JP2011165038A - Software development device, program, recording medium, and semiconductor integrated circuit device - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To designate a software component and limit debug function for the software component. <P>SOLUTION: The software development device (10) includes a host system (11) and an emulator (13). The emulator includes a debugging microcomputer (211) and a debug function circuit (221) which obtains debugging information of the debug object program. The device further includes a secrecy control circuit (222) which can determine, based on secrecy setting information for a software component constituting the debug object program to be executed in the debugging microcomputer, whether to make the software component secret, and limit the operation of the debug function circuit upon execution of the software component in the debugging microcomputer. According to this arrangement, dynamic program analysis of software is made difficult. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a software concealment technique, for example, a technique effective when applied to the development of a program executed by a microcomputer equipped with IP (specific application software, circuit module).

  A software development apparatus for supporting development of a program executed on a microcomputer includes a host system and an emulator. The host system executes various programs related to software development support and controls the operation of the emulator. The emulator obtains information for debugging the user program by executing a user program which is a program to be debugged instead of the microcomputer originally mounted on the user system.

  In recent microcomputer software development, there are many cases where final software is assembled by combining software components of different developers. In a conventional microcomputer development device, if there is a final load module file linked with an OS (Operating System), peripheral module drivers, libraries, and applications, the entire software is usually subjected to static analysis and dynamic Analysis and evaluation are possible. There is known a technique for limiting the debugging function by recognizing the address of software to be concealed by firmware of a microcomputer software development apparatus when there is software or a circuit to be concealed among them (for example, Patent Document 1). reference). In addition, a technique is known in which a specific fixed address range of software to be concealed on a mask ROM (Read Only Memory) is detected by hardware, and a debugging function is limited (see, for example, Patent Document 2).

JP 2006-65555 A JP 2003-280756 A

  As described above, in recent microcomputer software development, there are many cases where final software is assembled by combining software components of different developers. In a conventional microcomputer development device, if there is a final load module file linked with an OS (Operating System), peripheral module drivers, libraries, and applications, the entire software is usually subjected to static analysis and dynamic Analysis and evaluation are possible. The inventor of the present application examined such a conventional technique, and it is impossible to specify a software component that is a part of a final load module file and limit a debugging function for the software component. It has been found that it is difficult to keep it secret from third parties. This cannot be solved even by the techniques described in Patent Documents 1 and 2.

  An object of the present invention is to provide a technique for specifying a software component that is a part of a final load module file and limiting a debugging function for the software component.

  The above and other objects and novel features of the present invention will be apparent from the description of this specification and the accompanying drawings.

  The following is a brief description of an outline of typical inventions disclosed in the present application.

  That is, a software development apparatus is configured including a host system and an emulator coupled to the host system and for debugging a program to be debugged transmitted from the host system. The emulator includes a debugging microcomputer capable of executing the debugging target program, a debugging functional circuit for obtaining debugging information of the debugging target program by monitoring an execution state of the debugging target program by the debugging microcomputer, including. Then, based on the confidential setting information about the software component constituting the debug target program executed by the debugging microcomputer, it is determined whether or not the software component should be concealed, and based on the determination result, the software A secret control circuit capable of restricting the operation of the debug function circuit when the component is executed by the debug microcomputer is provided.

  The effects obtained by the representative ones of the inventions disclosed in the present application will be briefly described as follows.

  That is, it is possible to specify a software component that is a part of the final load module file and limit the debugging function for the software component.

It is a block diagram of a configuration example of a software development device according to the present invention. It is a block diagram of a configuration example of an emulator included in the software development apparatus. FIG. 2 is a circuit diagram illustrating a configuration example of a secret control circuit included in the emulator. It is explanatory drawing of the function limitation example at the time of the various debugging functions implement | achieved by the functional circuit for debugging contained in the said emulator, and the confidential control circuit. It is a flowchart which shows the flow of a process at the time of using cross software as a tool for developing software in the said software development apparatus. It is a flowchart which shows the flow of the compilation or assembly process contained in the said cross software. It is a flowchart which shows the flow of the link process contained in the said cross software. It is a flowchart which shows the flow of confidential ID information setting to the confidential ID setting register | resistor contained in the said confidential control circuit. It is explanatory drawing of the download of the debug object program in a software development apparatus. It is explanatory drawing of the upload of the debug object program in a software development apparatus. 1 is a block diagram illustrating a configuration example of an on-chip emulator including a microcomputer chip as an example of a semiconductor integrated circuit device according to the present invention. It is a block diagram of a configuration example of the microcomputer chip. It is explanatory drawing regarding expansion of the said supervisor mode. It is a conceptual explanatory view of the supervisor mode as a microcomputer architecture. FIG. 14 is a block diagram showing a configuration example of the microcomputer chip when the supervisor mode is expanded as shown in FIG. 13. FIG. 16 is a block diagram illustrating a configuration example of a secret control circuit included in the microcomputer chip illustrated in FIG. 15. It is explanatory drawing of the address translation / memory protection mechanism by MMU as a microcomputer architecture. FIG. 18 is a block diagram illustrating a configuration example of a microcomputer chip when a virtual address space is assigned to each task using the MMU as illustrated in FIG. 17. FIG. 19 is a block diagram illustrating a configuration example of a secret control circuit included in the microcomputer chip illustrated in FIG. 18.

1. First, an outline of a typical embodiment of the invention disclosed in the present application will be described. Reference numerals in the drawings referred to in parentheses in the outline description of the representative embodiments merely exemplify what are included in the concept of the components to which the reference numerals are attached.

  [1] A software development apparatus (10) according to a representative embodiment of the present invention is coupled to a host system (11) and the host system, and debugs a program to be debugged transmitted from the host system. Emulator (13). The emulator includes a debugging microcomputer (211) capable of executing the debugging target program and a debugging microcomputer for obtaining debugging information of the debugging target program by monitoring an execution state of the debugging target program by the debugging microcomputer. And a functional circuit (221). Then, based on the confidential setting information about the software component constituting the debug target program executed by the debugging microcomputer, it is determined whether or not the software component should be concealed, and based on the determination result, the software A secret control circuit (222) capable of restricting the operation of the debugging functional circuit when the component is executed by the debugging microcomputer is provided.

