Main features of the ARM Instruction Set

• All instructions are 32 bits long.

• Most instructions execute in a single cycle.
• Every instruction can be conditionally executed.
• A load/store architecture
– Data processing instructions act only on registers
• Three operand format
• Combined ALU and shifter for high speed bit manipulation
– Specific memory access instructions with powerful auto-indexing addressing modes.
• 32 bit and 8 bit data types
– and also 16 bit data types on ARM Architecture v4.
• Flexible multiple register load and store instructions
• Instruction set extension via coprocessors
Accessing Registers using ARM Instructions

– All instructions can access r0-r14 directly.

– Most instructions also allow use of the PC.
• Specific instructions to allow access to CPSR and
SPSR.
• Note : When in a privileged mode, it is also
possible to load / store the (banked out) user
mode registers to or from memory.
 The Program Counter (R15)

• When the processor is executing in ARM state:

– All instructions are 32 bits in length
– All instructions must be word aligned
– Therefore the PC value is stored in bits [31:2] with bits [1:0] equal to zero (as
instruction cannot be halfword or byte aligned).
• R14 is used as the subroutine link register (LR) and stores the return address
when Branch with Link operations are performed,
calculated from the PC.
• Thus to return from a linked branch
– MOV r15,r14
or
– MOV pc,lr
 The Instruction Pipeline
• The ARM uses a pipeline in order to increase the speed of the flow of
instructions to the processor.
– Allows several operations to be undertaken simultaneously, rather than
serially.

ARM

PC FETCH Instruction fetched from memory

DECODE Decoding of registers used in instruction

PC - 4

Register(s) read from Register Bank

PC - 8 EXECUTE
Shift and ALU operation
Write register(s) back to Register Bank

Rather than pointing to the instruction being executed, the

PC points to the instruction being fetched.
 Conditional Execution
• Most instruction sets only allow branches to be executed conditionally.
• However by reusing the condition evaluation hardware, ARM effectively
increases number of instructions.
– All instructions contain a condition field which determines whether the CPU
will execute them.
– Non-executed instructions soak up 1 cycle.
• Still have to complete cycle so as to allow fetching and decoding of
following instructions.
• This removes the need for many branches, which stall the pipeline (3 cycles to
refill).
– Allows very dense in-line code, without branches.
– The Time penalty of not executing several conditional instructions is
frequently less than overhead of the branch
or subroutine call that would otherwise be needed.
 The Condition Field
31 28 24 20 16 12 8 4 0

Cond

0000 = EQ - Z set (equal) 1001 = LS - C clear or Z (set unsigned lower

0001 = NE - Z clear (not equal) or same)

0010 = HS / CS - C set (unsigned 1010 = GE - N set and V set, or N clear and V

higher or same)
0011 = LO / CC - C clear (unsigned
lower)
0100 = MI -N set (negative)
0101 = PL - N clear (positive or zero)
0110 = VS - V set (overflow)
0111 = VC - V clear (no overflow)
clear (>or =)
1011 = LT - N set and V clear, or N clear and
V set (>)
1100 = GT - Z clear, and either N set and V
set, or N clear and V set (>)
1101 = LE - Z set, or N set and V clear,or N
clear and V set (<, or =)

1000 = HI - C set and Z clear (unsigned 1110 = AL - always

higher) 1111 = NV - reserved.
 Using and updating the Condition Field
• To execute an instruction conditionally, simply postfix it with the appropriate
condition:
– For example an add instruction takes the form:
• ADD r0,r1,r2 ; r0 = r1 + r2 (ADDAL)
– To execute this only if the zero flag is set:
• ADDEQ r0,r1,r2 ; If zero flag set then…
; ... r0 = r1 + r2
• By default, data processing operations do not affect the condition flags (apart
from the comparisons where this is the only effect). To cause the condition flags
to be updated, the S bit of the instruction needs to be set by postfixing the
instruction (and any condition code) with an “S”.
– For example to add two numbers and set the condition flags:
• ADDS r0,r1,r2 ; r0 = r1 + r2
; ... and set flags
 Branch instructions (1)
• Branch : B{<cond>} label
• The basic branch instruction (as its name implies) allows a jump forwards or backwards of
up to 32 MB. A modified version of the branch instruction, the branch link, allows the
same jump but stores the current PC address plus four bytes in the link register.
• Branch with Link : BL{<cond>} sub_routine_label

