ARM pc寄存器并不总是当前指令的地址加4（拇指状态）

Question

According to the ARM IC.

In Thumb state:

• For B, BL, CBNZ, and CBZ instructions, the value of the PC is the address of the current instruction plus 4 bytes.
• For all other instructions that use labels, the value of the PC is the address of the current instruction plus 4 bytes.

When debugging a program, I found pc is not always is the address of the current instruction plus 4 bytes,eg, the following instruction(2).
Could someone give some explanations? thanks.

0x2a003118  ldr r3, [pc, #120]  ; (0x2a003194 <main()+684>)   <---(1)
0x2a00311a  ldr r3, [r4, r3] 
0x2a00311c  mov r0, r3 
0x2a00311e  ldr r3, [pc, #136]  ; (0x2a0031a8 <main()+704>)   <---(2)
0x2a003120  add r3, pc                                        <---(3)
0x2a003122  mov r1, r3 
0x2a003124  bl 0x2a00338c
0x2a003128  mov r3, r0 
0x2a00312a  mov r0, r3 
0x2a00312c  ldr r3, [pc, #108]  ; (0x2a00319c <main()+692>)   <---(4)

============================================================

(1).ldr r3, [pc, #120] ; (0x2a003194 <main()+684>)
    p/x $pc+4+120 
    $1 = 0x2a003194
   ; $pc+4 ,Correct

(2).ldr r3, [pc, #136] ; (0x2a0031a8 <main()+704>) 
    p/x $pc+4+136 
    $2 = 0x2a0031aa
   ; Wrong! it should be 0x2a0031a8($pc+2) instead of 0x2a0031aa($pc+4).

(3).add r3, pc
    p/x $r3+$pc+4  
    $3 = 0x2a025c04
   ; $pc+4 ,Correct

(4).ldr r3, [pc, #108]  ; (0x2a00319c <main()+692>)
    p/x $pc+4+108 
    $4 = 0x2a00319c
   ; $pc+4 ,Correct

Answer 1

In ARM DDI 0487B.a

T32 restrictions on the use of the PC, and use of 0b1111 as a register specifier The use of 0b1111 as a register specifier is not normally permitted in T32 instructions. When a value of 0b1111 is permitted, a variety of meanings is possible. For register reads, these meanings include:

• Read the PC value, that is, the address of the current instruction + 4. The base register of the table branch instructions TBB and TBH can be the PC. This means branch tables can be placed in memory immediately after the instruction.

Note - ARM deprecates use of the PC as the base register in the STC instruction.

• Read the word-aligned PC value, that is, the address of the current instruction + 4, with bits[1:0] forced to zero. The base register of LDC, LDR, LDRB, LDRD (pre-indexed, no writeback), LDRH, LDRSB, and LDRSH instructions can be the word-aligned PC. This provides PC-relative data addressing. In addition, some encodings of the ADD and SUB instructions permit their source registers to be 0b1111 for the same purpose.

You should look for something similar in your reference.