WO2014203031A1 - Device and method for executing a program, and method for storing a program - Google Patents

Abstract

A device and a method for executing a program, and a method for storing a program are described. The method of executing a program includes a sequence of instruction cycles, wherein each instruction cycle comprises: updating the program counter value (1.1); reading (1.2) a data word (w) from a memory location identified by the updated program counter value, wherein the data word (w) comprises an instruction (π) and a protection signature (χ); determining (1.3) a verification signature (χ) by applying a signature function (Γ-->χ) associated with the program counter value to the instruction (Γ); executing (1.6) the instruction (Γ) if the verification signature and the protection signature (χ) are consistent with each other; and initiating (1.5) an error action if they are inconsistent with each other. A method for storing a program on a data carrier is also described.

Description

Title : Device and method for executing a program, and method for storing a program

Description Field of the invention

This invention relates to a device and a method for executing a program, and to a method for storing a program.

Background of the invention

Data processing systems, such as microcontrollers, personal computers and computer networks are usually provided with some form of safety mechanism to ensure the integrity of data in the data processing device. Data stored in a data processing device may be vulnerable for a variety of reasons. For example, the status of a bit in a memory register may change in an unpredictable manner due to, for example, particle impact from, e.g., radiation. Furthermore, the status of individual bits or entire registers may be accidentally changed by faulty software. A third kind of risk may be produced by malicious software.

A context is a set of data associated with a task on a data processing device. The data processing system may be designed such that any task is allowed to access its own context but not any other context. The data of a specific task may thus be shielded against other tasks. Switching from one task to another task may involve storing the context of the current task, so that the current task may be resumed at a later point in time. A task may be an entire program, a thread, a subroutine, or a single instruction or any other kind of process on the data processing system. A task switch may therefore also be referred to as a context switch.

Data processing devices may be subject to functional safety standards, such as ISO 26262 or IEC 61508. There is therefore a need for a reliable scheme of detecting data corruption, notably in components that are relevant for functional safety. As mentioned above, data may be corrupted by, e.g., faulty software components. Data may even be corrupted by a lack of cooperation between software components. For example, a stack frame generated by a certain context may be corrupted by another context due to faulty software. Accordingly, there is a particular need for detecting corrupted stack frames and for providing stack-frame protection. The data that may be corrupted may include executable data, that is, program code. There is therefore a need for ensuring safe code execution.

One approach to improving the integrity of data in a data processing system involves the use of a checksum or a hash function. Checksums and hash functions are related mathematical concepts, and no distinction will be made between the two in this specification. The idea behind this approach may be seen in determining for a given data item (payload item) a signature in dependence on the data item in question. Identical payload items have identical signatures. Different payload items may have identical or different signatures. A signature function is a function that maps a set of payload items onto a set of signatures. A signature function is generally not bijective. The set of signatures may thus be smaller than the set of payload items for which the signature function is defined. Considering, for instance, a system with a word size of 32 bits, a signature function may be designed to protect individual data words. The signature function should thus assign a signature to each of the 2³² different data words that may occur in the system. The signature may, for instance, have a length of seven bits. In this scenario, the signature function thus maps the set of 2³² payload data words onto the set of 2⁷=128 signatures. Comparing the signatures of two payload items provides a way of determining whether the two data items differ. Data items with different signatures necessarily differ. Payload items with identical signatures are, however, not necessarily identical, assuming that the signature function is non-bijective. For instance, considering again the example of 2³² different payload items and 2⁷=128 different signatures, the set of payload items may be partitioned into 128 subsets associated with the 128 different signatures, each subset containing those payload items that are mapped onto the same signature. In an example in which the 2³² payload items are evenly distributed over the 128 subsets, there is thus a likelihood of 1 to 128 that the payload items from the set of 2³² payload items belong to the same subset and thus have the same signature. The pair of data items consisting of the payload item and the corresponding signature may be referred to as a signed data item or as a protected data item. A valid signed data item is self-consistent in the sense that its signature component is the signature of its payload component. When the payload component is accidentally modified, there may be a substantial likelihood for the signed data item to become inconsistent. This likelihood may, for instance, be 127 out of 128 in the above-described example. Recomputing the signature for the payload component of a signed data item and comparing the recomputed signature to the signature component of the signed data item thus provides a way of checking the integrity of the respective signed data item.

Summary of the invention

The present invention provides a device and method for executing a program, and a method for storing a program.

Specific embodiments of the invention are set forth in the dependent claims.

These and other aspects of the invention will be apparent from and elucidated with reference to the embodiments described hereinafter.

Brief description of the drawings

Further details, aspects and embodiments of the invention will be described, by way of example only, with reference to the drawings. In the drawings, like reference numbers are used to identify like or functionally similar elements. Elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale.

Figure 1 shows a flow chart of an example of an embodiment of a method of executing a program.

Figure 2 shows a flow chart of an example of a method of storing a program on a data carrier.

Figure 3 schematically shows an example of an embodiment of a list of signed instructions. Figure 4 schematically shows an example of an embodiment of a data processing device.

Detailed description of the preferred embodiments

Because the illustrated embodiments of the present invention may for the most part, be implemented using electronic components and circuits known to those skilled in the art, details will not be explained in any greater extent than that considered necessary as illustrated above, for the understanding and appreciation of the underlying concepts of the present invention and in order not to obfuscate or distract from the teachings of the present invention.

