JP5939074B2 - Code processing method, information processing apparatus, and program - Google Patents

Description

  The present invention relates to a code processing method, an information processing apparatus, and a program.

  Currently, when designing an electronic circuit such as an integrated circuit (IC), a high-level language (programming language) such as a C language or a C ++ language that is easy for humans to understand may be used. For example, as high-level synthesis (or behavioral synthesis), an RTL (Register Transfer Level) model described in a hardware description language (HDL) is generated from source code that is a behavioral description described in a high-level language. . As logic synthesis, circuit data such as a net list is generated from the generated RTL model.

  Using high-level synthesis, an electronic circuit can be created using source code created to implement data processing in software, or source code created by a software engineer who does not have hardware expertise. Can be manufactured. However, if circuit data is automatically generated as it is from source code created without being aware of hardware, an inefficient electronic circuit may be manufactured in terms of operation speed and circuit scale. In this case, the operation speed and circuit scale can be improved by modifying the source code in consideration of high-level synthesis. When a user requests a hardware vendor to manufacture an electronic circuit, it is conceivable to pass a source code so that the hardware vendor can perform optimization work.

  A security method that assigns a different encoding rule to each computer system and encodes the program according to the encoding rule corresponding to the computer system to be executed, so that the other computer system cannot execute the program. Has been proposed. Also, a program providing method has been proposed in which source code is encrypted and provided to the user, and the source code is decrypted by a compiler owned by the user and then compiled to generate an executable file. Further, a program conversion method has been proposed in which instructions included in a source program stored in a ROM (Read Only Memory) are converted according to a conversion table, and a CPU (Central Processing Unit) assembles and executes the converted source program. Yes.

JP-A-61-190630 Japanese Patent Laid-Open No. 2-73428 JP 2002-73190 A

  As described above, when a hardware vendor is requested to manufacture an electronic circuit, a code describing the operation of the electronic circuit may be passed to the hardware vendor. However, the data processing procedure described in the code may be secret information that should be protected as know-how for the user who created the code. For example, even when a hardware vendor manufactures an electronic circuit for image processing, there may be a case where it is desired to keep the image processing algorithm secret as know-how. In that case, if the code is directly passed to the hardware vendor, there is a problem that the secret information represented as the code may be leaked.

  One technique for suppressing leakage of secret information is obfuscation of codes. In code obfuscation, for example, a variable name described in the code is converted into another variable name (such as a random symbol string) that makes it difficult to guess the meaning of the variable. Further, for example, the function name described in the code is converted into another function name (such as a random symbol string) that makes it difficult to guess the meaning of the function.

  However, even if the code is obfuscated, the relationship between the data and what operation is performed on which data is still expressed in the code. Therefore, when the data processing procedure is confidential information, there is a risk that the confidential information is leaked by analyzing the obfuscated code. For example, even if the variable name is simply converted, the definition of the variable and the reference of the variable are associated in the obfuscated code, so the code that indicates what operation the data stored in the variable is used for Will be read from.

  In one aspect, an object of the present invention is to provide a code processing method, an information processing apparatus, and a program that can reduce the risk of leakage of secret information represented as a code.

  In one aspect, a computer-implemented code processing method is provided. In this code processing method, an operand that is an operation operand and refers to any of the plurality of variables is detected from within the first code in which the plurality of variables are defined. A second code converted from the first code, wherein the variable name of the detected operand is replaced with an identifier that is not used as any variable name of the plurality of variables in the second code. 2 is generated, and correspondence information indicating which of the plurality of variables corresponds to the identifier is generated.

  In one aspect, a code processing method executed by a computer is provided. In this code processing method, a function call statement that calls one of the plurality of functions is detected from within the first code in which the plurality of functions are defined. A second code converted from the first code, wherein the function name of the detected function call statement is replaced with an identifier that is not used as any function name of a plurality of functions in the second code The second code is generated, and correspondence information indicating which of the plurality of functions corresponds to the identifier is generated.

In one aspect, an information processing apparatus including a storage unit and a generation unit is provided.
In one aspect, a program for causing a computer to execute processing is provided.

  In one aspect, the risk of leaking confidential information expressed as a code can be reduced.

It is a figure which shows the information processing apparatus of 1st Embodiment. It is a figure which shows the information processing system of 2nd Embodiment. It is a block diagram which shows the hardware example of a terminal device. It is a figure which shows the example of a source code. It is a block diagram which shows the 1st example of an electronic circuit. It is a figure which shows the example of the converted source code. It is a figure which shows the example of an arrangement | sequence table. It is a figure which shows the example of a group table. It is a block diagram which shows the function example of a terminal device. It is a flowchart which shows the example of a procedure of hardware component manufacture. It is a flowchart which shows the example of a procedure of source code concealment. It is a block diagram which shows the 2nd example of an electronic circuit. It is a block diagram which shows the 3rd example of an electronic circuit. It is a block diagram which shows the 4th example of an electronic circuit.

Hereinafter, the present embodiment will be described with reference to the drawings.
[First Embodiment]
FIG. 1 is a diagram illustrating the information processing apparatus according to the first embodiment. The information processing apparatus 10 according to the first embodiment converts a code (for example, a source code written in a high-level language). The information processing apparatus 10 may be a client computer as a terminal device operated by a user or a server computer accessed from the terminal device.

