Hello,
there appears to be a bug in the hand-written machine code which causes
the YAMON print subroutine to jump to a wrong location after printing
the first character. In hw/mips_malta.c, line 619, there is:
stl_raw(p++, 0x08000205); /* j 814 */
which results in the following wrong code being generated:
0xbfc00814: lbu a0,0(t2)
0xbfc00818: addiu t2,t2,1
0xbfc0081c: beqz a0,0xbfc00834
0xbfc00820: nop
0xbfc00824: jal 0xbfc00870
0xbfc00828: nop
0xbfc0082c: j 0xb0000814 <==== HERE
While in fact we would like it to branch to 0xbfc00814 instead. To
achieve this effect, the line needs to be changed to read as:
stl_raw(p++, 0x1000fff9); /* j 814 */
so that we get:
0xbfc00814: lbu a0,0(t2)
0xbfc00818: addiu t2,t2,1
0xbfc0081c: beqz a0,0xbfc00834
0xbfc00820: nop
0xbfc00824: jal 0xbfc00870
0xbfc00828: nop
0xbfc0082c: b 0xbfc00814
I verified the print subroutine works as expected with the fix.
Please find the fix attached to this message.
Regards,
Jakub
diff --git a/hw/mips_malta.c b/hw/mips_malta.c
index dfd7b6b..77a8e88 100644
--- a/hw/mips_malta.c
+++ b/hw/mips_malta.c
@@ -616,7 +616,7 @@ static void write_bootloader (CPUMIPSState *env, uint8_t *base,
stl_raw(p++, 0x00000000); /* nop */
stl_raw(p++, 0x0ff0021c); /* jal 870 */
stl_raw(p++, 0x00000000); /* nop */
- stl_raw(p++, 0x08000205); /* j 814 */
+ stl_raw(p++, 0x1000fff9); /* j 814 */
stl_raw(p++, 0x00000000); /* nop */
stl_raw(p++, 0x01a00008); /* jr t5 */
stl_raw(p++, 0x01602021); /* move a0,t3 */
