ARM汇编分支,用于寻址寄存器或内存
[英]ARM assembly branch to address inside register or memory
问题描述
I'm wondering in ARM assembly which instruction I can use to branch to an address or label stored in some memory address. 
我想知道在ARM程序集中哪些指令可用于分支存储在某个内存地址中的地址或标签。
For example, we can use B LABEL to jump to LABEL. 例如,我们可以使用B LABEL跳转到LABEL。 But now the destination can only be known during run time, and it is stored in some known memory place, is there something like B [address]? 但现在目的地只能在运行时知道,它存储在一些已知的内存位置,是否有类似B [地址]的东西?
Thanks! 谢谢!
2 个解决方案
解决方案1
5 已采纳 2015-08-31 07:20:58
is there something like B [address]?
No. Load the address into a register first, and then use BX to jump to it: 不。先将地址加载到寄存器中,然后使用BX跳转到它:
@ In this example, R0 points to the address to jump to
LDR R1, [R0]
BX R1
You could also load the address directly into PC (though I'm not sure if this is valid across all ARM architectures, so consult the relevant reference document): 您也可以将地址直接加载到PC (虽然我不确定这是否适用于所有ARM体系结构,因此请参阅相关参考文档):
@ In this example, R0 points to the address to jump to
LDR PC, [R0]
解决方案2
1 2019-01-11 11:39:42
One important design paradigm of the ARM architecture is that only very few instructions can operate on memory, which is potentially a slow operation: only LDR and STR . ARM体系结构的一个重要设计范例是,只有极少数指令可以在内存上运行,这可能是一个缓慢的操作:只有LDR和STR 。 So there is no B [label] from memory. 所以内存中没有B [label] 。
For the register part of the question, a good way to answer this kind of question is to look at the instruction summary sections, which group instructions by type. 对于问题的注册部分,回答这类问题的一个好方法是查看指令摘要部分,按类型分组说明。 There is one for branch instructions in ARMv7 and ARMv8: ARMv7和ARMv8中有一个用于分支指令:
ARMv7 A4.3 "Branch instructions"
ARMv7 A4.3“分支指令” As mentioned at: https://stackoverflow.com/a/32305904/9160762 , in ARMv7 you can use
BX register, and there is also aBLX registerwhich sets the return address for a function call.如下所述: https : //stackoverflow.com/a/32305904/9160762 ,在ARMv7中,您可以使用BX register,还有一个BLX register,用于设置函数调用的返回地址。From that table, we know which ones use register since only those can jump to "Any" address: those that use immediates have limited ranges as full addresses don't fit into the fixed 4 bytes per instruction encoding.
从该表中,我们知道哪些使用寄存器,因为只有那些可以跳转到“任何”地址:使用immediates的那些具有有限的范围,因为完整地址不适合每个指令编码的固定4字节。 Minimal runnable example .
最小的可运行示例 。 Another option in ARMv7 mentioned at: https://stackoverflow.com/a/32305904/9160762 is to
ldrinto the PC, since PC is justr15::在ARMv7的另一种选择,在提到https://stackoverflow.com/a/32305904/9160762是ldr到PC,PC以来就是r15:ldr pc, [r0]However, this is not possible anymore in ARMv8 where PC has a dedicated register.
但是,在具有专用寄存器的ARMv8中,这是不可能的。 B1.2.1 "Registers in AArch64 state" says: B1.2.1“AArch64州的登记册”说: Software cannot write directly to the PC.
软件无法直接写入PC。 It can only be updated on a branch, exception entry or exception return. 它只能在分支,异常条目或异常返回上更新。 ARMv8 C3.1 "Branches, Exception generating, and System instructions"
ARMv8 C3.1“分支,异常生成和系统指令” In that section we learn about
BLR,BRandRET.在那一节中,我们将了解BLR,BR和RET。BRis likeBX, but withoutXsince there is no thumb to worry about.BR就像BX,但没有X因为没有拇指可以担心。Minimal runnable example .
最小的可运行示例 。 The docs then say that
RETis analogous toBR, except that it:然后,文档说RET与BR类似,不同之处在于它:- gives a hint that this is supposed to represent a function return 给出一个暗示,这应该代表一个函数返回
- the register is optional on the assembly, and defaults to
x30, which is whereBLputs the return address寄存器在汇编时是可选的,默认为x30,这是BL放置返回地址的地方
- gives a hint that this is supposed to represent a function return
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.