The example of a method of executing a program illustrated by the flow chart in Figure 1 comprises providing a program counter value and performing a sequence of instruction cycles. Each instruction cycle may comprise: updating (1.1 ) the program counter value; reading (1 .2) a data word from a memory location identified by the program counter value, wherein the data word comprises an instruction and a protection signature; determining (1.3) a verification signature by applying a signature function associated with the program counter value to the instruction; executing the instruction if the verification signature and the protection signature are consistent with each other (1.6); and triggering an error response (1.5) if they are inconsistent with each other. The signature function may, for example, be a checksum function, e.g., a cyclic redundancy check (CRC) function.

The signature function may be associated with the program counter value in the sense that it changes when the program counter changes. However, it may be beneficial to evaluate the signature function without making use of the program counter value itself. Instead, it may be beneficial to provide a context value & correlated to the program counter value. For instance, the context value may be incremented in the same or similar manner as the program counter in each instruction cycle. Both the program counter value and the context value may, for instance, be updated independently from each other but on the basis of the same flow control information. The flow control information may, for instance, comprise the most recent instruction of the program flow in conjunction with none, one, or more state variables. For instance, the program counter value and, similarly, the context value may be incremented by one increment, e.g., 1 , when this most recent instruction is a normal instruction, i.e., an instruction which is not a flow control instruction. Flow control instructions may include, for instance, relative jumps, absolute jumps, subroutine calls, and returns from subroutines.

The program counter may be a particular special purpose register for holding the program counter value. The program counter value may indicate the memory location of an instruction that is to be executed next. The program counter value may, for instance, be the address of this memory location. In each instruction cycle, the program counter (PC) and, similarly, the context value (denoted & herein) may thus be replaced by updated values PC+APC and respectively (block 1.1 in Figure 1 ). The context value & may be considered equivalent to the program counter and may take the same or a different binary form. Notably, the context value & may be provided by a physical register or other kind of memory cell separate from the program counter. Although the program counter and the context value may be regarded as mathematically equivalent in the sense that there may be a one-to-one relationship between the two quantities, their purposes may be different. The program counter may serve to identify the memory locations of instructions of the program. The context value, in contrast, may be used to define a specific signature function for each memory location holding an instruction of the program. The signature function may be used to verify the integrity of data at the respective memory locations. Although, in principle, the program counter may be used to define the respective signature functions, the introduction of the context value may help to ensure that a corruption of the program counter value may be detected.

In block 1 .2, a data word w may be read from the memory location identified by the program counter value. The data word w may comprise an instruction π and a protection signature χ. The instruction may be considered the payload data of the data word, whereas the protection signature may be used for checking the integrity of the instruction and also to detect unallowed access to the memory location in question, namely by the operations in subsequent blocks 1.3 and 1.4 described below.

In block 1.3, a verification signature may be computed by applying the signature function associated with the current program counter value to the instruction that was read in the preceding block 1.2. The verification signature may thus be computed using, as input data, the current instruction and information correlated with the program counter value, such as the program counter value itself or the context value & mentioned above. Again, it should be pointed out that it may not be strictly necessary to introduce the context value 9 as a separate variable in addition to the program counter but that doing so may be beneficial in view of a corruption of the program counter value. More specifically, when the program counter value is corrupted due to, e.g., a neutron impact, a wrong memory location would be accessed in block 1.2 thus resulting in a substantial likelihood that applying the signature function of the current context value & to the payload data of the wrong memory location will produce a verification signature different from the protection signature of the wrong memory location.

Turning back to the description of the flow chart, the verification signature generated in block 1 .3 may be compared against the protection signature of the data word read in block 1 .2.

In the present, it is assumed that the protection signature of the instruction sequence of the program was generated by the same signature functions that are used in the present method of executing the program. Therefore, in a scenario in which the program data is intact and the program is executed correctly, the verification signature recomputed in block 1 .3 may be expected to be identical to the protection signature of the respective instruction. Consequently, any mismatch between the verification signature the protection signature may be interpreted as an indication that an error has occurred.

An error response may therefore be initiated in the event of a mismatch between the protection signature and the verification signature (block 1.5). The error response may, for example, include one or more of the following: terminating the program and generating an error report. If, however, the verification signature is found to be identical to the protection signature, the instruction π that was read in block 1.2 as part of the data word w may be executed. If the instruction is a flow control instruction such as a relative jump, an absolute jump, a call of a subroutine, or a return from a subroutine, the program counter value and, if present, the context value & may be modified accordingly. If the instruction is an end instruction, the program may be terminated (block 1 .8). Otherwise, the process flow may return to block 1.1 and the next instruction cycle may be performed.

In other words, memory locations with program instructions may be assigned individual signature functions. A signature function may, for instance, be defined in terms of a generator polynomial. A generator polynomial may thus be defined individually for the various memory locations containing the instructions. The memory locations may form a sequence of memory locations, wherein the memory locations are ordered in accordance with, e.g., their addresses in an addressing scheme of the system in question. It may be beneficial to define the signature functions for the various memory locations of the sequence such that successive memory locations have different signature functions. For instance, a first memory location of the sequence may have a first signature function associated with it. The first signature function may, for instance, be defined in terms of a first generator polynomial. A second memory location may have a second signature function associated with it, wherein the second signature function differs from the first signature function. The second signature function may, for instance, be defined in terms of a second generator polynomial different from the first generator polynomial. A third memory location succeeding the second memory location may again have the first signature function or, alternatively, a third signature function different from both the first and the second signature functions. Using a larger number of different signature functions for the various memory locations of the sequence may increase the likelihood of detecting an erroneous read access to one of the memory locations.

