CprE 288 – Introduction to Embedded Systems
ARM Assembly Programming: Translating C Control Statements and Function Calls

Instructors:
Dr. Phillip Jones
Announcements

• Exam 3: Friday 7/6 (last day of class)
• Final Projects
  – Projects: Mandatory Demos Friday, 7/6 (11am – 3pm)
  – Reminder, Lab attendance is mandatory: -10 points from final project for each lab session you miss
• Quiz 7 (Thursday, 7/3): ARM Procedure Call Standard readings.
• Reading for the next few weeks
  – **Textbook**: Chapter 2.1-2.3, and 2.6.1-2.6.2
  – **Textbook**: Chapter 4.1 – 4.3
  – **Assemble ARM instruction set manual**:
    • Preface, Chapter 3, Chapter 4
  – **ARM Procedure Call Standard**:
    • Sections: 5, 7.1.1, 7.2.
Major Classes of Assembly Instructions

• Data Movement
  – Move data between registers
  – Move data in & out of Memory
  – Different addressing modes

• Logic & Arithmetic
  – Addition, subtraction, etc.
  – AND, ORR, EOR (Exclusive OR), bit shift, etc.

• Control Flow
  – Control which sections of code should be executed (e.g. In C
    “IF”, “CASE”, “WHILE”, etc.
  – Function Calls
Recall control statements in C:

**If statement:**
```
if (cond)
{
    if-body;
}
```

**If-else statement:**
```
if (cond)
{
    if-body
}
else
{
    else-body;
}
```
C Control Statements

Loop statements:

**While statement:**
```c
while (cond)
{
    loop-body;
}
```

**Do-While statement:**
```c
do
{
    loop-body
}
while (cond);
```

**For statement:**
```c
for (init-expr; cond-expr; incr-expr)
{
    loop-body;
}
```
Control Flow

• **Control Flow**: mechanisms that allow a program to make decisions about what instruction to execute next from program memory

• Without control flow:
  – A CPU would always just execute the next instruction in program (code) memory
  – A computer would be limited in the types of functionality it could execute

• Two assembly instructions are typically part of any assembly language to enable implementing control flow
  – **Compare**: Typically subtracts two things and updates the flags in the Status Register (i.e. Zero, Carry, Negative, Overflow flags)
  – **Branch**: Based on which flags of the Status Register are set, it directs the CPU to go to the next instruction in code memory or to “branch” to an alternative place in code memory.
Steps to implement control flow:

1. Set flags in the Status Register
2. Use a Branch instruction to check for particular Status Register flag values
   A. **Branch not taken:** If the conditions being checked are **not met**, then go to the next instruction in program (code) memory.
   B. **Branch taken:** if the conditions being check are met, then go to an alternative location in code memory, typically indicated by a label.

**Example:**

```
MOVW R1, 0xFFFF  
MOVW R2, 0x0000  
CMP R1, R2 ; compare R1, and R2 and set flags  
BEQ endif ; check flags, and branch to “endif”  
 endif:  
```
• Which instructions can update the Status Register Flags?:
  – In general, consult the Assembly Instruction Set manual
• Some examples:
  – **Compare**: e.g. CMP, often used to help check for \(\text{==,} \neq, >, \geq, <, \leq\).
  – **Test**: e.g. TST, TEQ, often used to check if given bits are set in a register, or check if a register is equal to a given value
  – **Arithmetic**: Most ARM arithmetic instructions when appended with an “S” update the Status Register
  – **Logic**: Most ARM logic instructions when appended with an “S” update the Status Register
  – **Move**: ARM has a MOV\(S\) that updates the Status Register
CMP: Subtracts two registers. Updates Status register

Syntax: **CMP Rn, Rm {,<shift>}**

Operands: \(0 \leq n \leq 15, \; 0 \leq m \leq 15\)

Operations: \(Rn - Rm\) (omitting shift), \(PC \leftarrow PC + 4\)

Binary Format:

```
15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
```

\(\text{shift omitted}\)

\(\text{imm3:imm2}=0\)

\(\text{type}=0\)

**Note:** if \(\text{shift}\) is not omitted, then \(Rm\) is shifted based on the encodings giving in section 4.3.1 in ARM Instruction Set
CMP: Subtract constant from reg. Update Status Register.

