SANTA CLARA, Calif. -- Intel Corp. plans to make a high-profile public announcement next month that it has developed technology to quickly fix bugs that crop up in its microprocessors without having to recall the chips, EE Times has learned.

"It's a piece of hidden technology in the processor, which enables the chip to be patched after it's been shipped," said a semiconductor expert who requested anonymity.

Intel declined to provide details on its bug-busting feature, though a company official said: "We're going to make it a big deal. The technology exists and we've been refining it over the past few months, finalizing some of the open-ended issues."

Intel's intention to spotlight the feature--;which has in fact been present in some form in a number of Intel CPUs for several years--;appears aimed at addressing several burning issues embroiling the microprocessor-design community.

For one, though Intel regularly releases copious lists of bugs found by its own engineers, glitches uncovered by hackers have taken on a life of their own. The infamous Pentium FDIV floating-point division bug, first reported by EE Times in November of 1994, led to a public-relations disaster for Intel that resulted in its first-ever chip recall and a charge against earnings of $475 million. Last month, Intel was buffeted by the disclosure on the Internet of a Pentium II glitch, known as the "Dan-0411 flag erratum".

More ominously, a semiconductor verification crisis looms, as integrated-circuit transistor counts are expected to top 50 million within two years. Many industry experts believe the tools to ensure that such designs are free of flaws don't exist now and won't exist for years to come.

Against such a backdrop, any technology that offers a quick and painless way of squashing bugs could provide an edge.

"If Intel had talked about this last month, they could have turned the 'Dan-0411' disaster into a public-relations boon," said the chip expert.

The feature, which is implemented on Intel's Pentium processors with MMX, Pentium II processors and on the Pentium Pro CPU, has been buried under the obscure moniker "BIOS Update Feature." Indeed, the capability isn't widely known even within the tight-knit community of microprocessor- and systems-software experts.

"The way it works is, you'd run a program at boot time, which would be incorporated into the BIOS and it would actually patch the microcode," the semiconductor expert said.

(BIOS, or Basic Input/Output System, is firmware that executes upon start-up. Microcode is the most elementary form of machine instruction, controlling actual operation of the CPU. Patching or revising microcode is the most desirable way to fix a bug, since expensive hardware "mask" changes aren't required.)

However, experts familiar with the BIOS Update Feature said there may be a large class of potential problems it can't fix.

"You have to be dealing with bugs that involve a microcoded instruction," said the source who requested anonymity. "Something that involves the use of fixed, physical silicon resources can't be corrected by updating the BIOS."

In a paradox of microprocessor design, CPUs sometimes become less amenable to such updates as they become more complex, due to the tradeoff between performance and flexibility. Microcode is the most flexible way to implement instruction primitives in a CPU, but it doesn't provide the fastest performance. For maximum speed, designers have to hardwire an instruction. That's why, in Intel's new MMX-capable processors, "many instructions microcoded in earlier X86 processors are now hardwired for increased performance," according to Intel documentation. Glitches that arise in hardwired instructions, however, can't be corrected by BIOS updates.

Nevertheless, the semiconductor expert believes that the "Dan-0411" bug could be fixed by the BIOS Update Feature. Moreover, he said the FDIV flaw could have been corrected if the Pentium chips of the time had been equipped with the BIOS update capability.

In terms of technology, the BIOS Update Feature appears intended to allow the correction of microprocessor glitches while ensuring that Intel maintains maximum control of proprietary technological information.

"Each BIOS Update is tailored for a particular stepping of [a] processor," according to Intel technical documentation obtained by EE Times. "The data within the update is encrypted by Intel and is designed such that it is rejected by any stepping of the processor other than its intended recipient. The encryption scheme also guards against tampering of the update data and provides a means for determining the authenticity of any given BIOS update."

The heart of BIOS Update is a block of data precisely 2,048 bytes in length. Of that block, 2,000 bytes are the actual update; the remainder is header and checksum information. The update gets loaded into the processor by an "update loader," which BIOS vendors are required to include in the firmware they provide for use with Intel's CPUs.

In practical usage, if a bug amenable to the procedure cropped up, Intel would issue a revised BIOS, which could be downloaded from its Web site by OEMs and customers. A field fix would be performed by uploading the revised BIOS into the flash BIOS on the motherboard.

As for the specific functions performed by the encrypted, 2,048-byte data block, Intel's documentation remains vague. Nevertheless, knowledgeable sources report that the data block is mapped directly--;or, more precisely, after decryption--;to the microcode itself. That is, the decrypted data block contains specific microinstructions. The microinstructions, which are the lowest-level primitives within a microprocessor, control the specific actions--;opening and closing of gates--;and the sequence of actions that make up an instruction.

Microinstructions are typically written when a chip is first designed. The instructions are dozens of bits wide, with each bit controlling a different, minute function on the vast expanse of the CPU die. For these reasons, microcoding is an obscure art with few practitioners.

Nevertheless, apart from keeping a lid on trade secrets, there are no technical reasons that microcode has to be concealed from the end-user, which has apparently been done with Intel's CPUs. If savvy programmers had access to the instructions, they would be able to better analyze chip operation and squeeze performance improvements out of their software--;particularly routines that spend much of their time repeating a few, tightly structured operations.

Theoretically, advanced hackers could create a "home-brewed" BIOS, which would soup-up a Pentium much like an automobile enthusiast extracts extra horsepower by "chipping" his car's computer.

In practical terms, however, creating a home-brew BIOS update is nearly impossible. For one, Intel hasn't revealed the encryption method it is using to formulate the BIOS Update data blocks. For another, the BIOS Update Feature is closely intertwined with the model-specific registers (MSRs) contained in Pentium CPUs.

The MSRs provide a window into a vast array of hidden microprocessor features. They include a set of performance-monitoring registers that tally data on 40 aspects of chip operation, including cache hit rates, memory accesses and processor pipeline operation--;information that can be crucial for developers attempting to optimize their systems or applications software.

The MSRs also play a key role during the installation of the BIOS Update data block, particularly in regard to the validation function through which the chip decides whether to accept the update.

Until a hacker reverse-engineered the function of MSRs and posted that information on the Internet in mid-1995, their operation remained a mystery. Only selected developers under tight nondisclosure restrictions from Intel were granted access to "Appendix H," the closely held document which detailed the MSRs. (Following the hacker's posting, Intel made Appendix H public.)

In the wake of the Appendix H release, Intel watchers said the Pentium BIOS features to be disclosed by Intel constituted the greatest remaining challenge to their reverse-engineering skills.

Free Subscription to EE Times First Name Last Name Company Name Title Email address   Click here for your Free Subscription to EETimes Europe