31 28 27 25 24 23 0

Cond 1 0 1 L Offset

Link bit 0 = Branch

1 = Branch with link
Condition field
• The offset for branch instructions is calculated by the assembler:
– By taking the difference between the branch instruction and the target address
minus 8 (to allow for the pipeline).
– This gives a 26 bit offset which is right shifted 2 bits (as the bottom two bits are
always zero as instructions are word – aligned) and stored into the instruction
encoding.
 Branch instructions (2)
• When executing the instruction, the processor:
– shifts the offset left two bits, sign extends it to 32 bits, and adds it to PC.
• Execution then continues from the new PC, once the pipeline has been refilled.
• The "Branch with link" instruction implements a subroutine call by writing PC-4
into the LR of the current bank.
– i.e. the address of the next instruction following the branch with link
(allowing for the pipeline).
• To return from subroutine, simply need to restore the PC from the LR:
– MOV pc, lr
– Again, pipeline has to refill before execution continues.
• The "Branch" instruction does not affect LR.
 Data processing Instructions
• Largest family of ARM instructions, all sharing the same instruction
format.
• Contains:
– Arithmetic operations
– Comparisons (no results - just set condition codes)
– Logical operations
– Data movement between registers
• Remember, this is a load / store architecture
– These instruction only work on registers, NOT memory.
• They each perform a specific operation on one or two operands.
– First operand always a register - Rn
– Second operand sent to the ALU via barrel shifter.
 Arithmetic Operations
• Operations are:
– ADD operand1 + operand2
– ADC operand1 + operand2 + carry
– SUB operand1 - operand2
– SBC operand1 - operand2 + carry -1
– RSB operand2 - operand1
– RSC operand2 - operand1 + carry - 1
• Syntax:
– <Operation>{<cond>}{S} Rd, Rn, Operand2
• Examples
– ADD r0, r1, r2
– SUBGT r3, r3, #1
 Comparisons
• The only effect of the comparisons is to
– UPDATE THE CONDITION FLAGS.
FLAGS Thus no need to set S bit.
• Operations are:
– CMP operand1 - operand2, but result not written
– CMN operand1 + operand2, but result not written
– TST operand1 AND operand2, but result not written
– TEQ operand1 EOR operand2, but result not written
• Syntax:
– <Operation>{<cond>} Rn, Operand2
• Examples:
– CMP r0, r1
– TSTEQ r2, #5
 Logical Operations
• Operations are:
– AND operand1 AND operand2
– EOR operand1 EOR operand2
– ORR operand1 OR operand2
– BIC operand1 AND NOT operand2 [ie bit clear]
• Syntax:
– <Operation>{<cond>}{S} Rd, Rn, Operand2
• Examples:
– AND r0, r1, r2
– BICEQ r2, r3, #7
– EORS r1,r3,r0
 Data Movement
• Operations are:
– MOV operand2
– MVN NOT operand2
Note that these make no use of operand1.
• Syntax:
– <Operation>{<cond>}{S} Rd, Operand2
• Examples:
– MOV r0, r1
– MOVS r2, #10
– MVNEQ r1,#0
 The Barrel Shifter
• The ARM doesn’t have actual shift instructions.

• Instead it has a barrel shifter which provides a

mechanism to carry out shifts as part of other
instructions.

• So what operations does the barrel shifter

support?
 Barrel Shifter - Left Shift
• Shifts left by the specified amount (multiplies by
powers of two) e.g.
LSL #5 = multiply by 32

Logical Shift Left (LSL)

CF Destination 0
 Barrel Shifter - Right Shifts

Logical Shift Right

• Shifts right by the specified
Logical Shift Right
amount (divides by powers
of two) e.g. ...0 Destination CF
LSR #5 = divide by 32

Arithmetic Shift Right

• Shifts right (divides by Arithmetic Shift Right
powers of two) and
preserves the sign bit, for
2's complement operations. Destination CF
e.g.
ASR #5 = divide by 32 Sign bit shifted in
 Barrel Shifter - Rotations

Rotate Right (ROR) Rotate Right

•Similar to an ASR but the bits wrap
around as they leave the LSB and
appear as the MSB. Destination CF
e.g. ROR #5
•Note the last bit rotated is also
used as the Carry Out.

Rotate Right Extended (RRX)

• This operation uses the CPSR C flag
as a 33rd bit. Rotate Right through Carry
•Rotates right by 1 bit. Encoded as
ROR #0.
Destination CF
 Using the Barrel Shifter:
The Second Operand
Operand Operand • Register, optionally with shift
1 2 operation applied.
• Shift value can be either be:
– 5 bit unsigned integer
– Specified in bottom byte of
Barrel another register.
Shifter
* Immediate value
• 8 bit number
• Can be rotated right through an
even number of positions.
ALU
• Assembler will calculate rotate
for you from constant.