  According to the above configuration, the concealment control circuit determines whether or not the software component should be concealed based on the concealment setting information about the software component that constitutes the debug target program executed by the debugging microcomputer. Based on the determination result, the operation of the functional circuit for debugging when the software component is executed by the microcomputer for debugging is limited. As described above, the operation of the functional circuit for debugging when the software component is executed by the debugging microcomputer is limited, so that the software component that is a part of the final load module file can be specified and The debugging function for software components can be limited. This makes it difficult to perform dynamic program analysis of software to be concealed, making it possible to conceal IP technology from third parties.

  [2] In the above [1], the debug microcomputer may include an execution software ID setting register (214) in which ID information of software components constituting the debug target program is set. Thus, by providing the execution software ID setting register, it is possible to easily set the ID information of the software component constituting the debug target program. Further, the secret control circuit includes a secret ID setting register (31-1 to 31-n) in which ID information of a secret software component is set, output information of the execution software ID setting register, and the secret ID setting. Comparing circuits (32-1) to 32-n for determining whether or not the output information of the register matches can be included. At this time, a signal for limiting the operation of the debug function circuit is formed based on the comparison result of the comparison circuit. According to this configuration, a secret control circuit having the above functions can be easily realized.

  [3] In the above [1], the host system compiles or assembles a source file to load an object file based on an object file generation function that forms an object file and an object file formed by the object file generation function. A load module file generation function for forming a module file can be included. At this time, the load module file is sent to the emulator as the debug target program. As a result, the host system can compile or assemble the source file and form a load module file based on the object file.

  [4] In the above [3], the object file generation function reads the source file and adds a code for writing ID information to the execution software ID setting register to the first file (601, 602) ), A second function (603) that forms an object file by compiling or assembling the source file to which the code is added by the first function, and the object file obtained by the second function is a secret object. And a third function for determining whether or not there is. In addition, the object file generation function is based on the fourth function (605) for performing encryption processing on the object file to be concealed based on the determination result by the third function and the determination result by the third function. The object file includes a fifth function (606) for setting a flag indicating whether or not the file is a secret object.

  The load module file generation function includes a sixth function (701, 702) for forming a load module file based on the object file generated by the object file generation function, and a load module file formed by the sixth function. And a seventh function (703) for determining whether or not an object to be concealed is included. In addition, the load module file generation function includes an eighth function (704) for performing encryption processing on the load module file that is determined to contain a secret object by the seventh function, and the seventh function. And a ninth function (705) for adding a flag indicating whether or not the file is a secret object to the load module file based on the determination result.

  By exhibiting the above functions, the object file and the load module file can be generated accurately.

  [5] In the above [4], the debugging microcomputer receives the load module file encrypted by the host system and decrypts the load module file (217) and the decryption processing function. A dedicated area (218) for storing the decrypted file may be provided, and the file stored in the dedicated area may be executed as the debug target.

  Since the encryption / decryption module is provided in the debugging microcomputer, and encryption processing and decryption processing are performed there, there is no decrypted instruction code other than inside the debugging microcomputer. Since the code of the program to be debugged cannot be acquired outside the debugging microcomputer, it becomes difficult to perform static code analysis of software to be concealed.

  [6] In the above [5], the debugging microcomputer encrypts the load module file before sending the load module file in the dedicated area to the host system (217). Can be further provided. The decrypted instruction code can be prevented from being sent out of the debugging microcomputer.

  [7] As a program to be realized by a computer, a first function for reading a source file and writing a code for writing ID information in an execution software ID setting register to the source file, and the code by the first function And a second function for forming an object file by compiling or assembling the source file to which is added. Further, as a program to be realized by the computer, the object file obtained by the second function is concealed based on the third function for determining whether or not the object file is a concealment target and the determination result by the third function. A fifth function for setting a flag indicating whether or not the object file is a target to be concealed to the object file based on a determination result of the fourth function for performing encryption processing on the target object file and the third function; Function. Further, the program to be realized by the computer includes a sixth function for forming a load module file based on the object file, and a load module file formed by the sixth function that is to be concealed A seventh function is provided for determining whether or not to be performed. As a program to be realized by the computer, an eighth function for performing encryption processing on a load module file that is determined to contain a confidential object by the seventh function, and a function for the seventh function Based on the determination result, the load module file is provided with a ninth function for adding a flag indicating whether or not the file is a secret object. By exhibiting the above functions, the object file and the load module file can be generated accurately.

  [8] The program of [7] can be recorded on a computer-readable recording medium. Thereby, the computer can execute the program recorded on the recording medium.

  [9] A microcomputer functional unit (121) capable of executing the debug target program and a debug functional circuit for obtaining debug information of the debug target program by monitoring the execution state of the debug target program by the debug microcomputer (1221) is included in the semiconductor integrated circuit device. At this time, it is determined whether or not the software component should be concealed based on the concealment setting information about the software component constituting the debug target program executed by the microcomputer function unit, and based on the determination result, A secret control circuit (1222) capable of restricting the operation of the debugging functional circuit when the software component corresponding to the ID information is executed by the microcomputer function unit is provided.

  According to the above configuration, the concealment control circuit determines whether or not the software component should be concealed based on the concealment setting information about the software component that configures the debug target program executed by the microcomputer function unit. Based on the determination result, the operation of the debugging functional circuit when the software component corresponding to the ID information is executed by the microcomputer function unit is limited. In this way, the operation of the debugging function of the emulator 13 is limited for those designated in advance as software components to be concealed. This makes it difficult to perform dynamic program analysis of software to be concealed, making it possible to conceal IP technology from third parties.

