![]() ![]() Name Type Address Off Size ES Flg Lk Inf Al To check if our memory section is correctly defined, we can run: readelf – Memory sections _attribute_((section(".data_safram"))) uint8_t testarray = Then we can start putting variables to this section: th_safram_crc.c – Safety critical variables Note that this way the default linker script is used and only change is a newly added memory section. Gcc -std=c99 -Wall safram_crc.o crc8.o -o th_safram_crc th_safram_crc.c -Wl,-v -T data_safram.ld This linker script then can be then passed to linker using “-T” option (if using gcc): Makefile – Linker option This is where we’ll be storing our checksum. 1” added one byte at the end of this section. In our example we’ll call this section “.data_safram”: data_safram.ld – Linker script – define custom memory section imagine other process changing the memory just after the checksum is checked) and no mechanism would detect that (actually we would even store a new checksum at the end of the run calculated over wrong data and keep going).īut let’s back up a little – the first step is to define the memory section in a linker script. So if this were running on a bare-metal with simple preemptive scheduling then no spatial freedom of interference would be achieved as any other process could alter the memory during execution of safety critical section (e.g. Printf("testarray=%u, checksum=%u\n", testarray, crc) Īlso please note that the stack (or any other memory section besides “.data_safram” in fact) is not protected. Void periodic_task(char **argv, uint8_t count) This section is represented by this function: th_safram_crc.c – Safety critical section There is however one important assumption here: no preemption can happen in the safety critical section of the code and no other code can execute in parallel (single core CPU). This shall allow us to detect any intrusions and reset the process in case the memory corruption happens. This example has a particular goal of protecting a dedicated memory section of a process with a checksum. All the source code shown here (and more) can be found on GitHub here. ![]() Often we cannot stop this from happening but we can at least ensure detecting it in timely manner and take corrective actions.īut without further ado let’s go through the example. In all environments it shall be assumed that any other process with lower ASIL (or QM) than desired integrity level of your component can (and will) execute wrongly and will (if it has a chance) change your memory. This will be illustrated on an example for Linux operating system but essentially (as you will see later) it is more suitable for more bare-metal applications.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |