This example adds two 64-bit numbers. The first number is in the register pair R2 and R3 and the second is in the pair R4 and R5. The result is placed in the pair R0 and R1
MOV R2, #0xFFFFFFFF ; low half number 1
MOV R3, #0x1 ; hi half number 1
MOV R4, #0xFFFFFFFF ; low half number 2
MOV R5, #0xFF ; hi half number 2
ADDS R0, R2, R4 ; add low and set flags
ADCS R1, R3, R5 ; add hi with carry
Encoded as:
0xE3E02000
0xE3A03001
0xE3E04000
0xE3A050FF
0xE0920004
0xE0B31005
SUB: subtraction
Syntax: SUB(<suffix>) <dest>, <Operand1>, <Operand2>
Encoding:
Description: dest ← Operand1 - Operand2
SUB will subtract operand two from operand one, placing the result in the destination register. Operand 1 is a register, operand 2 can be a register, shifted register, or an immediate value.
Example:
SUB R0, R1, R2 ; R0 = R1 - R2
SUB R0, R1, #256 ; R0 = R1 - 256
Encoded as:
0xE0410002
0xE2410C01
RSB: reverse subtraction
Syntax: RSB(<suffix>) <dest>, <Operand1>, <Operand2>
Encoding:
Description: dest ← Operand2 - Operand1
RSB will subtract operand one from operand two, placing the result in the destination register. Operand 1 is a register, operand 2 can be a register, shifted register, or an immediate value.
Example:
RSB R0, R1, R2 ; R0 = R2 - R1
RSB R0, R1, #256 ; R0 = 256 - R1
Encoded as: 0xE0610002
0xE2610C01
SBC: subtraction with carry
Syntax: SBC(<suffix>) <dest>, <Operand1>, <Operand2>
Encoding:
Description: dest ← Operand1 - Operand2 - !carry
SBC will subtract the two operands, placing the result in the destination register. It uses the carry bit to represent 'borrow', so can subtract numbers larger than 32bits.
SUB and SBC generate the Carry flag the opposite way around. If a borrow is generated then the carry flag is clear, C=0. If a borrow is not generated, then the carry flag is set, C=1. Thus, this instruction requires a NOT Carry flag - it inverts the flag automatically during the instruction.
RSC: reverse subtraction with carry
Syntax: RSC(<suffix>) <dest>, <Operand1>, <Operand2>
Encoding:
Description: dest ← Operand2 - Operand1 - !carry
This is the same as SBC, except the operands are subtracted the other way around.
CMP: compare
Syntax: CMP(<suffix>) <Operand1>, <Operand2>
Encoding:
Description: status ← Operand1 - Operand2
CMP allows you to compare the contents of a register with another register or an immediate value, updating the status flags to allow conditional execution to take place.
It performs a subtraction, but does not store the result anywhere. Instead, the flags are updated as appropriate.
The flags refer to operand one compared against operand two. Thus, the GT suffix will be executed if operand one is greater than operand two.
Obviously you do not need to explicitly specify the S suffix as the point of the command is to update the status flags... If you do specify it, it will be ignored.
Example: CMP R0, #50 ; Compare R0 with 50
Encoded as: 0xE3500032
CMN: compare negative
Syntax: CMN(<suffix>) <Operand1>, <Operand2>
Encoding:
Description: status ← Operand1 - (-Operand2)
CMN is the same as CMP, except it allows you to compare against small negative values (the logical NOT of operand two) that would be hard to implement otherwise; such as -1 to end a list.
Example: CMN R0, #1 ; Compare R0 with -1
Encoded as: 0xE3700001
TST: test bits
Syntax: TST(<suffix>) <Operand1>, <Operand2>
Encoding:
Description: status ← Operand1 & Operand2
TST, like CMP, does not produce a result to be placed into a destination register. Instead it performs an operation on the two operands given and reflects the result of this in the status flags.
TST is used to see if a particular bit is set. Operand one is the data word to test and operand two is a bit mask. After testing, the Zero flag will be set upon a match, or otherwise clear.
Like CMP, it does not matter if you specify the S suffix or not.
