ARM Instruction Set

(1)

ARM Instruction Set

Computer Organization and Assembly Languages p g z y g g Yung-Yu Chuang

with slides by Peng-Sheng Chen

Introduction

• The ARM processor is easy to program at the assembly level (It is a RISC)

assembly level. (It is a RISC)

• We will learn ARM assembly programming at the l l d it GBA l t

user level and run it on a GBA emulator.

ARM programmer model

• The state of an ARM system is determined by the content of visible registers and memory the content of visible registers and memory.

• A user-mode program can see 15 32-bit general-

i t (R0 R14) t

purpose registers (R0-R14), program counter (PC) and CPSR.

• Instruction set defines the operations that can change the state.

Memory system

• Memory is a linear array of

bytes addressed from 0 to ^0x00000000 ⁰⁰ bytes addressed from 0 to

2³²-1

W d h lf d b t

10 20

0x00000001 0x00000002

• Word, half-word, byte

• Little-endian

30

0x00000003 FF

0x00000004

FF FF

0x00000004 0x00000005 0x00000006

00

0x00000006

0 FFFFFFFD ₀₀ 0xFFFFFFFE 00

0xFFFFFFFD 0xFFFFFFFF

(2)

Byte ordering

• Big Endian

Least significant byte has 0x00000000 ⁰⁰ – Least significant byte has

highest address

Word address 0x00000000

00 10 20

0x00000000 0x00000001 0 00000002 Value: 00102030

• Little Endian

20 30 FF

0x00000002 0x00000003 – Least significant byte has

lowest address

FF FF FF

0x00000004 0x00000005 Word address 0x00000000

Value: 30201000

FF 00

0x00000006

00

0xFFFFFFFE 00

0xFFFFFFFD

00

0xFFFFFFFF 0xFFFFFFFE

ARM programmer model

0x00000000 00 10 20

0x00000001 0x00000002

R0 R1 R2 R3

30 FF

0x00000002 0x00000003 0 00000004

R4 R5 R6 R7

R8 R9 R10 R11 ^FF

FF FF

0x00000004 0x00000005

R8 R9 R10 R11

R12 R13 R14 PC _FF

00

0x00000006

00 00

0xFFFFFFFE 00

0xFFFFFFFD

00

0xFFFFFFFF 0

Instruction set

ARM instructions are all 32 bit long are all 32-bit long (except for

Thumb mode) Thumb mode).

There are 2³² possible machine possible machine instructions.

Fortunately they Fortunately, they are structured.

Features of ARM instruction set

• Load-store architecture

3 dd i i

• 3-address instructions

• Conditional execution of every instruction

• Possible to load/store multiple registers at once

• Possible to combine shift and ALU operations in a single instruction

a single instruction

(3)

Instruction set

• Data processing D

• Data movement

• Flow control

Data processing

• They are move, arithmetic, logical, comparison and multiply instructions

and multiply instructions.

• Most data processing instructions can process f th i d i th b l hift one of their operands using the barrel shifter.

• General rules:

– All operands are 32-bit, coming from registers or literals.

– The result, if any, is 32-bit and placed in a register (with the

ti f l g lti l exception for long multiply which produces a 64-bit result) 3 address format

– 3-address format

Instruction set

MOV<cc><S> Rd, <operands>

MOVCS R0, R1 @ if carry is set

@ then R0:=R1

MOVS R0, #0 @ R0:=0

@ Z=1, N=0,

@ C, V unaffected

Conditional execution

• Almost all ARM instructions have a condition field which allows it to be executed

field which allows it to be executed conditionally.

0 1

movcs R0, R1

(4)

Register movement

immediate,register,shift

• MOV R0, R2 @ R0 = R2

0 2 @ 0 2

• MVN R0, R2 @ R0 = ~R2

t d move negated

Addressing modes

• Register operands ADD R0 R1 R2 ADD R0, R1, R2

• Immediate operands

a literal; most can be represented ADD R3 R3 #1 @ R3:=R3+1

a literal; most can be represented by (0..255)x2²ⁿ0<n<12 ADD R3, R3, #1 @ R3:=R3+1 AND R8, R7, #0xff @ R8=R7[7:0]

a hexadecimal literal

This is assembler dependent syntax This is assembler dependent syntax.

Shifted register operands

• One operand to ALU is routed through the Barrel routed through the Barrel shifter. Thus, the operand can be modified before it can be modified before it is used. Useful for fast multipliation and dealing p g with lists, table and other complex data structure.

(similar to the

displacement addressing d i C SC

• Some instructions (e.g.

MUL CLZ QADD) do mode in CISC.) MUL, CLZ, QADD) do not read barrel shifter.

