BTI

Branch Target Identification. A BTI instruction is used to guard against the execution of instructions which are not the intended target of a branch.

Outside of a guarded memory region, a BTI instruction executes as a NOP. Within a guarded memory region while PSTATE.BTYPE != 0b00, a BTI instruction compatible with the current value of PSTATE.BTYPE will not generate a Branch Target Exception and will allow execution of subsequent instructions within the memory region.

The operand <targets> passed to a BTI instruction determines the values of PSTATE.BTYPE which the BTI instruction is compatible with.

Within a guarded memory region, while PSTATE.BTYPE

!= 0b00, all instructions will generate a Branch Target

Exception, other than BRK, BTI, HLT, PACIASP,

and PACIBSP, which may not. See the individual instructions for details.

System
(Armv8.5)

313029282726252423222120191817161514131211109876543210
110101010000001100100100xx011111
CRmop2

System

BTI {<targets>}

SystemHintOp op; if CRm:op2 == '0100 xx0' then op = SystemHintOp_BTI; // Check branch target compatibility between BTI instruction and PSTATE.BTYPE - = BTypeCompatible_BTI(op2<2:1>); else EndOfInstruction();

Assembler Symbols

<targets> Is the type of indirection, encoded in op2<2:1>:
op2<2:1> <targets>
00 (omitted)
01 c
10 j
11 jc

Operation

case op of when SystemHintOp_YIELD Hint_Yield(); when SystemHintOp_WFE if IsEventRegisterSet() then ClearEventRegister(); else if PSTATE.EL == EL0 then // Check for traps described by the OS which may be EL1 or EL2. AArch64.CheckForWFxTrap(EL1, TRUE); if PSTATE.EL IN {EL0, EL1} && EL2Enabled() && !IsInHost() then // Check for traps described by the Hypervisor. AArch64.CheckForWFxTrap(EL2, TRUE); if HaveEL(EL3) && PSTATE.EL != EL3 then // Check for traps described by the Secure Monitor. AArch64.CheckForWFxTrap(EL3, TRUE); WaitForEvent(); when SystemHintOp_WFI if !InterruptPending() then if PSTATE.EL == EL0 then // Check for traps described by the OS which may be EL1 or EL2. AArch64.CheckForWFxTrap(EL1, FALSE); if PSTATE.EL IN {EL0, EL1} && EL2Enabled() && !IsInHost() then // Check for traps described by the Hypervisor. AArch64.CheckForWFxTrap(EL2, FALSE); if HaveEL(EL3) && PSTATE.EL != EL3 then // Check for traps described by the Secure Monitor. AArch64.CheckForWFxTrap(EL3, FALSE); WaitForInterrupt(); when SystemHintOp_SEV SendEvent(); when SystemHintOp_SEVL SendEventLocal(); when SystemHintOp_ESB if TSTATE.depth > 0 then FailTransaction(TMFailure_ERR, FALSE); SynchronizeErrors(); AArch64.ESBOperation(); if PSTATE.EL IN {EL0, EL1} && EL2Enabled() then AArch64.vESBOperation(); TakeUnmaskedSErrorInterrupts(); when SystemHintOp_PSB ProfilingSynchronizationBarrier(); when SystemHintOp_TSB TraceSynchronizationBarrier(); when SystemHintOp_CSDB ConsumptionOfSpeculativeDataBarrier(); otherwise // do nothing


Internal version only: isa v30.44, AdvSIMD v27.08, pseudocode v8.5-2019-06_rc2-5-g22901f2, sve v2019-06_rc4 ; Build timestamp: 2019-06-26T22:30

Copyright © 2010-2019 Arm Limited or its affiliates. All rights reserved. This document is Non-Confidential.