowchart showing the flow of task control write prohibition setting processing.
The task control write prohibition setting / cancellation unit 10 writes the common area reservation table 17 of the common area 25 reserved by the selected task A311 or the write declaration of the common area 25 declared by the selected task A311. Referring to the table 18, the page table 14 and the write prohibition control table 16 are obtained from the corresponding virtual address, and the bit corresponding to the own CPU of the release flag of the write prohibition control table 16 is set to 0 (S61).
Next, the task control write prohibition setting / cancelling unit 10 determines whether or not all the bits corresponding to the CPU1 of the cancel flag of the write prohibition control table 16 are 0 (S74).
If all the bits corresponding to CPU1 of the release flag of the write prohibition control table 16 are not 0, the task control write prohibition setting / release unit 10 guarantees writing by the CPU1 with the release flag set to 1. Without releasing the write protection bit of the page table 14, the release flag of the write prohibition control table 16 is set for the next virtual address indicated in the common area reservation table 17 and the write declaration table 18 reserved by the task A311. Processing to set the bit corresponding to the own CPU to 0 is performed (S65, S61).

On the other hand, if all the bits corresponding to CPU1 of the release flag of the write prohibition control table 16 are 0 in S74, the real address is determined from the virtual address prepared by CPU1 in determining whether the real memory is allocated to the virtual memory. The conversion instruction is used (S62).
If the condition code of the conversion instruction is other than 0, it is determined that there is no real memory allocation, but nothing is done, but if the condition code is 0, it is determined that there is real memory allocation (S63). Then, the write protection bit on the page table 14 is turned ON (S64). These processes (S61, S74, S62, S63, and S64) are performed for all the virtual addresses indicated in the common area securing table 17 and the write declaration table 18 secured by the task A311 (S65).
Returning to FIG. 15, the processes of S54 and S55 are performed for all the common areas 25 reserved by the task A311 (S56).

Next, returning to FIG. 14, the memory control unit 8 performs a process of prohibiting writing to the common area 25 that the task A 311 has declared to write (S51).
That is, the write declaration registration / cancellation unit 11 refers to the write declaration table 18 of the task A 311 and obtains the page table 14 and the write prohibition control table 16 from the virtual address indicated in the write declaration table 18. Then, the write declaration registration / cancellation unit 11 turns on the write protection bit of the page table 14 and sets the bit corresponding to the CPU of the release flag of the write prohibition control table 16 to 0. As a result, a table setting for prohibiting writing to the common area 25 reserved by the other task 31 declared by the task A 311 is performed. The process of S51 will be described in detail below with reference to FIG.

  FIG. 16 shows a flow of processing when setting is performed to prohibit writing to the common area 25 when the task A 311 declares writing to the common area 25 reserved by the other tasks 31. It is a flowchart which shows.

First, the write declaration registration / cancellation unit 11 refers to the write declaration table 18 and determines whether or not the selected task A 311 has made a write declaration (S57).
The write declaration registration / cancellation unit 11 does nothing if the selected task A 311 has not made any write declaration, but if it has made a write declaration, the task control write prohibition setting / cancellation unit 10 The page table 14 and the write prohibition control table 16 are obtained from the virtual address of the write declaration table 18 by referring to the write declaration table 18 of the selected task A311 (S58).

Then, the task control write prohibition setting / cancelling unit 10 performs a write prohibition setting process (S59). In the write prohibition setting process, the write protection bit of the page table 14 is turned ON, and the bit corresponding to the CPU of the release flag of the write prohibition control table 16 is set to 0. In this way, the table is set so that the task A 311 prohibits writing to the common area 25 reserved by the other tasks 31. The write prohibition setting process is shown in FIG.
The processing of S58 and S59 is performed for all the common areas 25 declared to be written by the selected task A311 (S60).
Returning to FIG. 14, the task selection unit 6 puts the selected task A 311 into an executable state or a waiting state (S52).

<Processing when task B is transitioned from an executable state to an executable state>
FIG. 18 is a flowchart showing the flow of processing when the task B321 selected by the task selection unit 6 is changed from the executable state to the execution state.
First, the memory control unit 8 cancels the prohibition of writing to the common area 25 secured by the task B321 (S34).
That is, the task control write prohibition setting / cancellation unit 10 refers to the common area reservation table 17 for the common area 25 reserved by the task B 321, and starts from the virtual address indicated in the common area reservation table 17. The page table 14 and the write prohibition control table 16 are obtained. Then, the task control write prohibition setting / release unit 10 turns OFF the write protection bit of the page table 14 and sets the bit corresponding to the own CPU of the release flag of the write prohibition control table 16 to 1. As a result, a table is set to cancel the prohibition of writing to the common area 25 secured by the task B321. The process of S34 will be described in detail below with reference to FIG.

