I'm still not comfortable with the PS2 MIPS cpu model, as I mentioned before, so it's probably best that you check my conclusions too.
The best I can do here is to tell you what values each register has at the time of this syscall, and let you interpret what that means. But of course, I'll have to do it indirectly, without including the code itself, as that remains copyrighted.
Before excuting the RFU060 syscall (ie: syscall with v1==0x3C) the following registers have been set up:
---- Early on, two registers are used to zero an area ----
r02_v0 = 0x0054B200 -- which is identical to '.sbss'
r03_v1 = 0x00562BBC -- which is identical to '.vubss'
---- This area is processed in a loop that seems to clear it ----
---- (My opcode lists lack detailed info on 'sq') ----
---- After that loop both regs have the value '.vubss' ----
---- The regs below seem to be the syscall arguments ----
r04_a0 = 0x005431F0
r05_a1 = 0x01FC0000
r06_a2 = 0x00040000
r07_a3 = 0x0054B900 -- which is identical to '.bss'
r08_t0 = 0x001000C0 -- which is identical to 'ExitThread' label
r28_gp = 0x005431F0 -- same value as in r04_a0
r03_v1 = 0x0000003C -- syscall function code for RFU060
---- Then the syscall is made ----
---- After the syscall the stack pointer is set ----
r29_sp = r02_v0
My own interpretation of this is that the stack pointer will be 0x01FC0000, with 256KB of stack space, in which case there should be no space problem. Right ?
(Meaning that my ideas on fixing it go down the drain... )
Best regards: dlanor