DOCSLIB.ORG

Hardware-Based Temporal Logic Checkers for the Debugging of Digital Integrated Circuits

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Hardware-Based Temporal Logic Checkers for the Debugging of Digital Integrated Circuits Hardware-based Temporal Logic Checkers for the Debugging of Digital Integrated Circuits Jean-Samuel Chenard Department of Electrical & Computer Engineering McGill University Montréal, Canada October 2011 A thesis submitted to McGill University in partial fulfillment of the requirements for the degree of Doctor of Philosophy. c 2011 Jean-Samuel Chenard Acknowledgements Graduate studies for me were more than just a career change. The ability to take the time to reflect upon a problem and begin to see what others have done before me required time to acquire. Going from what I could do to what can be done requires a different mindset, but offers greater rewards and more elaborate opportunities. My industrial experience provided me with good practical skills before I decided to pursue graduate studies. My academic experience showed me countless ways to approach a problem and gave me appreciation for how much has been done before and how many very talented people have solved so many problems. It also showed me that by taking the risk to try fundamentally different approaches, even if they appeared to be very difficult, turned out to be the most profitable experiences. I would like to express my gratitude towards my supervisor Professor Zeljko Zilic for his guidance, trust and patience through all the years I spent in the In- tegrated Microsystems Laboratory, first towards the completion of my Masters of Engineering and now for this doctoral thesis. His constant support and under- standing made a great difference and by far exceeded all my expectations of what a supervisor can provide to his students. I want to highlight the help of my good friend and colleague Stephan Bourduas for our collaboration on Network-on-Chip development, our many co-authored publications, and more recently for his insight on the verification methodology used at his work for the largest microprocessor company in the world. Marc Boule was also a key player in the work presented. His inspiring work on the MBAC hardware assertion compiler provided the foundation for many of the ideas pre- iii sented in this thesis. Through our many co-authored publications I was able to appreciate his astute mathematical abilities and enjoyed discussing and debating with him about our proposed debug methodologies. Thanks to my colleagues Bojan Mihajlovic, Nathaniel Azuelos, Jason Tong and Mohammadhossein Neishabouri for the help and feedback they have provided on this work and thanks to Amanda Greenman for her editorial assistance. I wish to express my sincere thanks to my funding sources, notably NSERC and McGill. Without those, I don’t believe it would have been financially possible to support these long studies. I am also very grateful towards CMC Microsystems for providing such high quality hardware tools, workstations and technical sup- port over the years. I wish to recognize the work of the many very talented open-source program- mers who have helped realize the vision of the GNU/Linux operating system. I used this system throughout my studies on my workstations. I used the GNU/Linux resources as tools, reference material and as an experimental platform on many levels. I even used it to run my online business. It provided me a low-cost solution for selling electronic boards, contributing to paying the expenses associated with long-term studies. Following the open source philosophy was one of the best tech- nical decisions I made. I have made a few contributions to this community and hope to make many more in the future. A special thank to Edouard Dufresne, who, when I was only a kid, showed me the basics of Ohm’s law, antenna design and electronic systems and provided me with my first paid job. His hope was that some day, I would do well in science and engineering. Hopefully, this work can demonstrate that I certainly did progress in that path. I wish to thank my parents for their never-ending faith in my abilities and their approach to my education. Their unconventional approach to life and how to make your own way without worrying too much about what others think played a key role in the way I do my work, each and every day. iv Finally, I wish to thank the love of my life and my dear wife Hsin Yun. She gave me the inspiration and support to ensure that this work came to an end. I am forever grateful. I wish to dedicate this thesis to my two daughters: Eliane and Livia. May you realize that if you follow your passion and put in a lot of hard work, you can accomplish pretty much anything that you wish. v Abstract Integrated circuit complexity is ever increasing and the debug process of modern de- vices pose important technical challenges and cause