Why psp is modifying a mips instruction?

[dreambottle]

Hi PSP experts and hackers!

I am making a few mips assembly patches for the Remember11 translation port, that I'm currently working on (https: //github.com/dreambottle/R11-psp-english , game id: ULJM05444). What I noticed in the debugger, is that the instruction at address 0x0881A990 (Physical 0x16A30 in the BOOT.BIN file) is transformed before runtime into something else (for example 'nop' becomes 'sll v0, zero, 0'). It doesn't depend on what the instruction is and what other instructions surround it.

I am using armips for compiling/patching the assembly, but I am sure that it works correctly - I checked the resulting file, and the hex values are correct.
In fact, even when I'm filling the whole subroutine with nop's, when I launch the game, in the debugger, I see:

Code:

0881A984:
    nop    
    nop    
    nop    
    sll    v0,zero,0x0
    nop    
    nop    
    nop    
    ...

A few other observations:
- It's not just what debugger shows - it's how it actually works. If I place some instruction in that place, it will mess it up and, in the worst case, hang the game.
- It works in the same way both on the ppsspp emulator and on the real psp, so this is not a ppsspp issue.
- I thought - "maybe the game can modify it's own code?" - this is not the case, the read/write breakpoint at 0x0881A990 is never triggered.

While I managed to work this around, I am still curious what kind of magic this is. It seems to me that this is a feature, not a bug. Can anyone explain it?