

### The ARM instruction set

- Outline:
  - O privileged modes and exceptions
  - O instruction set details
  - system code example

hands-on: system software - SWI handler



### The ARM instruction set

- **Outline**:
  - privileged modes and exceptions
  - O instruction set details
  - O system code example

hands-on: system software - SWI handler



## Privileged modes and exceptions

- ARM has privileged operating modes:
  - **SVC** (supervisor) mode for software interrupts
  - IRQ mode for (normal) interrupts
  - FIQ mode for fast interrupts
  - Abort mode for handling memory faults
  - **O** Undef mode for undefined instruction traps
  - **O** System mode for privileged operating system tasks

## **Memory faults**

**MANCHEstER** 

- ARM has full support for memory faults. Accesses may fail because of:
  - virtual memory page faults
  - memory protection violations
  - soft memory errors
  - **O Prefetch aborts** are faults on instruction fetches
  - **Data aborts** are faults on data transfers
    - both are recoverable (with a little work)
    - details vary somewhat between different ARM cores



## Privileged modes and exceptions

- Each privileged mode (apart from System mode) has:
  - **O** some private registers
    - its own r14 for a return address
    - its own r13, normally for a private stack pointer
    - FIQ mode has additional private registers to speed its operation
  - its own Saved Program Status Register (SPSR)
    - to preserve the CPSR so it can be restored upon return

#### MANCHEster 1824 Privileged modes and exceptions r0 usable in user mode



# Privileged modes and exceptions



- □ The CPSR and SPSR format:
  - O bit 7 *disables* IRQ when set
  - O bit 6 disables FIQ when set
  - O bit 5 controls the instruction set
    - ARM (T=0) or Thumb (T=1)
  - bits 4 to 0 define the operating mode

Some of the "unused" bits have functions in later ARM versions.

# Privileged modes and exceptions

#### Register use:

| CPSR<br>[4:0] | Mode   | Use                                        | Registers |
|---------------|--------|--------------------------------------------|-----------|
| 10000         | User   | Normal user code                           | user      |
| 10001         | FIQ    | Processing fast interrupts                 | _fiq      |
| 10010         | IRQ    | Processing standard interrupts             | _irq      |
| 10011         | SVC    | Processing software interrupts (SWIs) _svc |           |
| 10111         | Abort  | Processing memory faults                   | _abt      |
| 11011         | Undef  | Handling undefined instruction traps       | _und      |
| 11111         | System | Running privileged operating system tasks  | user      |

- there is one more mode in a *few* recent ARMs (introduced later)

#### MANCHEstER Privileged modes and exceptions

- Exceptions arise:
  - as a direct effect of fetching or decoding an instruction:
    - software interrupts
    - undefined instructions
    - prefetch aborts
  - O as a side-effect of an instruction:
    - aborts on data transfers
  - unrelated to the instruction flow:
    - Reset, IRQ, FIQ

## Privileged modes and exceptions

- Exception entry sequence:
  - O change to the appropriate operating mode
  - Save the return address in r14\_exc
  - Save the old CPSR in SPSR\_exc
  - O disable IRQ
  - O on FIQ entry, disable FIQ
  - O force the PC to the appropriate exception 'vector' address
    - these are not really vectors!

# Privileged modes and exceptions

#### Exception vector addresses:

| Exception                                       | Mode  | Vector address |
|-------------------------------------------------|-------|----------------|
| Reset                                           | SVC   | 0x0000000      |
| Undefined instruction                           | UND   | 0x0000004      |
| Software interrupt (SWI)                        | SVC   | 0x0000008      |
| Prefetch abort (instruction fetch memory fault) | Abort | 0x000000C      |
| Data abort (data access memory fault)           | Abort | 0x00000010     |
| -                                               | _     | 0x00000014     |
| IRQ (normal interrupt)                          | IRQ   | 0x00000018     |
| FIQ (fast interrupt)                            | FIQ   | 0x0000001C     |

#### MANCHEstER Privileged modes and exceptions

- Exception handling
  - the 'vector' address normally contains a branch to the exception handling code
    - exception handler B
- PC, =exception\_handler or LDR
  - the FIQ handler can start at 0x000001C (saves branching)
  - Image: right start of the st
    - can save work registers for use by the handler
    - FIQ usually has enough private registers
  - O process exception
  - O restore work registers and return

# Privileged modes and exceptions

#### Privileged operations

The University of Manchester

| MSR   | CPSR_c, <source/> | ; | Change processor mode       |
|-------|-------------------|---|-----------------------------|
|       | _ ``              |   | Save user mode regs.        |
| LDMFD | sp!, {r0-r14}^    | ; | Load <i>user mode</i> regs. |

- can also switch into system mode
  - LDMFD sp!, {r15} ; Pop PC and restore SPSR

• Also in ARM v6

SRSFD #svc! ; RFEFD SP! ;

- ; Push LR and SPSR  $@{\tt SP}_{\tt svc}$
- ; Pop PC and CPSR

# Privileged modes and exceptions

Return from exception

O from a SWI or undefined instruction:

MOVS pc, r14

- data ops with S and pc are a special form
- they restore the CPSR from SPSR\_exc as well

• from an IRQ, FIQ or prefetch abort:

```
SUBS pc, r14, #4
```

• from a data abort to retry the data transfer:

SUBS pc, r14, #8

## **Example interrupt handler**



LDMFD SP!, {r0-r2, pc}^ ; Restore and return

#### O using a Branch at the 'vector' position

- limits range of jumps
- 'tedious' to modify

MANCHEstER





MANCH<mark>Est</mark>ER



### The ARM instruction set

- Outline:
  - O privileged modes and exceptions
  - instruction set details
  - O system code example

hands-on: system software - SWI handler

#### MANCHEstER The ARM condition code field



(almost) every ARM instruction may have a condition added

- exceptions (later versions) use former 'NV' code for 'always'
- the instruction will only be executed if the condition is passed
- the conditions test the values of the N, Z, C and V flags in the **CPSR**
- If no condition is specified 'AL' (always) is assumed



### **ARM condition codes**

| Opcode<br>[31:28] | Mnemonic<br>extension | Interpretation                    | Status flag state for execution |
|-------------------|-----------------------|-----------------------------------|---------------------------------|
| 0000              | EQ                    | Equal/equals zero                 | Z set                           |
| 0001              | NE                    | Not equal                         | Z clear                         |
| 0010              | CS/HS                 | Carry set/unsigned Higher or same | C set                           |
| 0011              | CC/LO                 | Carry clear/unsigned lower        | C clear                         |
| 0100              | MI                    | Minus/negative                    | N set                           |
| 0101              | PL                    | Plus/positive or zero             | N clear                         |
| 0110              | VS                    | Overflow                          | V set                           |
| 0111              | VC                    | No Overflow                       | V clear                         |
| 1000              | HI                    | Unsigned higher                   | C set and Z clear               |
| 1001              | LS                    | Unsigned lower or same            | C clear or Z set                |
| 1010              | GE                    | Signed greater or equal           | N equals V                      |
| 1011              | LT                    | Signed less than                  | N is not equal to V             |
| 1100              | GT                    | Signed greater than               | Z clear and N equals V          |
| 1001              | LE                    | Signed less or equal              | Z set or N is not equal to V    |
| 1110              | AL                    | Always                            | any                             |
| 1111              | NV <sup>†</sup>       | Never                             | none                            |

<sup>†</sup>NV (1111) is used to specify other, unconditional instructions in later ARM versions.

## **ARM** instruction format

All ARM instructions are 32 bits long

#### Originally the decoding was quite simple

| 31 28 | 27 26 25 24 |                           |
|-------|-------------|---------------------------|
| cond  | 0 0         | data operations           |
| cond  | 0 1         | memory transfers          |
| cond  | 100         | multiple memory transfers |
| cond  | 101         | branches                  |
| cond  | 1 1 0       | coprocessor operations    |
| cond  | 1110        | coprocessor operations    |
| cond  | 1111        | system calls              |

• the model is no longer quite this simple!

• 'holes' in the instruction space have since been filled

MANCHEstER

#### MANCHEstER **Branch and Branch with Link**

| 31 28 27 | 25 24 23 | 0                         |
|----------|----------|---------------------------|
| cond 1   | 0 1 L    | 24-bit signed word offset |

• the L bit selects Branch with Link

the address of the instruction after the branch is placed into r14

O the offset is scaled to word

- giving a range of ±32 Mbytes
- Assembler format:

B{L}{<cond>} <target address>



### **Branch and eXchange**



• recent ARM chips (v5T) also support BLX

O used to switch execution to the Thumb instruction set

- if Rm[0] = 1

Causes a branch to the address in Rm Assembler format:

 $BX{<cond>} Rm$ 



### **SoftWare Interrupt**

| 31 | 28 | 27 24 | 23                             | 0 |
|----|----|-------|--------------------------------|---|
| СО | nd | 1111  | 24-bit (interpreted) immediate | ) |

- this instruction is the normal way to access operating system facilities; it:
  - puts the processor into supervisor mode
  - saves the CPSR in SPSR\_svc
  - saves the return address in r14\_svc
  - sets the PC to 0x0000008
- Assembler format:

```
SWI{<cond>} <24-bit immediate>
```



### **Multiply instructions**



| $MUL{}{S}$                    | Rd, Rm,  | Rs  |     |    |
|-------------------------------|----------|-----|-----|----|
| $MLA{}{S}$                    | Rd, Rm,  | Rs, | Rn  |    |
| <mul>{<cond>}{S}</cond></mul> | RdHi, Rd | Lo, | Rm, | Rs |

| Opcode<br>[23:21] | Mnemonic           | Meaning                                      | Effect                             |
|-------------------|--------------------|----------------------------------------------|------------------------------------|
| 000               | MUL                | Multiply (32-bit result)                     | Rd := (Rm * Rs) [31:0]             |
| 001               | MLA                | Multiply-accumulate (32-bit result)          | Rd := (Rm * Rs + Rn) [31:0]        |
| 010               | UMAAL <sup>*</sup> | Unsigned multiply-accumulate-accumulate long | RdHi:RdLo := Rm * Rs + RdHi + RdLo |
| 011               | _                  | <unused></unused>                            | _                                  |
| 100               | UMULL              | Unsigned multiply long                       | RdHi:RdLo := Rm * Rs               |
| 101               | UMLAL              | Unsigned multiply-accumulate long            | RdHi:RdLo += Rm * Rs               |
| 110               | SMULL              | Signed multiply long                         | RdHi:RdLo := Rm * Rs               |
| 111               | SMLAL              | Signed multiply-accumulate long              | RdHi:RdLo += Rm * Rs               |