FIG. 19 is a flowchart showing the flow of write prohibition release processing for the common area 25 reserved by the task B321.
First, the task control write prohibition setting / cancelling unit 10 refers to the common area securing table 17 and determines whether or not the selected task B321 has secured the common area 25 (S37).
The task control write prohibition setting / cancellation unit 10 does not have to secure the common area 25 for the selected task B321, but if the common area 25 is secured, the task B321 secures the common area for the selected task B321. The table 17 is referred to one by one, and the page table 14 and the write prohibition control table 16 are obtained from the virtual address (S38).

  Then, the task control write prohibition setting / cancelling unit 10 performs a write prohibition canceling process (S39). In the write prohibition release process, the write protection bit of the page table 14 is turned OFF, and the bit corresponding to the own CPU of the release flag of the write prohibition control table 16 is set to 1. In this way, the table setting for canceling write prohibition for the common area 25 reserved by the task B321 is performed. The write prohibition release process will be described in detail below with reference to FIG.

FIG. 21 is a flowchart showing the flow of task control write prohibition release processing.
The task control write prohibition setting / cancelling unit 10 writes the common area reservation table 17 of the common area 25 reserved by the selected task B321 or the write declaration of the common area 25 declared by the selected task B321. The table 18 is referred to, and the write prohibition control table 16 corresponding to the corresponding virtual address is referred to. Then, the task control write prohibition setting / releasing unit 10 determines whether or not the inhibition bit of the write prohibition control table 16 is OFF (S72).

  If the inhibit bit in the write prohibition control table 16 is ON, the task control write prohibition setting / cancelling unit 10 proceeds to “yes” without canceling the write protection in order to validate the write protection of the user request. However, if the inhibit bit is OFF, the process proceeds to “no” to cancel the write protection.

  If all the bits corresponding to CPU1 of the release flag of the write prohibition control table 16 are not 0, the task control write prohibition setting / release unit 10 sets the bit corresponding to the own CPU of the release flag of the write prohibition control table 16. Set to 1 (S45). Then, the task control write prohibition setting / cancellation unit 10 determines the release flag of the write prohibition control table 16 for the next virtual address indicated in the common area reservation table 17 and the write declaration table 18 secured by the task B321. Processing (S49, S73) is performed.

  On the other hand, if all the bits corresponding to the CPU of the release flag of the write prohibition control table 16 are 0 in S73 (S73), the task control write prohibition setting / release unit 10 turns on the write protect bit on the page table 14 Therefore, it is determined whether or not real memory is allocated to the virtual memory (S46). In order to determine whether the real memory is allocated to the virtual memory, a conversion instruction from a virtual address to a real address prepared by the CPU 1 is used.

If the condition code of the conversion instruction is other than 0 and it is determined that no real memory is allocated (S47: none), the task control write prohibition setting / cancellation unit 10 uses the own CPU of the cancel flag of the write prohibition control table 16 Only the bit corresponding to 1 is set to 1 (S45).
When it is determined that the condition code of the conversion instruction is 0 and real memory is allocated (S47: present), the task control write prohibition setting / cancelling unit 10 writes on the page table 14 corresponding to the virtual address. The protection bit is turned OFF (S48). Then, the task control write prohibition setting / cancellation unit 10 sets the bit corresponding to the CPU of the cancel flag of the write prohibition control table 16 to 1 (S45).

These processes (S73, S46, S47, S48, S45) are performed for all the virtual addresses indicated in the common area securing table 17 and the write declaration table 18 secured by the task B321 (S49).
Returning to FIG. 19, the processes of S38 and S39 are performed on all of the reservation tables 17 of the common area management table of the common area 25 reserved by the task B321 (S40).

Next, returning to FIG. 18, the memory control unit 8 cancels the prohibition of writing to the common area 25 declared to be written by the task B321 (S35).
That is, the write declaration registration / cancellation unit 11 refers to the write declaration table 18 of the task B321 and obtains the corresponding page table 14 and write prohibition control table 16 from the virtual addresses registered in the write declaration table 18. Then, the write declaration registration / cancellation unit 11 turns off the write protection bit of the page table 14 and sets the bit corresponding to the own CPU of the release flag of the write prohibition control table 16 to 1. The process of S35 will be described in detail below with reference to FIG.