Result
Second Operand :Shifted Register
• The amount by which the register is to be shifted is contained in
either:
– the immediate 5-bit field in the instruction
• NO OVERHEAD
• Shift is done for free - executes in single cycle.
• If no shift is specified then a default shift is applied: LSL #0
– i.e. barrel shifter has no effect on value in register.
Second Operand :Immediate Value (1)
• There is no single instruction which will load a 32 bit immediate constant
into a register without performing a data load from memory.
– All ARM instructions are 32 bits long
– ARM instructions do not use the instruction stream as data.
• The data processing instruction format has 12 bits available for operand2
– If used directly this would only give a range of 4096.
• Instead it is used to store 8 bit constants, giving a range of 0 - 255.
• These 8 bits can then be rotated right through an even number of
positions (ie RORs by 0, 2, 4,..30).
– This gives a much larger range of constants that can be directly
loaded, though some constants will still need to be loaded from
memory.
 Loading full 32 bit constants
• Although the MOV/MVN mechansim will load a large range of constants into a
register, sometimes this mechansim will not generate the required constant.
• Therefore, the assembler also provides a method which will load ANY 32 bit
constant:
– LDR rd,=numeric constant
 Multiplication Instructions
• The Basic ARM provides two multiplication instructions.
• Multiply
– MUL{<cond>}{S} Rd, Rm, Rs ; Rd = Rm * Rs
• Multiply Accumulate - does addition for free
– MLA{<cond>}{S} Rd, Rm, Rs,Rn ; Rd = (Rm * Rs) + Rn
• Restrictions on use:
– Rd and Rm cannot be the same register
• Can be avoid by swapping Rm and Rs around. This works because
multiplication is commutative.
– Cannot use PC.
These will be picked up by the assembler if overlooked.
• Operands can be considered signed or unsigned
– Up to user to interpret correctly.
 Load / Store Instructions
• The ARM is a Load / Store Architecture:
– Does not support memory to memory data processing operations.
– Must move data values into registers before using them.
• This might sound inefficient, but in practice isn’t:
– Load data values from memory into registers.
– Process data in registers using a number of data processing
instructions which are not slowed down by memory access.
– Store results from registers out to memory.
• The ARM has three sets of instructions which interact with main
memory. These are:
– Single register data transfer (LDR / STR).
– Block data transfer (LDM/STM).
– Single Data Swap (SWP).
 Single register data transfer
• The basic load and store instructions are:
– Load and Store Word or Byte
• LDR / STR / LDRB / STRB
• ARM Architecture Version 4 also adds support for halfwords and signed data.
– Load and Store Halfword
• LDRH / STRH
– Load Signed Byte or Halfword - load value and sign extend it to 32 bits.
• LDRSB / LDRSH
• All of these instructions can be conditionally executed by inserting the
appropriate condition code after STR / LDR.
– e.g. LDREQB
• Syntax:
– <LDR|STR>{<cond>}{<size>} Rd, <address>
 Load and Store Word or Byte: Base register
• The memory location to be accessed is held in a base register
– STR r0, [r1] ; Store contents of r0 to location pointed to
; by contents of r1.
– LDR r2, [r1] ; Load r2 with contents of memory location
; pointed to by contents of r1.

r0 Memory
Source
0x5
Register
for STR

r1 r2
Base Destination
0x200 0x200 0x5 0x5
Register Register
for LDR
 Load and Store Word or Byte:
Offsets from the Base Register
• As well as accessing the actual location contained in the base register, these
instructions can access a location offset from the base register pointer.
• This offset can be
– An unsigned 12bit immediate value (ie 0 - 4095 bytes).
– A register, optionally shifted by an immediate value
• This can be either added or subtracted from the base register:
– Prefix the offset value or register with ‘+’ (default) or ‘-’.
• This offset can be applied:
– before the transfer is made: Pre-indexed addressing
• optionally auto-incrementing the base register, by postfixing the instruction
with an ‘!’.
– after the transfer is made: Post-indexed addressing
• causing the base register to be auto-incremented.
auto-incremented
 Load and Store Word or Byte:
Pre-indexed Addressing
• Example: STR r0, [r1,#12] r0
Memory Source
0x5 Register
for STR
Offset
12 0x20c 0x5
r1
Base
0x200 0x200
Register

• To store to location 0x1f4 instead use: STR r0, [r1,#-12]

• To auto-increment base pointer to 0x20c use: STR r0, [r1, #12]!
• If r2 contains 3, access 0x20c by multiplying this by 4:
– STR r0, [r1, r2, LSL #2]
Load and Store Word or Byte:Post-indexed Addressing
• Example: STR r0, [r1], #12
Memory

r1 Offset r0
Updated Source
Base 0x20c 12 0x20c 0x5 Register
Register for STR

0x200 0x5
r1
Original
Base 0x200
Register

To auto-increment the base register to location 0x1f4 instead use:

STR r0, [r1], #-12
If r2 contains 3, auto-incremenet base register to 0x20c by multiplying
this by 4:
STR r0, [r1], r2, LSL #2
Example Usage of Addressing Modes
• Imagine an array, the first element of which is pointed to by the contents of r0.
• If we want to access a particular element,
then we can use pre-indexed addressing:
Memory
– r1 is element we want. element Offset
– LDR r2, [r0, r1, LSL #2]

• If we want to step through every 3 12

element of the array, for instance Pointer to start 2 8
of array
to produce sum of elements in the 1 4
array, then we can use post-indexed addressingr0 within a loop: 0 0

– r1 is address of current element (initially equal to r0).

