

## Hw2

## Homework Assignment 2

Due: Fri, 28 Jan 2022 17:30:00 approximately 2 days from the time this page was loaded)

[150 points possible] [150 penalties possible] [0 penalties graded so far]

Weight = 1.00

For the following questions, assume that each code segment is independent of the others. Each one can be tried with the simulator or System Workbench by adding a global main label to the beginning of the code segment and single stepping through the code.

## Academic Honesty Statement [0 ... -150 points]

By typing my name, below, I hereby certify that the work on this homework is my own and that I have not copied the work of any other student (past or present) while completing it. I understand that if I fail to honor this agreement, I will receive a score of zero for the assignment, a one letter drop in my final course grade, and be subject to possible disciplinary action.

Tzu Yu Chen  
Save

## (1) Instruction encodings [60 points]

For each ARM Cortex-M0 instruction below, write its instruction encoding. For instance, the encoding for the `MOVW R6, R0` instruction would be `0x0006`. For each instruction, also write a C statement to represent the operation it performs in the box below the encoding. Each one can be tried with the simulator or System Workbench by adding a global main label to the beginning of the code segment and single stepping through the code.

```
signed int r0;
signed int r1;
signed int r2;
signed int r3;
signed int r4;
signed int r5[1000]; // each element is 4 bytes in size
signed short ir6[1000]; // each element is 2 bytes in size
signed char cr7[1000]; // each element is 1 byte in size
```

The array size declaration is important. It means, for instance, that the address for `r5[7]` is four bytes higher than `r5[6]`. Take this into account with the LDRx and STRx instructions. Also note that the `signed` load instructions do the natural thing and preserve the sign of the loaded 8- or 16-bit value as it is promoted to a 32-bit value in a register. An `unsigned` load will set the extended bits to zero.

If you want to disassemble these instructions in System Workbench or on the simulator, feel free to do so, but **you should be prepared to come up with the encoding all on your own simply by looking at the ARMv6-M Architecture Reference Manual**. That's what you'll have to do on the midterm lab practical exam.

When recording your answers, use a 4-digit hexadecimal number (with no 0x prefix) for the encoding. Don't get too creative with the C statement. This work will be graded by computer.

A few hints:

When thinking about the difference between LDRB and LDRBS, remember that LDRB will turn a signed 8-bit integer into a signed 32-bit integer—just like C will if you say `r0 = r7[n]`. LDRB will AND the value assigned to the register with 0xFF to zero off the upper 24 bits. Something similar happens with LDRH for the upper 16 bits. See that example? Pay attention to that.

In the LDRSH example below, remember that C accessess the nth entry in an array with `arr[n]`. Square brackets in ARM Cortex-M0 assembly language represent a byte offset. That's why the LDRSH example below divides `r3` by 2 for the C description. Ask a TA for some examples about this if you need some help with this concept.

