What did the 8086 (and 8088) do upon encountering an illegal instruction?Use of undocumented opcodesWhat is the instruction set of the PDP-7?What conventions and language extensions did people use to program the 8086 and 80286?Why did the PDP-11 include a JMP instruction?What was the IBM PC cost saving for using the 8088 vs 8086?Did the Intel 8086/8088 not guarantee the value of SS:SP immediately after RESET?8086 pinout and address space limitHow to keep the instruction prefetcher filled upWhat instructions for the 8086 and subsequent x86 CPUs are not available in Long Mode?How did the 8086 interface with the 8087 FPU coprocessor?Will the circuit work normally if different chip speeds (eg 8088-2 and 8255-1)
Is Newton's third law really correct?
How to modify a string without altering its text properties
In Street Fighter, what does the M stand for in M Bison?
I found a password with hashcat but it doesn't work
Need help understanding the double sharp turn in Chopin's prelude in e minor
What is the maximum that Player 1 can win?
How can I ping multiple IP addresses at the same time?
How can I prevent a user from copying files on another hard drive?
How is the idea of "girlfriend material" naturally expressed in Russian?
Why there is a red color in right side?
How much steel armor can you wear and still be able to swim?
In a list with unique pairs A, B, how can I sort them so that the last B is the first A in the next pair?
What mathematical theory is required for high frequency trading?
Umlaut character order when sorting
What does it cost to buy a tavern?
Can I apply for a working holiday visa at age 30 and get the full 12 months?
What does this Swiss black on yellow rectangular traffic sign with a symbol looking like a dart mean?
What is the most suitable position for a bishop here?
Am I legally required to provide a (GPL licensed) source code even after a project is abandoned?
Why things float in space, though there is always gravity of our star is present
Story of a Witch Boy
What is the highest power supply a Raspberry pi 3 B can handle without getting damaged?
Synaptic Static - when to roll the d6?
King or Queen-Which piece is which?
What did the 8086 (and 8088) do upon encountering an illegal instruction?
Use of undocumented opcodesWhat is the instruction set of the PDP-7?What conventions and language extensions did people use to program the 8086 and 80286?Why did the PDP-11 include a JMP instruction?What was the IBM PC cost saving for using the 8088 vs 8086?Did the Intel 8086/8088 not guarantee the value of SS:SP immediately after RESET?8086 pinout and address space limitHow to keep the instruction prefetcher filled upWhat instructions for the 8086 and subsequent x86 CPUs are not available in Long Mode?How did the 8086 interface with the 8087 FPU coprocessor?Will the circuit work normally if different chip speeds (eg 8088-2 and 8255-1)
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
Preface: This question does in part intersect with Use of undocumented opcodes, but targets especially the 8086 instruction handling.
I was reading Tanenbaum's "Operating Systems, Design and Implementation" 3rd edition (The MINIX Book), where I encountered the following quote that surprised me:
For instance, the 8086 and 8088 processors do not support detection of illegal instruction operation codes, but this capability is available on the 286 and above, which trap on an attempt to execute an illegal opcode.
What did the 8086 and 8088 do when it an encountered an illegal instruction?
instruction-set 8086 8088
New contributor
|
show 5 more comments
Preface: This question does in part intersect with Use of undocumented opcodes, but targets especially the 8086 instruction handling.
I was reading Tanenbaum's "Operating Systems, Design and Implementation" 3rd edition (The MINIX Book), where I encountered the following quote that surprised me:
For instance, the 8086 and 8088 processors do not support detection of illegal instruction operation codes, but this capability is available on the 286 and above, which trap on an attempt to execute an illegal opcode.
What did the 8086 and 8088 do when it an encountered an illegal instruction?
instruction-set 8086 8088
New contributor
2
@StephenKitt I'd err on the side of not closing it if the questions themselves aren't identical; it's possible that there are answers to this one that wouldn't be answers to the others, and I know for sure that the other way around also applies.
– wizzwizz4♦
Jun 11 at 17:31
2
@wizzwizz4 I guess that’s something we haven’t decided yet as a community. Most SEs seem to take the approach that a question is a dupe if the dupe target’s answers provide an answer to the question (in its entirety), even if the questions aren’t identical; this corresponds to the introductory text in the yellow frame on duplicates, “This question already has an answer here:”. In this case, the question is fully answered by the target’s answers. The target itself wouldn’t be marked as a dupe so the lack of a bijection doesn’t matter.
– Stephen Kitt
Jun 11 at 17:42
2
@wizzwizz4 Basically, if I were to copy-paste my answer to the target question here, then IMO that would be a perfectly valid answer here too. In my mind that means either my answer is inappropriate for the target question, or this question is a dupe.
– Stephen Kitt
Jun 11 at 17:44
@wizzwizz4 If you prefer I can copy-paste my answer here, but it seems a bit of a waste.
– Stephen Kitt
Jun 11 at 17:44
1
@Raffzahn yes, I agree, I retracted my vote a couple of days ago.
– Stephen Kitt
yesterday
|
show 5 more comments
Preface: This question does in part intersect with Use of undocumented opcodes, but targets especially the 8086 instruction handling.