delays in production. A comprehen- sive Design-for-Debug methodology is therefore rapidly becoming a necessity. This thesis presents a comprehensive system-level approach to debugging based on in- silicon hardware checkers. The proposed approach leverages existing assertion-based ver- ification libraries by translating useful temporal logic statements into efficient hardware circuits. Those checker circuits are then integrated in the device as part of the memory map, so they can provide on-line monitoring and debug assistance in addition to accel- erating the integration of performance monitoring counters. The thesis presents a set of enhancements to the translation process from temporal language to hardware targeted such that an eventual debug process is made more efficient. Automating the integration of the checker’s output and control structures is covered along with a practical method that allow transparent access to the resulting registers within a modern (Linux) operating system. Finally, a method of integration of the hardware checkers in future Network-on- Chip systems is proposed. The use of a quality metric encompassing test, monitoring and debug considerations is defined along with the necessary tool flow required to support the process. vii Abrégé La complexité des circuits intégrés augmente sans cesse et à un tel point que le procés- sus de déboggage pose de nombreux problèmes techniques et engendre des retards dans la production. Une approche d’ensemble de conception pour le déboggage (Design-for- Debug) devient donc rapidement une nécessité. Cette thèse propose une approche détaillée de niveau système, intégrant des circuits de surveillance sur puce. L’approche proposée s’appuie sur la réutilisation de déclarations écrites en language de logique temporelle afin de les transformer en circuits digitaux effi- caces. Ces derniers seront intégrés à la puce à travers son interface d’image mémoire afin qu’ils puissent servir au processus de déboggage ainsi qu’à une utilisation dans le système lorsque la puce est intégrée dans son environement. Cette thèse présente une série d’ajout au procéssus de transformation d’instructions de logique temporelle de manière à faciliter le procéssus de déboggage. Une méthode qui automatise l’intégration des sorties et du contrôle des circuits de surveillance est présentée ainsi que la manière dont une utilisation de ces circuits peut être accomplie dans le contexte d’un système d’exploitation moderne (Linux). Finalement, une méthode globale d’intégration des circuits de vérification dans le contexte de systèmes basés sur les réseaux-sur-puce est présentée, accompagnée de la chaine d’outils requise pour supporter ce nouveau processus de conception. Cette méth- ode propose l’utilisation de facteurs de qualité de test, de surveillance et de déboggage (Test, Monitoring and Debug) permettant une meilleure sélection des circuits ainsi qu’une intégration plus efficace au niveau des resources matérielles. ix Contents Contents xv List of Figures xviii List of Tables xix List of Listings xxi 1 Introduction 1 1.1 Semiconductor Manufacturing Process . 2 1.2 Debugging Process . 4 1.3 Debugging of future digital systems . 6 1.4 A Systematic Approach to Design for Debugging . 7 1.5 Properties of Debuggable Systems . 8 1.6 Thesis Contributions . 14 1.7 Self-Citations . 15 1.7.1 Earlier Work on Debug and Systems . 19 1.8 Thesis Organization . 20 2 Background and Related Work 23 2.1 Complexity Trends in Digital Systems . 23 2.1.1 The “Simple” Hardware Systems . 23 2.1.2 Programmable Logic and Reprogrammable Systems-on-Chip . 25 2.1.3 Graphic Processing Unit Programming . 29 2.1.4 Computers and Virtualization . 31 2.1.5 Multi-core System-on-Chip and Network-on-Chip Evolution . 32 2.2 Terminology . 35 2.3 Modern Digital Verification Methodology . 41 2.3.1 Black Box and White Box Verification . 42 xi Contents 2.3.2 Structure of a Verification Environment . 43 2.3.3 Verification Classes . 45 2.3.4 Constrained Random-Based Verification . 46 2.3.5 Golden Reference Model and Predictor . 47 2.3.6 Measuring Coverage of the Verification . 48 2.4 Assertions and Temporal Logic in Verification . 50 2.4.1 Design for Debugging . 52 2.4.2 Follow-up work on Time-multiplexing of Assertion Checkers . 55 2.4.3 Design-for-Debug in Network-On-Chip . 56 2.5 Chronological Work Overview . 59 2.5.1 NoC Research Work . 59 2.5.2 NoC Topology Consideration for Physical Implementation . 60 2.5.3 The Need for Hardware-Based Monitoring Points . 61 2.5.4 The Difficulty of Integrating Large Systems . 63 3 Checkers as Dynamic Assistants to Silicon Debug 67 3.1 Benefits to Designers . 68 3.2 Assertion Checkers Enhancements for In-Silicon Debugging . 71 3.2.1 Antecedent and Activity Monitoring . 71 3.2.2 Assertion Dependency Graphs . 73 3.2.3 Assertion Completion Mode . 75 3.2.4 Assertion Activity and Coverage . 77 3.2.5 Hardware Assertion Threading .