For instance, a system in which there are 2⁵ different signature functions, represented by, e.g., 2⁵=32 different generator polynomials, an attempt of reading and executing one of the instructions of the program might be triggered erroneously by a second program not related to the program stored in the memory locations in question. In this case, there may be a likelihood of 1 to 32 of the second program providing the correct signature function to determine the verification signature required for executing the instruction stored the memory location in question.

The flow chart in Figure 2 schematically illustrates an example of a method of storing a program on a data carrier. The method may notably include writing a sequence of instructions to a corresponding sequence of memory locations on the data carrier. Each memory location may, for instance, be a memory cell of a magnetic or optical storage device or a register implemented in, e.g., flip flops. Each memory location may be identified by a corresponding address. The method may comprise providing a context value and performing a sequence of write cycles. Each write cycle may comprise incrementing the context value by one increment; determining a protection signature by applying a signature function to an instruction, wherein the signature function depends parametrically on the context value; selecting a next memory location among a plurality of memory locations; and writing a data word to the selected memory location, wherein the data word comprises the instruction and the protection signature. The data word may, for instance, be a concatenation of the instruction and the signature.

In block 2.0, an address variable may be set to an initial value. The address variable may be referred to herein as a program counter and its value as the program counter value, by analogy to the process of executing the program. Furthermore, a context value & may be set to an initial value ¾. The initial context value ¾ may be the same for every program to be generated using the present method. ¾ may, for instance, be 0 for every program. An advantage of using the same initial context value, e.g., 0, for any program lies in that any program protected by the present method may be executed without reading or otherwise determining the initial context value

Alternatively, however, the initial context value ¾ may be stored as a key for protecting the program against illegal execution. The initial value ¾ may, in this case, be stored separately from the program.

In subsequent block 2.1 , the program counter and the context value may each be incremented by a certain increment, e.g., one.

In subsequent block 2.2, a protection signature may be computed by applying a signature function to an instruction, wherein the signature function depends parametrically on the context value. The signature function may, for instance, be a checksum, e.g., a CRC function.

In subsequent block 2.3, a data word may be formed of the instruction and the protection signature. The instruction and the protection signature may, for instance, be concatenated. For example, the protection signature may be appended to the instruction or vice versa. The data word comprising the instruction and the protection signature may then be written to the memory location indicated by the program counter.

In subsequent block 2.4, it may be determined whether further instructions are to written to the data carrier. In this case, the program flow may return to block 2.1 , and a next write cycle may be initiated. Otherwise, the process may be terminated (block 2.5).

Turning now to Figure 3, an example of a program on a data carrier is schematically illustrated. The data carrier may, for instance, be located in the memory unit 14 shown in Figure 4. In the shown example, the program comprises a sequence of instructions lnst_0 to lnst_9 and a corresponding sequence of protection signatures Sig_0 to Sig_9. The shown sequence of ten data words may thus be contained in a sequence of ten memory locations. This is, of course, only an example, and a program may generally comprise an instruction sequence consisting of fewer or more instructions than ten. Each memory location may have associated with it a respective signature function, namely, the signature function that was used to compute the respective protection signature. Each signature function may, for instance, be defined by a context value

The context values for the various memory locations may be defined explicitly, e.g., by means of a look-up table, or otherwise, e.g., analytically. For instance, the context value may be defined to increase (or decrease) by a certain increment from one memory location to the next memory location. The context value may thus assume a certain maximum value for a certain memory location. When passing from this memory location to the next one, the context value may be reset to 0, for example. The sequence of context values corresponding to the sequence of memory locations may thus exhibit a saw tooth characteristic.

Referring now to Figure 4, an example of an embodiment of a data processing device 10 is described. The device 10 is arranged to execute a program in a sequence of instruction cycles. The program comprise instructions stored in a plurality of memory locations of a memory unit 14. In the shown example, the memory unit 14 is part of the data processing device 10. In another example (not shown), the memory unit 14 may be a separate unit connected to or connectable to the data processing device 10. The data processing device 10 notably comprises a program counter 15, a memory access unit 13 arranged to read a data word w from a memory location identified by the program counter value, a signature unit 22, 24, a processing unit (core unit) 12, and error signal unit 30. In the present example, the signature unit 22, 24 comprises an instruction signature unit 22 dedicated to instruction signatures and a data signature unit 24 dedicated to signatures for non-instruction data.

For each instruction cycle, the program counter 15 provides a respective program counter value identifying a memory location in the memory unit 14. The memory access unit 13 reads a data word w from the identified memory location. The data word w may comprise an instruction Γ and a protection signature χ. The instruction signature unit 22 then determines a signature function Γ->χ corresponding to the program counter value and determines a verification signature x_veri by applying the signature function Γ->χ to the instruction Γ. The processing unit (core unit) 12 executes the instruction Γ if the verification signature x_veri and the protection signature x_prot are consistent with each other, e.g., if they are identical or, e.g., if they differ only to a certain degree. In contrast, the error signal unit 30 initiates an error action if the verification signature x_veri and the protection signature x_prot are inconsistent with each other. The error action may, for example, include stopping or interrupting execution of the program.

