See if you can solve this programming puzzle, presented in the form of a dialog
between Konstantin Othmer (KON) and Bruce Leak (BAL). The dialog gives clues to
help you. Keep guessing until you're done; your score is the number to the left of the
clue that gave you the correct answer. These problems are supposed to be tough. If you
don't get a high score, at least you'll learn interesting Macintosh trivia.
KON I wrote this program that crashes with a bus error and I can't figure out what's
going wrong.
BAL If it's crashing with a bus error, that's easy: just figure out where the bogus bus
error address came from.
110 KON Well, that's the problem. I look around and there's not a bad address
anywhere.
BAL Let me see.
105 KON OK.
Bus Error at 1B586
1B582 BFEXTU (A3){D6; $00}, D0
1B586 *ADDQ.W #$4,A3
1B588 MOVE.L(A2)+,D1
Register A3 has $70E368, and A2 has $70DEDC. So that's your puzzle; what do you
do now?
BAL Hmmm. Suppose I trace a few times.
100 KON No problem; everything seems to work OK.
BAL What if I type "Go" and hope for the best?
95 KON You crash immediately with an address error at $1B5A4. The code is trying to
do an RTS, but the stack is trashed.
BAL Well that's just a little ways down from where I was before. Anything funny
happening in between?
90 KON Nope, just a loop that doesn't touch the stack or anything.
BAL Was the stack OK when I crashed the first time?
85 KON No, the top address on the stack was garbage.
BAL OK, so I run the program again and break just before this routine gets called and
check the stack.
80 KON The stack is OK. Everything looks fine. You're at a JSR (A0).
BAL Is A0 OK?
75 KON Yep, it points to the code you were looking at before--at $1B582.
BAL So I step in and look at the stack.
70 KON You crash immediately with a bus error at $82.
BAL Huh? Sounds like someone jumped to $0.
65 KON A0 looked OK. It was just doing a JSR (A0).
BAL Some weird MacsBug bug?
60 KON In this case, no.
BAL All I did was step into a subroutine and I crash somewhere totally different?
55 KON Pretty cool, huh?
BAL Are the registers OK? What does the stack look like?
50
KON Garbage everywhere. The stack has all kinds of noise on it, and the registers seem
pretty fragged.
BAL Hmmm. I try it again; this time I set a breakpoint a few instructions before the
JSR (A0).
KON OK.
BAL Is everything OK?
45 KON The registers, stack, and code look OK.
BAL So I trace a few instructions, up to the JSR.
40 KON You crash immediately after the first trace with a bus error at $0104B0CA.
BAL Well that address is garbage. Was it in any register or on the stack before I
traced?
35 KON Nope.
BAL What happened to the stack?
30 KON There's 56 extra bytes on it now.
BAL What? Is my machine possessed?
KON It's just a computer.
BAL Some interrupt nastiness happening?
25 KON When you crash, you're at interrupt level 1.
BAL Now we're getting somewhere. Does MacsBug enable interrupts when I trace?
20 KON Yes.
BAL So where's the level 1 interrupt vector kept?
15 KON $64.
BAL I DM it and see if it's OK.
10 KON It's $104B07C. Pretty close to where you crashed.
BAL So it sounds like someone is trashing the interrupt vectors, and all the interrupts
are held pending when I'm in MacsBug. As soon as I do anything that returns control to
the Macintosh, I blow up. So I step spy on $64 and see who trashes it.
0 KON It's a routine that assumed a buffer was being allocated but wasn't. So the buffer
pointer was NIL, and the routine wrote all over low memory, including the exception
vectors.
BAL Nasty.
KON Yeah. So how could you catch this before the vectors get trashed?
BAL Doesn't EvenBetterBusError catch writes to NIL?
KON Only at VBL time, and the chances of a VBL interrupt happening before the VBL
vector gets trashed are mighty slim.
BAL You could initialize pointer variables to a bus error number like $50FFC001
instead of NIL. If you did that, you'd crash at the write and know immediately what was
wrong.
KON Cool.
KONSTANTIN OTHMER AND BRUCE LEAK As a mere lad, Bruce pulled the
programmer's key out of the stone and swore allegiance to the Lady of the Leak. Years
later, while good King Bruce was doing penance for his wandering ways, young KON of
Locksley had to defend the crown against the Mongol hordes attempting to draw directly
to the screen. Upon his return, King Bruce declared, "Let there be time," and there
was. Today young KON and his sovereign do battle against the forces of evil lurking in
your local heap.*
SCORING
Thanks to Scott Douglass for reviewing this column.*