Armv7 assembly code analysis

To analyze the usage of the armv7 architecture register, use the C program to generate and analyze the armv7 assembly.

1. The C source code is as follows (the function is very simple to simplify ):

# Cat callfunc. c

#include <stdio.h>#include <stdlib.h>#include <math.h>int main(){int input=10;int tmp,result;tmp = func1(input);result = func2(tmp);printf("result = %d \n", result);return 0;}int func1(int a){a++;return a;}int func2(int b){b=b*b;return b;}

2. Generate arm assembly code through cross-Compilation:

# Arm-none-Linux-gnueabi-gcc-March = armv7-a callfunc. C-S-O callfunc. ASM

The assembly code for generating armv7 is as follows:

. Arch armv7-a.fpu softvfp. eabi_attribute 20, 1. eabi_attribute 21, 1. eabi_attribute 23, 3. eabi_attribute 24, 1. eabi_attribute 25, 1. eabi_attribute 26, 2. eabi_attribute 30, 6. eabi_attribute 34, 1. eabi_attribute 18, 4. file "callfunc. C ". section. rodata. align2; 2 ^ 2, that is, 4-byte align2; ". "starts with a pseudo command, which is compiler-related and platform-independent ;. lc0 :. ASCII "result = % d \ 012 \ 000 ". text. align2.globalmain; global function declaration, equivalent to extern in C language. typemain, % functionmain :. fnstar T; function start flag @ ARGs = 0, pretend = 0, frame = 16; @ flag annotation, added by the compiler @ frame_needed = 1, uses_anonymous_args = 0 stmfdsp !, {FP, LR}; FP = R11 = 0, LR = 0x40291664; respectively stored FP, LR to SP, sp-4; sp0 = sp-4; FP (R11) Sort pointer ;; regarding FP: During C program compilation, local variables of all functions are allocated in a continuous storage zone. Generally, this storage zone is in the stack, this continuous storage area is called the storage "frame" of this function, which is accessed through a pointer .; The register FP should be zero or the last structure in the list pointing to the stack backtracking structure,

; Provides a way to trace back the called functions.

That is, the function of FP is used for backtracking. It can also be seen from the code that FP only serves as a tag and theoretically does not affect program execution without using FP. save {FP, LR}; about. save: its role and the following. setfp ,. pad and other pseudo commands act similarly and generate comments on the corresponding Assembly commands .; For more information, see the web page (http://sourceware.org/binutils/docs/as/ARM-Directives.html ). setfp FP, SP, #4 addfp, SP, #4; SP = 0xbe88f3e0, FP = 0xbe88f3e4. pad #16 subsp, SP, #16; SP = 0xbe88f3d0movr3, #10; R3 = 10strr3, [FP, #-8]; r3-> fp-8, that is, sp-4ldrr0, [FP, #-8]; r3-> r0blfunc1; jump to func1strr0, [FP, #-12]; R0-> fp-12ldrr0, [FP, #-12] blfunc2strr0, [FP, #-16] movwr3, #: lower16 :. lc0movtr3, #: upper16 :. lc0; the functions of movw and movt are: R3 = (movt #: upper16 :. Lc0 <16) | (movw #: lower16 :. lc0 )).; the above two sentences are output. lc0 segments. the content of the line in ASCII, that is, print the result = % d \ 012 \ 000movr0, r3ldrr1, [FP, #-16] blprintf; print the content in R0 and R1 movr3, #0movr0, r3subsp, FP, #4 ldmfdsp !, {FP, PC }. fnend. sizemain ,. -Main. align2.globalfunc1. typefunc1, % functionfunc1 :. fnstart @ ARGs = 0, pretend = 0, frame = 8 @ frame_needed = 1, uses_anonymous_args = 0 @ link register save eliminated. strfp, [Sp, #-4]!; R11 (FP) into the stack; SP = 0xbe88f3d0-4 = 0xbe88f3cc, R11 = 0xbe88f3e4; FP (I .e. R11) is stored in the address of the sp-4 (0x. save {FP }. setfp FP, SP, #0 addfp, SP, #0; FP = 0xbe88f3cc. pad #12 subsp, SP, #12; SP = 0xbe88f3c0strr0, [FP, #-8]; R0 is stored at the address pointed to by the fp-8 ldrr3, [FP, #-8] addr3, R3, #1strr3, [FP, #-8] ldrr3, [FP, #-8] movr0, r3addsp, FP, #0 ldmfdsp !, {FP}; R11 (FP) outbound stack bxlr. fnend. sizefunc1 ,. -func1.align2. globalfunc2.typefunc2, % functionfunc2 :. fnstart @ ARGs = 0, pretend = 0, frame = 8 @ frame_needed = 1, uses_anonymous_args = 0 @ link register save eliminated. strfp, [Sp, #-4]!. Save {FP }. setfp FP, SP, #0 addfp, SP, # 0.pad #12 subsp, SP, #12strr0, [FP, #-8] ldrr3, [FP, #-8]; r0-> r3ldrr2, [FP, #-8]; R0-> r2mulr3, R2, R3; R2 * r3-> r3strr3, [FP, #-8] ldrr3, [FP, #-8] movr0, R3; r3-> r0addsp, FP, #0 ldmfdsp !, {FP}; SP-> FP; pop fpbxlr. fnend. sizefunc2 ,. -func2.ident "GCC: (sourcery code=lite 2011.09-70) 4.6.1 ". section. note. GNU-stack, "", % progbits

For the analysis content, see code comments.

Note:

1. The default register used by the compiler to transmit parameters is R0 ~ R3, the stack is used if there are more than four parameters.
2. Bl printf: this command is a printing command. By default, it prints the content of Registers starting with R0. When the number of tested parameters exceeds 4, R0 stores the printing format, r1-r3 storage to print the number, the remaining parameters need other register storage, but printf how to print out the several more registers, it is not clear for now. Please add.