As is traditional, I wrap up the processor overview series with an annotated walkthrough of a simple function. Here’s the function again:<\/p>\n
extern FILE _iob[];\r\n\r\nint fclose(FILE *stream)\r\n{\r\n int result = EOF;\r\n\r\n if (stream->_flag & _IOSTRG) {\r\n stream->_flag = 0;\r\n } else {\r\n int index = stream - _iob;\r\n _lock_str(index);\r\n result = _fclose_lk(stream);\r\n _unlock_str(index);\r\n }\r\n\r\n return result;\r\n}\r\n<\/pre>\nLet’s dive in.<\/p>\n
This function takes a single pointer parameter, which therefore is passed in the r0<\/var> register. No parameters are passed on the stack.<\/p>\n push {r3-r6,r11,lr}\r\n<\/pre>\nWe start by building our stack frame. From this one instruction we already learn that<\/p>\n
\n- This is not a lightweight leaf function, because we are using the stack. Saving the frame pointer r11<\/var> and return address lr<\/var> is therefore required.<\/li>\n
- We have one word of local variables and outbound parameters. This is inferred by the inclusion of the otherwise-garbage r3<\/var> register. We don’t actually care about the value of the r3<\/var> register. We are pushing it for the side effect of allocating space on the stack.<\/li>\n
- We need three additional registers: r4<\/var>, r5<\/var>, and r6<\/var>.<\/li>\n<\/ul>\n
add r11, sp, #0x10 ; link into stack frame chain\r\n<\/pre>\nThe next step in the standard prologue is to point the r11<\/var> register at the place where we saved the previous r11<\/var> register, in order to maintain the stack frame chain.<\/p>\n mov r5, r0 ; r5 = stream\r\n<\/pre>\nWe save the stream pointer in a non-volatile register for safekeeping.<\/p>\n
; int result = EOF;\r\n; if (stream->_flag & _IOSTRG) {\r\n\r\n ldr r3, [r5,#0xC] ; r3 = stream->_flag\r\n mvn r6, #0 ; r6 \"result\" = -1\r\n tst r3, #0x40 ; Q: Is _IOSTRG set?\r\n beq notstring ; N: Then need to flush for real\r\n<\/pre>\nThe compiler interleaved the initialization of the result<\/var> variable (which is evidently being kept in register r6<\/var>) with the test of the _flags<\/code> member.<\/p>\nInitializing result<\/var> is done by moving ~0<\/code>, which is the same as 0xFFFFFFFF<\/code> or -1<\/code>.<\/p>\nTesting the _IOSTRG<\/code> bit is done by loading the flags into the r3<\/var> register (a scratch register) and using the TST<\/code> instruction, which sets the flags based on the result of a bitwise AND operation. If the flag is clear, then the result is zero (“equal”), and the jump is taken. If the flag is set, then we fall through.<\/p>\n; stream->_flag = 0;\r\n\r\n movs r3, #0 ; r3 = 0\r\n str r3, [r5,#0xC] ; stream->_flag = 0\r\n b done ; end of \"true\" branch\r\n<\/pre>\nIf the flag is clear, then we enter the “true” branch of the if<\/code> statement, which sets the _flag<\/code> to zero. We cannot move a constant directly into memory, so we first load the constant in to a scratch register (r3<\/var>) and store the register to memory.<\/p>\nNote that we use a MOVS<\/code> instruction, which sets flags, even though we don’t care about the flags. That’s because the 8-bit immediate MOVS<\/code> instruction has a compact 16-bit encoding, whereas the corresponding MOV<\/code> instruction uses a 32-bit encoding, so switching to MOVS<\/code> reduces code size.<\/p>\nnotstring:\r\n; int index = stream - _iob;\r\n\r\n ldr r3, =|_iob| ; r3 = address of _iob\r\n subs r4, r5, r3 ; r4 = stream - iob (byte offset)\r\n asrs r0, r4, #4 ; r0 = r4 \/ 16 (convert to index)\r\n<\/pre>\nWe use the literal pool version of the LDR<\/code> pseudo-instruction to load the address of the _iob<\/code> array from the literal pool into a scratch register r3<\/var>. We subtract that from the stream<\/var> variable, producing the byte offset into the preserved register r4<\/var>. Shifting that right by 4 is the same as dividing by 16, which produces the index into the r0<\/var> register.