Specifications
6 PROCEDURE CALLING PROTOCOLS
6.1 Calls and returns in the H8/300
In this chapter, we discuss how H8/300 programs use subprograms (procedures and functions)
and explain how Bound-T identifies subprograms and analyses the control-flow and data-flow
across subprogram calls and returns.
Subprograms, calls and returns are important here because Bound-T uses a modular analysis
method in which each subprogram is first analysed separately and without assumptions on the
actual parameter values. This intra-procedural analysis is fast and efficient when it succeeds. If
it turns out that the subprogram cannot be fully analysed in this way – for example, if the
value of a parameter defines the number of iterations of a loop – then Bound-T switches to an
inter-procedural analysis in which it considers calling context: for each call to the subprogram,
the subprogram is re-analysed in the context of the parameter values and global variable
values that this call passes to the subprogram.
Hardware aspects of the calling protocol
The H8/300 instruction set contains two instructions specifically intended for subprogram
calls: BSR (branch to subroutine) and JSR (jump to subroutine). BSR specifies the entry
address of the called subprogram as a PC-relative static offset. JSR can use a 16-bit static entry
address, a register-indirect address (@Rn) or a memory-indirect address (@@aa:8). The
addressing modes are discussed in section 5.6. The present chapter discusses how parameters
are passed from the caller to the callee and back, how the stack is used, and which registers
can be changed or are preserved across the call. Rules for this are usually called a procedure
calling standard or calling protocol or calling convention.
The H8/300 architecture defines only one aspect of the calling protocol: how the return
address (and, for interrupts, the CCR) is managed on the stack. Namely:
• The call instruction (BSR or JSR) pushes the return address (PC) on the stack. The
subprogram normally ends with the return instruction (RTS) which pops the return address
from the stack and continues execution in the caller.
• When an interrupt occurs, the processor's interrupt mechanism pushes the condition code
register (CCR) and the PC on the stack and then enters the interrupt handler subprogram.
The handler subprogram normally ends with a return-from-exception instruction (RTE)
which pops the CCR and the PC from the stack and lets execution resume at the interrupt
point.
It is possible to implement mechanisms for subprogram calls and returns that use other
H8/300 instructions, for example dynamic jumps (JMP @Rn). Bound-T only understands the
native method that uses BSR, JSR, RTS and RTE.
Software aspects of the calling protocol
The H8/300 architecture does not define parameter passing nor saving and restoring of
registers across calls. There does not seem to be a single standard for this aspect of H8/300
programming; different compilers use different rules, and assembly-language programmers are
free to define their own rules.
Bound-T understands and supports the following calling protocols:
• The protocol used in the GNU compilers (gcc).
• The protocol used in the compilers from IAR Systems.
32 Calling Protocols Bound-T for H8/300