HSR, Hyp Syndrome Register

The HSR characteristics are:

Purpose

Holds syndrome information for an exception taken to Hyp mode.

Configuration

AArch32 System register HSR bits [31:0] are architecturally mapped to AArch64 System register ESR_EL2[31:0].

This register is present only when EL2 is capable of using AArch32. Otherwise, direct accesses to HSR are UNDEFINED.

If EL2 is not implemented, this register is RES0 from EL3.

Attributes

HSR is a 32-bit register.

Field descriptions

313029282726252423222120191817161514131211109876543210
ECILISS

Execution in any Non-secure PE mode other than Hyp mode makes this register UNKNOWN.

When an UNPREDICTABLE instruction is treated as UNDEFINED, and the exception is taken to EL2, the value of HSR is UNKNOWN. The value written to HSR must be consistent with a value that could be created as a result of an exception from the same Exception level that generated the exception as a result of a situation that is not UNPREDICTABLE at that Exception level, in order to avoid the possibility of a privilege violation.

EC, bits [31:26]

Exception Class. Indicates the reason for the exception that this register holds information about. Possible values of this field are:

ECMeaningISS
0b000000

Unknown reason.

ISS encoding for exceptions with an unknown reason
0b000001

Trapped WFI or WFE instruction execution.

Conditional WFE and WFI instructions that fail their condition code check do not cause an exception.

ISS encoding for Exception from a WFI or WFE instruction
0b000011

Trapped MCR or MRC access with (coproc==0b1111) that is not reported using EC 0b000000.

ISS encoding for Exception from an MCR or MRC access
0b000100

Trapped MCRR or MRRC access with (coproc==0b1111) that is not reported using EC 0b000000.

ISS encoding for Exception from an MCRR or MRRC access
0b000101

Trapped MCR or MRC access with (coproc==0b1110).

ISS encoding for Exception from an MCR or MRC access
0b000110

Trapped LDC or STC access.

The only architected uses of these instructions are:

ISS encoding for Exception from an LDC or STC instruction
0b000111

Access to Advanced SIMD or floating-point functionality trapped by a HCPTR.{TASE, TCP10} control.

Excludes exceptions generated because Advanced SIMD and floating-point are not implemented. These are reported with EC value 0b000000.

ISS encoding for Exception from an access to SIMD or floating-point functionality, resulting from HCPTR
0b001000

Trapped VMRS access, from ID group trap, that is not reported using EC 0b000111.

ISS encoding for Exception from an MCR or MRC access
0b001100

Trapped MRRC access with (coproc==0b1110).

ISS encoding for Exception from an MCRR or MRRC access
0b001110

Illegal exception return to AArch32 state.

ISS encoding for Exception from an Illegal state or PC alignment fault
0b010001

Exception on SVC instruction execution in AArch32 state routed to EL2.

ISS encoding for Exception from HVC or SVC instruction execution
0b010010

HVC instruction execution in AArch32 state, when HVC is not disabled.

ISS encoding for Exception from HVC or SVC instruction execution
0b010011

Trapped execution of SMC instruction in AArch32 state.

ISS encoding for Exception from SMC instruction execution
0b100000

Prefetch Abort from a lower Exception level.

ISS encoding for Exception from a Prefetch Abort
0b100001

Prefetch Abort taken without a change in Exception level.

ISS encoding for Exception from a Prefetch Abort
0b100010

PC alignment fault exception.

ISS encoding for Exception from an Illegal state or PC alignment fault
0b100100

Data Abort exception from a lower Exception level.

ISS encoding for Exception from a Data Abort
0b100101

Data Abort exception taken without a change in Exception level.

ISS encoding for Exception from a Data Abort

All other EC values are reserved by Arm, and:

The effect of programming this field to a reserved value is that behavior is CONSTRAINED UNPREDICTABLE.

The reset behavior of this field is:

IL, bit [25]

Instruction length bit. Indicates the size of the instruction that has been trapped to Hyp mode. When this bit is valid, possible values of this bit are:

ILMeaning
0b0

16-bit instruction trapped.

0b1

32-bit instruction trapped.

This field is RES1 and not valid for the following cases:

The IL field is not valid and is UNKNOWN on an exception from a PC alignment fault.

The reset behavior of this field is:

ISS, bits [24:0]

Instruction Specific Syndrome. Architecturally, this field can be defined independently for each defined Exception class. However, in practice, some ISS encodings are used for more than one Exception class.

ISS encoding for exceptions with an unknown reason

2423222120191817161514131211109876543210
RES0

Bits [24:0]

Reserved, RES0.