  The information processing apparatus 10 includes a storage unit 11 and a generation unit 12. The storage unit 11 may be a volatile memory such as a RAM (Random Access Memory) or a non-volatile storage device such as an HDD (Hard Disk Drive) or a flash memory. The generation unit 12 is, for example, a processor. The “processor” may be a CPU, a DSP (Digital Signal Processor), an electronic circuit such as an ASIC (Application Specific Integrated Circuit) or an FPGA (Field Programmable Gate Array), or a set of a plurality of processors. The processor executes, for example, a program stored in a memory (or the storage unit 11).

  The storage unit 11 stores the first codes 21 and 21a. The first codes 21 and 21a are source codes created by a user in a high-level language such as C language or C ++ language, for example. The first code 21 defines a plurality of variables, and describes an operand that is an operation operand and refers to any one of the plurality of variables. The operations can include four arithmetic operations, logical operations, comparison operations, and the like. The operand may be an argument passed to the function. A plurality of functions are defined in the first code 21a, and a function call statement that calls any one of the plurality of functions is described. The function may be called a subroutine or a method.

  The generation unit 12 converts the first code 21 into the second code 22. At this time, the generation unit 12 detects the operand of the operation from the first code 21 and uses the variable name described in the detected operand as the variable name of any variable in the second code 22. Replace with an unidentified identifier. For example, when variable names x and y are used to define two variables in the second code 22, the variable name of the operand is replaced with an identifier A [0] different from any variable name. As a result, in the second code 22, the correspondence between the defined variable and the operation is unknown. The variable name for defining each variable in the second code 22 may be the same as or different from the first code 21. Further, the generation unit 12 generates correspondence information 23 indicating which of the plurality of variables the identifier corresponds to. For example, the correspondence information 23 indicates that the identifier A [0] is obtained by replacing the variable name x.

  Further, the generation unit 12 converts the first code 21a to the second code 22a. At this time, the generation unit 12 detects the function call statement from the first code 21a, and uses the function name described in the detected function call statement as the function name of any function in the second code 22a. Is also replaced with an unused identifier. For example, when function names f and g are used to define two functions in the second code 22a, the function name in the function call statement is replaced with an identifier A [1] different from any function name. The Thereby, in the second code 22a, the correspondence between the defined function and the function call becomes unknown. The function name for defining each function in the second code 22a may be the same as or different from the first code 21a. Further, the generation unit 12 generates correspondence information 23a indicating which of the plurality of functions the identifier corresponds to. For example, the correspondence information 23a indicates that the identifier A [1] is obtained by replacing the function name f.

  The generated second code 22 is provided to, for example, a hardware vendor that manufactures an electronic circuit. As a result, an electronic circuit for realizing the data processing indicated by the second code 22 is manufactured. However, in the second code 22, for at least one operation, the relationship between the data and the operation of which variable data is referenced is unknown. For this reason, the manufactured electronic circuit includes, for example, a selection circuit that can select one of a plurality of signals corresponding to a plurality of variables and input the selected signal to the arithmetic circuit. For example, the generated correspondence information 23 is stored as secret information without being provided to a hardware vendor. When the electronic circuit is manufactured from the second code 22, for example, control data corresponding to the correspondence information 23 is written in the memory of the electronic circuit. This control data is for controlling the selection circuit, for example.

  Similar to the second code 22, the generated second code 22a is provided to, for example, a hardware vendor that manufactures an electronic circuit. Further, the generated correspondence information 23a is stored as secret information without being provided to a hardware vendor, for example.

  In the above description, the generation unit 12 has both functions of variable name replacement and function name replacement. However, only one of the functions may be provided. The generation unit 12 may perform both variable name substitution and function name substitution for one first code. In this case, the generated correspondence information may indicate both of which variable the identifier replaced with the variable name corresponds to, and which function the identifier replaced with the function name corresponds to.

  Here, when the information processing apparatus 10 obfuscates the first code 21, the variable name used in the definition of the variable still matches the variable name used in the reference of the variable in the obfuscated code. ing. Similarly, when the information processing apparatus 10 obfuscates the first code 21a, the function name used in the function definition still matches the function name used in the function call in the obfuscated code. . For this reason, only by performing obfuscation, the relationship between data and what operation is performed on which data is read from the code.

  On the other hand, according to the information processing apparatus 10 of the first embodiment, the first codes 21 and 21a are converted into the second codes 22 and 22a, and separately from the second codes 22 and 22a. Correspondence information 23, 23a is generated. Since the second code 22, 22a expresses a control structure such as loop / branch and calculation contents, an electronic circuit can be manufactured from the second code 22, 22a. On the other hand, even if the second codes 22 and 22a are provided to the hardware vendor, the secret information included in the first codes 21 and 21a is stored in the hardware vendor by storing the correspondence information 23 and 23a as secret information. Risk of leakage can be reduced.

[Second Embodiment]
FIG. 2 illustrates an information processing system according to the second embodiment. The information processing system according to the second embodiment includes a network 31, a database server 32, a ROM writer 33, terminal devices 34 and 100, and a manufacturing device 35.

  The database server 32, the ROM writer 33, and the terminal device 100 are installed in the user company. The terminal device 34 and the manufacturing device 35 are installed in a hardware vendor. The hardware vendor manufactures the hardware component 200 in response to a request from the user company. The user company uses a hardware component 200 manufactured by a hardware vendor. For example, the user company connects another hardware component such as a processor to the hardware component 200 and uses it in the company. Alternatively, the user company manufactures and ships an electronic device (for example, a printer) in which the hardware component 200 is incorporated. However, the user company may request a hardware vendor to manufacture a finished product instead of a part.