I was reading Tanenbaum's "Operating Systems, Design and Implementation" 3rd edition (The MINIX Book), where I encountered the following quote that surprised me:
For instance, the 8086 and 8088 processors do not support detection of illegal instruction operation codes, but this capability is available on the 286 and above, which trap on an attempt to execute an illegal opcode.
What did the 8086 and 8088 do when it an encountered an illegal instruction?
instruction-set 8086 8088
New contributor
Preface: This question does in part intersect with Use of undocumented opcodes, but targets especially the 8086 instruction handling.
I was reading Tanenbaum's "Operating Systems, Design and Implementation" 3rd edition (The MINIX Book), where I encountered the following quote that surprised me:
For instance, the 8086 and 8088 processors do not support detection of illegal instruction operation codes, but this capability is available on the 286 and above, which trap on an attempt to execute an illegal opcode.
What did the 8086 and 8088 do when it an encountered an illegal instruction?
instruction-set 8086 8088
instruction-set 8086 8088
New contributor
New contributor
edited yesterday
Raffzahn
60.7k6148249
60.7k6148249
New contributor
asked Jun 10 at 17:02
Joe DJoe D
33625
33625
New contributor
New contributor
2
@StephenKitt I'd err on the side of not closing it if the questions themselves aren't identical; it's possible that there are answers to this one that wouldn't be answers to the others, and I know for sure that the other way around also applies.
– wizzwizz4♦
Jun 11 at 17:31
2
@wizzwizz4 I guess that’s something we haven’t decided yet as a community. Most SEs seem to take the approach that a question is a dupe if the dupe target’s answers provide an answer to the question (in its entirety), even if the questions aren’t identical; this corresponds to the introductory text in the yellow frame on duplicates, “This question already has an answer here:”. In this case, the question is fully answered by the target’s answers. The target itself wouldn’t be marked as a dupe so the lack of a bijection doesn’t matter.
– Stephen Kitt
Jun 11 at 17:42
2
@wizzwizz4 Basically, if I were to copy-paste my answer to the target question here, then IMO that would be a perfectly valid answer here too. In my mind that means either my answer is inappropriate for the target question, or this question is a dupe.
– Stephen Kitt
Jun 11 at 17:44
@wizzwizz4 If you prefer I can copy-paste my answer here, but it seems a bit of a waste.
– Stephen Kitt
Jun 11 at 17:44
1
@Raffzahn yes, I agree, I retracted my vote a couple of days ago.
– Stephen Kitt
yesterday
|
show 5 more comments
2
@StephenKitt I'd err on the side of not closing it if the questions themselves aren't identical; it's possible that there are answers to this one that wouldn't be answers to the others, and I know for sure that the other way around also applies.
– wizzwizz4♦
Jun 11 at 17:31
2
@wizzwizz4 I guess that’s something we haven’t decided yet as a community. Most SEs seem to take the approach that a question is a dupe if the dupe target’s answers provide an answer to the question (in its entirety), even if the questions aren’t identical; this corresponds to the introductory text in the yellow frame on duplicates, “This question already has an answer here:”. In this case, the question is fully answered by the target’s answers. The target itself wouldn’t be marked as a dupe so the lack of a bijection doesn’t matter.
– Stephen Kitt
Jun 11 at 17:42
2
@wizzwizz4 Basically, if I were to copy-paste my answer to the target question here, then IMO that would be a perfectly valid answer here too. In my mind that means either my answer is inappropriate for the target question, or this question is a dupe.
– Stephen Kitt
Jun 11 at 17:44
@wizzwizz4 If you prefer I can copy-paste my answer here, but it seems a bit of a waste.
– Stephen Kitt
Jun 11 at 17:44
1
@Raffzahn yes, I agree, I retracted my vote a couple of days ago.
– Stephen Kitt
yesterday
2
2
@StephenKitt I'd err on the side of not closing it if the questions themselves aren't identical; it's possible that there are answers to this one that wouldn't be answers to the others, and I know for sure that the other way around also applies.
– wizzwizz4♦
Jun 11 at 17:31
@StephenKitt I'd err on the side of not closing it if the questions themselves aren't identical; it's possible that there are answers to this one that wouldn't be answers to the others, and I know for sure that the other way around also applies.
– wizzwizz4♦
Jun 11 at 17:31
2
2
@wizzwizz4 I guess that’s something we haven’t decided yet as a community. Most SEs seem to take the approach that a question is a dupe if the dupe target’s answers provide an answer to the question (in its entirety), even if the questions aren’t identical; this corresponds to the introductory text in the yellow frame on duplicates, “This question already has an answer here:”. In this case, the question is fully answered by the target’s answers. The target itself wouldn’t be marked as a dupe so the lack of a bijection doesn’t matter.
– Stephen Kitt
Jun 11 at 17:42
@wizzwizz4 I guess that’s something we haven’t decided yet as a community. Most SEs seem to take the approach that a question is a dupe if the dupe target’s answers provide an answer to the question (in its entirety), even if the questions aren’t identical; this corresponds to the introductory text in the yellow frame on duplicates, “This question already has an answer here:”. In this case, the question is fully answered by the target’s answers. The target itself wouldn’t be marked as a dupe so the lack of a bijection doesn’t matter.
