1. Field of the Invention
The present invention relates to a microcomputer having a memory access control mechanism for determining whether to allow a memory access for a CPU.
2. Description of Related Art
Microcomputers mounted to transport machineries including automobiles and aircrafts and communication devices including and cellular phones and telephone switches to control these machineries and devices are referred to as embedded systems. An embedded system generally has a multi-programming environment in order to improve the processing time, secure real-time and improve the productivity by software componentization of a program. The multi-programming environment is an environment to show as if several application programs are executed in parallel by periodically switching several application programs to execute or switching the application programs in response to a generation of an event. Such multi-programming environment is realized by a CPU and system program handling to schedule the application programs executed by the CPU. A program unit executed in parallel in a multi-programming environment is hereinafter referred to as a task.
Conventionally in the embedded system, a memory protection function for restricting a memory space that is accessible to each task has not been considered as important. However in recent years, there are embedded systems capable of executing programs with uncertified reliability. For example, a cellular phone capable of downloading and executing Java (trademark of Sun Microsystems, Inc.) programs is commercialized. In such system, it is necessary to protect a system program and other application programs from programs with uncertified reliability. Further, there are demands for facilitating to debug in a software development process by separating the memory space by each application program of software component constituting the application program. With such background, an importance of the memory protection function in the microcomputer is increasing.
Memory protection, a control of memory access in a microcomputer, is performed by setting an area in the memory space to allow or to prohibit an access as memory protection information and then verifying a memory access request from CPU with the memory protection information. Specifically, if a memory address included in a memory access request is contained in an access permission area, the memory access is permitted. If the memory address is contained in an access prohibited area, the memory access is prohibited. Further, if the memory area used when executing a program is divided by each application program or task, it is necessary to change the memory area to allow an access in accordance with the switching of the programs to be executed. Accordingly the memory protection information is rewritten when the program is switched. A microcomputer having such memory protection function is disclosed in “ARM1156T2F-S Technical Reference Manual Rev.R0p0”, ARM Ltd., 25 Oct. 2005, <www.arm.com/pdfs/DDI0290C_arm1156t2fs_r0p0_trm.pdf>, Chapter 3 pp. 61-69 and Chapter5 p. 7, and “TriCore.132-Bit Unified Processor Core Volume 1: V1.3 Core Architecture”, Infineon Technologies, October 2005, <www.infineon.com/upload/Document/TriCore—1_um_vol1_Core_Architecture.pdf>, Chapter 8 pp. 4-10 and Chapter 8 p. 13.
The microcomputer disclosed by ARM Ltd. includes a memory protection unit. The memory protection unit further includes 16 protection setting registers for determining an area to allow memory accesses. A base address of the area to allow an access, the size of the access permission area and a valid bit for indicating whether the setting by the protection setting register is valid or invalid are stored in each protection setting register. The memory protection unit compares the memory address of the memory area that is requested by the CPU with the access permission area defined by the protection setting register having a valid bit set to valid. The memory protection unit determines whether to allow a memory access or not depending on whether the memory address that the CPU has issued an access request is included in the access permission area defined by the protection setting register having a valid bit set to valid.
On the other hand, the microcomputer disclosed by Infineon Technologies includes a plurality of protection setting registers capable of determining 4 ways of access permission areas for each of a data and an instruction area. A lower bound address and an upper bound address for the access permission area and a protection mode of the setting in the protection setting register are set to each of the protection setting registers. The protection mode is information indicating to allow/prohibit a write access, a read access and an execution that corresponds to the valid bit in the microcomputer disclosed by ARM Ltd.
The microcomputers disclosed by ARM Ltd. And Infineon Technologies sequentially updates the content of the protection setting registers according to the switching of the programs carried out by the CPU so as to set memory protection information for a program to be newly executed. Specifically, by sequentially performing processes to set a valid bit of a protection setting register to invalid, to set a permission area in the protection setting register and set a valid bit of the protection setting register having a determined permission area to valid state to all the protection setting registers, an access permission area for a newly executed program can be set.
As described in the foregoing, the microcomputers disclosed by ARM Ltd. and Infineon Technologies sequentially rewrites the protection setting registers when the program to be executed is switched. Therefore, it has now been discovered that the protection setting registers are likely to be failed being rewritten.