Transcript ARM States
Architecture Revisions
version
ARMv7
ARM1156T2F-S™
ARM1136JF-S™
ARMv6
ARM102xE XScaleTM
ARM1176JZF-S™
ARM1026EJ-S™
ARMv5
ARM9x6E ARM926EJ-S™
SC200™
ARM92xT
®
ARM7TDMI-S™ StrongARM
V4
SC100™
1994
1996
ARM720T™
1998
2000
2002
2006
2004
time
XScale is a trademark of Intel Corporation
1
Data Sizes and Instruction Sets
The ARM is a 32-bit architecture.
When used in relation to the ARM:
Byte means 8 bits
Halfword means 16 bits (two bytes)
Word means 32 bits (four bytes)
Most ARM’s implement two instruction sets
32-bit ARM Instruction Set
16-bit Thumb Instruction Set
Jazelle cores can also execute Java bytecode
2
ARM States
ARM architecture define a 16-bit instruction set called the
Thumb instruction set. The functionality of the Thumb
instruction set is a subset of the functionality of the 32-bit ARM
instruction set.
A processor that is executing Thumb instructions is said to be
operating in Thumb state. A Thumb-capable processor that is
executing ARM instructions is said to be operating in ARM
state.
ARM processors always start in ARM state. You must
explicitly change to Thumb state using a BX (Branch and
exchange instruction set) instruction.
3
Processor Modes
The ARM has seven basic operating modes:
User : unprivileged mode under which most tasks run
FIQ : entered when a high priority (fast) interrupt is raised
IRQ : entered when a low priority (normal) interrupt is raised
Supervisor : entered on reset and when a Software Interrupt
instruction is executed
Abort : used to handle memory access violations
Undef : used to handle undefined instructions
System : privileged mode using the same registers as user mode
4
The ARM Register Set
Current Visible Registers
Abort
Mode
Undef
SVC
Mode
IRQ
FIQ
User
Mode
Mode
Mode
r0
r1
r2
r3
r4
r5
r6
r7
r8
r9
r10
r11
r12
r13 (sp)
r14 (lr)
Banked out Registers
User
FIQ
IRQ
SVC
Undef
Abort
r8
r9
r10
r11
r12
r13 (sp)
r14 (lr)
r8
r9
r10
r11
r12
r13 (sp)
r14 (lr)
r13 (sp)
r14 (lr)
r13 (sp)
r14 (lr)
r13 (sp)
r14 (lr)
r13 (sp)
r14 (lr)
spsr
spsr
spsr
spsr
spsr
r15 (pc)
cpsr
spsr
5
Registers and ARM States
In ARM state, 16 general registers and one or two status registers are
accessible at any one time.
In Thumb state, eight general registers, the Program Counter (PC), Stack
Pointer (SP), Link Register (LR), and Current Program Status Register (CPSR)
are accessible.
6
Registers and ARM States
The limitations of Thumbs are alleviated with Thumb2 while
retaining very dense coding
Thumb-2 introduced variable length instructions to the
original Thumb
Now instructions can be a mixture of 16-bit and 32-bit. That
means you retain the size advantage of the original Thumb
in everyday code, but now have access to almost the full
ARM feature-set in more complex code,
Aside from the aforementioned access to the full register set
from all register operations,
7
Cortex-M4 Devices Processor mode and
privilege levels for software execution
The processor modes are:
Thread mode
Used to execute application software. The processor enters Thread mode
when it comes out of reset.
Handler mode
Used to handle exceptions. The processor returns to Thread mode when it
has finished all exception processing.
8
Cortex-M4 Devices Processor mode and
privilege levels for software execution
The privilege levels for software execution are:
Unprivileged
The software:
has limited access to the MSR and MRS instructions, and cannot use
the CPS instruction
cannot access the system timer, NVIC, or system control block
might have restricted access to memory or peripherals.
Unprivileged software executes at the unprivileged level.
Privileged
The software can use all the instructions and has access to all resources.
Privileged software executes at the privileged level.