Syntax: **CMP Rn, #const**

Operands: $0 \leq n \leq 15$, $0 \leq \text{const} \leq 255$

Operations: $Rn - \#\text{const}$, $PC \leftarrow PC+4$

Binary Format:

```
  15 14 13 12 11 10  9  8  7  6  5  4  3  2  1  0
0 1 1 1 1 0 i 0 1 1 0 1 1 Rn
```

$0 \leq \text{const} \leq 255$

const=

```
i:imm3:imm8
```

Note: If $\text{const}$ is greater than 255, See section 4.2 of ARM Instruction Set how to determine valid values for $\text{const}$. 
TST: Bitwise AND of two registers. Updates Status Register

Syntax: \texttt{TST Rn, Rm \{,<shift>\}}

Operands: \(0 \leq n \leq 15, \quad 0 \leq m \leq 15\)

Operations: \(Rn \text{ and } Rm\) (omitting shift), \(\text{PC} \leftarrow \text{PC}+4\)

Binary Format:

\begin{center}
\begin{array}{ccccccccc}
15 & 14 & 13 & 12 & 11 & 10 & 9 & 8 & 7 & 6 & 5 & 4 & 3 & 2 & 1 & 0 \\
1 & 1 & 1 & 0 & 1 & 0 & 1 & 0 & 0 & 0 & 0 & 1 & & & & \\
\hline
\text{Rn} \end{array}
\end{center}

\text{shift omitted}

\begin{center}
\begin{array}{ccccccccc}
15 & 14 & 13 & 12 & 11 & 10 & 9 & 8 & 7 & 6 & 5 & 4 & 3 & 2 & 1 & 0 \\
(0) & \text{imm3} & 1 & 1 & 1 & 1 & \text{imm2} & \text{type} & \text{Rm} \\
\hline
\end{array}
\end{center}

\text{imm3:imm2= 0}

\text{type = 0}

Note: if \texttt{shift} is not omitted, then \(Rm\) is shifted based on the encodings giving in section 4.3.1 in ARM Instruction Set
TST: Bitwise AND reg with constant. Update Status Register

Syntax: **TST Rn, #const**

Operands: 0 ≤ n ≤ 15, 0 ≤ const ≤ 255

Operations: Rn and #const, PC ← PC+4

Binary Format:

| 15 | 14 | 13 | 12 | 11 | 10 |  9 |  8 |  7 |  6 |  5 |  4 |  3 |  2 |  1 |  0 |
|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|----|
| 1  | 1  | 1  | 1  | 0  | i  | 0  | 0  | 0  | 0  | 0  | 0  | 0  | 1  | Rn |

0 ≤ const ≤ 255

const =

i : imm3 : imm8

Note: If const is greater than 255, See section 4.2 of ARM Instruction Set how to determine valid values for const.
Checking Status Register Flags

- Branch instructions check if particular *conditions* are satisfied by the Status Register flags.
  - If conditions are satisfied, then CPU branches to a label
  - If conditions are not satisfied CPU goes to next instruction.

- Some Branch conditions:
  - **BEQ / BNE**: Is Zero flag (Z) = 1 or 0, used for comparing signed or unsigned values
  - **BGT / BGE / BLT / BLE**: comparing *Signed* values
  - **BHI/BHS/BLO/BLS**: comparing *Unsigned* values
Branch (Conditional)

B{cond}: Branch to a target address if condition satisfied

Syntax: B{cond} label

Operands: cond (see 3.4.1 of ARM Instruction set)

Assembler encodes label into: PC+S:J2:J1:imm6:imm11:'0'

Operation: if(cond), then PC ← PC+ S:J2:J1:imm6:imm11:'0'
else PC ← PC+ 4

Binary Format:

<table>
<thead>
<tr>
<th>15</th>
<th>14</th>
<th>13</th>
<th>12</th>
<th>11</th>
<th>10</th>
<th>9</th>
<th>8</th>
<th>7</th>
<th>6</th>
<th>5</th>
<th>4</th>
<th>3</th>
<th>2</th>
<th>1</th>
<th>0</th>
</tr>
</thead>
<tbody>
<tr>
<td>1</td>
<td>1</td>
<td>1</td>
<td>1</td>
<td>1</td>
<td>0</td>
<td>S</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
</tbody>
</table>