Shifted register operands

(5)

Logical shift left C

C ^register 0

MOV R0, R2, LSL #2 @ R0:=R2<<2

@ R2 unchangedg Example: 0…0 0011 0000

Before R2=0x00000030 Before R2 0x00000030 After R0=0x000000C0 R2=0x00000030 R2=0x00000030

Logical shift right

C

0 register

MOV R0, R2, LSR #2 @ R0:=R2>>2

Before R2=0x00000030 Before R2 0x00000030 After R0=0x0000000C R2=0x00000030 R2=0x00000030

Arithmetic shift right

MSB

register C

MOV R0, R2, ASR #2 @ R0:=R2>>2

@ R2 unchangedg Example: 1010 0…0 0011 0000

Before R2=0xA0000030 Before R2 0xA0000030 After R0=0xE800000C R2=0xA0000030 R2=0xA0000030

Rotate right

register

MOV R0, R2, ROR #2 @ R0:=R2 rotate

Before R2=0x00000031 Before R2 0x00000031 After R0=0x4000000C R2=0x00000031 R2=0x00000031

(6)

Rotate right extended

C register

C C

MOV R0, R2, RRX @ R0:=R2 rotate

Before R2=0x00000031, C=1 Before R2 0x00000031, C 1 After R0=0x80000018, C=1

R2=0x00000031 R2=0x00000031

Shifted register operands

Shifted register operands Shifted register operands

• It is possible to use a register to specify the number of bits to be shifted; only the bottom 8 number of bits to be shifted; only the bottom 8 bits of the register are significant.

@ i d l l ti

@ array index calculation

ADD R0, R1, R2, LSL R3 @ R0:=R1+R2*2^R3

@ fast multiply R2=35xR0

ADD R0, R0, R0, LSL #2 @ R0’=5xR0 RSB R2, R0, R0, LSL #3 @ R2 =7xR0’

(7)

Multiplication

MOV R1, #35 MUL R2 R0 R1 MUL R2, R0, R1

or

0 0 0 #2 @ 0’ 5 0

Shifted register operands

Encoding data processing instructions

cond 0 0 # opcode S Rn Rd operand 2

31 28 27 26 25 24 21 20 19 16 15 12 11 0

destination register first operand register set condition codes set condition codes arithmetic/logic function

8 bit i di t

25 11 8 7 0

# t 8-bit immediate

1 #rot

11 7 6 5 4 3 0

immediate alignment

Rm

#shift

0 25

Sh 0

immediate shift length f

Rm 0

11 8 7 6 5 4 3 0

Rs 0 Sh 1

shift type second operand register

Rm

Rs 0 Sh 1

register shift length

Arithmetic

• Add and subtraction

(8)

Arithmetic

• ADD R0, R1, R2 @ R0 = R1+R2 ADC R0 R1 R2 @ R0 R1 R2 C

• ADC R0, R1, R2 @ R0 = R1+R2+C

• SUB R0, R1, R2 @ R0 = R1-R2

• SBC R0, R1, R2 @ R0 = R1-R2-!C

• RSBRSB R0, R1, R2R0, R1, R2 @ R0 = R2-R1@ R0 R2 R1

• RSC R0, R1, R2 @ R0 = R2-R1-!C

127 0 128

1 -128127 3 0

-1

255 128 127 0

-5

3-5=3+(-5) → sum<=255 → C=0 → borrow

255 128 127 0

5-3=5+(-3) → sum > 255 → C=1 → no borrow

Arithmetic

Arithmetic Setting the condition codes

• Any data processing instruction can set the condition codes if the programmers wish it to condition codes if the programmers wish it to

64-bit addition

R1 R0 ADDS R2, R2, R0

ADC R3 R3 R1

R3 R2 ADC R3, R3, R1

+

R3 R2

(9)

Logical Logical

• AND R0, R1, R2 @ R0 = R1 and R2 ORR R0 R1 R2 @ R0 R1 R2

• ORR R0, R1, R2 @ R0 = R1 or R2

• EOR R0, R1, R2 @ R0 = R1 xor R2

• BIC R0, R1, R2 @ R0 = R1 and (~R2)

bit clear: R2 is a mask identifying which bits of R1 will be cleared to zero

R1=0x11111111 R2=0x01100101 BIC R0, R1, R2

R0=0x10011010 R0=0x10011010

Logical Comparison

• These instructions do not generate a result, but set condition code bits (N Z C V) in CPSR set condition code bits (N, Z, C, V) in CPSR.

Often, a branch operation follows to change the program flow

program flow.

