CS452 - Real-Time Programming - Fall 2011

Lecture 5 - ARM Architecture

Pubilc Service Annoucements

Partners
CS Grad Info Session today @ 12.00 in DC1302

The Hardware

Cirrus EP9302

System busses

Advanced high-speed bus (AHB)

AHB connects

ARM core
memory controllers
interrupt controllers
USB controller
ethernet MAC interface
bridge to APB

Advanced peripheral bus (APB)

ARM 920T with v4 Instruction Set

What is this?

Two modes of labelling

By architecture (now up to v6)

Architecture	Instruction Set	Thumb Instructions?	Multiply Instruction	DSP Instructions	Comments
ARMv1	1	no	no	no	Obsolete
ARMv2	2	no	no	no	Obsolete
ARMv3	3	no	no	no
ARMv3M	3	no	yes	no
ARMv4	4	no	yes	no
ARMv4T	4	yes	yes	no	This is the one in the box.
ARMv5	5	no	yes	no	Has `CLZ`
ARMv5T	5	yes	yes	no
ARMv5TE	5	yes	yes	yes

Thumb instructions are 16 bit, and accelerated.

They use the full 32 bits of the registers
They improve code density (less memory needed).
They effectively double the size of the instruction cache (fewer time-consuming cache misses).

By processor core


Processor Core	ARM ISA	Thumb ISA	Comments
ARM7TDMI	v4T	v1	Most of the ARM7xx processors
ARM9TDMI	v4T	v1	ARM[920\|922\|940]T: 920T is the one in the box. `T' means includes thumb instructions `DMI' means direct memory interface
StrongARM	v4	n/a	Intel SA-110. Found in Compaq versions of IPAQ.
ARM9E	v5TE	v2
ARM10E	v5TE	v2
XScale	v5TE	v2	Manufactured by Intel. HP versions of IPAQ.

ARM Architecture

Features

16 32-bit registers. Some are special:
- r15, pc, special in the architecture
- r14, lr, special in the architecture
- r13, sp, special in the architecture
- r12, ip, used by the compiler as a scratch register
- r11, fp, used by the compiler as the frame pointer
- r10, sl, only special in having a name
- r4 to r9
- r0 to r3, used by the compiler as scratch registers, for function arguments and return value
partially separate register sets different modes

The link register (lr), program counter (pc) are special, but not very special

Processor modes. In the table below `special' means that the mode has ia separate copy of the registers listed..


M [4:0]	Mode	Registers accessible
10000	User	`r0-r15`
10001	FIQ (Fast interrupt processing)	`r0-r7, r15` `r8-r14` special
10010	IRQ (Interrupt processing)	`r0-r12, r15` `r13,r14` special
10011	Supervisor	`r0-r12, r15` `r13,r14` special
10111	Abort	`r0-r12, r15` `r13,r14` special
11011	Undefined	`r0-r12, r15` `r13,r14` special
11111	System	`r0-r15`

Some instructions are mode-specific. For example, the CPSR and SPSR cannot be written in User mode.

Program status register, which you will find in two places CPSR and SPSR


Bit	Mnemonic	Meaning
31	N	Negative
30	Z	Zero
29	C	Carry
28	V	Overflow
8-27	DNM	Does not matter in v4
7	I	Interrupts disabled
6	F	Fast interrupts disabled
5	T	Thumb execution
4	M4	Five processor mode bits
3	M3
2	M2
1	M1
0	M0

The CPSR is used

Exceptions

Exception Type	Modes Called from	Mode at Completion	Instruction Address
Reset	hardware	supervisor	`0x00`
Undefined instruction	any	undefined	`0x04`
Software interrupt	any	supervisor	`0x08`
Prefetch abort	any	abort	`0x0c`
Data abort	any	abort	`0x10`
Ordinary interrupt	any	IRQ	`0x18`
Fast interrupt	any	FIQ	`0x1c`

You are concerned right now with Reset and Software Interrupt.
The first instruction executed by the CPU after reset is the one at location 0x00000000. Usually it is
```
    ldr  pc, [pc, #0x18] ; 0xe590f018 is the binary encoding
```
which you will normally find in all of the low addresses: 0x00 to 0x1c. Just executing an instruction, rather than having an address that is specially processed saves transistors, which is good.
RedBoot puts entry points of RedBoot into addresses 0x20 to 0x3c.This makes it possible to jump to any location in the 32 bit address space.
Note endianness of RedBoot output when examining these locations.