<\/p>\n; _lock_str(index);\r\n\r\n bl |_lock_str|\r\n<\/pre>\nThe r0<\/var> register is exactly where we pass the index<\/var> parameter to the lock_str<\/code> function, so we’re all set to call it.<\/p>\n; result = _fclose_lk(stream);\r\n\r\n mov r0, r5 ; r0 = stream\r\n bl |_fclose_lk| ; _fclose_lk(stream)\r\n mov r6, r0 ; save result\r\n<\/pre>\nNext comes another function call, this time to close the stream. We put the first (and only) parameter into r0<\/var> and call the function. The result comes back in r0<\/var>, and we save it in r6<\/var> so we can return it when we’re done.<\/p>\n; _unlock_str(index);\r\n\r\n asrs r0, r4, #4 ; r0 = r4 \/ 16 (convert to index)\r\n bl |_unlock_str| ; _unlock_str(index)\r\n<\/pre>\nTo call _unlock_str<\/code>, we recalculate the index from the byte offset (still in r4<\/var>, since r4<\/var> is a preserved register) and put the index into r0<\/var> so we can call _unlock_str<\/code>.<\/p>\nIt may seem odd to recalculate the index from the byte offset. Why not just save the index the first time?<\/p>\n
The reason is that mov r0, r4<\/code> and asrs r0, r4, #4<\/code> are the same size: They both use 16-bit encoding. Recalculating the value takes the same number of code bytes as copying it, and it avoids having to save the index anywhere, thereby saving two bytes. Thanks to the barrel shifter (which the ARM is very proud of, in case you have forgotten), shifting a register is just as fast as copying it.<\/p>\nWe now fall through to the end of the function.<\/p>\n
done:\r\n\r\n; return result;\r\n\r\n mov r0, r6 ; return result (r6)\r\n<\/pre>\nThe function return value goes into r0<\/var>, so we copy it there from r6<\/var>.<\/p>\n pop {r3-r6,r11,pc}\r\n<\/pre>\nFor this function, we can pack the the function epilogue into just one instruction: Popping r3<\/var> cleans up our local variables, popping r4<\/var> through r6<\/var> restores the saved registers, popping r11<\/var> unlinks the current stack frame from the stack frame chain, and popping the inbound return address into pc<\/var> transfers control to the return address.<\/p>\nThat’s the end of the function, but we’re not done yet!<\/p>\n
__debugbreak ; recover word alignment\r\n\r\n dcd |_iob|\r\n<\/pre>\nWe still have the matter of the literal pool we used in the ldr r3, =|_iob|<\/code> pseudo-instruction. That pseudo-instruction turns into the instruction<\/p>\n ldr r3, [pc, #...] ; load register from memory\r\n<\/pre>\nwhere the #...<\/code> is the offset to the desired literal. When you use the pc<\/var> register as a base index, the value is rounded down to the nearest multiple of four, and the offset must also be a multiple of four. This means that the value must be at a word-aligned address. The unreachable __debugbreak<\/code> instruction at the end of the function is just padding so that the |_iob|<\/code> literal can be placed on a word boundary.<\/p>\nSo there we have it, our whirlwind tour of the ARM processor in Thumb-2 mode. I don’t know about you, but I’m exhausted.<\/p>\n
\u00b9 Commenter Neil Rashbrook notes that stack space reserved by pushing the r3<\/var> register is never used. It exists only to satisfy the requirement that the stack be 8-byte aligned.<\/p>\n","protected":false},"excerpt":{"rendered":"Putting together what we’ve learned, with a surprise.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[2],"class_list":["post-105369","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-history"],"acf":[],"blog_post_summary":"
Putting together what we’ve learned, with a surprise.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/105369","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=105369"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/105369\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=105369"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=105369"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=105369"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}