  [10] In the above [9], the microcomputer function unit (121) includes an execution software ID setting register (1214) in which ID information of software components constituting the debug target program is set. At this time, the concealment control circuit determines whether or not the software component corresponding to the ID information set in the execution software ID setting register should be concealed, and based on the determination result, the execution software ID setting register The operation of the debugging functional circuit is limited when a program corresponding to the setting information is executed by the microcomputer function unit. As a result, a concealment control circuit having the above functions can be easily realized.

  [11] In the above [10], the concealment control circuit outputs the concealment ID setting register (31-1 to 31-n) in which the ID information of the concealment target software component is set and the output information of the execution software ID setting register. And a comparison circuit (32-1 to 31-n) for determining whether or not the output information of the secret ID setting register matches. At this time, a signal for limiting the operation of the debug function circuit is formed based on the comparison result of the comparison circuit.

  [12] In the above [9], the microcomputer function unit can include a program running mode setting register (PSW) for designating a program to be executed by the microcomputer function unit. At this time, the concealment control circuit determines whether or not the software component corresponding to the setting information of the program travel mode setting register should be concealed, and corresponds to the setting information of the program travel mode setting register based on the determination result. When the software component to be executed is executed by the microcomputer function unit, the operation of the functional circuit for debugging is restricted. As a result, the software component that is a part of the final load module file can be specified to limit the debugging function for the software component. This makes it difficult to perform dynamic program analysis of software to be concealed, making it possible to conceal IP technology from third parties.

  [13] In the above [12], the concealment control circuit includes a concealment mode setting register (161-1-161-n) in which concealment target program travel mode information is set, and output information of the program travel mode setting register, The comparator circuit 162-1 to 162-n that compares the output information of the secret mode setting register can be configured. At this time, a signal for limiting the operation of the debug function circuit is formed based on the comparison result of the comparison. As a result, a concealment control circuit having the above functions can be easily realized.

  [14] In the above [9], the microcomputer function unit includes a space ID setting register (CR) in which space ID information indicating a virtual address space allocated for each execution unit of the debug target program is set. can do. At this time, the concealment control circuit determines whether or not the execution unit of the virtual address space corresponding to the setting information of the space ID setting register should be concealed, and based on the determination result, the setting of the space ID setting register When the execution unit of the virtual address space corresponding to the information is executed by the microcomputer function unit, the operation of the debugging functional circuit is limited. As a result, the software component that is a part of the final load module file can be specified to limit the debugging function for the software component. This makes it difficult to perform dynamic program analysis of software to be concealed, making it possible to conceal IP technology from third parties.

  [15] In the above [14], the concealment control circuit includes a concealment space setting register (191-1 to 191-n) in which concealment target virtual address space information is set, output information of the space ID setting register, Comparing circuits (162-1 to 162-n) for comparing the output information of the secret space setting register can be configured. At this time, a signal for limiting the operation of the debug function circuit is formed based on the comparison result of the comparison circuit. As a result, a concealment control circuit having the above functions can be easily realized.

2. Details of Embodiments Embodiments will be further described in detail.

<Embodiment 1>
FIG. 1 shows a configuration example of a software development apparatus according to the present invention.

  The software development apparatus 10 shown in FIG. 1 includes a host system 11 and an emulator 13, although not particularly limited. The host system 11 is a personal computer, for example, and executes various programs related to software development support. Various programs related to software development support include a tool for developing software in a predetermined language, an operation control program for the emulator 13, and the like. A predetermined program related to software development support is supplied by an optical disc 15 which is an example of a recording medium, and is read and executed by the host system 11. The emulator 13 is coupled to the host system 11 via the USB adapter 12 and is coupled to a socket of a microcomputer in the user system 14 via an interface cable drawn from the emulator main body. The emulator 13 obtains information for debugging the user program (debug information) by executing a user program that is a program to be debugged instead of the microcomputer that is originally mounted on the user system 14. A user program to be debugged is developed in a language such as a C compiler on the host system 11 and converted into object code that operates on a microcomputer mounted on the user system 14. The converted object code (program to be debugged) is transmitted as a user program from the host system 11 to the emulator 13 via the USB adapter 12 (this is referred to as “download”). The debug information obtained by the emulator 13 is transmitted to the host system 11 via the USB adapter 12 for debugging and evaluation.

  FIG. 2 shows a configuration example of the emulator 13.

  As shown in FIG. 2, the emulator 13 includes a debugging microcomputer 21, a debugging function unit 22, and a PC (personal computer) interface 23. The PC interface 23 exchanges various information such as a debug target program and debug information with the host system 11.

  The debugging microcomputer 21 includes a debugging IF (interface) circuit 212, a debugging target program, as a circuit for debugging, in addition to a circuit module equivalent to a chip mounted on the user system 14, such as the CPU 211 and the peripheral module 215. RAM (random access memory) 213 and execution software ID setting register 214 are included. The CPU 211 executes the debug target program. The peripheral module 215 is accessed by the CPU 211. The debug IF circuit 212 exchanges various signals between the debug microcomputer 21 and the debug function unit 22. The debug target program RAM 213 stores the debug target program transmitted from the host system 11. The debug target program in the debug target program RAM 213 is executed by the CPU 211. In the execution software ID setting register 214, ID information of software components constituting the debug target program is set. ID information setting in the execution software ID setting register 214 is performed by the CPU 211 that executes the debug target program.

  The debug function unit 22 includes a debug function circuit 221 and a secret control circuit 222, and is coupled to the debug microcomputer 21 and the PC interface 23. The debug function circuit 221 includes a control microprocessor that executes the debug control program of the emulator 13 and its peripheral circuits, and implements various debug functions.

  The concealment control circuit 222 determines whether the software component corresponding to the ID information set in the execution software ID setting register 214 should be concealed based on information set in advance, and based on the determination result, The operation of the debug function circuit 221 is restricted when the software component corresponding to the ID information is executed by the debug microcomputer 21.

