If you do a writeup on the prefetch queue and want some original code for tampering with it, let me know. I did some deep experimentation with it in the 90's, and still have the code archived.
The prefetch queue could be (ab)used in some very interesting and sometimes baffling ways. One of the creations causes a divide by zero if you try to debug it, even if viewing the code doesn't look like it should.
Also, I did some experimenting with shrinking code by replacing INT3h with INT21h (one byte, versus two), which similarly lent itself to anti-debugger effects.
It sounds like you did some very interesting experimentation with the prefetch queue. Realistically, I'm unlikely to investigate the 386 prefetch queue to that level of detail, but if I do, your tests would be useful.
Not at all tired of the 386; an unrelated question comes up tho.
Have you done much on "high power" semiconductors yet?
It occurs to me that we're throwing around amps on ICs now that would've been well past "magic smoke" territory not all that long ago; perhaps you might find some ESC chips or something that demonstrate how this progress is being made?
I've looked at a few higher-power chips, such as the venerable 7805 voltage regulator, but I don't know if that's high-power enough for you :-) There's no high-power secret inside that chip except it uses large transistors.
I was thinking of writing about the self-test circuitry. It doesn't expose things in a JTAG-like way, which came later. The main self-test is that if you boot the chip with the BUSY pin set, it goes through a self-test of all the PLA and microcode entries, accumulating a signature using linear-feedback shift registers. It then XORs with the correct value and writes the result to a register. So the visible result is you see 0 in a register, not too exciting.
There are also self-test instructions to do things such as write entries to the TLB and read entries, to make sure it is operating correctly.
Pass transistor logic doesn't have as robust outputs as the usual complementary circuits because the pass transistors have a diode voltage drop across them (VDD - Vt vs. just VDD). See [this paper](https://ece.uwaterloo.ca/~mhanis/ece637/lecture11.pdf) for more info. The designers must have simulated this circuit to ensure that it meets the required specifications.
I'm always amazed at how people can make out anything without having the individual metal layers present as well to show vertical and horizontal connections in these die photographs.
The 386 has two layers of metal, which makes it an order of magnitude more difficult to reverse engineer. I don't have a good process for removing one layer of metal at a time, so I end up having to puzzle over faint patterns in the metal to determine what is going on.
The two layers of metal also make it much harder to make diagrams that show what is going on in the circuit without turning into a tangle of lines. In this article, I decided not to try, and went straight to schematics.
The sisyphean efforts of chip designers kind of amaze me in the sense that all of this is lurking just beneath the surface of the computing revolution, and will one day be outdated or simply lost for good.