– Stephen Kitt
Jun 11 at 17:42
2
2
@wizzwizz4 Basically, if I were to copy-paste my answer to the target question here, then IMO that would be a perfectly valid answer here too. In my mind that means either my answer is inappropriate for the target question, or this question is a dupe.
– Stephen Kitt
Jun 11 at 17:44
@wizzwizz4 Basically, if I were to copy-paste my answer to the target question here, then IMO that would be a perfectly valid answer here too. In my mind that means either my answer is inappropriate for the target question, or this question is a dupe.
– Stephen Kitt
Jun 11 at 17:44
@wizzwizz4 If you prefer I can copy-paste my answer here, but it seems a bit of a waste.
– Stephen Kitt
Jun 11 at 17:44
@wizzwizz4 If you prefer I can copy-paste my answer here, but it seems a bit of a waste.
– Stephen Kitt
Jun 11 at 17:44
1
1
@Raffzahn yes, I agree, I retracted my vote a couple of days ago.
– Stephen Kitt
yesterday
@Raffzahn yes, I agree, I retracted my vote a couple of days ago.
– Stephen Kitt
yesterday
|
show 5 more comments
4 Answers
4
active
oldest
votes
Illegal opcodes were just instructions that hadn't been fully defined by the chip designers – a little like Undefined Behaviour in C, but much more predictable. Many people called these "undocumented instructions", because they functioned just like ordinary instructions, on the particular versions of the particular chips on which they are found. There was no special handling to prevent these instructions from executing.
Most of them were just NOP
s (either because they weren't wired up to anything or because they did stuff like writing a register to itself) or duplicates of other instructions (because the instruction decoder ignored some bits when it didn't need to pay attention to them), but some of them were more interesting.
For instance, SALC
, which does:
if (carry flag set)
AL = 0xFF;
else
AL = 0x00;
This can be used as a translation layer between C code and certain assembly returning conventions. It is equivalent to SBB AL, AL
, except that it does not clobber flags.
For more information, see:
Stephen Kitt's answer to Use of undocumented opcodes.
supercat's answer to Use of undocumented opcodes, which has a good explanation of where they come from.- A related question on Stack Overflow
add a comment |
It might be better to think about it this way:
On the 80186 and above, a new thing was defined called an "illegal instruction", and this new thing came with a new behavior -- a #UD
exception that was generated when one was encountered. Before the 80186/80286, there was no such thing as an illegal instruction, just undocumented ones.
Your question then becomes, "what did the 8086 and 8088 do when encountering undocumented instructions" and the answer is simply that the behavior was undocumented. Some of them appeared to do nothing (i.e. they produced the same apparent result as a NOP instruction), while others did odd things, or simply the same thing as another opcode.
Here's a WayBack link that may shed more light on the situation:
http://web.archive.org/web/20190321200321/http://www.os2museum.com/wp/undocumented-8086-opcodes-part-i/
2
I found that "POP CS" is useless kinda funny. I used it. It can be used to perform a long jmp instruction. It's most useful when moving your code's base. At the end of the base move you would do "POP CS" to jump to the next instruction in your code in the new location.
– Joshua
Jun 12 at 17:37
@Joshua The "pop cs" idiom was common in many dos viruses, for the reason you give.
– Hasse1987
Jun 13 at 23:17
add a comment |
To understand this, you need a general idea of how processors work at the raw hardware level (or at least how they worked before the concept of microcode was developed).
Basically, as the processor would read the bytes of a single assembler language instruction, those bytes would be fed as an input to a network of logic gates called the instruction decoder; this network was designed to produce as output the signals to enable or disable various internal components of the processor according to what the instruction was supposed to do, so that the processor ends up doing the required operation.
As a result, if you viewed the instructions of older, simpler processors as bit patterns, you might notice certain groupings; for example, if the top three bits of the instructions would be set so, you might know that it must be a jump instruction of some type; other patterns might identify other general types of instructions.
The design team for a new processor architecture would develop a reasonable set of instructions, the various networks of logic gates to implement them, and the instruction decoder to manage them all. Back when the 8086 and 8088 processors were designed, it was not yet economically viable to add extra logic to the instruction decoder to exclude any "undocumented instructions", so any bit pattern fed into the instruction decoder would do something, but only the documented instructions would be guaranteed to exist and work the same also in the future members of the same processor family.
Sometimes the undocumented instructions actually ended up doing something useful, but relying on them was risky, as it might mean any program using a particular undocumented instructions might only run successfully that particular processor model. On a newer model, the previously undocumented instructions might actually been used for some new functionality, or they might have become completely useless as a result of a redesign of the instruction decoder.
With 80186 or above, using a number of logic gates to trap the undocumented instructions was economically feasible, and it became a compatibility feature: a program might prefer to use a new instruction available in newer processors only, but could provide a routine to emulate that instruction in software within an "illegal instruction" trap handler.
Those patterns in the instruction encoding are very obvious in MIPS, for example, which was designed so the bits of the instruction encoding could be used fairly directly as internal control signals. And it only has a few instruction formats (3-register ALU, or I-type with a 16-bit immediate, or J-type for unconditional jumps). It's word-oriented not byte-oriented. But basically all ISAs with fixed-width instructions have some opcode bits and some register-number bits in consistent locations across many instructions.