<sup>\*</sup>UMAAL was introduced in ARM v6

**MANCHEstER** 

#### MANCHEstER Single word and unsigned byte data transfer instructions





© 2005 PEVE<sub>IT</sub> Unit – ARM System Design



#### • Assembler format:

```
LDM | STM { <cond> } <add> Rn { ! } , <regs> <add> = IA etc, <regs> = {rn,..rm}
```



#### • Assembler format:

 $SWP\{\langle cond \rangle \} \{B\} Rd, Rm, [Rn]$ 



• Assembler format:

MRS{<cond>} Rd, CPSR|SPSR

O and the reverse (see next slide):

 $MSR{<cond>} CPSR|SPSR, #32|Rm$ 

(with a few details about fields omitted)





### The ARM instruction set

- Outline:
  - O privileged modes and exceptions
  - O instruction set details
  - → system code example

hands-on: system software - SWI handler



### System code example

- Process swap code (for 2 processes)
  - O save full processor state (ARM or Thumb)
  - restore alternate state
  - Switch process on interrupt
    - e.g. from Timer for pre-emptive scheduling
  - O uses 'force user mode' form of LDM/STM
    - has restrictions on base register write-back, inclusion of r15, and so on
    - some ARM cores require 1 cycle delay before a banked register may be used after 'force user'



| r14Temp   | DCD   | 0x0                                            | ; | r14 temp |
|-----------|-------|------------------------------------------------|---|----------|
| procNo    | DCD   | 0x0                                            | ; | current  |
| procTab   | DCD   | proc0save                                      | ; | -> save  |
|           | DCD   | proclsave                                      |   |          |
| proc0save | DCD   | $0 \times 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0$ | ; | pc       |
|           | DCD   | $0 \times 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0$ | ; | CPSR     |
|           | DCD   | $0 \times 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0$ | ; | r0       |
|           | DCD   | $0 \times 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0$ | ; | rl       |
|           | • • • |                                                |   |          |
|           | DCD   | $0 \times 0 0 0 0 0 0 0 0 0 0 0$               | ; | r14      |
| proclsave | DCD   | procl                                          | ; | pc       |
|           | DCD   | 0x10                                           | ; | CPSR     |
|           | DCD   | $0 \times 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0$ | ; | r0       |
|           | DCD   | $0 \times 0 0 0 0 0 0 0 0 0$                   | ; | r1       |
|           | • • • |                                                |   |          |
|           | DCD   | $0 \times 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0$ | ; | r14      |

- ; r14 temp. save area
- process ID
- areas



#### **Process save code**

| ; save | e user process  |    |                            |
|--------|-----------------|----|----------------------------|
| SUB    | r14, r14, #4    | ;  | adjust IRQ return address  |
| STR    | rl4, rl4Temp    | ;  | temporary save of r14      |
| LDR    | r13, procNo     | ;  | which process is running?  |
| ADR    | r14, procTab    |    |                            |
| LDR    | r13, [r14,r13,L | SI | 」 #2]                      |
| LDR    | rl4, rl4Temp    | ;  | restore r14                |
| STMIA  | r13!,{r14}      | ;  | user prog. return address  |
| MRS    | r14, SPSR       |    |                            |
| STMIA  | r13!,{r14}      | ;  | save user CPSR             |
| STMIA  | r13,{r0-r14}^   | ;  | force user mode [no pc/WB] |



#### **Process resume code**

| ; rest | ore other user j | or | ocess                      |
|--------|------------------|----|----------------------------|
| LDR    | r13, procNo      | ;  | which process is running?  |
| RSB    | r13, r13, #1     | ;  | other process number       |
| STR    | r13, procNo      | ;  | change stored process ID   |
| ADR    | r14, procTab     |    |                            |
| LDR    | r13, [r14,r13,L  | SI | J#2]                       |
| LDMIB  | r13!,{r14}       | ;  | get user CPSR              |
| MSR    | SPSR, r14        |    |                            |
| LDMIB  | r13,{r0-r14}^    | ;  | force user mode [no pc/WB] |
| MOV    | r0, r0           | ;  | NOOP after force user      |
| LDMDB  | r13,{pc}^        | ;  | restore CPSR and pc        |

**MANCHEstER** 

1824

### Hands-on: system software – SWI handler

- Look at ARM system software programs
  - Write a SWI handler
  - O Check that it works as expected

Follow the 'Hands-on' instructions