6.3.3. The return address and return instruction

The actual location pointed to by the PC when an exception is taken depends on the exception type. The return address might not necessarily be the next instruction pointed to by the PC.

If an exception occurs in ARM state, the processor stores (PC– 4) in lr_ mode. However, for exceptions that occur in Thumb state, the processor automatically stores a different value for each of the exception types. This adjustment is required because Thumb instructions take up only a halfword, rather than the full word that ARM instructions occupy.

If this correction were not made by the processor, the handler would have to determine the original state of the processor, and use a different instruction to return to Thumb code rather than ARM code. By making this adjustment, however, the processor enables the handler to have a single return instruction that returns correctly, regardless of the processor state (ARM or Thumb) at the time the exception occurred.

The following sections detail the instructions to return correctly from handling code for each type of exception.

Returning from SVC and Undefined Instruction handlers

The SVC and Undefined Instruction exceptions are generated by the instruction itself, so the PC is not updated when the exception is taken. The processor stores (PC–4) in lr_ mode. This makes lr_mode point to the next instruction to be executed. Restoring the PC from the link register with:

    MOVS        pc, lr

returns control from the handler.

The handler entry and exit code to stack the return address and pop it on return is:

    STMFD        sp!,{reglist,lr}
    ;...
    LDMFD        sp!,{reglist,pc}^

For exceptions that occur in Thumb state, the handler return instruction (MOVS pc,lr) changes the PC to the address of the next instruction to execute. This is at (PC–2), so the value stored by the processor in lr_mode is (PC–2).

Returning from FIQ and IRQ handlers

After executing each instruction, the processor checks to see whether the interrupt pins are LOW and whether the interrupt disable bits in the CPSR are clear. As a result, IRQ or FIQ exceptions are generated only after the PC has been updated. The processor stores (PC–4) in lr_mode. This makes lr_mode point one instruction beyond the end of the instruction in which the exception occurred. When the handler has finished, execution must continue from the instruction prior to the one pointed to by lr_mode. The address to continue from is one word (four bytes) less than that in lr_mode, so the return instruction is:


    SUBS        pc, lr, #4

The handler entry and exit code to stack the return address and pop it on return is:


    SUB        lr,lr,#4
    STMFD      sp!,{reglist,lr}
    ;...
    LDMFD        sp!,{reglist,pc}^

For exceptions that occur in Thumb state, the handler return instruction (SUBS pc,lr,#4) changes the PC to the address of the next instruction to execute. Because the PC is updated before the exception is taken, the next instruction is at (PC–4). The value stored by the processor in lr_mode is therefore PC.

Returning from Prefetch Abort handlers

If the processor attempts to fetch an instruction from an illegal address, the instruction is flagged as invalid. Instructions already in the pipeline continue to execute until the invalid instruction is reached, at which point a Prefetch Abort is generated.

The exception handler loads the unmapped instruction into physical memory and uses the MMU, if there is one, to map the virtual memory location into the physical one. The handler must then return to retry the instruction that caused the exception. The instruction now loads and executes.

Because the PC is not updated at the time the prefetch abort is issued, lr_ABT points to the instruction following the one that caused the exception. The handler must return to lr_ABT–4 with:


    SUBS        pc,lr, #4

The handler entry and exit code to stack the return address and pop it on return is:


    SUB        lr,lr,#4
    STMFD      sp!,{reglist,lr}
    ;...
    LDMFD      sp!,{reglist,pc}^

For exceptions that occur in Thumb state, the handler return instruction (SUBS pc,lr,#4) changes the PC to the address of the aborted instruction. Because the PC is not updated before the exception is taken, the aborted instruction is at (PC–4). The value stored by the processor in lr_mode is therefore PC.

Returning from Data Abort handlers

When a load or store instruction tries to access memory, the PC has been updated. The stored value of (PC–4) in lr_ABT points to the second instruction beyond the address where the exception occurred. When the MMU, if present, has mapped the appropriate address into physical memory, the handler must return to the original, aborted instruction so that a second attempt can be made to execute it. The return address is therefore two words (eight bytes) less than that in lr_ABT, making the return instruction:


    SUBS       pc, lr, #8

The handler entry and exit code to stack the return address and pop it on return is:


    SUB        lr,lr,#8
    STMFD      sp!,{reglist,lr}
    ;...
    LDMFD      sp!,{reglist,pc}^

For exceptions that occur in Thumb state, the handler return instruction (SUBS pc,lr,#8) changes the PC to the address of the aborted instruction. Because the PC is updated before the exception is taken, the aborted instruction is at (PC–6). The value stored by the processor in lr_mode is therefore (PC+2).

Copyright © 2002-2006 ARM Limited. All rights reserved.ARM DUI 0203G
Non-Confidential