  The terminal device 100 is a client computer operated by a user. The terminal device 100 edits the source code indicating the operation of the electronic circuit mounted on the hardware component 200. The source code is described in a high-level language such as C language or C ++ language. This source code does not have to be created in consideration of the electronic circuit, and may be used for realizing data processing by software. The terminal device 100 generates, from the original source code, external information (including source code converted from the original source code) to be provided to the hardware vendor and secret information that is secretly managed without being provided to the hardware vendor. To do. The generation of the external information and the secret information may be executed not by the terminal device 100 but by a server computer accessed from the terminal device 100 via the in-house network.

  The network 31 is a wide area network that connects an internal network (for example, a LAN (Local Area Network)) of a user company and an internal network of a hardware vendor. Information (external information) for manufacturing the hardware component 200 is transmitted from the user company to the hardware vendor via the network 31. However, the external information may be transferred using a medium other than the network 31 such as a portable recording medium.

  The database server 32 is a server computer that stores data in a nonvolatile storage medium such as an HDD. The database server 32 receives confidential information from the terminal device 100 via the in-house network of the user company, and stores the confidential information so as not to leak out of the user company. Further, the database server 32 transmits the stored secret information to the terminal device 100 in response to the access from the terminal device 100. However, the secret information may be stored in the terminal device 100 instead of the database server 32.

  The ROM writer 33 is an electronic device that is connected to the terminal device 100 and writes data to a nonvolatile memory. The ROM writer 33 writes control data corresponding to the secret information in a memory included in the hardware component 200 in order to make the hardware component 200 received from the hardware vendor usable. However, when the memory included in the hardware component 200 is a volatile memory such as a RAM, the ROM writer 33 is not used, and the processor connected to the hardware component 200 may write the control data at startup. In that case, for example, the control data is stored in an electronic device on which the hardware component 200 is mounted. The ROM writer 33 may be connected to a device different from the terminal device 100.

  The terminal device 34 is a client computer operated by a hardware vendor user. The terminal device 34 generates circuit data for mounting design based on the external information received from the user company. At this time, the user of the terminal device 34 edits and optimizes the source code included in the external information. By optimizing the source code that has not been created in consideration of the electronic circuit, the operation speed and circuit scale of the manufactured electronic circuit are improved. The terminal device 34 generates circuit data from the optimized source code using a high-level synthesis tool or a logic synthesis tool. The generation of circuit data may be executed not by the terminal device 34 but by a server computer accessed from the terminal device 34 via an in-house network.

  The manufacturing device 35 manufactures the hardware component 200 based on the circuit data generated by the terminal device 34. The hardware component 200 is, for example, an electronic circuit such as an integrated circuit mounted on a printed board. The electronic circuit is manufactured, for example, as an ASIC or FPGA. The electronic circuit includes a memory in which a user company can write control data after manufacture. The memory may be a nonvolatile memory such as an EPROM (Erasable Programmable Read Only Memory) or a volatile memory such as a RAM.

  FIG. 3 is a block diagram illustrating a hardware example of the terminal device. The terminal device 100 includes a CPU 101, a RAM 102, an HDD 103, an image signal processing unit 104, an input signal processing unit 105, a disk drive 106, a communication interface 107, and an interface 108. The unit is connected to the bus 109 in the terminal device 100. The database server 32 and the terminal device 34 can also be realized by the same hardware as the terminal device 100.

  The CPU 101 is a processor including an arithmetic unit that executes program instructions. The CPU 101 loads at least a part of the program and data stored in the HDD 103 into the RAM 102 and executes the program. Note that the CPU 101 may include a plurality of processor cores, and the terminal device 100 may include a plurality of processors, or may perform parallel processing using a plurality of processors or processor cores. A set of two or more processors, a dedicated circuit such as an FPGA or an ASIC, a set of two or more dedicated circuits, a combination of a processor and a dedicated circuit, and the like may be called a “processor”.

  The RAM 102 is a volatile memory that temporarily stores programs executed by the CPU 101 and data referenced from the programs. Note that the terminal device 100 may include a type of memory other than the RAM, or may include a plurality of volatile memories.

  The HDD 103 is a non-volatile storage device that stores software programs and data such as an OS (Operating System), firmware, and application software. The terminal device 100 may include other types of storage devices such as a flash memory and an SSD (Solid State Drive), and may include a plurality of nonvolatile storage devices.

  The image signal processing unit 104 outputs an image to the display 41 connected to the terminal device 100 in accordance with a command from the CPU 101. As the display 41, a CRT (Cathode Ray Tube) display, a liquid crystal display, or the like can be used.

  The input signal processing unit 105 acquires an input signal from the input device 42 connected to the terminal device 100 and notifies the CPU 101 of the input signal. As the input device 42, a pointing device such as a mouse or a touch panel, a keyboard, or the like can be used.

  The disk drive 106 is a drive device that reads programs and data recorded on the recording medium 43. As the recording medium 43, for example, a magnetic disk such as a flexible disk (FD) or HDD, an optical disk such as a CD (Compact Disc) or a DVD (Digital Versatile Disc), or a magneto-optical disk (MO). Can be used. The disk drive 106 stores the program and data read from the recording medium 43 in the RAM 102 or the HDD 103 in accordance with a command from the CPU 101.

  The communication interface 107 communicates with the database server 32 and the terminal device 34 via a network. The communication interface 107 may be a wired interface to which a cable is connected, or may be a wireless interface that performs wireless communication.

The ROM writer 33 is connected to the interface 108. The interface 108 transmits control data to the ROM writer 33 in accordance with a command from the CPU 101.
However, the terminal device 100 may not include the disk drive 106, and may not include the image signal processing unit 104 and the input signal processing unit 105 when accessed from another terminal device. Further, the display 41 and the input device 42 may be formed integrally with the casing of the terminal device 100. The RAM 102 or the HDD 103 is an example of the storage unit 11 according to the first embodiment, and the CPU 101 is an example of the generation unit 12 according to the first embodiment.

  FIG. 4 is a diagram illustrating an example of source code. The source code 111 is an original source code before being converted in the terminal device 100. The source code 111 is an example of the first codes 21 and 21a according to the first embodiment.

  In the source code 111, a plurality of variables and a plurality of functions are defined. In the example of FIG. 4, two variables to which input data is substituted and one variable to which an operation result is substituted are defined. The former two are integer type (int type) variables. In the source code 111, the variable names apple and banna are used. The latter is an integer type variable, and the variable name out is used in the source code 111. In the example of FIG. 4, two functions are defined. Each of the two functions receives one integer type argument and returns an integer type return value. In the source code 111, function names buy and sell are used.

  In the example of FIG. 4, the following program control structure is described. First, the value of the variable with the variable name “apple” (first input data) is compared with the value of the variable with the variable name “banana” (second input data) to determine whether the former is greater than the latter. If the comparison result is true, the function with the function name buy is called using the value of the variable with the variable name banana as an actual argument. If the comparison result is false, the function with the function name cell is called using the value of the variable with the variable name banana as an actual argument.

  FIG. 5 is a block diagram illustrating a first example of an electronic circuit. If the user company delivers the source code 111 shown in FIG. 4 to the hardware vendor as it is, the hardware vendor is expected to manufacture an electronic circuit as shown in FIG. The first electronic circuit includes a comparison circuit 211, arithmetic circuits 212 and 213 corresponding to functions, and a multiplexer 214.

  The comparison circuit 211 compares the first input signal (in [0]) with the second input signal (in [1]), and outputs true = 1 when the former value is larger than the latter value. In other cases, false = 0 is output. The arithmetic circuit 212 receives the second input signal and performs an operation defined by the function having the function name buy. The arithmetic circuit 213 receives the second input signal and performs an operation defined by the function having the function name “cell”. The multiplexer 214 selects the operation result of the operation circuit 212 when the comparison circuit 211 outputs true = 1 as the output signal (out), and the operation of the operation circuit 213 when the comparison circuit 211 outputs false = 0. Select the result.

  In this manner, an electronic circuit that realizes data processing indicated by the source code 111 can be manufactured from the source code 111. However, from the source code 111 shown in FIG. 4, the first input data is used as the first reference operand of the comparison operation, and the second input data is used as the second reference operand of the comparison operation. Can be clearly read. In addition, it can be clearly seen from the source code 111 shown in FIG. 4 that the first input data is used as an argument of the function names buy and sell. If the relationship between the data and the operation to be performed on which data is the knowledge (knowhow) to be kept secret, the know-how leaks by passing the source code 111 to the hardware vendor. .

  Therefore, the terminal device 100 converts the source code 111 so as to make the relationship between the data and the calculation unclear and provides it to the hardware vendor. However, object code to be executed by the processor cannot be generated from the converted source code.

  FIG. 6 is a diagram illustrating an example of converted source code. The source code 112 is source code provided to a hardware vendor after being converted in the terminal device 100. The source code 112 is an example of the second codes 22 and 22a of the first embodiment.

  The source code 112 defines the same variables and functions as the source code 111. In the example of FIG. 6, in order to define three variables, the same variable names apple, banana, and out are used as the source code 111, and in order to define two functions, the same function names buy and sell as the source code 111 are used. Has been. However, when the source code 111 is converted to the source code 112, obfuscation may be performed to change the variable name or function name.

  On the other hand, in the source code 112, a variable name or function name defined in the source code 112 is not described in a statement that refers to a variable or function. That is, the variable name described as the reference operand (including the argument specified by the function call) of the operation is replaced with a dummy identifier. In the example of FIG. 6, the variable names apple and banana described as reference operands for the comparison operation are replaced with identifiers x [0] and x [1], and the variable name banana described as an argument of the function call is an identifier. x [2] is substituted. Also, the function name described in the function call statement is replaced with a dummy identifier. In the example of FIG. 6, the function names buy and sell described in the function call statement are replaced with dummy identifiers x [3] and x [4].

  By replacing the variable name or function name described in the statement referring to the variable or function with a dummy identifier, the relationship between the data and the operation cannot be read from the source code 112. In the example of FIG. 6, the comparison operation determines whether the first input data is larger than the second input data, or whether the second input data is larger than the first input data. It is unknown whether it is judged. In the example of FIG. 6, it is unclear which of the first input data and the second input data is specified as the function call argument. In the example of FIG. 6, it is unknown which of the two functions is called in each function call statement.