This EC code is used for all exceptions that are not covered by any other EC value. This includes exceptions that are generated in the following situations:

  • The attempted execution of an instruction bit pattern that has no allocated instruction or is not accessible in the current PE mode in the current Security state, including:
    • A read access using a System register encoding pattern that is not allocated for reads or that does not permit reads in the current PE mode and Security state.
    • A write access using a System register encoding pattern that is not allocated for writes or that does not permit writes in the current PE mode and Security state.
    • Instruction encodings that are unallocated.
    • Instruction encodings for instructions not implemented in the implementation.
  • In Debug state, the attempted execution of an instruction bit pattern that is not accessible in Debug state.
  • In Non-debug state, the attempted execution of an instruction bit pattern that is not accessible in Non-debug state.
  • The attempted execution of a short vector floating-point instruction.
  • In an implementation that does not include Advanced SIMD and floating-point functionality, an attempted access to Advanced SIMD or floating-point functionality under conditions where that access would be permitted if that functionality was present. This includes the attempted execution of an Advanced SIMD or floating-point instruction, and attempted accesses to Advanced SIMD and floating-point System registers.
  • An exception generated because of the value of one of the SCTLR.{ITD, SED, CP15BEN} control bits.
  • Attempted execution of:
    • An HVC instruction when disabled by HCR.HCD, SCR.HCE, or SCR_EL3.HCE.
    • An SMC instruction when disabled by SCR.SCD or SCR_EL3.SMD.
    • An HLT instruction when disabled by EDSCR.HDE.
  • An HVC instruction when disabled by HCR.HCD, SCR.HCE, or SCR_EL3.HCE.An SMC instruction when disabled by SCR.SCD or SCR_EL3.SMD.An HLT instruction when disabled by EDSCR.HDE.
  • An exception generated because of the attempted execution of an MSR (Banked register) or MRS (Banked register) instruction that would access a Banked register that is not accessible from the Security state and PE mode at which the instruction was executed.
Note

An exception is generated only if the CONSTRAINED UNPREDICTABLE behavior of the instruction is that it is UNDEFINED, see 'MSR (banked register) and MRS (banked register)'.

  • Attempted execution, in Debug state, of:
    • A DCPS1 instruction in Non-secure state from EL0 when EL2 is using AArch32 and the value of HCR.TGE is 1.
    • A DCPS2 instruction at EL1 or EL0 when EL2 is not implemented, or when EL3 is using AArch32 and the value of SCR.NS is 0, or when EL3 is using AArch64 and the value of SCR_EL3.NS is 0.
    • A DCPS3 instruction when EL3 is not implemented, or when the value of EDSCR.SDD is 1.
  • In Debug state when the value of EDSCR.SDD is 1, the attempted execution at EL2, EL1, or EL0 of an instruction that is configured to trap to EL3.

'Undefined Instruction exception, when the value of HCR.TGE is 1' describes the configuration settings for a trap that returns an HSR.EC value of 0b000000.

ISS encoding for Exception from a WFI or WFE instruction

2423222120191817161514131211109876543210
CVCONDRES0TI

CV, bit [24]

Condition code valid. Possible values of this bit are:

CVMeaning
0b0

The COND field is not valid.

0b1

The COND field is valid.

When an A32 instruction is trapped, CV is set to 1.

When a T32 instruction is trapped, it is IMPLEMENTATION DEFINED whether CV is set to 1 or set to 0. For more information, see the description of the COND field.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

COND, bits [23:20]

The condition code for the trapped instruction.

When an A32 instruction is trapped, CV is set to 1 and:

  • If the instruction is conditional, COND is set to the condition code field value from the instruction.
  • If the instruction is unconditional, COND is set to 0b1110.

A conditional A32 instruction that is known to pass its condition code check can be presented either:

  • With COND set to 0b1110, the value for unconditional.
  • With the COND value held in the instruction.

When a T32 instruction is trapped, it is IMPLEMENTATION DEFINED whether:

  • CV is set to 0 and COND is set to an UNKNOWN value. Software must examine the SPSR.IT field to determine the condition, if any, of the T32 instruction.
  • CV is set to 1 and COND is set to the condition code for the condition that applied to the instruction.

For an implementation that, for both A32 and T32 instructions, takes an exception on a trapped conditional instruction only if the instruction passes its condition code check, these definitions mean that when CV is set to 1 it is IMPLEMENTATION DEFINED whether the COND field is set to 0b1110, or to the value of any condition that applied to the instruction.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Bits [19:1]

Reserved, RES0.

TI, bit [0]

Trapped instruction. Possible values of this bit are:

TIMeaning
0b0

WFI trapped.

0b1

WFE trapped.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

'Traps to Hyp mode of Non-secure EL0 and EL1 execution of WFE and WFI instructions' describes the configuration settings for this trap.

ISS encoding for Exception from an MCR or MRC access

2423222120191817161514131211109876543210
CVCONDOpc2Opc1CRnRES0RtCRmDirection

CV, bit [24]

Condition code valid. Possible values of this bit are:

CVMeaning
0b0

The COND field is not valid.

0b1

The COND field is valid.

When an A32 instruction is trapped, CV is set to 1.

When a T32 instruction is trapped, it is IMPLEMENTATION DEFINED whether CV is set to 1 or set to 0. For more information, see the description of the COND field.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

COND, bits [23:20]

The condition code for the trapped instruction.

When an A32 instruction is trapped, CV is set to 1 and:

  • If the instruction is conditional, COND is set to the condition code field value from the instruction.
  • If the instruction is unconditional, COND is set to 0b1110.

