xenia-rs/migration/project-root/ppc-manual/branch/sc.md

sc — System Call

Category: Branch & System · Form: SC · Opcode: 0x44000002 · sync

Assembler Mnemonics

Mnemonic	XML entry	Flags	Description
sc	sc	—	System Call

Syntax

sc [LEV]

Encoding

sc — form SC

• Opcode word: 0x44000002
• Primary opcode (bits 0–5): 17
• Extended opcode: —
• Synchronising: yes

Bits	Field	Meaning
0–5	OPCD	primary opcode (17)
6–19	—	reserved
20–26	LEV	exception level
27–29	—	reserved
30	1	fixed 1
31	—	reserved

Operands

Field	Role	Description
LEV	sc: read	System-call exception level (for sc).

Register Effects

sc

• Reads (always): LEV
• Reads (conditional): none
• Writes (always): none
• Writes (conditional): none

Status-Register Effects

No condition-register or status-register effects.

Operation (pseudocode)

system_call_exception(LEV)

C Translation Example

/* C translation: the xenia-rs interpreter arm below in           */
/* Implementation References is the authoritative semantic        */
/* snapshot. Translate it line-by-line:                            */
/*   - ctx.gpr[N]  -> r[N]       (or f[]/v[] for FPRs/VRs)        */
/*   - mem.read_u*/write_u* -> mem_read_u*_be / mem_write_u*_be   */
/*   - ctx.update_cr_signed(fld, v) -> update_cr_signed(fld, v)   */
/*   - ctx.xer_ca / xer_ov / xer_so -> xer.CA / xer.OV / xer.SO   */
/* The Register Effects and Status-Register Effects tables above  */
/* enumerate every side effect a faithful translation must emit.  */

Implementation References

sc

• xenia-canary XML: tools/ppc-instructions.xml — search for mnem="sc"
• xenia-canary emit: src/xenia/cpu/ppc/ppc_emit_control.cc:455
• xenia-rs opcode: crates/xenia-cpu/src/opcode.rs:63
• xenia-rs decoder: crates/xenia-cpu/src/decoder.rs:341
• xenia-rs interpreter: crates/xenia-cpu/src/interpreter.rs:984-997

xenia-rs interpreter body (frozen snapshot)

        PpcOpcode::sc => {
            // PPCBUG-064: log non-zero LEV (`sc 2` is the Xbox 360 hypervisor-call
            // convention; canary dispatches it to a different handler than `sc 0`).
            // Routing LEV=2 requires a StepResult variant extension; deferred.
            let lev = (instr.raw >> 5) & 0x7F;
            if lev != 0 {
                tracing::warn!(
                    "sc with LEV={} at {:#010x}: dispatched as plain SystemCall (HVcall routing not implemented)",
                    lev, ctx.pc
                );
            }
            ctx.pc += 4;
            return StepResult::SystemCall;
        }

Special Cases & Edge Conditions

• LEV field — kernel vs hypervisor. The 7-bit LEV operand selects the privilege level of the syscall:
  • LEV = 0 — supervisor (kernel) syscall. Standard application → kernel transition; targets the 0xC00 system-call vector.
  • LEV = 1 — reserved.
  • LEV = 2 — hypervisor syscall (HVcall). On the Xenon, sc 2 traps to the Xbox 360 hypervisor; this is how the kernel itself talks to the supervisor below it (e.g., for security operations, encrypted-memory accesses, page table updates).
• sc as written by titles. Almost all guest game code uses LEV = 0 to call XboxKrnl.exe. Game disassembly will show large jump tables of small thunks each ending in li r0, syscall_no; sc; blr.
• No condition or status side effects. sc updates no general-purpose register on entry — neither LR nor CR. The kernel sees the GPR/FPR snapshot as-is and reads the syscall number out of r0 (Xbox 360 ABI convention, not architectural).
• Return path. Hardware returns from sc via rfid-class instructions in the kernel handler; from the application's perspective execution resumes at CIA + 4. Xenia's interpreter realises this by simply pre-incrementing pc then returning StepResult::SystemCall — the host driver dispatches the syscall and re-enters the loop.
• xenia divergence vs hardware. xenia-rs does not model the 0xC00 exception vector or save SRR0/SRR1; the LEV operand is currently ignored. All sc instructions are treated identically and serviced by the host. This is sufficient because Xbox 360 titles don't observe SRR registers and the host kernel is implemented natively.
• Synchronisation. Marked sync in xenia's XML — sc is context-synchronising (hardware completes all prior instructions before raising the exception). JITs must flush pending state before emitting the host call.
• Reserved bits. Bit 30 is fixed 1; bits 6–19 and 27–29 are reserved (must be 0). The 1-bit field at position 30 distinguishes the sc encoding from scv (later PowerISA addition, not present on the Xenon).

Related Instructions

• bx, bcx, bclrx, bcctrx — ordinary control flow alternatives.
• tw, twi, td, tdi — synchronous trap exceptions; another way to enter the kernel.
• mtmsr, mtmsrd — machine-state changes used by the kernel's sc handler on return (rfid/hrfid chain not separately documented in this manual).
• isync — context-synchronising sibling; sc itself implies an isync-like fence.

IBM Reference

• AIX 7.3 — sc (System Call)
• PowerISA v2.07B, Book III §7 — System Linkage interrupt definitions and LEV field semantics.