# ARM 条件码 分支指令 比较指令 程序状态寄存器（CPSR）

ARM中的程序状态寄存器（CPSR）

31 30 29 28 27 26       7  6  5  4  3  2  1  0
N  Z  C  V  Q  DNM(RAZ) I  F  T  M4 M3 M2 M1 M0
|  |  |  |____ Overflow : (Signed) Overflow/Underflow : The V flag works the same as the C flag, but for signed operations.
|  |  |        the result of which will not fit into a 32bit destination register.
|  |  |_______ Carry : (Unsigned) Overflow/Underflow :
|  |           The C flag is set if the result of an Unsigned operation overflows the 32-bit result register.
|  |           the result of which will not fit into a 32bit destination register.
|  |           Basically the Carry flag is just the carry-out of the 32-bit adder (ie. bit 32).
|  |__________ Zero : The Z flag is set if the result of the flag-setting instruction is zero.
|_____________ Negative : The N flag is set by an instruction if the result is negative.
In practice, N is set to the two's complement sign bit of the result (bit 31).

For example, 0x7fffffff is the largest positive two's complement integer that can be represented in 32 bits,
so 0x7fffffff + 0x7fffffff = 0xFFFFFFFE triggers a signed overflow, V=1
but not an Unsigned overflow (or carry) C=0 :

the result, 0xfffffffe, is correct if interpreted as an Unsigned quantity,
but represents a negative value (-2) if interpreted as a signed quantity.

Consider the following example:

ldr r1, =0xffffffff
ldr r2, =0x00000001

The result of the operation would be 0x1-00000000,
but the top bit is lost because it does not fit into the 32-bit destination register and
so the real result is 0x00000000.

In this case, the flags will be set as follows:
N = 0 : bit31 of result
Z = 1 : result is 0
C = 1 : bit32 of result : 4294967295 + 1 = 4294967296 : We lost some data because the result did not fit into 32 bits
V = 0 : (-1) + 1 = 0 : That operation clearly does not overflow

NV                          NeVer, so very useful. You should not use this code anyway
AL                          ALways, the default condition so does not need to be specified

EQ      Z==1                Equal                               : Z set
NE      Z==0                Not equal                           : Z clear

MI      N==1                Minus/negative                      : N set
PL      N==0                Plus/positive or zero               : N clear

CS 　   C==1 　　　　　　　    Unsigned overflow                   : C set
CC 　   C==0  　　　　　　     Unsigned No overflow　　            : C clear

VS      V==1                Signed overflow                     : V set
VC      V==0                Signed No overflow                  : V clear

LO 　   C==0  　　　　　　     Unsigned lower 　　　　              : C clear
LS     C==1 || Z==0 　　　   Unsigned lower or same 　　　　　　   : C clear or Z set
HS 　   C==1 　　　　　　　    Unsigned higher or same 　          : C set
HI　　　C==1 && Z==0 　　　   Unsigned higher 　　　　　　　　　　   : C set and Z clear

LT      N != V              Signed less than                    : N != V
LE      Z == 1 || N != V    Signed less than or equal           : Z == 1 || N != V
GE      N == V              Signed greater than or equal        : N == V
GT      Z == 0 && N == V    Signed greater than                 : Z == 0 && N == V

Here follows a list of available conditional codes:

AL - ALways, the default condition so doesn't need to be specified
NV - NeVer, so very useful. You should not use this code anyway...

VS - Overflow Set If the V flag is set after an arithmetical operation,
the result of which will not fit into a 32bit destination register.
VC - Overflow Clear If the V flag is clear, the reverse of VS.
PL - Plus If the N flag is clear after an arithmetical operation.
For the purposes of defining 'plus', zero is positive because it isn't negative...
MI - Minus  If the N flag is set after an arithmetical operation.

EQ - Equal  If the Z flag is set after a comparison.
NE - Not Equal  If the Z flag is clear after a comparison.
HI - Higher Than (Unsigned) If after a comparison the C flag is set AND the Z flag is clear.
LS - Lower Than or Same (Unsigned)  If after a comparison the C flag is clear OR the Z flag is set.

CS - Carry Set  Set if the C flag is set after an arithmetical operation OR a shift operation,
the result of which cannot be represented in 32bits.
You can think of the C flag as the 33rd bit of the result.
CC - Carry Clear  The reverse of CS.

GE - Greater Than or Equal (signed) If after a comparison...
the N flag is set AND the V flag is set or...
the N flag is clear AND the V flag is clear.

