mips: advance PC for SYSCALL instruction. this fixes issue #157

include/uc_priv.h

@@ -185,6 +185,7 @@ struct uc_struct {
     void *qemu_thread_data; // to support cross compile to Windows (qemu-thread-win32.c)
     uint32_t target_page_size;
     uint32_t target_page_align;
+    uint64_t next_pc;   // save next PC for some special cases
 };
 
 #include "qemu_macro.h"

qemu/cpu-exec.c

@@ -136,6 +136,9 @@ int cpu_exec(struct uc_struct *uc, CPUArchState *env)   // qq
                     // point EIP to the next instruction after INT
                     env->eip = env->exception_next_eip;
 #endif
+#if defined(TARGET_MIPS) || defined(TARGET_MIPS64)
+                    env->active_tc.PC = uc->next_pc;
+#endif
 #endif
                 }
             }

qemu/target-mips/translate.c

@@ -19348,6 +19348,7 @@ gen_intermediate_code_internal(MIPSCPU *cpu, TranslationBlock *tb,
         switch (ctx.bstate) {
         case BS_STOP:
             gen_goto_tb(&ctx, 0, ctx.pc);
+            env->uc->next_pc = ctx.pc;
             break;
         case BS_NONE:
             save_cpu_state(&ctx, 0);

qemu/tcg/tcg.c

@@ -2586,8 +2586,13 @@ int tcg_gen_code(TCGContext *s, tcg_insn_unit *gen_code_buf)    // qq
     }
 #endif
 
+    //printf("====== before gen code\n");
+    //tcg_dump_ops(s);
     tcg_gen_code_common(s, gen_code_buf, -1);   // qq
 
+    //printf("====== after gen code\n");
+    //tcg_dump_ops(s);
+
     /* flush instruction cache */
     flush_icache_range((uintptr_t)s->code_buf, (uintptr_t)s->code_ptr);
 

tests/regress/mips_syscall_pc.py

@@ -1,3 +1,5 @@
+#!/usr/bin/python
+
 from unicorn import *
 from unicorn.mips_const import *
 
@@ -13,4 +15,4 @@ uc.mem_write(addr, code)
 uc.reg_write(UC_MIPS_REG_V0, 100)
 uc.hook_add(UC_HOOK_INTR, intr_hook)
 
-uc.emu_start(addr, len(code))
+uc.emu_start(addr, addr+len(code))