It looks like the operands where exchanged. HP bootrom tests the following sequence:
0x00000000f0004064: ldil L%-66666800,r7 0x00000000f0004068: addi 19f,r7,r7 0x00000000f000406c: addi -1,r0,rp 0x00000000f0004070: addi f,r0,r4 0x00000000f0004074: addi 1,r4,r5 0x00000000f0004078: dcor rp,r6 0x00000000f000407c: cmpb,<>,n r6,r7,0xf000411 This returned 0x66666661 instead of the expected 0x9999999f in QEMU. Signed-off-by: Sven Schnelle <sv...@stackframe.org> --- target/hppa/translate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/hppa/translate.c b/target/hppa/translate.c index d858fabd3a..69c5a558fc 100644 --- a/target/hppa/translate.c +++ b/target/hppa/translate.c @@ -2797,7 +2797,7 @@ static DisasJumpType trans_dcor(DisasContext *ctx, uint32_t insn, } tcg_gen_andi_reg(tmp, tmp, 0x11111111); tcg_gen_muli_reg(tmp, tmp, 6); - ret = do_unit(ctx, rt, tmp, load_gpr(ctx, r2), cf, false, + ret = do_unit(ctx, rt, load_gpr(ctx, r2), tmp, cf, false, is_i ? tcg_gen_add_reg : tcg_gen_sub_reg); return nullify_end(ctx, ret); -- 2.20.1