GT - Greater Than (signed)  If after a comparison...
the N flag is set AND the V flag is set or...
the N flag is clear AND the V flag is clear and... the Z flag is clear.

LE - Less Than or Equal To (signed) If after a comparison...
the N flag is set AND the V flag is clear or...
the N flag is clear AND the V flag is set and... the Z flag is set.

LT - Less Than (signed) If after a comparison...
the N flag is set AND the V flag is clear or...
the N flag is clear AND the V flag is set.

AL - Always The default condition, so does not need to be explicity stated.
NV - Never Not particularly useful, it states that the instruction should never be executed. A kind of Poor Mans' NOP.
NV was included for completeness (as the reverse of AL), but you should not use it in your own code.

BEQ   Branch if EQual
BNE   Branch if Not Equal
BVS   Branch if oVerflow Set
BVC   Branch if oVerflow Clear
BHI   Branch if HIgher
BLS   Branch if Lower or the Same
BPL   Branch if PLus
BMI   Branch if MInus
BCS   Branch if Carry Set  BHS   Branch if Higher or Same
BCC   Branch if Carry Clear  BLO   Branch if LOwer
BGE   Branch if Greater than or Equal
BGT   Branch if Greater Than
BLE   Branch if Less than or Equal
BLT   Branch if Less Than

Somewhere in the specifications of ARM CPUs it states that CMP is like a SUB instruction without register overwrite

mov  r0,0
mov  r1,1
cmp  r0,r1

As "cmp r0,r1" is equivalent to "sub r0,r0,r1" (without writing r0) and equivalent to "r0 - r1"
then the Carry flag (C) should be set in this example, but IT IS NOT, at least for the CMP instruction.

This means that the CS (Carry Set) and CC (Carry Clear) condition codes must be interpreted inverted:
CC : "r0 Unsigned lower than r1",           (normally r0 > r1)
CS : "r0 Unsigned higher or same than r1",  (normally r0 <= r1)

This leads to weird condition codes for comparing and branching, for people that have been programming i86 and 68000.
Is this a specification fault of ARM?

Yes, it's different from some architectures
It's not wrong, it's just different. ARM uses C as a NOT-borrow flag for subtraction operations.

Borrow is the inverted Carry:
r0 <  r1: r0 + complement2(r1)  -> Carry Clear
r0 >= r1: r0 + complement2(r1)  -> Carry Set

Because, when using ADD with the 2complement of the substractor,
and substractor is higher, the Carry is not set (Borrow).
But if the substractor is lower, and adding its 2complement, the carry is set (Borrow).

You mean that when using SUB it negates the Carry,very advanced. :)
Maybe it uses a complement2() and Add() the ARM processor, when instructing a SUB.

Basically the Carry flag is just the carry-out of the 32-bit adder (ie. bit 32).
There is no borrow flag or anything similar.

The ARM-ARM explicitly states that subtract is done
by inverting the input and forcing the carry input flag to 1.

You're right that the meaning of that carry flag depends on the operation you've done,
after an add it gives you Unsigned overflow, after subtract it tells you which operand is larger.
If you use CC/CS for add, and LO/HI/LS/HS for sub
then you can avoid having to think about the details...

All ALUs use ones-complement and set the carry-in to implement subtract.
This is almost the same as your complement2()
except when both operands are zero (0 + 0 gives carry clear, 0 - 0 gives carry set).

N、Z、C、V均为条件码标志位。它们的内容可被算术或逻辑运算的结果所改变, 并且可以决定某条指令是否被执行。条件码标志各位的具体含义如下表所示:
N——本位设置成当前指令运算结果的bit[31]的值。当两个表示的有符号整数运算时, n=1表示运算结果为负数, n=0表示结果为正书或零。
Z——Z=1表示运算的结果为零；Z=0表示运算的结果不为零。对于CMP指令, Z=1表示进行比较的两个数大小相等。
V——对于加减运算指令, 当操作数和运算结果为二进制的补码表示的带符号数时, V=1表示符号为溢出；通常其他指令不影响V位。
C——下面分四种情况讨论C的设置方法:
在加法指令中（包括比较指令CMN）, 当结果产生了进位,则C=1,表示无符号运算发生上溢出；其他情况C=0。
在减法指令中（包括比较指令CMP）, 当运算中发生借位, 则C=0, 表示无符号运算数发生下溢出；其他情况下C=1。
对于包含移位操作的非加减运算指令, C中包含最后一次溢出的的位的数值,
对于其他非加减运算指令, C位的值通常不受影响

