Architecture Revisions version ARMv7 ARM1156T2F-S™ ARM1136JF-S™ ARMv6 ARM102xE XScaleTM ARM1176JZF-S™ ARM1026EJ-S™ ARMv5 ARM9x6E ARM926EJ-S™ SC200™ ARM92xT ® ARM7TDMI-S™ StrongARM V4 SC100™ 1994 1996 ARM720T™ 1998 2000 2002 2006 2004 time XScale is a trademark of Intel Corporation 1 Data Sizes and Instruction Sets The ARM is a 32-bit architecture. When used in relation to the ARM: Byte means 8 bits Halfword means 16 bits (two bytes) Word means 32 bits (four bytes) Most ARM’s implement two instruction sets 32-bit ARM Instruction Set 16-bit Thumb Instruction Set Jazelle cores can also execute Java bytecode 2 ARM States ARM architecture define a 16-bit instruction set called the Thumb instruction set. The functionality of the Thumb instruction set is a subset of the functionality of the 32-bit ARM instruction set. A processor that is executing Thumb instructions is said to be operating in Thumb state. A Thumb-capable processor that is executing ARM instructions is said to be operating in ARM state. ARM processors always start in ARM state. You must explicitly change to Thumb state using a BX (Branch and exchange instruction set) instruction. 3 Processor Modes The ARM has seven basic operating modes: User : unprivileged mode under which most tasks run FIQ : entered when a high priority (fast) interrupt is raised IRQ : entered when a low priority (normal) interrupt is raised Supervisor : entered on reset and when a Software Interrupt instruction is executed Abort : used to handle memory access violations Undef : used to handle undefined instructions System : privileged mode using the same registers as user mode 4 The ARM Register Set Current Visible Registers Abort Mode Undef SVC Mode IRQ FIQ User Mode Mode Mode r0 r1 r2 r3 r4 r5 r6 r7 r8 r9 r10 r11 r12 r13 (sp) r14 (lr) Banked out Registers User FIQ IRQ SVC Undef Abort r8 r9 r10 r11 r12 r13 (sp) r14 (lr) r8 r9 r10 r11 r12 r13 (sp) r14 (lr) r13 (sp) r14 (lr) r13 (sp) r14 (lr) r13 (sp) r14 (lr) r13 (sp) r14 (lr) spsr spsr spsr spsr spsr r15 (pc) cpsr spsr 5 Registers and ARM States In ARM state, 16 general registers and one or two status registers are accessible at any one time. In Thumb state, eight general registers, the Program Counter (PC), Stack Pointer (SP), Link Register (LR), and Current Program Status Register (CPSR) are accessible. 6 Registers and ARM States The limitations of Thumbs are alleviated with Thumb2 while retaining very dense coding Thumb-2 introduced variable length instructions to the original Thumb Now instructions can be a mixture of 16-bit and 32-bit. That means you retain the size advantage of the original Thumb in everyday code, but now have access to almost the full ARM feature-set in more complex code, Aside from the aforementioned access to the full register set from all register operations, 7 Cortex-M4 Devices Processor mode and privilege levels for software execution The processor modes are: Thread mode Used to execute application software. The processor enters Thread mode when it comes out of reset. Handler mode Used to handle exceptions. The processor returns to Thread mode when it has finished all exception processing. 8 Cortex-M4 Devices Processor mode and privilege levels for software execution The privilege levels for software execution are: Unprivileged The software: has limited access to the MSR and MRS instructions, and cannot use the CPS instruction cannot access the system timer, NVIC, or system control block might have restricted access to memory or peripherals. Unprivileged software executes at the unprivileged level. Privileged The software can use all the instructions and has access to all resources. Privileged software executes at the privileged level. 