A conditional A32 instruction that is known to pass its condition code check can be presented either:

  • With COND set to 0b1110, the value for unconditional.
  • With the COND value held in the instruction.

When a T32 instruction is trapped, it is IMPLEMENTATION DEFINED whether:

  • CV is set to 0 and COND is set to an UNKNOWN value. Software must examine the SPSR.IT field to determine the condition, if any, of the T32 instruction.
  • CV is set to 1 and COND is set to the condition code for the condition that applied to the instruction.

For an implementation that, for both A32 and T32 instructions, takes an exception on a trapped conditional instruction only if the instruction passes its condition code check, these definitions mean that when CV is set to 1 it is IMPLEMENTATION DEFINED whether the COND field is set to 0b1110, or to the value of any condition that applied to the instruction.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Opc2, bits [19:17]

The Opc2 value from the issued instruction.

For a trapped VMRS access, holds the value 0b000.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Opc1, bits [16:14]

The Opc1 value from the issued instruction.

For a trapped VMRS access, holds the value 0b111.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

CRn, bits [13:10]

The CRn value from the issued instruction.

For a trapped VMRS access, holds the reg field from the VMRS instruction encoding.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Bit [9]

Reserved, RES0.

Rt, bits [8:5]

The Rt value from the issued instruction, the general-purpose register used for the transfer.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

CRm, bits [4:1]

The CRm value from the issued instruction.

For a trapped VMRS access, holds the value 0b0000.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Direction, bit [0]

Indicates the direction of the trapped instruction.

DirectionMeaning
0b0

Write to System register space. MCR instruction.

0b1

Read from System register space. MRC or VMRS instruction.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

The following sections describe configuration settings for traps that are reported using EC value 0b000011:

  • 'Traps to Hyp mode of Non-secure EL0 and EL1 accesses to the ID registers'.
  • 'Traps to Hyp mode of Non-secure EL0 and EL1 accesses to lockdown, DMA, and TCM operations'.
  • 'Traps to Hyp mode of Non-secure EL1 execution of cache maintenance instructions'.
  • 'Traps to Hyp mode of Non-secure EL1 execution of TLB maintenance instructions'.
  • 'Traps to Hyp mode of Non-secure EL1 accesses to the Auxiliary Control Register'.
  • 'Traps to Hyp mode of Non-secure EL0 and EL1 accesses to Performance Monitors registers'.
  • 'Traps to Hyp mode of Non-secure EL0 and EL1 accesses to Activity Monitors registers'.
  • 'Traps to Hyp mode of Non-secure EL1 accesses to the CPACR'.
  • 'Traps to Hyp mode of Non-secure EL1 accesses to virtual memory control registers'.
  • 'General trapping to Hyp mode of Non-secure EL0 and EL1 accesses to System registers in the (coproc == 1111) encoding space'.

The following sections describe configuration settings for traps that are reported using EC value 0b000101:

  • 'ID group 0, Primary device identification registers'.
  • 'Traps to Hyp mode of Non-secure System register accesses to trace registers'.
  • 'Trapping Non-secure System register accesses to Debug ROM registers'.
  • 'Trapping Non-secure System register accesses to powerdown debug registers'.
  • 'Trapping general Non-secure System register accesses to debug registers'.

The following sections describes configuration settings for traps that are reported using EC value 0b001000:

  • 'ID group 0, Primary device identification registers'.
  • 'ID group 3, Detailed feature identification registers'.

ISS encoding for Exception from an MCRR or MRRC access

2423222120191817161514131211109876543210
CVCONDOpc1RES0Rt2RES0RtCRmDirection

CV, bit [24]

Condition code valid. Possible values of this bit are:

CVMeaning
0b0

The COND field is not valid.

0b1

The COND field is valid.

When an A32 instruction is trapped, CV is set to 1.

When a T32 instruction is trapped, it is IMPLEMENTATION DEFINED whether CV is set to 1 or set to 0. For more information, see the description of the COND field.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

COND, bits [23:20]

The condition code for the trapped instruction.

When an A32 instruction is trapped, CV is set to 1 and:

  • If the instruction is conditional, COND is set to the condition code field value from the instruction.
  • If the instruction is unconditional, COND is set to 0b1110.

A conditional A32 instruction that is known to pass its condition code check can be presented either:

  • With COND set to 0b1110, the value for unconditional.
  • With the COND value held in the instruction.

When a T32 instruction is trapped, it is IMPLEMENTATION DEFINED whether:

  • CV is set to 0 and COND is set to an UNKNOWN value. Software must examine the SPSR.IT field to determine the condition, if any, of the T32 instruction.
  • CV is set to 1 and COND is set to the condition code for the condition that applied to the instruction.

For an implementation that, for both A32 and T32 instructions, takes an exception on a trapped conditional instruction only if the instruction passes its condition code check, these definitions mean that when CV is set to 1 it is IMPLEMENTATION DEFINED whether the COND field is set to 0b1110, or to the value of any condition that applied to the instruction.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Opc1, bits [19:16]

The Opc1 value from the issued instruction.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Bits [15:14]

Reserved, RES0.

