Method for protecting an application stack

By assigning a stack virtualization to each application stack and checking for overflows, generating interrupts to shut down the MCU or restore the stack, the problem of difficulty in identifying and preventing application stack overflows in the prior art is solved, ensuring system stability.

CN116257430BActive Publication Date: 2026-06-09HYUNDAI AUTOEVER

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
HYUNDAI AUTOEVER
Filing Date
2022-12-02
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

Existing technologies struggle to effectively identify and prevent system failures caused by application stack overflows, especially since compilers cannot determine the significant impact that unknown problems caused by stack overflows may have on the system.

Method used

A stack virtualization is assigned to each application stack, and each application stack is checked for overflow through the stack virtualization. An interrupt is generated to shut down the MCU or restore the stack, and the memory protection unit function of the operating system module and the microcontroller is used for protection.

Benefits of technology

It enables the identification and implementation of protective measures even when stack overflows do not immediately cause problems, preventing future system failures and ensuring system stability.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN116257430B_ABST
    Figure CN116257430B_ABST
Patent Text Reader

Abstract

Disclosed herein is a method for protecting an application stack, the method including: designating, by an operating system (OS) module, an additional stack virtual to an application stack connected with a micro control unit (MCU); generating, by the MCU, an interrupt by identifying whether the application stack overflows via the stack virtual; and performing, by the OS module, a protection measure for the overflowing application stack according to whether the interrupt is generated.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] Exemplary embodiments of this disclosure relate to a method for protecting an application stack, and more specifically, to a method for protecting an application stack by specifying a stack dummy for each application stack and checking each application stack for overflow based on the stack dummy to shut down a microcontroller unit (MCU) or restore the application stack according to the result of the check. Background Technology

[0002] Typically, in-vehicle electronic control systems allocate and release RAM storage space to perform various types of software operations. During this operation, it may be necessary to temporarily store predetermined data in memory via a signal or command. For this purpose, a stack area is designated on the memory for temporary storage.

[0003] Meanwhile, the term "stack overflow" refers to the phenomenon where a specific task uses all the stack allocated to it and intrudes into the storage area not allocated to it for storing its own information.

[0004] Even if an application experiences a stack overflow, it may not cause a problem depending on the preceding and following memory mappings. Because the compiler determines how the stack is stacked, it can be difficult for users to identify problems caused by the stack.

[0005] In other words, even if a stack overflow causes a problem, because the corresponding RAM portion is not being used, it is possible to not know the cause of the problem or whether a problem has already occurred.

[0006] However, this could cause problems and could have significant consequences for the system later.

[0007] The related technology disclosed herein is in Korean Patent Application Publication No. 10-2013-0060984 (June 10, 2013), entitled "METHOD OF MANAGING STACK IN MEMORY". Summary of the Invention

[0008] Various embodiments relate to a method for protecting an application stack by assigning a stack virtual to each application stack and checking each application stack for overflow based on the stack virtual to shut down the MCU or restore the application stack according to the result of the check.

[0009] In one embodiment, a method for protecting an application stack is provided, comprising: specifying an additional stack virtualization to the application stack connected to a microcontroller unit (MCU) by an operating system (OS) module; generating an interrupt by the MCU by identifying whether the application stack has overflowed via the stack virtualization; and performing protection measures for the overflowed application stack by the OS module based on whether an interrupt has been generated.

[0010] Specifying additional stack virtuals by the operating system (OS) module can include specifying the application stack by the OS module through the compiler, specifying stack virtual regions in the application stack by the OS module based on the symbols of the application stack, and specifying stack virtual symbols for the stack virtual regions by the OS module.

[0011] Interrupt generation by the MCU may include the OS module activating the memory protection unit (MPU) function for each stack virtual, the MCU generating a memory protection alarm based on whether the application stack overflows, and when a memory protection alarm is generated, the interrupt handler called by the OS module checking the overflowing application stack.

[0012] When the Memory Protection Unit (MPU) function is activated by the OS module, the OS module can virtually place the stack in the MPU area and enable the MPU area.

[0013] The interrupt handler can inspect the overflowing application stack by detecting the overflowing application stack by examining the region of the stack virtual symbol that generates the memory protection alarm.

