ARM

Advanced RISC Machines

The ARM Instruction Set

Processor Modes
* The ARM has six operating modes:
User (unprivileged mode under which most tasks run)
FIQ (entered when a high priority (fast) interrupt is raised)
IRQ (entered when a low priority (normal) interrupt is raised)
Supervisor (entered on reset and when a Software Interrupt instruction
is executed)
Abort (used to handle memory access violations)
Undef (used to handle undefined instructions)
* ARM Architecture Version 4 adds a seventh mode:
System (privileged mode using the same registers as user mode)

The Registers
* ARM has 37 registers in total, all of which are 32-bits long.
1 dedicated program counter
1 dedicated current program status register
5 dedicated saved program status registers
30 general purpose registers
* However these are arranged into several banks, with the accessible
bank being governed by the processor mode. Each mode can
access
a particular set of r0-r12 registers
a particular r13 (the stack pointer) and r14 (link register)
r15 (the program counter)
cpsr (the current program status register)
and privileged modes can also access
a particular spsr (saved program status register)

Register Organisation
General registers and Program Counter
User32 / System

FIQ32

Supervisor32

Abort32

IRQ32

Undefined32

r0
r1
r2

r0
r1
r2

r0
r1
r2

r0
r1
r2

r0
r1
r2

r0
r1
r2

r3

r3

r3

r3

r3

r3

r4
r5
r6
r7

r4
r5
r6
r7

r4
r5
r6
r7

r4
r5
r6
r7

r4
r5
r6
r7

r4
r5
r6
r7

r8
r9

r8_fiq
r9_fiq

r8
r9

r8
r9

r8
r9

r8
r9

r10

r10_fiq

r10

r10

r10

r10

r11
r12
r13 (sp)
r14 (lr)

r11_fiq
r12_fiq
r13_fiq
r14_fiq

r11
r12
r13_svc
r14_svc

r11
r12
r13_abt
r14_abt

r11
r12
r13_irq
r14_irq

r11
r12
r13_undef
r14_undef

r15 (pc)

r15 (pc)

r15 (pc)

r15 (pc)

r15 (pc)

r15 (pc)

cpsr
spsr_irq
sprsr_fiq

cpsr
spsr_undef
sprsr_fiq

Program Status Registers

cpsr

cpsr
spsr_fiq
sprsr_fiq

cpsr
spsr_svc

cpsr
spsr_abt

Register Example:
User to FIQ Mode
Registers in use
r0
r1
r2

Registers in use

User Mode

FIQ Mode

r3
r4
r5
r6
r7
r8
r9
r10

r3
r4
r5
r6
r7
r8_fiq
r9_fiq
r10_fiq

r11_fiq

r11

r11_fiq

r12_fiq
r13_fiq
r14_fiq

r12
r13 (sp)
r14 (lr)

r12_fiq
r13_fiq
r14_fiq

r8
r9
r10

r8_fiq
r9_fiq
r10_fiq

r11
r12
r13 (sp)
r14 (lr)

EXCEPTION

r15 (pc)

r15 (pc)

cpsr

r0
r1
r2

Return address calculated from User mode

PC value and stored in FIQ mode LR
spsr_fiq

cpsr
spsr_fiq

User mode CPSR copied to FIQ mode SPSR

Accessing Registers using

ARM Instructions
* No breakdown of currently accessible registers.
All instructions can access r0-r14 directly.
Most instructions also allow use of the PC.
* Specific instructions to allow access to CPSR and SPSR.
* Note : When in a privileged mode, it is also possible to load / store
the (banked out) user mode registers to or from memory.
See later for details.

The Program Status Registers

(CPSR and SPSRs)
31

28

I F T

N Z CV

Mode

Copies of the ALU status flags (latched if the

instruction has the "S" bit set).

Condition Code Flags

N = Negative result from ALU
flag. Z = Zero result from ALU
flag.
C = ALU operation Carried out
V = ALU operation
oVerflowed
Mode Bits
M[4:0] define the processor

Interrupt Disable bits.

I = 1, disables the
IRQ. F = 1, disables the
FIQ.

T Bit
(Architecture v4T
only)
T = 0, Processor in ARM state
T = 1, Processor in Thumb
state

Condition Flags
Logical Instruction

Arithmetic Instruction

Negative
(N=1)

No meaning

Bit 31 of the result has been set

Indicates a negative number in
signed operations

Zero
(Z=1)

Result is all zeroes

Result of operation was zero

Carry
(C=1)

After Shift operation 1

was left in carry flag

Result was greater than 32 bits

oVerflow
(V=1)

No meaning

Result was greater than 31 bits

Indicates a possible corruption of
the sign bit in signed
numbers

Flag

The Program Counter (R15)

* When the processor is executing in ARM state:
All instructions are 32 bits in length
All instructions must be word aligned
Therefore the PC value is stored in bits [31:2] with bits [1:0] equal
to zero (as instruction cannot be halfword or byte aligned).
* R14 is used as the subroutine link register (LR) and stores the
return address when Branch with Link operations are performed,
calculated from the PC.
* Thus to return from a linked branch
MOV r15,r14
or
MOV pc,lr

Exception Handling
and the Vector Table
* When an exception occurs, the
core: Copies CPSR into SPSR_<mode>

