I’ve run out of historical processors that Windows supported, so I’m moving on to processors that are still in support. First up in this series is 32-bit ARM.<\/p>\n
As with all of these series, I’m focusing on how Windows 10\u00b9 uses the processor in user mode, with particular focus on the instructions you are most likely to encounter in compiler-generated code.<\/p>\n
The classic ARM processor generally follows the principles of Reduced Instruction Set Computing (RISC): It has fixed-length instructions, a large uniform register set, and the only operations on memory are loading and storing. However, Windows doesn’t use the ARM processor in classic mode, so some of the above statements aren’t true any more.<\/p>\n
Windows uses the ARM in a mode known as Thumb-2 mode.\u00b2 In Thumb-2 mode, some classic features are not available, such as most forms of predication. The Thumb-2 mode instruction encoding is variable-length, with a mix of 16-bit instructions and 32-bit instructions. Every instruction is required to begin on an even address, but 32-bit instructions are permitted to straddle a 4-byte boundary.<\/p>\n
In addition to classic ARM mode, Thumb mode, and Thumb-2 mode, there are also Jazelle<\/a> mode (which executes Java bytecode) and ThumbEE mode. I’m not going to cover them at all in this series, since Windows doesn’t use them. From now on, I’m talking only about Thumb-2 mode<\/b>.<\/p>\n The ARM architecture permits little-endian or big-endian operation. Windows runs the processor in little-endian mode and disables the The architectural terms for data sizes are<\/p>\n The ARM instruction set has 16 general-purpose integer registers, each 32 bits wide, and formally named r0<\/var> through r15<\/var>. They are conventionally used as follows:<\/p>\n The names in parentheses are used by some assemblers, but Microsoft’s toolchain doesn’t use those names. Some operating systems use r9<\/var> for special purposes (usually as a table of contents\/gp or a thread-local pointer), but Windows does not assign it any special meaning. On Windows, it is available for general use, as long as the value is preserved across calls.<\/p>\n The meanings of the last three registers (sp<\/var>, lr<\/var>, pc<\/var>) are architectural.\u00b3 The rest are convention. We’ll learn more about register conventions later.<\/p>\n The processor enforces 4-byte alignment for the sp<\/var> register. Operations which misalign the stack result in unpredictable behavior.\u2074 Windows requires further that the stack be 8-byte aligned at function call boundaries.<\/p>\n The ARM is notable for putting the program counter in the general-purpose register category, a feature which has been called “overly uniform<\/a>” by noted processor architect Mitch Alsup<\/a>. The program counter register reads as the address of the current instruction plus four: The +4 is due to the pipelining of the original ARM implementation: By the time the pipeline gets to fetching the value of the register, the CPU has already advanced the instruction pointer four bytes. Even though later implementations of ARM have deeper pipelining, they continue to emulate the original pipelining for the purpose of reading from the program counter.\u2075 Writing to the program counter acts like a jump instruction:\u00a0The next instruction to be executed is the one at the address you wrote.<\/p>\n This magic treatment of the program counter register is a bit mind-blowing when you first encounter it.<\/p>\n Floating point and SIMD support (Neon) is optional in the ARM architecture, but Windows requires both. This means that you also have 32 double-precision (64-bit) floating point registers, which can also be split into 64 single-precision (32-bit) floating point registers.<\/p>\n The ARM does not have branch delay slots. You can breathe a sigh of relief.<\/p>\n The flags register is formally known as the Application Program Status Register (APSR). These flags are available to user mode:<\/p>\n The overflow flag records whether the most recent operation resulted in signed overflow. The saturation flag is used by multimedia instructions to accumulate whether any overflow occurred since it was last cleared. The GE flags record the result of SIMD operations. Flags are not preserved across calls.