Data processing systems, such as microcontrollers, personal computers and computer networks are usually provided with some form of safety mechanism to ensure the integrity of data in the data processing device. Data stored in a data processing device may be vulnerable for a variety of reasons. For example, the status of a bit in a memory register may change in an unpredictable manner due to, for example, particle impact from, e.g., radiation. Furthermore, the status of individual bits or entire registers may be accidentally changed by faulty software. A third kind of risk may be produced by malicious software.
A context is a set of data associated with a task on a data processing device. The data processing system may be designed such that any task is allowed to access its own context but not any other context. The data of a specific task may thus be shielded against other tasks. Switching from one task to another task may involve storing the context of the current task, so that the current task may be resumed at a later point in time. A task may be an entire program, a thread, a subroutine, a single instruction, or any other kind of process on the data processing system. A task switch may therefore also be referred to as a context switch.
Data processing devices may be subject to functional safety standards, such as ISO 26262 or IEC 61508. There is therefore a need for a reliable scheme of detecting data corruption, notably in components that are relevant for functional safety. As mentioned above, data may be corrupted by, e.g., faulty software components. Data may even be corrupted by a lack of cooperation between software components. For example, a stack frame generated by a certain context may be corrupted by another context due to faulty software. Accordingly, there is a particular need for detecting corrupted stack frames and for providing stack-frame protection. The data that may be corrupted may include executable data, i.e. program code. There is therefore a need for ensuring safe code execution.