– Peter Cordes
Jun 14 at 4:02
For more about x86 opcode patterns, see Are x86 opcodes arbitrary? Also, 3-bit groups come up in some, so octal is apparently helpful.
– Peter Cordes
Jun 14 at 4:04
add a comment |
Based on the other answers, the proper answer is: they do whatever the instructions bits tell them too.
Since apparently they aren't validated, they always do something, even if that something is nothing.
Same as trying to turn on a lamp on an illuminated room- you won't notice it is there and it is on.
New contributor
1
You could ask your question as a new question — as it is, your answer is likely to be flagged as “not an answer” ;-).
– Stephen Kitt
Jun 12 at 15:12
1
It knows its length the same way it "knows" what the instruction does: the wiring causes it to increment the instruction register by however much it needs to.
– wizzwizz4♦
Jun 12 at 16:41
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "648"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Joe D is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fretrocomputing.stackexchange.com%2fquestions%2f11327%2fwhat-did-the-8086-and-8088-do-upon-encountering-an-illegal-instruction%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
Illegal opcodes were just instructions that hadn't been fully defined by the chip designers – a little like Undefined Behaviour in C, but much more predictable. Many people called these "undocumented instructions", because they functioned just like ordinary instructions, on the particular versions of the particular chips on which they are found. There was no special handling to prevent these instructions from executing.
Most of them were just NOP
s (either because they weren't wired up to anything or because they did stuff like writing a register to itself) or duplicates of other instructions (because the instruction decoder ignored some bits when it didn't need to pay attention to them), but some of them were more interesting.
For instance, SALC
, which does:
if (carry flag set)
AL = 0xFF;
else
AL = 0x00;
This can be used as a translation layer between C code and certain assembly returning conventions. It is equivalent to SBB AL, AL
, except that it does not clobber flags.
For more information, see:
Stephen Kitt's answer to Use of undocumented opcodes.
supercat's answer to Use of undocumented opcodes, which has a good explanation of where they come from.- A related question on Stack Overflow
add a comment |
Illegal opcodes were just instructions that hadn't been fully defined by the chip designers – a little like Undefined Behaviour in C, but much more predictable. Many people called these "undocumented instructions", because they functioned just like ordinary instructions, on the particular versions of the particular chips on which they are found. There was no special handling to prevent these instructions from executing.
Most of them were just NOP
s (either because they weren't wired up to anything or because they did stuff like writing a register to itself) or duplicates of other instructions (because the instruction decoder ignored some bits when it didn't need to pay attention to them), but some of them were more interesting.
For instance, SALC
, which does:
if (carry flag set)
AL = 0xFF;
else
AL = 0x00;
This can be used as a translation layer between C code and certain assembly returning conventions. It is equivalent to SBB AL, AL
, except that it does not clobber flags.
For more information, see:
Stephen Kitt's answer to Use of undocumented opcodes.
supercat's answer to Use of undocumented opcodes, which has a good explanation of where they come from.- A related question on Stack Overflow
add a comment |
Illegal opcodes were just instructions that hadn't been fully defined by the chip designers – a little like Undefined Behaviour in C, but much more predictable. Many people called these "undocumented instructions", because they functioned just like ordinary instructions, on the particular versions of the particular chips on which they are found. There was no special handling to prevent these instructions from executing.
Most of them were just NOP
s (either because they weren't wired up to anything or because they did stuff like writing a register to itself) or duplicates of other instructions (because the instruction decoder ignored some bits when it didn't need to pay attention to them), but some of them were more interesting.
For instance, SALC
, which does:
if (carry flag set)
AL = 0xFF;
else
AL = 0x00;
This can be used as a translation layer between C code and certain assembly returning conventions. It is equivalent to SBB AL, AL
, except that it does not clobber flags.
For more information, see:
Stephen Kitt's answer to Use of undocumented opcodes.
supercat's answer to Use of undocumented opcodes, which has a good explanation of where they come from.- A related question on Stack Overflow
Illegal opcodes were just instructions that hadn't been fully defined by the chip designers – a little like Undefined Behaviour in C, but much more predictable. Many people called these "undocumented instructions", because they functioned just like ordinary instructions, on the particular versions of the particular chips on which they are found. There was no special handling to prevent these instructions from executing.
Most of them were just NOP
s (either because they weren't wired up to anything or because they did stuff like writing a register to itself) or duplicates of other instructions (because the instruction decoder ignored some bits when it didn't need to pay attention to them), but some of them were more interesting.
For instance, SALC
, which does:
if (carry flag set)
AL = 0xFF;
else
AL = 0x00;
This can be used as a translation layer between C code and certain assembly returning conventions. It is equivalent to SBB AL, AL
, except that it does not clobber flags.
For more information, see:
Stephen Kitt's answer to Use of undocumented opcodes.
supercat's answer to Use of undocumented opcodes, which has a good explanation of where they come from.- A related question on Stack Overflow
edited Jun 11 at 1:39
Cody Gray
1,149521
1,149521
answered Jun 10 at 17:44
wizzwizz4♦wizzwizz4
9,340645111
9,340645111
add a comment |
add a comment |
It might be better to think about it this way:
On the 80186 and above, a new thing was defined called an "illegal instruction", and this new thing came with a new behavior -- a #UD
exception that was generated when one was encountered. Before the 80186/80286, there was no such thing as an illegal instruction, just undocumented ones.
