The invention relates to a method and to an apparatus for controlling write access to storage means for a digital data processing circuit.
Integrated circuits (IC) for digital audio and/or video data (AV) processing typically contain several sub-units which must be configured by set-up software before they can operate in one or several modes of operation.
The microcontroller for the set up and control of the sub-units can either be an external one in a separate IC, or, on some AV ICs, it will be integrated as an internal CPU core.
The software to run on such AV ICs may contain imperfections for several reasons like:
During the software development phase when implementation and debugging is not yet complete.
Even for product software, testing can not be extensive, i.e. can not cover 100% of all possible situations, as a matter of sheer complexity.
The AV IC may be operated in an environment where foreign, i.e. uncontrollable software is downloaded and runs on the IC.
A very frequent bug in developing driver software to run on AV decoder ICs is caused by un-initialised pointers and addresses. Such bugs have severe consequences at runtime. Amongst the worst of these is the inadvertent writing to device set-up registers which are typically memory-mapped into the general address space of the IC.
Adding debug software for monitoring un-initialised pointers and addresses will typically slow down the software performance to such an extent that this is no longer representative for the real-time behaviour of the IC. Also, typically, such monitoring debug software does give no indication on who generated the illegal or unintended register access. The typical operation of AV processing ICs has distinct phases or modes, where
1) in an initialisation phase or mode registers are set up according to the desired functionality using dedicated set up software;
2) in a normal decoding phase or mode the content of all or parts of these registers will not be changed any more; the values they hold will merely govern the decoding and data processing that is carried out within the IC.
In both kind of modes it may happen that the IC is operated with downloaded foreign software which has write access to such registers into which the original software would not write or concerning which the original software assumes in the normal decoding mode to contain certain original values.
It is one object of the invention to disclose a method for preventing, when running application software, the writing of data in case of invalid pointers or address values and for indicating the source of an illegal or unintended address value.
It is a further object of the invention to disclose an apparatus which utilises the inventive method.
The invention concerns a hardware addition to the register write access logic, by which write accesses can be deliberately allowed (enabled) or disallowed (disabled) for distinct periods of time.
Advantageously this additional hardware can be very small and cheap. The output of a CPU controlled 1-bit RegisterWriteAllowed register is combined in an AND function with the normal WriteEnable signal in order to form a ProtectedWriteEnable signal for the subsequent data storage means to be controlled. There may be two additional CPU commands for setting and resetting the RegisterWriteAllowed register.
Since typically both above mentioned operation phases exist, write allowance will have to change only rarely, hence real-time performance is deteriorated only neglectably.
In addition to blocking any write processes, an extended version of the inventive add-on hardware can be incorporated such as to trigger an interrupt, which can signal that an illegal write attempt has occurred.
In a further embodiment of the invention, in case of such interrupt, the address of the current CPU command is captured into a dedicated register, which allows to retrieve who, i.e. which part of the application software, generated the unintended register access.
In principle, the inventive method is suited for controlling write access to storage means for a digital data processing circuit which can be operated in an initialisation mode before operating in a normal processing mode, wherein in order to avoid the use of invalid or un-intended address values or pointers for said storage means during said normal processing mode, at least one write enable signal is conditionally passed to said storage means under the control of an associated RegisterWriteAllowed register output signal, in particular by using an AND function.
In principle the inventive apparatus for controlling write access to storage means for a digital data processing circuit, which can be operated in an initialisation mode before operating in a normal processing mode, includes:
storage means control means providing at least one read enable signal and at least one write enable signal for said storage means;
combining means, in particular an AND gate, for conditionally passing said at least one write enable signal to said storage means under the control of an associated RegisterWriteAllowed register output signal in order to avoid the use of invalid or un-intended address values or pointers for said storage means during said normal processing mode.