(10)

Comparison

• CMP R1 R2 @ set cc on R1-R2 compare

• CMP R1, R2 @ set cc on R1-R2

• CMN R1 R2 @ set cc on R1+R2 compare negated

• CMN R1, R2 @ set cc on R1+R2

TST R1 R2 @ set cc on R1 and R2 bit test

• TST R1, R2 @ set cc on R1 and R2

TEQ R1 R2 @ t R1 R2

test equal

• TEQ R1, R2 @ set cc on R1 xor R2

Comparison

Multiplication Multiplication

• MUL R0, R1, R2 @ R0 = (R1xR2)_[31:0]

• Features:

S d d ’t b i di t – Second operand can’t be immediate

– The result register must be different from the first operand

– Cycles depends on core typey p yp

– If S bit is set, C flag is meaningless

See the reference manual (4 1 33)

• See the reference manual (4.1.33)

(11)

Multiplication

• Multiply-accumulate (2D array indexing)

MLA R4 R3 R2 R1 @ R4 = R3xR2+R1 MLA R4, R3, R2, R1 @ R4 = R3xR2+R1

M lti l ith t t ft b

• Multiply with a constant can often be more efficiently implemented using shifted register operand

operand

MOV R1, #35 MUL R2 R0 R1 MUL R2, R0, R1

or

Multiplication

Multiplication Flow control instructions

• Determine the instruction to be executed next

pc-relative offset within 32MB

(12)

Flow control instructions

• Branch instruction B l b l B label

… label: …

• Conditional branches MOV R0, #0 MOV R0, #0

loop: …

ADD R0 R0 #1 ADD R0, R0, #1 CMP R0, #10 BNE loop

Branch conditions

Branches Branch and link

• BL instruction save the return address to R14 (lr)

(lr)

BL sub @ call sub

CMP R1, #5 @ return to here MOVEQ R1, #0

…

sub: … @ sub entry point

…

MOV PC, LR @ return

(13)

Branch and link

BL sub1 @ call sub1

use stack to save/restore the return address and registers…

sub1: STMFD R13!, {R0-R2,R14}

BL sub2

…

LDMFD R13!, {R0-R2,PC}, { , }

sub2:

sub2: …

…

MOV PC LR MOV PC, LR

Conditional execution

CMP R0, #5

BEQ b pass @ if (R0! 5) { BEQ bypass @ if (R0!=5) { ADD R1, R1, R0 @ R1=R1+R0-R2 SUB R1, R1, R2 @ }

bypass: …

CMP R0, #5_, smaller and faster ADDNE R1, R1, R0

SUBNE R1 R1 R2 SUBNE R1, R1, R2

Rule of thumb: if the conditional sequence is three instructionsq or less, it is better to use conditional execution than a branch.

Conditional execution

if ((R0==R1) && (R2==R3)) R4++

CMP R0, R1 BNE skip BNE skip CMP R2, R3 BNE skip BNE skip

ADD R4, R4, #1 skip:

skip: …

CMP R0 R1 CMP R0, R1 CMPEQ R2, R3 ADDEQ R4 R4 #1 ADDEQ R4, R4, #1

Data transfer instructions

• Move data between registers and memory Th b i f

• Three basic forms

– Single register load/store – Multiple register load/store

– Single register swap: SWP(B), atomic Single register swap: SWP(B), atomic instruction for semaphore

(14)

Single register load/store Single register load/store

No STRSB/STRSH since STRB/STRH stores both

i d/ i d

signed/unsigned ones

Single register load/store

• The data items can be a 8-bit byte, 16-bit half- word or 32 bit word Addresses must be

word or 32-bit word. Addresses must be boundary aligned. (e.g. 4’s multiple for LDR/STR)

LDR/STR)

LDR R0, [R1] @ R0 := mem₃₂[R1]

STR R0, [R1] @ mem₃₂[R1] := R0

LDR, LDRH, LDRB for 32, 16, 8 bits, , , , STR, STRH, STRB for 32, 16, 8 bits

Addressing modes

• Memory is addressed by a register and an offset.

LDR R0 [R1] @ [R1]

LDR R0, [R1] @ mem[R1]

• Three ways to specify offsets:

– Immediate

LDR R0, [R1, #4] @ mem[R1+4]

R i – Register

LDR R0, [R1, R2] @ mem[R1+R2]

Scaled register @ [R1+4*R2]

– Scaled register @ mem[R1+4*R2]

LDR R0, [R1, R2, LSL #2]

(15)

Addressing modes

• Pre-index addressing (LDR R0, [R1, #4]) i h i b k

without a writeback

• Auto-indexing addressing (LDR R0, [R1, #4]!) Pre-index with writeback

calculation before accessing with a writeback calculation before accessing with a writeback

• Post-index addressing (LDR R0, [R1], #4) l l ti ft i ith it b k calculation after accessing with a writeback

Pre-index addressing

LDR R0, [R1, #4] @ R0=mem[R1+4]

@ R1 nchanged

@ R1 unchanged

LDR R0, [R1, ] LDR R0, [R1, ]

R1 +

R0

Auto-indexing addressing

LDR R0, [R1, #4]! @ R0=mem[R1+4]

@ R1 R1+4

@ R1=R1+4

No extra time; Fast;

LDR R0, [R1, ]!