  As described above, when the source code 111 is converted into the source code 112, the information on the correspondence between the data and the operation is lost, while the information on the type of operation that can be executed and the control structure of the program is not lost. In the example of FIG. 6, it can be read from the source code 112 that an electronic circuit that includes a comparison circuit and two arithmetic circuits corresponding to two functions and selects an output signal according to the output of the comparison circuit should be manufactured. . In the example of FIG. 6, the variable names of all reference operands and the function names of all function call statements are replaced with dummy identifiers, but only some of the variable names and function names may be replaced. For example, when the user specifies a description range including important know-how in the description of the source code 111, only the variable name or function name within the range may be replaced. In addition, the user may designate a variable or function to be replaced.

  FIG. 7 is a diagram illustrating an example of an arrangement table. The arrangement table 113 is generated by the terminal device 100 when the source code 111 is converted into the source code 112. The array table 113 is stored in the database server 32 as secret information that is not provided to the hardware vendor. The array table 113 includes items of an identifier and an original name.

  In the identifier item, a dummy identifier written in the source code 112 is registered instead of the variable name or the function name. For example, a plurality of identifiers are expressed as an array, and in this case, each identifier can be specified only by the subscript of the array. In the original name item, the original variable name or function name before replacement with a dummy identifier is registered. As shown in FIG. 7, when two or more statements that refer to the same variable or function are included in the source code 111, two or more different dummy identifiers may be assigned to one variable name or function name. In the example of FIG. 7, dummy identifiers x [1] and x [2] both correspond to the variable name banana.

  FIG. 8 is a diagram illustrating an example of a group table. The group table 114 is generated by the terminal device 100 when the source code 111 is converted into the source code 112. The group table 114 is provided to the hardware vendor together with the source code 112. The group table 114 includes items of type, identifier, and original name.

  In the type item, a variable type or a function type is registered. The function type is a combination of the return value type and the argument type, and is different from any variable type. In the identifier item, a set of dummy identifiers used for variables of the same type or a set of dummy identifiers used for functions of the same type is registered. In the item of original name, a set of variable names of variables having the same type or a set of function names of functions having the same type is registered.

  In this way, in the group table 114, variables and functions are grouped according to types, and a set of dummy identifiers and a set of variable names or function names are associated with each group. When the source code 111 in FIG. 4 is converted into the source code 112 in FIG. 6, dummy identifiers x [0], x [1], x [2] are associated with variable names apple, banna, Identifiers x [3] and x [4] are associated with function names buy and sell.

  As a result, the hardware vendor can narrow down candidates for variable names or function names corresponding to the respective dummy identifiers. For example, the hardware vendor implements a selection circuit (such as a multiplexer) that selects any signal from a set of signals corresponding to a set of variable names based on the group table 114. For example, the hardware vendor implements a selection circuit that selects one of signals output from a set of arithmetic circuits corresponding to a set of function names based on the group table 114. Which signal each selection circuit selects is controlled according to control data generated from the array table 113.

  FIG. 9 is a block diagram illustrating an example of functions of the terminal device. The terminal device 100 includes a design information storage unit 110, a source code editing unit 120, a source code conversion unit 130, a design information transmission unit 140, and a control data generation unit 150. The design information storage unit 110 is realized as a storage area secured in the RAM 102 or the HDD 103, for example. The source code editing unit 120, the source code conversion unit 130, the design information transmission unit 140, and the control data generation unit 150 are realized as software modules, for example.

  The design information storage unit 110 stores a source code 111 (before conversion), a source code 112 (after conversion), an array table 113, and a group table 114. The source code editing unit 120 receives user input through the input device 42 and edits the source code 111 stored in the design information storage unit 110 in accordance with the user input. The source code conversion unit 130 analyzes the source code 111 stored in the design information storage unit 110. Then, the source code conversion unit 130 generates the source code 112, the arrangement table 113, and the group table 114 from the source code 111, and stores them in the design information storage unit 110.

  The design information transmitting unit 140 transmits the source code 112 and the group table 114 as external information to the hardware vendor via the network 31. Alternatively, the design information transmission unit 140 writes the source code 112 and the group table 114 on a portable recording medium that is passed to the hardware vendor. Further, the design information transmission unit 140 transmits the array table 113 to the database server 32 as secret information. When the hardware component 200 is manufactured, the control data generation unit 150 acquires the array table 113 from the database server 32 and generates control data for controlling the hardware component 200 from the array table 113. Then, the control data generation unit 150 sends the control data to the ROM writer 33.

  However, the control data generation unit 150 may generate control data before the hardware component 200 is manufactured. In that case, the generated control data may be stored as secret information in the database server 32 instead of or together with the array table 113. Further, as described above, the control data may be written into the memory included in the hardware component 200 by a device other than the terminal device 100, and every time an electronic device in which the hardware component 200 is mounted is activated. An electronic device may execute. In the latter case, the generated control data is installed in the electronic device.

FIG. 10 is a flowchart illustrating an example of a procedure for manufacturing a hardware component.
The source code editing unit 120 of the terminal device 100 creates the source code 111 according to the user input (step S1). The source code conversion unit 130 of the terminal device 100 performs a concealment process on the generated source code 111. That is, the source code conversion unit 130 generates a source code 112, an array table 113, and a group table 114 from the source code 111. The generated source code 112 and group table 114 are passed to the hardware vendor as external information. The generated array table 113 is managed as secret information without being passed to the hardware vendor (step S2).

