On Thu, Oct 31, 2024 at 9:35 AM Donald Whittemore via cctalk <cctalk@classiccmp.org> wrote: > If I remember right I was told back in the early 70s by our IBM CE that > physical damage could be done to our model 30 or 40 if we ran a program that > did an Assembler instruction, B * For those non-Assembler people that is > an instruction to branch to the location of the instruction.
Tangentially related: The classic stack-based HP 3000 has an XEQ instruction to treat a word on the stack as an instruction. It was commonly used to generate a customized EXIT instruction at the end of a function. Pretty much every use case was "XEQ 0" meaning take the word from the top of the stack and execute it, but you could also do XEQ 1-7 specifying how far down the stack from the top your instruction word was. On our Series 40 sometime in the 80s I discovered that if you put an "XEQ n" at n words down the stack, where n was 4-7, the microcode would go into a loop that not even the HALT button on the front panel could interrupt and you would have to power-cycle the CPU to recover (this was an unprivileged operation too). The CPU kept the top four words of the stack in registers, so I guess when the target instruction was outside that range it took a different path through the microcode having to fetch it over and over from memory. Fortunately nobody ever used this for evil purposes because it would have been very hard to identify what was going on since you could not get a memory dump.