Load more

Recommended publications
  • Hardware Realization of an FPGA Processor – Operating System Call Offload and Experiences
    Downloaded from orbit.dtu.dk on: Oct 02, 2021 Hardware Realization of an FPGA Processor – Operating System Call Offload and Experiences Hindborg, Andreas Erik; Schleuniger, Pascal; Jensen, Nicklas Bo; Karlsson, Sven Published in: Proceedings of the 2014 Conference on Design and Architectures for Signal and Image Processing (DASIP) Publication date: 2014 Link back to DTU Orbit Citation (APA): Hindborg, A. E., Schleuniger, P., Jensen, N. B., & Karlsson, S. (2014). Hardware Realization of an FPGA Processor – Operating System Call Offload and Experiences. In A. Morawiec, & J. Hinderscheit (Eds.), Proceedings of the 2014 Conference on Design and Architectures for Signal and Image Processing (DASIP) IEEE. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. Users may download and print one copy of any publication from the public portal for the purpose of private study or research. You may not further distribute the material or use it for any profit-making activity or commercial gain You may freely distribute the URL identifying the publication in the public portal If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. Hardware Realization of an FPGA Processor – Operating System Call Offload and Experiences Andreas Erik Hindborg, Pascal Schleuniger Nicklas Bo Jensen, Sven Karlsson DTU Compute – Technical University of Denmark fahin,pass,nboa,[email protected] Abstract—Field-programmable gate arrays, FPGAs, are at- speedup of up to 64% over a Xilinx MicroBlaze based baseline tractive implementation platforms for low-volume signal and system.
    [Show full text]
  • Bringing Virtualization to the X86 Architecture with the Original Vmware Workstation
    12 Bringing Virtualization to the x86 Architecture with the Original VMware Workstation EDOUARD BUGNION, Stanford University SCOTT DEVINE, VMware Inc. MENDEL ROSENBLUM, Stanford University JEREMY SUGERMAN, Talaria Technologies, Inc. EDWARD Y. WANG, Cumulus Networks, Inc. This article describes the historical context, technical challenges, and main implementation techniques used by VMware Workstation to bring virtualization to the x86 architecture in 1999. Although virtual machine monitors (VMMs) had been around for decades, they were traditionally designed as part of monolithic, single-vendor architectures with explicit support for virtualization. In contrast, the x86 architecture lacked virtualization support, and the industry around it had disaggregated into an ecosystem, with different ven- dors controlling the computers, CPUs, peripherals, operating systems, and applications, none of them asking for virtualization. We chose to build our solution independently of these vendors. As a result, VMware Workstation had to deal with new challenges associated with (i) the lack of virtual- ization support in the x86 architecture, (ii) the daunting complexity of the architecture itself, (iii) the need to support a broad combination of peripherals, and (iv) the need to offer a simple user experience within existing environments. These new challenges led us to a novel combination of well-known virtualization techniques, techniques from other domains, and new techniques. VMware Workstation combined a hosted architecture with a VMM. The hosted architecture enabled a simple user experience and offered broad hardware compatibility. Rather than exposing I/O diversity to the virtual machines, VMware Workstation also relied on software emulation of I/O devices. The VMM combined a trap-and-emulate direct execution engine with a system-level dynamic binary translator to ef- ficiently virtualize the x86 architecture and support most commodity operating systems.