<table>
<thead>
<tr>
<th>15</th>
<th>14</th>
<th>13</th>
<th>12</th>
<th>11</th>
<th>10</th>
<th>9</th>
<th>8</th>
<th>7</th>
<th>6</th>
<th>5</th>
<th>4</th>
<th>3</th>
<th>2</th>
<th>1</th>
<th>0</th>
</tr>
</thead>
<tbody>
<tr>
<td>1</td>
<td>0</td>
<td>J1</td>
<td>0</td>
<td>J2</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
</tbody>
</table>
# Table of Branch Conditions

<table>
<thead>
<tr>
<th>Condition Encoding (cond)</th>
<th>Branch Type</th>
<th>Meaning</th>
<th>Status Flag State</th>
</tr>
</thead>
<tbody>
<tr>
<td>0000</td>
<td>BEQ</td>
<td>Equal</td>
<td>Z = 1</td>
</tr>
<tr>
<td>0001</td>
<td>BNE</td>
<td>Not equal</td>
<td>Z = 0</td>
</tr>
<tr>
<td>0010</td>
<td>BHS</td>
<td>Higher or Same (Unsigned)</td>
<td>C = 1</td>
</tr>
<tr>
<td>0011</td>
<td>BLO</td>
<td>Lower (Unsigned)</td>
<td>C = 0</td>
</tr>
<tr>
<td>0100</td>
<td>BMI</td>
<td>Negative</td>
<td>N = 1</td>
</tr>
<tr>
<td>0101</td>
<td>BPL</td>
<td>Positive</td>
<td>N=0</td>
</tr>
<tr>
<td>0110</td>
<td>BVS</td>
<td>Overflow</td>
<td>V=1</td>
</tr>
<tr>
<td>0111</td>
<td>BCV</td>
<td>No overflow</td>
<td>V=0</td>
</tr>
<tr>
<td>1000</td>
<td>BHI</td>
<td>Higher (Unsigned)</td>
<td>C=1 &amp; Z=0</td>
</tr>
<tr>
<td>1001</td>
<td>BLS</td>
<td>Lower or Same (Unsigned)</td>
<td>C=0</td>
</tr>
<tr>
<td>1010</td>
<td>BGE</td>
<td>Greater than or Equal (Signed)</td>
<td>N = V</td>
</tr>
<tr>
<td>1011</td>
<td>BLT</td>
<td>Less than (Signed)</td>
<td>N != V</td>
</tr>
<tr>
<td>1100</td>
<td>BGT</td>
<td>Greater than (Signed)</td>
<td>N=V &amp; Z=0</td>
</tr>
<tr>
<td>1101</td>
<td>BLE</td>
<td>Less than or Equal (Signed)</td>
<td>N != V</td>
</tr>
</tbody>
</table>
## Table of Branch Conditions

<table>
<thead>
<tr>
<th>Condition Encoding (cond)</th>
<th>Branch Type</th>
<th>Meaning</th>
<th>Status Flag State</th>
</tr>
</thead>
<tbody>
<tr>
<td>0000</td>
<td>BEQ</td>
<td>Equal</td>
<td>Z = 1</td>
</tr>
<tr>
<td>0001</td>
<td>BNE</td>
<td>Not equal</td>
<td>Z = 0</td>
</tr>
<tr>
<td>0010</td>
<td>BHS</td>
<td>Higher or Same (Unsigned)</td>
<td>C = 1</td>
</tr>
<tr>
<td>0011</td>
<td>BLO</td>
<td>Lower (Unsigned)</td>
<td>C = 0</td>
</tr>
<tr>
<td>0100</td>
<td>BMI</td>
<td>Negative</td>
<td>N = 1</td>
</tr>
<tr>
<td>0101</td>
<td>BPL</td>
<td>Positive</td>
<td>N = 0</td>
</tr>
<tr>
<td>0110</td>
<td>BVS</td>
<td>Overflow</td>
<td>V = 1</td>
</tr>
<tr>
<td>0111</td>
<td>BCV</td>
<td>No overflow</td>
<td>V = 0</td>
</tr>
<tr>
<td>1000</td>
<td>BHI</td>
<td>Higher (Unsigned)</td>
<td>C=1 &amp; Z=0</td>
</tr>
<tr>
<td>1001</td>
<td>BLS</td>
<td>Lower or Same (Unsigned)</td>
<td>C=0</td>
</tr>
<tr>
<td>1010</td>
<td>BGE</td>
<td>Greater than or Equal (Signed)</td>
<td>N = V</td>
</tr>
<tr>
<td>1011</td>
<td>BLT</td>
<td>Less than (Signed)</td>
<td>N != V</td>
</tr>
<tr>
<td>1100</td>
<td>BGT</td>
<td>Greater than (Signed)</td>
<td>N=V &amp; Z=0</td>
</tr>
<tr>
<td>1101</td>
<td>BLE</td>
<td>Less than or Equal (Signed)</td>
<td>N != V</td>
</tr>
</tbody>
</table>
Assume: a located @ 0x1000_A000, b located @ 0x1000_B000