[0014] Checking an application stack for overflow by the interrupt handler can include checking whether the application stack overflows, or which of multiple application stacks overflows.

[0015] Protective measures against overflowing application stacks, performed by the OS module, may include selectively performing protective measures based on user requests.

[0016] Selectively implementing protective measures may include shutting down the MCU.

[0017] Selectively performing protective measures may include restoring the application stack.

[0018] Selectively enforcing protection measures may include forcibly terminating the context using the application stack and then restarting the application.

[0019] As can be clearly seen from the above description, the method for protecting application stacks according to this disclosure specifies a stack virtual for each application stack and checks each application stack for overflow based on the stack virtual, so as to shut down the MCU or restore the application stack according to the result of the check.

[0020] Methods for protecting application stacks enable users to identify stack overflows and take stack protection actions, even if the stack overflow does not cause problems, thereby preventing system failures due to potential future stack overflows. Attached Figure Description

[0021] Figure 1 This is a block diagram illustrating an apparatus for protecting an application stack according to an embodiment of the present disclosure.

[0022] Figure 2 This is a diagram illustrating an example of specifying a virtual region for each application stack according to an embodiment of the present disclosure.

[0023] Figure 3 This is a diagram illustrating an example of placing a virtual region in the MPU region and activating the MPU according to an embodiment of the present disclosure.

[0024] Figure 4 This is a diagram illustrating an example of stack overflow detection according to an embodiment of the present disclosure.

[0025] Figure 5 This is a diagram illustrating an example of application stack recovery according to an embodiment of the present disclosure.

[0026] Figure 6 This is a flowchart illustrating a method for restoring an application stack according to an embodiment of the present disclosure. Detailed Implementation

[0027] The following will describe in detail, with reference to the accompanying drawings, a method for protecting an application stack according to embodiments of the present disclosure. It should be understood that, for clarity and convenience, the thickness of each line or the size of each component in the drawings may be exaggerated. Furthermore, the terminology used herein is defined in consideration of the functionality of this disclosure, and these terms may be changed according to the intent or practice of a user or operator. Therefore, these terms should be defined based on the full scope of the disclosure set forth herein.

[0028] Figure 1 This is a block diagram illustrating an apparatus for protecting an application stack according to an embodiment of the present disclosure. Figure 2 This is a diagram illustrating an example of specifying a virtual region for each application stack according to an embodiment of the present disclosure. Figure 3 This is a diagram illustrating an example of placing a virtual region in the MPU region and activating the MPU according to an embodiment of the present disclosure. Figure 4 This is a diagram illustrating an example of stack overflow detection according to an embodiment of the present disclosure.

[0029] refer to Figure 1The apparatus for protecting the application stack according to embodiments of the present disclosure includes a microcontroller unit (MCU) 10 and an operating system (OS) module 20.

[0030] OS module 20 specifies the application stack through the compiler.

[0031] The compiler provides the OS module with information to specify the application stack region within the memory area of ​​the MCU 10. In this case, the compiler specifies symbols such as Stack_Top and Stack_Bottom in the application stack region.

[0032] When the compiler specifies symbols such as Stack_Top and Stack_Bottom, OS module 20 assigns a stack virtual region to at least one of the symbols such as Stack_Top and Stack_Bottom.

[0033] Although the stack virtual region can be set by the user directly specifying the memory, it can also be specified by the symbol of the application stack as described above.

[0034] refer to Figure 2 OS module 20 can specify the stack virtual region by adding setting bytes to Stack_Top and Stack_Bottom of the application stack.

[0035] For example, OS module 20 can specify the stack virtual region in the form of Stack_Top+8 bytes or Stack_Bottom+8 bytes of the application stack.

[0036] When a stack virtual region is assigned to the application stack, OS module 20 limits the memory address value of the stack virtual region to a stack virtual symbol.

[0037] In this scenario, OS module 20 collects stack information for each application stack and limits the memory address value of the corresponding stack virtual region to the stack virtual symbol.

[0038] Figure 2 An example is shown where Stack_Dummy_1 is defined as the stack virtual symbol for application stack 1 and Stack_Dummy_2 is defined as the stack virtual symbol for application stack 2.