The present example of a data processing device 10 is described in greater detail below, by making reference to a few mathematical definitions.

The set of binary numbers with n binary digits is defined as

B_n := {i E N\0≤ i≤ 2"-¹}

i.e., the set of natural numbers from 0 to 2ⁿ .

Two binary numbers a and b can be concatenated in the following manner:

a II b^■■= a^■ 2ⁿ + b, where a e B_m, b e B_n, and a \\ b e B_m+n

The word size in bits of a machine may be expressed by a constant η as a number of bits. The word size η may, for example, be 32, 64, or any other natural number, depending on the machine and possibly also on an operating mode of the machine. For instance, some machines may be operable using, alternatively, a word size of 32 or 64 bits.

The data processing system may be arranged to provide a plurality of context configurations. Each context configuration may have a bit size c which may be the same for all context configurations in this system. The data processing system may be further arranged to provide a plurality of signatures. Each signature may have a bit size s which may be the same for all signatures.

A unit may be defined as a set of functions, or state variables, or both, that may be influenced by input signals of the unit. A unit may be arranged to produce output signals in dependence on its state variables and input signals. If a unit has state variables, it may provide update functions which determine the next value of a state variable from the current input signals and current values of the state variables. A unit may also provide an initial state for its state variables. The unit can therefore be considered a finite state machine.

For each unit described herein, only those elements which are necessary to understand the unit in question will be described for the sake of brevity and clarity. It may, for instance, be implicit that a number of different functions in a unit may be included in a set of functions which, in turn, are part of the corresponding finite state machine. Unless specified differently, all named variables may have an initial state of 0.

Input signals and state variables may be functions over discrete time instances, τ,. A function implemented by a unit may therefore be a function which evaluates its inputs and state variables at a time instance τ, to produce a result for its outputs at the same time instance or for its internal variables at the next time instance T_i+1. For the sake of a short notation within the specification of a unit, references to evaluated functions on the right hand side of an expression such as ί(τ,) may be shortened to the function name itself. They can thus be read as "signal f at time τ,".

If a function f is indicated on the left hand side of an equation, it will read out to either f(T_i+1 ) for a variable or f(T,) for an output signal, depending whether it is a variable or a signal. For example,

/( )is a variable

/( ) is an output signal

Still referring to Figure 4, the data processing device 10 may be arranged to provide for stack frame protection, data protection, and signed code execution. Variants of the device 10 which lack at least one of these three protection schemes may be obtained from the present device 10 by omitting or deactivating units explicitly associated with the respective protection scheme.

The data processing device 10 may comprise a core unit 12 and a memory unit 14. The core unit 12 may, for example, be a central processing unit (CPU). The core unit 12 may be operated to retrieve program code from the memory unit 14 and to execute it. The core unit 12 may further read data words from the memory unit 14. The core unit 12 may further write data words to the memory unit 14. The core unit 12 may, to this end, be connected to the memory unit 14 via signal lines for transmitting signals Γ, Χ_Γ, μ, a, and Χ_μ. The signal Γ may convey instructions for program execution from the memory unit 14 to the core unit 12. Each instruction in the memory unit 14 may be provided in the form of a signed data word. The signed data word comprising an instruction as a payload item and a corresponding signature may be referred to as a signed instruction. The instruction and the corresponding signature may have bit lengths of, e.g., 32 bits and 7 bits. However, other bit lengths may be envisioned. The signatures associated with the various instructions of the program code in the memory unit 14 may, for example, be generated along with the program code at compile time, i.e., when the executable program code is generated from a source code. Alternatively, the instruction signatures may, for example, be generated from the executable program code. For each instruction of the program code in the memory unit 14, the corresponding signature may be provided by a signal X_r.

The memory unit 14 may contain additional data in addition to said program code. Such additional data may be referred to as non-executable data. It should be noted however that the non-executable data, i.e., payload data not included in the program code, may in principle include executable instructions. Executable instructions may, for example, may be included in the nonexecutable data as backup data or for archival purposes. The difference between the program code and the non-executable data may thus be seen in that the program code is intended to be read and executed by the core unit 12, whereas the non-executable data may equally be read by the core unit 12 without however being executed. The non-executable data may be communicated to or from the memory unit by a signal μ. A bidirectional bus may be provided for conveying the signal μ.

The core unit 12 may further be arranged to drive an address signal a in order to access the correct memory location within the memory location 14 for read (load) or write (store) operations.

Each payload item included in the non-executable data may be provided along with a corresponding signature, the payload item and the corresponding signature thus forming a signed data item. Signed instructions included in the program code and signed data items included in the non-executable data may have the same formal structure. Notably, their payload components may have the same bit lengths. Their signatures may also have the same bit lengths of, e.g., 7 bits. Each signed data item in the memory unit 14 irrespective of whether the payload component is executable or not may thus have a signature associated with it, wherein the signature may also be stored in the memory unit 14. The signatures associated with executable instructions may however be defined and used in a manner which may be different compared to the non-executable data. Notably, the signature function defining the signature for a given instruction may be defined on the basis of a program flow of the program code. Roughly speaking, the signature function for generating a signature of a given instruction may depend on the position of the respective instruction in a flow chart of the program. This aspect will be described in greater detail further below.