Rt2, bits [13:10]

The Rt2 value from the issued instruction, the second general-purpose register used for the transfer.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Bit [9]

Reserved, RES0.

Rt, bits [8:5]

The Rt value from the issued instruction, the first general-purpose register used for the transfer.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

CRm, bits [4:1]

The CRm value from the issued instruction.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Direction, bit [0]

Indicates the direction of the trapped instruction.

DirectionMeaning
0b0

Write to System register space. MCRR instruction.

0b1

Read from System register space. MRRC instruction.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

The following sections describe configuration settings for traps that are reported using EC value 0b000100:

  • 'Traps to Hyp mode of Non-secure EL1 accesses to virtual memory control registers'.
  • 'Traps to Hyp mode of Non-secure EL0 and EL1 accesses to Performance Monitors registers'.
  • 'Traps to Hyp mode of Non-secure EL0 and EL1 accesses to Activity Monitors registers'.
  • 'Traps to Hyp mode of Non-secure EL0 and EL1 accesses to the Generic Timer registers'.
  • 'General trapping to Hyp mode of Non-secure EL0 and EL1 accesses to System registers in the (coproc == 1111) encoding space'.

The following sections describe configuration settings for traps that are reported using EC value 0b001100:

  • 'Traps to Hyp mode of Non-secure System register accesses to trace registers'.
  • 'Trapping Non-secure System register accesses to Debug ROM registers'.

ISS encoding for Exception from an LDC or STC instruction

2423222120191817161514131211109876543210
CVCONDimm8RES0RnOffsetAMDirection

CV, bit [24]

Condition code valid. Possible values of this bit are:

CVMeaning
0b0

The COND field is not valid.

0b1

The COND field is valid.

When an A32 instruction is trapped, CV is set to 1.

When a T32 instruction is trapped, it is IMPLEMENTATION DEFINED whether CV is set to 1 or set to 0. For more information, see the description of the COND field.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

COND, bits [23:20]

The condition code for the trapped instruction.

When an A32 instruction is trapped, CV is set to 1 and:

  • If the instruction is conditional, COND is set to the condition code field value from the instruction.
  • If the instruction is unconditional, COND is set to 0b1110.

A conditional A32 instruction that is known to pass its condition code check can be presented either:

  • With COND set to 0b1110, the value for unconditional.
  • With the COND value held in the instruction.

When a T32 instruction is trapped, it is IMPLEMENTATION DEFINED whether:

  • CV is set to 0 and COND is set to an UNKNOWN value. Software must examine the SPSR.IT field to determine the condition, if any, of the T32 instruction.
  • CV is set to 1 and COND is set to the condition code for the condition that applied to the instruction.

For an implementation that, for both A32 and T32 instructions, takes an exception on a trapped conditional instruction only if the instruction passes its condition code check, these definitions mean that when CV is set to 1 it is IMPLEMENTATION DEFINED whether the COND field is set to 0b1110, or to the value of any condition that applied to the instruction.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

imm8, bits [19:12]

The immediate value from the issued instruction.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Bits [11:9]

Reserved, RES0.

Rn, bits [8:5]

The Rn value from the issued instruction. Valid only when AM[2] is 0, indicating an immediate form of the LDC or STC instruction.

When AM[2] is 1, indicating a literal form of the LDC or STC instruction, this field is UNKNOWN.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Offset, bit [4]

Indicates whether the offset is added or subtracted:

OffsetMeaning
0b0

Subtract offset.

0b1

Add offset.

This bit corresponds to the U bit in the instruction encoding.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

AM, bits [3:1]

Addressing mode. The permitted values of this field are:

AMMeaning
0b000

Immediate unindexed.

0b001

Immediate post-indexed.

0b010

Immediate offset.

0b011

Immediate pre-indexed.

0b100

Literal unindexed.

LDC instruction in A32 instruction set only.

For a trapped STC instruction or a trapped T32 LDC instruction this encoding is reserved.

0b110

Literal offset.

LDC instruction only.

For a trapped STC instruction, this encoding is reserved.

The values 0b101 and 0b111 are reserved. The effect of programming this field to a reserved value is that behavior is CONSTRAINED UNPREDICTABLE.

Bit [2] in this subfield indicates the instruction form, immediate or literal.

Bits [1:0] in this subfield correspond to the bits {P, W} in the instruction encoding.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Direction, bit [0]

Indicates the direction of the trapped instruction.

DirectionMeaning
0b0

Write to memory. STC instruction.

0b1

Read from memory. LDC instruction.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

'Trapping general Non-secure System register accesses to debug registers' describes the configuration settings for the trap that is reported using EC value 0b000110.

ISS encoding for Exception from an access to SIMD or floating-point functionality, resulting from HCPTR

2423222120191817161514131211109876543210
CVCONDRES0TARES0coproc

Excludes exceptions that occur because Advanced SIMD and floating-point functionality is not implemented, or because the value of HCR.TGE or HCR_EL2.TGE is 1. These are reported with EC value 0b000000.