9
Exception Handling
When an exception occurs, the ARM:
Copies CPSR into SPSR_<mode>
Sets appropriate CPSR bits
0x1C
Change to ARM state
0x18
Change
to
exception
mode
0x14
Disable interrupts (if appropriate)
0x10
Stores the return address in LR_<mode> 0x0C
0x08
Sets PC to vector address
0x04
To return, exception handler needs to:0x00
Restore CPSR from SPSR_<mode>
Restore PC from LR_<mode>
This can only be done in ARM state.
FIQ
IRQ
(Reserved)
Data Abort
Prefetch Abort
Software Interrupt
Undefined Instruction
Reset
Vector Table
Vector table can be at
0xFFFF0000 on ARM720T
and on ARM9/10 family devices
10
Program Status Registers
31
28 27
N Z C V Q
24
J
23
16 15
U
f
n
d
e
f
s
Condition code flags
N = Negative result from ALU
Z = Zero result from ALU
C = ALU operation Carried out
V = ALU operation oVerflowed
Sticky Overflow flag - Q flag
Architecture 5TE/J only
Indicates if saturation has occurred
i
8
n
e
d
7
6
5
4
0
I F T
x
mode
c
Interrupt Disable bits.
I = 1: Disables the IRQ.
F = 1: Disables the FIQ.
T Bit
Architecture xT only
T = 0: Processor in ARM state
T = 1: Processor in Thumb state
Mode bits
J bit
Specify the processor mode
Architecture 5TEJ only
J = 1: Processor in Jazelle state
039v12
11
Cortex-M4 Registers Related Details
039v12
12
Basic Understanding of Environment
Run the Assemly_1 project:
Understand the overall structure of the code
Main debug operations
What is the special role of R15 and R14 ?
Understand how to call a function or subroutine
What is the relation between the back link address and R14 ?
Go to unprivileged mode
Little Endian format or Big Endian format ?
Run the Blink_NEW project:
Understand the overall structure of the code
Main debug operations
Compare counter++ and counter = counter + 1 assembly conversions
Where is counter variable stored ?
Create another function, call it from main
039v12
How call is translated in assembly?
Create local variables and check stack
13
Λειτουργία απασφαλμάτωσης - Debugging
Είσοδος σε debug mode
Εξοικείωση με τα βασικά παράθυρα: Disassembly,
Registers
Εξοικείωση με τις λειτουργίες:
Breakpoints: 2 hardware
Δυνατότητα να παγώσουμε την εκτέλεση του κώδικα σε όποιο σημείο του επιθυμούμε
Δυνατότητα επισκόπησης κατάστασης επεξεργαστή/μνήμης/ΙΟs.
Σε ποιες εντολές Assembly αναλύεται η εντολή
count = LED_GetCount();
led
Πόση μνήμη καταλαμβάνει η συνάρτηση
while (1)
039v12
14
Watch και Memory Windows
Εργαλεία παρακολούθησης σε
πραγματικό χρόνο περιεχομένων
μνήμης και μεταβλητών
Watch window
039v12
Εισάγετε την μεταβλητή led_count
Επιλογή Δεξί κλίκ Add ‘led_count’ to ….
Παρακολουθείστε την εξέλιξη των περιεχομένων της
μεταβλητής
Που αποθηκεύεται σε επίπεδο assembly η μεταβλητή;
Εισάγετε την μεταβλητή button_state
Παρακολουθείστε την εξέλιξη των περιεχομένων της
μεταβλητής
Που αποθηκεύεται σε επίπεδο assembly η μεταβλητή;
Σε ποιο τρόπο λειτουργίας βρίσκεται ο επεξεργαστής μας;
Σε ποιο επίπεδο προτεραιότητας είναι ο κώδικάς μας;
15
Watch και Memory Windows
Σε ποιο GPIO και ποιο/ποια pin είναι
συνδεδεμένα τα USER_BUTTON και τα
LEDs
Τροποποιείστε τον κώδικα έτσι ώστε
Αν το user button είναι πατημένο να αναβοσβήνει το κόκκινο led
Αν το user button δεν είναι πατημένο να αναβοσβήνει το πράσινο led
Σε κάθε πάτημα να αλλάζει χρώμα
H παρακολούθηση του USER_BUTTON
είναι polling based ή interrupt ?