    [Show full text]
  • Static Fault Attack on Hardware DES Registers
    Static Fault Attack on Hardware DES Registers Philippe Loubet-Moundi, Francis Olivier, and David Vigilant Gemalto, Security Labs, France {philippe.loubet-moundi,david.vigilant,francis.olivier}@gemalto.com http://www.gemalto.com Abstract. In the late nineties, Eli Biham and Adi Shamir published the first paper on Differential Fault Analysis on symmetric key algorithms. More specifically they introduced a fault model where a key bit located in non-volatile memory is forced to 0=1 with a fault injection. In their scenario the fault was permanent, and could lead the attacker to full key recovery with low complexity. In this paper, another fault model is considered: forcing a key bit to 0=1 in the register of a hardware block implementing Data Encryption Stan- dard. Due to the specific location of the fault, the key modification is not permanent in the life of the embedded device, and this leads to apply a powerful safe-error like attack. This paper reports a practical validation of the fault model on two actual circuits, and discusses limitations and efficient countermeasures against this threat. Keywords: Hardware DES, fault attacks, safe-error, register attacks 1 Introduction Fault attacks against embedded systems exploit the disturbed execution of a given program to infer sensitive data, or to execute unauthorized parts of this program. Usually a distinction is made between permanent faults and transient faults.A permanent fault alters the behavior of the device from the moment it is injected, and even if the device is powered off [8]. On the other hand, a transient fault has an effect limited in time, only a few cycles of the process are affected.
    [Show full text]
  • Validating Register Allocation and Spilling
    Validating Register Allocation and Spilling Silvain Rideau1 and Xavier Leroy2 1 Ecole´ Normale Sup´erieure,45 rue d'Ulm, 75005 Paris, France [email protected] 2 INRIA Paris-Rocquencourt, BP 105, 78153 Le Chesnay, France [email protected] Abstract. Following the translation validation approach to high- assurance compilation, we describe a new algorithm for validating a posteriori the results of a run of register allocation. The algorithm is based on backward dataflow inference of equations between variables, registers and stack locations, and can cope with sophisticated forms of spilling and live range splitting, as well as many architectural irregular- ities such as overlapping registers. The soundness of the algorithm was mechanically proved using the Coq proof assistant. 1 Introduction To generate fast and compact machine code, it is crucial to make effective use of the limited number of registers provided by hardware architectures. Register allocation and its accompanying code transformations (spilling, reloading, coa- lescing, live range splitting, rematerialization, etc) therefore play a prominent role in optimizing compilers. As in the case of any advanced compiler pass, mistakes sometimes happen in the design or implementation of register allocators, possibly causing incorrect machine code to be generated from a correct source program. Such compiler- introduced bugs are uncommon but especially difficult to exhibit and track down. In the context of safety-critical software, they can also invalidate all the safety guarantees obtained by formal verification of the source code, which is a growing concern in the formal methods world. There exist two major approaches to rule out incorrect compilations. Com- piler verification proves, once and for all, the correctness of a compiler or compi- lation pass, preferably using mechanical assistance (proof assistants) to conduct the proof.
