December 92 - KON & BAL'S PUZZLE PAGE
KON & BAL'S PUZZLE PAGE
A MICRO BUG
KONSTANTIN OTHMER AND BRUCE LEAK
![[IMAGE 134-137_Puzzle_Page_rev1.GIF]](134-137_puzzle_page_rev1.gif)
KONSTANTIN OTHMER AND BRUCE LEAKSee if you can solve this programming puzzle, presented in the form of a dialog
between Konstantin Othmer (KON) and Bruce Leak (BAL). The dialog gives clues
to help you. Try to guess this one before BAL does. To figure out your score, see
"Scoring" at the end.
KON Have you heard of Spaceward Ho!?
BAL Yeah, it's that awesome conquer-the-galaxy game from Delta Tao. That game has done
more to hurt productivity around here than pinball.
KON After they released it, they got several calls complaining about a crash. They tried to
reproduce the crash but couldn't.
BAL They don't have that SADE MultiFinder installed, do they?
KON Very funny.
BAL How is their configuration different from the configuration of customers with the problem?
KON Everyone who complained had a 4-meg IIsi, ci, or fx. And the Delta Tao folks tested those
configurations.
BAL Hmmm. How does it crash? Can you get into MacsBug?
KON That's part of the problem, the customers who have the crash aren't programmers and don't
have MacsBug. The crash is with an Error 01, a bus error.
BAL Well, find one of the machines it crashes on, install MacsBug, and see what's wrong. How
hard can it be?
KON So you fly to Bismarck, North Dakota, and install MacsBug, and it doesn't crash anymore.
Pretty hard, I guess.
BAL Hmmm. Just MacsBug? Are there any INITs running?
KON The machine has only MacsBug, nothing else.
BAL And you never set a breakpoint, or an A-trap break, or anything?
KON Nope.
BAL Do you have a FirstTime macro?
KON Nope.
BAL So how could MacsBug be interfering?
KON I can't help you there. It's your puzzle.
BAL Well, MacsBug initializes some low-memory values and rearranges things above BufPtr. Is
the app doing anything funny that might depend on some low mems?
KON The app follows every programming convention dictated by Inside Macintosh and the
Developer Support Center. They even follow every human interface guideline and . . .
BAL Yeah, yeah, yeah. Impossible. So MacsBug is installed, but it's never invoked.
KON Yep.
BAL What's the app doing when it crashes?
KON It's in the middle of a bunch of calculations -- you know, how many ships got destroyed in
battle, how fast planets' populations are growing, what the computer players are doing, that
kind of thing.
BAL Well, MacsBug causes the app to launch in a different place.
KON OK.
BAL MacsBug loads above BufPtr, so everything else loads lower. Maybe the app reads past the
end of its heap. When MacsBug is in, it's lower in the heap, so the app reads somewhere in
MacsBug territory. When MacsBug is out, the app reads past the end of RAM and causes a
bus error.
KON Nice theory. But how do you verify that that's the problem without MacsBug?
BAL Launch another app first.
KON Then the Ho! will load even lower in memory. It won't crash.
BAL Use MicroBug.
KON You mean that thing that comes up when you push the NMI switch and MacsBug isn't
installed? Where is that documented?
BAL I don't know. It can't be too hard to figure it out, though.
KON Well, the only command I know is G for "Go." What else will it let me do?
BAL You can look at memory and registers, you can set the PC, and you can even exit to the
shell. Let's try a Total Display, TD. MicroBug responds with this:
000C30 0000 0000 0074 0000 FFFF 0100 0000 00C4
000C40 0000 FFFF 0000 0000 00AD E5D7 0074 0000
000C50 006E B2D0 0074 0A80 006E 9EB8 0057 0308
000C60 0000 0000 0074 0BAC 006E 49F8 006E 49E0
000C70 000A D96A 2014 0000 0000 0000 0000 0000
000C80 0000 0000 5444 0020 0020 0020 0020 0020
KON It looks like it's dumping memory from C30.
BAL Yeah, from SysEqu.a we see that C30 is SEVarBase. The system exception vars go up to
CBF. I guess that's where the exception vectors dump the processor state when an exception
occurs.
KON Since the system sets up the SEVars, they're set up on any exception regardless of the
debugging environment. Using MacsBug, we can figure out that the first two lines are
registers D0-D7, the next two lines are
A0-A7, then the PC, then the status register, then what?
BAL I don't know, but at C84, it looks like what we typed: TD.
KON You could read a book written in ASCII!
BAL Let's try something else, maybe it can do math. Let's try DM PC-10.
KON It works.
BAL Yeah. In addition to the PC, it knows registers as RA0 or RD0 (but you set registers with a
line like D0 = 5, not RD0 = 5). You can set memory using SM.
KON Anyway, back to the Ho!
BAL So in the Ho! I can look at the PC and the registers and figure out that it's looking past the
end of memory.
KON You can't do an IL or an IP, so you can't prove that bogus values in a register are causing
the bus error.
BAL I go into MacsBug on my PowerBook and disassemble the code with the DH command.
KON How do you find the problem code in the source?
BAL I pattern-match using the Find command on the PowerBook. Once I find the problem in
MacsBug on the PowerBook, I'm golden.
KON Right! Here's the scoop: One of their pointers got messed up and they were reading off the
end of their heap. The value they read had only a minor impact on the calculations, so no
one noticed the problem. When MacsBug was in, they were reading in MacsBug's code
space, which is a valid address and didn't cause a bus error. The reason it was reported on 4-
meg IIsi's, ci's, and fx's is that only '030 or '040 machines that have the ci-class ROM cause
bus errors when reading a valid RAM address that doesn't have RAM installed.
BAL And reading off the end of RAM on an 8-meg machine in 24-bit addressing mode just reads
the ROM, which is valid.
KON Instead of this MicroBug detour, you could just write a flag value on the screen from various
interesting places in the source. The flag value when you crash tells you where you were
last.
BAL Yeah, but that's been done before. And it doesn't give us a good excuse to discuss
MicroBug.
KON OK, Mr. MicroBug, what's the fewest keystrokes you can use to do an ExitToShell from
MicroBug?
BAL Well, ExitToShell is Toolbox trap A9F4. The Toolbox trap table begins at $E00, so you
can calculate the address of the trap and then use the G command.
KON Once you have the address, that's a minimum of seven keystrokes. You like to type a lot.
BAL I need some time to think about that one.
KON While you're thinking, how do you restart from MicroBug?
BAL Let's just leave everyone in suspense until next time.
KON Nasty.
BAL Yeah.
KONSTANTIN OTHMER AND BRUCE LEAK are basically slackers who go on way too many vacations. Unfortunately, they
write buggy code and there are always a number of bugs that they need to fix on their return. But in true slacker style,
they wouldn't think of fixing their own bugs. Enter the Puzzle Page, a sly coverup for getting someone else to solve these
problems. Instead of fighting through buggy code with MacsBug, they call each other looking for easy answers. To keep
pace with their bugs, they're lobbying the develop staff to do a whole issue of just Puzzle Pages. *
SCORING
- If you stick with MacsBug and never even try MicroBug, score 25.
- If you figured out the bug before BAL did, score 50.
- If you start to use MicroBug and like it better than MacsBug, score 75.
- If you start to play Spaceward Ho! regularly, and like it better than MicroBug, score 100. *
Thanks to Gary Davidian, scott douglass, and Jean-Charles Mourey for reviewing this column.*