; ;

LDR R0, [R1, ]!

R1 +

R0

Post-index addressing

LDR R0, R1, #4 @ R0=mem[R1]

@ R1 R1+4

@ R1=R1+4

LDR R0,[R1], LDR R0,[R1],

R0 R1

+

(16)

Comparisons

• Pre-indexed addressing

LDR R0 [R1 R2] @ R0=mem[R1+R2]

LDR R0, [R1, R2] @ R0=mem[R1+R2]

@ R1 unchanged Auto indexing addressing

• Auto-indexing addressing

LDR R0, [R1, R2]! @ R0=mem[R1+R2]

@ R1 R1+R2

@ R1=R1+R2

• Post-indexed addressing

LDR R0, [R1], R2 @ R0=mem[R1]

@ R1=R1+R2

Example

Example Example

(17)

Summary of addressing modes Summary of addressing modes

(18)

Load an address into a register

• Note that all addressing modes are register- offseted Can we issue LDR R0 Table? The offseted. Can we issue LDR R0, Table? The pseudo instruction ADR loads a register with an address

address

table: .word 10

…

ADR R0, table

• Assembler transfer pseudo instruction into a p sequence of appropriate instructions

sub r0 pc #12 sub r0, pc, #12

Application

ADR R1, table

loop LDR R0 [R1] ^table loop: LDR R0, [R1]

ADD R1, R1, #4

R1

@ operations on R0

…

ADR R1, table, loop: LDR R0, [R1], #4

@ operations on R0

…

Multiple register load/store

• Transfer a block of data more efficiently.

U d f d d i f i

• Used for procedure entry and exit for saving and restoring workspace registers and the

t dd

return address

• For ARM7, 2+Nt cycles (N:#words, t:time for a word for sequential access). Increase interrupt latency since it can’t be interrupted.

registers are arranged an in increasing order; see manual LDMIA R1, {R0, R2, R5} @ R0 = mem[R1]

@ R2 = mem[r1+4]

@ R5 = mem[r1+8]

@ R5 mem[r1+8]

Multiple load/store register

LDM load multiple registers STM store m ltiple registers STM store multiple registers

suffix meaning IA increase after IB increase before DA decrease after DB decrease before

(19)

Addressing modes Multiple load/store register

LDM<mode> Rn, {<registers>}

IA: addr:=Rn IB: addr:=Rn+4

DA: addr:=Rn-#<registers>*4+4

#

DB: addr:=Rn-#<registers>*4 For each Ri in <registers>

IB: addr:=addr+4 IB: addr:=addr+4 DB: addr:=addr-4 Ri:=M[addr]

IA: addr:=addr+4 DA: addr:=addr-4

!

Rn R1

<!>: Rn:=addr R2

R3

Multiple load/store register

#

IB: addr:=addr+4 IB: addr:=addr+4 DB: addr:=addr-4 Ri:=M[addr]

!

Rn

<!>: Rn:=addr R1

R2 R3

Multiple load/store register

#

IB: addr:=addr+4 R1

IB: addr:=addr+4 DB: addr:=addr-4 Ri:=M[addr]

R3 R2 R1

!

Rn R3

<!>: Rn:=addr

(20)

Multiple load/store register

#

IB: addr:=addr+4

R1 R2 IB: addr:=addr+4

DB: addr:=addr-4 Ri:=M[addr]

R2 R3 IA: addr:=addr+4

DA: addr:=addr-4

!

