1. Field of the Invention
The present invention relates to an address space protection method for a data processing apparatus that switches and executes a plurality of programs.
2. Description of Related Art
A technology in which logical address spaces including an instruction address space and a data address space are protected from unauthorized access from a device that executes programs, such as a central processing unit (CPU), that is, so-called address space protection technology is known. According to the conventionally-known address space protection technology, for example, protection information for specifying an accessible partial address space in an address space, and an access destination address are compared when a CPU makes instruction fetch access, data write access, or data read access, thereby verifying the validity of access. Further, a technology is known in which contents of address space protection are changed according to a program executed by the CPU and a privilege level given to the program in advance.
Japanese Unexamined Patent Application Publication No. 3-141446 (hereinafter, referred to as “Patent Document 1”), for example, discloses a technology in which different privilege levels are given to each of OSs in a multi-OS system in which a plurality of operating system programs are run on a single CPU, to thereby restrict an accessible address space according to a difference in privilege level. Specifically, address information for specifying the accessible partial address space are correlated with the privilege level at which access to the partial address space is permitted, and correlated information is stored as protection information in a memory such as a register. Then, a memory protection circuit receiving access to the partial address space specified by the protection information permits the access only when the privilege level of an OS that makes memory access matches the privilege level specified by the protection information.
Further, Japanese Unexamined Patent Application Publication No. 2006-216012 (hereinafter, referred to as “Patent Document 2”) discloses a technology in which address space protection is carried out based on specific protection information indicating a relation between a program and at least two protection types so as to apply different protection types of the address space protection to programs run at the same privilege level. As for two application programs A and B that are run at the same privilege level, for example, protection information for specifying contents of permitting access from a partial address space for the program A to a partial address space for the program B and prohibiting the access from the partial address space for the program B to the partial address space for the program A is stored in a register and the like. As a result, even though the programs have the same privilege level, it is possible to permit calling of the program B from the program A and prohibit calling of the program A from the program B, without switching the privilege level, for example.
Further, “TriCore 1 32-Bit Unified Processor Core Volume 1: Core Architecture V1.3.6” (hereinafter, referred to as “Non-Patent Document 1”) issued by Infineon Technologies discloses a microcontroller including a plurality of memory protection register sets (see Chapter 8: Memory Protection System of Non-Patent Document 1). In this case, the memory protection register set refers to an assembly of a plurality of (specifically, four) memory protection registers, and each of the memory protection registers specifies a single accessible partial address space. More specifically, the microcontroller disclosed in Non-Patent Document 1 includes eight memory protection register sets in total, and each of the memory protection register sets consists of four memory protection registers as described above. To protect an instruction memory, four register sets are used to specify four accessible partial address spaces at maximum in the instruction address space. To protect a data memory, the remaining four register sets are used to specify four accessible partial address spaces at maximum in the data address space.
Further, in the microcontroller disclosed in Non-Patent Document 1, both the instruction protection register set and the data protection register set for using address space protection are switched at the same time upon switching of the execution program. Specifically, any one pair of the four pair of register sets each including a single instruction protection register set and a single data protection register set is selected as an active pair of register sets by using a 2-bit protection register set (PRS) field provided in a program status word (PSW) register.
The microcontroller disclosed in Non-Patent Document 1 rewrites the PRS field to select a pair of protection register sets for a system service program (hereinafter, abbreviated as “S/S program”) in place of a pair of protection register sets for an application program, and uses the selected pair of register sets for the address space protection, when the application program calls the S/S program of different privilege level.
In short, the microcontroller disclosed in Non-Patent Document 1 realizes the address space protection with high reliability by using a different pair of protection register sets according to a difference in privilege level between programs. This configuration is advantageous in that the amount of processing required for updating a setting of the address space protection upon switching of the execution program can be reduced.