  FIG. 4 shows various debug functions realized by the debug function circuit 221 and examples of function restrictions during concealment by the concealment control circuit 222.

  Various debug functions realized by the debug function circuit 221 are not particularly limited, but as shown in FIG. 4, Go function, STEP function, break function, CPU register reference / change function, memory reference / change Functions, trace functions, performance functions, profile functions, coverage functions, etc. are included.

  The Go function is a function for starting execution of a user program (debug target program). It is also possible to set the PC (host system 11) that starts execution. When the operation of the debug function circuit 221 is restricted by the concealment control circuit 222, execution from the concealed program part is rejected.

  The STEP function is a function for stopping execution of the program every time one line of the debug target program is executed in the C language or assembler level in the debugging microcomputer 21. However, when the operation of the debug function circuit 221 is restricted by the concealment control circuit 222, STEP execution itself in the concealed software component (program part) is rejected.

  The break function is a function for stopping the execution of the user program (the program to be debugged) when a break condition designated in advance matches an actual program execution state. When the operation of the debug function circuit 221 is restricted by the concealment control circuit 222, the break setting in the program part to be concealed is rejected. If there is a break in the secret program part, the debugging microcomputer 21 is reset.

  The CPU register reference / change function is a function of displaying the state of a register in the CPU core in the debugging microcomputer 21 or changing the state of the register. Since the state of the register in the CPU core in the debugging microcomputer 21 is not necessarily kept secret, it is excluded from the debugging function restriction by the secret control circuit 222.

  The reference / change function of the peripheral module register is a function for displaying the register state of the peripheral module 215 in the debugging microcomputer 21 or changing the state of the register. When the operation of the debug function circuit 221 is restricted by the secret control circuit 222, the reference / change of the peripheral module 215 in the debug microcomputer 21 is rejected.

  The memory reference / change function is a function of displaying the contents of the memory in the debugging microcomputer 21 or changing the contents of the memory. When the operation of the debug function circuit 221 is restricted by the concealment control circuit 222, the memory access of the program part to be concealed is rejected.

  The trace function is a function of recording an execution history of a user program (debug target program) and displaying or saving the recorded result as necessary. When the operation of the debug function circuit 221 is restricted by the concealment control circuit 222, the program part to be concealed is not traced by hardware.

  The performance function is a function for measuring the execution time and the number of executions of a user program (program to be debugged) and displaying or saving the measurement result as necessary. Since this performance function does not need to be concealed, it is excluded from the debug function restriction by the concealment control circuit 222.

  The profile function is a function that measures the execution time and the number of executions of the function of the user program (debug target program), and displays or records the measurement result as necessary. Since this profile function does not need to be concealed, it is excluded from the debug function restriction by the concealment control circuit 222.

  The coverage function is a function for determining whether or not a user program (program to be debugged) has been executed in the test process, and displaying or recording it as necessary. When the operation of the debug function circuit 221 is restricted by the concealment control circuit 222, the coverage does not function for the program part to be concealed.

  FIG. 3 shows a configuration example of the concealment control circuit 222.

  As shown in FIG. 3, the concealment control circuit 222 includes a plurality of concealment ID setting registers 31-1 to 31 -n (n is a positive integer), a plurality of comparison circuits 32-1 to 32 -n, and an OR gate 33. Are combined. ID information of software components to be concealed (referred to as “confidential ID information”) is set in the plurality of concealment ID setting registers 31-1 to 31-n. The secret ID information to the secret ID setting registers 31-1 to 31-n is performed by the host system 11. Since the number of secret ID information set in the debug target program is usually different depending on the debug target program, when the secret ID information is set in all of the plurality of secret ID setting registers 31-1 to 31-n. Is not limited. The plurality of comparison circuits 32-1 to 32-n are provided corresponding to the plurality of secret ID setting registers 31-1 to 31-n. The plurality of comparison circuits 32-1 to 32-n respectively output the output information (secret ID information) of the corresponding secret ID setting registers 31-1 to 31-n and the output information (execution software ID) of the execution software ID setting register 214. It is determined whether or not (information) matches. If the ID information matches, it means that the software component to be executed is to be kept secret. From the outputs of the plurality of comparison circuits 32-1 to 32-n, the OR logic is obtained by the OR gate 33 in the subsequent stage. The output signal of the OR gate 33 is transmitted to the debug function circuit 221 as a debug function circuit operation inhibition signal. If any of the comparison circuits 32-1 to 32-n determines that the ID information matches, the debug function circuit operation inhibition signal is asserted to, for example, a logical value “0”. When the debug function circuit operation inhibition signal is asserted to a logical value “0”, the debug function circuit 221 operates in a secret state and its function is limited (see FIG. 4). However, when the debug function circuit operation suppression signal is negated to, for example, the logical value “1”, the debug function circuit 221 operates normally (meaning an operation other than the time of secrecy).

  Next, support for creating a debug target program (user program) will be described.

  The debug target program can be created by starting a tool for developing software in the host system (for example, personal computer) 11.

  FIG. 5 shows a flow of processing when cross software is used as a tool for developing software.

  Here, an OS (Operating System) 501, libraries 502 and 503, and applications 504, 505 and 506 are created in a predetermined language as source files, and the OS 501 and the library 502 should be kept secret. Object files 511, 512, 513, 514, 515, and 516 are formed by compiling or assembling the OS 501, the libraries 502 and 503, and the applications 504, 505, and 506, respectively. At this time, the OS 501 and the library 502 to be concealed are encrypted at the time of compiling or assembling to be an encrypted object file (encrypted file). Further, unique ID information is set in the OS 501, the libraries 502 and 503, and the applications 504, 505, and 506 at the time of compiling or assembling. Here, for convenience of explanation, ID = 1 to 6 are set in the object files 511 to 516. The object files 511 to 516 are linked after the ID information is set. By this link processing, a load module file 521 that can be executed by the microcomputer is formed. When an encrypted file is included in the plurality of object files 511 to 516 (511 and 512 are encrypted files in this example), the load module file 521 is also regarded as an encrypted file.