Exercises: Write a sequence of instructions

Branch to label if a < b, a and b are variables of “signed int” type

Branch to label if a >= b, a and b are vars of “unsigned int” type

Branch to label if a == b, a and b are “int” type variables
Exercises

Assume: a located @ 0x1000_A000, b located @ 0x1000_B000

Exercise: Write a sequence of instructions

1. Branch to label if a < b (a and b signed int type)

   MOVW R0, 0xA000; get a address
   MOVT R0, 0x1000
   MOVW R1, 0xB000; get b Address
   MOVT R1, 0x1000
   LDR R2, [R0, #0]; load a
   LDR R3, [R1, #0]; load b
   CMP R2, R3
   BLT label ; check if a is less than b

   label:
Translate If-Statement

Example: Assume: a @ 0x1000_A000, b @ 0x1000_B000

```c
if (a < b) // assume a and b are signed ints
{
    a = -a;
}
```
Translate If-Statement

Example: Assume: a @ 0x1000_A000, b @ 0x1000_B000

if (a < b)
{
    a = -a;
}

MOVW R0, 0xA000; get a address
MOVT R0, 0x1000
MOVW R1, 0xB000; get b address
MOVT R1, 0x1000
LDR R2, [R0, #0] ; load a
LDR R3, [R1, #0] ; load b
CMP R2, R3
BGE endif ; take branch if complement true
NEG R2    ; a = -a
STR R2 [R0, #0] ; store a

endif:
If-Statement: Structure

Control and Data Flow Graph

- cond
  - F
  - T
  - if-body

Linear Code Layout

- test cond
  - br if cond=F
    - if-body
If-Statement: Structure

```c
if (a < b) // C code is testing for less than
{
    a = -a;
}

MOVW R0, 0xA000; get a address
MOVT R0, 0x1000
MOVW R1, 0xB000; get b Address
MOVT R1, 0x1000
LDR R2, [R0, #0] ; load a
LDR R3, [R1, #0] ; load b
CMP R2, R3
BGE endif ; if complement true
NEG R2 ; a = -a
STR R2 [R0, #0] ; store a
endif:
```

Diagram:

```
  test cond
    ↓
   br if cond=F
     ↓
   if-body
   ↓
endif
```
Branch (Unconditional)

B: Branch to a target address

Syntax: **B label**

Operands: **label** encoded into: \( S:I1:I2:imm10:imm11:0' \)

Operation: \( PC \leftarrow PC + S:I1:I2:imm10:imm11:0' \)

Binary Format:

\( I1 = \text{NOT}(J1 \, \text{EOR} \, S) \)

\( I2 = \text{NOT}(J2 \, \text{EOR} \, S) \)
IF-Else Statement

\[ \text{if (cond) } \]
\[ \text{ if-body } \]
\[ \text{ else } \]
\[ \text{ else-body;} \]

Example:

\[ \text{int max, a, b;} \]
\[ \text{ if (a < b) } \]
\[ \text{ max = b;} \]
\[ \text{ else } \]
\[ \text{ max = a;} \]
If-Else Statement: Structure

Control and Data Flow Graph

- cond
  - F
    - if-body
  - T
    - else-body

Linear Code Layout

1. test cond
2. br if cond=F
3. If-body
4. jump
5. else-body
int max, a, b;
if (a < b)
  max = b;
else
  max = a;

; assume a in R0 b in R1, max address in R2 (all signed)

CMP R0, R1
BGE else

STR R1, [R2, #0]
B endif

else:
  STR R0, [R2, #0]
endif: …
For simple If and If-Else statement, the behavior of C and Assembly are complementary. So complement condition is used.

