CPU Bugs (2018)

The 8088 processor in the first IBM PC had a bug that gave me some grief.<p>(The code below is likely to have bugs of its own - I wrote it from memory as an illustration of the CPU bug - and thanks to &#x27;tlb&#x27; for catching an error in my first draft. I also left out the question of what data segment the various MOV instructions use for their memory references, as it isn&#x27;t relevant to this CPU bug.)<p>If you needed to work in a different stack from the one you were currently running on, you might do something like this:<p><pre><code> mov saveSP, sp mov sp, mySP ... mov sp, saveSP </code></pre> This saves the original SP (Stack Pointer) register, loads it with your private value, and then restores SP when you are done.<p>Suppose you wanted to switch not only to your own stack <i>pointer</i> but also your own stack <i>segment</i>. With 16-bit registers you could only address 64KB at a time, and you would need to change a segment register to access memory outside that range.<p>So you would save, change, and restore both the SS (Stack Segment) and SP registers:<p><pre><code> mov saveSS, ss mov saveSP, sp mov ss, mySS mov sp, mySP ... mov ss, saveSS mov sp, saveSP </code></pre> Now imagine that an interrupt triggered in between one of the changes to SS and the matching change to SP. The interrupt code would now be running on the <i>new</i> stack segment but the <i>old</i> stack pointer, corrupting memory and crashing.<p>Not to worry! Intel had your back. The documentation promised that after a MOV SS or POP SS, interrupts would automatically be disabled until the next instruction (the matching MOV SP or POP SP) completed.<p>But they kinda forgot to implement that feature. So if you followed the docs, you would have these very rare and intermittent crash bugs.<p>Word got around fairly soon, and the fix was simple enough, disable interrupts yourself around the paired instructions:<p><pre><code> mov saveSS, ss mov saveSP, sp cli mov ss, mySS mov sp, mySP sti ... cli mov ss, saveSS mov sp, saveSP sti </code></pre> This still left you unprotected against NMI (Non-Maskable Interrupt), but by the time most of us built NMI switches for our IBM PC&#x27;s, we&#x27;d also upgraded to newer CPUs with this bug fixed. It was only the earliest 8088s (and perhaps 8086s) that had the bug.

&quot;As someone who worked in an Intel Validation group for SOCs until mid-2014 or so I can tell you, yes, you will see more CPU bugs from Intel than you have in the past from the post-FDIV-bug era until recently.&quot;<p>A most prescient remark in 2014.<p>Here&#x27;s where they are more recently:<p><a href="https:&#x2F;&#x2F;www.zdnet.com&#x2F;article&#x2F;intel-fixed-236-bugs-in-2019-and-only-5-11-bugs-were-cpu-vulnerabilities&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.zdnet.com&#x2F;article&#x2F;intel-fixed-236-bugs-in-2019-a...</a><p><a href="https:&#x2F;&#x2F;www.techradar.com&#x2F;news&#x2F;latest-intel-cpus-have-impossible-to-fix-security-flaw" rel="nofollow">https:&#x2F;&#x2F;www.techradar.com&#x2F;news&#x2F;latest-intel-cpus-have-imposs...</a>

It&#x27;s funny to hear that the bug increases are an effect of Intel trying to compete with ARM SoCs in mobile devices, because the errata those have are <i>much</i> worse --- and indeed a lot of embedded stuff is like that because the general line of thought there is that bugs are worked around in software and there&#x27;s little expectation of being able to run existing code flawlessly, unlike with a PC.