RETAASPPCR, RETABSPPCR

Return from subroutine, with enhanced pointer authentication using a register

This instruction authenticates the address that is held in LR, using SP as the first modifier, the value in the specified register as the second modifier, and the specified key, and branches to the authenticated address, with a hint that this instruction is a subroutine return.

Key A is used for RETAASPPCR. Key B is used for RETABSPPCR.

If the authentication passes, the PE continues execution at the target of the branch. For information on behavior if the authentication fails, see Faulting on pointer authentication.

The authenticated address is not written back to LR.

Encoding: Integer

Variants: FEAT_PAuth_LR (ARMv9.5)

31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16	15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
1	1	0	1	0	1	1	0	0	1	0	1	1	1	1	1	0	0	0	0	1		1	1	1	1	1	!= 11111
							opc				op2										M	Rn					Rm

RETAASPPCR (M == 0)

RETAASPPCR <Xm>

RETABSPPCR (M == 1)

RETABSPPCR <Xm>

Decoding algorithm

if !IsFeatureImplemented(FEAT_PAuth_LR) then EndOfDecode(Decode_UNDEF);
constant integer m = UInt(Rm);
constant boolean use_key_a = M == '0';
constant boolean auth_then_branch = TRUE;

Operation

GCSInstruction inst_type;
bits(64) target = X[30, 64];

constant bits(64) modifier = SP[64];
constant bits(64) modifier2 = X[m, 64];

if use_key_a then
    target = AuthIA2(target, modifier, modifier2, auth_then_branch);
else
    target = AuthIB2(target, modifier, modifier2, auth_then_branch);

if IsFeatureImplemented(FEAT_GCS) && GCSPCREnabled(PSTATE.EL) then
    inst_type = if use_key_a then GCSInstType_PRETAA else GCSInstType_PRETAB;
    target = LoadCheckGCSRecord(target, inst_type);
    SetCurrentGCSPointer(GetCurrentGCSPointer() + 8);

// Value in BTypeNext will be used to set PSTATE.BTYPE
BTypeNext = '00';

constant boolean branch_conditional = FALSE;
BranchTo(target, BranchType_RET, branch_conditional);

Explanations

<Xm>: Is the 64-bit name of the general-purpose source register, encoded in the "Rm" field.