Famous last words (Updated)
Well, it worked to an extent, but as always when you think something won't take long, something always crops up.
I've successfully got to the point where I can get squeeze ("squeeze vsn 5.00 [Jan 11 1995] - compress an executable ARM-code program", plus SharedCLibrary and Messages modules from RO4) to compress a NetSurf !RunImage file, resulting in a identical file to one generated by the same utility on RO4. But, the RMA has to be located low in memory, for it to work! It has to be under the 16MB boundary, which is considerably below where it is in a real RISC OS system.
The possibilities I see at the moment are:
On real RISC OS, the shared C library mallocs from the WimpSlot rather than RMA.
I've got a problem with my implementation of the ARM emulator when it comes to shifts or overflows (the crash seems to appear when the most significant bytes of the malloc'd address is non-zero).
Update: It seems (http://www.iconbar.com/forums/viewthread.php?threadid=11447&page=1#114647) that the former is correct, and, on examining the emulator debug output, I notice that the library checks if it was called from SVC or USR mode and behaves appropriately. Unfortunately, the program never drops back into USR mode after a OS_EnterOS SWI, which is probably the problem.
Update 2: The culprit was that I hadn't emulated TEQP correctly for 26-bit mode. Since TEQ is a data processing operation with no destination, I'd simply ignored the destination part of the opcode; unfortunately it has a special meaning in 26-bit mode when the destination is 15 (the PC), and changes the processor mode. It's working much better now.