    [Show full text]
  • V810 Familytm 32-Bit Microprocessor
    V810 FAMILYTM 32-BIT MICROPROCESSOR ARCHITECTURE V805TM V810TM V820TM V821TM Document No. U10082EJ1V0UM00 (1st edition) Date Published October 1995P © 11995 Printed in Japan NOTES FOR CMOS DEVICES 1 PRECAUTION AGAINST ESD FOR SEMICONDUCTORS Note: Strong electric field, when exposed to a MOS device, can cause destruction of the gate oxide and ultimately degrade the device operation. Steps must be taken to stop generation of static electricity as much as possible, and quickly dissipate it once it has occurred. Environmental control must be adequate. When it is dry, humidifier should be used. It is recommended to avoid using insulators that easily build static electricity. Semiconductor devices must be stored and transported in an anti- static container, static shielding bag or conductive material. All test and measurement tools including work bench and floor should be grounded. The operator should be grounded using wrist strap. Semiconductor devices must not be touched with bare hands. Similar precautions need to be taken for PW boards with semiconductor devices on it. 2 HANDLING OF UNUSED INPUT PINS FOR CMOS Note: No connection for CMOS device inputs can be cause of malfunction. If no connection is provided to the input pins, it is possible that an internal input level may be generated due to noise, etc., hence causing malfunction. CMOS devices behave differently than Bipolar or NMOS devices. Input levels of CMOS devices must be fixed high or low by using a pull-up or pull-down circuitry. Each unused pin should be connected to VDD or GND with a resistor, if it is considered to have a possibility of being an output pin.
    [Show full text]
  • Register Allocation Deconstructed
    Register Allocation Deconstructed David Ryan Koes Seth Copen Goldstein Carnegie Mellon University Carnegie Mellon University Pittsburgh, PA Pittsburgh, PA [email protected] [email protected] Abstract assignment. The coalescing component of register allocation Register allocation is a fundamental part of any optimiz- attempts to eliminate existing move instructions by allocat- ing compiler. Effectively managing the limited register re- ing the operands of the move instruction to identical loca- sources of the constrained architectures commonly found in tions. The spilling component attempts to minimize the im- embedded systems is essential in order to maximize code pact of accessing variables in memory. The move insertion quality. In this paper we deconstruct the register allocation component attempts to insert move instructions, splitting the problem into distinct components: coalescing, spilling, move live ranges of variables, with the goal of achieving a net im- insertion, and assignment. Using an optimal register alloca- provement in code quality by improving the results of the tion framework, we empirically evaluate the importance of other components. The assignment component assigns those each of the components, the impact of component integra- program variables that aren’t in memory to specific hard- tion, and the effectiveness of existing heuristics. We evalu- ware registers. Existing register allocators take different ap- ate code quality both in terms of code performance and code proaches in solving these various components. For example, size and consider four distinct instruction set architectures: the central focus of a graph-coloring based register allocator ARM, Thumb, x86, and x86-64. The results of our investiga- is to solve the assignment problem, while the spilling and tion reveal general principles for register allocation design.
    [Show full text]
  • Using and Porting the GNU Compiler Collection
    Using and Porting the GNU Compiler Collection Richard M. Stallman Last updated 28 July 1999 for gcc-2.95 Copyright c 1988, 1989, 1992, 1993, 1994, 1995, 1996, 1998, 1999 Free Software Foundation, Inc. For GCC Version 2.95 Published by the Free Software Foundation 59 Temple Place - Suite 330 Boston, MA 02111-1307, USA Last printed April, 1998. Printed copies are available for $50 each. ISBN 1-882114-37-X Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this manual under the conditions for verbatim copying, provided also that the sections entitled \GNU General Public License" and \Funding for Free Software" are included exactly as in the original, and provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this manual into another lan- guage, under the above conditions for modified versions, except that the sections entitled \GNU General Public License" and \Funding for Free Software", and this permission no- tice, may be included in translations approved by the Free Software Foundation instead of in the original English. Chapter 1: Compile C, C++, Objective C, or Fortran 1 1 Compile C, C++, Objective C, or Fortran The C, C++, and Objective C, and Fortran versions of the compiler are integrated; this is why we use the name \GNU Compiler Collection". GCC can compile programs written in C, C++, Objective C, or Fortran.