The signatures associated with the non-executable instructions may be communicated to and from the memory unit 14 by a signal Χ_μ. The signature for a non-executable data word may be read from the memory unit 14 in response to a load instruction. In the event of a store instruction, the signature for the data item to be stored may be generated by applying the appropriate signature function to the respective data item. The data item may then be stored along with the thus generated signature in the memory unit 14.

The protection mechanism described herein can be extended to any data processing system comprising more than one processing core. Furthermore, it may be implemented in units or devices which lack a processing core. For instance, it may be implemented in a direct memory access (DMA) controller. It is therefore pointed out that the device shown in Figure 1 is only a specific example. In this example, the core unit 12 is arranged to operate in accordance with a signed code execution scheme. The core unit 12 may further be arranged to operate in accordance with, e.g., stack frame protection or simple data protection schemes.

A context configuration ξ may comprise a context identifier ¾_d, a generator polynomial ξ_ρ0ι of size p, a variable context modifier

and none, one, or more predicates λ, ^t_ype). The predicates λ, may further specify the context type ^pe, Formally, a context configuration ξ may be defined as

ζ ^-— ( >id' ζροΐ' ζ-inodvar' 'ftype_* {^■¾ (ftype)}) ^

with C := (B_c__p Β_ρ Β_η Τ Ρξ)

wherein T is a number of types (see below)

and P^/^'s a number of predicates λ, on those types ξ^_ρβ.

The size p of the generator polynomial may be specific to each configuration ξ. The size p may also be seen as a parameter of the context configuration. The size p may be the bit length of a binary expression defining the generator polynomial, i.e., defining the coefficients of the generator polynomial.

The context identifier and the generator polynomial may affect the computation of the context value. The context modifier may be an internal variable. It may be used, for example, to track a correct sequence of instructions for signed code execution or to maintain locality for data access to a stack frame by, e.g., incrementing or deincrementing the context value on, e.g., function linkage.

A context configuration may, for instance, have the following types ^pe- i,_type = "signed code execution": a context configuration of this type may describe an instance of the signed code execution protection mechanism. ξ₀ may be the dedicated one and only context configuration of this type. In a multi-core system, for example, each core may typically have one context configuration of this type.

^type = "data protection": a context configuration of this type may describe an instance of the data protection mechanism. This instance may, for example, include stack frame protection or protection of other data or both. The data processing device 10 may provide a set of context configurations ξ-ι to ξ_η. A subtype may have to be further specified via its predicates.

The following predicates may be used to further specify a type:

"Load via register-predicate _loadreg.": This predicate may be allowed for the above- mentioned data protection type. If this predicate exists, the corresponding context configuration may be applicable when the core unit 12 attempts to load data from the memory unit 14. The subscript "loadreg_i" indicates the register holding the address of the respective memory location.

"Store via register-predicate /l_storer£¾ .": This predicate may also be allowed for the above- mentioned data protection type. If this predicate exists, the corresponding context configuration may be applicable when the core unit 12 attempts to store data in the memory unit 14. The subscript storereg, may indicate a register holding the address of the corresponding memory location. "Fetch on operations Af_etcft__operationr.": This predicate may be allowed for every type. When the core unit 12 executes an operation Π, this context configuration may be fetched. If no such predicate exists, this context configuration will never be fetched (reset state).

"Restore on operations ^_estore__operationrl": This predicate may be allowed for every type. It may support implementing a stack of context configurations so that, e.g., on return from an application programming interface (API) function of a different software module, the hardware restores the existing context of the calling function.

"Update operation - increment A _pdate " This predicate may be allowed for every data protection type. Each time the core unit 12 executes the specified operation Π_, the value f,^^ is incremented.

"Update operation - decrement This predicate may be allowed for every data protection type. Each time the core unit 12 executes the specified operation Π_, the value f,^^ is decremented.

"Use address for data storage λ_α": This predicate may be allowed for the data protection type. If this predicate is available for a specific context configuration, the update unit (see below) may use the address signal a to provide the context modifier ξ^. The variable context modifier may be ignored in this case.

Referring back to Figure 1 , the example of a data processing device 10 shown therein comprises a context fetch-and-update unit 16. The context fetch-and-update unit 16 may be arranged to enable a program executed by the core unit 12 to preload a set of one or more context configurations and to specify a condition for activating them. The context fetch-and-update unit 16 may also hold a variable part of a context configuration

The context fetch-and-update unit 16 may be arranged to update the variable part of the context configuration

specified by the type and predicates of the context configuration.

For instance, the following use cases summarize examples of possible activation conditions:

"Function linkage": This context configuration may be relevant for signed code execution. If the program needs to call an API function belonging to a different software module, it may first have to set up the context needed to enter that remote location. Alternatively or in addition, a stack may be implemented so that the previous context configuration can be restored automatically on return.

"Load and store operation": This context configuration may be relevant for, e.g., local variables in a software module. In order to protect local variables by means of data corruption detection, a context configuration for these variables may be set up. A next load or store operation that uses the specified address register may activate that configuration.