  The terminal device 34 performs an optimization process on the source code 112. That is, the terminal device 34 modifies the source code 112 according to the user input so that the operation speed of the electronic circuit is fast and the circuit scale is small (step S3). The terminal device 34 generates an RTL model described in a hardware description language from the corrected source code 112 using a high-level synthesis (behavioral synthesis) tool (step S4). The terminal device 34 verifies whether the RTL model is appropriate by simulating the electronic circuit based on the RTL model (step S5).

  If it is determined by the verification in step S5 that the operation or performance of the electronic circuit indicated by the RTL model is appropriate, the process proceeds to step S7. If it is determined that the operation is not appropriate, the process proceeds to the optimization process in step S3. Return (step S6). However, when the correction amount is small, the RTL model may be corrected instead of correcting the source code 111. The terminal device 34 generates circuit data for mounting design from the RTL model using a logic synthesis tool. For example, when an electronic circuit is mounted as an ASIC, an ASIC logic synthesis tool is used, and when an electronic circuit is mounted as an FPA, an FPGA logic synthesis tool is used. The manufacturing device 35 manufactures an electronic circuit corresponding to the circuit data generated by the terminal device 34, and manufactures the hardware component 200 on which the electronic circuit is mounted (step S7).

  The control data generation unit 150 of the terminal device 100 generates control data for controlling the electronic circuit to perform an operation corresponding to the source code 111 before conversion, from the arrangement table 113 generated in step S2. The control data is, for example, data for instructing each selection circuit included in the electronic circuit which signal should be selected (step S8). The ROM writer 33 writes control data to the memory provided in the electronic circuit (step S9).

FIG. 11 is a flowchart illustrating an example of a procedure for concealing source code. The process shown in the flowchart of FIG. 11 is executed in step S2.
(Step S <b> 10) The source code conversion unit 130 generates an empty array table 113 and an empty group table 114 and stores them in the design information storage unit 110.

  (Step S11) The source code conversion unit 130 parses the source code 111 to detect a variable reference description and a function call statement. The description of the variable reference is an operation operand (including an argument specified by a function call) and is a reference operand that refers to any variable.

(Step S12) The source code conversion unit 130 selects one of the variable reference description and the function call statement detected in Step S11.
(Step S13) The source code conversion unit 130 refers to the arrangement table 113 and selects one unused dummy identifier. When the dummy identifier is expressed as an array, the unused index with the smallest number is selected. Then, the source code conversion unit 130 replaces the name (variable name or function name) described in the variable reference description or function call statement selected in step S12 with the selected dummy identifier. Thereby, the source code 112 in which the variable name or function name is replaced with the dummy identifier is generated.

  In the above description, a different dummy identifier is used for each variable reference description or function call statement. However, the same dummy identifier may be used for the same variable name or function name. Further, when the same variable name or function name as before appears, it may be selected at random or according to a predetermined rule whether the same identifier as before or a different identifier is used.

(Step S14) The source code conversion unit 130 registers the original variable name or function name in the array table 113 in association with the dummy identifier selected in Step S13.
(Step S15) The source code conversion unit 130 determines the type of the referenced variable or the type of the function to be called. The variable type is described in a statement defining a variable in the source code 111, and the function type is described in a statement defining a function in the source code 111.

  (Step S16) The source code conversion unit 130 determines whether the type determined in step S15 is registered in the group table 114. If registered, the source code conversion unit 130 selects an entry (a set of identifiers and a set of original names) corresponding to the type, and adds a new entry to the group table 114 if not registered. Then, the source code conversion unit 130 adds the dummy identifier selected in step S13 to the set of identifiers, and adds the original variable name or function name to the set of original names.

  (Step S17) The source code conversion unit 130 determines whether or not all of the detected variable reference descriptions and function call statements have been selected in step S12. If all are selected, the process proceeds to step S18. If there is any unselected item, the process proceeds to step S12.

(Step S18) The source code conversion unit 130 outputs the source code 112 and the group table 114 as external information to be provided to the hardware vendor.
(Step S19) The source code conversion unit 130 stores the arrangement table 113 as secret information that should be secretly managed without being provided to the hardware vendor.

Note that the replacement in step S13, the update of the array table 113 in step S14, and the update of the group table 114 in step S16 may be executed in an arbitrary order.
FIG. 12 is a block diagram illustrating a second example of an electronic circuit. The hardware vendor that has received the source code 112 and the group table 114 manufactures an electronic circuit as shown in FIG. 12, for example. The second electronic circuit includes a comparison circuit 211, arithmetic circuits 212 and 213, multiplexers 214 and 231 to 235, and a memory 220. The functions of the comparison circuit 211, the arithmetic circuits 212 and 213, and the multiplexer 214 are as described in FIG.

  The multiplexer 231 selects one of the first input signal (in [0]) and the second input signal (in [1]) and inputs it to the comparison circuit 211 as a first operand. The multiplexer 232 selects one of the first and second input signals and inputs it to the comparison circuit 211 as the second operand. The multiplexer 233 selects one of the first and second input signals and inputs it to the arithmetic circuits 212 and 213 as an argument. The multiplexer 234 selects one of the operation results of the operation circuits 212 and 213 and inputs it to the multiplexer 214 as the first operation result. The multiplexer 235 selects one of the operation results of the operation circuits 212 and 213 and inputs it to the multiplexer 214 as the second operation result.

