有人能举例说明如何在ARM程序集中完成递归,只有这里列出的指令(对于视觉)?
我正在尝试为类做一个递归的斐波纳契和阶乘函数。我知道递归是一个调用函数的函数,但我不知道如何在ARM中模拟它。
https://salmanarif.bitbucket.io/visual/supported_instructions.html
如果链接不起作用,我使用的是视觉,这是我可以使用的唯一说明:
这不会为R4加载较旧的值,因此每次函数调用时R4都会加倍。
;VisUAL initializess all registers to 0 except for R13/SP, which is -16777216
MOV R4, #0
MOV R5, #1
MOV r0, #4
MOV LR, #16 ;tells program to move to 4th instruction
FIB
STMDB SP!, {R4-R6, LR} ;Stores necessary values on stack (PUSH command)
LDR R4, [SP] ;Loads older value for R4 from memory
ADD R4, R4, R5 ;Adds R5 to R4
STR R4, [SP], #8 ;stores current value for R4 to memory
MOV R5, R4 ;Makes R5 = R4
CMP R4, #144 ;If R4 >= 144:
BGE POP ;Branch to POP
MOV PC, LR ;Moves to STMDB(PUSH) statement
POP
LDMIA SP!, {R4-R6, LR} ;Pops registers off stack
END ;ends program
答案 0 :(得分:2)
您需要使用堆栈,STMDB和LDMIA指令。在真正的ARM工具上使用"统一"符号,他们也有助记符PUSH和POP。
Fibonnaci和factorial不是很好的例子,因为他们不需要"需要"递归。但是,让我们假装他们这样做。我没有选择斐波纳契,因为你没有MUL指令!?你想做这样的事情:
START
MOV R0, #6
BL FIB
END ; pseudo-instruction to make your simulator terminate
FIB ; int fib(int i) {
STMDB SP!, {R4,R5,R6,LR} ; int n, tmp;
MOV R4, R0 ; n = i;
CMP R0, #2 ; if (i <= 2) {
MOV R0, #1 ; return 1;
BLE FIB_END ; }
SUB R0, R4, #2 ; i = n-2;
BL FIB ; i = fib(i);
MOV R5, R0 ; tmp = i;
SUB R0, R4, #1 ; i = n-1;
BL FIB ; i = fib(i);
ADD R0, R0, R5 ; i = i + tmp;
FIB_END ; return i;
LDMIA SP!, {R4,R5,R6,PC} ; }
它应该以包含fib(6)== 8的R0终止。当然,这个代码效率很低,因为它反复调用FIB来获得相同的值。
需要STM,因此您可以使用寄存器r4,r5,因为另一个函数调用可以更改r0-r3和LR。推动LR和弹出PC就像B LR。如果您正在调用C代码,则应该推送偶数个寄存器以保持SP 64位对齐(我们不需要在此处执行此操作;忽略R6)。
答案 1 :(得分:0)
其他一些递归函数:
unsigned int so ( unsigned int x )
{
static unsigned int z=0;
z+=x;
if(x==0) return(z);
so(x-1);
return(z);
}
构建/拆卸
arm-none-eabi-gcc -O2 -c Desktop/so.c -o so.o
arm-none-eabi-objdump -D so.o
00000000 <so>:
0: e92d4010 push {r4, lr}
4: e59f4034 ldr r4, [pc, #52] ; 40 <so+0x40>
8: e5943000 ldr r3, [r4]
c: e3500000 cmp r0, #0
10: e0803003 add r3, r0, r3
14: e5843000 str r3, [r4]
18: 1a000002 bne 28 <so+0x28>
1c: e1a00003 mov r0, r3
20: e8bd4010 pop {r4, lr}
24: e12fff1e bx lr
28: e2400001 sub r0, r0, #1
2c: ebfffffe bl 0 <so>
30: e5943000 ldr r3, [r4]
34: e8bd4010 pop {r4, lr}
38: e1a00003 mov r0, r3
3c: e12fff1e bx lr
40: 00000000
如果你不理解,那么它是否值得。让工具为你做这件事是作弊的吗?