  FIG. 6 shows the flow of the compiling or assembling process.

  First, a corresponding source file and necessary options are read (601). Then, a code for writing ID information in the execution software ID setting register 214 is added to the head of the program (602). Thereafter, normal compilation or assembly processing is performed (603). That is, an object file is formed by converting source code into object code. Then, it is determined whether or not the obtained object file is a secret target (604). In this determination, if it is determined that the object is to be concealed (Yes), the object file is encrypted (605). That is, an encryption file is formed by setting an object file to be encrypted and a predetermined encryption key and executing a predetermined encryption operation. In this example, since the OS 501 and the library 502 are confidential objects, only the object files 511 and 512 corresponding to the OS 501 and the library 502 are encrypted files. Then, a flag indicating whether or not the file is a secret target is added to the head of the encrypted file (606). It should be noted that in the determination in step 604, the object file that is determined not to be concealed (No) is not subjected to encryption processing, and a flag indicating whether or not the file is concealed at the head of the file. Added. Although not particularly limited, the flag is set to a logical value “1” if the file is a secret target, and the flag is set to a logical value “0” if the file is not a secret target. Then, the object file to which such a flag is added is output for link processing (607).

  FIG. 7 shows the flow of the link process.

  First, the object files 511 to 516 are sequentially read (701), and normal program link processing is performed (702). That is, the object file is analyzed, and necessary files such as other object files and libraries that are referred to are combined to create an executable file (load module file). Next, it is determined whether or not the created load module file contains a secret object (703). This determination is made possible by determining the flag added in step 606 (see FIG. 6). In this determination, if it is determined that the confidential target is included (Yes), the entire load module file is subjected to encryption processing again (704). Then, a flag indicating whether the file is a secret target is added to the head of the load module file (705). This flag addition is performed in the same manner as in step 606 above. That is, if the file is a secret target, the flag is set to a logical value “1”. If the file is not a secret target, the flag is set to a logical value “0”. Then, a load module file to which such a flag is added is output (706). The load module file obtained by the link process is downloaded to the emulator 13 as a debug target program.

  FIG. 8 shows a flow of setting secret ID information in the secret ID setting registers 31-1 to 31-n.

  The load module file output in step 706 (see FIG. 7) is read by higher-level software running on the host system 11 and a logical determination of a flag indicating whether or not it is a confidential target is performed, thereby ID information of software components to be detected and the number n of them are detected (801). Thereafter, the ID information of the software component to be concealed is transmitted to the firmware (debug control program) operating on the control CPU in the debug function unit 22 in the emulator 13 by the upper software operating on the host system 11. A command for writing to any one of the secret ID setting registers 31-1 to 31-n is issued (802). Then, based on the command, it is determined whether or not the writing of the ID information to the secret ID setting register is completed (803), and the writing of the ID information to the secret ID setting register is completed (Yes). If it is determined, it is determined whether or not writing of ID information of all software components detected in step 801 has been completed (804). If it is determined in this determination that writing of ID information of all software components has not been completed (No), the process returns to step 802 to issue a command for writing the next ID information. Is called. In this way, the ID information of all software components detected in step 801 is written in the secret ID setting registers 31-1 to 31-n.

  Next, download of the debug target program from the host system 11 to the emulator 13 will be described.

  FIG. 9 shows a data flow in downloading the debug target program.

  The encrypted file is read by the upper software operating on the host system 11 (91). When the system is started, the load module to be loaded is determined by the option selection of the debug target and the user. The load module storage folder in the host system 11 is searched, and if the target file exists, the encrypted file is opened and read into an appropriate buffer in binary format.

  Next, the encrypted file (encrypted debug target program) is transferred to the firmware operating on the control CPU 223 in the debug function unit 22 via the USB driver 112 (92). In the emulator 13, the firewall of the debugging microcomputer 21 is temporarily released, and the encrypted data can be captured. The encrypted data is divided into units of a specific length in the host system 11 and then sequentially sent to the emulator 13.

  Next, data is transferred from the firmware operating on the control CPU 223 to the firmware operating on the debugging microcomputer 21 (93). At this time, the encrypted data is transferred after being divided into shorter units, and stored in the debug target program RAM 213. The firmware operating on the control CPU 223 confirms the completion of processing of the firmware operating on the debugging microcomputer 21 and then transfers the next data.

  The firmware operating on the control CPU 223 notifies the host system of completion after the transfer of the encrypted file from the host system 11 is completed, and enables the firewall of the debugging microcomputer 21.

  The encrypted data stored in the debug target program RAM 213 is transmitted to the encryption / decryption module 217 in the debugging microcomputer 21 and decrypted (94).

  The firmware operating on the debugging microcomputer 21 causes the encryption / decryption module 217 to set the encrypted data and the encryption key and execute the decryption operation. The decrypted data obtained by this decryption operation is stored in the download dedicated area 218 on the debugging microcomputer 21. The download dedicated area 218 can be formed in the debug target program RAM 213. The decrypted data stored in the download exclusive area 218 in this way is executed by the debugging microcomputer 21 as a debug target program.

  Next, generation of encrypted data by the encryption / decryption module 217 will be described.

  FIG. 10 shows a data flow in uploading the debug target program.

  The firewall of the debugging microcomputer 21 is temporarily released.

  The firmware on the debugging microcomputer 21 encrypts data by reading the data from the download-only area 21 and causing the encryption / decryption module 217 to set the raw data to be encrypted and the encryption key to execute the encryption operation. Data is obtained (101).

