The ARM CPSR (Current Program Status Register) controls the processor operating mode and enables switching between different modes in ARM cores. The CPSR stores status and control information such as the ALU flags, current processor mode, and interrupts enabling/disabling. Changing the mode field in the CPSR allows switching between different processor modes.
ARM Processor Modes
ARM processors have several modes to support operating systems and privilege levels. The main modes are:
- User (usr) – Lowest privilege level, used for normal applications.
- FIQ (fiq) – Supports fast interrupts processing.
- IRQ (irq) – Used for general purpose interrupt handling.
- Supervisor (svc) – Supports protected OS system calls.
- Abort (abt) – Entered on data or instruction aborts.
- Undefined (und) – Entered when an undefined instruction is executed.
- System (sys) – Runs privileged OS tasks with access to all resources.
Each mode has its own dedicated bank of registers and program status to control access. Lower privilege modes cannot access resources reserved for higher privilege ones.
The CPSR is a 32-bit register with the following format: 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0 N Z C V Q J GE[3:0] E A I F T M[4:0]
- Bits 31-28 – Condition flags N, Z, C, V for the ALU.
- Bit 27 – Overflow flag Q for multiply operations.
- Bit 26 – Java mode J for Jazelle extension.
- Bits 25-22 – Greater than or Equal flags GE[3:0] for SIMD instructions.
- Bit 21 – Endianness state E.
- Bit 20 – IRQ disable A.
- Bit 19 – FIQ disable I.
- Bit 18 – Thumb state T.
- Bits 17-13 – Mode field M[4:0].
The mode field encodes the current processor mode: M[4:0] Mode 10000 User 10001 FIQ 10010 IRQ 10011 Supervisor 10111 Abort 11011 Undefined 11111 System
Writing to the mode field transitions the processor into a new mode provided it is allowed by the privilege level.
Mode Privilege Levels
The ARM modes have the following privilege hierarchy from lowest to highest:
- User (usr)
- FIQ (fiq)
- IRQ (irq)
- Supervisor (svc)
- Abort (abt)
- Undefined (und)
- System (sys)
Higher privilege modes can access all resources available to lower privilege ones. Additionally:
- User and System mode can access all resources.
- FIQ mode has exclusive access to banked FIQ registers.
- Supervisor mode protects OS system calls from User mode.
- Abort and Undefined modes assist debugging.
Attempting to switch to a lower privilege level is allowed. But increasing privilege can only be done by exception entries or explicit writes by privileged code.
CPSR and Mode Control
The CPSR controls processor mode switching in the following ways:
- Reading the CPSR returns the current mode.
- Writing the mode field transitions to a new mode.
- Exceptions and interrupts automatically update the CPSR.
- SREX instructions allow mode changes in exception entries/returns.
Some considerations for CPSR mode control:
- Mode changes to lower privilege are always permitted.
- Increasing privilege requires high privilege code.
- User and System can freely switch modes.
- Other modes require exceptions or privilege code.
- Polling the CPSR mode flags can monitor context switches.
- Ensure CPSR banked register changes match when changing modes.
Processor Mode Transitions
The processor can transition between modes using:
- Exceptions – Asynchronous interrupts and aborts update CPSR for new mode.
- Co-processor Instructions – MCR/MRC to CP15 manipulate CPSR.
- LDR/STR – Direct reads/writes to CPSR for User/System modes.
- BX/BLX – Branch with exchange switches modes and changes instruction set.
- SREX – Special exceptions handling instructions.
Examples of mode transitions:
- IRQ exception – Goes from current mode to IRQ mode.
- SVC call – Goes from User to Supervisor mode.
- STR CPSR – User mode directly changing to another mode.
- MCR CP15 – Supervisor code manipulating CPSR.
- RFE – Return from Exception restores previous mode.
User mode executes unprivileged application code and uses the R13_usr register bank. It can only access resources available to it and lower modes. Typical operations in User mode:
- Execute application instructions – Arithmetic, logical, load/store.
- Access user stack pointer, program counter, general purpose registers R0-R12.
- Control transitions to other unprivileged modes using software interrupts or exceptions.
- Directly manipulate CPSR using LDR and STR instructions.
- Call Supervisor mode code using SVC software interrupt for OS system calls.
- Trap to IRQ mode on receiving interrupts.
FIQ mode has exclusive access to the banked FIQ registers R8_fiq-R14_fiq. It is commonly used for time critical fast interrupt processing. Activities in FIQ mode:
- Low latency interrupt handling using dedicated FIQ registers.
- FIQ interrupts preempt IRQ interrupts.
- Returns to interrupted mode using RFE instruction.
- Cannot be interrupted by normal IRQ interrupts.
- Special FIQ exception vector distinct from IRQ.
IRQ mode handles general purpose interrupt processing using the R13_irq and R14_irq register banks. Typical uses include:
- Service routine execution for most interrupt sources.
- Lower priority handling than FIQ interrupts.
- Uses distinct IRQ stack to avoid corrupting user stacks.
- Returns to interrupted mode and restores state with RFE.
- Registers banked state with User and other modes.
Supervisor mode protects OS system calls from user applications using the R13_svc and R14_svc banked registers. Activities performed in Supervisor mode:
- Protected execution environment for OS system calls.