FIG. 20 is a flowchart showing a flow of processing for releasing the write prohibition on the common area 25 when the task B 321 declares writing to the common area 25 reserved by the other task 31. is there.
First, the write declaration registration / cancellation unit 11 refers to the write declaration table 18 and determines whether or not the selected task B321 has made a write declaration (S41).
The write declaration registration / cancellation unit 11 does nothing if the selected task B 321 has not made any write declaration. The page table 14 and the write prohibition control table 16 are obtained from the virtual address by referring to the write declaration table 18 of the selected task B321 (S42).

Then, the task control write prohibition setting / cancelling unit 10 performs the write prohibition canceling process shown in FIG. 21 (S43). In the write prohibition release process, the write protection bit of the page table 14 is turned OFF, and the bit corresponding to the own CPU of the release flag of the write prohibition control table 16 is set to 1. In this way, the table setting for canceling the write prohibition is performed.
The processing of S42 and S43 is performed on all the write declaration tables 18 in the common area 25 that the selected task B321 has declared to write (S44).
Returning to FIG. 18, the task selection unit 6 puts the selected task B321 into an execution state (S36).

<Writing prohibition setting process when writing prohibition is set by request from user task>
FIG. 22 is a flowchart showing a processing flow when the memory control unit 8 receives a request from the user task 31 and performs setting for prohibiting writing.
This process is a process for performing a write prohibition setting when the user task 31 makes a request using a macro or the like prepared by the memory control unit 8 in order to perform write protection.

  In order to prevent a contradiction with the write prohibition setting / cancellation from the task control unit 5 according to the present invention, in order to determine the write prohibition setting / cancellation state by the task control unit 5 in the write prohibition setting process for the user, In order to guarantee the write prohibition setting by referring to the write prohibition control table 16 and the user's write prohibition setting request, a suppression bit is set in the write prohibition control table 16 for suppressing the write prohibition release by the task control unit 5. .

The write prohibition setting request from the user task 31 is valid only when real memory is allocated to the virtual memory at the requested virtual address. In order to determine whether the real memory is allocated to the virtual memory, a conversion instruction from the virtual address to the real address prepared by the CPU 1 is used (S76). If the condition code of the conversion instruction is other than 0, it is determined that there is no real memory allocation, and an error is returned. If the condition code is 0, it is determined that there is real memory allocation (S77). The process (S78) is performed.
If the release flag of the write prohibition control table 16 for the real memory of the write prohibition setting request is not all 0 (S78), all the release flags of the write prohibition control table 16 are set to 0 (S79), and the write protection on the page table 14 Set the bit to ON (S80). According to the present invention, if the release flag of the write control table 16 is 0, the write prohibition setting by the task control unit 5 is performed, so that it is not necessary to turn on the write protection bit on the page table 14.
Finally, in order to suppress the write prohibition setting / cancellation by the task control unit 5, the suppression bit of the write prohibition control table 16 is turned ON (S81) and the process returns.

<Write prohibition release processing when canceling write prohibition by request from user task>
FIG. 23 is a flowchart showing the flow of the write prohibition release process when the write prohibition release is performed in response to a request from the user task 31.
This process is conventionally a process of canceling write prohibition when the user task 31 makes a request using a macro or the like prepared by the memory control unit 8 in order to cancel write protection.

  In order not to cause a contradiction with the write prohibition setting / cancellation from the task control unit 5 according to the present invention, in the write prohibition release process for the user, after the write prohibition is canceled by the user's release request, the write prohibition setting / In order to enable the release, the inhibit bit in the write prohibition control table 16 is released.

  In the write prohibition release request from the user task 31, if the inhibit bit of the write prohibition control table 16 is not ON, it is determined that the write prohibition setting by the user request is not performed, and an error is returned (S83). If the inhibit bit in the write inhibit control table 16 is ON, the inhibit bit in the write inhibit control table 16 is turned OFF (S84).

