Assembly 在Cortex-M3上执行的装配拇指指令
作为练习,我想让STM32F103从内部SRAM执行。其想法是手工编写一些拇指组件,用Assembly 在Cortex-M3上执行的装配拇指指令,assembly,arm,stm32,cortex-m,thumb,Assembly,Arm,Stm32,Cortex M,Thumb,作为练习,我想让STM32F103从内部SRAM执行。其想法是手工编写一些拇指组件,用arm none eabi as组装,用OpenOCD的mwh指令将机器代码加载到SRAM中,用reg PC 0x20000000将PC设置到SRAM的开头,最后几次执行步骤 下面是我要执行的汇编代码。这基本上是一个毫无意义的循环 # main.S .thumb .syntax unified mov r0, #40 mov r1, #2 add r2, r0, r1 mvn r0, #0x20000000
arm none eabi asmwhreg PC 0x20000000步骤
下面是我要执行的汇编代码。这基本上是一个毫无意义的循环
# main.S
.thumb
.syntax unified
mov r0, #40
mov r1, #2
add r2, r0, r1
mvn r0, #0x20000000
bx r0
我需要获取机器代码,以便将其加载到SRAM中,但反汇编程序的输出似乎不正确
$ arm-none-eabi-as -mthumb -mcpu=cortex-m3 -o main.o main.S
$ arm-none-eabi-objdump -d -m armv7 main.o
main.o: file format elf32-littlearm
Disassembly of section .text:
00000000 <.text>:
0: f04f 0028 mov.w r0, #40 ; 0x28
4: f04f 0102 mov.w r1, #2
8: eb00 0201 add.w r2, r0, r1
c: f06f 5000 mvn.w r0, #536870912 ; 0x20000000
10: 4700 bx r0
$arm none eabi as-mthumb-mcpu=cortex-m3-o main.o main.S
$arm none eabi objdump-d-m armv7 main.o
main.o:文件格式elf32 littlearm
第节的分解。正文:
00000000 :
0:f04f 0028 mov.w r0,#40;0x28
4:f04f 0102移动带r1,#2
8:eb00 0201增补w r2、r0、r1
c:f06f 5000 mvn.w r0,#536870912;0x20000000
10:4700 bx r0
拇指指令的长度不应该是16位吗?我得到的机器代码每条指令占用4个字节。STM32F103基于cortex-m3。你需要从st文档开始,它说,然后去arms网站获取cortex-m3技术参考手册。它告诉您这是基于armv7-m架构的,因此您可以获得架构参考手册。然后你就可以开始编程了
从闪存运行通常使用向量表,从ram运行可能意味着取决于引导管脚,但是如果您想使用调试器下载程序,您的路径是正确的,您只是在完成之前被卡住或停止
# main.S
.thumb
.syntax unified
mov r0, #40
mov r1, #2
add r2, r0, r1
mvn r0, #0x20000000
bx r0
您指定了统一语法,可能是在命令行cortex-m3上?还是armv7-m?因此,您最终得到了thumb2扩展。正如ARM所记录的,它们是两个16位的一半(armv7-m架构参考手册向您展示了所有说明)。它们是可变长度的,第一个是解码的,第二个只是操作数。非thumb2都是16位指令,bl/blx是/是两个独立的16位指令,但cortex ms希望这些指令背对背,在以前的内核上,您可以实际将它们分开,以证明它们确实是两个不同的指令
比如说
.cpu cortex-m3
.thumb
.syntax unified
add r2, r0, r1
adds r2, r0, r1
00000000 <.text>:
0: eb00 0201 add.w r2, r0, r1
4: 1842 adds r2, r0, r1
.cpu cortex-m3
.thumb
.syntax unified
.globl _start
_start:
ldr r0,=mydataword
ldr r1,[r0]
add r1,#1
str r1,[r0]
bx lr
.data
mydataword: .word 0
所以
其次,这是一个cortex-m,所以你不能bx到一个偶数地址,这就是你切换到arm模式的方式,但这个处理器没有这样做,所以你会出错。您需要设置lsbit。所以试试这个
0: 2028 movs r0, #40 ; 0x28
2: 2102 movs r1, #2
4: 1842 adds r2, r0, r1
6: f04f 5000 mov.w r0, #536870912 ; 0x20000000
a: 4700 bx r0
.cpu cortex-m3
.thumb
.syntax unified
movs r0, #40
movs r1, #2
adds r2, r0, r1
ldr r0, =0x20000001
bx r0
00000000 <.text>:
0: 2028 movs r0, #40 ; 0x28
2: 2102 movs r1, #2
4: 1842 adds r2, r0, r1
6: 4801 ldr r0, [pc, #4] ; (c <.text+0xc>)
8: 4700 bx r0
a: 0000 .short 0x0000
c: 20000001 .word 0x20000001
这使我的皮肤爬行,因为你想或不想添加,但这会使它缩短半个字,如果这很重要的话:
.cpu cortex-m3
.thumb
.syntax unified
movs r0, #40
movs r1, #2
adds r2, r0, r1
mov r0, #0x20000000
adds r0,#1
bx r0
00000000 <.text>:
0: 2028 movs r0, #40 ; 0x28
2: 2102 movs r1, #2
4: 1842 adds r2, r0, r1
6: f04f 5000 mov.w r0, #536870912 ; 0x20000000
a: 3001 adds r0, #1
c: 4700 bx r0
