ARM

The ARM architecture is a load-store architecture, with a 32-bit addressing range (64-bit is also available). ARM processors are typical of RISC processors in that only load and store instructions can access memory. Data processing instructions operate on register contents only.

Instruction Cycle

• fetch: fetch instruction from memory at PC (program counter) address
• decode
• execute: read values from registers, compute using ALU, write back to register

If we have 32-bit instructions, then

• PC: address of instruction being fetched
• PC - 4: address of instruction being decoded
• PC - 8: address of instruction being executed

Registers

Register set/file consists of 16 registers.

• R0–R12: store variables
  • R0–R3: also used for procedure calls
    • R0: argument / return value / temp value
    • R1–R3: argument / temp values
  • R4–R11: saved variables
  • R12: temp value
• R13–R15: special purpose
  • R13 (SP): stack pointer
  • R14 (LR): link register
  • R15 (PC): program counter

Immediates

Aka constants. Don’t require register or memory access. Are unsigned 12-bit (range 0–4095) numbers.

Examples

• decimal: #24, #-5
• hex: #0x18
• binary: #11000

Instructions

; comment

Op Rd, S1, S2

Mnemonic/operation destination-operand, source-operand1, source-operand2

Operations

• Arithmetic
  • ADD: r1 = r2 + r3
  • ADC: r1 = r2 + r3 + C
  • SUB: r1 = r2 - r3
  • SUBC: r1 = r2 - r3 + C - 1
  • RSB: r1 = r3 - r2
  • RSC: r1 = r3 - r2 + C - 1
• Logical (bitwise)
  • AND
  • ORR
  • EOR
  • BIC: bit clear (used for masking), BIC rd, r1, r2 \implies rd = r1 and not(r2)
  • MVN: move not, MVN rd, rs \implies rd = not(rs)
• Shifts
  • LSL: logical shift left
  • LSR: logical shift right (shift 0s into msb)
  • ASR: arithmetic shift right (shift sign-bit into msb)
  • ROR: rotate right

Some architectures provide:

• Multiplication
  • MUL: R1 = R2 * R3
    • the least significant 32 bits go in R1
    • the most significant 32 bits are discarded
  • MULS: will set the N and Z flags
  • SMULL, UMULL
    • (64 <= 32 x 32)
    • e.g. UMULL R1, R2, R3, R4
    • the least significant 32 bits go in R1
    • the most significant 32 bits go in R2
  • SMUL: (32 <= 16 x 16) [no UMUL]
• Multiply-Accumulate (MAC)
  • MLA
  • MLAS: will set the N and Z flags
  • SMLA: signed MAC (32 <= 32 + 16 x 16)
  • SMLAL, UMLAL: (64 <= 64 + 32 x 32)
• Division: Rd = S1 / S2
  • SDIV
  • UDIV
  • Any bits after the binary point are truncated

Conditionals

Flags: the top 4 bits of current program status register (CPSR)

• N: negative
• Z: zero
• C: carry
• V: overflow

If an instruction mnemonic is followed by s (e.g.ADDS), then the N, Z conditional flags will be set. Only some instructions (like CMP, ADDS, SUBS) will set the C, V flags.

Comparison instructions

• CMP: compare, CMP R0, R1 sets flags based on R0 - R1
• CMN: compare negative, CMN R0, R1 sets flags based on R0 + R1
• TST: test, TST R0, R1 sets flags based on R0 and R1
• TEQ: test equivalence, TEQ R0, R1 sets flags based on R0 xor R1

If an instruction mnemonic is followed by a condition code (e.g.ADDEQ), then the instruction is executed based on the flags.

Conditional mnemonics

• EQ: equal
• NE: not equal
• CS: carry set
• CC: no carry
• MI: negative
• PL: non-negative
• VS: overflow
• VC: no overflow
• HS: unsigned \geq (same as CS)
• LO: unsigned < (same as CC)
• HI: unsigned >
• LS: unsigned \leq
• GE: signed \geq
• LT: signed <
• GT: signed >
• LE: signed \leq

Conditional selection

CSEL RDest, RTrue, RFalse, CM where CM is the conditional mnemonic that evaluates the currently set flags.

Conditional comparison

CCMP R1, R2, flags, CM R1 and R2 are only compared if the previous condition was true (for CM), else sets the flags.

Other conditional instructions

• CINC RDest, RTrue, CM
• CINV, CNEG

Labels

Labels are single word in a line. They represent the address of the next instruction.