- Trap system calls using SVC instruction from User mode.
- Direct access to many system resources.
- Returns to User mode using MOVS PC instruction.
- Common entry point into privileged execution.
Abort mode assists debugging and handles serious system errors like memory access violations. It uses R13_abt and R14_abt banked registers with features like:
- Entered by Data Abort and Prefetch Abort exceptions.
- Aborts are imprecise, allowing state examination.
- Used by debug monitors and system crash handlers.
- Halts normal processor operation.
- Allows safe recovery once error is resolved.
Undefined mode is used for debugging illegal instruction executions. It uses the R13_und and R14_und register banks with properties such as:
- Triggered by attempting to execute an undefined instruction.
- Prints illegal instruction details.
- Halts further execution until resolved.
- Assists with detecting instruction issues.
- Required for full instruction set emulation.
System mode runs the most privileged code and uses R13_svc and R14_svc banked registers. Features include:
- Highest privilege level – Access to all resources.
- Direct manipulation of CPSR using LDR and STR instructions.
- Unrestricted access to all special registers and features.
- Does not require entry through exception.
- Commonly used for OS kernel, hypervisor, and monitor code.
CPSR Updates on Exceptions
Exceptions like interrupts and aborts automatically update the CPSR when entering their respective modes:
- IRQ – Sets IRQ mode bits in CPSR.
- FIQ – Sets FIQ mode and disables IRQ interrupts.
- Data Abort – Sets Abort mode and halts further memory access.
- Undefined instruction – Sets Undefined mode.
- Supervisor Call – Sets Supervisor mode.
This allows asynchronous events to directly transition the processor into the required mode to handle each case.
SREX (Set Register on EXception) instructions embed CPSR updates in exception entry/exit sequences:
- SRS – Save return state stores return CPSR value.
- RFE – Return from exception restores SRS saved state.
- CPS – Change processor state updates the CPSR.
- SETEND – Sets endianness mode in CPSR.
This allows exception handlers to directly control CPSR transitions.
BX and BLX Instructions
BX and BLX branch with exchange instructions allow both mode transitions and instruction set changes:
- BX Rn – Branch to Rn and switch mode based on Rn’s least significant bits.
- BLX Rn – Branch with link and exchange to Rn’s new mode.
- Used by exception returns and interworking calls.
This enables low overhead transitions between modes during normal execution.
CP15 CPS Instructions
Co-processor 15 provides CPS (Change Processor State) instructions to modify CPSR:
- MCR CP15 allows privileged software to directly write the CPSR.
- MRC CP15 reads the current CPSR state.
- Used by Supervisor, System, Abort, Undefined modes.
- Controls mode, interrupts, endianness, other flags.
This provides a controlled mechanism for modifying CPSR in privileged modes.
Typical Mode Usage
Typical usage scenarios for ARM processor modes:
- User – Runs normal application and system calls.
- FIQ – Time critical interrupt handler.
- IRQ – General interrupt handling.
- Supervisor – Protected OS system calls.
- Abort – Debugging and serious error handling.
- Undefined – Debugging undefined instructions.
- System – Privileged OS kernel and hypervisor.
Matching the mode to the task at hand provides an efficient privilege separated execution environment.
Mode Usage in OS Kernels
Typical OS kernel usage of processor modes:
- User – Applications and unprivileged tasks.
- FIQ – May be reserved by the kernel.
- IRQ – Interrupt service routines.
- Supervisor – Kernel system call interface.
- Abort – Kernel debug and abort handling.
- Undefined – Kernel undefined instruction handling.
- System – Kernel privileged execution.
This maps kernel infrastructure cleanly onto the available modes.
Hypervisor Mode Usage
Hypervisor usage scenarios for modes:
- User – Guest OS unprivileged operation.
- FIQ/IRQ – Forward interrupts to Guest OS.
- Supervisor – Guest OS system calls.
- Abort/Undefined – Debugging guest OS issues.
- System – Guest OS kernel.
- Monitor – Hypervisor runs here.
This allows Guest OSes to execute normally while hypervisor controls privileges.
TrustZone Security Mode Usage
TrustZone Security Extensions use modes as follows:
- User – Normal world unprivileged operation.
- FIQ/IRQ – Forward interrupts to Normal world OS.
- Supervisor – Normal world OS system calls.
- System – Normal world OS kernel.
- Monitor – Secure world execution.
This provides isolation between Normal and Secure worlds enforced by hardware.
Debugging the CPSR
Methods for debugging processor modes and CPSR contents:
- Printing mode bits and decoding value.
- Stepping through code and monitoring CPSR changes.
- Placing breakpoints on exception entries/returns.
- Tracking R13, R14 and banked register usage per mode.
- Ensuring proper exception sequencing.
- Checking return addresses on exception exits.
- Monitoring SRS/RFE save and restore behavior.
Mastering ARM mode transitions and the CPSR behavior is key to robust system design.
The ARM CPSR controls the processor operating mode and enables robust switching between different privilege levels. Each mode has banked registers and optimized entry/exit sequences to support its specific role. The CPSR mode field encodes the current mode, allowing transitions to occur when changing it directly or on asynchronous exceptions. Proper usage of the modes is key to creating secure and stable systems.