D4.2.11 Address translation instructions
Each of the ARMv8 instruction sets provides instructions that return the result of translating an input address, supplied as an argument to the instruction, using a specified translation stage or regime.
The available instructions only perform translations that are accessible from the Security state and Exception level at which the instruction is executed. That is:
- No instruction executed in Non-secure state can return the result of a Secure address translation stage.
- No instruction can return the result of an address translation stage that is controlled by an Exception level that is higher than the Exception level at which the instruction is executed.
Address translation instructions, AT* on page D4-1692 summarizes the A64 address translation instructions.
Address translation instructions, AT*
The A64 assembly language syntax for address translation instructions is:
AT <operation>, <Xt>
<operation> Is one of S1E1R, S1E1W, S1E0R, S1E0W, S12E1R, S12E1W, S12E0R, S12E0W, S1E2R, S1E2W, S1E3R, or S1E3W. <operation> has a structure of <stages><level><read|write>, where: <stages> Is one of: S1 Stage 1 translation. S12 Stage 1 translation followed by stage 2 translation. <level> Describes the Exception Level that the translation applies to. Is one of: E0 EL0. E1 EL1. E2 EL2. E3 EL3. If <level> is higher than the current Exception Level the instruction is UNDEFINED. <read|write> Is one of: R Read. W Write. <Xt> The address to be translated. No alignment restrictions apply for the address.
If EL2 is not implemented, the AT S1E2R and AT S1E2W instructions are UNDEFINED.
If EL2 is not implemented but EL3 is implemented, the AT S12E instructions are not UNDEFINED, but behave the same way as the equivalent AT S1E instructions. This is consistent with the behavior if EL2 is implemented but stage 2 translation is disabled.
For all of these instructions, the current context information determines which entries in TLB caching structures are used, and how the translation table walk is performed. However, it is IMPLEMENTATION DEFINED whether the Address translation instructions return the values held in a TLB or the result of a translation table walk. Therefore, ARM recommends that these instructions are not used at a time when the TLB entries might be different from the underlying translation tables held in memory.
When Non-secure EL1&0 stage 1 address translation is disabled, any AT S1E0*, AT S1E1*, AT S12E0*, or ATS12E1* address translation instruction that accesses the Non-secure state translation reflects the effect of the HCR_EL2.DC bit as described in Behavior when stage 1 address translation is disabled on page D4-1677.
Executing AT S1E2R or AT S1E2W at EL3 with SCR_EL3.NS==0 is UNDEFINED.
AT S12E instructions at EL3 with SCR_EL3.NS==0 are not UNDEFINED but behave the same way as the equivalent AT S1E instructions.
Synchronous faults generated by address translation instructions
The address translation instructions use the translation mechanism, and that mechanism can generate the following synchronous faults:
- Translation fault.
- Access flag fault.
- Permission fault.
- Domain fault, when translating using the AArch32 translation systems.
- Address size fault.
- TLB conflict fault.
- Synchronous external aborts during a translation table walk.
- If the address translation instruction requires two stages of translation then these faults could arise from either stage 1 or stage 2.
- For a stage 1 translation for the Non-secure EL1&0 translation regime, the fault might be generated on the stage 2 translation of an address accessed as part of the stage 1 translation table walk, see Stage 2 fault on a stage 1 translation table walk on page D4-1726.
Except as described in this section, these faults are not taken as an exception for the address translation instructions, but instead the PAR_EL1.FST field holds the fault status information. In these cases the PAR_EL1.PA field does not hold the output address of the translation.
The exceptions to this reporting the fault in PAR_EL1 are:
Synchronous external aborts during a translation table walk are taken as a Data Abort exception.
For an address translation instruction executed at a particular Exception level, if the synchronous external abort is generated on a stage 1 translation table walk, the Data Abort exception is taken to the Exception level to which a synchronous external abort on a stage 1 translation table walk for a memory access from that Exception level would be taken.
If the synchronous external abort is generated on a stage 2 translation table walk then:
- If the address translation instruction was executed at EL3, the synchronous Data Abort exception is taken to EL3.
- If the address translation instruction was executed at EL2 or EL1, the Data Abort exception is taken to the Exception level to which a synchronous external abort on a stage 2 translation table walk for a memory access from that Exception level would be taken.
In any case where the address translation instruction causes a synchronous Data Abort exception to be taken:
- The PAR_EL1 is UNKNOWN.
- The ESR_ELx of the target Exception Level of the exception indicates that the fault was due to a translation table walk for a cache maintenance instruction.
- The FAR_ELx of the target Exception Level holds the virtual address for the translation request
For the AT S1E0 and AT S1E1 instructions executed from the Non-secure EL1 Exception level, if there is a synchronous stage 2 fault on a memory access made as part of the translation table walk then if the value of SCR_EL3.EA is 1 then a synchronous external abort on a stage 2 translation table walk is taken to EL3. In all other cases of a synchronous stage 2 fault on a memory access made as part of the translation table walk, the fault is taken as an exception to EL2, and:
- PAR_EL1 is UNKNOWN
- ESR_EL2 indicates that the fault occurred on a translation table walk, and that the operation that faulted was a cache maintenance instruction.
- HPFAR_EL2 holds the IPA that faulted
- FAR_EL2 holds the VA that the executing software supplied to the address translation instruction.
This fault can occur for any of the following reasons:
- Stage 2 Translation fault.
- Stage 2 Access fault.
- Stage 2 Permission fault.
- Stage 2 Address size fault.
- Synchronous external abort on a stage 2 translation table walk.
Synchronization requirements of the address translation instructions
Where an instruction results in an update to a system register, as is the case with the AT * address translation instructions, explicit synchronization must be performed before the result is guaranteed to be visible to subsequent direct reads of the PAR_EL1.
This is consistent with the AArch32 requirement, where the VA to PA translation instructions are expressed as CP15 register writes, and the effect of those writes to other registers require explicit synchronization before the result is guaranteed to be visible to subsequent instructions.