1. Field of the Invention
The present invention relates to a microprocessor for executing program tasks in a pipeline architecture.
2. Description of the Related Art
Recently, in an open system that is generally used, hardware, components constituting computers for common users, such as Personal Computers (PCs) or source codes of an Operating System (OS) are disclosed. Accordingly, end users can modify the OS using these disclosed contents.
Meanwhile, in most application programs operating on the open system, it is required to secure a copyright on information regarding the application programs or a copyright on the application programs themselves. For this reason, there is a need for a structure in which secrecy of application programs is preserved, i.e., a structure in which attack on application programs is prevented. Although an OS is configured to protect against attacks on application programs, it is impossible to prevent attack on application programs in the case where the OS is modified. In view of this, there is a need for hardware that can preserve the secrecy of the application programs. Generally, third party violators will find it more difficult in modifying the hardware rather than modifying an OS.
As a kind of hardware having the above characteristics, in particular, a microprocessor, a tamper-resistant processor was proposed in, for example, JP-A-2001-230770. The tamper-resistant processor has the function of encrypting programs, and information used in the programs in an multi-task environment. This can prevent programs or information from leaking to a third party, or programs, etc. from being modified.
Further, recently, there has been disclosed a technique in which, in order to effectively utilize an execution resources of a microprocessor, when there is a stalling time of memory access, an instruction switches to an other thread and is then executed, thus obviating stalling time and improving the throughput. As an example of the technique, for example, Deborah T. Marr et al., Hyper-Threading Technology Architecture and Microarchitecture, Intel Technology Journal (February, 2002) disclose Hyper-Threading Technology in which one physical processor is recognized as two logical processors.
In these techniques, the execution resources is shared between the logical processors, but necessary resources, such as registers or Translation Look-aside Buffer (TLB), are provided in each of the processors. Further, as threads are switched, adequate resources are selected. Furthermore, during the stalling time of memory access, threads, which are not the threads that have to wait, still operate. In other times, respective threads are alternately executed.
In order to execute the above-described process, this technique includes a register renaming function for converting a register number written into an instruction file into a physical register number. Furthermore, each of the logical processors has a Register Alias Table (RAT) for renaming registers.
In order to realize secret protection of tasks, it is necessary to prohibit other tasks from illegally making reference to resources of one protected task, such as registers or memories. For example, an attacker can have access to a task subject to be protected using an OS.
Accordingly, a processor core controls the hardware to save the contents of a task before interrupt/resume, and to recover the contents of a task after interrupt/resume, if an interrupt/task resume instruction is issued. At the same time, the processor core updates the value of a task ID register. This can prevent other tasks from having access to the contents of a register set of a protected task or memory information.
However, most high-performance processors have a pipeline configuration in which plural instructions are processed and executed in parallel. In the pipeline, there is a period where instructions belonging to respective tasks before and after interrupt/resume are mixed.
If processor core reads/writes a register during the period in which instructions are mixed, it is impossible to control the contents of a register of a protected task in a safe and proper manner. For example, if switching of a register set is performed immediately after an interrupt is generated, there occurs a case where a task, which should be processed before the interrupt is generated, is interrupted and is written on a register of a task after the interrupt is generated.
Furthermore, if the value of the task ID register is updated right after the interrupt is generated, there occurs a case where the task before the interrupt performs cache access or memory access using the value of the task ID register after the interrupt. Further, by having access to the cache or memory using other task ID, read and write operations are executed according to a value that is encrypted/decrypted by a key different from a key corresponding to a task.
Furthermore, as a method of executing the switching of a register set corresponding to a task, there may be a method in which the RAT is maintained in each task using the register renaming function used to effectively utilize the physical execution resources in the Hyper-Threading Technology, etc.
Even if this technique is employed, since a task ID register is only one, there occurs a case where a value of the task ID register does not match a value of a task ID register before interrupt/resume or after interrupt/resume when the task before interrupt/resume and the task after interrupt/resume coexist. Accordingly, there is a problem in that it is impossible to prevent cache access or memory access using other task ID registers.