条件码 助记符后缀   标 志                 含 义
1111  NV            忽略
1110  AL            忽略                  无条件执行

0000  EQ            Z置位                 相等
0001  NE            Z清零                 不相等

0100  MI            N置位                 负数
0101  PL            N清零                 正数或零

0110  VS            V置位                 溢出
0111  VC            V清零                 未溢出

1001  LS            C清零Z置位            无符号数小于或等于
1000  HI            C置位Z清零            无符号数大于
0010  CS            C置位                 无符号数大于或等于
0010  HS            C置位                 无符号数大于或等于
0011  CC            C清零                 无符号数小于
0011  LO            C清零                 无符号数小于

1010  GE            N等于V                带符号数大于或等于
1011  LT            N不等于V              带符号数小于
1100  GT            Z清零且（N等于V）     带符号数大于
1101  LE            Z置位或（N不等于V）   带符号数小于或等于

CMN   取负比较    标记根据 Rn + Rs 的值设置
CMP   比较        标记根据 Rn - Rs 的值设置
TEQ   等值测试    标记根据 Rn ^ Rs 的值设置
TST   位测试      标记根据 Rn & Rs 的值设置

cmp     Works like subs, but does not store the result.
cmn     Works like adds, but does not store the result.
tst     Works like ands, but does not store the result.
teq     Works like eors, but does not store the result.

CMP/CMN 比较指令本质上就是一个不返回运算结果的减法指令;
TST     指令就是一个没有保存结果的逻辑与操作;
TEQ     则是一个逻辑异或操作.对于每个操作,不需要保存结果,只根据结果影响cpsr.

//------------------------------------------------------------------------------------------------------------------------------
// 关于C、V值更多的解释
//------------------------------------------------------------------------------------------------------------------------------

处理器对两个操作数进行运算时,
按照无符号数求得结果, 并相应设置进位标志C；
同时, 根据是否超出有符号数的范围设置溢出标志V。
如果将参加运算的操作数认为是无符号数, 就应该关心进位；
如果将参加运算的操作数认为是有符号数, 则要注意是否溢出。

溢出标志V和进位标志C是两个意义不同的标志。

进位标志C表示无符号数运算结果是否超出范围 -- 运算结果仍然正确(部分)
溢出标志V表示有符号数运算结果是否超出范围 -- 运算结果已经不正确

处理器内部以补码表示有符号数,
8个二制位能够表达的整数范围是: +127 ~ -128,
16位表达的范围是: +32767 ~ -128。
如果运算结果超出了这个范围, 就是产生了溢出,
有溢出, 说明有符号数的运算结果需要考虑溢出情况。

判断运算结果是否溢出有一个简单的规则:
1 两个正数相加得到负数,就是溢出了. (或一个正数减一个负数)
2 两个负数相加得到正数,就是溢出了.
3 一个正数和一个负数相加不可能溢出
当两个相同符号数相加，而运算结果的符号与原数据符号相反时，产生溢出

3A + 7C＝B6
无符号数运算：58＋124＝182 范围内，无进位
有符号数运算：58＋124＝182 范围外，有溢出

AA + 7C＝ 1 26
无符号数运算：170＋124＝294 范围外，有进位
有符号数运算：－86＋124＝38 范围内，无溢出

处理器对两个操作数进行运算时按照无符号数求得结果，
并相应设置进位标志CF - 根据是否超出有符号数的范围设置溢出标志OF。

x86处理器的EFLAGS的CF位和ARM的CSPR的C位，

如果有进位，那么x86处理器的EFLAGS的CF位，否则没有产生进位则CF被置0
如果有进位，那么ARM的CSPR的C位都置1，否则没有产生进位则C被置0

X86的做法是，如果产生借位，那么CF位置1，否则没有产生借位则CF被置0

ARM的做法是，如果减法产生借位（无符号数下溢）则C被置0, 否则没有产生借位（没有溢出）则C被置1
比如：1 - 2 被视为：1 + (-2) = 0x0000 0001 + 0xFFFF FFFE = 0xFFFF FFFF : 虽然产生了借位，但进位 CF 为0。因为没有跨过32位最大无符号数的界限。
又如：2 - 1 被视为：2 + (-1) = 0x0000 0002 + 0xFFFF FFFF = 0x0000 0001 : 虽然没有产生借位，但进位 CF 为1。因为跨过了32位最大无符号数的界限。
CF = Bit32

SUB     减法。
SBC     带进位减法。

RSB     反向减法。
RSC     带进位反向减法（仅 ARM）。

SUB{S} {Rd,} Rn, <Rm|#imm>
SBCS   {Rd,} Rn, Rm
RSBS   {Rd,} Rn, Rm, #0

Operation

The ADD instruction adds the value in Rn to the value in Rm
or an immediate value specified by imm
and places the result in the register specified by Rd.

