Manualshelf

Specifications

ManualsBrandsRenesas ManualsComputer HardwareH8/3297 Series
31323334353637383940
Stack data
On the H8/300, a subprogram usually stores its local variables in the stack and accesses them
using Register Indirect mode based on the Stack Pointer SP = R7. Some of the parameters to a
subprogram can also be passed in the stack and accessed in this way.
The SP is usually initialized in the target program's boot/reset routine and then varies as
subprograms are entered and exited and when parameters and local variables are pushed or
popped. A Bound-T analysis is usually rooted at a subprogram and seldom starts from the
boot/reset point. This means that the absolute value of SP is usually unknown during the
analysis of a given subprogram; we only know how the SP changes within the subprogram.
Dynamic memory accesses based on SP are therefore analysed in special way as follows.
The local stack height at a given point in a subprogram is defined as the difference between the
value of SP at this point and the value of SP on entry to the subprogram, with the sign chosen
so that a stack push increases the local stack height. This means that the return address
pushed by a call instruction is counted in the stack usage of the caller, not that of the callee.
When a subprogram returns, it usually pops the return address off the stack, resulting in a final
local stack height of -2 octets.
Register-indirect memory references based on SP are considered statically resolved when the
local stack height is known at the instruction that contains the reference. The accessed memory
location is identified by its offset relative to the value of SP on entry to the subprogram; this
offset is the difference between the local stack height and the SP-relative displacement
encoded in the accessing instruction. Bound-T models these stack locations as separate storage
cells of four types: parameter octets, parameter words, local-variable octets and local-variable
words.
A word cell and its octet parts are connected by implied assignments. An assignment to an
octet cell makes its containing word cell opaque. An assignment to a word cell also updates the
octet cells within the word.
The program may access the same memory location both through an SP-relative access and in
some other way, either using an absolute memory address or a register-indirect access with
another base register. At present Bound-T assumes that such aliasing does not occur for loop-
counting computations.
5.4 Condition codes and the CCR
The CCR condition flags that are modelled for analysis are Z (result zero) and C (carry or
borrow). For arithmetic analysis Bound-T defines the flags only for an integer operation that
can give a significant result for unsigned operands.
For example, the ADD.B instruction sets Z if the result is zero. If both operands are understood
as unsigned values this can happen only if the addition overflows. Since Bound-T tracks only
non-overflowing computation, its model of ADD.B generally sets Z to an opaque value.
However, when the source operand of ADD.B is an immediate value in the range 128 .. 255
that is understood as a 2's complement negative number, Bound-T models the Z flag as set
when the sum of the destination register and the negative immediate operand is zero.
Here are some examples:
ADD.B R3L, R4H is modelled as R4H := R4H + R3L, Z := opaque, C := opaque.
ADD.B #255, R4H is modelled as R4H := R4H 1, Z := R4H = 1, C := R4H = 0.
Bound-T for H8/300 Supported H8/300 Features 25