Halt and Catch Fire (computing)


In computer engineering, Halt and Catch Fire, known by the assembly mnemonic HCF, is an idiom referring to a computer machine code instruction that causes the computer's central processing unit to cease meaningful operation, typically requiring a restart of the computer. It originally referred to a fictitious instruction in IBM System/360 computers, making a joke about its numerous non-obvious instruction mnemonics.
With the advent of the MC6800, a design flaw was discovered by the programmers. Due to incomplete opcode decoding, two illegal opcodes, 0x9D and 0xDD, will cause the program counter on the processor to increment endlessly, which locks the processor until reset. Those codes have been unofficially named HCF. During the design process of MC6802, engineers originally planned to remove this instruction, but kept it as-is for testing purposes. As a result, HCF was officially recognized as a real instruction. Later, HCF became a humorous catch-all term for instructions that may freeze a processor, including intentional instructions for testing purposes, and unintentional illegal instructions. Some are considered hardware defects, and if the system is shared, a malicious user can execute it to launch a denial-of-service attack.
In the case of real instructions, the implication of this expression is that, whereas in most cases in which a CPU executes an unintended instruction the computer may still be able to recover, in the case of an HCF instruction there is, by definition, no way for the system to recover without a restart.
The expression "catch fire" is a facetious exaggeration of the speed with which the CPU chip would be switching some bus circuits, causing them to overheat and burn.

Etymology

l stories connect this term with an illegal opcode in IBM System/360. A processor, upon encountering the instruction, would start switching bus lines very fast, potentially leading to overheating.

Assembly language mnemonics

In a computer's assembly language, mnemonics are used that are directly equivalent to machine code instructions. The mnemonics are frequently three letters long, such as ADD, CMP, and JMP. The HCF instruction was originally a fictitious assembly language instruction, said to be under development at IBM for use in their System/360 computers, along with many other amusing three-letter acronyms like XPR and CAI, and similar to other joke mnemonics such as "SDI" for "Self Destruct Immediately" and "CRN" for Convert to Roman Numerals. A list of such mnemonics, including HCF, shows up as "Overextended Mnemonics" in the April 1980 Creative Computing flip-side parody issue.
The IBM System/360 already included numerous non-obvious mnemonics like ZAP, EDMK, TRT, and Read Backward, and programmers began creating similarly cryptic, but fictitious, instructions in a humorous vein.
In a 1990 USENET discussion, it was claimed that HCF dated back to before 1977.
In Rick Cook's science fiction/fantasy novel, The Wizardry Compiled, about programmers transported to a universe where magic could be programmed, one of them refers to the command as HMCF, for "Halt, Melt and Catch Fire".
In TIS-100, a puzzle video game made by Zachtronics Industries, there's a hidden opcode called HCF that restarts the whole game.

In modern CPUs

CPU designers sometimes incorporate one or more undocumented machine code instructions for testing purposes, such as the IBM System/360 DIAGnose instruction. These instructions are not intended to be executed during normal operation of the CPU; when they are actually executed by a program during normal operation, they can have unusual side-effects. The "Halt and Catch Fire" instruction and mnemonic are sometimes appropriated by users who discover these instructions as a humorous way of expressing that the unintended execution of such an instruction causes the system to fail to perform its normal functions.

Motorola 6800

The Motorola 6800 microprocessor was the first for which an undocumented assembly mnemonic HCF became widely known. The operation codes —hexadecimal 9D and DD, and were reported and given the unofficial mnemonic HCF in an article written by Gerry Wheeler in the December 1977 issue of BYTE magazine on undocumented opcodes. Wheeler noted that Motorola reported 197 valid operation codes for the M6800 processor, and so inferred that with 256 possible 8 bit combinations, there must be 59 "invalid instructions". He goes on to describe the HCF as a "big surprise", and saying of the Catch Fire portion of the moniker, "Well, almost":
The process is reviewed by David Agans, thus:
That is, either opcode made the processor enter a mode, continuously performing memory read cycles from successive addresses with no intervening instruction fetches. Hence, the address bus effectively became a counter, allowing the operation of all address lines to be quickly verified. Once the processor entered this mode, it was not responsive to interrupts, so normal operation could only be restored by a reset. These references were thus to the unresponsive behavior of the CPU in this state, and not to any form of erratic behavior.
The mnemonic HCF is believed to be the first built-in self-test feature on a Motorola microprocessor.

Intel x86

The Intel 8086 and subsequent processors in the x86 series had an HLT instruction, opcode F4, which stopped instruction execution and placed the processor in a HALT state. An enabled interrupt, a debug exception, the BINIT signal, the INIT signal, or the RESET signal resumed execution, which meant the processor could always be restarted. Some of the early Intel DX4 chips had a problem with the HLT instruction and could not be restarted after this instruction was used, which disabled the computer and turned HLT into more of an HCF instruction. The Linux kernel added a "no-hlt" option telling Linux to run an infinite loop instead of using HLT, which allowed users of these broken chips to use Linux.
The 80286 has the undocumented opcode 0F 04, causing the CPU to hang when executed. The only way out is CPU reset.
In some implementations, the opcode was emulated through BIOS as a halting sequence.
Many computers in the Intel Pentium line could be locked up by executing an invalid instruction, which caused the computer to lock up. This became known as the Pentium F00F bug. No compiler would create the instruction, but a malicious programmer could insert it into code to render an afflicted computer inoperable until the machine was power-cycled. Since its discovery, workarounds have been developed to prevent it from locking the computer, and the bug has been eliminated in subsequent Intel processors.
During Black Hat USA 2017, Christopher Domas showed that he has found a new currently unknown "Halt and Catch Fire" instruction on a particular x86 processor model using his own x86 processor fuzzer called sandsifter., the affected instruction, processor and manufacturer have not yet been revealed due to responsible disclosure guidelines.

Other CPUs

The MOS Technology 6502 has 12 invalid instructions which will freeze the CPU.
On the Zilog Z80, executing DI followed by HALT results in the CPU staying frozen indefinitely, waiting for an interrupt that cannot happen. The similar processor found in the Game Boy, the LR35902, contained a partial fix allowing it to recover from one HALT, but it would become frozen with three consecutive HALTs with interrupts disabled. The LR35902 itself contains no less than 11 opcodes that fully lock the CPU when executed.
The Z80 also supports a non-maskable interrupt. The /NMI signal is on Pin 17 of the original 40 pin DIP package. Since a non-maskable interrupt will regain control of the CPU even after executing the instruction sequence DI / HALT, that pair does not represent a true HCF. It will only result in a HCF condition if either the /NMI pin is connected directly to the +5V rail, making the generation of that signal impossible, or if the interrupt routine that services /NMI ends with a return, placing it back in the HALT state.