Example: TST R0, #1 ; Test if bit zero is set in R0
Encoded as: 0xE3100001
TEQ: test equivalence
Syntax: TEQ(<suffix>) <Operand1>, <Operand2>
Encoding:
Description: status ← Operand1 ^ Operand2
TEQ is similar to TST. The difference is that the notional arithmetical calculation is an EOR rather than an AND.
This provides a way to see if bits in both operands are the same or not without affecting the Carry flag (unlike CMP).
TEQ is also used with the P suffix to alter the flags in R15 (in 26-bit mode).
Example: TEQ R0, R1 ; Test if R0 and R1 are the same
Encoded as: 0xE1300001
BIC: bit clear
Syntax: BIC(<suffix>) <dest>, <Operand1>, <Operand2>
Encoding:
Description: dest ← Operand1 & (!Operand2)
BIC is a way to clear bits within a word, a sort of reverse OR.
Operand two is a 32 bit bit mask. If a bit is set in the mask, it will be cleared. Unset mask bits indicate bits to be left alone.
Example:
BIC R0, R0, #11 ; Clear bits zero and one in R0. Leave the remaining bits alone.
Encoded as: 0xE3C0000B
MOV: move
Syntax: MOV(<suffix>) <dest>, <Operand1>
Encoding:
Description: dest ← Operand1
MOV loads a value into the destination register, from another register, a shifted register, or an immediate value.
You can specify the same register for the effect of a NOP instruction, or you can shift the same register if you choose. If R15 is the destination, the program counter or flags can be modified. This is used to return to calling code, by moving the contents of the link register into R15.
Example:
MOV R0, R0 ; R0 = R0... NOP instruction
MOV PC, R14 ; Exit to caller
Encoded as: 0xE1A00000
0xE1A0F00E
MVN: move negative
Syntax: MVN(<suffix>) <dest>, <Operand1>
Encoding:
Description: dest ← !Operand1
MVN loads a value into the destination register, from another register, a shifted register, or an immediate value.
The difference is the bits are inverted prior to moving, thus you can move a negative value into a register.
Due to the way this works (two's complement), you want to move one less than the required number.
Example:
MVN R0, #4 ; R0 = -5
MVN R0, #0 ; R0 = -1
Encoded as: 0xE3E00004
0xE3E00000
Conditional Execution
Nearly all ARM7 instructions can be executed conditionally based on a condition code set in a previous instruction. Conditional execution is indicated by adding a two-letter suffix to the instruction's mneumonic. The allowed condition suffixes are described below.
EQ: equal Z=1
Condition field: 0000
Description: This condition is true if the result flag Z (zero) is set. This might arise after a compare instruction where the operands were equal, or in any data instruction which received a zero result into the destination.
Example:
MOV R0, R1 ; Move R1 into R0 and set flags
MOVEQ R0, #1 ; If 0, load R0 with 1
Here, the Zero flag will be set if 0 is moved into R0 from R1. If this is the case then the next instruction will be executed, and 1 will be written into R0. The instruction will not be executed if the Zero flag is clear, thereby proving that the value in R0 was non-zero.
NE: not equal Z=0
Condition field: 0001
Description: This is clearly the opposite of EQ, and is true if the Z flag is cleared. If Z is set, and instruction with the NE condition will not be executed.
Example:
CMP R0, R1 ; Compare R6 with R5 and set flags
ADDNE R5, R5, R6 ; If not zero R5+R6 and put in R5
Here, the CMP instruction is used to compare contents of R5 and R6. If they are not the same (so that the Zero flag will be clear, Z=0) then R5 and R6 are summed and the result placed in R5.
VS: overflow set V=1
Condition field: 0110
Description: This condition is true if the result flag V (overflow) is set. Add, subtract and compare instructions affect the V flag.
VC: overflow clear V=0
Condition field: 0111
The opposite to VS.
MI: minus set N=1
Condition field: 0100
Description: Instructions with this condition only execute if the N (negative) flag is set. Such a condition would occur when the last data operation gave a result which was negative. That is, the N flag reflects the state of bit 31 of the result. (All data operations work on 32-bit numbers.)
Example:
SUBS R1, R1, #1 ; Subtract 1 from R1 and set flags
ADDMI R0, R0, #15 ; If negative add 0x0F to R0
Here, the SUB instruction takes 1 from the contents of R1, and the S suffix is used to update the flags as the result is stored into R1. The ADD in the next line only takes place if the N flag is set and if so 15 is added to R0.
