10.4. AArch64 exception table

When an exception occurs, the processor must execute handler code which corresponds to the exception. The location in memory where the handler is stored is called the exception vector. In the ARM architecture, exception vectors are stored in a table, called the exception vector table. Each Exception level has its own vector table, that is, there is one for each of EL3, EL2 and EL1. The table contains instructions to be executed, rather than a set of addresses. Vectors for individual exceptions are located at fixed offsets from the beginning of the table. The virtual address of each table base is set by the Vector Based Address Registers VBAR_EL3, VBAR_EL2 and VBAR_EL1.

Each entry in the vector table is 16 instructions long. This in itself represents a significant change compared to ARMv7, where each entry was 4 bytes. This spacing of the ARMv7 vector table meant that each entry would almost always be some form of branch to the actual exception handler elsewhere in memory. In AArch64, the vectors are spaced more widely, so that the top-level handler can be written directly in the vector table.

Table 10.2 shows one of the vector tables. The base address is given by VBAR_ELn and then each entry has a defined offset from this base address. Each table has 16 entries, with each entry being 128 bytes (32 instructions) in size. The table effectively consists of 4 sets of 4 entries. Which entry is used depends upon a number of factors:

Table 10.2. Vector table offsets from vector table base address

AddressException type Description
   VBAR_ELn + 0x000 Synchronous Current EL with SP0
+ 0x080 IRQ/vIRQ
+ 0x100 FIQ/vFIQ
+ 0x180 SError/vSError
+ 0x200 Synchronous Current EL with SPx
+ 0x280 IRQ/vIRQ
+ 0x300 FIQ/vFIQ
+ 0x380 SError/vSError
+ 0x400 Synchronous Lower EL using AArch64
+ 0x480 IRQ/vIRQ
+ 0x500 FIQ/vFIQ
+ 0x580 SError/vSError
+ 0x600 Synchronous Lower EL using AArch32
+ 0x680 IRQ/vIRQ
+ 0x700 FIQ/vFIQ
+ 0x780 SError/vSError

Considering an example might make this easier to understand.

If kernel code is executing at EL1 and an IRQ interrupt is signaled, an IRQ exception occurs. This particular interrupt is not associated with the hypervisor or secure environment and is also handled within the kernel, also at SP_EL1, and the SPSel bit is set, so you are using SP_EL1. Execution is therefore from address VBAR_EL1 + 0x280.

In the absence of LDR PC, [PC, #offset] in the ARMv8-A architecture, you must use more instructions to enable the destination to be read from a table of registers. The choice of spacing of the vectors is designed to avoid cache pollution for typical sized instruction cache lines from vectors that are not being used. The Reset Address is a completely separate address, which is implementation defined, and is typically set by hardwired configuration within the core. This address is visible in the RVBAR_EL1/2/3 register.

Having a separate exception vector for each exception, either from the current Exception level or from the lower Exception level, gives the flexibility for the OS or hypervisor to determine the AArch64 and AArch32 state of the lower Exception levels. The SP_ELn is used for exceptions generated from lower levels. However, the software can switch to use SP_EL0 inside the handler. When you use this mechanism, it facilitates access to the values from the thread in the handler.

Copyright © 2015 ARM. All rights reserved.ARM DEN0024A