The Design And Implementation Of Memory Protection Mechanism In Auto-electronic OS

For the purpose of meeting the development demand of the modern automotiveelectronic industry, AUTOSAR organization is responsible for laying down the newstandards for the future automotive system. AUTOSAR OS is an embedded operatingsystem which is in full compliance with the design and implementation of theAUTOSAR specification, and it is back-compatible with the automotive electronicembedded OS based on OSEK. Many features have been added to OSEK byAUTOSAR, and the memory protection mechanism is one of the most importantextensions. With the assistance of the memory protection, the system can become morereliable and stable so that more complicated applications can be supported. Indubiously,it will pave the way for the automotive electronic system to meet the new demand. Inorder to realize the memory protection, a thorough analysis had been conducted on thememory protection requirements of the AUTOSAR OS, and then the memoryprotection mechanism had been designed and realized based on the original laboratorialeAutoOSEK. The design and implementation of the memory protection mechanismconsist of the following two parts:Based on the requirements of the memory protection by the AUTOSAR OSspecification and the OS-Application mechanism, the application model of thememory protection have been put forward. Within the AUTOSAR OS,OS-application is the resource management unit and the isolated and protectedregion for programs on memory space. By implementing the OS-applicationmechanism, the domain mechanism can be supported by the OS. The goal of thememory protection is to achieve the isolation beween trusted and untrustedOS-applications, and the isolation between OS-applications within the untrusteddomin, so that memory access faults within an untrusted OS-application can notcorrupt the normal function of the other OS-applications.In order to satisfy the memory access isolation and protection between domains insystem, the design of the infrastructure of the memory protection mechanism havebeen achieved based on the original OSEK OS. The basic function of the memory protection has been fulfilled by implementing the MMU management sub-system,so that the TLB initialization and TLB miss and illegal access exception can bedealt with. In order to implement the switch between domains, the process of theswitch and dispatch between runnables have been redesigned, so that the run-timeenvironment can be set according to the target domain. By designing andimplementing the system call and trusted function mechanisms, the user programsunder the user mode can access the system services.The innovative point of the design can be attributed to the domain based memoryprotection implemented according to the OS-application, so the reliability and safetyhave been reached.