轉自:http://blog.chinaunix.net/space.php?uid=20799298&do=blog&cuid=2055392
因為對arm匯編有些指令還不能理解,特別是一些相似功能指令間的區別。偶然在網上搜到“faq ARM assembly”,其中描述的幾個問題還是值得好好研究一下。
本篇來看一下mov這個指令,相關指令 ldr
Question on MOV Does the instruction “Mov” have indirect addressing? Answer. No, e.g. you cannot use mov r1,[r2] “MOV loads a value into the destination register, from another register, a shifted register, or an immediate 8-bit value.” Examples: MOV R0, R1 if R1 has 0x00001234, after this ,R1=R2=0x00001234 MOV R0, #0x12; after this R0 has #0x12 MOV R0, #300; is wrong the value should be less than 255 MOV R0, 200; is wrong, # is missing “mov R0,#200: is correct Note: the immediate value must be prefixed by #
從上面的描述可以看出,mov的作用有兩個:
1. 在寄存器之間傳遞值。
2. 給寄存器傳遞一個立即數,此時需要用“#”來修飾立即數,並且立即數為8位的,其值不能超過255.
但是在vivi中的head.S里,有許多類似 mov r1, #0x53000000 的語句:
簡單的寫幾句匯編,測試一下:
.global _start .align 0 _start: mov r1, #0x12 mov r2, #300 mov r3, #0x53000000 .end
這樣,編譯並沒有報錯。
反匯編后如下
00000000 <_start>: 0: e3a01012 mov r1, #18 ; 0x12 4: e3a02f4b mov r2, #300 ; 0x12c 8: e3a03453 mov r3, #1392508928 ; 0x53000000
這是為什么呢?為什么用mov也可以?看別的匯編里都是寫ldr r1, =0x53000000
將程序改一下:
.global _start .align 0 _start: mov r1, #0x12 mov r2, #300 ldr r3, =0x53000000 .end
匯編也沒有報錯,反匯編可看到如下三句話:
00000000 <_start>: 0: e3a01012 mov r1, #18 ; 0x12 4: e3a02f4b mov r2, #300 ; 0x12c 8: e3a03453 mov r3, #1392508928 ; 0x53000000
發現,ldr r3, =0x53000000 被經過匯編之后,實際上變為了 mov r3, #0x53000000 。可見,此處ldr相當於一個偽指令。
關於ldr,下面這段說的很清楚。在分析匯編時,很重要一點就是分清“地址” 和“地址里的內容”,對這個能熟練把握了,相信能對C語言中的指針有更深的理解。
Question on the use of LDR,ADR Are there any difference between statement 1,2,3 in the following program? Data1p DCD 0, 0 ;just happen the address is at 0x40000000 ;DCD (reserve a 32-bit word)is a pseudo instruction to ;allocate a memory location for this data. align align : : Statment1 LDR R0, =Data1p ; Put the address Data1p into R0 Statment2 ADR R0, Data1p ; Put the address Data1p into R0 Statment3 LDR R0, =0x40000000 ; Put the value0x40000000 into R0, ;just happen it is the address of Data1p Answer: They are all the same. Every statement willgenerate
the same result. Such that the address, not the data content, will be saved into R0. For example, the value in R0 is 0x40000000.
