what do these instructions do

2019-07-19 12:22发布

问题:

I am working on a simulator for the msp430 instruction set. gnu assembler will let you encode instructions like these:

fc0a: 12 10 00 02 rrc &0x0200       
fc0e: 22 11       rra #4        
fc10: 23 52       add #4,#2

My guess is that rrc &0x0200 will fetch from address 0x0200 perform the rotate then write the answer back to address 0x0200, correct? But what would an rra #4 do? The source would be an immediate 4 I assume but is there a destination after the operation? The add #4,#2 assembled into what you would expect (as 2b10, source = r2, ad = 1b0, dest = r3), the binutils disassembler though did not know what to do with that instruction.

Are these valid instructions?

回答1:

Although there doesn't appears to be any definitive online reference to this effect, I tend to agree with the OP that the two instructions shown (and several others) are likely not valid, even though they conform to the format defined in the data sheets.

In other words, not all possible combinations of the various parts that make up a instruction word are valid. In particular many single operand instructions that use the immediate addressing mode, and many double operand instructions that have an immediate addressing mode for the destination are probably not semantically viable.

There are only a few hints to this effect in the documentation, for example, in the User's Guide, section 3.3.7 (on the immediate addressing mode), a comment indicates "Valid only for a source operand." (And, BTW, this is for all cases of immediate addressing mode, not just the short-hand cases allowed by the R2 or R3 constant generation trick.)

The fact that the disassembler doesn't know what to do with such codes is also another hint (although... some disassemblers get tripped easily...).

For sake of documentation, I gathered below a few useful references for the MSP430:

  • TI's MSP430 User's Guide (pdf) Chapter 3 is particularly relevant
  • The TI MSP430 microcontroller (pdf) A shorter overview (11 pages)
  • MSPGCC manual A GNU Port of TI's tools for the MSP430 microcontrollers.


回答2:

In the current users guide, in section 3.4.4.2, it recommends not using the immediate mode (#N) in the destination field for the command RRA as it results in "unpredictable program operation."



回答3:

It's possible they are. Looking at the instruction set on Wikipedia, the opcodes encode the register and various options. So it's not a simple mapping. It looks like the output you've got is little-endian, so this:

fc0a: 12 10 00 02 rrc &0x0200  

corresponds to the instruction 1012, which in binary is 0001 0000 0001 0010.

This breaks down as follows:

6 bits: 0001 00 - fixed; defines the instruction family
3 bits: 00 0    - instruction (RRC)
1 bit : 0       - byte or word parameter (0 = 16 bit parameter; 1 = 8 bit)
2 bits: 01      - addressing mode (01 = indexed;)
4 bits: 0010    - register

So in this case a rotate-right is occuring on the value at the offset in register 2 from address &0200.

You'd need to break the other instructions down in a similar way to fully understand. For the ADD instruction, both the source and destination registers/addresses are encoded in the 5223 instruction.