--- np2/i386c/ia32/exception.c	2011/12/29 13:32:12	1.32
+++ np2/i386c/ia32/exception.c	2012/06/18 14:30:27	1.38
@@ -64,6 +64,10 @@ static const int dftable[4][4] = {
 void CPUCALL
 exception(int num, int error_code)
 {
+#if defined(DEBUG)
+	extern int cpu_debug_rep_cont;
+	extern CPU_REGS cpu_debug_rep_regs;
+#endif
 	int errorp = 0;
 
 	__ASSERT((unsigned int)num < EXCEPTION_NUM);
@@ -74,8 +78,15 @@ exception(int num, int error_code)
 #endif
 
 	VERBOSE(("exception: -------------------------------------------------------------- start"));
-	VERBOSE(("exception: %s, error_code = %x at %04x:%08x, %04x:%08x", exception_str[num], error_code, CPU_CS, CPU_PREV_EIP, CPU_SS, CPU_ESP));
+	VERBOSE(("exception: %s, error_code = %x at %04x:%08x", exception_str[num], error_code, CPU_CS, CPU_PREV_EIP));
 	VERBOSE(("%s", cpu_reg2str()));
+	VERBOSE(("code: %dbit(%dbit), address: %dbit(%dbit)", CPU_INST_OP32 ? 32 : 16, CPU_STATSAVE.cpu_inst_default.op_32 ? 32 : 16, CPU_INST_AS32 ? 32 : 16, CPU_STATSAVE.cpu_inst_default.as_32 ? 32 : 16));
+#if defined(DEBUG)
+	if (cpu_debug_rep_cont) {
+		VERBOSE(("rep: original regs: ecx=%08x, esi=%08x, edi=%08x", cpu_debug_rep_regs.reg[CPU_ECX_INDEX].d, cpu_debug_rep_regs.reg[CPU_ESI_INDEX].d, cpu_debug_rep_regs.reg[CPU_EDI_INDEX].d));
+	}
+	VERBOSE(("%s", cpu_disasm2str(CPU_PREV_EIP)));
+#endif
 
 	CPU_STAT_EXCEPTION_COUNTER_INC();
 	if ((CPU_STAT_EXCEPTION_COUNTER >= 3) 
@@ -136,14 +147,7 @@ exception(int num, int error_code)
 
 	VERBOSE(("exception: ---------------------------------------------------------------- end"));
 
-	interrupt(num, INTR_TYPE_EXTINTR, errorp, error_code);
-#if defined(IA32_SUPPORT_DEBUG_REGISTER)
-	if (num != BP_EXCEPTION) {
-		if (CPU_INST_OP32) {
-			set_eflags(REAL_EFLAGREG|RF_FLAG, RF_FLAG);
-		}
-	}
-#endif
+	interrupt(num, INTR_TYPE_EXCEPTION, errorp, error_code);
 	CPU_STAT_EXCEPTION_COUNTER_CLEAR();
 	siglongjmp(exec_1step_jmpbuf, 1);
 }
@@ -216,7 +220,7 @@ interrupt(int num, int intrtype, int err
 	UINT16 new_cs;
 	int exc_errcode;
 
-	VERBOSE(("interrupt: num = 0x%02x, intrtype = %s, errorp = %s, error_code = %08x", num, intrtype ? "on" : "off", errorp ? "on" : "off", error_code));
+	VERBOSE(("interrupt: num = 0x%02x, intrtype = %s, errorp = %s, error_code = %08x", num, (intrtype == INTR_TYPE_EXTINTR) ? "external" : (intrtype == INTR_TYPE_EXCEPTION ? "exception" : "softint"), errorp ? "on" : "off", error_code));
 
 	CPU_SET_PREV_ESP();
 
@@ -298,8 +302,8 @@ interrupt(int num, int intrtype, int err
 		}
 
 		/* 5.10.1.1. 例外／割り込みハンドラ・プロシージャの保護 */
-		if ((intrtype != INTR_TYPE_EXTINTR) && (gsd.dpl < CPU_STAT_CPL)) {
-			VERBOSE(("interrupt: intrtype(%d) && DPL(%d) < CPL(%d)", intrtype, gsd.dpl, CPU_STAT_CPL));
+		if ((intrtype == INTR_TYPE_SOFTINTR) && (gsd.dpl < CPU_STAT_CPL)) {
+			VERBOSE(("interrupt: intrtype(softint) && DPL(%d) < CPL(%d)", gsd.dpl, CPU_STAT_CPL));
 			EXCEPTION(GP_EXCEPTION, exc_errcode);
 		}
 
