--- qemu/tcg/mips/tcg-target.c	2018/04/24 18:25:15	1.1.1.4
+++ qemu/tcg/mips/tcg-target.c	2018/04/24 18:34:56	1.1.1.5
@@ -351,8 +351,10 @@ static inline void tcg_out_opc_imm(TCGCo
  */
 static inline void tcg_out_opc_br(TCGContext *s, int opc, int rt, int rs)
 {
-    /* We need to keep the offset unchanged for retranslation */
-    uint16_t offset = (uint16_t)(*(uint32_t *) &s->code_ptr);
+    /* We pay attention here to not modify the branch target by reading
+       the existing value and using it again. This ensure that caches and
+       memory are kept coherent during retranslation. */
+    uint16_t offset = (uint16_t)(*(uint32_t *) s->code_ptr);
 
     tcg_out_opc_imm(s, opc, rt, rs, offset);
 }