Branch Target Identification. A BTI instruction is used to guard against the execution of instructions which are not the intended target of a branch.
Outside of a guarded memory region, a BTI instruction executes as a NOP. Within a guarded memory region while PSTATE.BTYPE != 0b00, a BTI instruction compatible with the current value of PSTATE.BTYPE will not generate a Branch Target Exception and will allow execution of subsequent instructions within the memory region.
The operand <targets> passed to a BTI instruction determines the values of PSTATE.BTYPE which the BTI instruction is compatible with.
Within a guarded memory region, when PSTATE.BTYPE != 0b00, all instructions will generate a Branch Target Exception, other than BRK, BTI, HLT, PACIASP, and PACIBSP, which might not. See the individual instructions for more information.
| 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
| 1 | 1 | 0 | 1 | 0 | 1 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 1 | 0 | 0 | 1 | 0 | 0 | 1 | 0 | 0 | x | x | 0 | 1 | 1 | 1 | 1 | 1 |
| CRm | op2 | ||||||||||||||||||||||||||||||
BTI {<targets>}
SystemHintOp op; case CRm:op2 of when '0000 000' op = SystemHintOp_NOP; when '0000 001' op = SystemHintOp_YIELD; when '0000 010' op = SystemHintOp_WFE; when '0000 011' op = SystemHintOp_WFI; when '0000 100' op = SystemHintOp_SEV; when '0000 101' op = SystemHintOp_SEVL; when '0000 110' if !HaveDGHExt() then EndOfInstruction(); // Instruction executes as NOP op = SystemHintOp_DGH; when '0000 111' SEE "XPACLRI"; when '0001 xxx' case op2 of when '000' SEE "PACIA1716"; when '010' SEE "PACIB1716"; when '100' SEE "AUTIA1716"; when '110' SEE "AUTIB1716"; otherwise EndOfInstruction(); // Instruction executes as NOP when '0010 000' if !HaveRASExt() then EndOfInstruction(); // Instruction executes as NOP op = SystemHintOp_ESB; when '0010 001' if !HaveStatisticalProfiling() then EndOfInstruction(); // Instruction executes as NOP op = SystemHintOp_PSB; when '0010 010' if !HaveSelfHostedTrace() then EndOfInstruction(); // Instruction executes as NOP op = SystemHintOp_TSB; when '0010 100' op = SystemHintOp_CSDB; when '0011 xxx' case op2 of when '000' SEE "PACIAZ"; when '001' SEE "PACIASP"; when '010' SEE "PACIBZ"; when '011' SEE "PACIBSP"; when '100' SEE "AUTIAZ"; when '101' SEE "AUTHASP"; when '110' SEE "AUTIBZ"; when '111' SEE "AUTIBSP"; when '0100 xx0' op = SystemHintOp_BTI; // Check branch target compatibility between BTI instruction and PSTATE.BTYPE SetBTypeCompatible(BTypeCompatible_BTI(op2<2:1>)); otherwise EndOfInstruction(); // Instruction executes as NOP
| <targets> |
Is the type of indirection,
encoded in
|
case op of when SystemHintOp_YIELD Hint_Yield(); when SystemHintOp_DGH Hint_DGH(); when SystemHintOp_WFE integer localtimeout = -1; // No local timeout event is generated Hint_WFE(localtimeout, WFxType_WFE); when SystemHintOp_WFI integer localtimeout = -1; // No local timeout event is generated Hint_WFI(localtimeout, WFxType_WFI); when SystemHintOp_SEV SendEvent(); when SystemHintOp_SEVL SendEventLocal(); when SystemHintOp_ESB if HaveTME() && TSTATE.depth > 0 then FailTransaction(TMFailure_ERR, FALSE); SynchronizeErrors(); AArch64.ESBOperation(); if PSTATE.EL IN {EL0, EL1} && EL2Enabled() then AArch64.vESBOperation(); TakeUnmaskedSErrorInterrupts(); when SystemHintOp_PSB ProfilingSynchronizationBarrier(); when SystemHintOp_TSB TraceSynchronizationBarrier(); when SystemHintOp_CSDB ConsumptionOfSpeculativeDataBarrier(); when SystemHintOp_BTI SetBTypeNext('00'); otherwise // do nothing
Internal version only: isa v33.11seprel, AdvSIMD v29.05, pseudocode v2021-09_rel, sve v2021-09_rc3d ; Build timestamp: 2021-10-06T11:41
Copyright © 2010-2021 Arm Limited or its affiliates. All rights reserved. This document is Non-Confidential.