不使用链接器脚本进行链接,以快速完成此操作
arm-none-eabi-as so.s -o so.o
arm-none-eabi-ld -Ttext=0x20000000 so.o -o so.elf
arm-none-eabi-ld: warning: cannot find entry symbol _start; defaulting to 0000000020000000
arm-none-eabi-objdump -d so.elf
so.elf: file format elf32-littlearm
Disassembly of section .text:
20000000 <_stack+0x1ff80000>:
20000000: 2000 movs r0, #0
20000002 <loop>:
20000002: 3001 adds r0, #1
20000004: e7fd b.n 20000002 <loop>
当您得到openocd提示时,假设所有的操作都正常
halt
load_image so.elf
resume 0x20000000
或者您可以恢复0x2000001,因为这样感觉更好,但无论哪种方式,该工具都很好。现在
halt
reg r0
resume
halt
reg r0
resume
作为一个stm32和所有thumb变体指令,这个示例将适用于我迄今为止听到的任何stm32(我已经(使用)了很多)
您将看到r0它将增加,从恢复到再次停止之间的人工时间将计数很多次,您可以看到数字的变化,以查看程序正在运行
telnet localhost 4444
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Open On-Chip Debugger
> halt
> load_image so.elf
6 bytes written at address 0x20000000
downloaded 6 bytes in 0.001405s (4.170 KiB/s)
> resume 0x20000000
> halt
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x20000002 msp: 0x20001000
> reg r0
r0 (/32): 0x000ED40C
> resume
> halt
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x20000002 msp: 0x20001000
> reg r0
r0 (/32): 0x001C8777
>
如果你想把它放在闪存中,假设蓝色药丸(这是蓝色药丸,对吗?)没有写保护闪存,而有些人有写保护闪存,但你可以很容易地删除它(这会让你明白,不一定很容易,专业提示在某一点上需要一个完整的电源循环)
现在它是在flash中编程的,所以如果你关闭电源,它就会运行
openocd将以这样的方式结束
Info : stm32f1x.cpu: hardware has 6 breakpoints, 4 watchpoints
然后是telnet会话
telnet localhost 4444
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Open On-Chip Debugger
> halt
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0xa1000000 pc: 0x0800000a msp: 0x20001000
> flash write_image erase so.elf
auto erase enabled
device id = 0x20036410
flash size = 64kbytes
wrote 1024 bytes from file so.elf in 0.115819s (8.634 KiB/s)
> reset
> halt
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x0800000a msp: 0x20001000
> reg r0
r0 (/32): 0x002721D4
> resume
> halt
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x0800000a msp: 0x20001000
> reg r0
r0 (/32): 0x0041DF80
>
如果你想让闪存复位到ram中,你可以这样做
.cpu cortex-m3
.thumb
.syntax unified
.word 0x20001000
.word 0x20000001
电源循环在理想情况下应该是崩溃/故障,但如果您使用openocd像以前一样在ram中放入一些东西
flash.elf: file format elf32-littlearm
Disassembly of section .text:
08000000 <_stack+0x7f80000>:
8000000: 20001000 .word 0x20001000
8000004: 20000001 .word 0x20000001
so.elf: file format elf32-littlearm
Disassembly of section .text:
20000000 <_stack+0x1ff80000>:
20000000: 2000 movs r0, #0
20000002 <loop>:
20000002: 3001 adds r0, #1
20000004: e7fd b.n 20000002 <loop>
telnet localhost 4444
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Open On-Chip Debugger
> halt
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x0800000a msp: 0x20001000
> flash write_image erase flash.elf
auto erase enabled
device id = 0x20036410
flash size = 64kbytes
wrote 1024 bytes from file flash.elf in 0.114950s (8.699 KiB/s)
> load_image so.elf
6 bytes written at address 0x20000000