– LDR r2, [r1], #4
Use a further register to store the address of final element,
so that the loop can be correctly terminated.
 Offsets for Halfword and Signed Halfword / Byte
Access
• The Load and Store Halfword and Load Signed Byte or Halfword
instructions can make use of pre- and post-indexed addressing in
much the same way as the basic load and store instructions.
• However the actual offset formats are more constrained:
– The immediate value is limited to 8 bits (rather than 12 bits)
giving an offset of 0-255 bytes.
– The register form cannot have a shift applied to it.
 Effect of endianess
• The ARM can be set up to access its data in either little or big
endian format.
• Little endian:
– Least significant byte of a word is stored in bits 0-7 of an
addressed word.
• Big endian:
– Least significant byte of a word is stored in bits 24-31 of an
addressed word.
• This has no real relevance unless data is stored as words and then
accessed in smaller sized quantities (halfwords or bytes).
– Which byte / halfword is accessed will depend on the
endianess of the system involved.
 Endianess Example
r0 = 0x11223344
31 24 23 16 15 87 0

11 22 33 44

, STRr0 [r1]

31 24 23 16 15 87 0 31 24 23 16 15 87 0

r1 = 0x100 11 22 33 44 Memory 44 33 22 11 r1 = 0x100

Little-endian LDRB r2, [r1] Big-endian

31 24 23 16 15 87 0 31 24 23 16 15 87 0

00 00 00 44 00 00 00 11

r2 = 0x44 r2 = 0x11
 Block Data Transfer (1)
• The Load and Store Multiple instructions (LDM / STM) allow betweeen 1 and 16
registers to be transferred to or from memory.
• The transferred registers can be either:
– Any subset of the current bank of registers (default).
– Any subset of the user mode bank of registers when in a priviledged mode
(postfix instruction with a ‘^’).

31 28 27 24 23 22 21 20 19 16 15 0

Cond 1 0 0 P U S W L Rn Register list

Condition field Base register Each bit corresponds to a particular register.

Up/Down bit For example:
Load/Store bit • Bit 0 set causes r0 to be transferred.
0 = Down; subtract offset from base 0 = Store to memory • Bit 0 unset causes r0 not to be transferred.
1 = Up ; add offset to base 1 = Load from memory
At least one register must be transferred as
Pre/Post indexing bit Write- back bit the list cannot be empty.
0 = Post; add offset after transfer, 0 = no write-back
1 = Pre ; add offset before transfer 1 = write address into base
PSR and force user bit
0 = don’t load PSR or force user mode
1 = load PSR or force user mode
 Block Data Transfer (2)
• Base register used to determine where memory access should occur.
– 4 different addressing modes allow increment and decrement inclusive or
exclusive of the base register location.
– Base register can be optionally updated following the transfer (by appending
it with an ‘!’.
– Lowest register number is always transferred to/from lowest memory
location accessed.
• These instructions are very efficient for
– Saving and restoring context
• For this useful to view memory as a stack.
– Moving large blocks of data around memory
• For this useful to directly represent functionality of the instructions.
 SWAP Instruction
• It swaps the contents of memory with the contents of a register.
• This intstruction is automic operation-it reads and writes a location in the
same operation, preventing any other instruction from reading or writing
to that location until it completes.
• Syntax:
• SWP{B}{<cond>} Rd,Rm,[Rn]

36
 Stacks
• A stack is an area of memory which grows as new data is “pushed” onto the
“top” of it, and shrinks as data is “popped” off the top.
• Two pointers define the current limits of the stack.
– A base pointer
• used to point to the “bottom” of the stack (the first location).
– A stack pointer
• used to point the current “top” of the stack.

PUSH
{1,2,3} POP
SP 3 Result of
2 SP 2 pop = 3
1 1
SP
BASE BASE
BASE
 Stack Operation
• Traditionally, a stack grows down in memory, with the last “pushed” value at the
lowest address. The ARM also supports ascending stacks, where the stack
structure grows up through memory.
• The value of the stack pointer can either:
– Point to the last occupied address (Full stack)
• and so needs pre-decrementing (ie before the push)
– Point to the next occupied address (Empty stack)
• and so needs post-decrementing (ie after the push)
• The stack type to be used is given by the postfix to the instruction:
– STMFD / LDMFD : Full Descending stack
– STMFA / LDMFA : Full Ascending stack.
– STMED / LDMED : Empty Descending stack
– STMEA / LDMEA : Empty Ascending stack
• Note: ARM Compiler will always use a Full descending stack.
 Stack Examples
STMFD sp!, STMED sp!, STMFA sp!, STMEA sp!,
{r0,r1,r3-r5} {r0,r1,r3-r5} {r0,r1,r3-r5} {r0,r1,r3-r5}

0x418
SP r5 SP
r4 r5
r3 r4
r1 r3
r0 r1
Old SP Old SP r5 Old SP Old SP r0 0x400
r5 r4
r4 r3
r3 r1
r1 r0
SP r0 SP
0x3e8
Difference between Empty and Full (in STMED and STMFD) of Stack
Push operations
Ref:
http://computing.unn.ac.uk/staff/cgmb3/teaching/CM506/ARM_Assembler/AssemblerSummary/
STACK.html

Empty: Full:
Store multiple empty descending Store multiple full descending
STMED instruction STMFD instruction
STMED r13!, {r0-r2, r14} ; STMFD r13!, {r0-r2, r14} ;