  The encrypted data is transferred to firmware that operates on the control CPU 223. That is, the firmware operating on the debugging microcomputer 21 stores the encrypted data in the debug target program RAM 213 in small data length units. The firmware operating on the control CPU 33 repeatedly acquires the encrypted data from the debug target program RAM 213 (102). The encrypted data obtained in this way is transferred to the upper software operating on the host system 11 (103). That is, the firmware operating on the control CPU 33 collects the encrypted data into a specific unit length and transfers it to the upper software operating on the host system 11 (103). The transferred encrypted file is saved. The encrypted data acquired from the firmware operating on the control CPU 33 is combined with an appropriate buffer up to a specified size. At this point, the firewall of the debugging microcomputer 21 is enabled. A file can be created at the designated location and the encrypted data can be written out (104).

  According to the first embodiment, the following operational effects can be obtained.

  (1) A concealment control circuit 222 is provided, and the operation of the debugging function of the emulator 13 is limited for those designated in advance as software components to be concealed by the concealment control function of the concealment control circuit 222. This makes it difficult to perform dynamic program analysis of software to be concealed, making it possible to conceal IP technology from third parties.

  (2) Since the encryption / decryption module 217 is provided in the debugging microcomputer 21 and the encryption process and the decryption process are performed there, no decrypted instruction code exists outside the debugging microcomputer 21. As a result, the code of the program to be debugged cannot be acquired outside the debugging microcomputer 217, so that static code analysis of software to be concealed becomes difficult.

<Embodiment 2>
In recent years, a microcomputer chip with a built-in debugging function and a method of connecting via a JTAG (Joint European Test Action Group) standard terminal, which is a standard method of a boundary scan test, which is one of IC chip inspection methods, have been turned on. Chip emulators are becoming widely used. Even in an emulator having such a configuration (referred to as an “on-chip emulator”), as in the case of the first embodiment, it is difficult to perform static code analysis and dynamic program analysis of software to be concealed. be able to.

  FIG. 11 shows a system configuration example of an on-chip emulator including a microcomputer chip as an example of a semiconductor integrated circuit device according to the present invention.

  The on-chip emulator shown in FIG. 11 is greatly different from the software development apparatus 10 shown in FIG. 1 in that many debugging functions are built in a microcomputer chip mounted on the user system 114. is there. The host system 111 has the same function as the host system 11 shown in FIG. 1 and is connected to the emulator 115 via a communication interface such as USB and controls the operation of the emulator 115. The emulator 115 is connected to the microcomputer chip on the user system 114 via a JTAG standard terminal or the like, and controls the operation of the microcomputer chip. A predetermined program related to software development support is supplied by an optical disc 116 as an example of a recording medium, and is read by the host system 11 and executed. A program that operates on the microcomputer chip is developed in a language such as a C compiler on the host system 111 as in the case of the first embodiment, and is converted into an object code that operates on the microcomputer chip. The converted object code is downloaded to the microcomputer chip via the emulator 115 and executed by the control program controlled by the emulator on the host system 111. The emulator control program on the emulator 115 and the host system 111 has a function of debugging and evaluating the microcomputer chip and the operation of the object code downloaded on the microcomputer chip.

  FIG. 12 shows a configuration example of a microcomputer chip on the user system 114.

  As shown in FIG. 12, the microcomputer chip 113 on the user system 114 includes a microcomputer function unit 121, a debug function unit 122, and a debug interface (IF) circuit 123. For example, one semiconductor substrate such as a silicon substrate. Formed. The debug interface circuit 123 is coupled to the emulator 115 via a JTAG standard terminal for exchanging debug information.

  The microcomputer chip 113 includes a CPU 1211 and peripheral modules 1215, a debug target program RAM (random access memory) 1213, and an execution software ID setting register 1214 as circuits for debugging. The microcomputer chip 113 is coupled to the emulator 115 via a JTAG standard terminal so that a debug target program can be downloaded and various control information can be exchanged.

  The CPU 1211 executes the debug target program. The peripheral module 1215 is accessed by the CPU 1211. The debug target program RAM 1213 stores the debug target program transmitted from the host system 111 via the emulator 115. The debug target program in the debug target program RAM 1213 is executed by the CPU 1211. In the execution software ID setting register 1214, ID information of software components constituting the debug target program is set. The ID information setting in the execution software ID setting register 1214 is performed by the CPU 1211 that executes the debug target program, as in the first embodiment.

  The debug function unit 22 includes a debug firmware memory 1224, a debug function circuit 1221 and a secret control circuit 222, and is coupled to the microcomputer chip 113 and the debug interface 123. The debug firmware memory 1224 stores debug firmware. This debugging firmware is executed by the microcomputer chip 113. The debug function circuit 1221 includes various debug functions realized by executing debug firmware. These various debugging functions are the same as those shown in FIG.

  The concealment control circuit 1222 determines whether or not the software component corresponding to the ID information set in the execution software ID setting register 1214 should be concealed based on information set in advance, and based on the determination result, The operation of the debug function circuit 1221 is restricted when the software component corresponding to the ID information is executed by the microcomputer chip 121. The concealment control circuit 1222 can adopt the configuration shown in FIG. 3 as in the case of the first embodiment.

  Also in the on-chip emulator system configured as described above, the same effect as that of the software development apparatus 10 can be obtained by the concealment control by the concealment control circuit 1222.

<Embodiment 3>
The on-chip emulator system according to the third embodiment also basically includes a host system 11, an emulator 115, and a user system 114 as shown in FIG. However, in the third embodiment, the supervisor mode is used for the confidentiality control by the confidentiality control circuit.

  Conventionally, there is a concept of supervisor mode as a microcomputer architecture. For example, as shown in FIG. 14, a memory space 141 managed by the microcomputer chip 121 is allocated to an OS (Operating System) and a user program. An SV (SuperViser / privileged mode) bit is provided in a (Program Status Word) register or the like. By executing a software interrupt (trap) instruction in the user program, the SV bit is set to a logical value “1”, and a transition is made to a privileged mode in which the OS is executed.