downloaded 6 bytes in 0.001399s (4.188 KiB/s)
> reset
> halt
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x20000002 msp: 0x20001000
> reg r0
r0 (/32): 0x001700E0
> resume
> halt
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x20000004 msp: 0x20001000
> reg r0
r0 (/32): 0x00245FF1
> resume
> halt
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x20000002 msp: 0x20001000
> reg r0
r0 (/32): 0x00311776
>
是的,并不像预期的那样快乐
注意_start来自默认链接器脚本中的一个条目(_start),它既不是特殊的,也不是硬编码到工具中的(对于gcc来说也不是main,它来自默认引导)
所以你可以这样做
那么,s
so.ld
openocd可以读取elf文件和其他一些文件,但是像这样的原始内存映像必须指定地址,否则可能会得到0x00000000或谁知道是什么
load_image so.bin 0x20000000
如果/当您获得一些NucleoBoard时,您可以简单地将bin文件复制到虚拟thumb驱动器,它将为您加载到目标mcu中,虚拟驱动器将进行重新加载,或者重新加载并显示FAIL.TXT(如果它不起作用)。一种情况是,如果您链接0x00000000,而不是0x0800000000。不过,你不能用这种方式加载sram,只需闪存即可。但我想你有蓝色的药片而不是核子板
这是一个很长的答案
简短回答
这些是拇指2扩展,大小为两个半字。有关说明说明,请参阅armv7-m体系结构参考手册。他们完全适合这种芯片
您可能希望在openocd上使用load_image而不是mwh,但是如果您将半字按正确的顺序排列,mwh将起作用
理想情况下,您希望链接,尽管在编写时,您的代码或我的代码是位置独立的,因此您可以只提取指令并使用mwh
该芯片有一个从sram模式的引导,该模式将/应该使用向量表,而不仅仅是启动到指令中,您需要将引导引脚设置正确,并使用类似openocd的东西将程序加载到ram中,然后重置(而不是电源循环)
MVN move negative或NEVERATE不是正确的指令,您需要在使用bx之前设置lsbit,以便在寄存器中设置0x2000001,类似于
ldr r0,=0x20000001
bx r0
对于gnu汇编程序,或
mov r0,#0x20000000
orr r0,#1
bx r0
但这是针对armv7-m的,对于cortex-m0,m0+一些-M8,你不能使用这些指令,它们不会工作
.cpu cortex-m0
.thumb
.syntax unified
mov r0,#0x20000000
orr r0,#1
bx r0
arm-none-eabi-as so.s -o so.o
so.s: Assembler messages:
so.s:5: Error: cannot honor width suffix -- `mov r0,#0x20000000'
so.s:6: Error: cannot honor width suffix -- `orr r0,#1'
因此,请使用ldr=pseudo指令或手动从池中加载,或加载0x2或0x20或类似的内容,然后将其移位并加载另一个带有1和1的寄存器
flash write_image erase so.elf
reset
halt
reg r0
resume
halt
reg r0
resume
Info : stm32f1x.cpu: hardware has 6 breakpoints, 4 watchpoints
telnet localhost 4444
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Open On-Chip Debugger
> halt
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0xa1000000 pc: 0x0800000a msp: 0x20001000
> flash write_image erase so.elf
auto erase enabled
device id = 0x20036410
flash size = 64kbytes
wrote 1024 bytes from file so.elf in 0.115819s (8.634 KiB/s)
> reset
> halt
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x0800000a msp: 0x20001000
> reg r0
r0 (/32): 0x002721D4
> resume
> halt
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x0800000a msp: 0x20001000
> reg r0
r0 (/32): 0x0041DF80
>
.cpu cortex-m3
.thumb
.syntax unified
.word 0x20001000
.word 0x20000001
flash.elf: file format elf32-littlearm
Disassembly of section .text:
08000000 <_stack+0x7f80000>:
8000000: 20001000 .word 0x20001000
8000004: 20000001 .word 0x20000001
so.elf: file format elf32-littlearm
Disassembly of section .text:
20000000 <_stack+0x1ff80000>:
20000000: 2000 movs r0, #0
20000002 <loop>:
20000002: 3001 adds r0, #1
20000004: e7fd b.n 20000002 <loop>
telnet localhost 4444
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Open On-Chip Debugger
> halt