    [Show full text]
  • IAR Embedded Workbench®
    IAR Embedded Workbench® C-SPY® Debugging Guide for Renesas V850 Microcontroller Family UCSV850-1 UCSV850-1 COPYRIGHT NOTICE Copyright © 1998–2011 IAR Systems AB. No part of this document may be reproduced without the prior written consent of IAR Systems AB. The software described in this document is furnished under a license and may only be used or copied in accordance with the terms of such a license. DISCLAIMER The information in this document is subject to change without notice and does not represent a commitment on any part of IAR Systems. While the information contained herein is assumed to be accurate, IAR Systems assumes no responsibility for any errors or omissions. In no event shall IAR Systems, its employees, its contractors, or the authors of this document be liable for special, direct, indirect, or consequential damage, losses, costs, charges, claims, demands, claim for lost profits, fees, or expenses of any nature or kind. TRADEMARKS IAR Systems, IAR Embedded Workbench, C-SPY, visualSTATE, From Idea To Target, IAR KickStart Kit, IAR PowerPac, IAR YellowSuite, IAR Advanced Development Kit, IAR, and the IAR Systems logotype are trademarks or registered trademarks owned by IAR Systems AB. J-Link is a trademark licensed to IAR Systems AB. Microsoft and Windows are registered trademarks of Microsoft Corporation. Renesas is a registered trademark of Renesas Electronics Corporation. Adobe and Acrobat Reader are registered trademarks of Adobe Systems Incorporated. All other product names are trademarks or registered trademarks of their respective owners. EDITION NOTICE First edition: February 2011 Part number: UCSV850-1 The C-SPY® Debugging Guide for V850 replaces all debugging information in the IAR Embedded Workbench IDE User Guide and the hardware debugger guides for V850.
    [Show full text]
  • V850e/Ms1 , V850e/Ms2
    User’s Manual V850E/MS1TM, V850E/MS2TM 32-Bit Single-Chip Microcontrollers Architecture V850E/MS1: V850E/MS2: µPD703100 µPD703130 µPD703100A µPD703101 µPD703101A µPD703102 µPD703102A µPD70F3102 µPD70F3102A Document No. U12197EJ6V0UM00 (6th edition) Date Published November 2002 N CP(K) 1996 Printed in Japan [MEMO] 2 User’s Manual U12197EJ6V0UM NOTES FOR CMOS DEVICES 1 PRECAUTION AGAINST ESD FOR SEMICONDUCTORS Note: Strong electric field, when exposed to a MOS device, can cause destruction of the gate oxide and ultimately degrade the device operation. Steps must be taken to stop generation of static electricity as much as possible, and quickly dissipate it once, when it has occurred. Environmental control must be adequate. When it is dry, humidifier should be used. It is recommended to avoid using insulators that easily build static electricity. Semiconductor devices must be stored and transported in an anti-static container, static shielding bag or conductive material. All test and measurement tools including work bench and floor should be grounded. The operator should be grounded using wrist strap. Semiconductor devices must not be touched with bare hands. Similar precautions need to be taken for PW boards with semiconductor devices on it. 2 HANDLING OF UNUSED INPUT PINS FOR CMOS Note: No connection for CMOS device inputs can be cause of malfunction. If no connection is provided to the input pins, it is possible that an internal input level may be generated due to noise, etc., hence causing malfunction. CMOS devices behave differently than Bipolar or NMOS devices. Input levels of CMOS devices must be fixed high or low by using a pull-up or pull-down circuitry.