Sets appropriate CPSR bits

If core implements ARM Architecture 4T and is

currently in Thumb state, then
ARM state is entered.
* Mode field bits
* Interrupt disable flags if appropriate.
Maps in appropriate banked registers
Stores the return address in LR_<mode>
Sets PC to vector address

0x00000000
0x00000004
0x00000008

0x0000000C
0x00000010
0x00000014
0x00000018
0x0000001C

Reset
Undefined Instruction
Software Interrupt
Prefetch Abort
Data Abort
Reserved
IRQ
FIQ

* To return, exception handler needs to:

Restore CPSR from SPSR_<mode>
Restore PC from LR_<mode>
10

The Instruction Pipeline

* The ARM uses a pipeline in order to increase the speed of the flow
of instructions to the processor.
Allows several operations to be undertaken simultaneously, rather
than serially.
ARM
PC

PC - 4

PC - 8

FETCH

DECODE

Instruction fetched from memory

Decoding of registers used in instruction

Register(s) read from Register Bank

EXECUTE
Shift and ALU operation
Write register(s) back to Register
Bankbeing executed,
to the instruction

* Rather than pointing

the PC points to the instruction being fetched.

11

Quiz #1 - Verbal
* What registers are used to store the program counter and link
register?
* What is r13 often used to
store?
* Which mode, or modes has the fewest available number of
registers available? How many and why?

12

ARM Instruction Set Format

31

2827

1615

87

Cond

0 0 I Opcode

Rn

Rd

Cond

0 0 0 0 0 0 A S

Rd

Rn

Rs

1 0 0 1

Rm

Cond

0 0 0 0 1 U A S

RdHi

RdLo

Rs

1 0 0 1

Rm

Cond

0 0 0 1 0 B 0 0

Rn

Rd

0 0 0 0 1 0 0 1

Rm

Cond

0 1 I P U B W L

Rn

Rd

Cond

1 0 0 P U S W L

Rn

Cond

0 0 0 P U 1 W L

Rn

Rd

Offset1 1 S H 1 Offset2

Rn

Rd

0 0 0 0 1 S H 1

Cond
Cond
Cond

0 0 0

P U 0 W L

1 0 1 L
0 0 0 1

Operand2

Data processing / PSR Transfer

1 1 0 P U N W L

Cond

1 1 1 0

Cond

1 1 1 0

Cond

1 1 1 1

Op1
Op1

Long Multiply
only)

(v3M / v4

Load/Store Multiple

Rm

Offset

Cond

Multiply

Swap
Load/Store Byte/Word

Offset
Register List

0 0 1 0 1 1 1 1 1 1 1 1

Instruction type

Halfword transfer : Immediate

offset (v4 only)
Halfword transfer: Register offset (v4 only)

Branch

1 1 1 1 0 0 0 1

Rn

(v4T

Rn

CRd

CPNum

CRn

CRd

CPNum

Op2

CRm

Coprocessor data operation

CRn

Rd

CPNum

Op2

CRm

Coprocessor register transfer

SWI Number

Offset

Branch Exchange

only) Coprocessor data transfer

Software interrupt

13

Conditional Execution
* Most instruction sets only allow branches to be executed conditionally.
* However by reusing the condition evaluation hardware,
ARM
effectively increases number of instructions.
All instructions contain a condition field which determines whether
the CPU will execute them.
Non-executed instructions soak up 1 cycle.
Still have to complete cycle so as to allow fetching and decoding
of following instructions.
* This removes the need for many branches, which stall the pipeline
(3 cycles to refill).
Allows very dense in-line code, without branches.
The Time penalty of not executing several conditional instructions
is frequently less than overhead of the branch
or subroutine call that would otherwise be needed.
14

The Condition Field

31

28

24

20

16

12

Cond
0000 = EQ - Z set (equal)
0001 = NE - Z clear (not equal)

1001 = LS - C clear or Z (set unsigned

lower or same)

0010 = HS / CS - C set (unsigned

higher or same)

1010 = GE - N set and V set, or N clear

and V clear (>or =)

0011 = LO / CC - C clear (unsigned

lower)

1011 = LT - N set and V clear, or N clear

and V set (>)

0100 = MI -N set (negative)

1100 = GT - Z clear, and either N set and

V set, or N clear and V set (>)

0101 = PL - N clear (positive or

zero)
0110 = VS - V set (overflow)

1101 = LE - Z set, or N set and V clear,or

N clear and V set (<, or =)

0111 = VC - V clear (no overflow)

1110 = AL - always

1000 = HI - C set and Z clear

(unsigned higher)

1111 = NV - reserved.
15

Using and updating the

Condition Field
* To execute an instruction conditionally, simply postfix it with the
appropriate condition:
For example an add instruction takes the form:
ADD
; r0 = r1 + r2
Tor0,r1,r2
execute this only if the zero (ADDAL)
flag is
set: ADDEQ r0,r1,r2
; If zero flag set
; ... r0 = r1 + r2
then
* By default, data processing operations do not affect the condition flags
(apart from the comparisons where this is the only effect). To cause the
condition flags to be updated, the S bit of the instruction needs to be
set by postfixing the instruction (and any condition code) with an S.
For example to add two numbers and set the condition flags:
ADDS
; r0 = r1 + r2
r0,r1,r2
; ... and set flags
16

Branch instructions (1)