Your question then becomes, "what did the 8086 and 8088 do when encountering undocumented instructions" and the answer is simply that the behavior was undocumented. Some of them appeared to do nothing (i.e. they produced the same apparent result as a NOP instruction), while others did odd things, or simply the same thing as another opcode.
Here's a WayBack link that may shed more light on the situation:
http://web.archive.org/web/20190321200321/http://www.os2museum.com/wp/undocumented-8086-opcodes-part-i/
2
I found that "POP CS" is useless kinda funny. I used it. It can be used to perform a long jmp instruction. It's most useful when moving your code's base. At the end of the base move you would do "POP CS" to jump to the next instruction in your code in the new location.
– Joshua
Jun 12 at 17:37
@Joshua The "pop cs" idiom was common in many dos viruses, for the reason you give.
– Hasse1987
Jun 13 at 23:17
add a comment |
It might be better to think about it this way:
On the 80186 and above, a new thing was defined called an "illegal instruction", and this new thing came with a new behavior -- a #UD
exception that was generated when one was encountered. Before the 80186/80286, there was no such thing as an illegal instruction, just undocumented ones.
Your question then becomes, "what did the 8086 and 8088 do when encountering undocumented instructions" and the answer is simply that the behavior was undocumented. Some of them appeared to do nothing (i.e. they produced the same apparent result as a NOP instruction), while others did odd things, or simply the same thing as another opcode.
Here's a WayBack link that may shed more light on the situation:
http://web.archive.org/web/20190321200321/http://www.os2museum.com/wp/undocumented-8086-opcodes-part-i/
2
I found that "POP CS" is useless kinda funny. I used it. It can be used to perform a long jmp instruction. It's most useful when moving your code's base. At the end of the base move you would do "POP CS" to jump to the next instruction in your code in the new location.
– Joshua
Jun 12 at 17:37
@Joshua The "pop cs" idiom was common in many dos viruses, for the reason you give.
– Hasse1987
Jun 13 at 23:17
add a comment |
It might be better to think about it this way:
On the 80186 and above, a new thing was defined called an "illegal instruction", and this new thing came with a new behavior -- a #UD
exception that was generated when one was encountered. Before the 80186/80286, there was no such thing as an illegal instruction, just undocumented ones.
Your question then becomes, "what did the 8086 and 8088 do when encountering undocumented instructions" and the answer is simply that the behavior was undocumented. Some of them appeared to do nothing (i.e. they produced the same apparent result as a NOP instruction), while others did odd things, or simply the same thing as another opcode.
Here's a WayBack link that may shed more light on the situation:
http://web.archive.org/web/20190321200321/http://www.os2museum.com/wp/undocumented-8086-opcodes-part-i/
It might be better to think about it this way:
On the 80186 and above, a new thing was defined called an "illegal instruction", and this new thing came with a new behavior -- a #UD
exception that was generated when one was encountered. Before the 80186/80286, there was no such thing as an illegal instruction, just undocumented ones.
Your question then becomes, "what did the 8086 and 8088 do when encountering undocumented instructions" and the answer is simply that the behavior was undocumented. Some of them appeared to do nothing (i.e. they produced the same apparent result as a NOP instruction), while others did odd things, or simply the same thing as another opcode.
Here's a WayBack link that may shed more light on the situation:
http://web.archive.org/web/20190321200321/http://www.os2museum.com/wp/undocumented-8086-opcodes-part-i/
edited Jun 11 at 17:21
Peter Cordes
1,321713
1,321713
answered Jun 10 at 17:49
Ken GoberKen Gober
8,72112643
8,72112643
2
I found that "POP CS" is useless kinda funny. I used it. It can be used to perform a long jmp instruction. It's most useful when moving your code's base. At the end of the base move you would do "POP CS" to jump to the next instruction in your code in the new location.
– Joshua
Jun 12 at 17:37
@Joshua The "pop cs" idiom was common in many dos viruses, for the reason you give.
– Hasse1987
Jun 13 at 23:17
add a comment |
2
I found that "POP CS" is useless kinda funny. I used it. It can be used to perform a long jmp instruction. It's most useful when moving your code's base. At the end of the base move you would do "POP CS" to jump to the next instruction in your code in the new location.
– Joshua
Jun 12 at 17:37
@Joshua The "pop cs" idiom was common in many dos viruses, for the reason you give.
– Hasse1987
Jun 13 at 23:17
2
2
I found that "POP CS" is useless kinda funny. I used it. It can be used to perform a long jmp instruction. It's most useful when moving your code's base. At the end of the base move you would do "POP CS" to jump to the next instruction in your code in the new location.
– Joshua
Jun 12 at 17:37
I found that "POP CS" is useless kinda funny. I used it. It can be used to perform a long jmp instruction. It's most useful when moving your code's base. At the end of the base move you would do "POP CS" to jump to the next instruction in your code in the new location.