Address Address
r13 r14 0x50 Old r13 0x50
Old
r2 r14
SP moves
r1 SP moves r2
down
down r1
r0
r13' r0 0x40
New r13' 0x40
New
STMED r13!, {r0-r2, r14} STMFD r13!, {r0-r2, r14}

“Empty” means Stack Pointer is “Full” means Stack Pointer is

pointing to an empty location pointing to a full (non-empty) location
40
 Difference between Ascending and Descending
(in STMFA and STMFD) of Stack Push operations
Ref:
http://computing.unn.ac.uk/staff/cgmb3/teaching/CM506/ARM_Assembler/AssemblerSummary/
STACK.html
Ascending: Descending
Store multiple full ascending Store multiple full descending

STMFA r13!, {r0-r2, r14} ; STMFD r13!, {r0-r2, r14} ;

Address Address
new r13 r14 0x50 old r13 0x50
r2 r14
SP moves
r1 SP moves r2
up
down r1
r0
r0 0x40
old r13' 0x40 new r13'

STMFA r13!, {r0-r2, r14} STMFD r13!, {r0-r2, r14}

“ascending” means the address “descending” means the address

holding the registers is ascending holding the registers is descending
41
 Stacks and Subroutines
• One use of stacks is to create temporary register workspace for subroutines. Any
registers that are needed can be pushed onto the stack at the start of the
subroutine and popped off again at the end so as to restore them before return
to the caller :
STMFD sp!,{r0-r12, lr} ; stack all registers
........ ; and the return address
........
LDMFD sp!,{r0-r12, pc} ; load all the registers
; and return automatically
• If the pop instruction also had the ‘S’ bit set (using ‘^’) then the transfer of the
PC when in a priviledged mode would also cause the SPSR to be copied into the
CPSR (see exception handling module).
 Direct functionality of Block Data Transfer
• When LDM / STM are not being used to implement
stacks, it is clearer to specify exactly what functionality
of the instruction is:
– i.e. specify whether to increment / decrement the base
pointer, before or after the memory access.
• In order to do this, LDM / STM support a further syntax
in addition to the stack one:
– STMIA / LDMIA : Increment After
– STMIB / LDMIB : Increment Before
– STMDA / LDMDA : Decrement After
– STMDB / LDMDB : Decrement Before
 Example: Block Copy
– Copy a block of memory, which is an exact multiple of 12
words long from the location pointed to by r12 to the
location pointed to by r13. r14 points to the end of block to
be copied.
; r12 points to the start of the source data
; r14 points to the end of the source data
; r13 points to the start of the destination data r13
loop LDMIA r12!, {r0-r11} ; load 48 bytes
r14 IncreasingMe
STMIA r13!, {r0-r11} ; and store them
mory
CMP r12, r14 ; check for the end
BNE loop ; and loop until done

r12
 Software Interrupt (SWI)
31 28 27 24 23 0

Cond 1 1 1 1 Comment field (ignored by Processor)

Condition Field

• In effect, a SWI is a user-defined instruction.

• It causes an exception trap to the SWI hardware vector (thus causing a change
to supervisor mode, plus the associated state saving), thus causing the SWI
exception handler to be called.
• The handler can then examine the comment field of the instruction to decide
what operation has been requested.
• By making use of the SWI mechansim, an operating system can implement a
set of privileged operations which applications running in user mode can
request.
 MRS and MSR instructions.

• The CPSR and SPSR are not memory-mapped or part of the central register
file.The only instructions which operate on them are the MSR and MRS
instructions.These instructions are disabled when the

• The MSR and MRS instructions will work in all processor modes except the USER
mode.So it is only possible to change the operating mode of the process, or to
enable or disable interrupts, from a privileged mode. Once you have entered the
USER mode you cannot leave it, except through an exception, reset, FIQ, IRQ or
SWI instruction CPU is in USER mode.

46
• MRS – Move PSR into General-Purpose Register
Syntax: MRS{<cond>} <Rd >, CPSR
MRS{<cond>} <Rd >, SPSR
if(cond) Rd CPSR/SPSR Flags updated: None
Usage and Examples: Moves the value of CPSR or the current SPSR into a general-purpose
register.
Ex: MRS R0, CPSR
• MSR – Move to Status Register from GPR Register
Syntax: MSR{<cond>} CPSR_<fields>, #<immediate>
MSR{<cond>} CPSR_<fields>, <Rm>
MSR{<cond>} SPSR_<fields>, #<immediate>
MSR{<cond>} SPSR_<fields>, <Rm>
if(cond)
CPSR/SPSR  immediate/register value
Flags updated: N/A

47
 ARM Instruction set-summery
• Data Processing Instructions
• Data Transfer Instructions
• Control Flow Instructions
ARM Instruction Set Summary (1/4)
ARM Instruction Set Summary (2/4)
ARM Instruction Set Summary (3/4)
 Thumb Instruction Set
• Thumb instructions are 16 bit long.
• Thumb Instruction set addresses the issue of code
density
• Compressed form of a subset of the ARM
instruction set
• Use dynamic decompression in an ARM
instruction pipeline
• Many thumb data proc. Instr uses 2 addr format.
Thumb programmer’s Model
 MOV (Thumb)
Move constant or register to register.