* Branch :
* Branch with Link :
31

28 27

B{<cond>} label
BL{<cond>}
sub_routine_label

25 24 23

L
Cond

Link bit

Offset

0 = Branch
1 = Branch with link

Condition field
* The offset for branch instructions is calculated by the
assembler:
By taking the difference between the branch instruction and
the target address minus 8 (to allow for the pipeline).
This gives a 26 bit offset which is right shifted 2 bits (as
the bottom two bits are always zero as instructions are
word aligned) and stored into the instruction encoding.
gives a Program
range of
32 Mbytes.
The ARM Instruction Set -This
ARM University
- V1.0

17

Branch instructions (2)

* When executing the instruction, the processor:
shifts the offset left two bits, sign extends it to 32 bits, and adds it to
PC.
* Execution then continues from the new PC, once the pipeline has
been refilled.
* The "Branch with link" instruction implements a subroutine call
by writing PC-4 into the LR of the current bank.
i.e. the address of the next instruction following the branch with
link (allowing for the pipeline).
* To return from subroutine, simply need to restore the PC from the
LR:
MOV pc, lr
Again, pipeline has to refill before execution continues.
* The "Branch" instruction does not affect LR.
* Note: Architecture 4T offers a further ARM branch instruction, BX
See Thumb Instruction Set Module for details.

18

Data processing Instructions

* Largest family of ARM instructions, all sharing the same
instruction format.
* Contains:
Arithmetic operations
Comparisons (no results - just set condition codes)
Logical operations
Data movement between registers
* Remember, this is a load / store architecture
These instruction only work on registers,
NOT memory.
* They each perform a specific operation on one or two operands.
First operand always a register - Rn
Second operand sent to the ALU via barrel shifter.
* We will examine the barrel shifter shortly.
19

Arithmetic Operations
* Operations
are: ADD

operand1 + operand2
operand1 + operand2 +
carry operand1 - operand2
operand1 - operand2 + carry
-1 operand2 - operand1
operand2 - operand1 + carry 1

ADC
SUB
SBC
RSB
RSC
* Syntax:
<Operation>{<cond>}{S} Rd, Rn,
Operand2
* Examples
ADD r0, r1, r2
SUBGT r3, r3, #1
RSBLES r4, r5, #5

20

Comparisons
* The only effect of the comparisons is to
UPDATE THE CONDITION FLAGS. Thus no need to set S
bit.
* Operations
CMP are:operand1 - operand2, but result not written
operand1 + operand2, but result not written
CMN
operand1 AND operand2, but result not
TST
written operand1 EOR operand2, but result not
TEQ
written
* Syntax:
<Operation>{<cond>} Rn,
Operand2
* Examples:
r0, r1
CMP
r2, #5
TSTEQ

21

Logical Operations
* Operations
are: AND

operand1 AND operand2

operand1 EOR operand2
operand1 OR operand2
operand1 AND NOT
operand2 [ie bit clear]

EOR
ORR
BIC
* Syntax:
<Operation>{<cond>}{S} Rd, Rn,
Operand2
* Examples:
r0, r1, r2
AND
r2, r3,
BICEQ
#7
EORS
r1,r3,r0

22

Data Movement
* Operations
are: MOV

operand2
MVN
NOT operand2
Note that these make no use of operand1.
* Syntax:
<Operation>{<cond>}{S} Rd,
Operand2
* Examples:
r0, r1
MOV
r2, #10
MOVS
MVNEQ r1,#0

23

Quiz #2
Start

r0 = r1
?

Yes

Stop

N
o
Yes

r0 = r0 - r1

r0 > r1
?

No

r1 = r1 - r0

* Convert the GCD

algorithm given in
this flowchart into
1) Normal assembler,
where only branches
can be conditional.
2) ARM assembler, where
all instructions are
conditional, thus
improving code
density.
* The only instructions you
need are CMP, B and
SUB.
24

Quiz #2 - Sample Solutions

Normal
Assembler
gcd

cmp r0, r1

;reached the end?

beq stop
blt less

;if r0 > r1

sub r0, r0, r1

;subtract r1 from r0

bal gcd
less

sub r1, r1, r0

bal gcd

;subtract r0 from r1

stop

ARM Conditional
Assembler
gcd

cmp

r0, r1

;if r0 > r1

subgt r0, r0, r1

;subtract r1 from r0

sublt r1, r1, r0

;else subtract r0 from r1

bne

;reached the end?

gcd

25

The Barrel Shifter

* The ARM doesnt have actual shift instructions.
* Instead it has a barrel shifter which provides a mechanism to carry
out shifts as part of other instructions.
* So what operations does the barrel shifter support?

26

Barrel Shifter - Left Shift

* Shifts left by the specified amount (multiplies by powers of two)
e.g.
LSL #5 = multiply by 32

Logical Shift Left (LSL)

CF

Destination

27

Barrel Shifter - Right Shifts

Logical Shift Right
Shifts right by the
specified amount
(divides by powers
of two) e.g.
LSR #5 = divide by
32
Arithmetic Shift Right
Shifts right (divides
by powers of two) and
preserves the sign bit,
for 2's complement
operations. e.g.

Logical Shift Right

...0

Destination

CF

Arithmetic Shift Right

Destination

CF

Sign bit shifted in

ASR #5 = divide by 32
28

Barrel Shifter - Rotations

Rotate Right (ROR)
Similar to an ASR but the
bits wrap around as they
leave the LSB and appear
as the MSB.

