short term:
----------
- physical memory cache (reduce qemu-fast address space size to about 32 MB)
- better code fetch (different exception handling + CS.limit support)
- do not resize vga if invalid size.
- avoid looping if only exceptions
- handle fast timers + add explicit clocks
- cycle counter for all archs
- TLB code protection support for PPC
- add sysenter/sysexit and fxsr for L4 pistachio 686
- basic VGA optimizations
- disable SMC handling for ARM/SPARC/PPC (not finished)
- see undefined flags for BTx insn
- user/kernel PUSHL/POPL in helper.c
- keyboard output buffer filling timing emulation
- return UD exception if LOCK prefix incorrectly used
- test ldt limit < 7 ?
- tests for each target CPU
- fix CCOP optimisation
- fix all remaining thread lock issues (must put TBs in a specific invalid
  state, find a solution for tb_flush()).
- fix arm fpu rounding (at least for float->integer conversions)
- SMP support

lower priority:
--------------
- HDD geometry in CMOS (not used except for very old DOS programs)
- suppress shift_mem ops
- fix some 16 bit sp push/pop overflow (pusha/popa, lcall lret)
- sysenter/sysexit emulation
- optimize FPU operations (evaluate x87 stack pointer statically)
- add IPC syscalls
- use -msoft-float on ARM
- use kernel traps for unaligned accesses on ARM ?
- handle rare page fault cases (in particular if page fault in heplers or
  in syscall emulation code).
- fix thread stack freeing (use kernel 2.5.x CLONE_CHILD_CLEARTID)
- more syscalls (in particular all 64 bit ones, IPCs, fix 64 bit
  issues, fix 16 bit uid issues)
- use page_unprotect_range in every suitable syscall to handle all
  cases of self modifying code.
- use gcc as a backend to generate better code (easy to do by using
  op-i386.c operations as local inline functions).
- add SSE2/MMX operations