"Return from interrupt": This context configuration may enable an operating system to restore an existing task context for stack frame protection, data protection, and signed code execution. The OS service routine may execute a "return from interrupt" instruction to jump into a next task to be scheduled. The context fetch-and-update unit 16 may comprise a set of n registers . Each of these registers may be designed sufficiently large so as to be capable of holding one context configuration. The registers r, may behave like state variables and may be accessible to write operations by the core unit 12 at any time. Write access via, e.g., existing contexts may be restricted by means of a further protection mechanism (not further described here). The context fetch-and-update unit 16 may further comprise another set of registers arranged to hold all active context configurations ξ, of the data processing device 10. These configurations may be made available to other units within the data processing device 10, e.g., to units 18 and 20. The state transitions of the underlying finite state machine of the context fetch-and-update unit may be defined as follows:

i_j + -operation^ _r. "

lj — ^{K !} r(T.) = r_k

v^ri(T₀), reset on fetch

In other words, if there is exactly one predicate "fetch on operation" _etcji-₀p_eration_r.^such that r(T_j) = r_k, the register state at time T_j + 1 remains unchanged. Otherwise, it is reset to its initial value r_(To) .

The fetch registers ri may hold all data for a context configuration. In this case, the above equation denotes a predicate for context configuration ξ, which is still stored in the fetch register

USing the term ^predicate-name, r ■

The active context configurations may be updated as follows:

" r(T,) = r_k

ition is met

The fetch-and-update unit 16 may also be arranged to update the variable context modifier modvarf Furthermore, it may be arranged to provide the context modifier signal f_m0£i . This signal may be used by the context value unit 20 (see below) to compute a current context value.

Both computations may use predicates on the context configuration to determine an exact behavior. In the case of signed code execution, for example, the update unit may be arranged to increment the variable context modifier

f°^{r eacn} consecutive instruction executed by the core unit 12 and to add a corresponding offset for relative jumps. Stack frame protection may be implemented by incrementing and decrementing f_moii„_arion function linkage, for example. A jump to a subroutine may also increment f_moii„_ariand a return may decrement it again. Data protection may be extended to use a bit mask of the address a of the data to be stored or loaded for the computation of f_m0£i . The variable context modifier ^mo_dvar ^ be ignored in this case.

The context value unit 20 may derive a context value $0f, <f_moii) ^on the basis of a context configuration ξ and a dynamic context modification ξ_7ηο(1 as follows:

: (B_C__P X Βρ)Β_η→ B_C,

{{_>id> ^pol)^mod) ^ ^id II {_>mod ' ζροΐ ^iiod 2^P) The signature unit 22, 24 may be arranged to compute a signature χ on the basis of a given context value & and a payload item π, by evaluating a context-dependent signature function χ for the given context (specified by the context value &) and the given payload item π:

χ: Βη X B_c_p→ B_s,

(π, ϋ) ^ χ(π, ϋ)

The payload item π may, for example, be an instruction Γ or a non-instruction data item μ. The payload item π concatenated with the signature χ

π II χ e B_s+

may be referred to as signed data. The term "signed data" may be used for both instruction data and other data. A data word w e B_s+n is called valid with respect to the context value & if w = x II x(x, y) wherein x is the payload component of the data word w. In the shown example, the signature unit 22, 24 comprises a first signature unit (instruction signature unit) 22 for instructions and a second signature unit (data signature unit) 24 for non-instruction data.

The compare unit 26, 28 may be arranged to receive a signature χ from, e.g. , the signature unit 22, 24 and to compare it to an existing signature χ', e.g., loaded from the memory unit 14. The compare unit 26, 28 may be arranged to perform the comparison only if another signal γ_δ indicates that this comparison shall be taken into account. The compare unit 26, 28 may thus detect data corruption in instructions or other data. The compare unit 26, 28 may be arranged to generate a comparison value defined, for instance, as follows:

if X ≠ X ' ('invalid') and γ_δ (^applicable)

S(X,X', YS)

0 else ('valid')

The compare unit 26, 28 may thus indicate whether its input data item, e.g ., an instruction or other data item loaded from the memory unit 14, is valid or invalid with respect to the current context.

The error signal unit 30 may, for example, be arranged to evaluate a maximum function ε over a number of outputs from the compare unit δ, to indicate whether a data corruption has been detected. In the shown example, only two compare units are provided, namely a first one 26 for non-instruction data and a second one 28 for instructions. The error signal unit 30 may accordingly have two inputs in the present example. The maximum function ε may, for example, be defined as follows:

1

e: U ^Bi "→ ^Bi

i=0

ε(δ₀, δ₁) ^■■= max(S₀, S₁)

The arbitration unit 18 may be arranged to select among a set of so called applicable load or store configurations ξ, ξ_η a configuration to be evaluated for the detection of data corruption or for computing a signature in order to store payload data in the memory unit 14. It may be arranged to receive a call operation Γ as input and to select a first applicable configuration. A configuration ξ. is applicable if it is active, i.e., if it was fetched by the fetch-and-update unit 16, and the currently executed operation matches one of the predicates A_j defined for that configuration:

<fi is applicable for Γ <= 3 _>r £ {A(^_type)}

where Γ^=Γ and Γ is a load or store operation on register r^

ξαρρ - ( \J C ) X 0

=i

_ (ξί, where ξϋε the first applicable context configuration appV ^>■■■> <^> ' ⁾ · _und_ef₎ if no such configuration exists

If no configuration is applicable, e.g., Γ is neither load nor store which uses an address register which is subject to data corruption detection, the signal ξ_3ρρ may be undefined. Another signal, namely, γξ_3ρρ, may be provided by the arbitration unit 18 in order to indicate whether data corruption detec

is defined

else A computer program is a list of instructions such as a particular application program and/or an operating system. The computer program may for instance include one or more of: a subroutine, a function, a procedure, an object method, an object implementation, an executable application, an applet, a servlet, a source code, an object code, a shared library/dynamic load library and/or other sequence of instructions designed for execution on a computer system.