– Joshua
Jun 12 at 17:37
@Joshua The "pop cs" idiom was common in many dos viruses, for the reason you give.
– Hasse1987
Jun 13 at 23:17
@Joshua The "pop cs" idiom was common in many dos viruses, for the reason you give.
– Hasse1987
Jun 13 at 23:17
add a comment |
To understand this, you need a general idea of how processors work at the raw hardware level (or at least how they worked before the concept of microcode was developed).
Basically, as the processor would read the bytes of a single assembler language instruction, those bytes would be fed as an input to a network of logic gates called the instruction decoder; this network was designed to produce as output the signals to enable or disable various internal components of the processor according to what the instruction was supposed to do, so that the processor ends up doing the required operation.
As a result, if you viewed the instructions of older, simpler processors as bit patterns, you might notice certain groupings; for example, if the top three bits of the instructions would be set so, you might know that it must be a jump instruction of some type; other patterns might identify other general types of instructions.
The design team for a new processor architecture would develop a reasonable set of instructions, the various networks of logic gates to implement them, and the instruction decoder to manage them all. Back when the 8086 and 8088 processors were designed, it was not yet economically viable to add extra logic to the instruction decoder to exclude any "undocumented instructions", so any bit pattern fed into the instruction decoder would do something, but only the documented instructions would be guaranteed to exist and work the same also in the future members of the same processor family.
Sometimes the undocumented instructions actually ended up doing something useful, but relying on them was risky, as it might mean any program using a particular undocumented instructions might only run successfully that particular processor model. On a newer model, the previously undocumented instructions might actually been used for some new functionality, or they might have become completely useless as a result of a redesign of the instruction decoder.
With 80186 or above, using a number of logic gates to trap the undocumented instructions was economically feasible, and it became a compatibility feature: a program might prefer to use a new instruction available in newer processors only, but could provide a routine to emulate that instruction in software within an "illegal instruction" trap handler.
Those patterns in the instruction encoding are very obvious in MIPS, for example, which was designed so the bits of the instruction encoding could be used fairly directly as internal control signals. And it only has a few instruction formats (3-register ALU, or I-type with a 16-bit immediate, or J-type for unconditional jumps). It's word-oriented not byte-oriented. But basically all ISAs with fixed-width instructions have some opcode bits and some register-number bits in consistent locations across many instructions.
– Peter Cordes
Jun 14 at 4:02
For more about x86 opcode patterns, see Are x86 opcodes arbitrary? Also, 3-bit groups come up in some, so octal is apparently helpful.
– Peter Cordes
Jun 14 at 4:04
add a comment |
To understand this, you need a general idea of how processors work at the raw hardware level (or at least how they worked before the concept of microcode was developed).
Basically, as the processor would read the bytes of a single assembler language instruction, those bytes would be fed as an input to a network of logic gates called the instruction decoder; this network was designed to produce as output the signals to enable or disable various internal components of the processor according to what the instruction was supposed to do, so that the processor ends up doing the required operation.
As a result, if you viewed the instructions of older, simpler processors as bit patterns, you might notice certain groupings; for example, if the top three bits of the instructions would be set so, you might know that it must be a jump instruction of some type; other patterns might identify other general types of instructions.
The design team for a new processor architecture would develop a reasonable set of instructions, the various networks of logic gates to implement them, and the instruction decoder to manage them all. Back when the 8086 and 8088 processors were designed, it was not yet economically viable to add extra logic to the instruction decoder to exclude any "undocumented instructions", so any bit pattern fed into the instruction decoder would do something, but only the documented instructions would be guaranteed to exist and work the same also in the future members of the same processor family.
Sometimes the undocumented instructions actually ended up doing something useful, but relying on them was risky, as it might mean any program using a particular undocumented instructions might only run successfully that particular processor model. On a newer model, the previously undocumented instructions might actually been used for some new functionality, or they might have become completely useless as a result of a redesign of the instruction decoder.
With 80186 or above, using a number of logic gates to trap the undocumented instructions was economically feasible, and it became a compatibility feature: a program might prefer to use a new instruction available in newer processors only, but could provide a routine to emulate that instruction in software within an "illegal instruction" trap handler.
Those patterns in the instruction encoding are very obvious in MIPS, for example, which was designed so the bits of the instruction encoding could be used fairly directly as internal control signals. And it only has a few instruction formats (3-register ALU, or I-type with a 16-bit immediate, or J-type for unconditional jumps). It's word-oriented not byte-oriented. But basically all ISAs with fixed-width instructions have some opcode bits and some register-number bits in consistent locations across many instructions.
– Peter Cordes
Jun 14 at 4:02
For more about x86 opcode patterns, see Are x86 opcodes arbitrary? Also, 3-bit groups come up in some, so octal is apparently helpful.
– Peter Cordes
Jun 14 at 4:04
add a comment |
To understand this, you need a general idea of how processors work at the raw hardware level (or at least how they worked before the concept of microcode was developed).
Basically, as the processor would read the bytes of a single assembler language instruction, those bytes would be fed as an input to a network of logic gates called the instruction decoder; this network was designed to produce as output the signals to enable or disable various internal components of the processor according to what the instruction was supposed to do, so that the processor ends up doing the required operation.