CV, bit [24]

Condition code valid. Possible values of this bit are:

CVMeaning
0b0

The COND field is not valid.

0b1

The COND field is valid.

When an A32 instruction is trapped, CV is set to 1.

When a T32 instruction is trapped, it is IMPLEMENTATION DEFINED whether CV is set to 1 or set to 0. For more information, see the description of the COND field.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

COND, bits [23:20]

The condition code for the trapped instruction.

When an A32 instruction is trapped, CV is set to 1 and:

  • If the instruction is conditional, COND is set to the condition code field value from the instruction.
  • If the instruction is unconditional, COND is set to 0b1110.

A conditional A32 instruction that is known to pass its condition code check can be presented either:

  • With COND set to 0b1110, the value for unconditional.
  • With the COND value held in the instruction.

When a T32 instruction is trapped, it is IMPLEMENTATION DEFINED whether:

  • CV is set to 0 and COND is set to an UNKNOWN value. Software must examine the SPSR.IT field to determine the condition, if any, of the T32 instruction.
  • CV is set to 1 and COND is set to the condition code for the condition that applied to the instruction.

For an implementation that, for both A32 and T32 instructions, takes an exception on a trapped conditional instruction only if the instruction passes its condition code check, these definitions mean that when CV is set to 1 it is IMPLEMENTATION DEFINED whether the COND field is set to 0b1110, or to the value of any condition that applied to the instruction.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Bits [19:6]

Reserved, RES0.

TA, bit [5]

Indicates trapped use of Advanced SIMD functionality.

TAMeaning
0b0

Exception was not caused by trapped use of Advanced SIMD functionality.

0b1

Exception was caused by trapped use of Advanced SIMD functionality.

Any use of an Advanced SIMD instruction that is not also a floating-point instruction that is trapped to Hyp mode because of a trap configured in the HCPTR sets this bit to 1.

For a list of these instructions, see 'Controls of Advanced SIMD operation that do not apply to floating-point operation'.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Bit [4]

Reserved, RES0.

coproc, bits [3:0]

When the HSR.TA field returns the value 1, this field returns the value 0b1010. Otherwise, this field is RES0.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

The following sections describe the configuration settings for the traps that are reported using EC value 0b000111:

  • 'General trapping to Hyp mode of Non-secure accesses to the SIMD and floating-point registers'.
  • 'Traps to Hyp mode of Non-secure accesses to Advanced SIMD functionality'.

ISS encoding for Exception from HVC or SVC instruction execution

2423222120191817161514131211109876543210
RES0imm16

Bits [24:16]

Reserved, RES0.

imm16, bits [15:0]

The value of the immediate field from the HVC or SVC instruction.

For an HVC instruction, this is the value of the imm16 field of the issued instruction.

For an SVC instruction:

  • If the instruction is unconditional, then:
    • For the T32 instruction, this field is zero-extended from the imm8 field of the instruction.
    • For the A32 instruction, this field is the bottom 16 bits of the imm24 field of the instruction.
  • For the T32 instruction, this field is zero-extended from the imm8 field of the instruction.For the A32 instruction, this field is the bottom 16 bits of the imm24 field of the instruction.
  • If the instruction is conditional, this field is UNKNOWN.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

The HVC instruction is unconditional, and a conditional SVC instruction generates an exception only if it passes its condition code check. Therefore, the syndrome information for these exceptions does not require conditionality information.

'Supervisor Call exception, when the value of HCR.TGE is 1' describes the configuration settings for the trap reported with EC value 0b010001.

ISS encoding for Exception from SMC instruction execution

2423222120191817161514131211109876543210
CVCONDCCKNOWNPASSRES0

CV, bit [24]

Condition code valid. Possible values of this bit are:

CVMeaning
0b0

The COND field is not valid.

0b1

The COND field is valid.

When an A32 instruction is trapped, CV is set to 1.

When a T32 instruction is trapped, it is IMPLEMENTATION DEFINED whether CV is set to 1 or set to 0. For more information, see the description of the COND field.

This field is valid only if CCKNOWNPASS is 1, otherwise it is RES0.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

COND, bits [23:20]

The condition code for the trapped instruction.

When an A32 instruction is trapped, CV is set to 1 and:

  • If the instruction is conditional, COND is set to the condition code field value from the instruction.
  • If the instruction is unconditional, COND is set to 0b1110.

A conditional A32 instruction that is known to pass its condition code check can be presented either:

  • With COND set to 0b1110, the value for unconditional.
  • With the COND value held in the instruction.

When a T32 instruction is trapped, it is IMPLEMENTATION DEFINED whether:

  • CV is set to 0 and COND is set to an UNKNOWN value. Software must examine the SPSR.IT field to determine the condition, if any, of the T32 instruction.
  • CV is set to 1 and COND is set to the condition code for the condition that applied to the instruction.

For an implementation that, for both A32 and T32 instructions, takes an exception on a trapped conditional instruction only if the instruction passes its condition code check, these definitions mean that when CV is set to 1 it is IMPLEMENTATION DEFINED whether the COND field is set to 0b1110, or to the value of any condition that applied to the instruction.