The computer program may be stored internally on computer readable storage medium or transmitted to the computer system via a computer readable transmission medium. All or some of the computer program may be provided on transitory or non-transitory computer readable media permanently, removably or remotely coupled to an information processing system. The computer readable media may include, for example and without limitation, any number of the following: magnetic storage media including disk and tape storage media; optical storage media such as compact disk media (e.g., CD-ROM, CD-R, etc.) and digital video disk storage media; nonvolatile memory storage media including semiconductor-based memory units such as FLASH memory, EEPROM, EPROM, ROM; ferromagnetic digital memories; MRAM; volatile storage media including registers, buffers or caches, main memory, RAM, etc.; and data transmission media including computer networks, point-to-point telecommunication equipment, and carrier wave transmission media, just to name a few.

A computer process typically includes an executing (running) program or portion of a program, current program values and state information, and the resources used by the operating system to manage the execution of the process. An operating system (OS) is the software that manages the sharing of the resources of a computer and provides programmers with an interface used to access those resources. An operating system processes system data and user input, and responds by allocating and managing tasks and internal system resources as a service to users and programs of the system.

The computer system may for instance include at least one processing unit, associated memory and a number of input/output (I/O) devices. When executing the computer program, the computer system processes information according to the computer program and produces resultant output information via I/O devices.

In the foregoing specification, the invention has been described with reference to specific examples of embodiments of the invention. It will, however, be evident that various modifications and changes may be made therein without departing from the broader spirit and scope of the invention as set forth in the appended claims.

The connections as discussed herein may be any type of connection suitable to transfer signals from or to the respective nodes, units or devices, for example via intermediate devices. Accordingly, unless implied or stated otherwise, the connections may for example be direct connections or indirect connections. The connections may be illustrated or described in reference to being a single connection, a plurality of connections, unidirectional connections, or bidirectional connections. However, different embodiments may vary the implementation of the connections. For example, separate unidirectional connections may be used rather than bidirectional connections and vice versa. Also, plurality of connections may be replaced with a single connection that transfers multiple signals serially or in a time multiplexed manner. Likewise, single connections carrying multiple signals may be separated out into various different connections carrying subsets of these signals. Therefore, many options exist for transferring signals.

Each signal described herein may be designed as positive or negative logic. In the case of a negative logic signal, the signal is active low where the logically true state corresponds to a logic level zero. In the case of a positive logic signal, the signal is active high where the logically true state corresponds to a logic level one. Note that any of the signals described herein can be designed as either negative or positive logic signals. Therefore, in alternate embodiments, those signals described as positive logic signals may be implemented as negative logic signals, and those signals described as negative logic signals may be implemented as positive logic signals.

Furthermore, the terms "assert" or "set" and "negate" (or "deassert" or "clear") are used herein when referring to the rendering of a signal, status bit, or similar apparatus into its logically true or logically false state, respectively. If the logically true state is a logic level one, the logically false state is a logic level zero. And if the logically true state is a logic level zero, the logically false state is a logic level one.

Those skilled in the art will recognize that the boundaries between logic blocks are merely illustrative and that alternative embodiments may merge logic blocks or circuit elements or impose an alternate decomposition of functionality upon various logic blocks or circuit elements. Thus, it is to be understood that the architectures depicted herein are merely exemplary, and that in fact many other architectures can be implemented which achieve the same functionality. For example, the units 26 to 30 may be integrated in the core unit 12 or in the memory unit 14. Any arrangement of components to achieve the same functionality is effectively "associated" such that the desired functionality is achieved. Hence, any two components herein combined to achieve a particular functionality can be seen as "associated with" each other such that the desired functionality is achieved, irrespective of architectures or intermedial components. Likewise, any two components so associated can also be viewed as being "operably connected," or "operably coupled," to each other to achieve the desired functionality.

Furthermore, those skilled in the art will recognize that boundaries between the above described operations merely illustrative. The multiple operations may be combined into a single operation, a single operation may be distributed in additional operations and operations may be executed at least partially overlapping in time. Moreover, alternative embodiments may include multiple instances of a particular operation, and the order of operations may be altered in various other embodiments.

Also for example, the examples, or portions thereof, may implemented as soft or code representations of physical circuitry or of logical representations convertible into physical circuitry, such as in a hardware description language of any appropriate type.

Also, the invention is not limited to physical devices or units implemented in nonprogrammable hardware but can also be applied in programmable devices or units able to perform the desired device functions by operating in accordance with suitable program code, such as mainframes, minicomputers, servers, workstations, personal computers, notepads, personal digital assistants, electronic games, automotive and other embedded systems, cell phones and various other wireless devices, commonly denoted in this application as 'computer systems'.

