hello
i have an opcode of BNE and i want to know which address it jmb
the opcode is 1AFFFFF9 if there is who know how can i understand which address go this brunch
This is a relative address branch. The value of FFFFF9 is -7 in decimal. Hence the target address is PC - 7 words.
In 32-bit ARM code the PC is 2 words ahead of the current instruction, so the target address in this case is equal to:
- 5 wordsFor example if L1 is a label, the original code might look something like:
1000H L1:
1004H …
1008H …
100CH …
1010H …
1014H 1AFFFFF9 BNE L1
thank you cfb for your help but i didn’t understand well
how do you find the offset FFFFF9= to -7!cfb:
This is a relative address branch. The value of FFFFF9 is -7 in decimal.
can you give an another real example (ARM7TDMI)
time to review base 16 arithmetic.ss-00:
thank you cfb for your help but i didn’t understand wellhow do you find the offset FFFFF9= to -7!cfb:
This is a relative address branch. The value of FFFFF9 is -7 in decimal.can you give an another real example (ARM7TDMI)
Take your hexadecimal capable calculator and revisit why FFFFF9 in hex, for 32 bits signed two’s complement is -9 in decimal
Unless you comprehend this, you will not succeed in assembly language. This is fundamental.
FFFFFFFF is -1
00000001 is +1
what is zero?
what is 2 raised to the 32nd power, then minus 1?
That is not peculiar to ARM - you just need to understand how the "two's-complement" system of representing signed integers in computer systems works. Usually such numbers are 8 / 16 / 32 bit but in this case the offset is a 24-bit signed integer.ss-00:
how do you find the offset FFFFF9= to -7!
Counting down from 1:
000001 = 1
000000 = 0
FFFFFF = -1
FFFFFE = -2
…
FFFFFA = -6
FFFFF9 = -7
etc.
If you are not familiar with how the two’s-complement system works, a good starting point is here:
Ahem... ??? Maybe the batteries in your calculator need replacing :wink:stevech:
Take your hexadecimal capable calculator and revisit why FFFFF9 in hex, for 32 bits signed two’s complement is -9 in decimal
thank you for your help
i understand now
that’s mean This branch can initiate a jump in negative direction to an address that
is 7 instructions or 28 bytes ahead.
can you give me an example to know how can i determine the jmp address?
Normally you should not have to worry about that any more than you need to know e.g. what the opcode for BNE is. As indicated in my previous example, in an assembly language program the target instruction would be identified by a label (with a name chosen by you) and you would branch to that label. The assembler chooses the appropriate value for the opcode and does the work of calculating what the relative address is.ss-00:
can you give me an example to know how can i determine the jmp address?
What exactly are you trying to do?
i want to know how this opcode work maybe i will try to built a small disassemble that's why i askedcfb:
What exactly are you trying to do?
take a look at this code which i found it on the Web([link)
000158: e3560064 cmp r6, #100 ; 0x64 ‘d’
00015c: 1a000008 bne 000184(8) ; jump
000160: e59f40a4 ldr r4, [pc, #164]
000164: e1a00004 mov r0, r4
000168: eb000544 bl 001680(544)
00016c: e1a02000 mov r2, r0
000170: e1a00004 mov r0, r4
000174: e3a01001 mov r1, #1 ; 0x1
000178: e1a03005 mov r3, r5
00017c: eb000339 bl 000e68(339)
000180: ea000007 b 0001a4(7) ; jump
000184: e59f4084 ldr r4, [pc, #132] ; [000210]
look at BNE opcode it jump to address 000184
00015c: 1a000008 bne 000184(8) ; jump
how they determine the jump address is 000184](ARM disassembly :: upfirmware)
By definition, for ARM 32-bit code:ss-00:
00015c: 1a000008 bne 000184(8) ; jump…
…
000184: e59f4084 ldr r4, [pc, #132] ; [000210]
look at BNE opcode it jump to address 000184
00015c: 1a000008 bne 000184(8) ; jump
how they determine the jump address is 000184
Target address = PC + offset
PC = address of current instruction + 2 words
1 word = 4 bytes
In your example:
current address = 00015c
offset = 8 words
so Target Address = PC + 8 words
= 00015c + 2 + 8 words
= 00015c + 40 bytes (decimal)
= 00015c + 00028 (hexadecimal)
= 000184
thank you very very much cfb for your help
sorry i ask so many questions and this is my last one(i hope so)
look at these lines which consist of opcodes
2C040000 : EA000007E1B0F00EE59FF100E25EF004E25EF008E1A00000E59FF0ECE25EF004
2C040020 : 2C0404F0E10F0000E3C0001FE380001BE129F000E59FD0D8E59F00D8E08DD000
2C040040 : E10F0000E3C0001FE3800013E129F000E59FD0C4E59F00C4E08DD000E10F0000
the first opcode(EA000007) start from 2C040000 address ,and the second opcode is E1B0F00E it has the same of the first opcode!!
let’s do what you explained it to me above on the first line
2C040000 : EA000007 the second address it will be PC=2C040000+8(2 words)=2C040008
2C040008: E1B0F00E ;NEXT PC=2C040008+8
2C040010 : E59FF100 ;NEXT PC=2C040010+8
2C040018 : E25EF004 ;NEXT PC=2C040018+8;BUT THIS ADDRESS IS THE BEGINING OF THE SECOND LINE and it rest 4 opcodes in the first line
2C040020 : 2C0404F0 ;
No. If the instruction at 2C040000 is not a branch, the address of the next instruction to be executed will be at 2C040004. (The PC then would have the value 2C04000C).ss-00:
let’s do what you explained it to me above on the first line2C040000 : EA000007 the second address it will be PC=2C040000+8(2 words)=2C040008
I think you may have misunderstood the relationship between the address of the current instruction and the value stored in the PC register. The value of PC is always 2 words ahead of the address of the current instruction because of the way the instruction pipeline works. Read section 1.1.1 in the ARM7TDMI Technical Reference Manual for a more detailed explanation.
cfb:
No. If the instruction at 2C040000 is not a branch, the address of the next instruction to be executed will be at 2C040004. (The PC then would have the value 2C04000C).
why it will be 2C040004
if we have
PC = address of current instruction + 2 words
1 word = 4 bytes so
pc =2C04000 + 2 words= 2C04000 + (2*4)= 2C04008 how you find it 2C040004
Because 2C040004 is the address of the next instruction to be *executed*. Do not confuse this with the value in PC which is the address of the next instruction to be *fetched*. Read the reference that I gave you - it should help you to understand the difference.ss-00:
why it will be 2C040004
thank you very muck Chris for your help