Illegal opcode#Bop

While most accidental illegal instructions have useless or even highly undesirable effects (such as crashing the device), some can have useful functions in certain situations. Such instructions were sometimes exploited in computer games of the 1970s and 1980s to speed up certain time-critical sections. Another common use was in the ongoing battle between copy protection implementations and cracking. Here, they were a form of security through obscurity, and their secrecy usually did not last very long.

A danger associated with the use of illegal instructions was that, given the fact that the manufacturer does not guarantee their existence and function, they might disappear or behave differently with any change of the CPU internals or any new revision of the CPU, rendering programs that use them incompatible with the newer revisions. For example, a number of older Apple II games did not work correctly on the newer Apple IIc, because the latter used a newer CPU revision{{snd}} 65C02{{snd}} that did away with illegal opcodes.

Later CPUs, such as the 80186, 80286, 68000 and its descendants, do not have illegal opcodes that are widely known/used. Ideally, the CPU will behave in a well-defined way when it finds an unknown opcode in the instruction stream, such as triggering a certain exception or fault condition. The operating system's exception or fault handler will then usually terminate the application that caused the fault, unless the program had previously established its own exception/fault handler, in which case that handler would receive control. Another, less common way of handling illegal instructions is by defining them to do nothing except taking up time and space (equivalent to the CPU's official NOP instruction); this method is used by the TMS9900 and 65C02 processors, among others. {{anchor|Bop}}Alternatively, unknown instructions can be emulated in software (e.g. LOADALL), or even "new" pseudo-instructions can be implemented. Some BIOSes, memory managers, and operating systems take advantage of this, for example, to let V86 tasks communicate with the underlying system, i.e. BOP (from "BIOS Operation") utilized by the Windows NTVDM.

In spite of Intel's guarantee against such instructions, research using techniques such as fuzzing uncovered a vast number of undocumented instructions in x86 processors as late as 2018. Some of these instructions are shared across processor manufacturers, indicating that Intel and AMD are both aware of the instruction and its purpose, despite it not appearing in any official specification. Other instructions are specific to manufacturers or specific product lines. The purpose of the majority of x86 undocumented instructions is unknown.

Today, the details of these instructions are mainly of interest for exact emulation of older systems.

• Don't-care term
• Gadget (machine instruction sequence)
• Halt and Catch Fire (computing)
• Microcode
• Pentium F00F bug
• Synthetic programming
• Trap (computing)
• Undocumented feature

{{Reflist|refs=

{{cite book |title=PDP-10 Reference Handbook: Programming with the PDP-10 Instruction Set |volume=1 |chapter=1.2. Instruction Format |publisher=Digital Equipment Corporation (DEC) |date=1969 |page=1{{hyp}}7 |url=http://bitsavers.org/pdf/dec/pdp10/1970_PDP-10_Ref/1970PDP10Ref_Part1.pdf |access-date=2022-05-13}}

{{cite web |title=Breaking the x86 Instruction Set |author-last=Domas |author-first=Christopher |website=YouTube |date=31 August 2017 |url=https://www.youtube.com/watch?v=KrksBdWcZgQ |archive-url=https://ghostarchive.org/varchive/youtube/20211219/KrksBdWcZgQ |archive-date=2021-12-19 |url-status=live|access-date=2018-01-03}}{{cbignore}}

{{cite web |title=GCR decoding on the fly |author-first=Linus |author-last=Åkesson |date=2013-03-31 |url=https://www.linusakesson.net/programming/gcr-decoding/index.php |access-date=2017-03-21 |url-status=live |archive-url=https://web.archive.org/web/20170321014657/https://www.linusakesson.net/programming/gcr-decoding/index.php |archive-date=2017-03-21}}