However, other modifications, variations and alternatives are also possible. The specifications and drawings are, accordingly, to be regarded in an illustrative rather than in a restrictive sense.

In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word 'comprising' does not exclude the presence of other elements or steps then those listed in a claim. Furthermore, the terms "a" or "an," as used herein, are defined as one or more than one. Also, the use of introductory phrases such as "at least one" and "one or more" in the claims should not be construed to imply that the introduction of another claim element by the indefinite articles "a" or "an" limits any particular claim containing such introduced claim element to inventions containing only one such element, even when the same claim includes the introductory phrases "one or more" or "at least one" and indefinite articles such as "a" or "an." The same holds true for the use of definite articles. Unless stated otherwise, terms such as "first" and "second" are used to arbitrarily distinguish between the elements such terms describe. Thus, these terms are not necessarily intended to indicate temporal or other prioritization of such elements. The mere fact that certain measures are recited in mutually different claims does not indicate that a combination of these measures cannot be used to advantage.

Claims

Claims

1 . A device (10) for executing a program in a sequence of instruction cycles, the program comprising instructions stored in a plurality of memory locations of a memory unit (14), wherein the device comprises:

a program counter (15) arranged to provide a program counter value;

a memory access unit (13) arranged to read (1.2) a data word (w) from a memory location identified by the program counter value, wherein the data word (w) comprises an instruction (Γ) and a protection signature (χ);

a signature unit (22, 24) arranged to determine a signature function (Γ->χ) corresponding to the program counter value and to determine (1 .3) a verification signature (x_veri) by applying the signature function (Γ->χ) to the instruction (Γ);

a processing unit (12) arranged to execute (1 .6) the instruction (Γ) if the verification signature (x_veri) and the protection signature (x_prot) are consistent with each other; and

an error signal unit (30) arranged to initiate (1 .5) an error action if they are inconsistent with each other.

2. The device of claim 1 , further comprising a context value unit (20) arranged to provide a context value (θ·) and to update the context value (θ·) for each instruction cycle, wherein the signature unit (22, 24) is arranged to determine the signature function (Γ->χ) on the basis of the context value (θ·).

3. The device of claim 2, wherein the signature function (Γ->χ) depends parametrically on the context value (θ·).

4. The device of claim 2, wherein the context value unit is arranged to update the context value for each instruction cycle by:

incrementing the context value (θ·) by one increment (Δθ·) in response to the instruction of a preceding instruction cycle being a normal instruction; and

incrementing the context value (θ·) by a multiple (Μ^*Δθ·) of said increment in response to the instruction of a preceding instruction cycle being a relative jump instruction.

5. The device of claim 2, wherein the context value unit is arranged to determine the context value (θ·) as

θ = ξ_ω || (ξ™_ϋ ^* ξ mod 2^**p) wherein the symbol || means "concatenated with", the symbol ^* means "multiplied by", the symbol ^** means "to the power of, ξ_ω is a context identifier, ξ_ρ0ι is a generator polynomial of size p, and is a dynamic context-modifier.

6. The device of claim 1 , arranged to determine the signature function (Γ->χ) on the basis of the program counter value.

7. A method of executing a program, wherein the method comprises providing a program counter value and performing a sequence of instruction cycles, wherein each instruction cycle comprises:

updating the program counter value (1 .1 );

reading (1 .2) a data word (w) from a memory location identified by the updated program counter value, wherein the data word (w) comprises an instruction (Γ) and a protection signature

(x);

determining (1.3) a verification signature (χ) by applying a signature function (Γ->χ) associated with the program counter value to the instruction (Γ);

executing (1.6) the instruction (Γ) if the verification signature and the protection signature (χ) are consistent with each other; and

initiating (1.5) an error action if they are inconsistent with each other.

8. The device of claim 7, wherein the signature function (Γ->χ) is a checksum function.

9. The device of claim 7, wherein determining the signature function (Γ->χ) comprises: determining a generator polynomial.

10. The method of claim 10, comprising:

providing a context value (θ·) separately from the program counter value;

wherein the operation of determining the signature function (Γ->χ) comprises:

updating the context value (θ·); and

determining the signature function (Γ->χ) in dependence on the context value (θ·).

1 1. The method of claim 7, wherein the signature function (Γ->χ) depends parametrically on the context value (θ·).

12. The method of claim 10, wherein updating the context value comprises:

incrementing the context value (θ·) by one increment (Δθ·) in response to the instruction of a preceding instruction cycle being a normal instruction; and incrementing the context value (0) by a multiple (Μ*Δθ·) of said increment in response to the instruction of a preceding instruction cycle being a relative jump instruction.

13. A method for storing a program on a data carrier comprising a plurality of memory locations, wherein the method comprises providing a context value (θ·) and performing a sequence of write cycles, each write cycle comprising:

incrementing the context value (θ·) by one increment (AS);

determining a protection signature (χ) by applying a signature function (Γ— >χ) to an instruction (Γ), the signature function (Γ— >χ) depending parametrically on the context value (S); selecting a next memory location among said plurality of memory locations; and writing a data word (w) to the selected memory location, wherein the data word (w) comprises the instruction (Γ) and said protection signature (χ);

14. The method of claim 13, wherein the data word (w) is a concatenation (νν=Γ| |χ) of the instruction (νν=Γ||χ) and the protection signature (νν=Γ||χ).