  If the requested virtual memory is not included in the common area 25 reserved by the requested task 31, or if it is not included in the common area 25 where the requested task 31 has made a write declaration (S85). The write protection is canceled in the task control unit 5 according to the present invention without canceling the write protection of the page. If the requested task 31 is included in the common area 25 reserved or if the requested task 31 is included in the common area 25 in which the write declaration is made (S85), the virtual for which the write prohibition release is requested When the real memory is assigned to the virtual memory for the address, the write protection bit on the page table 14 is turned OFF.

  In order to determine whether the real memory is allocated to the virtual memory, a conversion instruction from the virtual address to the real address prepared by the CPU 1 is used (S86). If the condition code of the conversion instruction is other than 0, it is determined that no real memory is allocated, and the bit corresponding to the own CPU of the release flag of the write prohibition control table 16 is set to 1, but the condition code is 0. If so, it is determined that there is real memory allocation (S87), the write protection bit on the page table 14 is turned OFF (S88), and the bit corresponding to the own CPU of the release flag of the write prohibition control table 16 is set. Set to 1 (S89) and return.

  Although the embodiment of the present invention has been described in detail above, according to this embodiment, each task 31 sharing the memory 4 does not have to perform control for protecting the data stored in the memory 4. The data stored in 4 can be protected. For this reason, for example, even if the user task 31 runs out of control and the data write destination to the memory 4 becomes uncontrollable, data is not written to an area not secured by the user task 31. It is possible to protect the data stored in. Further, for example, even if the user task 31 is executed maliciously and the data written by another user task 31 is illegally rewritten, the data protection method according to the present embodiment prevents such fraud. It becomes possible to do.

  In particular, in the system common area of the virtual storage system and the common area 25 of the inter-space common work area, an area secured by a plurality of tasks is mixed, and an area assigned with the same protection key secured by another task Thus, even if the user task 31 does not consider the write protection control of the area, only the area secured by the own task can be written. As a result, there is an advantage that it is impossible to automatically write in an area secured by another task by mistake and other tasks do not malfunction due to the destruction of the area. Further, since writing is possible only in the execution state, there is an advantage that it can be prevented from being destroyed by other tasks.

  In addition, when data is exchanged with other tasks and areas, the address of the area is known in advance, and the area is an area prepared by the receiving task, and writing is performed as an interface between related tasks. In such a case, it is possible to write by declaring writing to the area reserved by another task, and inadvertently, such as when the prepared area is small due to an interface error with other tasks. There is an advantage that it is possible to prevent other unrelated areas from being destroyed and stopping the system. In addition, since the task to write to the area is limited, there is an advantage that the cause can be quickly identified when the area destruction is detected.

  Although the best mode for carrying out the invention has been described above, the above embodiment is intended to facilitate understanding of the present invention and is not intended to limit the present invention. The present invention can be changed and improved without departing from the gist thereof, and the present invention includes equivalents thereof. For example, the storage area described in the claims may be a segment instead of a page. Further, the memory 4 is not only physically configured by one semiconductor memory, but may be configured by a plurality of semiconductor memories.

It is a figure which shows the hardware constitutions of the information processing apparatus which concerns on this embodiment. It is a figure which shows the structure of the virtual memory which concerns on this embodiment. It is a figure which shows the structure of the virtual memory which concerns on this embodiment. It is a figure which shows the segment table which concerns on this embodiment. It is a figure which shows the page table which concerns on this embodiment. It is a figure which shows the real memory management table which concerns on this embodiment. It is a figure which shows the write prohibition control table which concerns on this embodiment. It is a figure which shows the common area reservation table which concerns on this embodiment. It is a figure which shows the common area free table which concerns on this embodiment. It is a figure which shows the write declaration table which concerns on this embodiment. It is a figure which shows the task control table which concerns on this embodiment. It is a figure which shows the area ensuring request | requirement parameter and write declaration request | requirement parameter which concern on this embodiment. It is the figure which showed the structure of the software which concerns on this embodiment. It is a flowchart which shows the flow of a process in the case of making the task which concerns on this embodiment change from an execution state to an executable state. It is a flowchart which shows the flow of a process at the time of performing the setting for prohibiting writing with respect to the common area which the task which concerns on this embodiment has ensured. The flowchart which shows the flow of a process at the time of performing the setting for prohibiting the write with respect to the common area, when the task which concerns on this embodiment has declared writing with respect to the common area which the other task has ensured It is. It is a flowchart which shows the flow of the write-inhibit setting process for task control which concerns on this embodiment. It is a flowchart which shows the flow of a process in the case of making the task which concerns on this embodiment change from an executable state to an execution state. It is a flowchart which shows the flow of the write prohibition cancellation | release process with respect to the common area which the task which concerns on this embodiment has ensured. When a task according to the present embodiment declares writing to a common area secured by another task, it is a flowchart showing a flow of processing for canceling write prohibition on the common area. It is a flowchart which shows the flow of the write prohibition cancellation | release process for task control which concerns on this embodiment. It is a flowchart which shows the flow of a process when the memory control which concerns on this embodiment performs write-protection setting by the request | requirement from a user. It is a flowchart which shows the flow of a process when the memory control which concerns on this embodiment performs write-protection cancellation | release by the request | requirement from a user.

