JP4732921B2 - Program correctness verification device - Google Patents

Description

  The present invention relates to a program validity verification apparatus, and more particularly to a program validity verification apparatus suitable for verifying the validity of a program held in a memory.

  Conventionally, before starting a program main body such as an OS, the CPU executes a program such as a boot loader so that the program main body is expanded and held in a memory such as FlashROM or RAM (that is, a program main body image). ) Was verified for the validity of the program image.

  A so-called checksum is used to verify the validity of the program body image, and the CPU calculates a checksum of the program body image and compares the calculation result with a correct checksum stored in advance. It was.

  As a result of this collation, when the checksum calculation result matches the correct checksum stored in advance, the CPU regards the program body image as a legitimate one that is not damaged. The program body image was considered invalid (damaged).

  The CPU executes the program body when the program body image is valid, and restores the program body from the secondary storage memory or the like when the program body image is not valid (damaged). It was like that.

JP-A-5-324370

  However, in recent years, due to the enormous size of the program body image as the program becomes more complicated, it takes a long time to verify the validity of the program body image by calculating the checksum, which delays the execution of the program body. There was a problem.

  For example, in the past, although the image of the program body has not been damaged, it may take several seconds from the start of the checksum calculation to the execution of the program body depending on the time required for the checksum calculation. there were.

  Therefore, the present invention has been made in view of such a problem, and it is possible to promptly execute a legitimate program by quickly verifying the legitimacy of the program, thereby reducing the startup time of the system. An object of the present invention is to provide a program validity verification device that can be shortened.

  In order to achieve the above object, a program correctness verification apparatus according to the present invention is a program correctness verification apparatus for verifying the correctness of a program held in a memory, and for the program held in the memory A graphic accelerator for performing a predetermined calculation; a result obtained by the predetermined calculation when the program held in the memory is valid; prepared in advance; and the program for the program held in the memory by the graphic accelerator It is characterized in that the program stored in the memory is regarded as valid when the result of a predetermined calculation matches the result prepared in advance. According to such a configuration, the graphic accelerator performs a predetermined operation in which the program is handled as an image with respect to the program held in the memory, and the result of the predetermined operation is prepared in advance ( It is possible to quickly verify the validity of the program held in the memory based on whether or not the result matches the result of the legitimate program.

  The program validity verification apparatus according to the present invention is characterized in that the predetermined operation includes an exclusive OR (XOR). According to such a configuration, the validity of the program held in the memory can be more quickly achieved by using exclusive OR that is easy to calculate and can obtain a calculation result suitable for detecting program breakage. And it becomes possible to verify appropriately.

  Furthermore, the program correctness verification apparatus according to the present invention is characterized in that the predetermined calculation is a raster operation. According to such a configuration, it is possible to verify the validity of the program held in the memory at a higher speed using the raster operation.

  Furthermore, the program correctness verification apparatus according to the present invention is formed so as to prepare a work memory storing data having a set initial value used for the predetermined calculation, and the graphic accelerator includes the memory A program for one block in the program held in the memory and all or part of the data stored in the work memory are read, and the program for one block and all or part of the data read are used. A series of processes such as performing a logical operation, storing the result of the logical operation in the work memory, and updating the data stored in the work memory is performed up to all blocks in the program held in the memory. It is formed so as to perform the predetermined calculation by repeating sequentially, The data by repeating the processing of the communication is ultimately stored in the work memory is characterized by being the result of said predetermined operation. According to such a configuration, a program held in the memory is used as the source data by utilizing a function of performing a logical operation between the source data and the destination data provided in a general graphic accelerator, and the work memory It is possible to perform a predetermined operation by repeating a series of processing (in other words, drawing to a work memory) including a logical operation using the data stored in the destination data as destination data. The result of the predetermined calculation can be acquired as data finally stored in the work memory (in other words, the final drawing result in the work memory). Then, it is possible to more accurately verify the validity of the program held in the memory based on whether or not the result of the predetermined calculation acquired in this way matches the result prepared in advance. .

  In the program validity verification apparatus according to the present invention, the result of the predetermined calculation and the result prepared in advance are each formed by a plurality of pixel data, and the graphic accelerator is configured to perform the predetermined calculation. And the result prepared in advance are calculated for each set of pixel data corresponding to each other in both results, and the calculation result of this exclusive OR is calculated for all pixels. When a result corresponding to 0 is obtained in a data set, it is determined that the result of the predetermined calculation matches the result prepared in advance, and the program stored in the memory is regarded as valid. It is characterized by being. According to such a configuration, the graphic accelerator can easily verify the validity of the program held in the memory by calculating the exclusive OR of the result of the predetermined operation and the result prepared in advance. It becomes possible to do.

