| 摘要 |
A method is provided of protecting a program executing on a device at least to some extent from execution flow errors caused by physical disturbances, such as device failures and voltage spikes, that cause program execution to jump to an unexpected memory location. The executing program follows an execution path that proceeds through a plurality of regions (B'[m], B'[f]). A first check value (wisb) is provided at a randomly accessible memory location. It is determined at least once (e.g. in TERM[m]) in at least one region (B'[m]) whether the first check value (wisb) has an expected value (s[m]) for that region (B'[m]). The first check value (wisb) is updated (e.g. in "set-up for call to f"), as execution passes from a first region (B'[m]) into a second region (B'[f]) in which such a determination is made, so as to have a value (s[f]) expected in the second region (B'[f]). An error handling procedure is performed if such a determination is negative. |