Branching

• B
• BL

For non-branching instructions, PC increments by 4 after each instruction. After a branch instruction, PC is changed to contain the address of the next instruction to process. Branches:

• take a label
• can be un/conditional

If performance is a priority, try avoid branches. Successive branch instructions are especially inefficient.

Memory

• Byte-addressable: each byte has an address.
• So each 32-bit word address is a multiple of 4.
• Typically uses little-endian (byte-numbering)

Operations

• LDR: load register, loads word into register
  • LDR Rd, [Rbase, offset]
• STR: store register, stores word into memory
  • STR Rd, [Rbase, offset]
• LDRB, STRB: load, store a byte
• LDRH, STRH: load, store a halfword
• LDRSB: load a signed byte
• LDRSH: load a signed halfword
• LDM, STM: load, store multiple words

Definitions

• Rbase: base register, stores the base address
• offset: optional offset (constant or register)

Barrel shifter

The shift operations can be applied to S2 as part of another instruction.

The barrel shifter can be used to simplify indexing operations:

LSL R2, R1, #2   ; the index/offset, which is a multiple of 4 (bytes)
STR R3, [R0, R2] ; R0 = array, R2 = index, R3 = value to store

; the above can be simplified to
STR R3, [R0, R1, LSL #2]

ARM indexing modes

• offset
  • address = base + offset
  • LDR Rdest, [Rbase, offset]
• pre-index
  • address = base + offset; base = address
  • LDR Rdest, [Rbase, offset]!
• post-indexed
  • address = base; base += offset
  • LDR Rdest, [Rbase], offset

Directives

DCB sets data in memory and returns the address.

mydata  DCB 0x0, 0x1, 0x2, 0x3, 0x4
        LDR R0, =mydata

Functions

Aka procedures, subroutines. Take in arguments and output a return value.

The calling convention is a scheme for the caller and the callee to agree on where to put the args and the return value.

• Arguments
  • the caller places up to four args in registers R0–-R3 before making the function call
  • both functions thus know where to find the args and return value, even if the caller and callee were written by different people.
  • The callee must not interfere with the behavior of the caller.
  • i.e. the callee must know where to return to after it completes, and it must not trample on any saved registers (R4–R11, and LR) or memory needed by the caller
  • When a function with more than four args is called, the additional input args are placed on the stack (to avoid affecting the values saved in the registers by the caller).
• Call
  • use the branch and link instruction (BL) to call a function. BL performs two tasks:
    • it stores the address of the next instruction (the instruction after BL) in the link register (LR)
    • it branches to the target instruction
• Function
  • At the beginning of the function we temporarily store the registers in a part of memory, called the stack, and before we return we simply restore the register values from the stack.
  • This allows us to use the registers R4-R11
• Return
  • the callee places the return value in register R0
  • the LR is moved to the PC: MOV PC, LR
  • Branch indirect (BX), branches to an address contained in a register: MOV PC, LR is then simply BX LR

The stack

• The stack is memory that is used to save information within a function
• Each function may allocate stack space to store local variables but must deallocate it before returning
• The stack can expand (uses more memory) or contract as variables are added or removed
• The stack is a last-in-first-out (LIFO) queue
  • The last item pushed onto the stack is the first one that can be popped off
• The top of the stack is the most recently allocated space
• The stack pointer, SP (R13), is just a register that points to (i.e. stores the memory address of) the top of the stack
• It starts at a high memory address and decrements to expand as needed

Pseudo-instructions

Loading Literals

Allows for loading 32-bit constants (from the literal pool in the text segment). Can also load the address of a labelled variable or pointer in the program.

LDR Rd, =literal
LDR Rd, =label

The assembler places the constant/label in a literal pool and generates a PC-relative LDR instruction that reads the constant from the literal pool e.g. LDR R1, [PC, #0x2A]

NOP

Used to achive a delay or to memory-align instructions. Translated to MOV R0, RO.

Exceptions

An unscheduled function call that branches to a new address. Can be caused by hardware or software. - Hardware exception triggered by I/O is called an interrupt. - Reading non-existent memory The program then branches to code in the OS.

• An exception is like a function, as it must
  • save the return address and jump to some address
  • do its work and clean up
  • return back to the program
• Exceptions use a vector table to determine where to jump in the exception handler
• They use banked registers (saved program status registers – SPSRs) to maintain copies of key registers to avoid corrupting the registers used by the main program
• Exceptions change the program’s privilege level, so that the exception handler can access protected memory

Saturated Arithmetic Instructions

QADD, QDADD, QDSUB, QSUB

When overflow happens, the result is fixed at the most positive or most negative number. ARM has a Q flag to indicate whether overflow or saturation has occurred.