039v12
16
Mixing Assembly and C
Add an assembly code file in your
project’s source files
Define a PROC (e.g. FooAsm) as we did
in previous lab
In C code prototype as
extern void FooAsm(void);
Call as
FooAsm()
Just initialize a register
039v12
17
Mixing Assembly and C
Add code in the Assemly PROC that
activates Led(0) and Led(1)
039v12
18
Conditional Execution and Flags
ARM instructions can be made to execute conditionally by postfixing them with the
appropriate condition code field.
This improves code density and performance by reducing the number of
forward branch instructions.
CMP
r3,#0
CMP
r3,#0
BEQ
skip
ADDNE r0,r1,r2
ADD
r0,r1,r2
skip
By default, data processing instructions do not affect the condition code flags but
the flags can be optionally set by using “S”. CMP does not need “S”.
loop
…
decrement r1 and set flags
SUBS r1,r1,#1
BNE loop
if Z flag clear then branch
19
Condition Codes
The possible condition codes are listed below
Note AL is the default and does not need to be specified
Suffix
EQ
NE
CS/HS
CC/LO
MI
PL
VS
VC
HI
LS
GE
LT
GT
LE
AL
Description
Equal
Not equal
Unsigned higher or same
Unsigned lower
Minus
Positive or Zero
Overflow
No overflow
Unsigned higher
Unsigned lower or same
Greater or equal
Less than
Greater than
Less than or equal
Always
Flags tested
Z=1
Z=0
C=1
C=0
N=1
N=0
V=1
V=0
C=1 & Z=0
C=0 or Z=1
N=V
N!=V
Z=0 & N=V
Z=1 or N=!V
20
Conditional execution examples
C source code
if (r0 == 0)
{
r1 = r1 + 1;
}
else
{
r2 = r2 + 1;
}
ARM instructions
unconditional
conditional
CMP r0, #0
CMP r0, #0
BNE else
ADDEQ r1, r1, #1
ADD r1, r1, #1
ADDNE r2, r2, #1
B end
...
else
ADD r2, r2, #1
end
...
• Compile all three cases and measure
• Instruction count
• Byte count
• Cycle count
21
Data processing Instructions
Largest family of ARM instructions, all sharing the same
instruction format.
Contains:
Arithmetic operations
Comparisons (no results ‐just set condition codes)
Logical operations
Data movement between registers
Remember, this is a load / store architecture
These instruction only work on registers, NOT memory.
They each perform a specific operation on one or two
operands.
First operand always a register ‐Rn
Second operand sent to the ALU via barrel shifter.
We will examine the barrel shifter shortly.
22
Arithmetic Operations
Operations are:ADDoperand1 + operand2; Add
; Add with carry
ADC operand1 + operand2 + carry
; Subtract
SUB operand1 ‐operand2
; Subtract with carry
SBC operand1 ‐operand2 + carry ‐1
; Reverse subtract
RSB operand2 ‐operand1
; Reverse subtract with
RSC operand2 ‐operand1 + carry ‐1
carry
Syntax:<Operation>{<cond>}{S} Rd, Rn, Operand2
Examples
ADD r0, r1, r2
SUBGT r3, r3, #1
RSBLES r4, r5, #5
23
Comparisons
The only effect of the comparisons is to update the
condition flags. Thus no need to set S bit.
Operations are:
; Compare
CMP operand1 ‐operand2
; Compare negative
CMN operand1 + operand2
; Test
TST operand1 AND operand2
; Test equivalence
TEQ operand1 EOR operand2
Syntax:
<Operation>{<cond>} Rn, Operand2
Examples:
CMPr0, r1
TSTEQ r2, #5
24
Logical Operations
Operations are:
ANDoperand1 AND operand2
EORoperand1 EOR operand2
ORRoperand1 OR operand2
ORN operand1 NOR operand2
BIC operand1 AND NOT operand2 [ie bit clear]
Syntax:
<Operation>{<cond>}{S} Rd, Rn, Operand2
Examples:
AND r0, r1, r2
BICE Qr2, r3, #7
EORS r1,r3,r0
25
Data Movement
Operations are:
MOV operand2
MVN NOT operand2
Note that these make no use of operand1.