The ADDS instruction performs the same operation as ADD and also updates the N, Z, C and V flags.

The ADCS instruction adds the value in Rn to the value in Rm,
adding a further one if the carry flag is set,
places the result in the register specified by Rd and updates the N, Z, C, and V flags.

The SUB instruction subtracts the value in Rm or the immediate specified by imm.
It places the result in the register specified by Rd.

The SUBS instruction performs the same operation as SUB and also updates the N, Z, C and V flags.

The SBCS instruction subtracts the value of Rm from the value in Rn,
deducts a further one if the carry flag is set.
It places the result in the register specified by Rd and updates the N, Z, C and V flags.

The RSBS instruction subtracts the value in Rn from zero, producing the arithmetic negative of the value,
and places the result in the register specified by Rd and updates the N, Z, C and V flags.

Use ADC and SBC to synthesize multiword arithmetic, see Examples.

ADCS    R1, R1, R3    ; add the most significant words with carry

Example 3.1 shows two instructions that add a 64-bit integer contained in R0 and R1
to another 64-bit integer contained in R2 and R3,
and place the result in R0 and R1.

Example 3.2. 96-bit subtraction
SUBS    R4, R4, R1    ; subtract the least significant words
SBCS    R5, R5, R2    ; subtract the middle words with carry
SBCS    R6, R6, R3    ; subtract the most significant words with carry

Multiword values do not have to use consecutive registers.
Example 3.2 shows instructions that subtract a 96-bit integer contained in R1, R2, and R3
from another contained in R4, R5, and R6.
The example stores the result in R4, R5, and R6.

Example 3.3.  Arithmetic negation
RSBS    R7, R7, #0    ; subtract R7 from zero
Example 3.3 shows the RSBS instruction used
to perform a 1's complement of a single register.

CMP and CMN
Compare and Compare Negative.
Syntax
CMN Rn, Rm
CMP Rn, #imm
CMP Rn, Rm
where:
Rn    is the register holding the first operand.
Rm    is the register to compare with.
imm    is the immediate value to compare with.

Operation

These instructions compare the value in a register with either the value in another register or an immediate value.
They update the condition flags on the result, but do not write the result to a register.

The CMP instruction subtracts either the value in the register specified by Rm,
or the immediate imm from the value in Rn and updates the flags.
This is the same as a SUBS instruction, except that the result is discarded.

The CMN instruction adds the value of Rm to the value in Rn and updates the flags.
This is the same as an ADDS instruction, except that the result is discarded.

//------------------------------------------------------------------------------------------------------------------------------
// (经典解释)：原码、反码和补码
//------------------------------------------------------------------------------------------------------------------------------

8 位二进制数的模可以按照十进制写成 2^8，1-0000-0000           按照十进制，它就是 256
16 位数二进制数的模可以按照十进制 2^16，1-0000-0000-0000-0000 按照十进制，它就是 65536

相当于是将其原码绝对值各位求反之后在末位再加1
: 127 --> 111-1111
: NOT --> 000-0000
: +1      000-0001
:         000-0001
:符号位 1 000-0001

-- 正数的补码都是和原码相同。
-- 负数的补码是负数即用模减去绝对值
-128 -127 .. -1 0 1 .. 127

模减去绝对值 : 符号位为1，其余各位取反，然后再整个数加1。
1 0000-0000
- 1000-0001
-----------
0111-1111

8个二制位能够表达的整数范围是: +127 ~ -128,
16位表达的范围是: +32767 ~ -128。

0-1111111 <---    1-0000000 1-0000001 ....  1-1111111   0-0000000 0-0000001 ... 0-1111111  ---> 1-0000000

正数 <--- 负数    负数     符号位=1        负数           正数       符号位=0       正数        ---> 负数
数值取反 + 1                          数值不变
posted @ 2012-09-13 10:16 ImProgrammer 阅读(...) 评论(...) 编辑 收藏