{{cite book |author-first1=Andrew |author-last1=Schulman |author-first2=Ralf D. |author-last2=Brown |author-link2=Ralf D. Brown |author-first3=David |author-last3=Maxey |author-first4=Raymond J. |author-last4=Michels |author-first5=Jim |author-last5=Kyle |title=Undocumented DOS: A programmer's guide to reserved MS-DOS functions and data structures - expanded to include MS-DOS 6, Novell DOS and Windows 3.1 |publisher=Addison Wesley |edition=2 |date=1994 |orig-year=November 1993 |isbn=0-201-63287-X |location=Reading, Massachusetts |url=https://archive.org/details/undocumenteddosp00andr_0 }} (xviii+856+vi pages, 3.5-inch floppy) Errata: [https://web.archive.org/web/20190417215556/http://www.cs.cmu.edu/afs/cs/user/ralf/pub/books/UndocumentedDOS/errata.ud2][https://web.archive.org/web/20190417212906/https://www.pcjs.org/pubs/pc/programming/Undocumented_DOS/#errata-2nd-edition]

}}

• {{cite web |title=Extra Instructions Of The 65XX Series CPU |author-first=Adam |author-last=Vardy |date=1996-09-27 |orig-date=1995-08-22 |url=http://www.ffd2.com/fridge/docs/6502-NMOS.extra.opcodes |access-date=2021-11-18 |url-status=live |archive-url=https://web.archive.org/web/20210828044121/http://www.ffd2.com/fridge/docs/6502-NMOS.extra.opcodes |archive-date=2021-08-28}} (NB. Illegal opcodes on the 6502.)
• {{cite web |title=How MOS 6502 Illegal Opcodes really work |author-first=Michael |author-last=Steil |date=2008-07-29 |work=pagetable.com - Some Assembly Required |url=https://www.pagetable.com/?p=39 |access-date=2021-11-18 |url-status=live |archive-url=https://web.archive.org/web/20211119214351/https://www.pagetable.com/?p=39 |archive-date=2021-11-19}}
• {{cite web |title=Z80 Documentation: The Undocumented Z80 Documented |author-first=Sean |author-last=Young |date=2005-09-18 |orig-date=1997 |version=0.91 |url=http://www.myquest.nl/z80undocumented/ |access-date=2021-11-18 |url-status=live |archive-url=https://web.archive.org/web/20211009124645/http://www.myquest.nl/z80undocumented/ |archive-date=2021-10-09}} (NB. Illegal opcodes on the Z80.)
• {{cite web |editor-first=Ralf D. |editor-last=Brown |editor-link=Ralf D. Brown |url=https://www.cs.cmu.edu/~ralf/files.html |title=The x86 Interrupt List |edition=61 |date=2002-12-29 |orig-year=2000-07-17, 1985 |access-date=2011-10-14 |url-status=live |archive-url=https://web.archive.org/web/20170822194456/https://www.cs.cmu.edu/~ralf/files.html |archive-date=2017-08-22}} [https://web.archive.org/web/20170902120414/https://www.cs.cmu.edu/~ralf/interrupt-list/inter61a.zip][https://web.archive.org/web/20170902120420/https://www.cs.cmu.edu/~ralf/interrupt-list/inter61b.zip][https://web.archive.org/web/20170902120435/https://www.cs.cmu.edu/~ralf/interrupt-list/inter61c.zip][https://web.archive.org/web/20170902120447/https://www.cs.cmu.edu/~ralf/interrupt-list/inter61d.zip][https://web.archive.org/web/20170902120500/https://www.cs.cmu.edu/~ralf/interrupt-list/inter61e.zip][https://web.archive.org/web/20170902120507/https://www.cs.cmu.edu/~ralf/interrupt-list/inter61f.zip][https://web.archive.org/web/20170902120844/https://www.cs.cmu.edu/~ralf/interrupt-list/faq.lst] (NB. Ralf Brown's Interrupt List's also contains some information about undocumented processor opcodes and processor bugs: OPCODES.LST by Alex V. Potemkin and 86BUGS.LST by Harald Feldmann.)

• [https://www.sandpile.org/ Christian Ludloff's site sandpile.org also contains info on undocumented opcodes]

Category:Machine code