Examples:

<table>
<thead>
<tr>
<th>C</th>
<th>Assembly</th>
</tr>
</thead>
<tbody>
<tr>
<td>if (a &gt;= b)</td>
<td>branch if a&lt;b, use BLT</td>
</tr>
<tr>
<td>if (a &gt; b)</td>
<td>branch if a≤b, use BLE</td>
</tr>
<tr>
<td>if(a = b)</td>
<td>branch if a!=b, use BNE</td>
</tr>
</tbody>
</table>
Caveat when comping against a constant

C            Assembly (assume a in R0)
If (5 > a), branch if 5 <= a?
    CMP #5, R0
    BLE  endif

What is the issue?
Caveat when comping against a constant

C  

Assembly (assume a in R0)

If \(5 > a\), branch if \(5 \leq a\)?

\[
\text{CMP } \#5, \text{ R0}
\]

\[
\text{BLE} \quad \text{endif}
\]

Problem: Constant must be \textbf{second} argument of compare!
Caveat when comping against a constant

Translate the C code into an equivalent condition, then compile into assembly using complement condition.

<table>
<thead>
<tr>
<th>C</th>
<th>translated C</th>
<th>Assembly</th>
</tr>
</thead>
<tbody>
<tr>
<td>Case 1: if (5 &gt; a) ⇔ if (a &lt; 5),</td>
<td>branch if a ≥ 5</td>
<td></td>
</tr>
<tr>
<td>5 &gt; a</td>
<td>a &lt; 5</td>
<td></td>
</tr>
<tr>
<td>CMP R0, #5</td>
<td>BGE endif</td>
<td></td>
</tr>
</tbody>
</table>
Compound Condition (&&)

```plaintext
if (a >= b && b< 10 && … && a > 20) // signed ints

; If only consists of Boolean AND's, follow complement rule

; assume a in R0, and b in R1

CMP R0, R1
BLT else ; complement of >
CMP R1, #10
BGE else ; complement of <
...
CMP R0, #20
BLE else ; complement of >
...
; if-body
B endif
else:
...
; else-body
endif:
```

Recall C uses Lazy Evaluation
Compound Condition (||)

if (a >= b || b < 10 || … || a > 20) // signed ints

;If only Boolean OR’s, then complement only last condition

; assume a in R0, and b in R1
    CMP  R0,  R1
    BGE  if-body  ; no complement, and br to if-body
    CMP  R1,  #10
    BLT  if-body  ; no complement, and br to if-body
    ...
    CMP  R0,  #20
    BLE  else     ; complement of >

if-body:
    … ; if-body
    B  endif
else:
    … ; else-body
endif:

Again, Recall C uses Lazy Evaluation
Function Call Convention

What is required for supporting a function call?

– Passing parameters
– Getting the return value
– Sharing registers between Caller and Callee
– Local storage (typically placed in reg or on the Stack)
– Jumping to the Callee
– Returning to the Caller

Why we study the C calling convention

– Must follow it when mixing C with assembly or using pre-compiled C library functions
– The calling convention is NOT part of the instruction set architecture. It is an agreed upon convention to allow a compiler and human to generate code that can work together
Function parameters

- Use R0, R1, R2, R3
- Parameters passed to R0 – R3 in order.
- Parameter size: 2, or 1 bytes
  - Value is Zero or Signed extended before placed in a register
- Parameter size 8 bytes
  - Use a pair of registers (e.g. R1:R0)
- Extra parameters placed on the Stack

Function return value

- 8-bit in R0 (Zero or Signed extended)
- 16-bit in R0 (Zero or Signed extended)
- 32-bit in R0
- 64-bit in R1:R0
How to share registers between Caller and Callee?