Rotate Right

Destination

CF

e.g. ROR #5
Note the last bit rotated is
also used as the Carry Out.
Rotate Right Extended
(RRX)
This operation uses the
CPSR C flag as a 33rd
bit.
Rotates right by 1
bit. Encoded as ROR
#0.

Rotate Right through

Carry

Destination

CF

29

Using the Barrel Shifter:

The Second Operand

Operand
1

Operand
2
Barrel
Shifter

ALU

Result

* Register, optionally with shift

operation applied.
* Shift value can be either be:
5 bit unsigned integer
Specified in bottom byte of
another register.
* Immediate value
8 bit number
Can be rotated right through
an even number of
positions.
Assembler will calculate
rotate for you from
constant.

30

Second Operand :
Shifted Register
* The amount by which the register is to be shifted is contained
in either:
the immediate 5-bit field in the instruction
NO OVERHEAD
Shift is done for free - executes in single cycle.
the bottom byte of a register (not PC)
Then takes extra cycle to execute
ARM doesnt have enough read ports to read 3 registers
at once.
Then same as on other processors where shift
is separate instruction.
* If no shift is specified then a default shift is applied:
LSL #0
i.e. barrel shifter has no effect on value in register.
31

Second Operand :
Using a Shifted Register
* Using a multiplication instruction to multiply by a constant means
first loading the constant into a register and then waiting a number of
internal cycles for the instruction to complete.
* A more optimum solution can often be found by using some
combination of MOVs, ADDs, SUBs and RSBs with shifts.
Multiplications by a constant equal to a ((power of 2) 1) can be done
in one cycle.
* Example: r0 = r1 * 5
Example: r0 = r1 + (r1 *
4)

ADD
RSBr0,
r2, r3, r3, LSL
r1, r1,
#4
RSB r2, r2, r2, LSL
LSL #2
#3
* Example: r2 = r3 * 105
Example: r2 = r3 * 15 *

; r2 = r3 * 15
; r2 = r2 * 7
32

Second Operand :
Immediate Value (1)
* There is no single instruction which will load a 32 bit immediate
constant into a register without performing a data load from memory.
All ARM instructions are 32 bits long
ARM instructions do not use the instruction stream as data.
* The data processing instruction format has 12 bits available
for operand2
If used directly this would only give a range of 4096.
* Instead it is used to store 8 bit constants, giving a range of 0 255.
* These 8 bits can then be rotated right through an even number
of positions (ie RORs by 0, 2, 4,..30).
This gives a much larger range of constants that can be directly
loaded, though some constants will still need to be loaded
from memory.
33

Second Operand :
Immediate Value (2)
* This gives
us: 0 - 255
256,260,264,..,1020
1024,1040,1056,..,4080
4096,4160, 4224,..,16320

[0 - 0xff]
[0x100-0x3fc, step 4, 0x40-0xff ror 30]
[0x400-0xff0, step 16, 0x40-0xff ror 28]
[0x1000-0x3fc0, step 64, 0x40-0xff ror 26]

* These can be loaded using, for example:

MOV r0, #0x40, 26

; => MOV r0, #0x1000 (ie 4096)
* To make this easier, the assembler will convert to this form for us
if simply given the required constant:

MOV r0, #4096

; => MOV r0, #0x1000 (ie
0x40 ror 26)
* The bitwise complements can also be formed using MVN:
MOV r0, #0xFFFFFFFF
; assembles to MVN r0, #0
* If the required constant cannot be generated, an error
will be reported.

34

Loading full 32 bit constants

* Although the MOV/MVN mechansim will load a large range of
constants into a register, sometimes this mechansim will not generate the
required constant.
* Therefore, the assembler also provides a method which will load ANY
32 bit constant:
LDR rd,=numeric constant
* If the constant can be constructed using either a MOV or MVN then
this will be the instruction actually generated.
* Otherwise, the assembler will produce an LDR instruction with a
; generates
MOV from
r0,#0x42
LDR
r0,=0x42
PCrelative
address to read
the constant
a literal pool.
LDR r0,=0x55555555 ; generate LDR r0,[pc, offset to lit pool]

* As this mechanism will always generate the best instruction for a

given case, it is the recommended way of loading constants.

35

Multiplication Instructions
* The Basic ARM provides two multiplication instructions.
* Multiply
MUL{<cond>}{S} Rd, Rm, Rs
; Rd = Rm * Rs
* Multiply Accumulate
- does addition for free
MLA{<cond>}{S} Rd, Rm, Rs,Rn
; Rd = (Rm * Rs) +
Rn
* Restrictions on use:
Rd and Rm cannot be the same register
Can be avoid by swapping Rm and Rs around. This works
because multiplication is commutative.
Cannot use PC.
These will be picked up by the assembler if overlooked.
* Operands can be considered signed or unsigned
Up to user to interpret correctly.
36

Multiplication Implementation
* The ARM makes use of Booths Algorithm to perform
integer multiplication.
* On non-M ARMs this operates on 2 bits of Rs at a time.
For each pair of bits this takes 1 cycle (plus 1 cycle to start
with).
However when there are no more 1s left in Rs, the multiplication
will early-terminate.
* Example: Multiply 18 and -1 : Rd = Rm * Rs