| Question | Instruction                       | Encoding | C statement                                  |
|----------|-----------------------------------|----------|----------------------------------------------|
| example  | <code>MOVW R3, #17</code>         | 2311     | <code>r3 = 17</code>                         |
| example  | <code>MOVW R0, {R6, R3}</code>    | 5e10     | <code>r0 = r6[12/2] &amp; 0x0000ffff</code>  |
| example  | <code>LDRH R1, [{R6, R12}]</code> | 8961     | <code>r1 = r6[12/2] &amp; 0x0000ffff</code>  |
| 1.01     | <code>NEGS R3, R1</code>          | 42448    | <code>r3 = -r1</code>                        |
| 1.02     | <code>MULS R1, R3</code>          | 4357     | <code>r1 = r1 * r3</code>                    |
| 1.03     | <code>NEGS R3, R2</code>          | 4285     | <code>r3 = -r2</code>                        |
| 1.04     | <code>BICS R2, R4</code>          | 4382     | <code>r2 = r2 &amp; r4</code>                |
| 1.05     | <code>EORS R2, R3</code>          | 405A     | <code>r2 = r2 ^ r3</code>                    |
| 1.06     | <code>MVNS R2, R4</code>          | 4382     | <code>r2 = -r4</code>                        |
| 1.07     | <code>ADDS R4, R0, #5</code>      | 1D44     | <code>r4 = r4 + 5</code>                     |
| 1.08     | <code>UXTB R2, R3</code>          | B29A     | <code>r2 = r3 &lt; 0 &gt; 0x0000ffff</code>  |
| 1.09     | <code>ADD R1, #8</code>           | 110K     | <code>r1 = r1 + 8</code>                     |
| 1.10     | <code>ANDS R3, R1, #4</code>      | 4008     | <code>r3 = r1 &amp; 4</code>                 |
| 1.11     | <code>ASRS R3, R2, #4</code>      | 1113     | <code>r3 = r2 &gt;&gt; 4</code>              |
| 1.12     | <code>MOVW R2, #25</code>         | 2217     | <code>r2 = 25</code>                         |
| 1.13     | <code>LDRB R2, R1, #3</code>      | 00CA     | <code>r2 = r1[3]</code>                      |
| 1.14     | <code>SUBS R4, #17</code>         | 1C11     | <code>r4 = r4 - 17</code>                    |
| 1.15     | <code>MOVW R4, R3</code>          | 001C     | <code>r4 = r3</code>                         |
| 1.16     | <code>LDR R1, [R5]</code>         | 0824     | <code>r1 = r5[0]</code>                      |
| 1.17     | <code>LDR R1, [R5, #12]</code>    | 0824     | <code>r1 = r5[12]</code>                     |
| 1.18     | <code>LDR R1, [R5, #16]</code>    | 0824     | <code>r1 = VS[4]</code>                      |
| 1.19     | <code>STR R1, [R5, #16]</code>    | 1D29     | <code>r5[4] = r1</code>                      |
| 1.20     | <code>STMWB R1, [R5, #16]</code>  | 2221     | <code>r5[4] = r1</code>                      |
| 1.21     | <code>STR R1, [R6, #16]</code>    | 0824     | <code>r6[4] = r1</code>                      |
| 1.22     | <code>STRH R1, [R6, #20]</code>   | 5231     | <code>r6[0]&lt;4&gt;=r1</code>               |
| 1.23     | <code>LDRB R1, [R7, #20]</code>   | 51A8     | <code>r1 = VS[r7[4]]</code>                  |
| 1.24     | <code>LDRB R1, [R7, #20]</code>   | 5134     | <code>r1 = VS[r7[4]] &amp; 0x0000ffff</code> |
| 1.25     | <code>STRH R3, [R6, #20]</code>   | 8238     | <code>r6[4] = r3</code>                      |
| 1.26     | <code>LDR R2, [R6, #20]</code>    | 5A92     | <code>r2 = r6[4] &amp; 0x0000ffff</code>     |
| 1.27     | <code>LDRB R2, [R7, #5]</code>    | 397A     | <code>r2 = VS[5] &amp; 0x0000ffff</code>     |
| 1.28     | <code>STR R3, [R5, R1]</code>     | 5D68     | <code>r5[VS[1]] = r3</code>                  |
| 1.29     | <code>LDR R2, [R6, #12]</code>    | 5E72     | <code>r2 = r6[12] &amp; 0x0000ffff</code>    |
| 1.30     | <code>STR R1, [R7, #8]</code>     | 92M      | <code>r7[8] = r1</code>                      |

\* beware of wrap-around

## (2) Decoding Instructions [20 points]

For each of the 16-bit hexadecimal numbers below, decode it to the corresponding ARM Cortex-M0 "Thumb2" instruction. Remember that you can look at page 84 to decide what to do with the most significant 6 bits, and then look at the tables on the pages you are referred to.

For instance, the hexdecimal value `0x0006` has the binary representation `0000000000000110`. The top six bits are `000000`, which matches the pattern `00xxxx`, so it is a `Shift (immediate), add, subtract, move, and compare` instruction described on page A5-83.

Table A5.1 on page 85 shows a new opcode field which consists of bits 13-9. For this instruction, these are also `00000`, which matches the pattern `000xx` indicating that it is a `Logical Shift Left "LSL (immediate)"` instruction described on page A5-150.

Section A6.7.35 on page A6-150 lets us interpret the LDL instruction as having an `imm5` field of `00000`, an `Rm` field of `0000`, and an `Rd` field of `110`. This represents an instruction of "`LSLS R6,R0,0`". We know from lecture that this is also known as "`MOVWS R6,R0`" instruction.

You can, of course, use System Workbench or the simulator to check your work or do it entirely for you by writing the words into memory with assembler directives like this:

```
.global main:
main:
.bword 0x0006
```

You should feel free to do so, but **you should be prepared to do the decoding all on your own simply by looking at the ARMv6-M Architecture Reference Manual**.

| Question/Encoding | Instruction                                                            |
|-------------------|------------------------------------------------------------------------|
| example           | <code>0x0006</code>                                                    |
| 2.01              | <code>0111 000 00 10</code>                                            |
| 2.02              | <code>0000 0000 10 00 00 11 00 11 00 11 00 11 00 11 00 11 00 11</code> |
| 2.03              | <code>0000 0000 10 00 00 11 00 11 00 11 00 11 00 11 00 11 00 11</code> |
| 2.04              | <code>0x0127</code>                                                    |
| 2.05              | <code>0011 000 00 10 00</code>                                         |
| 2.06              | <code>0x02e8</code>                                                    |
| 2.07              | <code>0110 000 00 10 00</code>                                         |
| 2.08              | <code>0000 000 00 10 00</code>                                         |
| 2.09              | <code>0110 000 00 10 00</code>                                         |
| 2.10              | <code>0x1f3</code>                                                     |
| 2.11              | <code>0x0161</code>                                                    |
| 2.12              | <code>0100 000 00 10 00</code>                                         |
| 2.13              | <code>0x0595</code>                                                    |
| 2.14              | <code>0x1a1c</code>                                                    |
| 2.15              | <code>0x0323</code>                                                    |
| 2.16              | <code>0x1902</code>                                                    |
| 2.17              | <code>0x02da</code>                                                    |
| 2.18              | <code>0x011e</code>                                                    |
| 2.19              | <code>0x0463</code>                                                    |
| 2.20              | <code>0x0404</code>                                                    |