  Thus, since it is unclear which identifier x [0], x [1], x [2] described in the source code 112 indicates two input signals in [0], in [1]. Multiplexers 231 to 233 are provided so that input signals can be selected after the electronic circuit is manufactured. In addition, since it is unclear which identifiers x [3] and x [4] described in the source code 112 indicate the function names buy and sell, which function should be used for the calculation? Multiplexers 234 and 235 are provided for selection after manufacture of the electronic circuit.

  The memory 220 may be an empty memory in which no data is written at the time of manufacturing the electronic circuit. The memory 220 is written with control data for controlling the multiplexers 231 to 235 after the electronic circuit is manufactured. When the memory 220 is a non-volatile memory, for example, the control data is written using the ROM writer 33 before starting to use the hardware component 200. When the memory 220 is a volatile memory, for example, control data is written every time an electronic device equipped with the hardware component 200 is activated.

  Data for controlling each of the multiplexers 231 to 235 is data indicating which of the two signals should be selected. For example, a bit string “01101” is written in the memory 220. This indicates that the multiplexer 231 selects the first input signal, and the multiplexers 232 and 233 select the second input signal. This also indicates that the multiplexer 234 selects the calculation result of the calculation circuit 212 and the multiplexer 235 selects the calculation result of the calculation circuit 213. However, the description of the control data is an example, and the description method of the control data depends on the mounting method of the electronic circuit. Such control data can be generated based on the structure of the electronic circuit and the arrangement table 113.

  FIG. 13 is a block diagram illustrating a third example of the electronic circuit. A hardware vendor that has received the source code 112 and the group table 114 can also manufacture an electronic circuit as shown in FIG. The third electronic circuit includes a comparison circuit 211, arithmetic circuits 212 and 213, a memory 220, and switch boxes 241 and 242.

  The second electronic circuit uses the multiplexers 231 to 233 to select the input signal, while the third electronic circuit uses the switch box 241 to select the input signal. The switch box 241 can switch ON / OFF of six contacts formed between two input lines and three output lines. The two input lines correspond to the two input signals in [0] and in [1]. The three output lines correspond to the first operand of the comparison circuit 211, the second operand of the comparison circuit 211, and the arguments of the arithmetic circuits 212 and 213.

  The second electronic circuit uses the multiplexers 234 and 235 to select the operation result, while the third electronic circuit uses the switch box 242 to select the operation result. The switch box 242 can switch ON / OFF of four contacts formed between two input lines and two output lines. The two input lines correspond to the calculation results of the two arithmetic circuits 212 and 213, and the two output lines correspond to the two inputs of the multiplexer 214.

  Control data for controlling the switch boxes 241 and 242 is written in the memory 220 after the electronic circuit is manufactured. Data for controlling the switch box 241 is data indicating ON / OFF of each of the six contacts. For example, a bit string “1000011” is written in the memory 220. This means that the first output line is connected to the first input line, the second output line is connected to the second input line, and the third output line is connected to the second input line. Show. The data for controlling the switch box 242 is data indicating ON / OFF of each of the four contacts. For example, a bit string “1001” is written in the memory 220. This indicates that the first output line is connected to the first input line and the second output line is connected to the second input line. However, the description of the control data is an example, and the description method of the control data depends on the mounting method of the electronic circuit.

  When the electronic circuit is mounted as an FPGA, the circuit scale can be suppressed by using the switch boxes 241 and 242 in this way. Control data for controlling the switch boxes 241 and 242 can be generated based on the arrangement table 113.

  FIG. 14 is a block diagram illustrating a fourth example of the electronic circuit. The hardware vendor can also manufacture an electronic circuit as shown in FIG. The fourth electronic circuit includes a comparison circuit 211, multiplexers 214, 231 to 233, a memory 220, and look-up tables (LUTs) 251 and 252. The functions of the comparison circuit 211, the multiplexers 214, 231 to 233, and the memory 220 are as described with reference to FIG.

  In the fourth electronic circuit, one of the look-up tables 251 and 252 is used to realize the function with the function name buy, and the other is used to realize the function with the function name sell. The control data written to the memory 220 includes data defining the correspondence between the input value and the output value of the lookup table 251 and data defining the correspondence between the input value and the output value of the lookup table 252. It is. One of the two correspondence relationships indicates a function having a function name buy, and the other indicates a function having a function name sell. The lookup tables 251 and 252 calculate an output value corresponding to the input value based on the control data written in the memory 220.

  In this manner, by using the lookup tables 251 and 252, the lookup tables 251 and 252 and the two functions can be associated with each other after the electronic circuit is manufactured. Therefore, even if the correspondence between the identifiers x [3] and x [4] and the two functions is unknown in the source code 112, the calculation result of the lookup table 251 is input to the multiplexer 214 as the first calculation result. Good. Similarly, the calculation result of the lookup table 252 may be input to the multiplexer 214 as the second calculation result. That is, the multiplexers 234 and 235 and the switch box 242 need not be provided between the lookup tables 251 and 252 and the multiplexer 214, and the circuit scale of the electronic circuit can be suppressed.

