simh & hardware - pdp-11 psw in supervisor mode?

I have a low-level pdp-11 question... I'm confused about writing to the PSW on cpu's which support user & supervisor mode. My read of the docs is that in user mode you should not be able to write the "mode" bits of the PSW. (or, perhaps more accurately, you should not be able to *clear* any mode bits from user space) I have a little diagnostic which doesn't work as I though it should under simh and I thought I'd ask what others think... Basically, simh allows code running in "user mode" to write the PSW even when (I claim) it should not. I have not tried this on a real 11/44 or 11/34 yet, but I can/will. Should simh allow this? In the test blow the "clr @#PSW" is successful when run on simh and I think it should basically be a nop... (which begs another question - should it be a nop? or a exception?) A side question might be "the psw is not protected from writes, except by using the mmu" - is this true on all models? or just some? The 11/40 manual implies that it *is* protected. But 11/73 docs seem to say the opposite and imply using the mmu. diagnostic follows: .TITLE test17 .ASECT PSW=177776 ;processor status word .=34 .word 200 .word 0007 .=200 mov #200, r5 ;we should be in kernel mode here rti .=500 clr @#PSW ;kernel mode mov #500,sp ;sp=500 in kernel mode mov #140000,@#PSW ;user mode mov #700,sp ;sp=700 in user mode trap 377 ;should move us to kernel mode nop clr @#PSW ;back to kernel mode nop halt