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x0800000a msp: 0x20001000
> flash write_image erase flash.elf
auto erase enabled
device id = 0x20036410
flash size = 64kbytes
wrote 1024 bytes from file flash.elf in 0.114950s (8.699 KiB/s)
> load_image so.elf
6 bytes written at address 0x20000000
downloaded 6 bytes in 0.001399s (4.188 KiB/s)
> reset
> halt
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x20000002 msp: 0x20001000
> reg r0
r0 (/32): 0x001700E0
> resume
> halt
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x20000004 msp: 0x20001000
> reg r0
r0 (/32): 0x00245FF1
> resume
> halt
target state: halted
target halted due to debug-request, current mode: Thread
xPSR: 0x01000000 pc: 0x20000002 msp: 0x20001000
> reg r0
r0 (/32): 0x00311776
>
telnet localhost 4444
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Open On-Chip Debugger
> halt
> reset
stm32f1x.cpu -- clearing lockup after double fault
target state: halted
target halted due to debug-request, current mode: Handler HardFault
xPSR: 0x01000003 pc: 0xfffffffe msp: 0x20000fe0
Polling target stm32f1x.cpu failed, trying to reexamine
stm32f1x.cpu: hardware has 6 breakpoints, 4 watchpoints
> halt
>
.cpu cortex-m3
.thumb
.syntax unified
movs r0,#0
loop:
adds r0,#1
b loop
MEMORY
{
hello : ORIGIN = 0x20000000, LENGTH = 0x1000
}
SECTIONS
{
.text : { *(.text*) } > hello
}
arm-none-eabi-as so.s -o so.o
arm-none-eabi-ld -T so.ld so.o -o so.elf
arm-none-eabi-objdump -d so.elf
so.elf: file format elf32-littlearm
Disassembly of section .text:
20000000 <loop-0x2>:
20000000: 2000 movs r0, #0
20000002 <loop>:
20000002: 3001 adds r0, #1
20000004: e7fd b.n 20000002 <loop>
arm-none-eabi-objcopy -O binary so.elf so.bin
load_image so.bin 0x20000000
ldr r0,=0x20000001
bx r0
mov r0,#0x20000000
orr r0,#1
bx r0
.cpu cortex-m0
.thumb
.syntax unified
mov r0,#0x20000000
orr r0,#1
bx r0
arm-none-eabi-as so.s -o so.o
so.s: Assembler messages:
so.s:5: Error: cannot honor width suffix -- `mov r0,#0x20000000'
so.s:6: Error: cannot honor width suffix -- `orr r0,#1'
.cpu cortex-m3
.thumb
.syntax unified
.globl _start
_start:
ldr r0,=0x12345678
b .
00000000 <_start>:
0: 4800 ldr r0, [pc, #0] ; (4 <_start+0x4>)
2: e7fe b.n 2 <_start+0x2>
4: 12345678 eorsne r5, r4, #120, 12 ; 0x7800000
.cpu cortex-m3
.thumb
.syntax unified
.globl _start
_start:
ldr r0,myvalue
b .
.align
myvalue: .word 0x12345678
00000000 <_start>:
0: 4800 ldr r0, [pc, #0] ; (4 <myvalue>)
2: e7fe b.n 2 <_start+0x2>
00000004 <myvalue>:
4: 12345678 eorsne r5, r4, #120, 12 ; 0x7800000
unsigned int fun0 ( void )
{
return 0x12345678;
}
unsigned int fun1 ( void )
{
return 0x11223344;
}
00000000 <fun0>:
0: e59f0000 ldr r0, [pc] ; 8 <fun0+0x8>
4: e12fff1e bx lr
8: 12345678 .word 0x12345678
0000000c <fun1>:
c: e59f0000 ldr r0, [pc] ; 14 <fun1+0x8>
10: e12fff1e bx lr
14: 11223344 .word 0x11223344
.global fun1
.syntax unified
.arm
.fpu softvfp
.type fun1, %function
fun1:
@ Function supports interworking.
