Device and method for executing a program, and method for storing a program

What is claimed is: 1. A device for executing a program in a sequence of instruction cycles, the program comprising instructions stored in a plurality of memory locations of a memory unit, wherein the device comprises: a program counter arranged to provide a program counter value; a memory access unit arranged to read a data word from a memory location identified by the program counter value, wherein the data word comprises an instruction and a protection signature; a signature unit arranged to determine a signature function corresponding to the program counter value and to determine a verification signature by applying the signature function to the instruction; a processing unit arranged to execute the instruction if the verification signature and the protection signature are consistent with each other; an error signal unit arranged to initiate an error action if they are inconsistent with each other; and a context value unit arranged to provide a context value to the signature unit and to update the context value for each instruction cycle, the context value being used to define a specific signature function for each of the plurality of memory locations storing the instructions of the program; wherein the signature unit is arranged to determine the signature function on the basis of the context value, and wherein the context value unit is arranged to determine the context value as J=x id ∥(x mod *x pol mod 2**p) wherein the symbol .parallel. means “concatenated with”, the symbol * means “multiplied by”, the symbol ** means “to the power of”, x id is a context identifier, x pol is a generator polynomial of size p, and x mod is a dynamic context-modifier. 2. The device of claim 1 , wherein the signature function depends parametrically on the context value. 3. The device of claim 1 , wherein the context value unit is arranged to update the context value for each instruction cycle by: incrementing the context value by one increment in response to the instruction of a preceding instruction cycle being a normal instruction; and incrementing the context value by a multiple of said increment in response to the instruction of a preceding instruction cycle being a relative jump instruction. 4. The device of claim 1 , arranged to determine the signature function on the basis of the program counter value. 5. A method comprising: providing a program counter value; and performing a sequence of instruction cycles, wherein each instruction cycle comprises: updating the program counter value; reading a data word (w) from a memory location identified by the updated program counter value, wherein the data word comprises an instruction and a protection signature; determining a verification signature (c) by applying a signature function associated with the program counter value to the instruction; executing the instruction if the verification signature and the protection signature are consistent with each other; initiating an error action if they are inconsistent with each other; and providing a context value to define a specific signature function for each of a plurality of memory locations that store the instructions of the program, wherein the context value is determined as J=x id ∥(x mod *x pol mod 2**p) wherein the symbol .parallel. means “concatenated with”, the symbol * means “multiplied by”, the symbol ** means “to the power of”, x id is a context identifier, x pol is a generator polynomial of size p, and x mod is a dynamic context-modifier. 6. The device of claim 5 , wherein the signature function is a checksum function. 7. The device of claim 5 , wherein determining the signature function comprises: determining a generator polynomial. 8. The method of claim 5 , comprising: providing the context value separately from the program counter value; wherein the operation of determining the signature function comprises: updating the context value, and determining the signature function in dependence on the context value. 9. The method of claim 5 , wherein the signature function depends parametrically on the context value. 10. The method of claim 8 , wherein updating the context value comprises: incrementing the context value by one increment in response to the instruction of a preceding instruction cycle being a normal instruction; and incrementing the context value by a multiple of said increment in response to the instruction of a preceding instruction cycle being a relative jump instruction.