As everyone else in this thread has already said: Really impressive work!
This may be a stupid question, but how do you (and/or the CPU) determine where the entry point for a particular opcode or subroutine is?
---
Even more interesting (IMHO) would be the microcode for the 286 and 386. Could answer the question why a task switch in microcode is slower than doing the same thing in software, or how exactly ICE mode works.
Slight derail regarding ICE mode on the 286:
I found out why F1 0F 04 doesn't work on some machines, apparently if there is any other bus request (i.e. memory refresh!) at some point when executing this instruction, it locks up so badly that even a reset signal can't bring it back. When refresh is disabled, it seems to be 100% reliable.
One thing relevant to the thread topic, I observed that ALU reg<->r/m type instructions don't use temporary registers anymore (at least not the ten ones dumped by 0F 04). But reg<->imm still does.
And a possible easter egg: immediately after reset, one register is loaded with 002A - answer to life, the universe and everything?