In FIG. 14, the multiplexers 231 to 233 are used to select the input signal, but the switch box 241 may be used as shown in FIG.
According to the information processing system of the second embodiment, when requesting the hardware vendor to manufacture the hardware component 200, the source code 111 is converted into the source code 112, and the array table 113 and the group table 114 are Generated. Then, the source code 112 and the group table 114 are transferred to the hardware vendor as external information, while the array table 113 is stored as secret information.

  Since the source code 112 represents the control structure and operation contents of the program, and the group table 114 indicates candidates for variables or functions corresponding to the dummy identifiers, a selection circuit such as a multiplexer or a switch box is used. Thus, it is possible to manufacture an electronic circuit. On the other hand, from the source code 112 and the group table 114, it is impossible to read the correspondence relationship between the specific data and the calculation as to what calculation is performed on which input data. For this reason, even if the correspondence between the data and the calculation is information that should be protected as know-how, storing the array table 113 secretly without providing it to the hardware vendor makes it possible for the know-how to leak to the hardware vendor. Can be reduced.

  Note that the functions of the first embodiment can be realized by causing the information processing apparatus 10 to execute a program. The functions of the second embodiment can be realized by causing the terminal device 100 to execute a program. The program can be recorded on a computer-readable recording medium (for example, the recording medium 43). As the recording medium, for example, a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like can be used. Magnetic disks include FD and HDD. Optical discs include CD, CD-R (Recordable) / RW (Rewritable), DVD, and DVD-R / RW. The program may be recorded and distributed on a portable recording medium. In that case, the program may be copied from a portable recording medium to another recording medium such as an HDD and then executed.

DESCRIPTION OF SYMBOLS 10 Information processing apparatus 11 Memory | storage part 12 Production | generation part 21,21a 1st code | cord | chord 22,22a 2nd code | cord 23,23a

Claims (9)

A code processing method executed by a computer,
Detecting an operand that is an operand of an operation and refers to any of the plurality of variables from within the first code in which the plurality of variables is defined;
A second code converted from the first code, wherein the detected variable name of the operand is not used as any variable name of the plurality of variables in the second code; Generating a replaced second code, and generating correspondence information indicating which of the plurality of variables the identifier corresponds to,
After the electronic circuit is manufactured based on the second code, control data corresponding to the correspondence information is written in a memory included in the electronic circuit .
Code processing method. The electronic circuit includes an arithmetic circuit corresponding to the arithmetic, and a selection circuit that selects a signal input to the arithmetic circuit among a plurality of signals corresponding to the plurality of variables.
The control data is data for controlling the selection circuit.
The code processing method according to claim 1 . A plurality of functions are defined in the first code, and in addition to the operand, a function call statement that calls any one of the plurality of functions from within the first code is detected,
In the generation of the second code, the function name of the detected function call statement is not used as any function name of the plurality of functions in the second code and is different from the identifier. Is replaced with
The correspondence information further indicates to which of the plurality of functions the other identifier corresponds.
The code processing method according to claim 1 or 2 . Grouping the plurality of variables;
In addition to the second code and the correspondence information, group information indicating which group the identifier corresponds to is generated.
The code processing method according to any one of claims 1 to 3 . Detecting other operands in the first code in addition to the operands;
In the generation of the second code, even if the operand and the other operand refer to the same variable, the detected variable name of the other operand is replaced with another identifier different from the identifier. To allow,
The code processing method according to any one of claims 1 to 4 . A code processing method executed by a computer,
Detecting an operand that is an operand of an operation and refers to any of the plurality of variables from within the first code in which the plurality of variables is defined;
A second code converted from the first code, wherein the detected variable name of the operand is not used as any variable name of the plurality of variables in the second code; Generating a replaced second code, and generating correspondence information indicating which of the plurality of variables the identifier corresponds to,
The generated correspondence information is stored in a storage device as confidential information that is not provided to a manufacturer that manufactures an electronic circuit based on the second code .
Code processing method. A code processing method executed by a computer,
A function call statement for calling one of the plurality of functions is detected from within the first code in which the plurality of functions are defined;
A second code converted from the first code, wherein the function name of the detected function call statement is not used as any function name of the plurality of functions in the second code Generating a second code replaced with an identifier, and generating correspondence information indicating which of the plurality of functions the identifier corresponds to,
After the electronic circuit is manufactured based on the second code, control data corresponding to the correspondence information is written in a memory included in the electronic circuit .
Code processing method. A storage unit for storing a first code in which a plurality of variables are defined;
An operand that is an operation operand and refers to any of the plurality of variables is detected from within the first code, and a second code that is converted from the first code is detected. A second code is generated by replacing the variable name with an identifier that is not used as any variable name of the plurality of variables in the second code, and the identifier corresponds to any of the plurality of variables. A generating unit that generates correspondence information indicating whether to do,
After the electronic circuit is manufactured based on the second code, a writing unit that writes control data corresponding to the correspondence information in a memory included in the electronic circuit;
An information processing apparatus. On the computer,
Detecting an operand that is an operand of an operation and refers to any of the plurality of variables from within the first code in which the plurality of variables is defined;
A second code converted from the first code, wherein the detected variable name of the operand is not used as any variable name of the plurality of variables in the second code; Generating a replaced second code, and generating correspondence information indicating which of the plurality of variables the identifier corresponds to,
After the electronic circuit is manufactured based on the second code, control data corresponding to the correspondence information is written in a memory included in the electronic circuit .
A program that executes processing.

Images