8086 microcode disassembled #VintageComputing

The Intel 8086 and it’s cousin the 8088 launched the PC revolution in the early 1980s. The Reenigne blog has posted work on decoding teh 8086 microcode – the encoded instructions within the chip itself that make the processor do all the programmed tasks.

I realised that, as part of his 8086 reverse-engineering series, Ken Shirriff had posted online a high resolution photograph of the 8086 die with the metal layer removed. This was something I have been looking for for some time, in order to extract and disassemble the 8086 microcode. I had previously found very high resolution photos of the die with the metal layer intact, but only half of the bits of the microcode ROM were readable. Ken also posted a high resolution photograph of the microcode ROM of the 8088, which is very similar but not identical. I was very curious to know what the differences were.

My resulting disassembly of the microcode ROM can be found here and the code for my disassembler is on github.

Some takeaways:

• The CPU has 60 instructions, and they’re in a fairly logical sort of order.
• The 8086 and 8088 differ in the interrupt handling code.
• There is no microcode for the segment override prefixes (CS:, SS:, DS: and ES:). Nor for the other prefixes (REP, REPNE and LOCK), nor the instructions CLC, STC, CLI, STI, CLD, STD, CMC, and HLT. The “group” opcodes 0xf6, 0xf7, 0xfe and 0xff do not have top level microcode instructions. So none of the instructions with 0xf in the high nybble of the opcode are initially handled by the microcode.
• The microcode appears to be very tightly written

See more in the analysis here.

Image Credit: Wikipedia CCA-SA 4.0 Thomas Nguyen