@@ -378,7 +382,12 @@ interrupt_task_gate(const descriptor_t *
 	CPU_SET_PREV_ESP();
 
 	if (errorp) {
-		XPUSH0(error_code);
+		VERBOSE(("interrupt: push error code (%08x)", error_code));
+		if (task_sel.desc.type == CPU_SYSDESC_TYPE_TSS_32) {
+			PUSH0_32(error_code);
+		} else {
+			PUSH0_16(error_code);
+		}
 	}
 
 	/* out of range */
@@ -400,6 +409,7 @@ interrupt_intr_or_trap(const descriptor_
 	UINT32 new_ip, new_sp;
 	UINT32 old_ip, old_sp;
 	UINT16 old_cs, old_ss, new_ss;
+	BOOL is32bit;
 	int exc_errcode;
 	int rv; 
 
@@ -462,6 +472,7 @@ interrupt_intr_or_trap(const descriptor_
 		EXCEPTION(NP_EXCEPTION, exc_errcode);
 	}
 
+	is32bit = gsdp->type & CPU_SYSDESC_TYPE_32BIT;
 	if (!SEG_IS_CONFORMING_CODE(&cs_sel.desc) && (cs_sel.desc.dpl < CPU_STAT_CPL)) {
 		stacksize = errorp ? 12 : 10;
 		if (!CPU_STAT_VM86) {
@@ -476,7 +487,7 @@ interrupt_intr_or_trap(const descriptor_
 			}
 			stacksize += 8;
 		}
-		if (gsdp->type & CPU_SYSDESC_TYPE_32BIT) {
+		if (is32bit) {
 			stacksize *= 2;
 		}
 
@@ -527,7 +538,7 @@ interrupt_intr_or_trap(const descriptor_
 		}
 
 		/* check stack room size */
-		cpu_stack_push_check(ss_sel.idx, &ss_sel.desc, new_sp, stacksize);
+		cpu_stack_push_check(ss_sel.idx, &ss_sel.desc, new_sp, stacksize, ss_sel.desc.d);
 
 		/* out of range */
 		if (new_ip > cs_sel.desc.u.seg.limit) {
@@ -541,7 +552,7 @@ interrupt_intr_or_trap(const descriptor_
 		load_cs(cs_sel.selector, &cs_sel.desc, cs_sel.desc.dpl);
 		CPU_EIP = new_ip;
 
-		if (gsdp->type & CPU_SYSDESC_TYPE_32BIT) {
+		if (is32bit) {
 			if (CPU_STAT_VM86) {
 				PUSH0_32(CPU_GS);
 				PUSH0_32(CPU_FS);
@@ -591,7 +602,7 @@ interrupt_intr_or_trap(const descriptor_
 		VERBOSE(("interrupt: INTRA-PRIVILEGE-LEVEL-INTERRUPT"));
 
 		stacksize = errorp ? 8 : 6;
-		if (gsdp->type & CPU_SYSDESC_TYPE_32BIT) {
+		if (is32bit) {
 			stacksize *= 2;
 		}
 
@@ -601,7 +612,11 @@ interrupt_intr_or_trap(const descriptor_
 		} else {
 			sp = CPU_SP;
 		}
-		SS_PUSH_CHECK(sp, stacksize);
+		/* 17.1 全てのデータ・ディスクリプタの B フラグは、
+		 * エクスパンドダウン・セグメントの上位アドレス範囲の
+		 * 制御も行う。
+		 */
+		SS_PUSH_CHECK1(sp, stacksize, is32bit);
 
 		/* out of range */
 		if (new_ip > cs_sel.desc.u.seg.limit) {
@@ -612,7 +627,7 @@ interrupt_intr_or_trap(const descriptor_
 		load_cs(cs_sel.selector, &cs_sel.desc, CPU_STAT_CPL);
 		CPU_EIP = new_ip;
 
-		if (gsdp->type & CPU_SYSDESC_TYPE_32BIT) {
+		if (is32bit) {
 			PUSH0_32(old_flags);
 			PUSH0_32(old_cs);
 			PUSH0_32(old_ip);