This field is valid only if CCKNOWNPASS is 1, otherwise it is RES0.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

CCKNOWNPASS, bit [19]

Indicates whether the instruction might have failed its condition code check.

CCKNOWNPASSMeaning
0b0

The instruction was unconditional, or was conditional and passed its condition code check.

0b1

The instruction was conditional, and might have failed its condition code check.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Bits [18:0]

Reserved, RES0.

'Traps to Hyp mode of Non-secure EL1 execution of SMC instructions' describes the configuration settings for this trap, for instructions executed in Non-secure EL1.

ISS encoding for Exception from a Prefetch Abort

2423222120191817161514131211109876543210
RES0FnVEARES0S1PTWRES0IFSC

Bits [24:11]

Reserved, RES0.

FnV, bit [10]

FAR not Valid, for a synchronous External abort other than a synchronous External abort on a translation table walk.

FnVMeaning
0b0

HIFAR is valid.

0b1

HIFAR is not valid, and holds an UNKNOWN value.

This field is valid only if the IFSC code is 0b010000. It is RES0 for all other aborts.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

EA, bit [9]

External abort type. This bit can provide an IMPLEMENTATION DEFINED classification of External aborts.

For any abort other than an External abort this bit returns a value of 0.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Bit [8]

Reserved, RES0.

S1PTW, bit [7]

For a stage 2 fault, indicates whether the fault was a stage 2 fault on an access made for a stage 1 translation table walk:

S1PTWMeaning
0b0

Fault not on a stage 2 translation for a stage 1 translation table walk.

0b1

Fault on the stage 2 translation of an access for a stage 1 translation table walk.

For any abort other than a stage 2 fault this bit is RES0.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Bit [6]

Reserved, RES0.

IFSC, bits [5:0]

Instruction Fault Status Code. Possible values of this field are:

IFSCMeaningApplies when
0b000000

Address size fault in translation table base register.

0b000001

Address size fault, level 1.

0b000010

Address size fault, level 2.

0b000011

Address size fault, level 3.

0b000101

Translation fault, level 1.

0b000110

Translation fault, level 2.

0b000111

Translation fault, level 3.

0b001001

Access flag fault, level 1.

0b001010

Access flag fault, level 2.

0b001011

Access flag fault, level 3.

0b001101

Permission fault, level 1.

0b001110

Permission fault, level 2.

0b001111

Permission fault, level 3.

0b010000

Synchronous External abort, not on translation table walk.

0b010101

Synchronous External abort on translation table walk, level 1.

0b010110

Synchronous External abort on translation table walk, level 2.

0b010111

Synchronous External abort on translation table walk, level 3.

0b011000

Synchronous parity or ECC error on memory access, not on translation table walk.

When FEAT_RAS is not implemented
0b011101

Synchronous parity or ECC error on memory access on translation table walk, level 1.

When FEAT_RAS is not implemented
0b011110

Synchronous parity or ECC error on memory access on translation table walk, level 2.

When FEAT_RAS is not implemented
0b011111

Synchronous parity or ECC error on memory access on translation table walk, level 3.

When FEAT_RAS is not implemented
0b100010

Debug exception.

0b110000

TLB conflict abort.

All other values are reserved.

For more information about the lookup level associated with a fault, see 'The level associated with MMU faults on a Long-descriptor translation table lookup'.

If the S1PTW bit is set, then the level refers the level of the stage2 translation that is translating a stage 1 translation walk.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

The following sections describe cases where Prefetch Abort exceptions can be routed to Hyp mode, generating exceptions that are reported in the HSR with EC value 0b100000:

  • 'Abort exceptions, when the value of HCR.TGE is 1'.
  • 'Routing debug exceptions to EL2 using AArch32'.

ISS encoding for Exception from an Illegal state or PC alignment fault

2423222120191817161514131211109876543210
RES0

Bits [24:0]

Reserved, RES0.

For more information about the Illegal state exception, see:

  • 'Illegal changes to PSTATE.M'.
  • 'Illegal return events from AArch32 state'.
  • 'Legal returns that set PSTATE.IL to 1'.
  • 'The Illegal Execution state exception'.

For more information about the PC alignment fault exception, see 'Branching to an unaligned PC'.

ISS encoding for Exception from a Data Abort

2423222120191817161514131211109876543210
ISVSASSSERES0SRTRES0ARRES0Bits[11:10]EACMS1PTWWnRDFSC

ISV, bit [24]

Instruction Syndrome Valid. Indicates whether the syndrome information in ISS[23:14] is valid.

ISVMeaning
0b0

No valid instruction syndrome. ISS[23:14] are RES0.

0b1

ISS[23:14] hold a valid instruction syndrome.

This bit is 0 for all faults except Data Abort exceptions generated by stage 2 address translations for which all the following apply to the instruction that generated the Data Abort exception:

  • The instruction is an LDR, LDA, LDRT, LDRSH, LDRSHT, LDRH, LDAH, LDRHT, LDRSB, LDRSBT, LDRB, LDAB, LDRBT, STR, STL, STRT, STRH, STLH, STRHT, STRB, STLB, or STRBT instruction.
  • The instruction is not performing register writeback.
  • The instruction is not using the PC as a source or destination register.

