BRAA, BRAAZ, BRAB, BRABZ Branch to register, with pointer authentication This instruction authenticates the address in the general-purpose register that is specified by <Xn>, using a modifier and the specified key, and branches to the authenticated address. The modifier is: In the general-purpose register or stack pointer that is specified by <Xm|SP>, for BRAA and BRAB. The value zero, for BRAAZ and BRABZ. Key A is used for BRAA and BRAAZ. Key B is used for BRAB and BRABZ. If the authentication passes, the PE continues execution at the target of the branch. For information on behavior if the authentication fails, see Faulting on pointer authentication. The authenticated address is not written back to the general-purpose register. 1 1 0 1 0 1 1 0 0 0 1 1 1 1 1 0 0 0 0 1 0 0 1 1 1 1 1 BRAAZ <Xn> 1 0 BRAA <Xn>, <Xm|SP> 0 1 1 1 1 1 1 BRABZ <Xn> 1 1 BRAB <Xn>, <Xm|SP> if !IsFeatureImplemented(FEAT_PAuth) then UNDEFINED; if Z == '0' && Rm != '11111' then UNDEFINED; constant integer n = UInt(Rn); constant integer m = UInt(Rm); constant boolean use_key_a = (M == '0'); constant boolean source_is_sp = ((Z == '1') && (m == 31)); constant boolean auth_then_branch = TRUE; <Xn> Is the 64-bit name of the general-purpose register holding the address to be branched to, encoded in the "Rn" field. <Xm|SP> Is the 64-bit name of the general-purpose source register or stack pointer holding the modifier, encoded in the "Rm" field. bits(64) target = X[n, 64]; constant bits(64) modifier = if source_is_sp then SP[] else X[m, 64]; if use_key_a then target = AuthIA(target, modifier, auth_then_branch); else target = AuthIB(target, modifier, auth_then_branch); // Value in BTypeNext will be used to set PSTATE.BTYPE if InGuardedPage then if n == 16 || n == 17 then BTypeNext = '01'; else BTypeNext = '11'; else BTypeNext = '01'; constant boolean branch_conditional = FALSE; BranchTo(target, BranchType_INDIR, branch_conditional);