Just a few years after the CDC 6600 arrived at Livermore, a small group of programmers, connived to learn the real scheduling algorithm of the timesharing system running on that machine. This was contrary to informal policies but certainly not contrary to formal security policies involving national defense. The 6600 was an admirably simple machine to define and the manual was short and clear. It ran a timesharing system, which I had helped design. One evening (when real work got done) the machine was down and they were reading the manual. They noticed that after an interrupt due to a load instructions whose effective address exceeded the bounds register, that the loaded register got the contents of the illegal address nonetheless. The load proceeds to completion and the machine state available to the interrupt code includes the illegally loaded data as if it were the legitimate contents of the X register—data from memory possibly allocated to another program. Upon resumption the interrupted program found the purloined value still in the X register, just as the illegal load command had commanded. The machine was an early RISC design and might have completed several instructions following the load including a branch, all before the interrupt.

The program had stuck its hand in the illegal cookie jar, had its hand slapped, but retained the cookie.

Few machines had been built where such address checking was available. Later systems have tended to specify that an illegal load instruction is suppressed and causes no side effects, even to the target register. That is the behavior evidently assumed, perhaps unconsciously, by the programmers of the 6600 interrupt routine who saved the process state, as usual, so as to restore that state upon resumption of the program, perhaps after acquiring more storage.

The hole was used to examine and decompile the scheduler. It was not as specified.

The 6600’s at Livermore, at least, were modified to load 0 for illegal addresses.