  Furthermore, in the program validity verification apparatus according to the present invention, the result of the predetermined calculation and the result prepared in advance are each formed by a plurality of pixel data, and all the results in the result prepared in advance are included. Pixel data is data corresponding to 0, the initial value of the data stored in the work memory is a value corresponding to the previously prepared result, and the predetermined value for the program held in the memory When all the pixel data in the result of the calculation is data corresponding to 0, it is determined that the result of the predetermined calculation matches the result prepared in advance, and the program held in the memory is valid. It is characterized by being formed to be considered to be. According to such a configuration, the validity of the program held in the memory can be further quickly determined based on whether or not all pixel data in the result of the predetermined calculation by the graphic accelerator becomes data corresponding to 0. Can be verified.

  According to the program correctness verification apparatus according to the present invention, it is possible to promptly execute a legitimate program by quickly verifying the correctness of the program held in the memory using the arithmetic function of the graphic accelerator. As a result, the startup time of the system can be shortened.

  Furthermore, according to the present invention, the validity of the program held in the memory is verified by using the arithmetic function of the graphic accelerator, thereby reducing the burden on the CPU and ensuring the CPU free time. Even while the validity of the program held in the memory is being verified, the program that has already been considered valid can be executed immediately by the CPU.

  Hereinafter, an embodiment of a program validity verification apparatus according to the present invention will be described with reference to FIGS. 1 to 3.

  FIG. 1 shows a hardware configuration of a program validity verification apparatus 1 according to this embodiment. As shown in FIG. 1, the program validity verification apparatus 1 according to this embodiment includes a Flash ROM, a RAM, and the like. A memory 2, a CPU 3, and a graphic accelerator 4 are included.

  The memory 2 stores a program body such as an OS as a program read from a storage device (not shown) such as a hard disk drive as a program body image. The process of reading the program body from the storage device and holding it in the memory 2 is performed by a program other than the program body, such as a boot loader.

  The graphic accelerator 4 performs a predetermined calculation using the program main body image as an image for the program main body image held in the memory 2, and stores an operation result (hereinafter referred to as a predetermined operation result) in the memory 2. It is like that.

  In addition, as a result prepared in advance in the memory 2, a result obtained by the predetermined calculation when the program main body image held in the memory 2 is valid (when there is no damage) (hereinafter referred to as a valid result). Is stored.

  The CPU 3 considers that the program main body image held in the memory 2 is valid when the predetermined calculation result matches the valid result.

  Specifically, as shown in FIG. 2, the graphic accelerator 4 converts the program body image 5 into one block of program body images 5a to 5e divided into a plurality of blocks during the predetermined calculation. It is designed to be recognized as a set. Note that the program main body image 5 in FIG. 2 includes five program main body images 5a to 5 from the first main body program image 5a for one block to the fifth main body image 5e for one block. 5e. As shown in FIG. 2, the program body image 5 can be represented by a value of 0 or 1 in the case of a binary number.

  The graphic accelerator 4 treats such a program body image 5 as an image at the time of the predetermined calculation, and regards the program body images 5a to 5e for one block as a set of a plurality of pixel data. .

  For example, if it is assumed that the program body images 5a to 5e for one block are data of 64 rows × 64 columns (512 bytes) and the graphic accelerator 4 represents one pixel by 1 bit, one block worth The program body images 5a to 5e can be regarded as black and white (binary) images composed of 4096 pieces of pixel data.

  In this case, data having a value of “1” in the program main body images 5a to 5e for one block is regarded as white pixel data in the black and white image, and “0” in the program main body images 5a to 5e for one block. Data that takes a value is taken as black pixel data.

  As shown in FIG. 2, a work memory 7 is prepared in the memory 2 by the CPU 3, and data in which a predetermined initial value used for the predetermined calculation is set is stored in the work memory 7. Stored.

  Data stored in the work memory 7 (hereinafter referred to as work memory data 8) is formed by a plurality of pixel data.

