Eventually he realized that Kaye was using self-modifying code to process elements of an array, and had coded the loop in such a way as to take advantage of an overflow. Adding 1 to the address field of an instruction that referred to address x normally just changed the address to x+1. But when x was already the highest possible address, not only did the address wrap around to 0, but a 1 was carried into the bits from which the opcode would be read—in this case changing the opcode to "jump to" so that the full instruction became "jump to address 0".
Very reminisce of the 6502 "issue" of jumping with an address on a page boundary.
Per Wikipedia:
the processor will not jump to the address stored in xxFF and xxFF+1 as expected, but rather the one defined by xxFF and xx00 (for example, JMP ($10FF) would jump to the address stored in 10FF and 1000, instead of the one stored in 10FF and 1100). This defect continued through the entire NMOS line, but was corrected in the CMOS derivatives.
Eventually he realized that Kaye was using self-modifying code to process elements of an array, and had coded the loop in such a way as to take advantage of an overflow. Adding 1 to the address field of an instruction that referred to address x normally just changed the address to x+1. But when x was already the highest possible address, not only did the address wrap around to 0, but a 1 was carried into the bits from which the opcode would be read—in this case changing the opcode to "jump to" so that the full instruction became "jump to address 0".
— https://en.wikipedia.org/wiki/The_Story_of_Mel