push是stm的伪指令,弹出ldm的伪指令,所以你可以使用它们。
我使用了一个静态本地,我称之为本地全局,它在.data中不在堆栈上(在这种情况下,因为我将其设为零,所以很好.bss)
Disassembly of section .bss:
00000000 <z.4099>:
0: 00000000
第一个加载正在将此值加载到r3中。
调用约定说r0将包含进入函数的第一个参数(有异常,但在这种情况下也是如此)。
所以我们从内存中获取z,r0已经有参数x所以我们将x添加到z并将其保存到内存
编译器做了比较乱序,谁知道性能原因,add和str写的不要修改标志,这样就可以了,
如果x不等于零,则它分支到28,这就是so(x-1)调用 从内存中读回r3(调用约定说r0-r3是易失性函数,你可以随意修改它们并且不必保留它们因此我们在r3中的z版本可能已被破坏但是r4被任何被调用者保留,所以我们把z读回到r3。我们弹出r4并且返回堆栈的地址,我们用z准备返回寄存器r0并返回。
如果x等于零(在18上失败,我们运行1c,然后是20,然后是24),那么我们将z(r3版本)复制到r0中,这是用于根据所使用的调用约定从该函数返回的寄存器这个编译器(武器推荐)。并返回。
链接器将z的地址填入偏移量0x40,这是一个对象而不是最终的二进制文件......
arm-none-eabi-ld -Ttext=0x1000 -Tbss=0x2000 so.o -o so.elf
arm-none-eabi-ld: warning: cannot find entry symbol _start; defaulting to 0000000000001000
arm-none-eabi-objdump -D so.elf
so.elf: file format elf32-littlearm
Disassembly of section .text:
00001000 <so>:
1000: e92d4010 push {r4, lr}
1004: e59f4034 ldr r4, [pc, #52] ; 1040 <so+0x40>
1008: e5943000 ldr r3, [r4]
100c: e3500000 cmp r0, #0
1010: e0803003 add r3, r0, r3
1014: e5843000 str r3, [r4]
1018: 1a000002 bne 1028 <so+0x28>
101c: e1a00003 mov r0, r3
1020: e8bd4010 pop {r4, lr}
1024: e12fff1e bx lr
1028: e2400001 sub r0, r0, #1
102c: ebfffff3 bl 1000 <so>
1030: e5943000 ldr r3, [r4]
1034: e8bd4010 pop {r4, lr}
1038: e1a00003 mov r0, r3
103c: e12fff1e bx lr
1040: 00002000
Disassembly of section .bss:
00002000 <z.4099>:
2000: 00000000
这里的重点不是欺骗和使用编译器,这里的重点是递归函数没有什么神奇之处,当然不是如果你遵循调用约定或任何你最喜欢的术语。
例如
如果你有参数r0是第一个,r1是秒,直到r3(如果它们适合,使你的代码成功,你有四个或更少的参数) 如果适合,返回值在r0中 你需要在堆栈上按lr,因为你将调用另一个函数 r4 on up保留,如果你需要修改它们,如果你想要一些本地存储通过相应地修改堆栈指针(或者执行push / stms)来使用堆栈。你可以看到,gcc会将寄存器中的内容保存到堆栈中,然后在函数期间使用寄存器,至少可以使用几个局部变量值,超过它需要在堆栈上大量爆发的sp相对。 如果你需要在调用之前保存r0-r3然后在r4或更高版本的寄存器或堆栈中保存r0-r3,那么当你执行递归调用时,就像你根据调用约定那样执行任何其他正常函数一样。功能返回。你可以看到,只需在函数调用之前和之后将要保留的值放在寄存器r4或更高版本中。 编译器可以在分支之前完成r0的比较,这样就更容易读取。同样可以在pop
之前完成mov到r0的返回值我没有放参数,所以我的gcc构建似乎是armv4t,如果我要求更新的东西
arm-none-eabi-gcc -O2 -c -mcpu=mpcore Desktop/so.c -o so.o
arm-none-eabi-objdump -D so.o
so.o: file format elf32-littlearm
Disassembly of section .text:
00000000 <so>:
0: e92d4010 push {r4, lr}
4: e59f402c ldr r4, [pc, #44] ; 38 <so+0x38>
8: e3500000 cmp r0, #0
c: e5943000 ldr r3, [r4]
10: e0803003 add r3, r0, r3
14: e5843000 str r3, [r4]
18: 1a000001 bne 24 <so+0x24>
1c: e1a00003 mov r0, r3
20: e8bd8010 pop {r4, pc}
24: e2400001 sub r0, r0, #1
28: ebfffffe bl 0 <so>
2c: e5943000 ldr r3, [r4]
30: e1a00003 mov r0, r3
34: e8bd8010 pop {r4, pc}
38: 00000000
您可以看到返回阅读更容易
虽然错过了优化,但它可以完成ldr r0,[r4]并保存一条指令。或者保留那个尾端,并且bne可能是30的beq(mov r0,r3; pop {r4,pc}并共享一个出口。
更具可读性
so:
push {r4, lr}
@ z += x
ldr r4, zptr
ldr r3, [r4]
add r3, r0, r3
str r3, [r4]
@ if x==0 return z