  In this embodiment, the initial value of the work memory data 8 is such that all the pixel data in the work memory data 8 is black data corresponding to “0” when one pixel is expressed by 1 bit. (Hereinafter referred to as initial value 0).

  Therefore, as shown in FIG. 2, the data 8 in the work memory having the initial value 0 is expressed as a black image on the entire surface.

  In this embodiment, the data 8 in the work memory has the same data size as the program main body images 5a to 5e for one block, and the number of pixel data of the data 8 in the work memory is one block. The number of pixel data in the program main body image is the same in the same row and in the same column.

  Further, as shown in FIG. 2, the above-described valid result 9 is stored in advance in the area in the memory 2, and this valid result 9 is formed by the same number of pixel data in the same row and in the same column as the data 8 in the work memory. Has been.

  When the graphic accelerator 4 starts the predetermined calculation, the graphic accelerator 4 reads the program main body image 5a for the first one block from the memory 2 as shown by the arrow numbered (1) in FIG. It has become.

  At this time, the graphic accelerator 4 reads the work memory data 8 set to the initial value 0 from the work memory 7 as indicated by the arrow numbered (2) in FIG. ing.

  The graphic accelerator 4 is positioned in the same row and in the same row corresponding to each other between the read program main body image 5a for one block and the data 8 in the work memory, as indicated by the number (3) in FIG. For each set of pixel data to be processed, an exclusive OR (XOR) as a logical operation is calculated.

  For example, an exclusive OR is calculated between the pixel data of the m-th row and the n-th column in the program main body image 5a for one block and the pixel data of the m-th row and the n-th column in the work memory data 8. It has become so.

  Here, when the exclusive OR is considered with 1-bit data, when the values of the two data related to the calculation are equal to each other (in the case of “0” or “1”), they are 0 and are different from each other ( 1 when one is “0” and the other is “1”. Therefore, for example, the pixel data of the m-th row and the n-th column in the program body image 5a for one block is white data corresponding to “1”, and the m-th row and the n-th column in the work memory data 8 When the pixel data is black data corresponding to “0”, the exclusive OR is white data corresponding to “1”.

  This exclusive OR is a raster operation when one pixel data is expressed by 1 bit.

  Then, as shown by the arrow numbered (4) in FIG. 2, the graphic accelerator 4 gives the result of the exclusive OR for each set of the pixel data, and the work memory data 8 in the work memory 7. It is stored (overwritten) in the same position as the read position.

  For example, the result of the exclusive OR using the pixel data set of the m-th row and the n-th column is stored at the pixel position of the m-th row and the n-th column in the work memory 7.

  As a result, as shown in FIG. 2, the data 8 in the work memory is updated, and the result of the first exclusive OR is rendered as a monochrome image in the work memory 7.

  Next, the graphic accelerator 4 reads the program main body image 5b for the second one block from the memory 2, as shown by the arrow numbered (5) in FIG.

  Then, the graphic accelerator 4 also performs an exclusive OR with the work memory data 8 for the second one-block program body image 5b as in the first case. Calculation is performed for each set of pixel data located in the same column, and the result is stored in the work memory 7.

  Such a series of processing is sequentially repeated until reaching the fifth (last) program body image 5e, whereby the work memory data 8 finally stored in the work memory 7 as the predetermined calculation result. (Final drawing result) is acquired.

  Then, the CPU 3 compares the predetermined calculation result stored in the work memory 7 with the valid result 9, as indicated by the arrow with the number (6) in FIG. The program body image 5 stored in the memory 2 is regarded as a legitimate one that is not damaged.

  As described above, in this embodiment, the graphic accelerator 4 performs a predetermined operation on the program body image 5 held in the memory 2 as an image, and the predetermined operation result is valid. Based on whether or not the result 9 matches, the validity of the program body image held in the memory 2 can be quickly verified.

  In addition, the above-described exclusive OR is not only easy to calculate, but also has a logical product (AND) that tends to be biased to black data corresponding to a predetermined calculation result of “0”, and a predetermined calculation result of “1”. Compared to the case of logical sum (OR) that tends to be biased to white data, it is easy to obtain a black and white image in which black data and white data are mixed. Therefore, the validity of the program body image 5 held in the memory 2 can be verified more quickly and appropriately by performing the predetermined operation including such exclusive OR.

  Further, by utilizing a function of performing logical operation between source data and destination data provided in a general graphic accelerator 4, the program body image 5 held in the memory 2 is used as source data, and data 8 in the work memory is used. It is possible to easily execute an exclusive logical sum using as destination data.

