Reverse-Engineering The Conditional Jump Circuitry In The 8086 Processor

The condition PLA evaluates microcode conditionals.
The condition PLA evaluates microcode conditionals.

As simple as a processor’s instruction set may seem, especially in a 1978-era one like the Intel 8086, there is quite a bit going on to go from something like a conditional jump instruction to a set of operations that the processor can perform. For the CISC 8086 CPU this is detailed in a recent article by [Ken Shirriff], which covers exactly how the instructions with their parameters are broken down into micro-instructions using microcode, which allows the appropriate registers and flags to be updated.

Where the 8086 is interesting compared to modern x86 CPUs is how the microcode is implemented, using gate logic to reduce the complexity of the microcode by for example generic parameter testing when processing a jump instruction. Considering the limitations of 1970s VLSI manufacturing, this was very much a necessary step, and an acceptable trade-off.

Each jump instruction is broken down into a number of micro-instructions that test a range of flags and updates (temporary) registers as well as the program counter as needed. All in all a fascinating look at the efforts put in by Intel engineers over forty years ago on what would become one of the cornerstones of modern day computing.

Inside Globus, A Soviet-Era Analog Space Computer

Whenever [Ken Shirriff] posts something, it ends up being a fascinating read. Usually it’s a piece of computer history, decapped and laid bare under his microscope where it undergoes reverse engineering and analysis to a degree that should be hard to follow, but he still somehow manages to make it understandable. And the same goes for this incredible Soviet analog flight computer, even though there’s barely any silicon inside.

The artifact in question was officially designated the “Индикатор Навигационный Космический,” which roughly translates to “space navigation indicator.” It mercifully earned the nickname “Globus” at some point, understandable given the prominent mechanized globe the device features. Globus wasn’t actually linked to any kind of inertial navigation inputs, but rather was intended to provide cosmonauts with a visual indication of where their spacecraft was relative to the surface of the Earth. As such it depended on inputs from the cosmonauts, like an initial position and orbital altitude. From there, a complicated and absolutely gorgeous gear train featuring multiple differential gears advanced the globe, showing where the spacecraft currently was.

Those of you hoping for a complete teardown will be disappointed; the device, which bears evidence of coming from the time of the Apollo-Soyuz collaboration in 1975, is far too precious to be taken to bits, and certainly looks like it would put up a fight trying to get it back together. But [Ken] still manages to go into great depth, and reveals many of its secrets. Cool features include the geopolitically fixed orbital inclination; the ability to predict a landing point from a deorbit burn, also tinged with Cold War considerations; and the instrument’s limitations, like only supporting circular orbits, which prompted cosmonauts to call for its removal. But versions of Globus nonetheless appeared in pretty much everything the Soviets flew from 1961 to 2002. Talk about staying power!

Sure, the “glass cockpit” of modern space vehicles is more serviceable, but just for aesthetics alone, we think every crewed spacecraft should sport something like Globus. [Ken] did a great job reverse-engineering this, and we really appreciate the tour. And from the sound of it, [Curious Marc] had a hand in the effort, so maybe we’ll get a video too. Fingers crossed.

Thanks to [saintaardvark] for the tip.

Take A Deep Dive Into A Commodity Automotive Radar Chip

When the automobile industry really began to take off in the 1930s, radar was barely in its infancy, and there was no reason to think something that complicated would ever make its way into the typical car. Yet here we stand less than 100 years later, and radar has been perfected and streamlined so much that an entire radar set can be built on a single chip, and commodity radar modules can be sprinkled all around the average vehicle.

Looking inside these modules is always fascinating, especially when your tour guide is [Shahriar Shahramian] of The Signal Path, as it is for this deep dive into an Infineon 24-GHz automotive radar module. The interesting bit here is the BGT24LTR11 Doppler radar ASIC that Infineon uses in the module, because, well, there’s really not much else on the board. The degree of integration is astonishing here, and [Shahriar]’s walk-through of the datasheet is excellent, as always.

Things get interesting once he gets the module under the microscope and into the X-ray machine, but really interesting once the RF ASIC is uncapped, at the 15:18 mark. The die shots of the silicon germanium chip are impressively clear, and the analysis of all the main circuit blocks — voltage-controlled oscillator, power amps, mixer,  LNAs — is clear and understandable. For our money, though, the best part is the look at the VCO circuit, which appears to use a bank of fuses to tune the tank inductor and keep the radar within a tight 250-Mz bandwidth, for regulatory reasons. We’d love to know more about the process used in the factory to do that bit.

This isn’t [Shahriar]’s first foray into automotive radar, of course — he looked at a 77-GHz FMCW car radar a while back. That one was bizarrely complicated, though, so there’s something more approachable about a commodity product like this.

Continue reading “Take A Deep Dive Into A Commodity Automotive Radar Chip”

It’s Not Easy Counting Transistors In The 8086 Processor

For any given processor it’s generally easy to find a statistic on the number of transistors used to construct it, with the famous Intel 8086 CPU generally said to contain 29,000 transistors. This is where [Ken Shirriff] ran into an issue when he sat down one day and started counting individual transistors in die shots of this processor. To his dismay, he came to a total of 19,618, meaning that 9,382 transistors are somehow unaccounted for. What is going on here?

