CN-121979590-A - Function calling method, device, storage medium and program product

Abstract

The invention provides a function calling method, electronic equipment, a readable storage medium and a computer program product, which comprise the steps of responding to the calling operation of a first function to a second function in an application program, determining the parameter type of a transfer parameter of the first function, generating an access constraint instruction matched with the parameter type, executing the access constraint instruction, recording the access strategy of the transfer parameter, and accessing the transfer parameter according to the access strategy when executing the second function, wherein the access constraint instruction comprises a pointer and an immediate of the transfer parameter. The embodiment of the invention can provide a relatively isolated safe execution environment for the execution of the application program by taking the function call as granularity, thereby realizing a finer granularity isolation means. In addition, the safety isolation means of the invention is fast to execute, does not need to be trapped in a kernel mode, and has higher performance, so that the response is quicker.

Inventors

• LI YAWEI

Assignees

• 龙芯中科技术股份有限公司

Dates

Publication Date

20260505

Application Date

20251224

Claims (10)

1. 1. A method for calling a function, comprising: Determining a parameter type of a transfer parameter of a first function in response to a call operation of the first function to a second function in an application program; Generating an access constraint instruction matched with the parameter type, executing the access constraint instruction, and recording the access strategy of the transfer parameter; when the second function is executed, accessing the transfer parameters according to the access strategy; The access constraint instruction comprises a pointer and an immediate, wherein the immediate is used for representing a storage address range and an access attribute of the transfer parameter, the allowed access address range is used for representing an address range of a memory chip area storing the transfer parameter, and the pointer is used for representing a storage address of the transfer parameter.
2. 2. The method of claim 1, wherein the parameter types of the transfer parameters include a nested data type or a non-nested data type, the nested data type being a data type of a multi-layer pointer structure, the non-nested data type being a data type of a single-layer pointer structure; the generating the access constraint instruction matched with the parameter type comprises the following steps: Generating a first access constraint instruction comprising a storage address, a storage address range and an access attribute of the transfer parameter when the parameter type is the non-nested data type; and when the parameter type is the nested data type, traversing a pointer chain for transmitting the parameter, and generating a corresponding second access constraint instruction for each pointer on the pointer chain, wherein the second access constraint instruction comprises a storage address, a storage address range and an access attribute of data corresponding to the pointer.
3. 3. The method of claim 2, wherein said executing said access constraint instruction records an access policy for said delivery parameter, comprising: when the first access constraint instruction is executed, recording a storage address, a storage address range and an access attribute of a transfer parameter included in the first access constraint instruction in a CWS table; And when the second access constraint instructions are executed, recording the storage address, the storage address range and the access attribute of the data corresponding to the pointer, which are included in each second access constraint instruction, in a CWS table.
4. 4. A method according to claim 3, wherein said accessing said transfer parameter in accordance with said access policy when executing said second function comprises: comparing the access address of the second function with the CSW table to obtain a first detection result; Executing the second function when the first detection result is that the access address of the second function is in an entry of the CSW table; and stopping executing the second function and executing exception processing when the first detection result is that the access address of the second function is not in the entry of the CSW table.
5. 5. The method of claim 1, wherein each memory segment is added with a corresponding security domain tag, the security domain tag being used to demarcate the memory segment as a security domain; and when the second function is executed, accessing the transfer parameter according to the access policy, including: Responding to the access operation of the second function, and acquiring a second detection result of the target security domain label of the second function and the security domain label of the accessed memory chip; executing the second function when the second detection result is that the target security domain label is the same as the security domain label of the accessed memory chip region; And stopping executing the second function and executing exception processing when the second detection result is that the target security domain label is different from the security domain label of the accessed memory chip region.
6. 6. The method of claim 1, wherein said accessing said transfer parameter in accordance with said access policy while executing said second function comprises: Responding to the access operation of the second function, and comparing the access address of the second function with a preset global memory fragment to obtain a third detection result; executing the second function when the third detection result is that the access address is in the global memory slice region; And stopping executing the second function and executing exception processing when the third detection result is that the access address is not in the global memory slice region.
7. 7. The method according to claim 1, wherein the method further comprises: selecting an objective function from a function library, and adding a security protection mark into a function statement of the objective function; the determining, in response to a call operation of a first function to a second function in an application program, a parameter type of a transfer parameter of the first function includes: And when the second function is the target function, determining the parameter type of the transfer parameter of the first function based on the safety protection mark in the function statement of the target function.
8. 8. An electronic device, comprising: processor, and A memory storing one or more programs that, when executed by a processor, cause the processor to: Determining a parameter type of a transfer parameter of a first function in response to a call operation of the first function to a second function in an application program; Generating an access constraint instruction matched with the parameter type, executing the access constraint instruction, and recording the access strategy of the transfer parameter; And when the second function is executed, accessing the transfer parameters according to the access strategy.
9. 9. A readable storage medium, characterized in that instructions in the readable storage medium, when executed by a processor of an electronic device, enable the electronic device to perform the method of any one of the method claims 1-7.
10. 10. A computer program product comprising a computer program which, when executed by a processor, implements the steps of the method according to any one of claims 1-7.

