simx86: lret etc: new eip value in protmode via Sim_helper return

We can avoid setting TheCPU.eip if Sim_helper returns the new
eip in eax, and as vm86 iret already calls Sim_helper anyway,
use it for the cs:eip handling as well.

So now the only places left that set TheCPU.eip are RETl
and RETlisp in vm86, which are fully compiled there. Modifying
O_POP2 and A_SR_SH4 to avoid %eax is a little tricky.

Author: bartoldeman

src/base/emu-i386/simx86/codegen-sim.c

@@ -3096,34 +3096,37 @@ static unsigned int _Sim_helper(unsigned int mem_ref, unsigned int data, int mod
 /*ca*/	case RETlisp:
 /*cb*/	case RETl:
 /*cf*/	case IRET: {	/* restartable */
-			if (!REALADDR()) {
+			temp = data;
+			if (!REALADDR() || opc == IRET) {
 				unsigned int cs, eip;
 				unsigned int sp = rESP & TheCPU.StackMask;
 				if (mode&DATA16) {
 					eip = POPw(sp);
 					cs = POPw(sp);
-					if (opc == IRET) data = POPw(sp);
+					if (opc == IRET) temp = POPw(sp);
 				}
 				else {
 					eip = POPl(sp);
 					cs = POPl(sp);
-					if (opc == IRET) data = POPl(sp);
+					if (opc == IRET) temp = POPl(sp);
 				}
 				if (opc == RETlisp) {
 					sp += arg;
 					sp &= TheCPU.StackMask;
 				}
 				rESP = sp | (rESP&~TheCPU.StackMask);
-				if (SetSegProt_helper(cs, Ofs_CS) < 0)
+				if (REALADDR()) {
+					TheCPU.cs = cs;
+					LONG_CS = cs << 4;
+				}
+				else if (SetSegProt_helper(cs, Ofs_CS) < 0)
 					break;
-				/* safe to do here after any potential
-				   page fault: we return to the main loop after */
-				TheCPU.eip = eip;
+				/* eax used by JMP_INDIRECT */
+				data = eip;
 			}
 			if (opc != IRET) break;
 			/* non-segment GPF handled in interpreter */
 			assert(!(V86MODE() && IOPL!=3 && !(TheCPU.cr[4] & CR4_VME)));
-			temp = data;
 			/* IRET always returns with the new PC;
 			   TF is set via a negative exception code that doesn't
 			   interrupt the IRET */

src/base/emu-i386/simx86/interp.c

@@ -323,8 +323,6 @@ static unsigned int JumpGen(unsigned int P2, unsigned int Interp_LONG_CS,
 		Gen(JMP_LINK, mode, j_t, InstrMeta[0].npc);
 		break;
 	case RETl: case RETlisp: case IRET: // far ret, indirect
-		Gen(L_REG, mode, Ofs_EIP);
-		/* fall through */
 	case JMPli: case CALLli: case INT: // far jmp/call, indirect
 	case RET: case RETisp: case JMPi: case CALLi: // ret, indirect
 		Gen(JMP_INDIRECT, mode);
@@ -1695,6 +1693,7 @@ intop3b:		{ int op = ArOpsFR[D_MO(opc)];
 				Gen(O_POP2, _mode|MNOREG|MRETISP, dr);
 				AddrGen(A_SR_SH4, _mode, Ofs_CS, Ofs_XCS);
 				Gen(O_POP3, _mode);
+				Gen(L_REG, _mode, Ofs_EIP);
 			}
 			else {
 				Gen(O_SIM, _mode, opc, dr, P0);
@@ -1773,6 +1772,7 @@ intop3b:		{ int op = ArOpsFR[D_MO(opc)];
 				Gen(O_POP2, _mode|MNOREG);
 				AddrGen(A_SR_SH4, _mode, Ofs_CS, Ofs_XCS);
 				Gen(O_POP3, _mode);
+				Gen(L_REG, _mode, Ofs_EIP);
 			}
 			else {
 				Gen(O_SIM, _mode, opc, 0, P0);
@@ -1784,15 +1784,6 @@ intop3b:		{ int op = ArOpsFR[D_MO(opc)];
 			if (V86MODE() && IOPL!=3 && !(TheCPU.cr[4] & CR4_VME)) {
 			    PC++; goto not_permitted;	/* GPF */
 			}
-			if (REALADDR()) {
-				/* pop from stack without adjusting esp before A_SR_* */
-				Gen(O_POP1, _mode);
-				Gen(O_POP2, _mode, Ofs_EIP);
-				Gen(O_POP2, _mode|MNOREG);
-				AddrGen(A_SR_SH4, _mode, Ofs_CS, Ofs_XCS);
-				Gen(O_POP3, _mode);
-				Gen(O_POP, _mode);
-			}
 			Gen(O_SIM, _mode, opc, 0, P0);
 			PC = JumpGen(PC, Interp_LONG_CS, _mode, opc, 1);
 			break;