cmp r0, #0
beq l30
@ so(x - 1)
sub r0, r0, #1
bl so
ldr r3, [r4]
l30:
@ return z
mov r0, r3
pop {r4, pc}
zptr: .word z
.section .bss
z: .word 0
arm-none-eabi-as so.s -o so.o
arm-none-eabi-objdump -D so.o
so.o: file format elf32-littlearm
Disassembly of section .text:
00000000 <so>:
0: e92d4010 push {r4, lr} (stmdb)
4: e59f4024 ldr r4, [pc, #36] ; 30 <zptr>
8: e5943000 ldr r3, [r4]
c: e0803003 add r3, r0, r3
10: e5843000 str r3, [r4]
14: e3500000 cmp r0, #0
18: 0a000002 beq 28 <l30>
1c: e2400001 sub r0, r0, #1
20: ebfffff6 bl 0 <so>
24: e5943000 ldr r3, [r4]
00000028 <l30>:
28: e1a00003 mov r0, r3
2c: e8bd8010 pop {r4, pc} (ldmia)
00000030 <zptr>:
30: 00000000
Disassembly of section .bss:
00000000 <z>:
0: 00000000
修改
让我们来看看最后一个。
push {r4,lr} which is a pseudo instruction for stmdb sp!,{r4,lr}
Lr is the r14 which is the return address look at the bl instruction
branch and link, so we branch to some address but lr (link register) is
set to the return address, the instruction after the bl. So when main or some other function calls so(4); lets assume so is at address 0x1000 so the program counter, r15, pc gets 0x1000, lr will get the value of the instruction after the caller so lets say that is 0x708. Lets also assume the stack pointer during this first call to so() from main is at 0x8000, and lets say that .bss is at 0x2000 so z lives at address 0x2000 (which also means the value at 0x1030, zptr is 0x2000.
We enter the function for the first time with r0 (x) = 4.
When you read the arm docs for stmdb sp!,{r4,lr} it decrements before (db) so sp on entry this time is 0x8000 so it decrements for the two items to 0x7FF8, the first item in the list is written there so
0x7FF8 = r4 from main
0x7FFC = 9x 0x708 return address to main
the ! means sp stays modified so sp-0x7ff8
then ldr r4,zptr r4 = 0x2000
ldr r3,[r4] this is an indirect load so what is at address r4 is read to
put in r3 so r3 = [0x2000] = 0x0000 at this point the z variable.
z+=x; add r3,r0,r3 r3 = r0 + r3 = 4 + 0 = 4
str r3,[r4] [r4] = r3, [0x2000] = r3 write 4 to 0x2000
cmp r0,#0 4 != 0
beq to 28 nope, not equal so no branch
sub r0,r0,#1 r0 = 4 - 1 = 3
bl so so this is so(3); pc = 0x1000 lr = 0x1024
so now we enter so for the second time with r0 = 3
stmdb sp!,{r4,lr}
0x7FF0 = r4 (saving from so(4) call but we dont care its value even though we know it)
0x7FF4 = lr from so(4) = 0x1024
sp=0x7FF0
ldr r4,zptr r4 = 0x2000
ldr r3,[r4] r3 = [0x2000] = 4
add r3,r0,r3 r3 = 3 + 4 = 7
str r3,[r4] write 7 to 0x2000
cmp r0,#0 3 != 0
beq 0x1028 not equal so dont branch
sub r0,r0,#1 r0 = 3-1 = 2
bl so pc=0x1000 lr=0x1024
so(2)
stmdb sp!,{r4,lr}