@ args = 0, pretend = 0, frame = 0
@ frame_needed = 0, uses_anonymous_args = 0
@ link register save eliminated.
ldr r0, .L6
bx lr
.L7:
.align 2
.L6:
.word 287454020
.size fun1, .-fun1
unsigned int fun0 ( void )
{
return 0x12345678;
}
unsigned int fun1 ( void )
{
return 0x00110011;
}
00000000 <fun0>:
0: 4800 ldr r0, [pc, #0] ; (4 <fun0+0x4>)
2: 4770 bx lr
4: 12345678 .word 0x12345678
00000008 <fun1>:
8: f04f 1011 mov.w r0, #1114129 ; 0x110011
c: 4770 bx lr
.cpu cortex-m3
.thumb
.syntax unified
.globl _start
_start:
ldr r0,=0x12345678
ldr r1,=0x00110011
nop
nop
nop
b .
00000000 <_start>:
0: 4803 ldr r0, [pc, #12] ; (10 <_start+0x10>)
2: f04f 1111 mov.w r1, #1114129 ; 0x110011
6: bf00 nop
8: bf00 nop
a: bf00 nop
c: e7fe b.n c <_start+0xc>
e: 0000 .short 0x0000
10: 12345678 .word 0x12345678
.cpu cortex-m3
.thumb
.syntax unified
.globl _start
_start:
ldr r0,=mydataword
ldr r1,[r0]
add r1,#1
str r1,[r0]
bx lr
.data
mydataword: .word 0
00000000 <_start>:
0: 4802 ldr r0, [pc, #8] ; (c <_start+0xc>)
2: 6801 ldr r1, [r0, #0]
4: f101 0101 add.w r1, r1, #1
8: 6001 str r1, [r0, #0]
a: 4770 bx lr
c: 00000000 .word 0x00000000
arm-none-eabi-ld -Ttext=0x1000 -Tdata=0x2000 so.o -o so.elf
arm-none-eabi-objdump -D so.elf
so.elf: file format elf32-littlearm
Disassembly of section .text:
00001000 <_start>:
1000: 4802 ldr r0, [pc, #8] ; (100c <_start+0xc>)
1002: 6801 ldr r1, [r0, #0]
1004: f101 0101 add.w r1, r1, #1
1008: 6001 str r1, [r0, #0]
100a: 4770 bx lr
100c: 00002000 andeq r2, r0, r0
Disassembly of section .data:
00002000 <__data_start>:
2000: 00000000
.cpu cortex-m3
.thumb
.syntax unified
.globl _start
_start:
ldr r0,=somefun
ldr r1,[r0]
orr r1,#1
bx r1
.align
somefun:
nop
b .
00000000 <_start>:
0: 4803 ldr r0, [pc, #12] ; (10 <somefun+0x4>)
2: 6801 ldr r1, [r0, #0]
4: f041 0101 orr.w r1, r1, #1
8: 4708 bx r1
a: bf00 nop
0000000c <somefun>:
c: bf00 nop
e: e7fe b.n e <somefun+0x2>
10: 0000000c .word 0x0000000c
00001000 <_start>:
1000: 4803 ldr r0, [pc, #12] ; (1010 <somefun+0x4>)
1002: 6801 ldr r1, [r0, #0]
1004: f041 0101 orr.w r1, r1, #1
1008: 4708 bx r1
100a: bf00 nop
0000100c <somefun>:
100c: bf00 nop
100e: e7fe b.n 100e <somefun+0x2>
1010: 0000100c andeq r1, r0, r12
.cpu cortex-m3
.thumb
.syntax unified
.globl _start
_start:
ldr r0,=somefun
ldr r1,[r0]
bx r1
.align
.thumb_func
somefun:
nop
b .