PL: plus clear N=0
Condition field: 0101
Description: This is the opposite to the MI condition and instructions with the PL condition will only execute if the N flag is cleared.
Example:
SUBS R1, R1, #1 ; Subtract 1 from R1 and set flags
ADDMI R0, R0, #15 ; If negative add 0x0F to R0
ADDPL R0, R0, #255 ; If pos add 0xFF to R0
This example illustrates how compilations of conditional instructions act on alternative results. This builds on the MI example above: if the result was a positive number then 255 is added to the contents of R0 and stored there. As you can see, only one of these instructions can take place and both act on the result of the SUBS instruction. Because neither of the following ADD instructions has used the S suffix, the status flags will not have changed since the CMP instruction.
CS: carry set C=1 (HS: higher or same C=1)
Condition field: 0010
Description: This condition is true if the result flag C (carry) is set. The carry flag is affected by arithmetic instructions such as ADD, SUB and CMP. It is also altered by operations involving the shifting or rotation of operands (data manipulation instructions).
When used after a compare instruction, CS may be interpreted as 'higher or same', where the operands are treated as unsigned 32-bit numbers. For example, if the left hand operand of CMP was 5 and the right hand operand was 2, the carry would be set. You can use HS instead of CS for this condition.
Example:
ADDS R0, R0, #255 ; Add 0xFF to R0 and save in R0
ADDCS R1, R1, #15 ; Carry set add 0x0F to R1 save in R1
CC: carry clear C=0 (LO: lower C=0)
Condition field: 0011
Description: This is the inverse condition to CS. After a compare, the CC condition may be interpreted as meaning 'lower than', where the operands are again treated as unsigned numbers. An synonym for CC is LO.
Example:
ADDS R0, R0, #255 ; Add 0xFF to R0 and save in R0
ADDCS R1, R1, #15 ; Carry set add 0x0F to R1 save in R1
ADDCC R1, R1, #128 ; If Carry=0 add 0xF0 to R1 save in R1
AL: always
Condition field: 1110
Description: An instruction with this suffix is always executed. To save having to type 'AL' after the majority of instructions which are unconditional, the suffix may be omitted in this case. Thus ADDAL and ADD mean the same thing: add unconditionally.
Example:
ADDAL R0, R1, R2 ; Add R1 and R2 and save in R0
ADD R0, R1, R2 ; Add R1 and R2 and save in R0
These two instructions have exactly the same result.
A common use of the AL suffix is with the Branch instruction to provide a three letter mnemonic and greater clarity:
B start ; Branch to start
BAL start ; Branch to start
NV: never
Condition field: 1111
Description: All ARM conditions also have their inverse, so this is the inverse of always. Any instruction with this condition will be ignored. Such instructions might be used for 'padding' or perhaps to use up a (very) small amount of time in a program.
Example:
ADDNV R0, R1, R2 ; Never perform the addition
HI: higher (unsigned) C=1 and Z=0
Condition field: 1000
Description: This condition is true if the C flag is set and the Z flag is false. After a compare or subtract, this combination may be interpreted as the left hand operand being greater than the right hand one, where the operands are treated as unsigned.
Example:
CMP R10, R15 ; Compare Registers R0 and R5
MOVHI R10, #0 ; If R10 > R5 then set R10 to zero
LS: lower than or same (unsigned) C=0 or Z=1
Condition field: 1001
Description: This condition is true if the C flag is cleared or the Z flag is set. After a compare or subtract, this combination may be interpreted as the left hand operand being less than or equal to the right hand one, where the operands are treated as unsigned.
Example:
CMP R10, R15 ; Compare Registers R0 and R5
ADDLS R10, R10, #1 ; If R10 <= R5 then add 1 and save in R10
GE: greater or equal (signed) N=1, V=1 or N=0, V=0
Condition field: 1010
Description: This is true if N is cleared and V is cleared, or N is set and V is set.
Example:
CMP R5, R6 ; Compare Registers R5 and R6
ADDGE R5, R5, #255 ; If R5 >= R6 then add 0xFF to R5
It is important to remember that this condition assumes the two values being compared are signed quantities.