The first point here is that the given number includes so-called ‘potential transistors’. Within a section of read-only memory (ROM), a ‘0’ would be a missing transistor, but depending on the programming of the mask ROM (e.g. for microcode as with a CISC x86 CPU), there can  be a transistor there. When adding up the potential but vacant transistor locations in ROM and PLA (programmable logic array) sections, the final count came to 29,277 potential transistors. This is much closer to the no doubt nicely rounded number of 29,000 that is generally used.

[Ken] also notes that further complications here are features such as driver transistors that are commonly found near bond wire pads. In order to increase the current that can be provided or sunk by a pad, multiple transistors can be grouped together to form a singular driver as in the above image. Meanwhile yet other transistors are used as (input protection) diodes or even resistors. All of which makes the transistor count along with the process node used useful primarily as indication for the physical size and complexity of a processor.

Is It A Game? Or A Calculator?

If you are a certain age, you probably remember the Mattel Football game. No LCD screen or fancy cartridges. Just some LEDs and a way to play football when you should be in class. While these might seem primitive to today’s kids, they were marvels of technology in the 1970s when they came out. [Sean Riddle] looks, well, not exactly at the games, but more like in them. As it turns out, they used chips derived from those made for calculators.

[Sean’s] post is a glimpse into this world of over four decades past. Football was actually the second electronic game from Mattel. The first one was Auto Race. There were also games called Space Alert, Baseball, and Gravity. Inside each are quad in-line packages with 42 pins, a Rockwell logo, and a custom part number.

Continue reading “Is It A Game? Or A Calculator?”

Showing the same thumbdrive plugged into the same USB-C port in two different orientations, enumerating as two different USB ports

Dirty USB-C Tricks: One Port For The Price Of Two

[RichardG] has noticed a weird discrepancy – his Ryzen mainboard ought to have had fourteen USB3 ports, but somehow, only exposed thirteen of them. Unlike other mainboards in this lineup, it also happens to have a USB-C port among these thirteen ports. These two things wouldn’t be related in any way, would they? Turns out, they are, and [RichardG] shows us a dirty USB-C trick that manufacturers pull on us for an unknown reason.

On a USB-C port using USB3, the USB3 TX and RX signals have to be routed to two different pin groups, depending on the plugged-in cable orientation. In a proper design, you would have a multiplexer chip detecting cable orientation, and routing the pins to one or the other. Turns out, quite a few manufacturers are choosing to wire up two separate ports to the USB-C connector instead.

In the extensive writeup on this problem, [Richard] explains how the USB-C port ought to be wired, how it’s wired instead, shows telltale signs of such a trick, and how to check if a USB-C port on your PC is miswired in the same way. He also ponders on whether this is compliant with the USB-C specification, but can’t quite find an answer. There’s a surprising amount of products and adapters doing this exact thing, too, all of them desktop PC accessories – perhaps, you bought a device with such a USB-C port and don’t know it.

As a conclusion, he debates making an adapter to break the stolen USB3 port out. This wouldn’t be the first time we’re cheated when it comes to USB ports – the USB2 devices with blue connectors come to mind.

Reverse Engineering Saves Weller With A Wonky LCD From The Trash Pile

There’s nothing more satisfying than finding a broken piece of gear in the trash and bringing it back to life. Satisfying, but also potentially more time-consuming — someone tossed it for a reason, after all. Figuring out what that reason is and finding a way to back it better is where the fun — and the peril — are.

Luckily, some pieces of equipment have a relatively short list of well-known failure modes, a fact that [Lauri Pirttiaho] relied on for this fix of an old Weller WD1 soldering station. The unit, sporting the familiar light blue Weller livery and more than a few scratches and dings, had an LCD that was DOA. Typically it’s the driver that’s the problem here, but [Lauri]’s diagnosis revealed it was the LCD module itself that was bad.

With OEM replacements being basically unobtainium at this point, the fix was to intercept the data heading from the driver to the old LCD and send it to a new, easily sourced 16×2 character LCD display. This began with an inspection of the display controller’s datasheet, and a bit of probing of the old display to find out which segments and backplanes map to which pins. A little bit of case modding allowed the new display to fit, the old controller chip was removed, and a PIC16 went into its place, in a tidy nest of Kapton tape and bodge wires. The PIC does the job of translating the original display, which had a fair number of custom icons and symbols, into sensible text-based equivalents and sending them to the 16×2 via I2C. The video below shows the hack in action; it honestly looks like it could have come from the factory like that.

The nice thing here is that [Lauri]’s fix applies to a whole range of Weller stations, so if you find one in the trash, you might be able to resuscitate it. Failing that, you could always roll your own Weller from (more-or-less) scratch.

Continue reading “Reverse Engineering Saves Weller With A Wonky LCD From The Trash Pile”