Syntax:
<Operation>{<cond>}{S} Rd, Operand2
Examples:
MOV r0, r1
MOVS r2, #10
MVNEQ r1,#0
26
The Barrel Shifter
The ARM doesn’t have actual shift instructions.
Instead it has a barrel shifter which provides a
mechanism to carry out shifts as part of other
instructions.
So what operations does the barrel shifter support?
27
The Barrel Shifter
Barrel Shifter ‐Left Shift
Shifts left by the specified amount (multiplies by powers
of two) e.g.
LSL #5 => multiply by 32
28
The Barrel Shifter
Barrel Shifter ‐Rotations
29
Using a Barrel Shifter:The 2nd Operand
Operand
1
Operand
2
Barrel
Shifter
ALU
Result
30
Second Operand : Shifted Register
The amount by which the register is to be shifted is
contained in either:
the immediate 5‐bit field in the instruction
NO OVERHEAD
Shift is done for free ‐executes in single cycle.
the bottom byte of a register (not PC)
Then takes extra cycle to execute
ARM doesn’t have enough read ports to read 3 registers at
once.
Then same as on other processors where shift is separate
instruction.
If no shift is specified then a default shift is applied: LSL #0
i.e. barrel shifter has no effect on value in register.
31
Second Operand: Using a Shifted Register
Using a multiplication instruction to multiply by a constant means
first loading the constant into a register and then waiting a number of
internal cycles for the instruction to complete.
A more optimum solution can often be found by using
some combination of MOVs, ADDs, SUBs and RSBs with
shifts.
Multiplications by a constant equal to a ((power of 2) ±1) can be done in one cycle.
MOV R2, R0, LSL #2; Shift R0 left by 2, write to R2, (R2=R0x4)
ADD R9, R5, R5, LSL #3 ; R9 = R5 + R5 x 8 or R9 = R5 x 9
RSB R9, R5, R5, LSL #3 ; R9 = R5 x 8 ‐R5 or R9 = R5 x 7
SUB R10, R9, R8, LSR #4 ; R10 = R9 ‐R8 / 16
MOV R12, R4, ROR R3 ; R12 = R4 rotated right by value of R3
32
Data Processing Exercise
1. How would you load the two’s complement
representation of -1 into Register 3 using one
instruction?
2. Implement an ABS (absolute value) function for a
registered value using only two instructions.
3. Multiply a number by 35, guaranteeing that it
executes in 2 core clock cycles.
33
Data Processing Solutions
1. MVN r3, #0
2. MOVS
RSBMI
3. ADD
RSB
r7,r7
; set the flags
r7,r7,#0
; if neg, r7=0-r7
r9,r8,r8,LSL #2
; r9=r8*5
r10,r9,r9,LSL #3
; r10=r9*7
34
Immediate constants
No ARM instruction can contain a 32 bit immediate constant
All ARM instructions are fixed as 32 bits long
The data processing instruction format has 12 bits available
for operand2
11
8 7
rot
x2
0
immed_8
Shifter
ROR
4 bit rotate value (0-15) is multiplied by two to give range 030 in steps of 2
Rule to remember is
“8-bits rotated right by an even number of bit positions”
35
Second Operand: Immediate Value (1)
There is no single instruction which will load a 32 bit immediate
constant into a register without performing a data load from memory.
All ARM instructions are 32 bits long
The data processing instruction format has 12 bits available for
operand2
If used directly this would only give a range of 4096.
Instead it is used to store 8 bit constants, giving a range of 0 ‐255.
These 8 bits can then be rotated right through an even number of
positions (ie RORs by 0, 2, 4,..30).
This gives a much larger range of constants that can be directly loaded, though
some constants will still need to be loaded from memory.
36
Second Operand: Immediate Value (2)
This gives us:
0 ‐255[0 ‐0xff]
256,260,264,..,1020[0x100‐0x3fc, step 4, 0x40‐0xff ror30]
1024,1040,1056,..,4080[0x400‐0xff0, step 16, 0x40‐0xff ror28]
4096,4160, 4224,..,16320[0x1000‐0x3fc0, step 64, 0x40‐0xff ror26]
These can be loaded using, for example:
MOV r0, #0x40, 26; => MOV r0, #0x1000 (ie 4096)
To make this easier, the assembler will convert to this form for us if
simply given the required constant:
MOV r0, #4096; => MOV r0, #0x1000 (ie 0x40 ror 26)
The bitwise complements can also be formed using MVN:
MOV r0, #0xFFFFFFFF ; assembles to MVN r0, #0
If the required constant cannot be generated, an error will be
reported.
37
Loading 32 bit constants
To allow larger constants to be loaded, the assembler offers a pseudo
instruction:
LDR rd, =const
This will either:
Produce a MOV or MVN instruction to generate the value (if possible).
or
Generate a LDR instruction with a PC-relative address to read the
constant from a literal pool (Constant data area embedded in the
code).
For example
MOV r0,#0xFF
=>
LDR r0,=0xFF
LDR r0,[PC,#Imm12]
LDR r0,=0x55555555 =>
…
…
DCD 0x55555555
This is the recommended way of loading constants into a register
38
Single register data transfer
LDR
LDRB
LDRH
LDRSB
LDRSH
STR Word
STRB Byte
STRH Halfword
Signed byte load
Signed halfword load
Memory system must support all access sizes
Syntax:
LDR{<cond>}{<size>} Rd, <address>
STR{<cond>}{<size>} Rd, <address>
e.g. LDREQB
39
Address accessed
Address accessed by LDR/STR is specified by a base register with an offset
For word and unsigned byte accesses, offset can be:
An unsigned 12-bit immediate value (i.e. 0 - 4095 bytes)
LDR r0, [r1, #8]
A register, optionally shifted by an immediate value
LDR r0, [r1, r2]
LDR r0, [r1, r2, LSL#2]
This can be either added or subtracted from the base register:
LDR r0, [r1, #-8]
LDR r0, [r1, -r2, LSL#2]
40
Load/Store Exercise
Assume an array of 25 words. A compiler associates
y with r1. Assume that the base address for the
array is located in r2. Translate this C
statement/assignment using just three instructions:
array[10] = array[5] + y;
41
Load/Store Exercise Solution
array[10] = array[5] + y;
LDR
ADD
r3, [r2, #5]
r3, r3, r1
STR
r3, [r2, #10]
array[10]
; r3 = array[5]
; r3 = array[5] + y
; array[5] + y =
42
Load and Store Multiples
Syntax:
<LDM|STM>{<cond>}<addressing_mode> Rb{!}, <register list>
4 addressing modes:
increment after
LDMIA / STMIA
increment before
LDMIB / STMIB
LDMDA / STMDA decrement after
LDMDB / STMDB decrement
IA before
IB
DA
DB
LDMxx r10, {r0,r1,r4}
STMxx r10, {r0,r1,r4}
Base Register (Rb) r10
r4
r4
r1
r1
r0
r0
Increasing
Address
r4
r1
r4
r0
r1
r0
43
Multiply and Divide
There are 2 classes of multiply - producing 32-bit and 64-bit results
32-bit versions on an ARM7TDMI will execute in 2 - 5 cycles
; r0 = r1 * r2
; r0 = (r1 * r2) + r3
64-bit multiply instructions offer both signed and unsigned versions
For these instruction there are 2 destination registers
MUL r0, r1, r2
MLA r0, r1, r2, r3
[U|S]MULL r4, r5, r2, r3 ; r5:r4 = r2 * r3
[U|S]MLAL r4, r5, r2, r3 ; r5:r4 = (r2 * r3) + r5:r4
Most ARM cores do not offer integer divide instructions
Division operations will be performed by C library routines or inline shifts
44
Branch instructions
B{<cond>} label
Branch :
Branch with Link : BL{<cond>} subroutine_label
31
28 27
Cond
25 24 23
0
1 0 1 L
Offset
Link bit
0 = Branch
1 = Branch with link
Condition field
The processor core shifts the offset field left by 2 positions, sign-extends it
and adds it to the PC
± 32 Mbyte range
How to perform longer branches?
45
Register Usage
Register
Arguments into function
Result(s) from function
otherwise corruptible
(Additional parameters
r0
r1
r2
r3
passed on stack)
Register variables
Must be preserved
Scratch register
(corruptible)
Stack Pointer
Link Register
Program Counter
r4
r5
r6
r7
r8
r9/sb
r10/sl
r11
The compiler has a set of rules known as a
Procedure Call Standard that determine how to
pass parameters to a function (see AAPCS)
CPSR flags may be corrupted by function call.
Assembler code which links with compiled code
must follow the AAPCS at external interfaces
The AAPCS is part of the new ABI for the ARM
Architecture
- Stack base
- Stack limit if software stack checking selected
r12
r13/sp
r14/lr
r15/pc
- SP should always be 8-byte (2 word) aligned
- R14 can be used as a temporary once value stacked
46
ARM Branches and Subroutines
B <label>
PC relative. ±32 Mbyte range.
BL <subroutine>
Stores return address in LR
Returning implemented by restoring the PC from LR
For non-leaf functions, LR will have to be stacked
039v12
func1
func2
:
STMFD
sp!,{regs,lr}
:
:
:
BL func1
BL func2
:
:
:
LDMFD
sp!,{regs,pc}
:
:
:
:
MOV pc, lr
47
PSR access
31
28 27
N Z C V Q de
24
23
9
8
7
6
5
4
0
s
x
mode
c
MRS and MSR allow contents of CPSR / SPSR to be transferred to / from a
general purpose register or take an immediate value
MSR allows the whole status register, or just parts of it to be updated
Interrupts can be enable/disabled and modes changed, by writing to the CPSR
Typically a read/modify/write strategy should be used:
MRS r0,CPSR
BIC r0,r0,#0x80
MSR CPSR_c,r0
10
16 15
GE[3:0] IT cond_abc E A I F T
J
f
19
; read CPSR into r0
; clear bit 7 to enable IRQ
; write modified value to ‘c’ byte only
In User Mode, all bits can be read but only the condition flags (_f) can be modified
48
Agenda
Introduction to ARM Ltd
Fundamentals, Programmer’s Model, and Instructions
Core Family Pipelines
AMBA
49
Pipeline changes for ARM9TDMI
ARM7TDMI
Instruction
Fetch
ThumbARM
decompress
FETCH
ARM decode
Reg
Read
Shift
ALU
Reg
Write
Reg Select
DECODE
EXECUTE
ARM9TDMI
Instruction
Fetch
ARM or Thumb
Inst Decode
Reg
Reg
Decode
Read
FETCH
DECODE
Shift + ALU
EXECUTE
Memory
Access
Reg
Write
MEMORY
WRITE
50
ARM10 vs. ARM11 Pipelines
ARM10
Branch
Prediction
Instruction
Fetch
FETCH
ARM or
Thumb
Instruction
Decode
ISSUE
Reg Read
DECODE
Shift + ALU
Memory
Access
Multiply
Multiply
Add
EXECUTE
MEMORY
Reg
Write
WRITE
ARM11
Fetch
1
Fetch
2
Decode
Issue
Shift
ALU
Saturate
MAC
1
MAC
2
MAC
3
Address
Data
Cache
1
Data
Cache
2
Write
back
51
Agenda
Introduction to ARM Ltd
Fundamentals, Programmer’s Model, and Instructions
Core Family Pipelines
AMBA
52
Example ARM-based System
16 bit RAM
32 bit RAM
Interrupt
Controller
nIRQ
8 bit ROM
039v12
nFIQ
I/O
Peripherals
ARM
Core
53
An Example AMBA System
High Performance
ARM processor
High
Bandwidth
External
Memory
Interface
AHB
UART
Timer
APB
Bridge
Keypad
High-bandwidth
on-chip RAM
PIO
DMA
Bus Master
High Performance
Pipelined
Burst Support
Multiple Bus Masters
039v12
APB
Low Power
Non-pipelined
Simple Interface
54
AHB Structure
Arbiter
Master
#1
HADDR
HWDATA
HADDR
HWDATA
HRDATA
Slave
#1
HRDATA
Address/Control
Master
#2
Slave
#2
Write Data
Read Data
Slave
#3
Master
#3
Slave
#4
Decoder
039v12
55