00001000 <_start>:
1000: 4802 ldr r0, [pc, #8] ; (100c <somefun+0x4>)
1002: 6801 ldr r1, [r0, #0]
1004: 4708 bx r1
1006: bf00 nop
00001008 <somefun>:
1008: bf00 nop
100a: e7fe b.n 100a <somefun+0x2>
100c: 00001009 andeq r1, r0, r9
.cpu cortex-m3
.thumb
.syntax unified
.globl fun0
.thumb_func
fun0:
ldr r0,=0x12345678
bx lr
.globl fun1
.thumb_func
fun1:
ldr r0,=0x11223344
bx lr
.align
.word 0x111111
00000000 <fun0>:
0: 4802 ldr r0, [pc, #8] ; (c <fun1+0x8>)
2: 4770 bx lr
00000004 <fun1>:
4: 4802 ldr r0, [pc, #8] ; (10 <fun1+0xc>)
6: 4770 bx lr
8: 00111111 .word 0x00111111
c: 12345678 .word 0x12345678
10: 11223344 .word 0x11223344
.cpu cortex-m3
.thumb
.syntax unified
.globl fun0
.thumb_func
fun0:
ldr r0,=0x12345678
bx lr
.pool
.globl fun1
.thumb_func
fun1:
ldr r0,=0x11223344
bx lr
.align
.word 0x111111
00000000 <fun0>:
0: 4800 ldr r0, [pc, #0] ; (4 <fun0+0x4>)
2: 4770 bx lr
4: 12345678 .word 0x12345678
00000008 <fun1>:
8: 4801 ldr r0, [pc, #4] ; (10 <fun1+0x8>)
a: 4770 bx lr
c: 00111111 .word 0x00111111
10: 11223344 .word 0x11223344
ldr r0,=something
ldr r0,=0x12345678
ldr r0,something_address
b .
.align
something_address: .word something
.word 0x20001000
.word reset
.cpu cortex-m3
.thumb
.syntax unified
.word 0x20001000
.word reset
.word handler
.word broken
.thumb_func
reset:
b .
.type handler,%function
handler:
b .
broken:
b .
Disassembly of section .text:
08000000 <_stack+0x7f80000>:
8000000: 20001000 .word 0x20001000
8000004: 08000011 .word 0x08000011
8000008: 08000013 .word 0x08000013
800000c: 08000014 .word 0x08000014
08000010 <reset>:
8000010: e7fe b.n 8000010 <reset>
08000012 <handler>:
8000012: e7fe b.n 8000012 <handler>
08000014 <broken>:
8000014: e7fe b.n 8000014 <broken>
.word reset + 1
.word handler + 1
.word broken + 1
.cpu cortex-m3
.thumb
.syntax unified
ldr r0,=0x12345678
nop
b .
00000000 <.text>:
0: 4801 ldr r0, [pc, #4] ; (8 <.text+0x8>)
2: bf00 nop
4: e7fe b.n 4 <.text+0x4>
6: 0000 .short 0x0000
8: 12345678 .word 0x12345678
imm32 = ZeroExtend(imm8:'00', 32); add = TRUE;
Encoding T1 multiples of four in the range 0 to 1020
address = if add then (base + imm32) else (base - imm32);
data = MemU[address,4];
R[t] = data;
0: 4801 ldr r0, [pc, #4] ; (8 <.text+0x8>)
2: bf00 nop
4: e7fe b.n 4 <.text+0x4> <--- pc is here
6: 0000 .short 0x0000
8: 12345678 .word 0x12345678
.cpu cortex-m3
.thumb
.syntax unified
nop
ldr r0,=0x12345678
b .
00000000 <.text>:
0: bf00 nop
2: 4801 ldr r0, [pc, #4] ; (8 <.text+0x8>)
4: e7fe b.n 4 <.text+0x4>
6: 0000 .short 0x0000
8: 12345678 .word 0x12345678
Operation
if ConditionPassed() then
EncodingSpecificOperations();
base = Align(PC,4);
address = if add then (base + imm32) else (base - imm32);
data = MemU[address,4];
if t == 15 then
if address<1:0> == '00' then LoadWritePC(data); else UNPREDICTABLE;
else
R[t] = data;
.cpu cortex-m3
.thumb
.syntax unified
ldr.w r0,=0x12345678
b .
00000000 <.text>:
0: f8df 0004 ldr.w r0, [pc, #4] ; 8 <.text+0x8>
4: e7fe b.n 4 <.text+0x4>
6: 0000 .short 0x0000
8: 12345678 .word 0x12345678
.cpu cortex-m3
.thumb
.syntax unified
ldr.w r0,something
b .
something: .word 0x12345678