9.2.3. The return address and return instruction

The actual location pointed to by the program counter when an exception is taken depends on the exception type. Because of the way in which the ARM processor fetches instructions, when an exception is taken the program counter may or may not be updated to the next instruction to be fetched. This means that the return address may not necessarily be the next instruction pointed to by the program counter.

ARM processors use a pipeline with at least a fetch, a decode, and an execute stage. There is one instruction in each stage of the pipeline at any time. The program counter points to the instruction currently being fetched. Because each instruction is one word long, the instruction being decoded is at address (pc – 4) and the instruction being executed is at (pc – 8).

Note

See The return address for details of the return address on Thumb-capable processors when an exception occurs in Thumb state.

Returning from SWI and Undefined instruction

The SWI and Undefined instruction exceptions are generated by the instruction itself, so the program counter is not updated when the exception is taken. Therefore, storing (pc – 4) in lr_mode makes lr_mode point to the next instruction to be executed. Restoring the program counter from the lr with:

	MOVS		pc, lr

returns control from the handler.

The handler entry and exit code to stack the return address and pop it on return is:

	STMFD		sp!,{reglist,lr}
	;...
	LDMFD		sp!,{reglist,pc}^

Returning from FIQ and IRQ

After executing each instruction, the processor checks to see whether the interrupt pins are LOW and whether the interrupt disable bits in the CPSR are clear. As a result, IRQ or FIQ exceptions are generated only after the program counter has been updated. Storing (pc – 4) in lr_mode causes lr_mode to point two instructions beyond where the exception occurred. When the handler has finished, execution must continue from the instruction prior to the one pointed to by lr_mode. The address to continue from is one word (four bytes) less than that in lr_mode, so the return instruction is:

	SUBS	 	pc, lr, #4

The handler entry and exit code to stack the return address and pop it on return is:

	SUB		lr,lr,#4
	STMFD		sp!,{reglist,lr}
	;...
	LDMFD		sp!,{reglist,pc}^

Returning from prefetch abort

If the processor attempts to fetch an instruction from an illegal address, the instruction is flagged as invalid. Instructions already in the pipeline continue to execute until the invalid instruction is reached, at which point a prefetch abort is generated.

The exception handler invokes the MMU to load the appropriate virtual memory locations into physical memory. It must then return to the address that caused the exception and reload the instruction. The instruction should now load and execute correctly.

Because the program counter is not updated at the time the prefetch abort is issued, lr_ABT points to the instruction following the one that caused the exception. The handler must return to lr_ABT – 4 with:

	SUBS		pc,lr, #4

The handler entry and exit code to stack the return address and pop it on return is:

	SUB		lr,lr,#4
	STMFD		sp!,{reglist,lr}
	;...
	LDMFD		sp!,{reglist,pc}^

Returning from data abort

When a load or store instruction tries to access memory, the program counter has been updated. A stored value of (pc – 4) in lr_ABT points to the second instruction beyond the address where the exception was generated. When the MMU has loaded the appropriate address into physical memory, the handler should return to the original, aborted instruction so that a second attempt can be made to execute it. The return address is therefore two words (eight bytes) less than that in lr_ABT, making the return instruction:

	SUBS		pc, lr, #8

The handler entry and exit code to stack the return address and pop it on return is:

	SUB		lr,lr,#8
	STMFD		sp!,{reglist,lr}
	;...
	LDMFD		sp!,{reglist,pc}^
Copyright © 1997, 1998 ARM Limited. All rights reserved.ARM DUI 0040D
Non-Confidential