Three data types
- word: 32 bits, word-aligned
- half-word: 16 bits, half-word-aligned
- byte: 8 bits

General Comments

each instruction is exactly one word
load and store RISC architecture
rich set of addressing modes, based on barrel shifting
allows you to keep any partial computation it makes

Context Switch

Kernel Structure

The kernel is just a function like any other, but which runs forever.

kernel( ) {
  initialize( );  // includes starting the first user task
  FOREVER {
    request = getNextRequest( );
    handle( request );
  }
}

Where is the OS?

requests come from running user tasks
- in essence system calls
one type of request creates a task
- There needs to be a first task that gets everything going

All the interesting stuff inside done by the kernel is hidden inside getNextRequest.

int getNextRequest( ) {
  return activate( schedule( ) ); //the active task doesn't change
}

schedule( ) returns the ready task of the highest priority or nil.

Task states: Ready, Active, Zombie

Three possible state transitions


Initial state	Final state	Trigger
Ready	Active	`schedule( )`
Active	Ready	`Pass( )`
Active	Zombie	`Exit( )`

What's inside activate( active )?

transfer of control to the active task
execution to completion of the active task
- `to completion' means until the active task sends a request to the kernel
transfer of control back to the kernel
getting the request

The hard part to get right is `transfer of control'

which we call a context switch

Context Switch step-by-step

Function Call (gcc calling conventions)

; In calling code
                      ; store values of r0-r3
                      ; load arguments into r0-r3
   bl  <entry point>  ; this treats the pc and lr specially
                      ; lr <- pc, pc <- <entry point>
                      ; r0 has the return value
                      ; r1-r3 have useless junk

; In called code
entry point:
   mov     ip, sp
   stmdb   sp!, {fp, ip, lr} ; and usually others, 
                             ; determined by the registers the function uses
   ...
   ldmia   sp, {fp, sp, pc} ; and whatever others
                            ; exact inverse of stmdb

Note the role of the index pointer (ip), link register (lr) and stack pointer (sp).

Software Interrupt

The software interrupt instruction ( SWI{cond} <immed_24> ). What happens when it is executed?

r14_svc <- address of the following instruction. This is where the kernel will return to.
SPSR_svc <- CPSR. This saves the mode, condition codes, etc.
CPSR[0:4] <- 0b10011. Supervisor mode.
CPSR[5] <- 0. ARM (not Thumb) state.
CPSR[7] <- 1. Normal interrupts disabled.
PC <- 0x08

The CPU ignores the 24-bit immediate value, which can be used by the programmer as an argument identifying the system call, for example.

; In calling code
                          ; Store r0-r3
                          ; Put arguments into r0-r3
                          ; 0x08 holds the kernel entry point
   swi  n                 ; n identifies which system call you are calling
                          ; retrieve return value from r0
                          ; r1-r3 have even more useless junk

; In kernel
kernel entry:
; Change to system mode
; Save user state on user stack
; Return to supervisor mode
   ldr    r4, [lr, #-4]    ; gets the request type
                           ; at this point you can get the arguments
                           ; Where are they?
; Retrieve kernel state from kernel stack
; Do kernel work

Questions:

What is above kernel entry?
If you put swi in a wrapper or stub what happens before and after it?
If the request had arguments, how would you get them into the kernel?
Hint. How does gcc pass arguments into a function?
It might be important that there are two link registers. Which two link registers? Why?
In practice it isn't important. Why not?

Suggestions:

Try this first on paper drawing the stack, registers, etc after each instruction
Try coding in baby steps, which is usually a good idea in assembly language.

Try reading this.

Kernel Structure

The kernel is just a function like any other, but which runs forever.

kernel( ) {
  initialize( );  // includes starting the first user task
  FOREVER {
    request = getNextRequest( );
    handle( request );
  }
}

Where is the OS?

requests come from running user tasks
- in essence system calls

one type of request creates a task

There needs to be a first task that gets everything going

Return to: