Many processers run more than a single process simultaneously. In a multi-process (or multi-user) system, each process gets control of the processor and its memory, ports, and I/O devices for a limited “slice” of time. At the end of its allotted time slice, each process must surrender control and wait idly for its scheduled time-slice to come around again. Supervisory “system” software (often called the operating system, or OS) schedules time for the different tasks. Sometimes, each process gets an equal amount of time, and other times, higher-priority processes get longer or more frequent time slices.
Because the processor and its resources can be shared by several active processes, no single process can be allowed to compromise the others. This means that some system resources must be protected, so that processes can’t interfere with one another. As examples, idle processes waiting for their next time slice may have left data in memory, so already-allocated memory must off limits to other processes. Some processes may be managing communication channels that can’t be easily reset and restarted in a single time slice, so those channels must not be used by another process until the first process is finished with them. No user process should be able to reset the processor or put it in a non-responsive state, and no process should be able to change system settings (like exception vectors) that would affect other processes.
To help manage such situations, most processors have different operating modes that allow different levels of “privileged” access to areas of memory, system settings, peripheral devices, and other resources. Typically, the lowest priority mode is the “user” mode that is used by regular application/user programs. Processes running in user mode can be prevented from accessing certain areas of memory, certain registers, and certain peripherals. This limited access is essential to creating a stable, shared processing environment.
The most privileged mode is typically a “system” mode that allows a program to freely access all resources without restriction. This mode is typically used sparingly, and only when needed. Usually, only “System” software is allowed to run in system mode, and even then it only does so when strictly needed. System software typically manages user applications, and allocates shared resouces like memory or data ports. System software might run mostly in user mode, and switch to system mode only when necessary to access a protected register, or reassign certain resources.
The ARM has several operating modes that are used for various purposes:
- User mode is the basic mode in which application programs run. User mode is the only unprivileged mode, and it has restricted access to system resources. Typically, a processor spends more than 99% of its time in user mode.
- System mode provides unrestricted access to all system resources. Supervisor mode can only be entered in certain controlled ways (discussed below), and it is typically only entered when required to manage a particular resource.
- Supervisor mode also provides unrestricted access to all system resources. Supervisor mode is entered on reset or power-up, or when software executes a Supervisor Call instruction (SVC). Supervisor mode is similar to system mode, but offers access to a few more registers.
- Abort mode is entered if a program attempts to access a non-existing memory location. Abort mode also offers access to a few private registers that other modes can’t access.
- Undefined mode is entered for any instruction-related exceptions, including any attempt to execute an unimplemented instruction.
- IRQ mode is entered in response to a normal interrupt request from an external device.
- FIQ mode is entered in response to a fast interrupt request from an external device. It is used to provide faster service for more urgent requests.
- Monitor mode is available in some implementations to change between secure and non-secure states, and for debugging.
- Hypervisor mode is available in some implementations to control certain virtualization extensions.
The processor comes out of reset in supervisor mode with unrestricted access to the processor and all of its resources. In a typical scenario, after performing various initialization tasks, the processor will switch into the unprivileged user mode for normal/routine operations. User mode offers resource protection for normal user programs, so that bugs, poorly written code, or malicious code can’t harm other processes.
System and supervisor modes exist to allow system software to manipulate the status registers, to respond more quickly to certain exceptions, and to deal with unexpected conditions. IRQ and FIQ modes exist to streamline the processors response to interrupts. System mode and IRQ mode are used regularly (but temporarily) to access certain protected resources, and these modes will be used when initializing and processing interrupts. The other modes are special case modes that are infrequently used in regular operations, and aren’t described further here.
The operating mode is defined by the lowest five bits in the CPSR (bits 4:0) as shown the figure from page B1-1139 of the AARM.
The ARM maintains a few separate/duplicate registers that are available only when the processor is operating in a certain mode. As shown in the table below, user and system modes share the exact same registers. The other modes have their own local/private SP, LR, and PSR, and the FIQ mode also has separate R8-R12 registers. These duplicate registers (including the duplicate GPRs in FIQ mode) make mode and context switching faster and more efficient, and decrease the amount of work required to do proper context switching when changing modes.
R0 to R12 are not duplicated in any mode except FIQ. When one of these non-FIQ modes is entered, perhaps as a result of running an exception/interrupt service routine, registers contents must be saved on the stack and later restored. The FIQ mode has separate R8-R12 registers that can only be accessed in FIQ mode, so those registers need not be saved and restored (this allows faster servicing of “fast interrupts”). Note that software running in any mode “sees” the registers as identified in the Application View column of the table above. The controller determines which actual register is accessed by combining the mode with the register address. So for example, software in IRQ mode would access the SP as “R13” or “SP”, just like software running in user mode, and the IRQ-mode SP would be used automatically (the “SP_irq” entry in the table is only to identify that a separate register exists).
The APSR is a read-only alias of the CPSR. Sometimes, software needs to write data to the CSPR (for example, to change operating mode, or enable interrupts). Since the CPSR cannot be modified in user mode, software must change to supervisor mode to get write access (supervisor mode can be entered by executing the SVC instruction, or by certain exceptions). While in supervisor mode, two special move instructions (MRS and MSR) can be used to access the CPSR. “MRS Rd, CPSR” will read the contents of the CPSR into Rd, and “MSR CPSR_n, Rd” can write new values into the CPSR. For writing purposes, the CPSR is broken into four bytes that use the specifiers _f, _s, _x, and _c to designate CPSR bits 31:24, 23:16, 15:8, and 7:0 respectively (the specifiers are used in place of the _n in the instruction shown above). This helps prevent inadvertent overwrites of bits in this sensitive register. To write only the lower eight bits of the CPSR, the instruction MSR CPSR_c can be used. To write all bits, MSR CPSR_fsxc can be used.