  In a more preferred embodiment, the CPU 3 causes the graphic accelerator 4 to calculate the exclusive OR of the predetermined calculation result and the valid result 9 for each set of pixel data located in the same row and column corresponding to each other.

  When the result of the exclusive OR becomes black data corresponding to “0” in all sets of pixel data, the CPU 3 determines that the predetermined calculation result matches the valid result 9, and the memory 2 It is assumed that the program main body image 5 stored in is valid.

  In this way, the validity of the program body image 5 stored in the memory 2 can be verified more simply.

  Next, the operation of the present embodiment will be described with reference to FIG.

  In the initial state, it is assumed that the program body image 5 is read from the hard disk drive or the like and held in the memory 2.

  When the verification process of the validity of the program main body image 5 held in the memory 2 is started from the initial state, the CPU 3 uses a boot loader or the like in step 1 (ST1) in FIG. A work memory 7 in which internal data 8 is stored is prepared. Then, the graphic accelerator 4 is set up using the program body image 5 stored in the memory 2 as source data and the work memory data 8 as destination data.

  Next, in step 2 (ST2), the graphic accelerator 4 sets the block number j of the program main body images 5a to 5e for one block read from the memory 2 to 1, and proceeds to step 3 (ST3).

  Next, in step 3 (ST3), the graphic accelerator 4 reads from the memory 2 the program body images 5a to 5e for one block of the jth block (the first block immediately after ST3).

  Next, in step 4 (ST4), the graphic accelerator 4 reads the work memory data 8 from the work memory 7. The process of step 4 (ST4) may be performed simultaneously with step 3 (ST3).

  Next, in step 5 (ST5), the graphic accelerator 4 excludes the program main body images 5a to 5e for one block read in step 3 (ST3) and the work memory data 8 read in step 4 (ST4). A logical OR (XOR) is calculated for each set of pixel data corresponding to each other.

  Next, in step 6 (ST6), the graphic accelerator 4 stores the calculation result of the exclusive OR in step 5 (ST5) in the work memory 7.

  Next, in step 7 (ST7), the graphic accelerator 4 determines that the block number j of the program body images 5a to 5e for one block subjected to the exclusive OR in step 5 (ST5) is the last block number ( It is determined whether or not j = 5). If j = 5, the process proceeds to step 8 (ST8). If not (j <5), the process proceeds to step 9 (ST9).

  When the process proceeds to step 8 (ST8), the predetermined calculation is completed by the process up to step 6.

  On the other hand, when proceeding to step 9 (ST9), the predetermined calculation has not yet been completed. In this case, in step 9 (ST9), the value of j is incremented by one and the process returns to step 3 (ST3). Until j = 5, step 3 (ST3) to step 7 (ST7) and step 9 (ST9) are performed. ) Is repeated.

  Next, in step 8 (ST8), the CPU 3 determines whether or not the predetermined calculation result acquired in step 6 (ST6) matches the correct result 9 held in the memory 2, and if they match, The process proceeds to step 10 (ST10), and if they do not match, the process proceeds to step 11 (ST11).

  In step 10 (ST10), the CPU 3 determines that the program body image 5 held in the memory 2 is valid, and ends the validity verification process.

  On the other hand, in step 11 (ST11), the CPU 3 determines that the program body image 5 held in the memory 2 is not valid (there is damage), and ends the validity verification process.

  As described above, according to the present embodiment, the program main body image 5 held in the memory 2 can be quickly verified using the arithmetic function of the graphic accelerator 4, and as a result, a legitimate program can be executed promptly. As a result, the startup time of the system can be shortened.

  Furthermore, according to the invention, the validity of the program main body image 5 held in the memory 2 is verified using the arithmetic function of the graphic accelerator 4, thereby reducing the load on the CPU 3 and ensuring free time in the CPU 3. Therefore, even when the validity of the program body image 5 held in the memory 2 is being verified, the CPU 3 can immediately execute the program body image 5 that has already been considered valid. Can do.

  In addition, this invention is not limited to embodiment mentioned above, A various change is possible as needed.

  For example, in the above-described embodiment, the work memory data 8 having an initial value 0 is used in the predetermined calculation, but the present invention is not limited to such a configuration. For example, all the pixel data in the valid result 9 may be black data corresponding to 0, and the initial value of the work memory data 8 may be a value corresponding thereto.

