The Octeon specific BBIT instruction incorrectly computes the branch offset. The 16 bit value is not sign extended.
Signed-off-by: Christopher Wrogg <cwr...@umich.edu> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1251 --- target/mips/tcg/octeon_translate.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/target/mips/tcg/octeon_translate.c b/target/mips/tcg/octeon_translate.c index 6a207d2e7e..90f7b105cb 100644 --- a/target/mips/tcg/octeon_translate.c +++ b/target/mips/tcg/octeon_translate.c @@ -38,7 +38,10 @@ static bool trans_BBIT(DisasContext *ctx, arg_BBIT *a) } ctx->hflags |= MIPS_HFLAG_BC; - ctx->btarget = ctx->base.pc_next + 4 + a->offset * 4; + a->offset *= 4; + a->offset = (target_long)(int16_t)a->offset; + ctx->btarget = ctx->base.pc_next + 4 + a->offset; + ctx->hflags |= MIPS_HFLAG_BDS32; tcg_temp_free(t0); -- 2.30.2