Non-volatile(Callee must preserve): R4-R11, SP

Callee must make sure these register values are preserved/restored. In other words, the Caller can assume the value of these registers after the Callee function returns will be the same as before the Callee function was called.

Volatile (Callee can freely modify): R0-R3, LR

If the Caller wants the values of these registers to be the same before and after the Callee function executes, then the Caller must preserve them before the Callee function executes, and restore them after Callee function executes.
Preserving and Restoring Registers

• **Preserve a Register Value**
  – Place the register value somewhere “safe”
  – A place in Data Memory called the Stack is this “safe” place

• **Restore a Register Value**
  – Place the value saved to the Stack back to the register

• **Where is the Stack and how does it work?**
  – Starts at the highest address in Data Memory (Bottom of Stack)
  – Values are placed and removed from the Top of the Stack
  – Placing a value on the Stack causes it to grow (Downward)
  – Removing a value from the Stack cause it to shrink (Upward)
  – Location of the Top of the Stack is always in register SP (R13).

• **Assembly Instructions used**
  – **PUSH Rn**: Place the value of Rn to the “top” of the Stack. Then decrease the value of SP by 4. \([SP] \leftarrow Rn, \ SP \leftarrow SP - 4\).
  – **POP Rn**: Increase the value of SP by 4, then remove value at “top” of the Stack and place into Rn. \(SP \leftarrow SP + 4, \ Rn \leftarrow [SP]\)
Summary Uses of the Stack

- Preserving and Restoring Registers
  - See previous slide

- Passing Function parameters when there are more parameters than parameter registers (R0 – R3)
  - Extra parameters are PUSHed onto the stack before a function call, and POPed after the function returns

- Store local variables, when it is not convenient to use registers
  - Note: it is more efficient to access data from a register, than from Data Memory (i.e. the Stack)

- Function Stack-Frame: Contains information associated with a called function
  - E.g. Function args, local vars, return address, preserved values
PUSH: Place a register value onto the top of the Stack

Syntax: **PUSH Rn**

Operands: $0 \leq n \leq 12$, $n=14$: Note Rn can be a list of registers, encoded as: registers = '0':M:'0':register_list

Operation: $[SP] \leftarrow Rn$; $SP \leftarrow SP - 4$

$PC \leftarrow PC + 4$

Binary Format:
POP

POP: Remove value at top of Stack and place in a register.

Syntax: **POP Rn**

Operands: $0 \leq n \leq 12$, $n=14$, $n=15$: Note Rn can be a list of registers, encoded as: registers = P:M:'0':register_list

Operation: $SP \leftarrow SP + 4$; $Rn \leftarrow [SP]$

$PC \leftarrow PC + 4$

Binary Format:
Jump to and return from a function

• **Jump to Callee**
  – Save address to use for returning to Caller
  – Update PC to address of first instruction of Callee function

• **Return to Caller**
  – Callee updates PC to got back to the Caller

• **Assembly Instructions used**
  – **BL label**: Branch with link, places PC + 4 into the LR (R14), and \( PC \leftarrow \text{label} \). Where label is the name of the function being called.
  – **BX LR**: Branch eXchange, places the value of LR (R14) into the PC. i.e. \( PC \leftarrow LR \). Assuming LR (R14) contains the return address.
Branch with Link

BL: Branch to target address & store PC+4 to Link Register

Syntax: **BL label**

Operands: **label** encoded into: S:I1:I2:imm10:imm11:'0'

Operation: $LR \leftarrow PC+4; PC \leftarrow PC+ S:I1:I2:imm10:imm11:'0'$.

