(old) htmldiff from-(new)

BTI

Branch Target Identification. A BTI instruction is used to guard against the execution of instructions which are not the intended target of a branch.

Outside of a guarded memory region, a BTI instruction executes as a NOP. Within a guarded memory region while PSTATE.BTYPE != 0b00, a BTI instruction compatible with the current value of PSTATE.BTYPE will not generate a Branch Target Exception and will allow execution of subsequent instructions within the memory region.

The operand <targets> passed to a BTI instruction determines the values of PSTATE.BTYPE which the BTI instruction is compatible with.

Within a guarded memory region, while PSTATE.BTYPE

!= 0b00, all instructions will generate a Branch Target

Exception, other than BRK, BTI, HLT, PACIASP,

and PACIBSP, which may not. See the individual instructions for details.

System
(Armv8.5)

313029282726252423222120191817161514131211109876543210
110101010000001100100100xx011111
CRmop2

System

BTI {<targets>}

SystemHintOp op; case CRm:op2 of when '0000 000' op = SystemHintOp_NOP; when '0000 001' op = SystemHintOp_YIELD; when '0000 010' op = SystemHintOp_WFE; when '0000 011' op = SystemHintOp_WFI; when '0000 100' op = SystemHintOp_SEV; when '0000 101' op = SystemHintOp_SEVL; when '0000 110' if !HaveDGHExt() then EndOfInstruction(); // Instruction executes as NOP op = SystemHintOp_DGH; when '0000 111' SEE "XPACLRI"; when '0001 xxx' case op2 of when '000' SEE "PACIA1716"; when '010' SEE "PACIB1716"; when '100' SEE "AUTIA1716"; when '110' SEE "AUTIB1716"; otherwise EndOfInstruction(); // Instruction executes as NOP when '0010 000' if !HaveRASExt() then EndOfInstruction(); // Instruction executes as NOP op = SystemHintOp_ESB; when '0010 001' if !HaveStatisticalProfiling() then EndOfInstruction(); // Instruction executes as NOP op = SystemHintOp_PSB; when '0010 010' if !HaveSelfHostedTrace() then EndOfInstruction(); // Instruction executes as NOP op = SystemHintOp_TSB; when '0010 100' op = SystemHintOp_CSDB; when '0011 xxx' case op2 of when '000' SEE "PACIAZ"; when '001' SEE "PACIASP"; when '010' SEE "PACIBZ"; when '011' SEE "PACIBSP"; when '100' SEE "AUTIAZ"; when '101' SEE "AUTHASP"; when '110' SEE "AUTIBZ"; when '111' SEE "AUTIBSP"; when '0100 xx0' op = SystemHintOp_BTI; // Check branch target compatibility between BTI instruction and PSTATE.BTYPE SetBTypeCompatible(BTypeCompatible_BTI(op2<2:1>)); otherwise EndOfInstruction(); // Instruction executes as NOP

Assembler Symbols

<targets> Is the type of indirection, encoded in op2<2:1>:
op2<2:1><targets>
00(omitted)
01c
10j
11jc

Operation

case op of when SystemHintOp_YIELDHint_Yield(); when SystemHintOp_DGHHint_DGH(); when SystemHintOp_WFE if IsEventRegisterSet() then ClearEventRegister(); else trap = FALSE; if PSTATE.EL == EL0 then // Check for traps described by the OS which may be EL1 or EL2. if // Check for traps described by the OS which may be EL1 or EL2. HaveTWEDExt() then sctlr = SCTLR[]; trap = sctlr.nTWE == '0'; target_el = EL1; else AArch64.CheckForWFxTrap(EL1, TRUE); if !trap && PSTATE.EL IN { if PSTATE.EL IN {EL0, EL1} && EL2Enabled() && !IsInHost() then // Check for traps described by the Hypervisor. if // Check for traps described by the Hypervisor. HaveTWEDExt() then trap = HCR_EL2.TWE == '1'; target_el = EL2; else AArch64.CheckForWFxTrap(EL2, TRUE); if !trap && if HaveEL(EL3) && PSTATE.EL != EL3 then // Check for traps described by the Secure Monitor. if // Check for traps described by the Secure Monitor. HaveTWEDExt() then trap = SCR_EL3.TWE == '1'; target_el = EL3; else AArch64.CheckForWFxTrap(EL3, TRUE); if, TRUE); HaveTWEDExt() && trap && PSTATE.EL != EL3 then (delay_enabled, delay) = WFETrapDelay(target_el); // (If trap delay is enabled, Delay amount) if !AArch64.WaitForEventUntilDelay(delay_enabled, delay) then // Event did not arrive until delay expired AArch64.WFxTrap(target_el, TRUE); // Trap WFE else WaitForEvent(); when SystemHintOp_WFI if !InterruptPending() then if PSTATE.EL == EL0 then // Check for traps described by the OS which may be EL1 or EL2. AArch64.CheckForWFxTrap(EL1, FALSE); if PSTATE.EL IN {EL0, EL1} && EL2Enabled() && !IsInHost() then // Check for traps described by the Hypervisor. AArch64.CheckForWFxTrap(EL2, FALSE); if HaveEL(EL3) && PSTATE.EL != EL3 then // Check for traps described by the Secure Monitor. AArch64.CheckForWFxTrap(EL3, FALSE); WaitForInterrupt(); when SystemHintOp_SEVSendEvent(); when SystemHintOp_SEVLSendEventLocal(); when SystemHintOp_ESB if HaveTME() && TSTATE.depth > 0 thenif TSTATE.depth > 0 then FailTransaction(TMFailure_ERR, FALSE); SynchronizeErrors(); AArch64.ESBOperation(); if PSTATE.EL IN {EL0, EL1} && EL2Enabled() then AArch64.vESBOperation(); TakeUnmaskedSErrorInterrupts(); when SystemHintOp_PSBProfilingSynchronizationBarrier(); when SystemHintOp_TSBTraceSynchronizationBarrier(); when SystemHintOp_CSDBConsumptionOfSpeculativeDataBarrier(); when SystemHintOp_BTISetBTypeNext('00'); otherwise // do nothing


Internal version only: isa v32.03v31.05b, AdvSIMD v29.02, pseudocode v2020-03v2019-12_rc3_1, sve v2020-03_rc1v2019-12_rc3 ; Build timestamp: 2020-04-15T132019-12-13T11:3302

Copyright © 2010-20202010-2019 Arm Limited or its affiliates. All rights reserved. This document is Non-Confidential.

(old) htmldiff from-(new)