LT: less than (signed) N=1, V=0 or N=0, V=1
Condition field: 1011
Description: This is the opposite to GE and instructions with this condition are executed if N is set and V is cleared, or N is cleared and V is set.
Example:
CMP R5, #255 ; Compare contents of R5 with 0xFF
SUBLT R5, R5, R6 ; If R5 < 0xFF subtract R6 from R5 save result in R5
LT: less than (signed) N=1, V=0 or N=0, V=1
Condition field: 1011
Description: This is the opposite to GE and instructions with this condition are executed if N is set and V is cleared, or N is cleared and V is set.
Example:
CMP R5, #255 ; Compare contents of R5 with 0xFF
SUBLT R5, R5, R6 ; If R5 < 0xFF subtract R6 from R5 save result in R5
GT: greater than (signed) (N=1, V=1 or N=0, V=0) and Z=0
Condition field: 1100
Description: This is the same as GE, with the addition that the Z flag must be cleared too.
Example:
CMP R5, R6 ; Compare contents of R5 with R6
ADDGT R0, R1, R2 ; If R5 > R6 add R1+R2 and put in R0
LE: less than or equal to (signed) N=1, V=0 or N=0, V=1 or Z=1
Condition field: 1101
Description: This is the same as LT, and is also true whenever the Z flag is set.
Example:
CMP R5, #10 ; Does R5 contain 0x0A?
SUBLE R0, R1, R2 ; If R5 <= 0x0A subtract R2 from R1 and put result in R0
Branch and Branch with Link Instructions
B: branch
Syntax: B(<suffix>) <label>
Encoding:
Description: B is a relative branch. When executed, a B instruction, the processor will jump to the address given, and resume execution from there. Note that the offset value stored in the branch instruction is a signed value that is multiplied by 4 and added to the PC+8; rather than an absolute address.
Example:
MOV R0,#0 ; Init the count to zero
loop: ADD R1,R1,#1 ; Add 1 to R1
ADD R0, R0, R1 ; Add R1 to count
CMP R1, #10 ; if R1 is 10 or not
BNE loop ; loop if not
Encoded as:
0xE3A00000
0xE2811001
0xE0800001
0xE351000A
0x1AFFFFFB
BL: branch with link
Syntax: BL(<suffix>) <label>
Encoding:
Description: The Branch with Link instruction, BL, allows you to pass control to another part of your program -- a subroutine -- and then return on completion. BL works like the normal branch instruction in that it takes its destination as an address, normally specified by a label in an assembly language program. However, before it branches it copies the contents of the Program Counter (R15) into the Link Register (R14).
Example:
BLEQ subroutine ; Branch and save PC if Z flag set
Encoded as: 0x0B000000
BX: branch using registers
Syntax: BX(<suffix>) <Register>
Encoding:
Description: The standard Branch instruction has a limited range, the 24-bit signed
2’s complement immediate value is multiplied by 4 and added to the
PC+8, giving a range of +/- 32 Mbytes. Larger branches make use of
addresses previously loaded into a register using the BX instruction. If the condition is true, the PC is
loaded with the contents of Rn.
Example:
BX LR ; Loads the PC with the contents of R14
Encoded as: 0xE12FFF1E
Multiplication Instructions
MUL: multiplication
Syntax: MUL(<suffix>) <dest>, <Operand1>, <Operand2>
Encoding:
Description: dest ← Operand1 * Operand2
MUL provides 32 bit integer multiplication. If the operands are signed, it can be assumed that the result is also signed. Dest must be a register and cannot be the same as Operand 1. R15 may not be used as the destination of a result. Operand 2 must be a register, and cannot be an immediate constant or shifted operation. (Rd = Rm*Rs)
Example: MUL R0, R1, R2 ; R0=R1*R2
Encoded as: 0xE0000291
MLA: multiply with accumulate
Syntax: MLA(<suffix>) <dest>, <Operand1>, <Operand2>, <Operand3>
Encoding:
Description: dest ← (Operand1 * Operand2) + Operand3
MLA behaved that same as MUL, except that the value of operand three is added to the result. This is useful for running totals. (Rd = Rm*Rs+Rn)
Example: MLA R0, R1, R2, R3 ; R0=(R1*R2)+R3
Encoded as: 0xE0203291
Data Transfer Instructions
LDR: load register from memory
Syntax: LDR(<suffix>) < Rd >, <addressing mode>
Encoding:
Description: Rd is loaded from the specified address.
