KONSTANTIN OTHMER AND BRUCE LEAKSee if you can solve this programming
puzzle, presented in the form of a dialog between Konstantin Othmer (KON) and Bruce
Leak (BAL). The dialog gives clues to help you. Try to guess this one before BAL does.
To figure out your score, see "Scoring" at the end.
KON Have you heard of Spaceward Ho!?
BAL Yeah, it's that awesome conquer-the-galaxy game from Delta Tao. That game has
done more to hurt productivity around here than pinball.
KON After they released it, they got several calls complaining about a crash. They tried
to reproduce the crash but couldn't.
BAL They don't have that SADE MultiFinder installed, do they?
KON Very funny.
BAL How is their configuration different from the configuration of customers with the
problem?
KON Everyone who complained had a 4-meg IIsi, ci, or fx. And the Delta Tao folks
tested those configurations.
BAL Hmmm. How does it crash? Can you get into MacsBug?
KON That's part of the problem, the customers who have the crash aren't programmers
and don't have MacsBug. The crash is with an Error 01, a bus error.
BAL Well, find one of the machines it crashes on, install MacsBug, and see what's
wrong. How hard can it be?
KON So you fly to Bismarck, North Dakota, and install MacsBug, and it doesn't crash
anymore. Pretty hard, I guess.
BAL Hmmm. Just MacsBug? Are there any INITs running?
KON The machine has only MacsBug, nothing else.
BAL And you never set a breakpoint, or an A-trap break, or anything?
KON Nope.
BAL Do you have a FirstTime macro?
KON Nope.
BAL So how could MacsBug be interfering?
KON I can't help you there. It's your puzzle.
BAL Well, MacsBug initializes some low-memory values and rearranges things above
BufPtr. Is the app doing anything funny that might depend on some low mems?
KON The app follows every programming convention dictated by Inside Macintosh and
the Developer Support Center. They even follow every human interface guideline and . .
.
BAL Yeah, yeah, yeah. Impossible. So MacsBug is installed, but it's never invoked.
KON Yep.
BAL What's the app doing when it crashes?
KON It's in the middle of a bunch of calculations -- you know, how many ships got
destroyed in battle, how fast planets' populations are growing, what the computer
players are doing, that kind of thing.
BAL Well, MacsBug causes the app to launch in a different place.
KON OK.
BAL MacsBug loads above BufPtr, so everything else loads lower. Maybe the app reads
past the end of its heap. When MacsBug is in, it's lower in the heap, so the app reads
somewhere in MacsBug territory. When MacsBug is out, the app reads past the end of
RAM and causes a bus error.
KON Nice theory. But how do you verify that that's the problem without MacsBug?
BAL Launch another app first.
KON Then the Ho! will load even lower in memory. It won't crash.
BAL Use MicroBug.
KON You mean that thing that comes up when you push the NMI switch and MacsBug
isn't installed? Where is that documented?
BAL I don't know. It can't be too hard to figure it out, though.
KON Well, the only command I know is G for "Go." What else will it let me do?
BAL You can look at memory and registers, you can set the PC, and you can even exit to
the shell. Let's try a Total Display, TD. MicroBug responds with this:
000C30 0000 0000 0074 0000 FFFF 0100 0000 00C4 000C40 0000 FFFF 0000 0000 00AD E5D7 0074 0000 000C50 006E B2D0 0074 0A80 006E 9EB8 0057 0308 000C60 0000 0000 0074 0BAC 006E 49F8 006E 49E0 000C70 000A D96A 2014 0000 0000 0000 0000 0000 000C80 0000 0000 5444 0020 0020 0020 0020 0020
KON It looks like it's dumping memory from C30.
BAL Yeah, from SysEqu.a we see that C30 is SEVarBase. The system exception vars go
up to CBF. I guess that's where the exception vectors dump the processor state when an
exception occurs.
KON Since the system sets up the SEVars, they're set up on any exception regardless of
the debugging environment. Using MacsBug, we can figure out that the first two lines
are registers D0-D7, the next two lines are A0-A7, then the PC, then the status
register, then what?
BAL I don't know, but at C84, it looks like what we typed: TD.
KON You could read a book written in ASCII!
BAL Let's try something else, maybe it can do math. Let's try DM PC-10.
KON It works.
BAL Yeah. In addition to the PC, it knows registers as RA0 or RD0 (but you set
registers with a line like D0 = 5, not RD0 = 5). You can set memory using SM.
KON Anyway, back to the Ho!
BAL So in the Ho! I can look at the PC and the registers and figure out that it's looking
past the end of memory.
KON You can't do an IL or an IP, so you can't prove that bogus values in a register are
causing the bus error.
BAL I go into MacsBug on my PowerBook and disassemble the code with the DH
command.
KON How do you find the problem code in the source?
BAL I pattern-match using the Find command on the PowerBook. Once I find the
problem in MacsBug on the PowerBook, I'm golden.
KON Right! Here's the scoop: One of their pointers got messed up and they were reading
off the end of their heap. The value they read had only a minor impact on the
calculations, so no one noticed the problem. When MacsBug was in, they were reading
in MacsBug's code space, which is a valid address and didn't cause a bus error. The
reason it was reported on 4- meg IIsi's, ci's, and fx's is that only '030 or '040
machines that have the ci-class ROM cause bus errors when reading a valid RAM
address that doesn't have RAM installed.
BAL And reading off the end of RAM on an 8-meg machine in 24-bit addressing mode
just reads the ROM, which is valid.
KON Instead of this MicroBug detour, you could just write a flag value on the screen
from various interesting places in the source. The flag value when you crash tells you
where you were last.
BAL Yeah, but that's been done before. And it doesn't give us a good excuse to discuss
MicroBug.
KON OK, Mr. MicroBug, what's the fewest keystrokes you can use to do an ExitToShell
from MicroBug?
BAL Well, ExitToShell is Toolbox trap A9F4. The Toolbox trap table begins at $E00, so
you can calculate the address of the trap and then use the G command.
KON Once you have the address, that's a minimum of seven keystrokes. You like to type
a lot.
BAL I need some time to think about that one.
KON While you're thinking, how do you restart from MicroBug?
BAL Let's just leave everyone in suspense until next time.
KON Nasty.
BAL Yeah.
KONSTANTIN OTHMER AND BRUCE LEAK are basically slackers who go on way
too many vacations. Unfortunately, they write buggy code and there are always a
number of bugs that they need to fix on their return. But in true slacker style, they
wouldn't think of fixing their own bugs. Enter the Puzzle Page, a sly coverup for
getting someone else to solve these problems. Instead of fighting through buggy code
with MacsBug, they call each other looking for easy answers. To keep pace with their
bugs, they're lobbying the develop staff to do a whole issue of just Puzzle Pages. *
SCORING
Thanks to Gary Davidian, scott douglass, and Jean-Charles Mourey for reviewing this
column.*