64+68+21

(64)+4

west sig bit of r1

## (3) Flags and Conditional Branches [60 points]

It can be difficult to understand the effects that instructions have on the Application Program Status Register (APSR) flags: NZCV. Luckily, we can take a higher-level view of the system by looking at the relationship between instructions and the effect that we expect them to have on subsequent conditional branches.

Consider the following sequence of instructions:

```
.global main:
main:
    movs r1, #5
    movs r0, #0
    beq label1, label2 // is this branch taken?
    adds r1, r2, r3
    bkt #1 // if we stop here, it means the branch was not taken
label1: bkt #2 // if we stop here, it means the branch was taken
```

The BEQ instruction looks at the APSR's Z flag. If the Z flag was set by the most recent flag-setting operation, BEQ will cause the Program Counter (PC) to be set to the address of `label1`. If the Z flag is false (not set), then execution will continue with the ADDS instruction and anything else that follows that follows the BEQ.

We know that the first instruction, `MOVWS R1, #5`, modifies the flags because it has an 'S' suffix in its mnemonic. This instruction is moving a non-zero value into R1, so it clears the zero flag of the APSR. The second instruction also modifies the flags, and this time it is zero, so it sets the Z flag to true. Only the most recent operation that updated the Z flag matters; the first MOVWS instruction is now irrelevant. Therefore, this code sequence will cause the BEQ instruction to jump to `label1`. In this case, we say that this branch was "taken."

If, however, we were to reverse the order of the two MOVWS instructions, then the BEQ would continue with the ADDS instruction and anything else that follows it. In that case, we would say that the branch was "not taken."

For the following instruction sequences, look at the Operation section of the instruction descriptions in section A6.7, and in Table A6.3, of the ARMv6-M Architecture Reference Manual, and decide if the single conditional branch in the sequence is "taken" or "not taken." There will be some questions where there is not enough information to know whether the branch is taken or not. These are situations where you don't know the initial flag state and the instructions before the branch do not modify the flags that the branch depends on or do not modify the flags at all. In these cases, write "unknowable". If you want to try these sequences on the STM32 or on the simulator, feel free to do so, but you should be able to decide what happens only by looking at the instructions' Operation description.

In the simulator, the values of the NZCV flags are 0000 at startup. For the code segments below, you should not assume you know what the initial flag values are. You should try setting the flags to different values to see what happens. For instance, you might want to precede each of the code segments with instructions that set them to be non-zero. For instance, you can set the Z, C, and V flags using the following two instructions:

```
ldr r0, =0x00000000
subs r0, r0, #1
```

By adding those instructions to the beginning of a code segment, you can initialize the flags to `_ZCV`.

If you want to clear all of the flags, try:

```
movs r0, #0
subs r0, #1
```

If you want to set only the N flag try, instead:

```
movs r0, #0
subs r0, #1
```

If better is if you assume all of the initial flag values are unknown. Manually trace through the instructions, one at a time, and identify the changes to the flags as you go. Then consider which flags a particular branch examines. If there are cases that cannot be resolved due to unknown flag values, then you know the branch outcome is "Unknowable".

Examples:

| Instruction Sequence | Flags (NZCV) | Branch Outcome |
|----------------------|--------------|----------------|
| NZCV                 | 0000         | taken          |
| movs r0, #0          | 0000         | taken          |
| beq label1, label2   | 0000         | taken          |
| add r1, r2, r3       | 0000         | taken          |
| bkt #1               | 0000         | taken          |
| label1: bkt #2       | 0000         | taken          |
| label2: bkt #3       | 0000         | taken          |
| add r1, r2, r3       | 0000         | taken          |
| label1: bkt #4       | 0000         | taken          |
| label2: bkt #5       | 0000         | taken          |
| add r1, r2, r3       | 0000         | taken          |
| label1: bkt #6       | 0000         | taken          |
| label2: bkt #7       | 0000         | taken          |
| add r1, r2, r3       | 0000         | taken          |
| label1: bkt #8       | 0000         | taken          |
| label2: bkt #9       | 0000         | taken          |
| add r1, r2, r3       | 0000         | taken          |
| label1: bkt #1       |              |                |