From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:53959) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TjIJ6-0002oP-4U for qemu-devel@nongnu.org; Thu, 13 Dec 2012 18:35:12 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1TjIJ4-00069p-Tp for qemu-devel@nongnu.org; Thu, 13 Dec 2012 18:35:11 -0500 Received: from amistad.itbs.cz ([81.0.238.226]:43182) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1TjIJ4-00069S-KJ for qemu-devel@nongnu.org; Thu, 13 Dec 2012 18:35:10 -0500 Received: from localhost (localhost [127.0.0.1]) by amistad.itbs.cz (Postfix) with ESMTP id 466932DE441 for ; Fri, 14 Dec 2012 00:35:08 +0100 (CET) Received: from amistad.itbs.cz ([127.0.0.1]) by localhost (amistad.itbs.cz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17200-05 for ; Fri, 14 Dec 2012 00:35:08 +0100 (CET) Received: from [192.168.1.6] (18.169.broadband17.iol.cz [109.80.169.18]) by amistad.itbs.cz (Postfix) with ESMTP id DCC122DE441 for ; Fri, 14 Dec 2012 00:35:04 +0100 (CET) Message-ID: <50CA6628.7020008@jermar.eu> Date: Fri, 14 Dec 2012 00:35:04 +0100 From: Jakub Jermar MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------080808040409060500060806" Subject: [Qemu-devel] [MIPS Malta] Wrong relative jump in the YAMON print subroutine List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org This is a multi-part message in MIME format. --------------080808040409060500060806 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Hello, there appears to be a bug in the hand-written machine code which causes the YAMON print subroutine to jump to a wrong location after printing the first character. In hw/mips_malta.c, line 619, there is: stl_raw(p++, 0x08000205); /* j 814 */ which results in the following wrong code being generated: 0xbfc00814: lbu a0,0(t2) 0xbfc00818: addiu t2,t2,1 0xbfc0081c: beqz a0,0xbfc00834 0xbfc00820: nop 0xbfc00824: jal 0xbfc00870 0xbfc00828: nop 0xbfc0082c: j 0xb0000814 <==== HERE While in fact we would like it to branch to 0xbfc00814 instead. To achieve this effect, the line needs to be changed to read as: stl_raw(p++, 0x1000fff9); /* j 814 */ so that we get: 0xbfc00814: lbu a0,0(t2) 0xbfc00818: addiu t2,t2,1 0xbfc0081c: beqz a0,0xbfc00834 0xbfc00820: nop 0xbfc00824: jal 0xbfc00870 0xbfc00828: nop 0xbfc0082c: b 0xbfc00814 I verified the print subroutine works as expected with the fix. Please find the fix attached to this message. Regards, Jakub --------------080808040409060500060806 Content-Type: text/x-patch; name="yamon-print.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="yamon-print.patch" diff --git a/hw/mips_malta.c b/hw/mips_malta.c index dfd7b6b..77a8e88 100644 --- a/hw/mips_malta.c +++ b/hw/mips_malta.c @@ -616,7 +616,7 @@ static void write_bootloader (CPUMIPSState *env, uint8_t *base, stl_raw(p++, 0x00000000); /* nop */ stl_raw(p++, 0x0ff0021c); /* jal 870 */ stl_raw(p++, 0x00000000); /* nop */ - stl_raw(p++, 0x08000205); /* j 814 */ + stl_raw(p++, 0x1000fff9); /* j 814 */ stl_raw(p++, 0x00000000); /* nop */ stl_raw(p++, 0x01a00008); /* jr t5 */ stl_raw(p++, 0x01602021); /* move a0,t3 */ --------------080808040409060500060806--