Reverse Engineering the Branch Target Buffer Organizations on Apple M2

Modern high-performance processors employ sophisticated branch prediction mechanisms to minimize control hazards and maximize instruction-level parallelism. A core component of this mechanism is the Branch Target Buffer (BTB), a critical hardware structure responsible for storing branch target addresses and enabling rapid fetch redirection. While the BTB has been extensively studied in x86 architectures, its internal behavior and organization on ARM-based Apple Silicon remain largely unexplored. In this work, we present an empirical reverse engineering study of the BTB implementation on Apple Silicon, with a focus on the M2 processor. By leveraging targeted microbenchmarks, we characterize key parameters such as BTB size, set indexing bit, and associativity. Based on our empirical analysis, we estimate that the M2 BTB comprises approximately 2K entries, employs nine set index bits, and features four-way associativity. This work provides the first systematic public dissection of the BTB on Apple Silicon and lays the groundwork for further architectural exploration and tooling development within this closed ecosystem.