9 Exception Handling When an exception occurs, the ARM: Copies CPSR into SPSR_<mode> Sets appropriate CPSR bits 0x1C Change to ARM state 0x18 Change to exception mode 0x14 Disable interrupts (if appropriate) 0x10 Stores the return address in LR_<mode> 0x0C 0x08 Sets PC to vector address 0x04 To return, exception handler needs to:0x00 Restore CPSR from SPSR_<mode> Restore PC from LR_<mode> This can only be done in ARM state. FIQ IRQ (Reserved) Data Abort Prefetch Abort Software Interrupt Undefined Instruction Reset Vector Table Vector table can be at 0xFFFF0000 on ARM720T and on ARM9/10 family devices 10 Program Status Registers 31 28 27 N Z C V Q 24 J 23 16 15 U f n d e f s Condition code flags N = Negative result from ALU Z = Zero result from ALU C = ALU operation Carried out V = ALU operation oVerflowed Sticky Overflow flag - Q flag Architecture 5TE/J only Indicates if saturation has occurred i 8 n e d 7 6 5 4 0 I F T x mode c Interrupt Disable bits. I = 1: Disables the IRQ. F = 1: Disables the FIQ. T Bit Architecture xT only T = 0: Processor in ARM state T = 1: Processor in Thumb state Mode bits J bit Specify the processor mode Architecture 5TEJ only J = 1: Processor in Jazelle state 039v12 11 Cortex-M4 Registers Related Details 039v12 12 Basic Understanding of Environment Run the Assemly_1 project: Understand the overall structure of the code Main debug operations What is the special role of R15 and R14 ? Understand how to call a function or subroutine What is the relation between the back link address and R14 ? Why ? Go to unprivileged mode Run the Blink_NEW project: Understand the overall structure of the code Main debug operations Compare counter++ and counter = counter + 2 assembly conversions Where is counter variable stored ? Create another function, call it from main 039v12 How call is translated in assembly? 13 Conditional Execution and Flags ARM instructions can be made to execute conditionally by postfixing them with the appropriate condition code field. This improves code density and performance by reducing the number of forward branch instructions. CMP r3,#0 CMP r3,#0 BEQ skip ADDNE r0,r1,r2 ADD r0,r1,r2 skip By default, data processing instructions do not affect the condition code flags but the flags can be optionally set by using “S”. CMP does not need “S”. loop … decrement r1 and set flags SUBS r1,r1,#1 BNE loop if Z flag clear then branch 14 Condition Codes The possible condition codes are listed below Note AL is the default and does not need to be specified Suffix EQ NE CS/HS CC/LO MI PL VS VC HI LS GE LT GT LE AL Description Equal Not equal Unsigned higher or same Unsigned lower Minus Positive or Zero Overflow No overflow Unsigned higher Unsigned lower or same Greater or equal Less than Greater than Less than or equal Always Flags tested Z=1 Z=0 C=1 C=0 N=1 N=0 V=1 V=0 C=1 & Z=0 C=0 or Z=1 N=V N!=V Z=0 & N=V Z=1 or N=!V 15 Conditional execution examples C source code if (r0 == 0) { r1 = r1 + 1; } else { r2 = r2 + 1; } ARM instructions unconditional conditional CMP r0, #0 CMP r0, #0 BNE else ADDEQ r1, r1, #1 ADD r1, r1, #1 ADDNE r2, r2, #1 B end ... else ADD r2, r2, #1 end ... • Compile all three cases and measure • Instruction count • Byte count • Cycle count 16 Data processing Instructions Largest family of ARM instructions, all sharing the same instruction format. Contains: Arithmetic operations Comparisons (no results ‐just set condition codes) Logical operations Data movement between registers Remember, this is a load / store architecture These instruction only work on registers, NOT memory. They each perform a specific operation on one or two operands. First operand always a register ‐Rn Second operand sent to the ALU via barrel shifter. We will examine the barrel shifter shortly. 