Rn

<!>: Rn:=addr

Multiple load/store register

LDMIA R0, {R1,R2,R3}

or

LDMIA R0, {R1-R3}

addr data 0x010 10 R1: 10 R0

R2: 20

0x014 20 0x018 30 R0

R3: 30 R0: 0x10

0x018 30 0x01C 40 0x020 50

R0: 0x10 _0x020 ₅₀

0x024 60

Multiple load/store register

LDMIA R0!, {R1,R2,R3}

addr data 0x010 10 R1: 10 R0

R2: 20

0x014 20 0x018 30 R0

R3: 30 R0: 0x01C

0x018 30 0x01C 40 0x020 50

R0: 0x01C _0x020 ₅₀

0x024 60

Multiple load/store register

LDMIB R0!, {R1,R2,R3}

addr data 0x010 10 R1: 20 R0

R2: 30

0x014 20 0x018 30 R0

R3: 40 R0: 0x01C

0x018 30 0x01C 40 0x020 50

R0: 0x01C _0x020 ₅₀

0x024 60

(21)

Multiple load/store register

LDMDA R0!, {R1,R2,R3}

addr data 0x010 10 R1: 40

R2: 50

0x014 20 0x018 30 R3: 60

R0: 0x018

0x018 30 0x01C 40 0x020 50

R0: 0x018 _0x020 ₅₀

0x024 60 R0

Multiple load/store register

LDMDB R0!, {R1,R2,R3}

addr data 0x010 10 R1: 30

R2: 40

0x014 20 0x018 30 R3: 50

R0: 0x018

0x018 30 0x01C 40 0x020 50

R0: 0x018 _0x020 ₅₀

0x024 60 R0

Example Example

LDMIA r0!, {r1-r3}

(22)

Example

LDMIB r0!, {r1-r3}

Application

• Copy a block of memory

R9 dd f th – R9: address of the source – R10: address of the destination

R11 d dd f th – R11: end address of the source

loop: LDMIA R9!, {R0-R7}

STMIA R10!, {R0-R7}

CMP R9, R11 BNE loop BNE loop

Application

• Stack (full: pointing to the last used; ascending:

grow towards increasing memory addresses) grow towards increasing memory addresses)

mode POP =LDM PUSH =STM

Full ascending (FA) LDMFA LDMDA STMFA STMIB Full descending (FD) LDMFD LDMIA STMFD STMDB Full descending (FD) LDMFD LDMIA STMFD STMDB Empty ascending (EA) LDMEA LDMDB STMEA STMIA E t d di ( ) LDMED LDMIB STMED STMDA

LDMFD R13! {R2 R9} @ used for ATPCS Empty descending (ED) LDMED LDMIB STMED STMDA

LDMFD R13!, {R2-R9} @ used for ATPCS

… @ modify R2-R9 STMFD R13!, {R2-R9}

Example

(23)

Swap instruction

• Swap between memory and register. Atomic operation preventing any other instruction from operation preventing any other instruction from reading/writing to that location until it

completes completes

Example

Application

Process A OS Process B

While (1) { if (s==0) {

While (1) { if (s==0) { S=0/1

if (s 0) { s=1;

} }

if (s 0) { s=1;

} } }

// use the // resource

}

// use the // resource

Software interrupt

• A software interrupt instruction causes a

software interrupt exception which provides a software interrupt exception, which provides a mechanism for applications to call OS routines.

(24)

Example Load constants

• No ARM instruction loads a 32-bit constant into a register because ARM instructions are 32 bit a register because ARM instructions are 32-bit long. There is a pseudo code for this.

Immediate numbers

cond 0 0 # opcode S Rn Rd operand 2

31 28 27 26 25 24 21 20 19 16 15 12 11 0

destination register first operand register set condition codes

v=n ror 2r set condition codes arithmetic/logic function

8 bit i di t

25 11 8 7 0

# t

n r

8-bit immediate

1 #rot

11 7 6 5 4 3 0

immediate alignment

Rm

#shift

0 25

Sh 0

immediate shift length f

Rm 0

11 8 7 6 5 4 3 0

Rs 0 Sh 1

shift type second operand register

encoding for

data processing ^Rs ^{0 Sh} ¹ ^Rm

register shift length

data processing instructions

Load constants

• Assemblers implement this usually with two options depending on the number you try to options depending on the number you try to load.

(25)

Load constants

• Assume that you want to load 511 into R0

C t t i lti l i t ti – Construct in multiple instructions

mov r0, #256 dd 0 #255 add r0, #255

– Load from memory; declare L511 .word 511

# ldr r0, L511 ldr r0, [pc, #0]

• Guideline: if you can construct it in two instructions, do it; otherwise, load it.

• The assembler decides for you y

ldr r0, =255 mov r0, 255

ldr r0, =511 ldr r0, [pc, #4], , [p , ]

PC-relative modes

Impossible to use Impossible to use direct addressing

encoding for data transfer data transfer instructions

PC-relative addressing

main:

MOV R0, #0 MOV R0, #0

ADR R1, a @ add r1, pc, #4 STR R0 [R1]

STR R0, [R1]

SWI #11

a: word 100

PC

a: .word 100 .end

fetch decode exec

fetch decode exec fetch decode exec

ARM Instruction Set