On Thu, Oct 31, 2024 at 9:35 AM Donald Whittemore via cctalk
<cctalk(a)classiccmp.org> wrote:
If I remember right I was told back in the early 70s
by our IBM CE that physical damage could be done to our model 30 or 40 if we ran a program
that did an Assembler instruction, B * For those non-Assembler people that is an
instruction to branch to the location of the instruction.
Tangentially related: The classic stack-based HP 3000 has an XEQ
instruction to treat a word on the stack as an instruction. It was
commonly used to generate a customized EXIT instruction at the end of
a function. Pretty much every use case was "XEQ 0" meaning take the
word from the top of the stack and execute it, but you could also do
XEQ 1-7 specifying how far down the stack from the top your
instruction word was. On our Series 40 sometime in the 80s I
discovered that if you put an "XEQ n" at n words down the stack, where
n was 4-7, the microcode would go into a loop that not even the HALT
button on the front panel could interrupt and you would have to
power-cycle the CPU to recover (this was an unprivileged operation
too).
The CPU kept the top four words of the stack in registers, so I guess
when the target instruction was outside that range it took a different
path through the microcode having to fetch it over and over from
memory.
Fortunately nobody ever used this for evil purposes because it would
have been very hard to identify what was going on since you could not
get a memory dump.