MOV Rd, #imm

• Load Rd with a constant value in the range 0 - 255

• supports only low registers (R0 - R7).

• updates N, Z

• MOV R3,#13 // R3 = 13, flags affected

 MOV Rd, Rm

• Load Rd with value in Rm.

• supports low and high registers (R0 - R15).

• when both Rd and Rm are low registers (R0 - R7): updates

N, Z and clears C, V.

• when either Rd or Rm are high registers (R8 - R15): does

not change flags.

• MOV R10,R12 // R10 = R14, flags not affected

• MOV R8,R5 // R8 = R5, flags not affected

• MOV R4,R2 // R4 = R2, flags affected

 MVN (Thumb)
Load register with inverted value.
MVN Rd, Rm

• Load Rd with inverted value in Rm. 

• Rd := NOT Rm

• Supports only low registers (R0 - R7).

• Update N and Z.

• MVN R7, R1 //R7=-R1

 AND (Thumb)
Logical AND operation.
AND Rd, Rm

• Load Rd with logical AND of Rd with Rm. Rd := Rd AND Rm

• Supports only low registers (R0 - R7).

• Update N and Z.

• AND R3,R4 // R3 = R3 AND R4

 ADC (Thumb)
Add with carry.

ADC Rd, Rm
• Add Rd and Rm and C flag and store result to Rd.
• Only registers R0 - R7 allowed.
• N, Z, C, V
• ADD R2,R4 // R2 = R2 + R4, set flags
• ADC R3,R5 // R3 = R3 + R5 + carry from
previous ADD
 ADD (Thumb)
Add values and store result to register.

• ADD Rd, Rm
Add Rd and Rm and store result to Rd.
supports low and high registers (R0 - R15).

All other forms support only low registers (R0 - R7).

N, Z, C, and V are updated only if both Rd and Rm

are low registers (R0 - R7).
• ADD SP, #value
Add SP and value and store result to SP.

• ADD Rd, SP, #value 

Add SP and value and store result to Rd

• ADD Rd, PC, #value 

Add PC and value and store result to Rd.
• ADD Rd, Rm, #value
Add Rm and value and store result to Rd.

• ADD R12,R4 // R12 = R12 + R14, flags unaffected

• ADD R10,R11 // R10 = R10 + R11, flags
unaffected
• ADD R0,R5 // R0 = R0 + R5, flags affected
• ADD R2,R3,R4 // R2 = R3 + R4, flags affected
SUB (THUMB)
SUBTRACT REGISTERS.

SUB Rd, Rn, Rm

subtract  the contents of Rn and Rm, and place the result in a Rd.

SUB Rd, Rn, #expr3

subtract a small integer to the value in Rn, and place the result in Rd.

SUB Rd, #expr8

subtract a larger integer to the value in Rd, and return the result to Rd.

64
SUB SP, #expr
subtracts the value of expr to the value from Rp, and places the result in
Rd.

SUB SP, #expr supports high and low registers (R0 - R15)

All other forms support only low registers (R0 - R7). 

N, Z, C and V flags are updated. SUB SP, #expr does not affect the flags.

65
SUB R6, R2,#6 //R6:=R2-6 and set condition codes

SUB SP,#96 SUB SP,#abc+8 //abc + 8 must evaluate at assembly

time to a multiple of 4 in the range –508 to +508

66
SBC (THUMB)
SUBTRACT WITH CARRY.

SBC Rd, Rm

subtracts the value in Rm from the value in Rd, taking account of the carry flag,
and places the result in Rd. Use this to synthesize multiword subtraction.

Supports low registers (R0 - R7) for Rd and Rm.

N, Z, C and V flags are updated.

SBC R2, R7 //R2=R2-R7

67
MUL (THUMB)
MULTIPLY.

MUL Rd, Rm
Multiplies the values in Rd and Rm and store result in Rd.

Supports only low registers (R0 - R7).

Update N and Z.

MUL R0,R7 // R0 = R7 * R0, set condition flags

68
 BIC (Thumb)
Bit Clear.

BIC  Rd, Rm
• The bits set in Rm are cleared Rd. Rd := Rd AND
NOT Rm.
• Supports only low registers (R0 - R7).
• Update N and Z.
• MOV R1,#05H // load R1 with 0101B (bit 0
and bit 2 set)
• BIC R2,R1 // clear bit 0 and bit 2 in R2
 BL (Thumb)
Branch with Link. Use to call subroutines.

• BL label
• Copy address of next instruction to R14 and jump
to label. The jump distance must be within
±4MByte of the current instruction. Note that this
mnemonic is generated as two 16-bit Thumb
instructions.
• Flags not modified.
• BL function // call function
B (THUMB)
BRANCH TO LABEL. USED TO JUMP TO A SPECIFIC PROGRAM
LOCATION.