For these cases, ISV is UNKNOWN if the exception was generated in Debug state in memory access mode, as described in 'Data Abort exceptions in Memory access mode', and otherwise indicates whether ISS[23:14] hold a valid syndrome.

Note

In the A32 instruction set, LDR*T and STR*T instructions always perform register writeback and therefore never return a valid instruction syndrome.

When FEAT_RAS is implemented, ISV is 0 for any synchronous External abort.

ISV is set to 0 on a stage 2 abort on a stage 1 translation table walk.

When FEAT_RAS is not implemented, it is IMPLEMENTATION DEFINED whether ISV is set to 1 or 0 on a synchronous External abort on a stage 2 translation table walk.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

SAS, bits [23:22]

Syndrome Access Size. When ISV is 1, indicates the size of the access attempted by the faulting operation.

SASMeaning
0b00

Byte

0b01

Halfword

0b10

Word

0b11

Doubleword

This field is UNKNOWN when the value of ISV is UNKNOWN.

This field is RES0 when the value of ISV is 0.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

SSE, bit [21]

Syndrome Sign Extend. When ISV is 1, for a byte, halfword, or word load operation, indicates whether the data item must be sign extended. For these cases, the possible values of this bit are:

SSEMeaning
0b0

Sign-extension not required.

0b1

Data item must be sign-extended.

For all other operations this bit is 0.

This field is UNKNOWN when the value of ISV is UNKNOWN.

This field is RES0 when the value of ISV is 0.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Bit [20]

Reserved, RES0.

SRT, bits [19:16]

Syndrome Register Transfer. When ISV is 1, the register number of the Rt operand of the faulting instruction.

This field is UNKNOWN when the value of ISV is UNKNOWN.

This field is RES0 when the value of ISV is 0.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Bit [15]

Reserved, RES0.

AR, bit [14]

Acquire/Release. When ISV is 1, the possible values of this bit are:

ARMeaning
0b0

Instruction did not have acquire/release semantics.

0b1

Instruction did have acquire/release semantics.

This field is UNKNOWN when the value of ISV is UNKNOWN.

This field is RES0 when the value of ISV is 0.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

Bits [13:12]

Reserved, RES0.

Bits[11:10]
When FEAT_RAS is implemented:

AET, bits [1:0] of bits [11:10]

Asynchronous Error Type. When DFSC is 0b010001, describes the PE error state after taking the SError interrupt exception.

AETMeaning
0b00

Uncontainable (UC).

0b01

Unrecoverable state (UEU).

0b10

Restartable state (UEO).

0b11

Recoverable state (UER).

On a synchronous Data Abort exception, this field is RES0.

In the event of multiple errors taken as a single SError interrupt exception, the overall PE error state is reported.

Note

Software can use this information to determine what recovery might be possible. The recovery software must also examine any implemented fault records to determine the location and extent of the error.

When FEAT_RAS is not implemented, or when DFSC is not 0b010001:

  • Bit[11] is RES0.
  • Bit[10] forms the FnV field.
Note

Armv8.2 requires the implementation of FEAT_RAS.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.


Otherwise:

Bit [1] of bits [11:10]

Reserved, RES0.

FnV, bit [0] of bits [11:10]

FAR not Valid, for a synchronous External abort other than a synchronous External abort on a translation table walk.

FnVMeaning
0b0

HDFAR is valid.

0b1

HDFAR is not valid, and holds an UNKNOWN value.

When FEAT_RAS is not implemented, this field is valid only if DFSC is 0b010000. It is RES0 for all other aborts.

When FEAT_RAS is implemented:

  • If DFSC is 0b010000, this field is valid.
  • If DFSC is 0b010001, this bit forms part of the AET field, becoming AET[0].
  • This field is RES0 for all other aborts.
Note

Armv8.2 requires the implementation of FEAT_RAS.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

EA, bit [9]

External Abort type. This bit can provide an IMPLEMENTATION DEFINED classification of External aborts.

For any abort other than an External abort this bit returns a value of 0.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

CM, bit [8]

Cache Maintenance. For a synchronous fault, identifies fault that comes from a cache maintenance or address translation instruction. For synchronous faults, the possible values of this bit are:

CMMeaning
0b0

Fault not generated by a cache maintenance or address translation instruction.

0b1

Fault generated by a cache maintenance or address translation instruction.

For an asynchronous Data Abort exception, this bit is 0.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

S1PTW, bit [7]

For a stage 2 fault, indicates whether the fault was a stage 2 fault on an access made for a stage 1 translation table walk:

S1PTWMeaning
0b0

Fault not on a stage 2 translation for a stage 1 translation table walk.

0b1

Fault on the stage 2 translation of an access for a stage 1 translation table walk.

For any abort other than a stage 2 fault this bit is RES0.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

WnR, bit [6]

Write not Read. Indicates whether a synchronous abort was caused by a write instruction or a read instruction.

WnRMeaning
0b0

Abort caused by a read instruction.