Binary Format: 

<table>
<thead>
<tr>
<th>15</th>
<th>14</th>
<th>13</th>
<th>12</th>
<th>11</th>
<th>10</th>
<th>9</th>
<th>8</th>
<th>7</th>
<th>6</th>
<th>5</th>
<th>4</th>
<th>3</th>
<th>2</th>
<th>1</th>
<th>0</th>
</tr>
</thead>
<tbody>
<tr>
<td>1</td>
<td>1</td>
<td>1</td>
<td>1</td>
<td>1</td>
<td>0</td>
<td>S</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
</tbody>
</table>

$I1 = \text{NOT}(J1 \text{ EOR } S)$

<table>
<thead>
<tr>
<th>15</th>
<th>14</th>
<th>13</th>
<th>12</th>
<th>11</th>
<th>10</th>
<th>9</th>
<th>8</th>
<th>7</th>
<th>6</th>
<th>5</th>
<th>4</th>
<th>3</th>
<th>2</th>
<th>1</th>
<th>0</th>
</tr>
</thead>
<tbody>
<tr>
<td>1</td>
<td>1</td>
<td>J1</td>
<td>1</td>
<td>J2</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
</tbody>
</table>

$I2 = \text{NOT}(J2 \text{ EOR } S)$
Branch eXchange

BX: Branch to address located in a register

Syntax: **BX Rn**

Operands: $0 \leq n \leq 15$

Operation: $PC \leftarrow Rn$

Binary Format: 0 1 0 0 0 1 1 1 0  Rm (0) (0) (0)

Note: Bit[0] of Rn specifies if the Thumb or ARM Instruction set should be used.
Function Call: Example

main: ... ; call setup

BL myfunc ; call myfunc

... ; return to here

myfunc: ...

... ; prologue

... ; function body

... ; epilogue

BX LR ; return
# ARM Function Call Standard

<table>
<thead>
<tr>
<th>PC</th>
<th>R15</th>
<th></th>
<th>R7</th>
</tr>
</thead>
<tbody>
<tr>
<td>LR</td>
<td>R14</td>
<td></td>
<td>R6</td>
</tr>
<tr>
<td>SP</td>
<td>R13</td>
<td></td>
<td>R5</td>
</tr>
<tr>
<td></td>
<td>R12</td>
<td></td>
<td>R4</td>
</tr>
<tr>
<td></td>
<td>R11</td>
<td></td>
<td>R3 (a4)</td>
</tr>
<tr>
<td></td>
<td>R10</td>
<td></td>
<td>R2 (a3)</td>
</tr>
<tr>
<td></td>
<td>R9</td>
<td></td>
<td>R1 (a2)</td>
</tr>
<tr>
<td></td>
<td>R8</td>
<td></td>
<td>R0 (a1)</td>
</tr>
</tbody>
</table>

**Return value:** 8 bytes

**Return value:** 4 bytes or less

- **Non-volatile:** **Callee** must preserve/restore if it uses
- **Volatile:** **Caller** must preserve/restore if it wants the register to maintain its value across a function call

*a:* Function argument (Assuming each param is 4 bytes or less)
int x, y, z; // x @ 0x1000_A000, y @ 0x1000_B000, z @ 0x1000_C000

void my_func()
{
    ...
    z = max(x, y);
    ...
}

int max(int a, int b)
{
    if(a<b)
        return b;
    else
        return a;
}
; z = max(x, y);
; // x @ 0x1000_A000, y @ 0x1000_B000, z @ 0x1000_C000
my_func:

    ... ; more instructions

    MOGW R2, 0xA000; get x address (global variable)
    MOVT R2, 0x1000
    MOGW R3, 0xB000; get y Address (global variable)
    MOVT R3, 0x1000 ;
    LDR R0, [R2, #0] ; load x ; 1\textsuperscript{st} parameter of max
    LDR R1, [R3, #0] ; load y ; 2\textsuperscript{nd} parameter of max

    PUSH LR ; Save return address for my_func
    BL max ; call max(x,y)
    POP LR ; Restore return address for my_func

    MOGW R2, 0xC000; get z address (global variable)
    MOVT R2, 0x1000
    STR R0 [R2, #0] ; store z ; save returned results

    ... ; more instructions

    BX LR ; Return to Caller
Function Call: Example

```c
int max(int a, int b)
{
    if(a<b)
        return b;
    else
        return a;
}
```

```
max:
    ; a=>R0, b=>R1, return value in R0
CMP   R0, R1    ; compare a, b
BRGE  endif     ; branch if a>=b
MOV   R0, R1    ; move b to R0
endif:
    BX   LR       ; Return to Caller
```
ARM Function Call Standard: Passing Parameters and Return Value

**Function parameters**

- Use R0, R1, R2, R3
- Parameters passed to R0 – R3 in order.
- Parameter size: 2, or 1 bytes
  - Value is Zero or Signed extended before placed in a register
- Parameter size 8 bytes
  - Use a pair of registers (e.g. R1:R0)
- Extra parameters placed on the Stack

**Function return value**

- 8-bit in R0 (Zero or Signed extended)
- 16-bit in R0 (Zero or Signed extended)
- 32-bit in R0
- 64-bit in R1:R0
How to share registers between Caller and Callee?