    [Show full text]
  • Microprocessor Feasibility Study and Preliminary Design for an Artillery Fire Control Application
    MICROPROCESSOR FEASIBILITY STUDY AND PRELIMINARY DESIGN FOR AN ARTILLERY FIRE CONTROL APPLICATION By DAVID ERNEST WEST H Bachelor of Science in Electrical Engineering University of Oklahoma Norman, Oklahoma 1974 Submitted to the Faculty of the Graduate College of the Oklahoma State University in partial fulfillment of the requirements for the Degree of MASTER OF SCIENCE May, 1976 -r\"e s \·s l Of7(p .w5tlm c..op,~ ! . , . ' O r,L..-,HO N.A STATE UNIVERSITY U8RARY AUG :.!6 1976 MICROPROCESSOR FEASIBILITY STUDY AND PRELIMINARY DESIGN FOR AN ARTILLERY FIRE CONTROL APPLICATION Thesis Approved: Thesis Adviser Dean of the Graduate College 9476'i9 ii PREFACE A project is underway at Oklahoma State University to develop an artillery fire control system. A preliminary study has been concluded which demonstrated the feasibility of the proposed system approach by computer simulations. This is a similar preliminary study as to the feasibility of using a microprocessor as the basis of the hardware im­ plementation as an alternative to completely discrete components. I wish to express my thanks to Dr. Edward Shreve, my thesis adviser, for his valuable guidance. Also, I would like to thank the remaining committee members, Professor Craig S. Sims and Dr. McCollom, for their assistance in the preparation of the final manuscript. Finally, I would like to express my gratitude to Mrs. Janice Cronch for her excellent typing of the many drafts and the final copy. iii TABLE OF CONTENTS Chapter Page I. INTRODUCTION . 1 1.1 Background .... 1 1.2 System Description 1 1.3 Objectives .... 5 1.4 Analysis Procedure 6 II.
    [Show full text]
  • Undocumented X86 Instructions to Control the CPU at the Microarchitecture Level
    UNDOCUMENTED X86 INSTRUCTIONS TO CONTROL THE CPU AT THE MICROARCHITECTURE LEVEL IN MODERN INTEL PROCESSORS Mark Ermolov Dmitry Sklyarov Positive Technologies Positive Technologies [email protected] [email protected] Maxim Goryachy independent researcher [email protected] July 7, 2021 ABSTRACT At the beginning of 2020, we discovered the Red Unlock technique that allows extracting microcode (ucode) and targeting Intel Atom CPUs. Using the technique we were able to research the internal structure of the microcode and then x86 instructions implementation. We found two undocumented x86 instructions which are intendent to control the microarhitecture for debug purposes. In this paper we are going to introduce these instructions and explain the conditions under which they can be used on public-available platforms. We believe, this is a unique opportunity for third-party researchers to better understand the x86 architecture. Disclamer. All information is provided for educational purposes only. Follow these instructions at your own risk. Neither the authors nor their employer are responsible for any direct or consequential damage or loss arising from any person or organization acting or failing to act on the basis of information contained in this paper. Keywords Intel · Microcode · Undocumented · x86 1 Introduction The existence of undocumented mechanisms in the internals of modern CPUs has always been a concern for information security researchers and ordinary users. Assuming that such mechanisms do exist, the main worry is that
    [Show full text]
  • PIC32 Family Reference Manual
    Section 2. CPU for Devices with M4K® Core HIGHLIGHTS This section of the manual contains the following topics: 2 CPU for Devices 2.1 Introduction................................................................................................................2-2 with M4K 2.2 Architecture Overview ............................................................................................... 2-3 2.3 PIC32 CPU Details .................................................................................................... 2-6 2.4 Special Considerations When Writing to CP0 Registers ......................................... 2-11 2.5 Architecture Release 2 Details ................................................................................ 2-12 ® Core 2.6 Split CPU bus .......................................................................................................... 2-12 2.7 Internal System Busses........................................................................................... 2-13 2.8 Set/Clear/Invert........................................................................................................ 2-13 2.9 ALU Status Bits........................................................................................................ 2-14 2.10 Interrupt and Exception Mechanism ........................................................................ 2-14 2.11 Programming Model ................................................................................................ 2-14 2.12 Coprocessor 0 (CP0) Registers..............................................................................
    [Show full text]