0x7FE8 = r4 from caller, just save it
0x7FEC = lr from caller, 0x1024
sp=0x7FE8
ldr r4,zprt r4=0x2000
ldr r3,[r4] r3 = read 7 from 0x2000
add r3,r0,r3 r3 = 2 + 7 = 9
str r3,[r4] write 9 to 0x2000
cmp r0,#0 2 != 0
beq 0x1028 not equal so dont branch
sub r0,r0,#1 r0 = 2 - 1 = 1
bl 0x1000 pc=0x1000 lr=0x1024
so(1)
stmdb sp!,{r4,lr}
0x7FE0 = save r4
0x7FE4 = lr = 0x1024
sp=0x7FE0
ldr r4,zptr r4=0x2000
ldr r3,[r4] r3 = read 9 from 0x2000
add r3,r0,r3 r3 = 1 + 9 = 10
str r3,[r4] write 10 to 0x2000
cmp r0,#0 1 != 0
beq 0x1028 not equal so dont branch
sub r0,r0,#1 r0 = 1 - 1 = 0
bl 0x1000 pc=0x1000 lr=0x1024
so(0)
stmdb sp!,{r4,lr}
0x7FD8 = r4
0x7FDC = lr = 0x1024
sp = 0x7FD8
ldr r4,zptr r4 = 0x2000
ldr r3,[r4] r3 = read 10 from 0x2000
add r3,r0,r3 r3 = 0 + 10 = 10
str r0,[r4] write 10 to 0x2000
cmp r0,#0 0 = 0 so it matches
beq 0x1028 it is equal so we finally take this branch
mov r0,r3 r0 = 10
ldmia sp!,{r4,pc}
increment after
r4 = [sp+0] = [0x7FD8] restore r4 from caller
pc = [sp+4] = [0x7FDC] = 0x1024
sp += 8 = 0x7FE0
(branch to 0x1024)(return from so(0) to so(1))
ldr r3,[r4] read 10 from 0x2000
mov r0,r3 r0 = 10
ldmia sp!,{r4,pc}
r4 = [sp+0] = [0x7FE0] restore r4 from caller
pc = [sp+4] = [0x7FE4] = 0x1024
sp += 8 = 0x7FE8
(branch to 0x1024)(return from so(1) to so(2))
ldr r3,[r4] read 10 from 0x2000
mov r0,r3 r0 = 10
ldmia sp!,{r4,pc}
r4 = [sp+0] = [0x7FE8] restore r4 from caller
pc = [sp+4] = [0x7FEC] = 0x1024
sp += 8 = 0x7FF0
(branch to 0x1024)(return from so(2) to so(3))
ldr r3,[r4] read 10 from 0x2000
mov r0,r3 r0 = 10
ldmia sp!,{r4,pc}
r4 = [sp+0] = [0x7FF0] restore r4 from caller
pc = [sp+4] = [0x7FF4] = 0x1024
sp += 8 = 0x7FF8
(branch to 0x1024)(return from so(3) to so(4))
ldr r3,[r4] read 10 from 0x2000
mov r0,r3 r0 = 10
ldmia sp!,{r4,pc}
r4 = [sp+0] = [0x7FF8] restore r4 from caller (main()'s r4)
pc = [sp+4] = [0x7FFC] = 0x708
sp += 8 = 0x8000
(branch to 0x708)(return from so(4) to main())
and we are done.
因此堆栈是函数的临时存储,在杯子上写入一个数据项,然后将其推入持有者(保存来自调用者的r4)写入另一个项目并将其推入持有者(lr,返回地址来自呼叫者)。我们这里每个功能只使用了两个项目,所以每个功能我可以将两个杯子推入支架,每次调用该功能我都会获得两个NEW AND UNIQUE存储位置来存储这些本地信息。当我退出功能时,我将两个杯子向下拉出支架并使用它们的值(并丢弃它们)。这在某种程度上是递归的关键,堆栈为每个调用提供了新的本地存储,与先前对同一函数的调用分开,如果没有别的你需要一个返回地址(虽然确实做了一些更简单的递归示例,当时没有优化是足够智能,基本上可以循环它。)
ldr rd,[rn]想到他说那个地址的项目所以在rn的地址读取内存并将该值保存在rd中。
str rd,[rn]一个搞乱的arm指令,其余的第一个参数是equals的左侧(添加r1,r2,r3 r1 = r2 + r3,ldr r1,[r4] r1 = [ r4])这一个是向后[rn] = rd将rd中的值存储到地址r4描述的内存位置,一个间接层。
stmdb sp !,表示在执行列表中寄存器数量的4个字节乘以之前递减堆栈指针,然后将第一个编号最小的寄存器写入[sp + 0],然后写入[sp + 4]并且所以在最后一个将比sp的起始值小四。的!表示函数完成,sp表示递减的值。您可以将ldm / stm用于堆栈推送和弹出之外的其他操作。像memcpy,但这是另一个故事...
所有这些都来自infocenter.arm.com的手臂文档,您应该已经拥有它(手臂架构参考手册,如果您还没有阅读过armv5,则首选它是第一个)。