As a result, if you viewed the instructions of older, simpler processors as bit patterns, you might notice certain groupings; for example, if the top three bits of the instructions would be set so, you might know that it must be a jump instruction of some type; other patterns might identify other general types of instructions.
The design team for a new processor architecture would develop a reasonable set of instructions, the various networks of logic gates to implement them, and the instruction decoder to manage them all. Back when the 8086 and 8088 processors were designed, it was not yet economically viable to add extra logic to the instruction decoder to exclude any "undocumented instructions", so any bit pattern fed into the instruction decoder would do something, but only the documented instructions would be guaranteed to exist and work the same also in the future members of the same processor family.
Sometimes the undocumented instructions actually ended up doing something useful, but relying on them was risky, as it might mean any program using a particular undocumented instructions might only run successfully that particular processor model. On a newer model, the previously undocumented instructions might actually been used for some new functionality, or they might have become completely useless as a result of a redesign of the instruction decoder.
With 80186 or above, using a number of logic gates to trap the undocumented instructions was economically feasible, and it became a compatibility feature: a program might prefer to use a new instruction available in newer processors only, but could provide a routine to emulate that instruction in software within an "illegal instruction" trap handler.
To understand this, you need a general idea of how processors work at the raw hardware level (or at least how they worked before the concept of microcode was developed).
Basically, as the processor would read the bytes of a single assembler language instruction, those bytes would be fed as an input to a network of logic gates called the instruction decoder; this network was designed to produce as output the signals to enable or disable various internal components of the processor according to what the instruction was supposed to do, so that the processor ends up doing the required operation.
As a result, if you viewed the instructions of older, simpler processors as bit patterns, you might notice certain groupings; for example, if the top three bits of the instructions would be set so, you might know that it must be a jump instruction of some type; other patterns might identify other general types of instructions.
The design team for a new processor architecture would develop a reasonable set of instructions, the various networks of logic gates to implement them, and the instruction decoder to manage them all. Back when the 8086 and 8088 processors were designed, it was not yet economically viable to add extra logic to the instruction decoder to exclude any "undocumented instructions", so any bit pattern fed into the instruction decoder would do something, but only the documented instructions would be guaranteed to exist and work the same also in the future members of the same processor family.
Sometimes the undocumented instructions actually ended up doing something useful, but relying on them was risky, as it might mean any program using a particular undocumented instructions might only run successfully that particular processor model. On a newer model, the previously undocumented instructions might actually been used for some new functionality, or they might have become completely useless as a result of a redesign of the instruction decoder.
With 80186 or above, using a number of logic gates to trap the undocumented instructions was economically feasible, and it became a compatibility feature: a program might prefer to use a new instruction available in newer processors only, but could provide a routine to emulate that instruction in software within an "illegal instruction" trap handler.
answered Jun 13 at 14:44
telcoMtelcoM
44626
44626
Those patterns in the instruction encoding are very obvious in MIPS, for example, which was designed so the bits of the instruction encoding could be used fairly directly as internal control signals. And it only has a few instruction formats (3-register ALU, or I-type with a 16-bit immediate, or J-type for unconditional jumps). It's word-oriented not byte-oriented. But basically all ISAs with fixed-width instructions have some opcode bits and some register-number bits in consistent locations across many instructions.
– Peter Cordes
Jun 14 at 4:02
For more about x86 opcode patterns, see Are x86 opcodes arbitrary? Also, 3-bit groups come up in some, so octal is apparently helpful.
– Peter Cordes
Jun 14 at 4:04
add a comment |
Those patterns in the instruction encoding are very obvious in MIPS, for example, which was designed so the bits of the instruction encoding could be used fairly directly as internal control signals. And it only has a few instruction formats (3-register ALU, or I-type with a 16-bit immediate, or J-type for unconditional jumps). It's word-oriented not byte-oriented. But basically all ISAs with fixed-width instructions have some opcode bits and some register-number bits in consistent locations across many instructions.
– Peter Cordes
Jun 14 at 4:02
For more about x86 opcode patterns, see Are x86 opcodes arbitrary? Also, 3-bit groups come up in some, so octal is apparently helpful.
– Peter Cordes
Jun 14 at 4:04
Those patterns in the instruction encoding are very obvious in MIPS, for example, which was designed so the bits of the instruction encoding could be used fairly directly as internal control signals. And it only has a few instruction formats (3-register ALU, or I-type with a 16-bit immediate, or J-type for unconditional jumps). It's word-oriented not byte-oriented. But basically all ISAs with fixed-width instructions have some opcode bits and some register-number bits in consistent locations across many instructions.
– Peter Cordes
Jun 14 at 4:02
Those patterns in the instruction encoding are very obvious in MIPS, for example, which was designed so the bits of the instruction encoding could be used fairly directly as internal control signals. And it only has a few instruction formats (3-register ALU, or I-type with a 16-bit immediate, or J-type for unconditional jumps). It's word-oriented not byte-oriented. But basically all ISAs with fixed-width instructions have some opcode bits and some register-number bits in consistent locations across many instructions.
– Peter Cordes
Jun 14 at 4:02
For more about x86 opcode patterns, see Are x86 opcodes arbitrary? Also, 3-bit groups come up in some, so octal is apparently helpful.