Explanation of symbols

1 CPU 2 Control register 3 Address conversion mechanism 4 Memory 5 Task control 6 Task selection unit 7 Task end unit 8 Memory control unit 9 Area reservation / release unit 10 Task control write inhibit / release unit 11 Write declaration registration / release unit 12 Actual Storage control unit 13 Segment table 14 Page table 15 Real memory management table 16 Write prohibition control table 17 Common area reservation table 18 Write declaration table 19 Task control table 20 Space 1
21 space 2 22 space 3
23 Space n 24 Space specific area 25 Common area 26 Task A reservation area 27 Task B reservation area 28 Task C reservation area 29 Task x reservation area 30 Unallocated (release) area 31 User task 32 Area reservation / release section 33 Write declaration / Release unit 66 Common area free table 67 Area reservation request parameter 68 Write request declaration parameter 69 Write prohibition setting / release unit for user 70 Write prohibition setting request unit 71 Write prohibition release request unit 100 Information processing device 110 Hard disk drive 120 I / O interface 130 Communication Interface 200 Operating System 300 User Program 310 User Program A 311 User Task A
320 User program B 321 User task B
330 User program C 331 User task C
340 User program X 341 User task X

Claims (15)

A method for protecting data stored in the memory in an information processing apparatus that includes a CPU and a memory and that executes an operating system and a plurality of tasks,
In order to determine whether or not data can be written to each storage area when the operating system writes specific information of each storage area obtained by logically partitioning the memory and data to each storage area. And write permission / prohibition information referred to by the CPU are stored in the memory in association with each other,
Identification information of each task, and identification information of a writable area configured to include one or more of the storage areas respectively assigned to each task as a data write destination during execution of each task. Are stored in the memory in association with each other,
When the operating system switches the task executed by the information processing apparatus from the first task to the second task, each memory constituting the first writable area allocated to the first task Update the writability information associated with the specific information of the area to information indicating that writing is impossible, and the specific information of each storage area constituting the second writable area allocated to the second task; A data protection method characterized by updating the associated writability information to information indicating writable. A data protection method according to claim 1, comprising:
The operating system assigns at least a part of a storage area constituting a third writable area allocated to the third task as a data write destination during execution of the third task to the second task. Is assigned to the second task as a fourth writable area in which data can be written even during execution of the above, and the identification information of the second task and the specific information of the fourth writable area are associated with each other. Store in memory,
When the operating system switches the task executed by the information processing apparatus from the first task to the second task, the operating system associates with the specific information of each storage area constituting the fourth writable area A data protection method characterized in that the written writability information is also updated to information indicating writable. A data protection method according to claim 2, comprising:
The operating system associates the specific information of the third writable area with a password for allocating a storage area constituting the third writable area as the fourth writable area. Store in memory,
When the password matching the password is written to the memory from the second task, the operating system changes the task executed by the information processing apparatus from the first task to the second task. When switching to, the data protection method is characterized in that the write enable / disable information associated with the specific information of each storage area constituting the fourth writable area is also updated to information indicating write enable. A data protection method according to claim 1, comprising:
The information processing apparatus executes the plurality of tasks by a virtual storage method,
Each storage area is each page in the virtual storage system,
The specific information of each storage area is the top address of each page,
The specific information of each writable area is a start address of a top page of each page constituting each writable area and the number of pages constituting each writable area. . A data protection method according to claim 4, comprising:
The CPU has an address conversion mechanism for converting a virtual address into a real address;
The write protection information is referred to by the address conversion mechanism to determine whether or not data can be written to each storage area when the CPU writes data to each storage area. Method. CPU,
Memory,
With
An information processing apparatus that executes an operating system and a plurality of tasks,
Specific information of each storage area obtained by logically partitioning the memory, and when the data is written to each storage area, it is referred to by the CPU to determine whether data can be written to each storage area. A writability management table that stores writability information in association with each other;
The identification information of each task corresponds to the specific information of the writable area including one or more of the storage areas allocated to each task as a data write destination during execution of each task. A write area management table to store with,
When switching the task executed by the information processing apparatus from the first task to the second task, the specific information of each storage area constituting the first writable area allocated to the first task; The associated writability information is updated to information indicating that writability is not possible, and is associated with the specific information of each storage area constituting the second writable area allocated to the second task. A task switching unit that updates the writability information to information indicating writable;
