You copied the Doc URL to your clipboard.

BTI

Branch Target Identification. A BTI instruction is used to guard against the execution of instructions which are not the intended target of a branch.

Outside of a guarded memory region, a BTI instruction executes as a NOP. Within a guarded memory region while PSTATE.BTYPE != 0b00, a BTI instruction compatible with the current value of PSTATE.BTYPE will not generate a Branch Target Exception and will allow execution of subsequent instructions within the memory region.

The operand <targets> passed to a BTI instruction determines the values of PSTATE.BTYPE which the BTI instruction is compatible with.

Within a guarded memory region, while PSTATE.BTYPE

!= 0b00, all instructions will generate a Branch Target

Exception, other than BRK, BTI, HLT, PACIASP,

and PACIBSP, which may not. See the individual instructions for details.

System
(Armv8.5)

313029282726252423222120191817161514131211109876543210
110101010000001100100100xx011111
CRmop2

System

BTI {<targets>}

SystemHintOp op;

if CRm:op2 == '0100 xx0' then
    op = SystemHintOp_BTI;
    // Check branch target compatibility
    // between BTI instruction and PSTATE.BTYPE
    - = BTypeCompatible_BTI(op2<2:1>);
else
    EndOfInstruction();

Assembler Symbols

<targets> Is the type of indirection, encoded in op2<2:1>:
op2<2:1> <targets>
00 (omitted)
01 c
10 j
11 jc

Operation

case op of
    when SystemHintOp_YIELD
        Hint_Yield();

    when SystemHintOp_WFE
        if IsEventRegisterSet() then
            ClearEventRegister();
        else
            if PSTATE.EL == EL0 then
                // Check for traps described by the OS which may be EL1 or EL2.
                AArch64.CheckForWFxTrap(EL1, TRUE);
            if EL2Enabled() && PSTATE.EL IN {EL0, EL1} && !IsInHost() then
                // Check for traps described by the Hypervisor.
                AArch64.CheckForWFxTrap(EL2, TRUE);
            if HaveEL(EL3) && PSTATE.EL != EL3 then
                // Check for traps described by the Secure Monitor.
                AArch64.CheckForWFxTrap(EL3, TRUE);
            WaitForEvent();

    when SystemHintOp_WFI
        if !InterruptPending() then
            if PSTATE.EL == EL0 then
                // Check for traps described by the OS which may be EL1 or EL2.
                AArch64.CheckForWFxTrap(EL1, FALSE);
            if EL2Enabled() && PSTATE.EL IN {EL0, EL1} && !IsInHost() then
                // Check for traps described by the Hypervisor.
                AArch64.CheckForWFxTrap(EL2, FALSE);
            if HaveEL(EL3) && PSTATE.EL != EL3 then
                // Check for traps described by the Secure Monitor.
                AArch64.CheckForWFxTrap(EL3, FALSE);
            WaitForInterrupt();

    when SystemHintOp_SEV
        SendEvent();

    when SystemHintOp_SEVL
        SendEventLocal();

    when SystemHintOp_ESB
        SynchronizeErrors();
        AArch64.ESBOperation();
        if EL2Enabled() && PSTATE.EL IN {EL0, EL1} then AArch64.vESBOperation();
        TakeUnmaskedSErrorInterrupts();

    when SystemHintOp_PSB
        ProfilingSynchronizationBarrier();

    when SystemHintOp_TSB
        TraceSynchronizationBarrier();

    when SystemHintOp_CSDB
        ConsumptionOfSpeculativeDataBarrier();

    otherwise    // do nothing
Previous Next