  In this way, whether or not the program body image 5 held in the memory 2 is valid is determined based on whether or not all pixel data in the predetermined calculation result is black data corresponding to 0. Therefore, the number of operations can be reduced as compared to the case where the exclusive OR of the predetermined operation result and the valid result 9 is calculated as in the above-described embodiment. As a result, the validity of the program body image 5 held in the memory 2 can be verified more quickly.

  In the above-described embodiment, the size of the program main body images 5a to 5e for one block and the data 8 in the work memory are the same, but the size of the data 8 in the work memory is set to the program main body image 5a for one block. It may be larger than the size of ~ 5e. In this case, the calculation of the exclusive OR described above is performed for the program body images 5a to 5e for one block and a part of the data 8 in the work memory (data for the same size as the program body images 5a to 5e for one block). ) And by overwriting the result of the exclusive OR, a part of the data 8 in the work memory may be updated. In this case, a part of the data in the work memory data 8 is used for the exclusive OR, and the data in the work memory 8 is updated with the result of the exclusive OR. It can be changed variously depending on the concept.

  In this way, since the data amount of the work memory data 8 can be increased, it is possible to more easily detect damage to the program body image 5.

  Furthermore, in the embodiment described above, one pixel is expressed by 1 bit, but one pixel may be expressed by a plurality of numbers of bits such as 8 bits and 16 bits. In this case, 8 bits or 16 bits of data in the program main body image 5 is captured as one pixel during the predetermined calculation.

  Furthermore, if the present invention is applied to an in-vehicle navigation system, the in-vehicle navigation system can be started quickly.

The block diagram which shows hardware constitutions in the embodiment of the program correctness verification apparatus which concerns on this invention FIG. 1 is a block diagram showing a more detailed configuration than FIG. 1 in the embodiment of the program validity verification apparatus according to the present invention. The flowchart which shows embodiment of the program correctness verification apparatus which concerns on this invention

Explanation of symbols

1 Program correctness verification device 2 Memory 3 CPU
4 Graphic accelerator 4
5 Program body image 7 Work memory 7
8 Work memory data 9 Valid result

Claims (5)

A program validity verification device for verifying the validity of a program held in a memory,
A graphic accelerator for performing a predetermined operation on the program held in the memory; a result obtained by the predetermined operation when the program held in the memory is valid; When the result of the predetermined operation on the program held in the memory according to is coincident with the result prepared in advance, the program held in the memory is regarded as valid ,
It is formed so as to prepare a work memory storing data having a set initial value used for the predetermined calculation,
The graphic accelerator reads a program for one block in the program held in the memory and all or part of the data stored in the work memory, and reads the program for the one block and the data stored in the data. A program held in the memory for performing a series of processes such as performing a logical operation using all or a part, storing the result of the logical operation in the work memory, and updating the data stored in the work memory Is formed so as to perform the predetermined calculation by sequentially repeating until reaching all the blocks in
The program correctness verification apparatus , wherein the data finally stored in the work memory by repeating the series of processes is a result of the predetermined calculation .   The program correctness verification apparatus according to claim 1, wherein the predetermined operation includes an exclusive OR.   3. The program correctness verification apparatus according to claim 1, wherein the predetermined calculation is a raster calculation. The result of the predetermined calculation and the result prepared in advance are each formed by a plurality of pixel data,
The graphic accelerator is configured to calculate an exclusive OR of the result of the predetermined operation and the result prepared in advance for each set of pixel data corresponding to each other in both results;
When the calculation result of the exclusive OR is a result corresponding to 0 in all the pixel data sets, it is determined that the result of the predetermined operation matches the result prepared in advance, and the memory stores 4. The program validity verification apparatus according to claim 1 , wherein the program validity verification apparatus is formed so that the stored program is regarded as valid. The result of the predetermined calculation and the result prepared in advance are each formed by a plurality of pixel data,
All pixel data in the result prepared in advance is data corresponding to 0,
The initial value of the data stored in the work memory is a value corresponding to the result prepared in advance;
When all the pixel data in the result of the predetermined calculation for the program stored in the memory is data corresponding to 0, it is determined that the result of the predetermined calculation matches the result prepared in advance, 4. The program validity verification apparatus according to claim 1 , wherein the program validity verification apparatus is formed so that a program held in the memory is regarded as valid.

Images