Rm

18 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 18

Rs

Rs

-1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 -1

Rm

17 cycles

4 cycles

* Note: Compiler does not use early termination criteria

to decide on which order to place operands.
37

Extended Multiply Instructions

* M variants of ARM cores contain extended
multiplication hardware. This provides three
enhancements:
An 8 bit Booths Algorithm is used
Multiplication is carried out faster (maximum for
standard instructions is now 5 cycles).
Early termination method improved so that now
completes multiplication when all remaining bit sets
contain
all zeroes (as with non-M ARMs), or
all ones.
Thus the previous example would early terminate in 2 cycles
in both cases.
64 bit results can now be produced from two 32bit operands
Higher accuracy.
Pair of registers used to store result.

38

Multiply-Long and
Multiply-Accumulate Long
* Instructions are
MULL which gives RdHi,RdLo:=Rm*Rs
MLAL which gives RdHi,RdLo:=(Rm*Rs)+RdHi,RdLo
* However the full 64 bit of the result now matter (lower
precision multiply instructions simply throws top 32bits away)
Need to specify whether operands are signed or unsigned
* Therefore syntax of new instructions are:
UMULL{<cond>}{S} RdLo,RdHi,Rm,Rs
UMLAL{<cond>}{S} RdLo,RdHi,Rm,Rs
SMULL{<cond>}{S} RdLo, RdHi, Rm, Rs
SMLAL{<cond>}{S} RdLo, RdHi, Rm, Rs
* Not generated by the compiler.

Warning : Unpredictable on non-M ARMs.

39

Quiz #3
1. Specify instructions which will implement the
following:
b) r1 = r0 *
a) r0 = 16
c) r0 = r1 / 16 ( r1 signed 2's
comp.)
2. What will the following instructions
do?
a) ADDS r0, r1, r1, LSL #2

4 d) r1 = r2
*7
b) RSB r2, r1,
#0

3. What does the following instruction sequence

do?
ADD r0, r1, r1, LSL
#1 SUB r0, r0, r1, LSL
#4 ADD r0, r0, r1, LSL
#7

40

Load / Store Instructions

* The ARM is a Load / Store Architecture:
Does not support memory to memory data processing
operations.
Must move data values into registers before using them.
* This might sound inefficient, but in practice isnt:
Load data values from memory into registers.
Process data in registers using a number of data processing
instructions which are not slowed down by memory
access.
Store results from registers out to memory.
* The ARM has three sets of instructions which interact with
main memory. These are:
Single register data transfer (LDR / STR).
Block data transfer (LDM/STM).
Single Data Swap (SWP).

41

Single register data transfer

* The basic load and store instructions are:
Load and Store Word or Byte
LDR / STR / LDRB / STRB
* ARM Architecture Version 4 also adds support for halfwords and
signed data.
Load and Store Halfword
LDRH / STRH
Load Signed Byte or Halfword - load value and sign extend it to 32 bits.
LDRSB / LDRSH
* All of these instructions can be conditionally executed by inserting
the appropriate condition code after STR / LDR.
e.g. LDREQB
* Syntax:
<LDR|STR>{<cond>}{<size>} Rd, <address>
42

Load and Store Word or Byte:

Base Register
* The memory location to be accessed is held in a base
register
STR r0, [r1]
; Store contents of r0 to location pointed to
; by contents of r1.
LDR r2, [r1]
; Load r2 with contents of memory
location
; pointed to by contents of r1.
Source
Register
for STR

Memory

r0

0x5

r1
Base
Register

0x200

r2
0x200

0x5

0x5

Destination
Register
for LDR

43

Load and Store Word or Byte:

Offsets from the Base Register
* As well as accessing the actual location contained in the base
register, these instructions can access a location offset from the base
register pointer.
* This offset can be
An unsigned 12bit immediate value (ie 0 - 4095 bytes).
A register, optionally shifted by an immediate value
* This can be either added or subtracted from the base register:
Prefix the offset value or register with + (default) or -.
* This offset can be applied:
before the transfer is made: Pre-indexed addressing
optionally auto-incrementing the base register, by postfixing
the instruction with an !.
after the transfer is made: Post-indexed addressing
causing the base register to be auto-incremented.
44

Load and Store Word or Byte:

Pre-indexed Addressing
* Example: STR r0,
[r1,#12]

Memory

Offset
12

0x20c

r0
0x5

Source
Register
for STR

0x5

r1
Base
Register

0x200

0x200

* To store to location 0x1f4 instead use: STR r0, [r1,#-12]

* To auto-increment base pointer to 0x20c use: STR r0, [r1,
#12]!
* If r2 contains 3, access 0x20c by multiplying this by 4:

STR r0, [r1, r2, LSL #2]

45

Load and Store Word or Byte:

Post-indexed Addressing
Memory

* Example: STR r0, [r1],

#12
Updated
Base
Register

Original
Base
Register

r1

Offset

0x20c

12

r1

r0
0x5

0x20c

0x200

Source
Register
for STR

0x5

0x200

* To auto-increment the base register to location 0x1f4 instead use:

STR r0, [r1], #-12

* If r2 contains 3, auto-incremenet base register to 0x20c by
multiplying this by 4:

STR r0, [r1], r2, LSL #2

46

Load and Stores

with User Mode Privilege
* When using post-indexed addressing, there is a further form
of Load/Store Word/Byte:
<LDR|STR>{<cond>}{B}T Rd, <post_indexed_address>
* When used in a privileged mode, this does the load/store with user
mode privilege.
Normally used by an exception handler that is emulating a
memory access instruction that would normally execute in user
mode.