17 Arithmetic Operations Operations are:ADDoperand1 + operand2; Add ; Add with carry ADC operand1 + operand2 + carry ; Subtract SUB operand1 ‐operand2 ; Subtract with carry SBC operand1 ‐operand2 + carry ‐1 ; Reverse subtract RSB operand2 ‐operand1 ; Reverse subtract with RSC operand2 ‐operand1 + carry ‐1 carry Syntax:<Operation>{<cond>}{S} Rd, Rn, Operand2 Examples ADD r0, r1, r2 SUBGT r3, r3, #1 RSBLES r4, r5, #5 18 Comparisons The only effect of the comparisons is to update the condition flags. Thus no need to set S bit. Operations are: ; Compare CMP operand1 ‐operand2 ; Compare negative CMN operand1 + operand2 ; Test TST operand1 AND operand2 ; Test equivalence TEQ operand1 EOR operand2 Syntax: <Operation>{<cond>} Rn, Operand2 Examples: CMPr0, r1 TSTEQr2, #5 19 Logical Operations Operations are: ANDoperand1 AND operand2 EORoperand1 EOR operand2 ORRoperand1 OR operand2 ORN operand1 NOR operand2 BIC operand1 AND NOT operand2 [ie bit clear] Syntax: <Operation>{<cond>}{S} Rd, Rn, Operand2 Examples: AND r0, r1, r2 BICE Qr2, r3, #7 EORS r1,r3,r0 20 Data Movement Operations are: MOV operand2 MVN NOT operand2 Note that these make no use of operand1. Syntax: <Operation>{<cond>}{S} Rd, Operand2 Examples: MOV r0, r1 MOVS r2, #10 MVNEQ r1,#0 21 The Barrel Shifter The ARM doesn’t have actual shift instructions. Instead it has a barrel shifter which provides a mechanism to carry out shifts as part of other instructions. So what operations does the barrel shifter support? 22 The Barrel Shifter Barrel Shifter ‐Left Shift Shifts left by the specified amount (multiplies by powers of two) e.g. LSL #5 => multiply by 32 23 The Barrel Shifter Barrel Shifter ‐Rotations 24 Using a Barrel Shifter:The 2nd Operand Operand 1 Operand 2 Barrel Shifter ALU Result Register, optionally with shift operation Shift value can be either be: 5 bit unsigned integer Specified in bottom byte of another register. Used for multiplication by constant Immediate value 8 bit number, with a range of 0255. Rotated right through even number of positions Allows increased range of 32-bit constants to be loaded directly into registers 25 Second Operand : Shifted Register The amount by which the register is to be shifted is contained in either: the immediate 5‐bit field in the instruction NO OVERHEAD Shift is done for free ‐executes in single cycle. the bottom byte of a register (not PC) Then takes extra cycle to execute ARM doesn’t have enough read ports to read 3 registers at once. Then same as on other processors where shift is separate instruction. If no shift is specified then a default shift is applied: LSL #0 i.e. barrel shifter has no effect on value in register. 26 Second Operand: Using a Shifted Register Using a multiplication instruction to multiply by a constant means first loading the constant into a register and then waiting a number of internal cycles for the instruction to complete. A more optimum solution can often be found by using some combination of MOVs, ADDs, SUBs and RSBs with shifts. Multiplications by a constant equal to a ((power of 2) ±1) can be done in one cycle. MOV R2, R0, LSL #2; Shift R0 left by 2, write to R2, (R2=R0x4) ADD R9, R5, R5, LSL #3 ; R9 = R5 + R5 x 8 or R9 = R5 x 9 RSB R9, R5, R5, LSL #3 ; R9 = R5 x 8 ‐R5 or R9 = R5 x 7 SUB R10, R9, R8, LSR #4 ; R10 = R9 ‐R8 / 16 MOV R12, R4, ROR R3 ; R12 = R4 rotated right by value of R3 27 Data Processing Exercise 1. How would you load the two’s complement representation of -1 into Register 3 using one instruction? 2. Implement an ABS (absolute value) function for a registered value using only two instructions. 3. Multiply a number by 35, guaranteeing that it executes in 2 core clock cycles. 28 Data Processing Solutions 1. MVN r3, #0 2. MOVS RSBMI 3. ADD RSB r7,r7 ; set the flags r7,r7,#0 ; if neg, r7=0-r7 r9,r8,r8,LSL #2 ; r9=r8*5 r10,r9,r9,LSL #3 ; r10=r9*7 29 Immediate constants No ARM instruction can contain a 32 bit immediate constant All ARM instructions are fixed as 32 bits long The data processing instruction format has 12 bits available for operand2 11 8 7 rot x2 0 immed_8 Shifter ROR Quick Quiz: 0xe3a004ff MOV r0, #??? 