[0039] When a stack virtual region is specified, the OS module 20 sends stack virtual information related to the stack virtual region to the MCU 10.

[0040] In this case, MCU 10 stores the stack virtual information received from OS module 20 and specifies a storage area in response to the stack virtual information.

[0041] Therefore, as Figure 2 As shown, Stack_Dummy_1 and Stack_Dummy_2 can be assigned to the corresponding application stack 1 and application stack 2 in the memory area inside MCU 10.

[0042] When the stack virtual is assigned to the application stack, OS module 20 activates the MPU function in MCU 10.

[0043] refer to Figure 3 At initialization time, OS module 20 virtually places the stack in the MPU area and enables the corresponding MPU.

[0044] In this case, OS module 20 sets up each MPU region during initialization, allocates a corresponding memory address to each MPU region, and then enables the MPU region.

[0045] When an application stack overflows in an MPU-enabled region, the overflowing application stack's stack virtual data is stored in... Figure 3 The memory address is located there. Therefore, MCU 10 generates an interrupt.

[0046] In other words, when an application's stack overflows, the stack virtual data assigned to that application's stack is written to a memory address. In this case, the MCU 10 generates a memory protection trap based on its memory protection function.

[0047] This allows OS module 20 to check for application stack overflows. If an application stack overflow is detected, it can then be checked which of multiple application stacks has overflowed.

[0048] When the application stack overflows, MCU 10 generates a memory protection alarm.

[0049] When a memory protection alarm is generated, OS module 20 calls the interrupt handler for that memory protection alarm.

[0050] Interrupt handlers can check which application has a stack overflow based on previously stored information about the stack virtual symbol.

[0051] refer to Figure 4 When the MCU 10 generates a memory protection alarm due to an overflow in the application stack, the interrupt processor uses a stack virtual symbol to inspect the overflowing application stack.

[0052] In this situation, the interrupt handler can detect the overflowing application stack by examining the region of the stack virtual symbol that generated the memory protection alarm.

[0053] This allows the interrupt handler to check if the application stack has overflowed. If an application stack overflows, it can then determine which application stack overflowed.

[0054] When an application stack overflows, OS module 20 performs protection measures on the application stack.

[0055] In this situation, OS module 20 can shut down MCU 10 or restore the application stack upon user request.

[0056] Specifically, when intending to restore the application stack, OS module 20 can forcibly terminate the context using the application stack and then restart the application stack.

[0057] refer to Figure 5 When application stack 1 overflows, OS module 20 forcibly terminates all contexts Task2, Task3, ISR1 and ISR2, and application 1 that are using the application stack, and then restarts application 1.

[0058] In the following text, reference will be made to Figure 6 A method for restoring an application stack according to embodiments of the present disclosure is described in detail.

[0059] Figure 6 This is a flowchart illustrating a method for restoring an application stack according to an embodiment of the present disclosure.

[0060] refer to Figure 6 The compiler of OS module 20 specifies the application stack area in the memory area inside MCU 10.

[0061] In this case, OS module 20 specifies a stack virtual region to at least one of the symbols such as Stack_Top and Stack_Bottom of the application stack specified by the compiler.

[0062] Next, OS module 20 collects stack virtual information about each application stack and limits the memory address values ​​of the corresponding stack virtual regions to stack virtual symbols (S10 and S20).

[0063] When a stack virtual region is specified, the OS module 20 sends stack virtual information associated with the stack virtual region to the MCU 10. In this case, the MCU 10 stores the stack virtual information received from the OS module 20 and defines a storage region in response to the stack virtual information.

[0064] Next, OS module 20 activates the MPU function during initialization (S30). In this case, OS module 20 can virtually place the stack in the MPU area and enable the corresponding MPU.

[0065] When the MPU is enabled, the OS module 20 checks whether a memory protection alarm is generated in the MCU 10 (S40).

[0066] During this process, when the application stack overflows, the stack virtual data corresponding to the application stack is stored in the memory address, thereby generating a memory protection alarm on MCU 10.

[0067] When a memory protection alarm is generated, OS module 20 calls the interrupt handler for that memory protection alarm.

[0068] The interrupt handler checks whether a memory protection alarm has been generated in the application stack based on previously stored information about the stack virtual symbol (S50).