到這里,相信一定對“mov”和“ldr”兩個產生了一些疑惑。(注:此處的ldr指的是偽指令pseudo-instruction,而不是內存到寄存器傳遞值的instruction)
下面的這段對兩者的區別作了很全面的分析。
Question on differences between LDR and MOV What is the difference between MOV and LDR, they seem to have the same function of saving information into registers? Answer part 1: How different are they? Note: “#” for mov, “=” for ldr. To define an immediate value MOV can only move an 8-bit value (0x00->0xff=255) into a register while LDR can move a 32-bit value into a register. The immediate value is prefixed by different characters in mov and ldr: “#” formov, “=” for ldr. E.g. Mov r1,#255 ; ok, 255 is the biggest number you can mov Mov r1,255 ; is wrong , missing # Mov r1,#256 ; is wrong, the number is bigger than 255 Mov r1,#0x12340000 ; is wrong, the number is bigger than 255 Ldr r1,=255; you can do this, Ldr r1,=256; you can do this, Ldr r1,=0x12340000; you can do this, 1. MOV can run faster than LDR. 2. LDR can move a data from a memory address to a register, MOV can only i) move data between two registers or ii) save a 8-bit immediate value to a register. e.g. value1 DCD 0; this define an integer variable “value1” with address “=value1” : ;A standard pair of statements for moving a data into a register Ldr r0,=value1 ; 1) save the address of the variable value1 in r0 Ldr r1,[r0] ;2)use r0 as the address (pointer) to get value1 to r1 r1 Note: Mov cannot be used to achieve the same result, because mov,[r0] is not allowed Answer part 2 : How similar are they?. MOV is a real instruction, LDR is a pseudo instruction. If the immediate value is small, the assembler will use “mov” to implement it , otherwise it uses a literal pool to achieve the result. e.g. ldr r0,=14; the immediate value 14 <255, so it will be implemented using mov r0,#14, (see the use of # and = ) but if the immediate value is large than 255, e.g. The assembler will generate code to place the constant 0x55555555 ldr r0,=0x55555555; for a large immediate value “mov” does work.in a nearby table in the code area. Then it uses an instruction to load a data from that table pointed by the program counter and an offset to fill up r0. The reason is because there is no way to fit a 2-bit data into a 32-instruction, and ARM design always want to make sure instructions are 32-bit. Details can be found at http://www.keil.com/support/man/docs/armasm/armasm_chdcegci.htm see also the directive “LTORG” for how to setup the table. Usually it is placed at the near by code area. You don’t need to worry too much because everything is automatic; you only need to place “LTORG” at the end of the code area as shown in the example at Keil.
但是我在看完上面這段話之后還是存在疑問:為什么”mov r3, #0x53000000”是可行的呢?
http://www.keil.com/support/man/docs/armasm/armasm_cihcdbca.htm
這個網頁上對mov做了一些說明,截取有關立即數的部分如下:
Syntax MOV{cond} Rd, #imm16 where: imm16 is any value in the range 0-65535.
可以看到,這里說 立即數是16位的。
看到這里,確實把自己弄糊塗了。理清一下:
第一個說imm為8位是在網絡上搜的一分資料,沒有什么權威性,其可信程度也值得懷疑。
第二個是keil官司方網站里關於arm匯編的說明。
另外,在《arm體系結構與編程》這本書里,並沒有說立即數的具體范圍,在26頁有一句:
mov r0, #0xfc0
明顯立即數大於255了。
在144頁有提到,“ldr偽指令讀取的數據超過mov操作范圍”。這說明mov可操作的立即數是有一定范圍的,且比ldr小。
再來分析一下立即數的產生,其尋址方式是這樣的:
11 8 7 0 +----------+-------------------------------+ | Rotate | Imm | +----------+-------------------------------+ [7:0] Unsigned 8 bit immediate value [11:8] Shift applied to Imm The immediate operand rotate field is a 4 bit unsigned integer which specifies a shift operation on the 8 bit immediate value. This value is zero extended to 32 bits, and then subject to a rotate right by twice the value in the rotate field. This enables many common constants to be generated, for example all powers of 2
1. 取低8位,先用0擴展為32位數
2. 將所得32位數循環右移 2*Rotate位,Rotate為[11:8]
來分析一句:mov r2, #300。反匯編如下:
8004: e3a02f4b mov r2, #300 ; 0x12c
立即數是直接放在指令內部的。
1. 取其低8位:0x4b
2. 擴展為32位:0x0000 004b
3. 2*Rotate = 2*15 = 30
4. 循環右移30位(相當於左移2位)。即0100 1011 左移2位,得到0001 0010 1100 ,即0x12c,十進制等於300
對於0x53000000的計算方法也是相同的。 mov r1, #0x53000000 這樣寫確實是可行的。
總結:對於mov 操作立即數時的操作范圍,現在還是不確定。但經過這么多的分析以及實際寫的幾句測試代碼,至少可以說明在Linux里,用arm-linux-as來編譯,mov是可以操作32位的立即數的,不然vivi如何編譯成功。(懷疑是否這跟實際匯編器相關。)