Program-Instruction-Controlled Instruction Flow Supervision

What is claimed is: 1 . A device comprising a signature module configured to calculate a signature during execution of a program by a central processing unit based on program instructions to the central processing unit and to store the signature in a signature register of the signature module, the signature module comprising: a calculation unit configured to generate a signature value based on program instructions executed on the central processing unit; an interrupt information interface configured to receive interrupt information from the central processing unit; and an interrupt information evaluation unit configured to determine an activity state of the calculation unit based on the interrupt information, such that the calculation unit is active when at least one first condition of the interrupt information is met, in order, in the course of an interrupt routine being carried out, to calculate a signature based on program instructions of the interrupt routine and to store it in the signature register, and that the calculation unit is inactive when at least one second condition is met, and the signature register maintains a signature determined last by the calculation unit, wherein if a call of a subroutine takes place, the device for executing the program is configured to adapt the signature in the signature register to a signature of the subroutine before the call of the subroutine by means of a program instruction that brings about a relative change in the signature, and, after a return from the subroutine, by means of a further program instruction that brings about a relative change in the signature, to adapt the signature in the signature register to a signature of the program section from which the call of the subroutine took place. 2 . The device of claim 1 , wherein the interrupt information comprises an interrupt identifier indicating which interrupt is currently being executed on the central processing unit. 3 . The device of claim 2 , wherein the interrupt information evaluation unit comprises an identifier register configured to store a configured interrupt identifier indicating that the calculation unit is active for a current interrupt routine having a corresponding interrupt identifier. 4 . The device of claim 3 , wherein the interrupt information evaluation unit comprises a comparator configured to compare the interrupt identifier and the configured interrupt identifier. 5 . The device of claim 3 , wherein the identifier register is configured to store a configured activity state of the calculation unit, and wherein the configured activity state is taken into account when determining an activity state of the calculation unit. 6 . The device of claim 3 , further comprising a configuration interface configured to configure the identifier register by means of a program instruction. 7 . The device of claim 1 , wherein the device for executing the program is further configured to carry out a check of the signature during execution of the interrupt routine or the called subroutine. 8 . The device of claim 1 , wherein the device for executing the program is further configured to activate a signature calculation for the interrupt routine or the subroutine. 9 . The device of claim 1 , wherein the device for executing the program is further configured to save, by means of a program instruction, a state of the signature module for a routine being executed at the point in time of the call of the interrupt routine or of the subroutine, and, before leaving the interrupt routine or the subroutine, to reestablish the state of the signature module for the routine being executed at the point in time of the call of the interrupt routine or of the subroutine, by means of a program instruction. 10 . The device of claim 1 , wherein before a call of the subroutine takes place, the signature is updated by the corresponding program instruction for adapting the signature, such that, upon proper calling of the subroutine, the signature upon the call of the subroutine matches a start reference signature value assigned to a start of the subroutine. 11 . The device of claim 10 , wherein after a return from the subroutine, the signature is updated by the corresponding program instruction for the relative change in the signature in such a way that, upon proper returning from the subroutine to the program, the signature at a defined point of the program matches a reference signature value of the program assigned to the defined point. 12 . The device of claim 11 , wherein the return from the subroutine is assigned an end reference signature value which the signature in the signature register matches upon proper execution of the subroutine and which is also assigned to a return destination in the calling program section as reference signature value, and wherein the signature in the signature register remains the same upon the return and is checked by the calling program section or is updated by means of a relative change in the signature in such a way that at a point in the calling program section a resulting signature value, upon proper execution, matches a second reference signature value assigned to the point in the calling program section. 13 . The device of claim 12 , wherein the start reference signature value and/or the end reference signature value are derived as a function of an address or of a name of the subroutine. 14 . The device of claim 12 , wherein the start reference signature value and/or the end reference signature value are chosen randomly, differently in pairs, identically for groups of functions or identically in each case for all functions. 15 . The device of claim 1 , wherein the device for executing the program is further configured to update the signature in the context of the interrupt routine or the subroutine by means of a program instruction, such that, upon proper execution of the interrupt routine or of the subroutine, the signature at a defined point of the interrupt routine or of the subroutine matches a reference signature value assigned to the defined point of the interrupt routine or of the subroutine. 16 . The device of claim 1 , wherein the subroutine is called in the form of an indirect function call, and wherein the signature is adapted by determining an update value on the basis of a unique identifier of the subroutine and modifying the signature by means of the update value. 17 . The device of claim 16 , wherein the unique identifier of the indirectly called subroutine is based on at least one of: a memory address of the subroutine; a name of the subroutine; a result of an assignment mapping for the identifier; an entry in an assignment table for the identifier; and a fixed constant, which is identical for all indirectly called functions. 18 . The device of claim 16 , wherein the update value is determined by evaluation of at least one of an evaluation of an update value mapping and an evaluation of an update value table. 19 . The device of claim 1 , wherein the signature module comprises a signature calculation unit configured to provide the signature which is stored in the signature register. 20 . A method of calculating a signature during execution of a program by a central processing unit, the method comprising: generating, by a calculation unit, a signature value based on program instructions executed on the central processing unit; receiving interrupt information from the central processing unit; determining an activity state of the calculation unit based on