In regard to today's data processors, especially microcomputers for use with embedded devices, a technique having the following feature has been used: a central processing unit, hereinafter referred to as “CPU”, in charge of general-purpose processing, and a plurality of peripheral IP cores for specially designed processing are formed in one chip, and a processor so fabricated is used to build a system such that a plurality of application software programs can work. In a system so constructed, one main memory region is divided into a number of areas, and two or more software programs use the areas.
An originally unintended access from CPU in a data processor to a memory region which a software program is using may be made owing to, e.g., a bug of software origin, a bug of hardware origin, a temporary hardware trouble (involved with, e.g., a software error caused by alpha rays), and a malicious software program. Such access is hereinafter referred to as “unauthorized address-access”. Particularly, a product failure attributed to a bug of software origin often becomes a problem in embedded device applications.
Required to prevent such unauthorized address-access from exerting an adverse effect on another software program is a device which sets a range of accessible addresses to block an unauthorized address-access for each software program. In general, a software program executed by CPU, MMU (Memory Management Unit) performs: a memory management by means of a virtual memory; an address translation from a virtual address on a process space into a physical address on the main memory; and a block of an unauthorized address-access, hereinafter referred to as “access protection”. The access protection is performed based on a virtual address, and identification information including an operating mode of CPU handling it, a process identifier for identifying a process of a software program run by CPU, hereinafter referred to as “process ID”, and a domain identifier for identifying a software program of upper hierarchic level which manages the execution of the program, hereinafter referred to as “domain ID”.
However, in a system with DMAC, DMAC is located outside a processor core including CPU and MMU, the setting of an address, etc. is performed based on a request for an access from CPU or the like, and the access is executed based on them. Therefore, in such a system, the access protection by MMU does not work against the access. A DMAC technique for access protection against an access is disclosed in Japanese Unexamined Patent Application Publications JP-A-2004-334410, JP-A-2008-102850, and JP-A-10-289194, for example.
In the data processor disclosed by JP-A-2004-334410, an unauthorized-address-access-block mechanism is placed inside a control circuit module located on a bus between a bus master device, such as CPU or DMAC and a slave device, such as a main memory, or on address and control lines between the bus master device and the bus. The unauthorized-address-access-block mechanism has a previously set range of addresses within which an access from the bus master device to the slave device is permitted. At time of access by the bus master device, the unauthorized-address-access-block mechanism judges whether an address of interest which is output by the bus master device is included in the address range, thereby to block an unauthorized address-access.
The invention disclosed by the second cited reference JP-A-2008-102850 relates to a system having CPU, MMU and an external device which handles part of a process of a software program executed by CPU in place of CPU, wherein the external device has DMAC. When handling part of a process of the software program as a substitute, the external device uses DMAC to read data required for the processing, and to write the resultant data. When setting a transfer condition on DMAC, the external device acquires physical addresses corresponding to virtual addresses of the source and destination of transfer, and information concerning a authority of access, and then judges whether an access of interest is authorized or not.
In a system including CPU, MMU and DMAC, which is disclosed by the third cited reference JP-A-10-289194, a combination of transfer source and destination on which data transfer can be conducted is previously set on DMAC as resource select information. In data transfer, DMAC judges whether or not information of addresses of transfer source and destination associated with a data transfer request from CPU matches the resource select information, and conducts access protection depending on a result of the judgment.