BSR/BSF undefined behaviour fix

git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@809 c046a42c-6fe2-441c-8c8c-71466251a162

target-i386/ops_template.h

@@ -513,7 +513,7 @@ void OPPROTO glue(glue(op_bsf, SUFFIX), _T0_cc)(void)
             count++;
             res >>= 1;
         }
-        T0 = count;
+        T1 = count;
         CC_DST = 1; /* ZF = 0 */
     } else {
         CC_DST = 0; /* ZF = 1 */
@@ -531,7 +531,7 @@ void OPPROTO glue(glue(op_bsr, SUFFIX), _T0_cc)(void)
             count--;
             res <<= 1;
         }
-        T0 = count;
+        T1 = count;
         CC_DST = 1; /* ZF = 0 */
     } else {
         CC_DST = 0; /* ZF = 1 */

target-i386/translate.c

@@ -3708,10 +3708,11 @@ static uint8_t *disas_insn(DisasContext *s, uint8_t *pc_start)
         modrm = ldub_code(s->pc++);
         reg = (modrm >> 3) & 7;
         gen_ldst_modrm(s, modrm, ot, OR_TMP0, 0);
+        /* NOTE: in order to handle the 0 case, we must load the
+           result. It could be optimized with a generated jump */
+        gen_op_mov_TN_reg[ot][1][reg]();
         gen_op_bsx_T0_cc[ot - OT_WORD][b & 1]();
-        /* NOTE: we always write back the result. Intel doc says it is
-           undefined if T0 == 0 */
-        gen_op_mov_reg_T0[ot][reg]();
+        gen_op_mov_reg_T1[ot][reg]();
         s->cc_op = CC_OP_LOGICB + ot;
         break;
         /************************/