An information processing apparatus comprising: The information processing apparatus according to claim 6,
Even during execution of the second task, at least a part of the storage area constituting the third writable area allocated to the third task as a data write destination during execution of the third task A write area expansion table that assigns data as a writable fourth writable area to the second task and stores the identification information of the second task and the specific information of the fourth writable area in association with each other When,
With
The task switching unit corresponds to specific information of each storage area constituting the fourth writable area when the task executed by the information processing apparatus is switched from the first task to the second task. The information processing apparatus is also characterized in that the attached writability information is updated to information indicating writability. The information processing apparatus according to claim 7,
A password storage table for storing the specific information of the third writable area and a password for assigning a storage area constituting the third writable area as the fourth writable area in association with each other; ,
With
When the password matching the password is written to the memory from the second task, the task switching unit changes the task executed by the information processing apparatus from the first task to the second task. When switching to a task, the writability information associated with the specific information of each storage area constituting the fourth writable area is also updated to information indicating writable information . The information processing apparatus according to claim 6,
The information processing apparatus executes the plurality of tasks by a virtual storage method,
Each storage area is each page in the virtual storage system,
The specific information of each storage area is the top address of each page,
The specific information of each writable area is the start address of the first page of each page constituting each writable area and the number of pages constituting each writable area. . The information processing apparatus according to claim 6,
The CPU has an address conversion mechanism for converting a virtual address into a real address;
The write enable / disable information is referred to by the address conversion mechanism to determine whether data can be written to each storage area when the CPU writes data to each storage area. apparatus. An information processing apparatus that includes a CPU and a memory and executes a plurality of tasks,
Specific information of each storage area obtained by logically partitioning the memory, and when the data is written to each storage area, it is referred to by the CPU to determine whether data can be written to each storage area. A procedure for associating the write permission / rejection information with each other and storing them in the memory;
The identification information of each task corresponds to the specific information of the writable area including one or more of the storage areas allocated to each task as a data write destination during execution of each task. And the procedure of storing in the memory,
When switching the task executed by the information processing apparatus from the first task to the second task, the specific information of each storage area constituting the first writable area allocated to the first task; The associated writability information is updated to information indicating that writability is not possible, and is associated with the specific information of each storage area constituting the second writable area allocated to the second task. A procedure for updating the writability information to information indicating writable;
Operating system for running. An operating system according to claim 11, comprising:
Even during execution of the second task, at least a part of the storage area constituting the third writable area allocated to the third task as a data write destination during execution of the third task Procedure for assigning data as a writable fourth writable area to the second task and storing the second task identification information and the fourth writable area specific information in association with each other in the memory When,
When the task executed by the information processing apparatus is switched from the first task to the second task, write permission / inhibition associated with the specific information of each storage area constituting the fourth writable area Regarding information, a procedure for updating to information indicating that writing is possible,
Operating system for running. An operating system according to claim 12,
Procedure for storing the specific information of the third writable area and the password for assigning the storage area constituting the third writable area as the fourth writable area in association with each other When,
When the password matching the password is written in the memory from the second task, when switching the task executed by the information processing device from the first task to the second task, A procedure for updating the writability information associated with the specific information of each storage area constituting the fourth writable area to information indicating writable; and
Operating system for running. An operating system according to claim 11, comprising:
The information processing apparatus executes the plurality of tasks by a virtual storage method,
Each storage area is each page in the virtual storage system,
The specific information of each storage area is the top address of each page,
The operating system characterized in that the specific information of each writable area is a head address of a head page of each page constituting each writable area and the number of pages constituting each writable area. An operating system according to claim 11, comprising:
The CPU has an address conversion mechanism for converting a virtual address into a real address;
The write permission / prohibition information is referred to by the address conversion mechanism to determine whether or not data can be written to each storage area when the CPU writes data to each storage area. .

Images