B{cond} label
The jump distance must be within -252 to +258 bytes for
conditional and ±2 KBytes for unconditional branch.
Flags not modified.
CMP R1,#10 // compare R10 with #10
BEQ val_ok // jump to label val_ok 
val_ok:  
val_err: B val_err // jump to itself (loop forever)
71
CMP (THUMB)
COMPARE. USED IN COMBINATION WITH CONDITIONAL BRANCH
INSTRUCTIONS.

CMP Rn, #imm8 supports only low registers (R0 - R7)

CMP Rn, Rm supports low and high registers (R0 - R15)

Subtracts values in Rm from Rn and sets the conditional flags. The

result is discarded.

Update N, Z, C and V.
72
CMP R2,#255 // compare R2 with 255
BNE lab1 // jump to lab1 when R2 is not 255 
lab1: CMP R7,R12 // compare R7 with R12
BHS lab2 // jump to lab2 when value in R12 is higher or same than in R7

73
EOR (THUMB)
LOGICAL EXCLUSIVE OR OPERATION.

EOR Rd, Rm
Load Rd with logical Exclusive OR of Rd with Rm.
Rd := Rd EOR Rm

Supports only low registers (R0 - R7).

Update N and Z.

EOR R3,R4 // R3 = R3 EOR R4

74
ORR (THUMB)
LOGICAL OR OPERATION.

ORR Rd, Rm
Load Rd with logical OR of Rd with Rm. Rd := Rd OR Rm

Supports only low registers (R0 - R7).

Update N and Z.

ORR R3,R4 // R3 = R3 OR R4

75
TST (THUMB)
BITWISE AND OPERATION, RESULT DISCARDED.  USED FOR
CONDITIONAL OPERATIONS AFTERWARDS.

TST Rn, Rm
Set condition flags in CSPR on logical AND value between Rm and
Rn. The result is discarded.  

Supports only low registers (R0 - R7).

Update N and Z.

TST R2,R4 //CSPR=R2 and R4

76
NEG (THUMB)
LOAD REGISTER WITH NEGATED VALUE

NEG Rd, Rm
Load Rd with negated value in Rm.

Supports only low registers (R0 - R7).

Update N, Z, C, and V.

NEG R2,R2 // R2 = -R2

NEG R3,R5 // R3 = -R5

77
LDMIA (THUMB)
LOAD MULTIPLE REGISTERS FROM MEMORY.

LDMIA Rn!, {reglist}

Registers from the reglist are loaded in numerical order, with the lowest
number register first. Rn is incremented by 4 for each register in reglist. If Rn is
in reglist, the final value of Rn is the value loaded, not the incremented address

Supports only low registers (R0 - R7).

Flags not modified.

LDMIA R3!, {R0-R2,R4} // load R0, R1, R2 and R4 from address in R3. R3 is
incremented by 16.

LDMIA R5!, {R0-R7} // load R0 - R7 from address in R5

78
LDR (THUMB)
LOAD REGISTER RD WITH A 32-BIT WORD FROM
MEMORY. THE ADDRESS MUST BE DIVISIBLE BY 4.

LDR Rd, [Rn, #offset] (pre-index offset) 

Rn and offset are added and used as address value.

LDR Rd, [PC, #offset] (pre-index with PC relative offset)

PC and offset are added and used as address value

LDR Rd, [SP, #offset] (pre-index with SP relative offset)

SP and offset are added and used as address value.
79
LDR Rd, [Rn, Rm] (pre-index offset)
Rn and Rm are added and used as address value.

LDR Rd, label (pre-index with PC relative offset)

The assembler calculates the PC offset and generates LDR Rd, [PC,
#offset]

LDR Rd, =value (load from memory pool)

Depending on the value, the assembler generates MOV Rd,#value
or LDR Rd, [PC, #offset] with memory pool entry

Supports only low registers (R0 - R7).

80
Update N, Z when LDR Rd, =value generated as
MOV Rd,#value, otherwise not modified.

LDR R3,[R5,#0] //R5+0 and used as address value

81
LDRB (THUMB)
LOAD REGISTER BYTE VALUE FROM MEMORY .
LDRB Rd, [Rn, #offset] (immediate offset)
loads a byte from memory.

LDRB Rd, [Rn,Rm] (register offset)

Loads a byte from memory to Rd.

Register offset halfword and byte loads can be signed or unsigned.

The data is loaded into the least significant word or byte of Rd,
and the rest of Rd is filled with zeroes for an unsigned load, or
with copies of the sign bit for a signed load.

82
Supports only low registers (R0 - R7).

Flags not modified.

LDRB R2,[R0,R7] //load into R2 the byte found to the address formed by adding R7 to R0

83
LDRH (THUMB)
LOAD REGISTER RD WITH A 16-BIT HALF-WORD FROM MEMORY. THE
ADDRESS MUST BE DIVISIBLE BY 2.

LDRH Rd, [Rn, #offset] (immediate offset)

Rn and offset are added and used as address value.

LDRH Rd, [Rn,Rm] (register offset)

Rn and Rm are added and used as address value.

Supports only low registers (R0 - R7).