<\/p>\n Under the Windows ABI, there is an 8-byte red zone beneath the stack pointer. However, you’ll never see the compiler using it because the red zone is reserved. It’s there for intrusive profilers.<\/p>\n Intrusive profilers inject code into your binary to update hit counts. The ARM does not have an absolute addressing mode; access to memory is always indirect through registers. Therefore, the profiler needs to be able to “borrow” a register in order to access memory, and it does so by saving the current contents of two temporary registers to the red zone. This frees up just enough registers to be able to update profiling information.<\/p>\n \u00b9 Windows CE also supported ARM, it supported both Thumb-2 mode and classic ARM, so its ABI was different<\/a>. This series covers the Windows 10 ABI.<\/p>\nSETEND<\/code> instruction, so you can’t switch to big-endian even if you tried.<\/p>\n\n\n
\n Term<\/th>\n Size<\/th>\n<\/tr>\n \n byte<\/td>\n \u20078 bits<\/td>\n<\/tr>\n \n halfword<\/td>\n 16 bits<\/td>\n<\/tr>\n \n word<\/td>\n 32 bits<\/td>\n<\/tr>\n \n doubleword<\/td>\n 64 bits<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n \n\n
\n Register<\/th>\n Mnemonic<\/th>\n Meaning<\/th>\n Preserved?<\/th>\n<\/tr>\n \n r0<\/var><\/td>\n (a1<\/var>)<\/td>\n argument 1 and return value<\/td>\n No<\/td>\n<\/tr>\n \n r1<\/var><\/td>\n (a2<\/var>)<\/td>\n argument 2 and second return value<\/td>\n No<\/td>\n<\/tr>\n \n r2<\/var><\/td>\n (a3<\/var>)<\/td>\n argument 3<\/td>\n No<\/td>\n<\/tr>\n \n r3<\/var><\/td>\n (a4<\/var>)<\/td>\n argument 4<\/td>\n No<\/td>\n<\/tr>\n \n r4<\/var><\/td>\n (v1<\/var>)<\/td>\n <\/td>\n Yes<\/td>\n<\/tr>\n \n r5<\/var><\/td>\n (v2<\/var>)<\/td>\n <\/td>\n Yes<\/td>\n<\/tr>\n \n r6<\/var><\/td>\n (v3<\/var>)<\/td>\n <\/td>\n Yes<\/td>\n<\/tr>\n \n r7<\/var><\/td>\n (v4<\/var>)<\/td>\n <\/td>\n Yes<\/td>\n<\/tr>\n \n r8<\/var><\/td>\n (v5<\/var>)<\/td>\n <\/td>\n Yes<\/td>\n<\/tr>\n \n r9<\/var><\/td>\n (v6<\/var>)<\/td>\n <\/td>\n Yes<\/td>\n<\/tr>\n \n r10<\/var><\/td>\n (v7<\/var>)<\/td>\n <\/td>\n Yes<\/td>\n<\/tr>\n \n r11<\/var><\/td>\n fp<\/var> (v8<\/var>)<\/td>\n frame pointer<\/td>\n Yes<\/td>\n<\/tr>\n \n r12<\/var><\/td>\n (ip<\/var>)<\/td>\n intraprocedure call scratch<\/td>\n Volatile<\/td>\n<\/tr>\n \n r13<\/var><\/td>\n sp<\/var><\/td>\n stack pointer<\/td>\n Yes<\/td>\n<\/tr>\n \n r14<\/var><\/td>\n lr<\/var><\/td>\n link register<\/td>\n No<\/td>\n<\/tr>\n \n r15<\/var><\/td>\n pc<\/var><\/td>\n program counter<\/td>\n N\/A<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n \n\n
\n Registers<\/th>\n Preserved?<\/th>\n<\/tr>\n \n s0\u2007<\/var> + s1\u2007<\/var><\/td>\n d0\u2007<\/var><\/td>\n No<\/td>\n<\/tr>\n \n s2\u2007<\/var> + s3\u2007<\/var><\/td>\n d1\u2007<\/var><\/td>\n<\/tr>\n \n \u22ee<\/td>\n \u22ee<\/td>\n<\/tr>\n \n s14<\/var> + s15<\/var><\/td>\n d7\u2007<\/var><\/td>\n<\/tr>\n \n s16<\/var> + s17<\/var><\/td>\n d8\u2007<\/var><\/td>\n Yes<\/td>\n<\/tr>\n \n \u22ee<\/td>\n \u22ee<\/td>\n<\/tr>\n \n s30<\/var> + s31<\/var><\/td>\n d15<\/var><\/td>\n<\/tr>\n \n s32<\/var> + s33<\/var><\/td>\n d16<\/var><\/td>\n No<\/td>\n<\/tr>\n \n \u22ee<\/td>\n \u22ee<\/td>\n<\/tr>\n \n s62<\/var> + s63<\/var><\/td>\n d31<\/var><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n \n\n
\n Mnemonic<\/th>\n Meaning<\/th>\n Notes<\/th>\n<\/tr>\n \n N<\/td>\n Negative<\/td>\n Set if the result is negative<\/td>\n<\/tr>\n \n Z<\/td>\n Zero<\/td>\n Set if the result is zero<\/td>\n<\/tr>\n \n C<\/td>\n Carry<\/td>\n Multiple purposes<\/td>\n<\/tr>\n \n V<\/td>\n Overflow<\/td>\n Signed overflow<\/td>\n<\/tr>\n \n Q<\/td>\n Saturation<\/td>\n Accumulated overflow<\/td>\n<\/tr>\n \n GE[n]<\/td>\n Greater than or equal to<\/td>\n 4 flags (SIMD)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n str r12, [sp, #-4] ; save r12 into the red zone\r\n str r0, [sp, #-8] ; save r0 into the red zone\r\n\r\n ; We can now use r12 and r0 to update profiling statistics.\r\n ... do profiling stuff with r12 and r0 ...\r\n\r\n ; All done. Restore the registers we borrowed.\r\n ldr r0, [sp, #-8] ; recover r0 from the red zone\r\n ldr r12, [sp, #-4] ; recover r12 from the red zone\r\n<\/pre>\n