  As shown in FIG. 13, for example, as shown in FIG. 13, the supervisor mode is expanded for software components that are a part of the final load module file, that is, the OS, peripheral module driver, middleware, and user program. Assign a combination of 2-bit logic. That is, the OS is assigned to “00”, the peripheral module driver is assigned to “01”, the middleware is assigned to “10”, and the user program is assigned to “11”. A dedicated transition instruction is prepared for transition between the modes. That is, the transition between the modes becomes possible by executing the corresponding “trap instruction”. The emulator functions can be restricted by extracting SV1,0 as a signal to the outside of the microcomputer chip 121 and designating the software level to be kept secret to the emulator. For example, in the example shown in FIG. 13, software level 2 or lower is kept secret. That is, the OS, the peripheral module driver, and the middleware are “confidential”, and the user program is “not confidential”.

  FIG. 15 shows an example of the configuration of a microcomputer chip when the supervisor mode is expanded as described above.

  The microcomputer chip shown in FIG. 15 is greatly different from that shown in FIG. 12 in that SV1, 0 bits are provided in the PSW (Program Status Word) register in the CPU 1211. Based on this, the concealment control in the concealment control circuit 1222 is performed. Here, the PSW register is an example of the “program running mode setting register” in the present invention.

  FIG. 16 shows a configuration example of the concealment control circuit 1222 shown in FIG.

  The concealment control circuit 1222 shown in FIG. 16 is greatly different from that shown in FIG. 3 in place of the concealment ID setting registers 31-1 to 31-n, and the concealment mode setting registers 161-1 to 161-n. Is a point provided. In the concealment mode setting registers 161-1 to 161-n, concealment target program travel mode information transmitted from the host system 111 via the emulator 115 is set. In the example shown in FIG. 13, SV1, 0 bits for the OS, peripheral module driver software, and middleware are set in the confidential mode setting registers 161-1 to 161-n as the confidential target program running mode information. Then, the comparison results in the comparison circuits 162-1 to 162-n are output as a debug function circuit operation inhibition signal via the subsequent OR gate 163.

  Also in the on-chip emulator system configured as described above, the same effect as that of the software development apparatus 10 can be obtained by the concealment control by the concealment control circuit 1222.

<Embodiment 4>
Conventionally, as a microcomputer architecture, there is a concept of an address translation / memory protection mechanism using an MMU (Memory Management Unit). For example, as shown in FIG. 17, a user program that normally operates on an OS (Operating System) is divided into execution units such as tasks / processes. The OS uses the MMU so that the tasks do not affect each other in the memory space 171, and allocates a virtual address space 172 for each task. The MMU has a function of converting the address from the virtual address space 172 to the address of the real memory space 171. At this time, each virtual address space 172 is distinguished by a space ID (SID in CR register = 0-15) provided in the CPU 1211. By using this MMU space ID information and specifying a task to be concealed to the OS, the emulator compares the SID signal extracted from the microcomputer chip with the space ID information of the task to be concealed, Emulator function restriction can be implemented based on the comparison result.

  FIG. 18 shows a configuration example of the microcomputer chip when the MMU is used as described above and the virtual address space 172 is allocated for each task. As described above, the user program operating on the OS is divided into execution units such as tasks / processes, and this execution unit can be regarded as a software component of the debug target program.

  The microcomputer chip shown in FIG. 18 is greatly different from that shown in FIG. 12 in that a CR register inside the CPU 1211 is provided and is based on the SID3-0 signal corresponding to the SID bits 3-0 of the CR register. Thus, the secrecy control in the secrecy control circuit 1222 is performed. Here, the CR register is an example of the “space ID setting register” in the present invention.

  FIG. 19 shows a configuration example of the concealment control circuit 1222 shown in FIG.

  The concealment control circuit 1222 shown in FIG. 19 is greatly different from that shown in FIG. 3 in place of the concealment ID setting registers 31-1 to 31-n and the concealment space setting registers 191-1 to 191-n. Is a point provided. The concealment target virtual address space information transmitted from the host system 111 via the emulator 115 is set in the concealment mode setting registers 191-1 to 191-n. Then, the comparison results in the comparison circuits 162-1 to 162-n are output as a debug function circuit operation inhibition signal via the subsequent OR gate 163.

  Also in the on-chip emulator system configured as described above, the same effect as that of the software development apparatus 10 can be obtained by the concealment control by the concealment control circuit 1222.

  Although the invention made by the present inventor has been specifically described based on the embodiments, it is needless to say that the present invention is not limited thereto and can be variously modified without departing from the gist thereof.

  For example, the encryption / decryption module 217 and the download exclusive area 21 can be provided in the microcomputer chip 113.

DESCRIPTION OF SYMBOLS 10 Software development apparatus 11 Host system 12 USB adapter 13 Emulator 14 User system 15 Optical disk 21 Debugging microcomputer 22 Debugging function part 23 PC interface 31-1 to 31-n Secret ID setting register 32-1 to 32-n Comparison circuit 33 OR gate 111 Host system 112 USB driver 114 User system 115 Emulator 116 Optical disk 161-1 to 161-n Secret mode setting register 162-1 to 162-n Comparison circuit 163 OR gate 191-1 to 191-n Secret space setting register 211 CPU
212 IF circuit for debugging 213 RAM for debug target program
214 Execution software ID setting register 215 Peripheral module 217 Encryption / decryption module 218 Download-only area 221 Functional circuit for debugging 222 Secret control circuit 1211 CPU
1213 RAM for debug target program
1214 Execution software ID setting register 1215 Peripheral module 1221 Function circuit for debugging 1224 Firmware memory for debugging 1222 Secret control circuit

Claims (15)

A host system;
An emulator coupled to the host system for debugging a program to be debugged transmitted from the host system,
The emulator includes a debugging microcomputer capable of executing the debug target program;
A debugging function circuit that obtains debug information of the debug target program by monitoring the execution state of the debug target program by the debug microcomputer, and a software development device comprising:
It is determined whether or not the software component should be concealed based on the concealment setting information about the software component constituting the debug target program executed by the debugging microcomputer, and based on the determination result, the software component is A software development apparatus comprising a secret control circuit capable of restricting the operation of the debugging functional circuit when executed by the debugging microcomputer. The debugging microcomputer includes an execution software ID setting register in which ID information of software components constituting the debug target program is set.
The concealment control circuit includes a concealment ID setting register in which ID information of a concealment target software component is set,
A comparator circuit for determining whether or not the output information of the execution software ID setting register matches the output information of the secret ID setting register, and the debugging functional circuit based on a comparison result of the comparison circuit 2. The software development apparatus according to claim 1, wherein a signal for limiting the operation of the software is formed. The host system compiles or assembles a source file, thereby creating an object file generating function for forming an object file;
2. A load module file generation function for forming a load module file based on an object file formed by the object file generation function, wherein the load module file is sent to the emulator as the debug target program. Software development equipment. The object file generation function includes a first function that reads a source file and adds a code for writing ID information to the execution software ID setting register to the source file;
A second function for forming an object file by compiling or assembling the source file to which the code is added by the first function;
A third function for determining whether the object file obtained by the second function is a target to be concealed;
A fourth function for performing encryption processing on the object file to be concealed based on the determination result by the third function;
A fifth function for setting a flag indicating whether or not the file is a concealment target based on the determination result by the third function,
The load module file generation function includes a sixth function that forms a load module file based on the object file generated by the object file generation function;
A seventh function for determining whether or not the load module file formed by the sixth function includes a target to be concealed;
An eighth function that performs encryption processing on the load module file that is determined to contain a confidential object by the seventh function;
The software development apparatus according to claim 3, further comprising: a ninth function that adds, to the load module file, a flag indicating whether or not the file is a secret object based on the determination result of the seventh function. The debugging microcomputer includes a decryption processing function for taking in and decrypting the load module file encrypted by the host system;
The software development apparatus according to claim 4, further comprising: a dedicated area for storing a file decrypted by the decryption function, wherein the file stored in the dedicated area is executed as the debug target.     6. The software development apparatus according to claim 5, wherein the debugging microcomputer further includes an encryption processing function for encrypting the load module file before sending the load module file in the dedicated area to the host system. A first function for reading a source file and adding a code for writing ID information to the execution software ID setting register to the source file;
A second function for forming an object file by compiling or assembling the source file to which the code is added by the first function;
A third function for determining whether the object file obtained by the second function is a target to be concealed;
A fourth function for performing encryption processing on the object file to be concealed based on the determination result by the third function;
A fifth function for setting, in the object file, a flag indicating whether or not the file is a target to be concealed based on the determination result by the third function;
A sixth function for forming a load module file based on the object file;
A seventh function for determining whether or not the load module file formed by the sixth function includes a target to be concealed;
An eighth function that performs encryption processing on the load module file that is determined to contain a confidential object by the seventh function;
A program for causing a computer to realize a ninth function for adding a flag indicating whether or not the file is a secret object to the load module file based on the determination result of the seventh function.   A computer-readable recording medium on which the program according to claim 7 is recorded. A microcomputer function unit capable of executing a program to be debugged;
A debug functional circuit that obtains debug information of the debug target program by monitoring an execution state of the debug target program by the debug microcomputer, and a semiconductor integrated circuit device comprising:
It is determined whether or not the software component should be concealed based on concealment setting information about the software component constituting the debug target program executed by the microcomputer function unit, and based on the determination result, the ID information is included in the ID information. A semiconductor integrated circuit device comprising: a secret control circuit capable of restricting the operation of the debugging functional circuit when a corresponding software component is executed by the microcomputer function unit. The microcomputer function unit includes an execution software ID setting register in which ID information of software components constituting the debug target program is set.
The concealment control circuit determines whether or not the software component corresponding to the ID information set in the execution software ID setting register should be concealed, and based on the determination result, sets the setting information of the execution software ID setting register. 10. The semiconductor integrated circuit device according to claim 9, wherein the operation of the functional circuit for debugging is restricted when a corresponding program is executed by the microcomputer function unit. The concealment control circuit includes a concealment ID setting register in which ID information of a concealment target software component is set,
A comparator circuit for determining whether or not the output information of the execution software ID setting register matches the output information of the secret ID setting register, and the debugging functional circuit based on a comparison result of the comparison circuit 11. The semiconductor integrated circuit device according to claim 10, wherein a signal for limiting the operation of the semiconductor integrated circuit device is formed. The microcomputer function unit includes a program running mode setting register for designating a program to be executed by the microcomputer function unit,
The concealment control circuit determines whether or not the software component corresponding to the setting information of the program travel mode setting register should be concealed, and based on the determination result, the software corresponding to the setting information of the program travel mode setting register 10. The semiconductor integrated circuit device according to claim 9, wherein operation of the debugging functional circuit is restricted when a component is executed by the microcomputer function unit. The concealment control circuit includes a concealment mode setting register in which concealment target program running mode information is set,
A comparator circuit for comparing the output information of the program running mode setting register and the output information of the secret mode setting register, and for limiting the operation of the debugging functional circuit based on the comparison result of the comparison 13. The semiconductor integrated circuit device according to claim 12, which forms a signal. The microcomputer function unit includes a space ID setting register in which space ID information indicating a virtual address space allocated for each execution unit of the debug target program is set.
The concealment control circuit determines whether or not the execution unit of the virtual address space corresponding to the setting information of the space ID setting register should be concealed, and corresponds to the setting information of the space ID setting register based on the determination result 10. The semiconductor integrated circuit device according to claim 9, wherein operation of the debugging functional circuit is restricted when an execution unit of the virtual address space to be executed is executed by the microcomputer function unit. The concealment control circuit includes a concealment space setting register in which concealment target virtual address space information is set, and
A comparison circuit for comparing the output information of the space ID setting register and the output information of the secret space setting register, and for limiting the operation of the debugging functional circuit based on the comparison result of the comparison circuit 15. The semiconductor integrated circuit device according to claim 14, which forms a signal.

Images