47

Example Usage of
Addressing Modes
* Imagine an array, the first element of which is pointed to by the
contents of r0.
element
* If we want to access a particular
element, then we can use pre-indexed
r1 is element we want.
addressing:
3
LDR r2, [r0, r1, LSL
2
#2]
Pointer to
start of array
1
* If we want to step through every
0
r0
element of the array, for instance
to produce sum of elements in
array, then we can use post-indexed addressing within a
the
loop:
r1 is address of current element (initially equal to r0).
LDR r2, [r1], #4
Use a further register to store the address of final
element, so that the loop can be correctly terminated.

Memory
Offset

12
8
4
0

48

Offsets for Halfword and

Signed Halfword / Byte Access
* The Load and Store Halfword and Load Signed Byte or Halfword
instructions can make use of pre- and post-indexed addressing in
much the same way as the basic load and store instructions.
* However the actual offset formats are more constrained:
The immediate value is limited to 8 bits (rather than 12 bits) giving
an offset of 0-255 bytes.
The register form cannot have a shift applied to it.

49

Effect of endianess
* The ARM can be set up to access its data in either little or
big endian format.
* Little endian:
Least significant byte of a word is stored in bits 0-7 of an
addressed word.
* Big endian:
Least significant byte of a word is stored in bits 24-31 of
an addressed word.
* This has no real relevance unless data is stored as words and
then accessed in smaller sized quantities (halfwords or bytes).
Which byte / halfword is accessed will depend on the endianess
of the system involved.

50

Endianess Example
r0 =
0x11223344
31

24 23

11

22

16 15

87

33

44

STR r0, [r1]

r1 = 0x100

31
23

24

11

16 15

22

87

33

Memory

44

Little-endian

31
23

24

44

33

16 15
7

22

11

r1 = 0x100

Big-endian

LDRB r2, [r1]

31
23

24

00

00

16 15
7

00
44

r2 = 0x44

31
23

24

00

00

16 15
7

00

11

r2 = 0x11
51

Quiz #4
* Write a segment of code that add together elements x to x+(n-1) of
an array, where the element x=0 is the first element of the array.
* Each element of the array is word sized (ie. 32 bits).
* The segment should use post-indexed addressing.
* At the start of your segments, you should assume that:
r0 points to the start of the array.
Elements
r1 = x
r2 = n
n elements

r0

x + (n -

1)
x+1
x

52

Quiz #4 - Sample Solution

ADD r0, r0, r1, LSL#2
ADD r2, r0, r2, LSL#2
MOV r1, #0
loop
LDR
ADD
CMP
BLT

r3, [r0], #4
r1, r1, r3
r0, r2
loop

; Set r0 to address of element x

; Set r2 to address of element n+1
; Initialise counter

;
;
;
;
;
; on exit sum contained in r1

Access element and move to next

Add contents to counter
Have we reached element x+n?
If not - repeat for
next element

53

Block Data Transfer (1)

* The Load and Store Multiple instructions (LDM / STM) allow
betweeen 1 and 16 registers to be transferred to or from memory.
* The transferred registers can be either:
Any subset of the current bank of registers (default).
Any subset of the user mode bank of registers when in a
priviledged mode (postfix instruction with a ^).
31

24 23 22 21 20
19 U S W L
P

28 27

Cond

1
0

Condition field
Up/Down bit

16

15

Rn

Base register
Load/Store bit

0 = Down; subtract offset from base

1 = Up ; add offset to base

0 = Store to memory
1 = Load from memory

Pre/Post indexing bit

Write- back bit

0 = Post; add offset after transfer,

1 = Pre ; add offset before transfer

0 = no write-back
1 = write address into base

Register list
Each bit corresponds to a particular
register. For example:
Bit 0 set causes r0 to be transferred.
Bit 0 unset causes r0 not to be transferred.

At least one register must be

transferred as the list cannot be empty.

PSR and force user bit

0 = dont load PSR or force user mode
1 = load PSR or force user mode

54

Block Data Transfer (2)

* Base register used to determine where memory access should occur.
4 different addressing modes allow increment and decrement inclusive
or exclusive of the base register location.
Base register can be optionally updated following the transfer
(by appending it with an !.
Lowest register number is always transferred to/from lowest
memory location accessed.
* These instructions are very efficient for
Saving and restoring context
For this useful to view memory as a stack.
Moving large blocks of data around memory
For this useful to directly represent functionality of the
instructions.
55

Stacks
* A stack is an area of memory which grows as new data is pushed
onto the top of it, and shrinks as data is popped off the top.
* Two pointers define the current limits of the stack.
A base pointer
used to point to the bottom of the stack (the first location).
A stack pointer
used to point the current top of the stack.
PUSH
{1,2,3}
SP

POP
3
2

SP
BASE

SP

1
BASE

Result of
pop = 3

1
BASE

56

Stack Operation
* Traditionally, a stack grows down in memory, with the last pushed
value at the lowest address. The ARM also supports ascending
stacks, where the stack structure grows up through memory.
* The value of the stack pointer can either:
Point to the last occupied address (Full stack)
and so needs pre-decrementing (ie before the push)
Point to the next occupied address (Empty stack)
and so needs post-decrementing (ie after the push)
* The stack type to be used is given by the postfix to the
instruction:
STMFD / LDMFD : Full Descending stack
STMFA / LDMFA : Full Ascending stack.
STMED / LDMED : Empty Descending stack
* Note:
ARM Compiler
always
use a Full
descending
STMEA
/ LDMEA will
: Empty
Ascending
stack
stack.