**Non-volatile** *(Callee must preserve)*: R4-R11, SP

*Callee* must make sure these register values are preserved/restored. In other words, the Caller can assume the value of these registers after the Callee function returns will be the same as before the Callee function was called.

**Volatile** *(Callee can freely modify)*: R0-R3, LR

If the Caller wants the values of these registers to be the same before and after the Callee function executes, then the **Caller** must preserve them before the Callee function executes, and restore them after Callee function executes.
## ARM Function Call Standard

<table>
<thead>
<tr>
<th>PC</th>
<th>R15</th>
</tr>
</thead>
<tbody>
<tr>
<td>LR</td>
<td>R14</td>
</tr>
<tr>
<td>SP</td>
<td>R13</td>
</tr>
<tr>
<td></td>
<td>R12</td>
</tr>
<tr>
<td></td>
<td>R11</td>
</tr>
<tr>
<td></td>
<td>R10</td>
</tr>
<tr>
<td></td>
<td>R9</td>
</tr>
<tr>
<td></td>
<td>R8</td>
</tr>
</tbody>
</table>

<table>
<thead>
<tr>
<th>R7</th>
</tr>
</thead>
<tbody>
<tr>
<td>R6</td>
</tr>
<tr>
<td>R5</td>
</tr>
<tr>
<td>R4</td>
</tr>
<tr>
<td>R3</td>
</tr>
<tr>
<td>R2</td>
</tr>
<tr>
<td>R1</td>
</tr>
<tr>
<td>R0</td>
</tr>
</tbody>
</table>

Non-volatile: **Callee** must preserve/restore if it uses

Volatile: **Caller** must preserve/restore if it wants the register to maintain its value across a function call

\[ \text{a: Function argument (Assuming each param is 4 bytes or less)} \]
Example

```c
int add2(int a, int b) {
    return a+b;
}

int add3(int a, int b, int c) {
    return add2(add2(a, b), c);
}

int sum, x, y, z; // x @ 0x1000_0000, y @ 0x1000_0004,
                    // z @ 0x1000_0008, sum @ 0x1000_000C
int main() {
    ...

    sum = add3(x, y, z);
    ...
}
```
Example

int add2(int a, int b) {
    return a+b;
}

add2:
    ; a=>R0, b=>R1, return value in R0
    ADDS R0, R1 ; a + b
    BX LR ; Return to Caller
int add3(int a, int b, int c) {
    return add2(add2(a, b), c);
}

add3:
    ; a=>R0, b=>R1, c=>R2, return value in R0
    PUSH LR ; Save return address for add3
    PUSH R2 ; Save c
    BL add2 ; call add2(a,b)
    POP R1 ; Restore c to R1
    BL add2 ; call add2(add2(a,b), c)
    POP LR ; Restore return address for add3
    BX LR ; Return to Caller

Question: Why save c?
How main() calls add3: Assume for some reason R3 and R5 must be preserved across the function call

// sum = add3(x, y, z);
// x @ 0x1000_0000, y @ 0x1000_0004, z @ 0x1000_0008
// sum @ 0x1000_000C
main:

PUSH R3  ;Save R3
MOVW R4, 0x0000  ; Get base address
MOV T R4, 0x1000
LDR R0, [R4, #0]  ;load x  ; 1st parameter of add3
LDR R1, [R4, #4]  ;load y  ; 2nd parameter of add3
LDR R2, [R4, #8]  ;load z  ; 3rd parameter of add3
BL add3  ;call add3(x, y, z)

STR R0, [R4, #C]  ; store result to sum
POP R3  ; Restore R3

Question: Is it not necessary to push/pop R5?