– Peter Cordes
Jun 14 at 4:04
For more about x86 opcode patterns, see Are x86 opcodes arbitrary? Also, 3-bit groups come up in some, so octal is apparently helpful.
– Peter Cordes
Jun 14 at 4:04
add a comment |
Based on the other answers, the proper answer is: they do whatever the instructions bits tell them too.
Since apparently they aren't validated, they always do something, even if that something is nothing.
Same as trying to turn on a lamp on an illuminated room- you won't notice it is there and it is on.
New contributor
1
You could ask your question as a new question — as it is, your answer is likely to be flagged as “not an answer” ;-).
– Stephen Kitt
Jun 12 at 15:12
1
It knows its length the same way it "knows" what the instruction does: the wiring causes it to increment the instruction register by however much it needs to.
– wizzwizz4♦
Jun 12 at 16:41
add a comment |
Based on the other answers, the proper answer is: they do whatever the instructions bits tell them too.
Since apparently they aren't validated, they always do something, even if that something is nothing.
Same as trying to turn on a lamp on an illuminated room- you won't notice it is there and it is on.
New contributor
1
You could ask your question as a new question — as it is, your answer is likely to be flagged as “not an answer” ;-).
– Stephen Kitt
Jun 12 at 15:12
1
It knows its length the same way it "knows" what the instruction does: the wiring causes it to increment the instruction register by however much it needs to.
– wizzwizz4♦
Jun 12 at 16:41
add a comment |
Based on the other answers, the proper answer is: they do whatever the instructions bits tell them too.
Since apparently they aren't validated, they always do something, even if that something is nothing.
Same as trying to turn on a lamp on an illuminated room- you won't notice it is there and it is on.
New contributor
Based on the other answers, the proper answer is: they do whatever the instructions bits tell them too.
Since apparently they aren't validated, they always do something, even if that something is nothing.
Same as trying to turn on a lamp on an illuminated room- you won't notice it is there and it is on.
New contributor
edited Jun 12 at 16:06
New contributor
answered Jun 12 at 15:03
pedropedro
11
11
New contributor
New contributor
1
You could ask your question as a new question — as it is, your answer is likely to be flagged as “not an answer” ;-).
– Stephen Kitt
Jun 12 at 15:12
1
It knows its length the same way it "knows" what the instruction does: the wiring causes it to increment the instruction register by however much it needs to.
– wizzwizz4♦
Jun 12 at 16:41
add a comment |
1
You could ask your question as a new question — as it is, your answer is likely to be flagged as “not an answer” ;-).
– Stephen Kitt
Jun 12 at 15:12
1
It knows its length the same way it "knows" what the instruction does: the wiring causes it to increment the instruction register by however much it needs to.
– wizzwizz4♦
Jun 12 at 16:41
1
1
You could ask your question as a new question — as it is, your answer is likely to be flagged as “not an answer” ;-).
– Stephen Kitt
Jun 12 at 15:12
You could ask your question as a new question — as it is, your answer is likely to be flagged as “not an answer” ;-).
– Stephen Kitt
Jun 12 at 15:12
1
1
It knows its length the same way it "knows" what the instruction does: the wiring causes it to increment the instruction register by however much it needs to.
– wizzwizz4♦
Jun 12 at 16:41
It knows its length the same way it "knows" what the instruction does: the wiring causes it to increment the instruction register by however much it needs to.
– wizzwizz4♦
Jun 12 at 16:41
add a comment |
Joe D is a new contributor. Be nice, and check out our Code of Conduct.
Joe D is a new contributor. Be nice, and check out our Code of Conduct.
Joe D is a new contributor. Be nice, and check out our Code of Conduct.
Joe D is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Retrocomputing Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fretrocomputing.stackexchange.com%2fquestions%2f11327%2fwhat-did-the-8086-and-8088-do-upon-encountering-an-illegal-instruction%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
@StephenKitt I'd err on the side of not closing it if the questions themselves aren't identical; it's possible that there are answers to this one that wouldn't be answers to the others, and I know for sure that the other way around also applies.
– wizzwizz4♦
Jun 11 at 17:31
2
@wizzwizz4 I guess that’s something we haven’t decided yet as a community. Most SEs seem to take the approach that a question is a dupe if the dupe target’s answers provide an answer to the question (in its entirety), even if the questions aren’t identical; this corresponds to the introductory text in the yellow frame on duplicates, “This question already has an answer here:”. In this case, the question is fully answered by the target’s answers. The target itself wouldn’t be marked as a dupe so the lack of a bijection doesn’t matter.
– Stephen Kitt
Jun 11 at 17:42
2
@wizzwizz4 Basically, if I were to copy-paste my answer to the target question here, then IMO that would be a perfectly valid answer here too. In my mind that means either my answer is inappropriate for the target question, or this question is a dupe.
– Stephen Kitt
Jun 11 at 17:44
@wizzwizz4 If you prefer I can copy-paste my answer here, but it seems a bit of a waste.
– Stephen Kitt
Jun 11 at 17:44
1
@Raffzahn yes, I agree, I retracted my vote a couple of days ago.
– Stephen Kitt
yesterday