From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LGHY3-0002Ct-UQ
	for qemu-devel@nongnu.org; Fri, 26 Dec 2008 13:36:35 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LGHY1-0002CZ-Gw
	for qemu-devel@nongnu.org; Fri, 26 Dec 2008 13:36:34 -0500
Received: from [199.232.76.173] (port=36783 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LGHY1-0002CW-Bz
	for qemu-devel@nongnu.org; Fri, 26 Dec 2008 13:36:33 -0500
Received: from cp-out7.libero.it ([212.52.84.107]:37536)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <alex@exit.it>) id 1LGHY0-00015P-Kj
	for qemu-devel@nongnu.org; Fri, 26 Dec 2008 13:36:33 -0500
Received: from [192.168.1.7] (151.33.221.31) by cp-out7.libero.it (8.5.016.1)
	id 492C0468045E61C8 for qemu-devel@nongnu.org;
	Fri, 26 Dec 2008 19:36:22 +0100
Message-ID: <49552429.5050808@exit.it>
Date: Fri, 26 Dec 2008 19:36:25 +0100
From: Alessandro Montano <alex@exit.it>
MIME-Version: 1.0
References: <200812240123.mBO1N2NJ029937@fedora.exit.it>
In-Reply-To: <200812240123.mBO1N2NJ029937@fedora.exit.it>
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
Subject: [Qemu-devel] qemu-mips strange jump !!!
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org.

This is my first post, so sorry for any error ...
I'm developing a DVB-S emulator based on qemu-mips.
I'm adding all the device, once a time, but I notice a strange problem 
that crashes my emulator.

It seems to do  bad jumps!

In brief ... I run this command
*./bin/-qemu-system-mips -L . mips_bios.bin -d int,exec,op,in_asm
*and it genereates this log


IN:
0x80071fc4:  lui    at,0x8007
0x80071fc8:  lw    a1,0xC094(at)
0x80071fcc:  lui    a0,0x8007
0x80071fd0:  addiu    a0,a0,0xD060
0x80071fd4:  jal    0x8006d76c  <-  this is the right address
0x80071fd8:  nop

OP:
0x0000: set_T0 0x80070000
0x0001: store_T0_gpr_gpr1
0x0002: load_gpr_T0_gpr1
0x0003: set_T1 0xffffc094
0x0004: addr_add
0x0005: lw_kernel
0x0006: store_T0_gpr_gpr5
0x0007: set_T0 0x80070000
0x0008: store_T0_gpr_gpr4
0x0009: set_T1 0xffffd060
0x000a: add
0x000b: store_T0_gpr_gpr4
0x000c: set_T0 0x80071fdc
0x000d: store_T0_gpr_gpr31
0x000e: save_pc 0x8006d76c  <-  this is the right address
0x000f: reset_T0
0x0010: exit_tb
0x0011: end

IN:
0x8006d968:  andi    t9,t9,0xdf  <-  but this is a wrong jump !!!
0x8006d96c:  j    0x8006d90c
0x8006d970:  ori    t9,t9,0x20

OP:
0x0000: load_gpr_T0_gpr25
0x0001: set_T1 0xdf
0x0002: and
0x0003: store_T0_gpr_gpr25
0x0004: set_T1 0x20
0x0005: or
0x0006: store_T0_gpr_gpr25
0x0007: goto_tb0 0x757878
0x0008: save_pc 0x8006d90c
0x0009: set_T0 0x757878
0x000a: exit_tb
0x000b


The mips instruction

0x80071fd4:  jal    0x8006D76C

is correctly translated to

0x0008: save_pc 0x8006d90c

but then the execution-flow jumps to

0x8006d968:  andi    t9,t9,0xdf

I don't think it is correct!

Thanks for any suggestion.
---
AlexIT