57

Stack Examples
STMFD sp!,
{r0,r1,r3-r5}

STMED sp!,
{r0,r1,r3-r5}

STMFA sp!,
{r0,r1,r3-r5}

STMEA sp!,
{r0,r1,r3-r5}

0x418
SP

Old SP

Old SP

SP

r5
r4
r3
r1
r0

SP

Old SP

r5
r4
r3
r1
r0

SP
r5
r4
r3
r1
r0
Old SP

0x400

r5
r4
r3
r1
r0

0x3e8

58

Stacks and Subroutines

* One use of stacks is to create temporary register workspace for
subroutines. Any registers that are needed can be pushed onto the
stack at the start of the subroutine and popped off again at the end so
as to restore them before return to; the
caller :
STMFD sp!,{r0-r12, lr}
stack all registers
........

; and the return address

........
LDMFD sp!,{r0-r12, pc}

; load all the registers

; and return automatically

* See the chapter on the ARM Procedure Call Standard in the

SDT Reference Manual for further details of register usage
within subroutines.
* If the pop instruction also had the S bit set (using ^) then the
transfer of the PC when in a priviledged mode would also cause the
SPSR to be copied into the CPSR (see exception handling module).
59

Direct functionality of
Block Data Transfer
* When LDM / STM are not being used to implement stacks, it is clearer
to specify exactly what functionality of the instruction is:
i.e. specify whether to increment / decrement the base pointer, before
or after the memory access.
* In order to do this, LDM / STM support a further syntax in addition
to the stack one:
STMIA / LDMIA : Increment After
STMIB / LDMIB : Increment Before
STMDA / LDMDA : Decrement After
STMDB / LDMDB : Decrement Before

60

Example: Block Copy

Copy a block of memory, which is an exact multiple of 12 words long
from the location pointed to by r12 to the location pointed to by r13.
r14 points to the end of block to be copied.
; r12 points to the start of the source data
; r14 points to the end of the source data
; r13 points to the start of the destination data
r13
LDMIA
loop
r12!, {r0-r11} ; load 48 bytes
STMIA
r13!, {r0-r11} ; and store them
r14
CMP
r12, r14
; check for the end
BNE
loop
; and loop until done

This loop transfers 48 bytes in 31

cycles
Over 50 Mbytes/sec at 33 MHz

Increasing
Memory

r12

61

Quiz #5
* The contents of registers r0 to r6 need to be swapped around thus:
r0 moved into r3
r1 moved into r4
r2 moved into r6
r3 moved into r5
r4 moved into r0
r5 moved into r1
r6 moved into r2
* Write a segment of code that uses full descending stack operations
to carry this out, and hence requires no use of any other registers
for temporary storage.

62

Quiz #5 - Sample Solution

STMFD sp!,
{r0-r6}

LDMFD sp!,
{r3,r4,r6}

LDMFD sp!,
{r5}

Old SP

SP

LDMFD sp!,
{r0-r2}
SP

r6
r5
r4
r3
r2
r1
r0

SP

r6
r5
r4
r3

r3 = r0
r4 = r1
r6 = r2

SP

r5
r6
r4

r5 = r3

r0 = r4
r1 = r5
r2 = r6

63

Swap and Swap Byte

Instructions
* Atomic operation of a memory read followed by a memory
write which moves byte or word quantities between registers
and memory.
* Syntax:
SWP{<cond>}{B} Rd, Rm, [Rn]
1

Rn

temp
2

3
Memory

Rm

Rd

* Thus to implement an actual swap of contents make Rd =

Rm.
* The compiler cannot produce this instruction.
64

Software Interrupt (SWI)

31

28 27

Cond

24
23

1 1 1

Comment field (ignored by Processor)

Condition Field
* In effect, a SWI is a user-defined
instruction.
* It causes an exception trap to the SWI hardware vector (thus causing a
change to supervisor mode, plus the associated state saving), thus
causing the SWI exception handler to be called.
* The handler can then examine the comment field of the instruction
to decide what operation has been requested.
* By making use of the SWI mechansim, an operating system can
implement a set of privileged operations which applications running
in user mode can request.
* See Exception Handling Module for further details.

