解码ARM BL指令 [英] decode ARM BL instruction

问题描述

我刚刚开始在Nucleo STM32F303RE上使用ARM体系结构，并且正在尝试了解指令的编码方式.

I'm just getting started with the ARM architecture on my Nucleo STM32F303RE, and I'm trying to understand how the instructions are encoded.

我正在运行一个简单的LED闪烁程序，而前几条反汇编的应用程序说明是:

I have running a simple LED-blinking program, and the first few disassembled application instructions are:

08000188:   push    {lr}
0800018a:   sub     sp, #12
235         __initialize_hardware_early ();
0800018c:   bl      0x80005b8 <__initialize_hardware_early>

这些指令在hex文件中解析为以下内容(在Eclipse中显示为怪异-每个32位字都按MSB顺序排列，但是Eclipse似乎不知道...但这是另一个主题):

These instructions resolve to the following in the hex file (displayed weird in Eclipse -- each 32-bit word is in MSB order, but Eclipse doesn't seem to know it... but that's for another topic):

address 0x08000188:  B083B500 FA14F000

使用《 ARM体系结构参考手册》，我已经确认了前2条指令:push(0xB500)和sub(0xB083).但是我对"bl"指令一无所知.

Using the ARM Architecture Ref Manual, I've confirmed the first 2 instructions, push (0xB500) and sub (0xB083). But I can't make any sense out of the "bl" instruction.

十六进制指令为0xFA14F000.参考手册说它像这样分解:

The hex instruction is 0xFA14F000. The Ref Manual says it breaks down like this:

31.28   27 26 25 24   23............0
cond     1  0  1  L   signed_immed_24

第一个"F"(0xF ......)很有意义:设置了所有条件(始终).

The first "F" (0xF......) makes sense: all conditions are set (ALways).

尽管"A"没有意义，因为应该设置L位(1011).不应该是0xFB ......吗?

The "A" doesn't make sense though, since the L bit should be set (1011). Shouldn't it be 0xFB......?

Signed_immed_24也没有意义.参考手册说:

And the signed_immed_24 doesn't make sense, either. The ref manual says:

- start with 0x14F000
- sign extend to 30 bits (signed 2's-complement), giving 0x0014F000
- shift left to form 32-bit value, giving 0x0053C000
- add to the PC, which is the current instruction + 8, giving 0x0800018c + 8 + 0x0053C000, or 0x0853C194.

所以我得到的分支地址为0x0853C194，但是反汇编显示为0x080005B8.

So I get a branch address of 0x0853C194, but the disassembly shows 0x080005B8.

我想念什么?

谢谢！ -埃里克(Eric)

Thanks! -Eric

推荐答案

bl是两个单独的16位指令. armv5(及更早版本)的ARM ARM在记录它们方面做得更好.

bl is two, separate, 16 bit instructions. The armv5 (and older) ARM ARM does a better job of documenting them.

111HHoffset11

来自ARM ARM

第一条Thumb指令的H == 10，并提供 分支偏移量.该指令为子程序调用设置 并在BL和BLX表单之间共享.

The first Thumb instruction has H == 10 and supplies the high part of the branch offset. This instruction sets up for the subroutine call and is shared between the BL and BLX forms.

第二条Thumb指令的H == 11(对于BL)或H == 01(对于BL BLX).它提供分支偏移的较低部分，并导致 进行子程序调用.

The second Thumb instruction has H == 11 (for BL) or H == 01 (for BLX). It supplies the low part of the branch offset and causes the subroutine call to take place.

0xFA14 0xF000

0xFA14 0xF000

0xF000是第一条指令的上偏移量为零 0xFA14是第二条指令偏移量是0x214

0xF000 is the first instruction upper offset is zeros 0xFA14 is the second instruction offset is 0x214

如果从0x0800018c开始，则为0x0800018C + 4 +(0x0000214 << 1)= 0x080005B8. 4是当前PC的两个指令头.偏移量是(16位)指令的单位.

If starting at 0x0800018c then it is 0x0800018C + 4 + (0x0000214<<1) = 0x080005B8. The 4 is the two instructions head for the current PC. And the offset is units of (16 bit) instructions.

我猜想armv7-m ARM ARM也涵盖了它，但是更难阅读，并且显然添加了功能.但是它们不会通过此分支链接影响您.

I guess the armv7-m ARM ARM covers it as well, but is harder to read, and apparently features were added. But they do not affect you with this branch link.

ARMv5 ARM ARM也可以更好地描述发生的情况.您可以具体地遵循这两个单独的说明并将其分开

The ARMv5 ARM ARM does a better job of describing what happens as well. you can certaily take these two separate instructions and move them apart

.byte 0x00,0xF0
nop
nop
nop
nop
nop
.byte 0x14,0xFA

，它将跳转到相同的偏移量(相对于第二条指令).也许在某些内核上出现了问题，但是我知道在某些方面(在armv5之后)可以工作.

and it will branch to the same offset (relative to the second instruction). Maybe the broke that in some cores, but I know in some (after armv5) it works.

这篇关于解码ARM BL指令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！