Download Assertion Language manual - Bound

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
page
77
page
78
page
79
page
80
page
81
page
82
page
83
page
84
page
85
page
86
page
87
page
88
page
89
page
90
page
91
page
92
page
93
page
94
page
95
page
96
page
97
page
98
page
99
page
100
page
101
page
102
page
103
page
104
page
105
page
106
page
107
page
108
page
109
page
110
page
111
page
112
page
113
page
114
page
115
page
116
page
117
page
118
Transcript 
instruction to perform some other kind of transfer of control. For example, a jump to a
dynamically computed address can be performed by pushing the address value on the stack
and executing a "return".
To analyze such multi-role instructions Bound-T must decide which role the instruction
performs, because Bound-T uses different data structures and different analysis methods for
different roles. The automatic algorithms built into Bound-T can sometimes choose the wrong
role, which may make the analysis fail. In such cases you can tell Bound-T which role to use for
that instruction.
An instruction that performs a tail call
For a concrete example, consider the way some compilers implement calls via function
pointers on the Intel-8051 processor. This processor has a stack that is normally used to hold
return addresses. The ret instruction pops a 16-bit address off the stack and into the Program
Counter PC. Assume now that the 16-bit DPTR register holds the dynamically computed
address of a subprogram (a function pointer, in C language terms). One way to call the
subprogram at this address is to call an intermediate subprogram that we name ICall which
contains instructions that push the DPTR on the stack, followed by a ret. In 8051 assembly
language:
ICall: push DPL
push DPH
ret
Note that although the ret instruction occurs in its usual place at the end of a subprogram
(ICall), its role is not just to return from this subprogram. What it does is to transfer control to
the address in DPTR, the entry point of the subprogram we want to call. However, the return
address for ICall is still on the stack, so when the subprogram at DPTR eventually returns, it
returns to that address (the instruction following the call of ICall). This kind of "trampoline"
call is often termed a tail call, and here is how you can assert to the Intel-8051 version of
Bound-T that this ret instruction performs a tail call, not an ordinary return:
subprogram "ICall"
instruction at offset "4"
performs a "tail call";
end instruction;
end "ICall";
Note that the name of the instruction role is written in quotes as "tail call". This is because the
instruction roles are target-specific and are not standard keywords of the assertion language.
To find out which offset to use to identify an instruction you can disassemble the subprogram
(for example with the Bound-T option -trace decode) and compute the difference of the
instruction address and the subprogram entry point address. In the example, the offset is 4
octets because each of the push instructions is 2 octets long.
The roles that instructions can perform
The instructions and their roles are of course target-specific. Moreover, most instructions have
fixed roles that cannot be changed with role assertions. For example, an instruction that just
adds two data registers and puts the sum in a third data register can hardly be required to
perform a call. The role-instruction combinations for a given target processor are listed in the
Bound-T Application Note for that target. If you assert a role for an instruction that Bound-T is
not willing to model for that instruction, the result will be an error message to this effect, or a
warning message saying that the assertion was not used at all.
Bound-T Assertion Language
Writing Assertions
43
Related documents
Bound-T User Manual - Bound
Bound-T User Manual - Bound
Bound-T User Manual - Bound
Bound-T User Manual - Bound
Dell Active System Manager Version 7.1 Solution Guide
Dell Active System Manager Version 7.1 Solution Guide
find_marks User Manual - Bound
find_marks User Manual - Bound
General overview as PDF
General overview as PDF
User Manual Saphira
User Manual Saphira
Bound-T User Manual - Bound
Bound-T User Manual - Bound
User Manual Magenta
User Manual Magenta
Bound-T User Manual - Bound
Bound-T User Manual - Bound
User Manual Ambera
User Manual Ambera
Bound-T Reference Manual - Bound
Bound-T Reference Manual - Bound
PRIZRAK
PRIZRAK
AcuRev 2000
AcuRev 2000
Application Note - Bound-T time and stack analyser
Application Note - Bound-T time and stack analyser
User Manual Graphica
User Manual Graphica
Preview of “ND1 Reference
Preview of “ND1 Reference
EZ-Boom 2010 Automated Application Control System
EZ-Boom 2010 Automated Application Control System
User Manual Cerica
User Manual Cerica
MCS®51 (8051) Family - Bound
MCS®51 (8051) Family - Bound
EF-970B-E
EF-970B-E
File - Sealevel Systems, Inc
File - Sealevel Systems, Inc
CODING STANDARDS AND GUIDELINES FOR GOOD SOFTWARE
CODING STANDARDS AND GUIDELINES FOR GOOD SOFTWARE