84
Flags not modified.

LDRH R4,[R7,#4] //Load into R4 the halfword found at the address

formed by adding 4 to R7. Note that the THUMB opcode will contain 2 as the
offset5 value

85
LDRSB (THUMB)
LOAD A BYTE FROM MEMORY. THE BYTE VALUE IS SIGNED EXTENDED
AND COPIED TO RD .

LDRSB Rd, [Rn, Rm]

Rn and Rm are added and used as address value.

Supports only low registers (R0 - R7).

Flags not modified.

LDRSB R2,[R3,R4] // R2 is loaded with byte at memory address R3+R4,

value is sign extended
86
LDRSH (THUMB)
LOAD A 16-BIT HALFWORD FROM MEMORY. THE 16-BIT
HALFWORD VALUE IS SIGNED EXTENDED AND COPIED TO RD.

LDRSH Rd, [Rn,Rm]

Rn and Rm are added and used as address value.

Supports only low registers (R0 - R7).

Flags not modified.

LDRSH R2,[R3,R4] // R2 is loaded with 16-bit halfword at memory

address R3+R4, value is sign extended 87
STMIA (THUMB)
STORE MULTIPLE REGISTERS TO MEMORY.

STMIA Rn!, {reglist}

Registers from the reglist are stored in numerical order, with the lowest number
register first. Rn is incremented by 4 for each register in reglist. If Rn in reglist, it
must be the first register of the reglist to store the initial value of Rn, otherwise the
value stored is unpredictable.

Supports only low registers (R0 - R7).

Flags not modified.

STMIA R0!,{R6,R7} // store R6, R7 to address in R0, increment R0 by 8

STMIA R3!,{R3,R5,R7} // store R3, R5 and R7 to address in R3, increment R3 by 12 88
STR (THUMB)
STORE 32-BIT WORD IN REGISTER RD TO MEMORY. THE
MEMORY ADDRESS MUST BE DIVISIBLE BY 4.

STR Rd, [Rn, #offset] (immediate offset)

Rn and offset are added and used as address value.

STR Rd, [Rn,Rm] (register offset)

Stores a word from memory to Rd. The address must be divisible by 4 for word
transfers, and by 2 for halfword transfers. 

STR Rd, [PC, #offset] (PC relative)

Stores a word from memory. The address must be multiple of 4.

STR Rd, [SP, #offset] (SP relative)

Stores a word from memory. The address must be multiple of 4. 
89
Flags not modified.

STR R3,[R2,R6] // store word in R3 to memory address R2 +

R6

STR R1,[SP,#20] // store word in R1 to memory address SP +

20

90
STRB (THUMB)
STORE LOW BYTE IN REGISTER RD TO MEMORY.

STRB Rd, [Rn, #offset] (immediate offset)

Rn and offset are added and used as address value.

STRB Rd, [Rn,Rm] (register offset)

Rn and Rm are added and used as address value.

Supports only low registers (R0 - R7).

Flags not modified.

91
STRB R1,[R0,#13] // store low byte in R1 to memory address
R0 + 13

STRB R3,[R7,R0] // store low byte in R1 to memory address

R7 + R0

92
STRH (THUMB)
STORE 16-BIT HALFWORD IN REGISTER RD TO MEMORY. THE MEMORY
ADDRESS MUST BE DIVISIBLE BY 2.

STRH Rd, [Rn, #offset] (immediate offset)

Rn and offset are added and used as address value.

STRH Rd, [Rn, Rm] (register offset)

Rn and Rm are added and used as address value.

Supports only low registers (R0 - R7).

Flags not modified.

93
STRH R7,[R3,#16] // store 16-bit halfword in R7 to memory
location R3+16

STRH R5,[R2,R3] // store 16-bit halfword in R5 to memory

location R2+R3

94
 SWI(softwave interrupt)

•Changes to supervisor mode

•Used to invoke different operating system functions
•The address of the next instruction is saved in r_14_svc
•The CPSR is saved in SPSR-SVC
•The processor disables IRQ, clears the thumb bit and enters
supervisor mode by modifying the relevant bits in the CPSR
•The PC is forced to address 0X08

Format SWI <8 bit imm>

The # imm8 can be in the range of 0-255 & may be used to invoke
diffrerent operating system functions.

Ex: SWI 0X11 ; executes software interrupt 0x11

95
 Thumb break point
Used for software debugging purposes
Syntax: BKPT ; This instruction causes the processor
to take a prefetch abort when the debug
hardware unit is configured appropriately.

96
97
Thumb Implementation

98
The Thumb instruction decompressor organization.
EX: ADD Rd, #imm8 to ADDS Rd,Rd, #imm8
 Thumb applications
• The Thumb code requires 70% of the space of the ARM
code.
• The Thumb code uses 40% more instructions than the
ARM code.
• With 32-bit memory, the ARM code is 40% faster than the
Thumb code.
• With 16-bit memory, the Thumb code is 45% faster than
the ARM code.
• Thumb code uses 30% less external memory power than
ARM code.
So where performance is all-important, a system
should use 32-bit memory and run ARM code.
Where cost and power consumption are more
important, a 16-bit memory system and Thumb
code may be a better choice.