Memory Map

The memory address space is divided into:

• a segment for the operating system (OS) and input/output (I/O).
• dynamic data segment
  • holds the stack and the heap
• global data segment
  • stores global variables
  • aka read/write (RW) segment
• the text segment
  • stores the machine code program
  • may store literals, read-only data
  • aka read-only (RO) segment
• exception handlers segment

In detail:

• Global variables: can be accessed by all functions in a program. They are allocated prior to program execution, and are typically accessed using a static base register (SB = R9) that points to the start of the global data segment.
• Stack: upon start-up the OS sets the stack pointer (SP) to point to the top of the stack. The stack includes temporary storage and local variables, such as arrays, that do not fit in the registers. Functions also use the stack to save and restore registers.
• Heap: stores data that is allocated by the program during runtime

Advanced Topics

ARM architecture has a weakly ordered memory model. The processor can re-order the memory access instructions to reduce the time it takes to access memory.

The order in which instructions are written is not guaranteed, and instead may be executed depending on the memory access cost of a given instruction. This approach does not impact single core machine but can negatively impact a multi-threaded program running on a multicore machine.

In such situations, there are instructions, called “memory barriers”, that tell processors not to re-arrange memory access at a given point. The dmb (Data Memory Barrier) instruction in ARM64 prevents reordering of data accesses (loads, stores) across the DMB instruction.

Structured programming

If Statement

if (R0 == R1)
    // do if
// end if

    CMP R0, R1
    BNE DONE
    ; do if
DONE

If-else Statement

if (R0 == R1)
    // do if
else
    // do else
// end if

    CMP R0, R1
    BNE ELSE
    ; do if
    B DONE
ELSE
    ; do else
DONE 

Switch Statement

switch (R0)
    case R1:
        // do R1 case
        break;
    case R2:
        // do R2 case
        break;
    default:
        // do default

CASE1
    CMP R0, R1
    BNE CASE2
    ; do R1 case
    B DONE
CASE2
    CMP R0, R2
    BNE DEFAULT
    ; do R2 case
    B DONE
DEFAULT
    ; do default
DONE

While Loops

while (R0 == R1)
    // do while

WHILE
    CMP R0, R1
    BNE DONE
    ; do while
    B WHILE
DONE

Do-while Loops

do {
    // do dowhile
} while (R0 == R1)

DOWHILE
    ; do dowhile
    CMP R0, R1
    BEQ DOWHILE
DONE

For Loops

for (int R0 = 0; RO < R1; R0++)
    // do for

MOV R0, #0
FOR
    CMP R0, R1
    BGE DONE
    ; do for
    ADD R0, R0, #1
    B FOR
DONE

Arrays and Indexing

int array[] = {0, 1, 2};

MOV R0, #0x10000 ; the base address for array (e.g.)
MOV R1, #0
STR R1, [R0, #0]
MOV R1, #1
STR R1, [R0, #4]
MOV R1, #2
STR R1, [R0, #8]

Function call

    // ...
    int y = 3;
    int z = double(y);
    // ...

int double(int x){
    return 2 * x;
}

    MOV R0, #3
    BL DOUBLE


DOUBLE
    ADD R0, R0, R0 ; i.e. 2 * R0
    MOV PC, LR

ARM Thumb

Thumb instructions are 16 bits long. This allows for

• higher code density
  • reduce size, cost of code storage
  • reduce power consumption (less code fetched)
• higher perf on 16-bit systems

But this comes at the expense of:

• lacking conditional execution
• supporting shorter immediates
• accessing only the bottom 8 registers
• reusing register as src and dest
• always write status flags

To-Do

ARM has fixed length encoding of 4-bytes in contrast to x86 which has variable length encoding. A return instruction ret on x86 can be as short as 1-byte, but on ARM64, it is always 4-bytes long.

References

• https://developer.arm.com/architectures/learn-the-architecture/armv8-a-instruction-set-architecture
• https://devblogs.microsoft.com/dotnet/arm64-performance-in-net-5/
• https://devblogs.microsoft.com/dotnet/this-arm64-performance-in-dotnet-8/
• https://alisdair.mcdiarmid.org/arm-immediate-value-encoding/