[0069] In other words, the interrupt processor checks the region of the stack virtual symbol that generated the memory protection alarm.

[0070] If it is found in step S50 that no memory protection alarm is generated in the stack virtual of the application stack, the process terminates.

[0071] On the other hand, if a memory protection alarm is detected in the stack virtual of the application stack in step S50, the OS module 20 checks with the user whether the corresponding application stack area should be restored (S60).

[0072] If it is detected in step S60 that the user intends to shut down MCU 10, then OS module 20 shuts down MCU 10 according to the user's selection (S70).

[0073] On the other hand, if it is determined in step S60 that the user intends to restore the application stack, the OS module 20 forcibly terminates the context using the application stack and then terminates the application. The OS module 20 then restarts the application.

[0074] As described above, the method for protecting application stacks according to this disclosure specifies a stack virtual for each application stack and checks each application stack for overflow based on the stack virtual, so as to shut down the MCU or restore the application stack according to the result of the check.

[0075] Furthermore, the methods for protecting application stacks enable users to identify stack overflows and take stack protection actions, even if the stack overflow does not cause problems, thereby preventing potential system failures due to stack overflows in the future.

[0076] The embodiments described herein can be implemented, for example, as methods or processes, apparatuses, software programs, data streams, or signals. Although discussed only in the context of a single form of implementation (e.g., discussed only as a method), the embodiments of the discussed features can also be implemented in other forms (e.g., apparatuses or programs). Apparatuses can be implemented, for example, with suitable hardware, software, and firmware. The method can be implemented, for example, in an apparatus such as a processor, which generally refers to a processing device including a computer, microprocessor, integrated circuit, or programmable logic device. The processor also includes communication devices, such as computers, cellular phones, portable / personal digital assistants (PDAs), and other devices that facilitate information communication between end users.

[0077] Although this disclosure has been described with reference to embodiments shown in the accompanying drawings, it will be apparent to those skilled in the art that these embodiments are provided by way of example only. Those skilled in the art will understand that various modifications and other equivalent embodiments can be made without departing from the spirit and scope of this disclosure as defined in the appended claims. Therefore, the technical protection scope of this disclosure should be defined by the appended claims.

Claims

1. A method for protecting an application stack, comprising: The operating system (OS) module assigns at least one stack virtual to at least one application stack connected to the microcontroller unit (MCU); The microcontroller generates an interrupt by identifying, via one of the at least one stack virtual, whether the application stack of the at least one application stack that specifies the at least one stack virtual has overflowed; as well as The operating system module performs protection measures against the overflowing application stack based on whether the interrupt is generated. The generation of the interrupt includes: The operating system module activates a memory protection unit for each stack virtualization, the memory protection unit being arranged within the microcontroller unit. When the memory protection unit is activated, the operating system module virtually places the stack in the memory protection unit area and enables the memory protection unit area.

2. The method according to claim 1, wherein, Specifying the at least one stack virtual includes: The application stack is specified by the operating system module through the compiler; The operating system module specifies the stack virtual region in the application stack based on the symbol of the application stack; and The operating system module assigns stack virtual symbols to the stack virtual region.

3. The method according to claim 1, wherein, Generating the interrupt further includes: The microcontroller generates a memory protection alarm based on whether the application stack in the at least one application stack overflows; and When the memory protection alarm is generated, the interrupt handler specifies the overflowing application stack in at least one application stack, and the interrupt handler is invoked by the operating system module.

4. The method according to claim 3, wherein, Inspecting the overflow application stack includes detecting the overflow application stack by examining the region of the stack virtual symbol that generated the memory protection alarm.

5. The method according to claim 3, wherein, Checking the overflowing application stack includes checking whether the application stack overflows, or which of a plurality of application stacks overflows.

6. The method according to claim 1, wherein, Implementing protection measures for the overflowing application stack includes selectively implementing the protection measures based on user requests.

7. The method according to claim 6, wherein, Selectively implementing the protection measures includes shutting down the microcontroller unit.

8. The method according to claim 6, wherein, Selectively implementing the protection measures includes restoring the application stack.

9. The method according to claim 8, wherein, Selectively implementing the protection measures includes forcibly terminating the context using the application stack and then restarting the application.