0

This question specifically concerns the VR3000A and MIPS I instruction set, although it's more of a general MIPS question.

I recently found a set of PlayStation 1 hardware tests about the behavior of branches and jumps placed directly after each other without any extra instructions to separate them. This test shows that branches are relative to wherever the PC is currently which can cause behavior that isn't immediately obvious. Another test shows much more predictable behavior for the absolute jump instruction, which makes sense.

One thing this doesn't test (due to the limitations of the PlayStation's memory map) is what would happen when crossing a segment boundary. The bottom 28 bits of the jump address are specified by the instruction, but the top 4 bits are still derived from PC. Take this this example. The second j is in segment 0x8xxx'xxxx, but it gets executed while PC is in segment 0x7xxx'xxxx. Would this end up jumping to 0x8000'1234 like expected or 0x7000'1234 instead?

7FFF'0000: addr1:  nop
...
7FFF'7FFC:         j addr1 ; Execution starts here
8000'0000:         j addr2
8000'0004:         nop
...
8000'1234: addr2:  nop
...
IDontKnowWhatToPutAsMyUsername
  • 368
  • 4
  • 19
  • Did you mean `7FFF'FFFC`? `7FFF'7FFC` is the word address before `7FFF'8000`, not `8000'0000`. Doesn't the MIPS 1 manual just say the behaviour is unpredictable when you have a jump or branch in the branch-delay slot? I guess it's still interesting what actually happens on some specific CPU, especially when no exception or interrupt is taken between the two branches, including not TLB miss or page fault. Naively, I'd guess that the second branch would also get executed, since it's in the branch delay slot. – Peter Cordes Jun 28 '23 at 21:58
  • Even with just `j addr1` it should be region-absolute to the region that includes the branch delay slot, not the j instruction itself. (`8xxx'xxxx` if it was actually at `7FFF'FFFC`). So it can't jump to `7FFF'0000` (not encodeable), unless [How to Calculate Jump Target Address and Branch Target Address?](https://stackoverflow.com/q/6950230) is wrong about it replacing the low 28 bits of PC+4, where PC is the address of the start of the `j` instruction. – Peter Cordes Jun 28 '23 at 22:01

0 Answers0