Description

Function calling method, device, storage medium and program product Technical Field The present invention relates to the field of computer technologies, and in particular, to a function calling method, an electronic device, a readable storage medium, and a computer program product. Background The programming language employed by the underlying software stack exposes many programming details for convenience and flexibility in manipulating the underlying hardware, such as direct manipulation of pointers, arbitrary modification of the contents of the stack, unlimited use of inline compilations, and so forth. This creates significant safety issues for the system while providing ease of use. In the related technology, the first scheme can adopt a process isolation technology to solve the security problem so that processes are mutually independent, and the second scheme can adopt a virtualization technology to realize isolation in the processes so as to solve the security problem. However, the scheme I has larger performance loss and longer response time, and the scheme II needs to be in a kernel mode and can only realize the protection of the granularity of the container, so that the protection granularity is rough and the operation cost is larger. Disclosure of Invention In view of the foregoing, embodiments of the present invention are directed to providing a method of invoking a function, an electronic device, a readable storage medium, and a computer program product that overcome or at least partially solve the foregoing problems. In a first aspect, an embodiment of the present invention discloses a method for calling a function, where the method includes: Determining a parameter type of a transfer parameter of a first function in response to a call operation of the first function to a second function in an application program; Generating an access constraint instruction matched with the parameter type, executing the access constraint instruction, and recording the access strategy of the transfer parameter; when the second function is executed, accessing the transfer parameters according to the access strategy; The access constraint instruction comprises a pointer and an immediate, wherein the immediate is used for representing a storage address range and an access attribute of the transfer parameter, the allowed access address range is used for representing an address range of a memory chip area storing the transfer parameter, and the pointer is used for representing a storage address of the transfer parameter. In a second aspect, an embodiment of the present invention further discloses a function calling device, including: The response module is used for responding to the calling operation of the first function to the second function in the application program and determining the parameter type of the transfer parameter of the first function; the generation module is used for generating an access constraint instruction matched with the parameter type, executing the access constraint instruction and recording the access strategy of the transfer parameter; the execution module is used for accessing the transfer parameters according to the access strategy when executing the second function; The access constraint instruction comprises a pointer and an immediate, wherein the immediate is used for representing a storage address range and an access attribute of the transfer parameter, the allowed access address range is used for representing an address range of a memory chip area storing the transfer parameter, and the pointer is used for representing a storage address of the transfer parameter. In a third aspect, an embodiment of the present invention further discloses an electronic device, including: processor, and A memory storing one or more programs that, when executed by a processor, cause the processor to: Determining a parameter type of a transfer parameter of a first function in response to a call operation of the first function to a second function in an application program; Generating an access constraint instruction matched with the parameter type, executing the access constraint instruction, and recording the access strategy of the transfer parameter; And when the second function is executed, accessing the transfer parameters according to the access strategy. In a fourth aspect, embodiments of the present invention also disclose a readable storage medium, which when executed by a processor of an electronic device, enables the electronic device to perform the method as described in the first aspect. In a fifth aspect, embodiments of the present invention also disclose a computer program product comprising a computer program which, when executed by a processor, implements the steps of the method according to the first aspect. In the embodiment of the invention, aiming at the function calling process, the processor can execute the access constraint instruction generated by the compiler when jumping to t