4 bit rotate value (0-15) is multiplied by two to give range 030 in steps of 2 Rule to remember is “8-bits rotated right by an even number of bit positions” 30 Second Operand: Immediate Value (1) There is no single instruction which will load a 32 bit immediate constant into a register without performing a data load from memory. All ARM instructions are 32 bits long The data processing instruction format has 12 bits available for operand2 If used directly this would only give a range of 4096. Instead it is used to store 8 bit constants, giving a range of 0 ‐255. These 8 bits can then be rotated right through an even number of positions (ie RORs by 0, 2, 4,..30). This gives a much larger range of constants that can be directly loaded, though some constants will still need to be loaded from memory. 31 Second Operand: Immediate Value (2) This gives us: 0 ‐255[0 ‐0xff] 256,260,264,..,1020[0x100‐0x3fc, step 4, 0x40‐0xff ror30] 1024,1040,1056,..,4080[0x400‐0xff0, step 16, 0x40‐0xff ror28] 4096,4160, 4224,..,16320[0x1000‐0x3fc0, step 64, 0x40‐0xff ror26] These can be loaded using, for example: MOV r0, #0x40, 26; => MOV r0, #0x1000 (ie 4096) To make this easier, the assembler will convert to this form for us if simply given the required constant: MOV r0, #4096; => MOV r0, #0x1000 (ie 0x40 ror 26) The bitwise complements can also be formed using MVN: MOV r0, #0xFFFFFFFF ; assembles to MVN r0, #0 If the required constant cannot be generated, an error will be reported. 32 Loading 32 bit constants To allow larger constants to be loaded, the assembler offers a pseudo instruction: LDR rd, =const This will either: Produce a MOV or MVN instruction to generate the value (if possible). or Generate a LDR instruction with a PC-relative address to read the constant from a literal pool (Constant data area embedded in the code). For example MOV r0,#0xFF => LDR r0,=0xFF LDR r0,[PC,#Imm12] LDR r0,=0x55555555 => … … DCD 0x55555555 This is the recommended way of loading constants into a register 33 Single register data transfer LDR LDRB LDRH LDRSB LDRSH STR Word STRB Byte STRH Halfword Signed byte load Signed halfword load Memory system must support all access sizes Syntax: LDR{<cond>}{<size>} Rd, <address> STR{<cond>}{<size>} Rd, <address> e.g. LDREQB 34 Address accessed Address accessed by LDR/STR is specified by a base register with an offset For word and unsigned byte accesses, offset can be: An unsigned 12-bit immediate value (i.e. 0 - 4095 bytes) LDR r0, [r1, #8] A register, optionally shifted by an immediate value LDR r0, [r1, r2] LDR r0, [r1, r2, LSL#2] This can be either added or subtracted from the base register: LDR r0, [r1, #-8] LDR r0, [r1, -r2, LSL#2] For halfword and signed halfword / byte, offset can be: An unsigned 8 bit immediate value (i.e. 0 - 255 bytes) A register (unshifted) Choice of pre-indexed or post-indexed addressing Choice of whether to update the base pointer (pre-indexed only) LDR r0, [r1, #-8]! 35 Load/Store Exercise Assume an array of 25 words. A compiler associates y with r1. Assume that the base address for the array is located in r2. Translate this C statement/assignment using just three instructions: array[10] = array[5] + y; 36 Load/Store Exercise Solution array[10] = array[5] + y; LDR ADD r3, [r2, #5] r3, r3, r1 STR r3, [r2, #10] array[10] ; r3 = array[5] ; r3 = array[5] + y ; array[5] + y = 37 Load and Store Multiples Syntax: <LDM|STM>{<cond>}<addressing_mode> Rb{!}, <register list> 4 addressing modes: increment after LDMIA / STMIA increment before LDMIB / STMIB LDMDA / STMDA decrement after LDMDB / STMDB decrement IA before IB DA DB LDMxx r10, {r0,r1,r4} STMxx r10, {r0,r1,r4} Base Register (Rb) r10 r4 r4 r1 r1 r0 r0 Increasing Address r4 r1 r4 r0 r1 r0 38 Multiply and Divide There are 2 classes of multiply - producing 32-bit and 64-bit results 32-bit versions on an ARM7TDMI will execute in 2 - 5 cycles ; r0 = r1 * r2 ; r0 = (r1 * r2) + r3 64-bit multiply instructions offer both signed and unsigned versions For these instruction there are 2 destination registers MUL r0, r1, r2 MLA r0, r1, r2, r3 [U|S]MULL r4, r5, r2, r3 ; r5:r4 = r2 * r3 [U|S]MLAL r4, r5, r2, r3 ; r5:r4 = (r2 * r3) + r5:r4 Most ARM cores do not offer integer divide instructions Division operations will be performed by C library routines or inline shifts 39 Branch instructions B{<cond>} label Branch : Branch with Link : BL{<cond>} subroutine_label 31 28 27 Cond 25 24 23 0 1 0 1 L Offset Link bit 0 = Branch 1 = Branch with link Condition field The processor core shifts the offset field left by 2 positions, sign-extends it and adds it to the PC ± 32 Mbyte range How to perform longer branches? 40 Register Usage Register Arguments into function Result(s) from function otherwise corruptible (Additional parameters r0 r1 r2 r3 passed on stack) Register variables Must be preserved Scratch register (corruptible) Stack Pointer Link Register Program Counter r4 r5 r6 r7 r8 r9/sb r10/sl r11 The compiler has a set of rules known as a Procedure Call Standard that determine how to pass parameters to a function (see AAPCS) CPSR flags may be corrupted by function call. Assembler code which links with compiled code must follow the AAPCS at external interfaces The AAPCS is part of the new ABI for the ARM Architecture - Stack base - Stack limit if software stack checking selected r12 r13/sp r14/lr r15/pc - SP should always be 8-byte (2 word) aligned - R14 can be used as a temporary once value stacked 41 ARM Branches and Subroutines B <label> PC relative. ±32 Mbyte range. BL <subroutine> Stores return address in LR Returning implemented by restoring the PC from LR For non-leaf functions, LR will have to be stacked 039v12 func1 func2 : STMFD sp!,{regs,lr} : : : BL func1 BL func2 : : : LDMFD sp!,{regs,pc} : : : : MOV pc, lr 42 PSR access 31 28 27 N Z C V Q de 24 23 9 8 7 6 5 4 0 s x mode c MRS and MSR allow contents of CPSR / SPSR to be transferred to / from a general purpose register or take an immediate value MSR allows the whole status register, or just parts of it to be updated Interrupts can be enable/disabled and modes changed, by writing to the CPSR Typically a read/modify/write strategy should be used: MRS r0,CPSR BIC r0,r0,#0x80 MSR CPSR_c,r0 10 16 15 GE[3:0] IT cond_abc E A I F T J f 19 ; read CPSR into r0 ; clear bit 7 to enable IRQ ; write modified value to ‘c’ byte only In User Mode, all bits can be read but only the condition flags (_f) can be modified 43 Agenda Introduction to ARM Ltd Fundamentals, Programmer’s Model, and Instructions Core Family Pipelines AMBA 44 Pipeline changes for ARM9TDMI ARM7TDMI Instruction Fetch ThumbARM decompress FETCH ARM decode Reg Read Shift ALU Reg Write Reg Select DECODE EXECUTE ARM9TDMI Instruction Fetch ARM or Thumb Inst Decode Reg Reg Decode Read FETCH DECODE Shift + ALU EXECUTE Memory Access Reg Write MEMORY WRITE 45 ARM10 vs. ARM11 Pipelines ARM10 Branch Prediction Instruction Fetch FETCH ARM or Thumb Instruction Decode ISSUE Reg Read DECODE Shift + ALU Memory Access Multiply Multiply Add EXECUTE MEMORY Reg Write WRITE ARM11 Fetch 1 Fetch 2 Decode Issue Shift ALU Saturate MAC 1 MAC 2 MAC 3 Address Data Cache 1 Data Cache 2 Write back 46 Agenda Introduction to ARM Ltd Fundamentals, Programmer’s Model, and Instructions Core Family Pipelines AMBA 47 Example ARM-based System 16 bit RAM 32 bit RAM Interrupt Controller nIRQ 8 bit ROM 039v12 nFIQ I/O Peripherals ARM Core 48 An Example AMBA System High Performance ARM processor High Bandwidth External Memory Interface AHB UART Timer APB Bridge Keypad High-bandwidth on-chip RAM PIO DMA Bus Master High Performance Pipelined Burst Support Multiple Bus Masters 039v12 APB Low Power Non-pipelined Simple Interface 49 AHB Structure Arbiter Master #1 HADDR HWDATA HADDR HWDATA HRDATA Slave #1 HRDATA Address/Control Master #2 Slave #2 Write Data Read Data Slave #3 Master #3 Slave #4 Decoder 039v12 50