BTI
Branch Target Identification. A BTI instruction is used to guard against the execution of instructions which are not the intended target of a branch.
Outside of a guarded memory region, a BTI instruction executes as a NOP. Within a guarded memory region while PSTATE.BTYPE != 0b00, a BTI instruction compatible with the current value of PSTATE.BTYPE will not generate a Branch Target Exception and will allow execution of subsequent instructions within the memory region.
The operand <targets> passed to a BTI instruction determines the values of PSTATE.BTYPE which the BTI instruction is compatible with.
Within a guarded memory region, while PSTATE.BTYPE
!= 0b00, all instructions will generate a Branch Target
Exception, other than BRK, BTI, HLT, PACIASP,
and PACIBSP, which may not. See the individual instructions for details.
System
(Armv8.5)
31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
1 | 1 | 0 | 1 | 0 | 1 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 1 | 0 | 0 | 1 | 0 | 0 | 1 | 0 | 0 | x | x | 0 | 1 | 1 | 1 | 1 | 1 |
CRm | op2 |
System
BTI {<targets>}
SystemHintOp op; if CRm:op2 == '0100 xx0' then op = SystemHintOp_BTI; // Check branch target compatibility // between BTI instruction and PSTATE.BTYPE - = BTypeCompatible_BTI(op2<2:1>); else EndOfInstruction();
Assembler Symbols
<targets> |
Is the type of indirection,
encoded in
op2<2:1>:
|
Operation
case op of when SystemHintOp_YIELD Hint_Yield(); when SystemHintOp_WFE if IsEventRegisterSet() then ClearEventRegister(); else if PSTATE.EL == EL0 then // Check for traps described by the OS which may be EL1 or EL2. AArch64.CheckForWFxTrap(EL1, TRUE); if EL2Enabled() && PSTATE.EL IN {EL0, EL1} && !IsInHost() then // Check for traps described by the Hypervisor. AArch64.CheckForWFxTrap(EL2, TRUE); if HaveEL(EL3) && PSTATE.EL != EL3 then // Check for traps described by the Secure Monitor. AArch64.CheckForWFxTrap(EL3, TRUE); WaitForEvent(); when SystemHintOp_WFI if !InterruptPending() then if PSTATE.EL == EL0 then // Check for traps described by the OS which may be EL1 or EL2. AArch64.CheckForWFxTrap(EL1, FALSE); if EL2Enabled() && PSTATE.EL IN {EL0, EL1} && !IsInHost() then // Check for traps described by the Hypervisor. AArch64.CheckForWFxTrap(EL2, FALSE); if HaveEL(EL3) && PSTATE.EL != EL3 then // Check for traps described by the Secure Monitor. AArch64.CheckForWFxTrap(EL3, FALSE); WaitForInterrupt(); when SystemHintOp_SEV SendEvent(); when SystemHintOp_SEVL SendEventLocal(); when SystemHintOp_ESB SynchronizeErrors(); AArch64.ESBOperation(); if EL2Enabled() && PSTATE.EL IN {EL0, EL1} then AArch64.vESBOperation(); TakeUnmaskedSErrorInterrupts(); when SystemHintOp_PSB ProfilingSynchronizationBarrier(); when SystemHintOp_TSB TraceSynchronizationBarrier(); when SystemHintOp_CSDB ConsumptionOfSpeculativeDataBarrier(); otherwise // do nothing