Example:
LDR R0, [R1] ; Load R0 with contents at location in R1.
Encoded as: 0xE5910000
STR: store register to memory
Syntax: STR(<suffix>) <Rd>, <addressing mode>
Encoding:
Description: Rd is stored at the specified address.
Example:
STR R0, [R1,#20] ; Store R0 at address R1+20
STRB R0, [R1], R2 ; Store the least significant byte of R0 at address R1. Then R1 is set to R1+R2.
Encoded as: 0xE5810014
0xE6C10002
SWP: swap
Syntax: SWP(<suffix>) <dest>, <Operand1>, [<Operand2>]
Encoding:
Description:
SWP Rd, Rm, [Rn]: Rd <-- Memory[Rn] and Memory[Rn] <-- Rm
SWP loads a word from memory, address pointed to by operand two, and puts that word in the destination register; and
stores the contents of register operand one to that same address.
Swap is used to implement synchronization primitives that are used by multiple processors and threads. The instruction is “atomic”.
Example:
STR R0, [R1,#20] ; Store R0 at address R1+20
STRB R0, [R1], R2 ; Store the least significant byte of R0 at address R1. Then R1 is set to R1+R2.
Encoded as: 0xE5810014
0xE6C10002
ARM Addressing Modes:
The same addressing modes apply to
LDR and
STR.
Pre-indexed addressing: (P=1, W=0)
[Rbase] ; Address is Rbase
[Rbase,Rindex] ; Address is Rbase + Rindex
[Rbase,#index] ; Address is Rbase + index. Index is an immediate value.
[Rbase,Rindex,LSL #2] ; Address is Rbase + 4*Rindex
Pre-indexed with write-back: (P=1, W=1)
[Rbase,Rindex]! ; Address is Rbase + Rindex, then set Rbase to Rbase + Rindex
[Rbase,#index]! ; Address is Rbase + index, then set Rbase to Rbase + index
[Rbase,Rindex,LSL #2] ; Address is Rbase + 4*Rindex, then set to Rbase + 4*Rindex
Post-indexed addressing: (P=0, W=1)
[Rbase],Rindex ; Address is Rbase, then set Rbase to Rbase + Rindex
[Rbase],#index ; Address is Rbase, then set Rbase to Rbase + index
PC relative addressing: (Rbase=15)
label ; Generates a PC-relative offset to 'label'
Block Transfer Instructions
Instruction Format:
B Type:
P: Pre/Post indexing. 0=post (offset added after transfer). 1=pre (offset added before transfer).
U: Up/Down bit. 0=down (Offset subtracted from base). 1=Up (Offset added to base).
S: PSR & Force user mode. 0=do not load PSR or force user mode. 1=load PSR or force user mode.
W: Write-back. 0=No write back, 1=Write address into base.
L: Load/Store. 0=store, 1=load.
Stack Growth:
There are four types of stacks:
FA: full ascending stack
FD: full descending stack
EA: empty ascending stack
ED: empty descending stack
When the stack pointer points to the last occupied address on the stack it is known as a full stack. When the stack pointer indicates the next available free space on the stack, it is called an empty stack. Note that in this empty stack scenario the stack can have data on it; it is used to signify the condition of the next free word on the stack.
There are instructions in the instruction set that cater for these types of stacks.
STMFD/LDMFD: full descending stack
STMFA/LDMFA: full ascending stack
STMED/LDMED: empty descending stack
STMEA/LDMEA: empty ascending stack
Instructions:
LDM: load multiple registers from memory
Syntax: LDM<type>(<suffix>) <base>{!}, <registers>
Encoding:
Description: LDM perform the stack 'pull' (or pop as it is also known) operation.
Example:
LDMFD SP!, {R4,R5,R6,PC}
Encoded as: 0xE8BD8070
STM: store multiple registers to memory
Syntax: STM<type>(<suffix>) <base>{!}, <registers>
Encoding:
Description: STM is the 'push items onto stack' instruction. It stores multiple registers into memory sequentiall.
Example:
STMFD SP!, {R4,R5,R6}
Encoded as: 0xE92D0070