65

PSR Transfer Instructions

* MRS and MSR allow contents of CPSR/SPSR to be transferred
from appropriate status register to a general purpose register.
All of status register, or just the flags, can be transferred.
* Syntax:
; Rd = <psr>
MRS{<cond>} Rd,<psr>
; <psr> = Rm
MSR{<cond>} <psr>,Rm
; <psrf> = Rm
MSR{<cond>} <psrf>,Rm
where
<psr> = CPSR, CPSR_all, SPSR or
<psrf> SPSR_all
= CPSR_flg
or SPSR_flg
* Also an immediate
form
MSR{<cond>} <psrf>,#Immediate
This immediate must be a 32-bit immediate, of which the
4most significant bits are written to the flag bits.
66

Using MRS and MSR

* Currently reserved bits, may be used in future, therefore:
they must be preserved when altering PSR
the value they return must not be relied upon when testing other
31 bits. 28
8
4
0
N Z CV

I F T

Mode

* Thus read-modify-write strategy must be followed when modifying

any PSR:
Transfer PSR to register using MRS
Modify relevant bits
Transfer updated value back to PSR using MSR
* Note:
In User Mode, all bits can be read but only the flag bits
can
be written to.

67

Coprocessors
* The ARM architecture supports 16 coprocessors
* Each coprocessor instruction set occupies part of the ARM
instruction set.
* There are three types of coprocessor instruction
Coprocessor data processing
Coprocessor (to/from ARM) register transfers
Coprocessor memory transfers (load and store to/from memory)
* Assembler macros can be used to transform custom coprocessor
mneumonics into the generic mneumonics understood by the
processor.
* A coprocessor may be implemented
in hardware
in software (via the undefined instruction exception)
in both (common cases in hardware, the rest in software)
68

Coprocessor Data Processing

* This instruction initiates a coprocessor operation
* The operation is performed only on internal coprocessor state
For example, a Floating point multiply, which multiplies the contents
of two registers and stores the result in a third register
* Syntax:

CDP{<cond>} <cp_num>,<opc_1>,CRd,CRn,CRm,{<opc_2>}

31

28 27 26 25 24 23

Cond

1 1 1 0

20 19

opc_1

16 15

CRn

12 11

CRd

cp_num

opc_2 0

Destination Register
Opcode

CRm

Opcode

Source Registers

Condition Code Specifier

69

Coprocessor Register
Transfers
* These two instructions move data between ARM registers
and coprocessor registers
MRC : Move to Register from Coprocessor
MCR : Move to Coprocessor from Register
* An operation may also be performed on the data as it is
transferred
For example a Floating Point Convert to Integer instruction can be
implemented as a register transfer to ARM that also converts the
data from floating point format to integer format.
<MRC|MCR>{<cond>}
* 31
Syntax
<cp_num>,<opc_1>,Rd,CRn,CRm,<opc_2>
Cond

opc_1
L 19
28 1
27 1
26 1
25 0
24 23
22 21 20

Condition Code Specifier

CRn

Rd15
16
0

cp_num
12 11

opc_2
8 7 1

CRm
4 3

ARM Source/Dest Register

Opcode
Coprocesor Source/Dest Registers
Transfer To/From Coprocessor
Opcode
70

Coprocessor Memory
Transfers (1)
* Load from memory to coprocessor registers
* Store to memory from coprocessor
registers.
31

28 27 26 25 24 23 22 21 20 19

Cond

1 1 0 P U N W L

Condition Code Specifier

16 15

Rn

12 11

CRd

cp_num

Source/Dest Register
Base Register
Load/Store
Base Register Writeback
Transfer Length
Add/Subtract Offset
Pre/Post Increment

Offset
Address Offset

71

Coprocessor Memory
Transfers (2)
* Syntax of these is similar to word transfers between ARM and
memory:
<LDC|STC>{<cond>}{<L>} <cp_num>,CRd,<address>

PC relative offset generated if possible, else causes an error.

<LDC|STC>{<cond>}{<L>} <cp_num>,CRd,<[Rn,offset]{!}>

Pre-indexed form, with optional writeback of the base register

<LDC|STC>{<cond>}{<L>} <cp_num>,CRd,<[Rn],offset>

Post-indexed form
where
<L> when present causes a long transfer to be performed (N=1)
else causes a short transfer to be performed (N=0).
Effect of this is coprocessor dependant.
72

Quiz #6
* Write a short code segment that performs a mode change by
modifying the contents of the CPSR
The mode you should change to is user mode which has the value
0x10.
This assumes that the current mode is a priveleged mode such
as supervisor mode.
This would happen for instance when the processor is reset - reset
code would be run in supervisor mode which would then need to
switch to user mode before calling the main routine in your
application.
31 You will
need to use MSR and MRS, plus 2 logical
operations.
28
8
4
0
N Z CV

I F TM
o
de
73

Quiz #6 - Sample Solution

* Set up useful
constants:
mmask

EQU

0x1f

; mask to clear mode bits

userm

EQU

0x10

; user mode value

* Start off here in supervisor

r0, cpsr
mode. MRS
BIC
ORR
MSR

r0,r0,#mmask
r0,r0,#userm
cpsr, r0

; take a copy of the CPSR

;
;
;
;

clear the mode bits

select new mode
write back the modified
CPSR

* End up here in user

mode.

74

Main features of the

ARM Instruction Set
*
*
*
*

All instructions are 32 bits long.

Most instructions execute in a single cycle.
Every instruction can be conditionally executed.
A load/store architecture
Data processing instructions act only on registers
Three operand format
Combined ALU and shifter for high speed bit manipulation
Specific memory access instructions with powerful autoindexing addressing modes.
32 bit and 8 bit data types
and also 16 bit data types on ARM Architecture v4.
Flexible multiple register load and store instructions
* Instruction set extension via coprocessors
75