0b1

Abort caused by a write instruction.

For faults on cache maintenance and address translation instructions, this bit always returns a value of 1.

On an asynchronous Data Abort exception:

  • When FEAT_RAS is not implemented, this bit is UNKNOWN.
  • When FEAT_RAS is implemented, this bit is RES0.
Note

Armv8.2 requires the implementation of FEAT_RAS.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

DFSC, bits [5:0]

Data Fault Status Code. Possible values of this field are:

DFSCMeaningApplies when
0b000000

Address size fault in translation table base register.

0b000001

Address size fault, level 1.

0b000010

Address size fault, level 2.

0b000011

Address size fault, level 3.

0b000101

Translation fault, level 1.

0b000110

Translation fault, level 2.

0b000111

Translation fault, level 3.

0b001001

Access flag fault, level 1.

0b001010

Access flag fault, level 2.

0b001011

Access flag fault, level 3.

0b001101

Permission fault, level 1.

0b001110

Permission fault, level 2.

0b001111

Permission fault, level 3.

0b010000

Synchronous External abort, not on translation table walk.

0b010001

Asynchronous SError interrupt.

0b010101

Synchronous External abort on translation table walk, level 1.

0b010110

Synchronous External abort on translation table walk, level 2.

0b010111

Synchronous External abort on translation table walk, level 3.

0b011000

Synchronous parity or ECC error on memory access, not on translation table walk.

When FEAT_RAS is not implemented
0b011001

Asynchronous SError interrupt, from a parity or ECC error on memory access.

When FEAT_RAS is not implemented
0b011101

Synchronous parity or ECC error on memory access on translation table walk, level 1.

When FEAT_RAS is not implemented
0b011110

Synchronous parity or ECC error on memory access on translation table walk, level 2.

When FEAT_RAS is not implemented
0b011111

Synchronous parity or ECC error on memory access on translation table walk, level 3.

When FEAT_RAS is not implemented
0b100001

Alignment fault.

0b100010

Debug exception.

0b110000

TLB conflict abort.

0b110100

IMPLEMENTATION DEFINED fault (Lockdown).

0b110101

IMPLEMENTATION DEFINED fault (Unsupported Exclusive access).

All other values are reserved.

For more information about the lookup level associated with a fault, see 'The level associated with MMU faults on a Long-descriptor translation table lookup'.

If the S1PTW bit is set, then the level refers the level of the stage2 translation that is translating a stage 1 translation walk.

The reset behavior of this field is:

  • On a Warm reset, this field resets to an architecturally UNKNOWN value.

The following describe cases where Data Abort exceptions can be routed to Hyp mode, generating exceptions that are reported in the HSR with EC value 0b100100:

  • 'Abort exceptions, when the value of HCR.TGE is 1'.
  • 'Routing debug exceptions to EL2 using AArch32'.

The following describe cases that can cause a Data Abort exception that is taken to Hyp mode, and reported in the HSR with EC value of 0b100000 or 0b100100:

  • 'Hyp mode control of Non-secure access permissions'.
  • 'Memory fault reporting in Hyp mode'.

Accessing HSR

Accesses to this register use the following encodings in the System register encoding space:

MRC{<c>}{<q>} <coproc>, {#}<opc1>, <Rt>, <CRn>, <CRm>{, {#}<opc2>}

coprocopc1CRnCRmopc2
0b11110b1000b01010b00100b000

if PSTATE.EL == EL0 then UNDEFINED; elsif PSTATE.EL == EL1 then if EL2Enabled() && !ELUsingAArch32(EL2) && HSTR_EL2.T5 == '1' then AArch64.AArch32SystemAccessTrap(EL2, 0x03); elsif EL2Enabled() && ELUsingAArch32(EL2) && HSTR.T5 == '1' then AArch32.TakeHypTrapException(0x03); else UNDEFINED; elsif PSTATE.EL == EL2 then R[t] = HSR; elsif PSTATE.EL == EL3 then if SCR.NS == '0' then UNDEFINED; else R[t] = HSR;

MCR{<c>}{<q>} <coproc>, {#}<opc1>, <Rt>, <CRn>, <CRm>{, {#}<opc2>}

coprocopc1CRnCRmopc2
0b11110b1000b01010b00100b000

if PSTATE.EL == EL0 then UNDEFINED; elsif PSTATE.EL == EL1 then if EL2Enabled() && !ELUsingAArch32(EL2) && HSTR_EL2.T5 == '1' then AArch64.AArch32SystemAccessTrap(EL2, 0x03); elsif EL2Enabled() && ELUsingAArch32(EL2) && HSTR.T5 == '1' then AArch32.TakeHypTrapException(0x03); else UNDEFINED; elsif PSTATE.EL == EL2 then HSR = R[t]; elsif PSTATE.EL == EL3 then if SCR.NS == '0' then UNDEFINED; else HSR = R[t];


04/07/2023 11:25; 1b994cb0b8c6d1ae5a9a15edbc8bd6ce3b5c7d68

Copyright © 2010-2023 Arm Limited or its affiliates. All rights reserved. This document is Non-Confidential.