Winter 92 - KON & BAL'S PUZZLE PAGE
KON & BAL'S PUZZLE PAGE
KONSTANTIN OTHMER AND BRUCE LEAK
![[IMAGE 103-105_Puzzle_Page_rev1.GIF]](103-105_puzzle_page_rev1.gif)
See if you can solve this programming puzzle, presented in the form of a dialog
between Konstantin Othmer (KON) and Bruce Leak (BAL). The dialog gives clues
to help you. Keep guessing until you're done; your score is the number to the left of
the clue that gave you the correct answer. These problems are supposed to be tough. If
you don't get a high score, at least you'll learn interesting Macintosh trivia.
KON I wrote this program that crashes with a bus error and I can't figure out what's going
wrong.
BAL If it's crashing with a bus error, that's easy: just figure out where the bogus bus error
address came from.
110 KON Well, that's the problem. I look around and there's not a bad address anywhere.
BAL Let me see.
105 KON OK.
Bus Error at 1B586
1B582 BFEXTU (A3){D6; $00}, D0
1B586 *ADDQ.W #$4,A3
1B588 MOVE.L(A2)+,D1
Register A3 has $70E368, and A2 has $70DEDC.
So that's your puzzle; what do you do now?
BAL Hmmm. Suppose I trace a few times.
100 KON No problem; everything seems to work OK.
BAL What if I type "Go" and hope for the best?
95 KON You crash immediately with an address error at $1B5A4. The code is trying to do an
RTS, but the stack is trashed.
BAL Well that's just a little ways down from where I was before. Anything funny happening
in between?
90 KON Nope, just a loop that doesn't touch the stack or anything.
BAL Was the stack OK when I crashed the first time?
85 KON No, the top address on the stack was garbage.
BAL OK, so I run the program again and break just before this routine gets called and
check the stack.
80 KON The stack is OK. Everything looks fine. You're at a JSR (A0).
BAL Is A0 OK?
75 KON Yep, it points to the code you were looking at before--at $1B582.
BAL So I step in and look at the stack.
70 KON You crash immediately with a bus error at $82.
BAL Huh? Sounds like someone jumped to $0.
65 KON A0 looked OK. It was just doing a JSR (A0).
BAL Some weird MacsBug bug?
60 KON In this case, no.
BAL All I did was step into a subroutine and I crash somewhere totally different?
55 KON Pretty cool, huh?
BAL Are the registers OK? What does the stack look like?
50
KON Garbage everywhere. The stack has all kinds of noise on it, and the registers seem
pretty fragged.
BAL Hmmm. I try it again; this time I set a breakpoint a few instructions before the JSR
(A0).
KON OK.
BAL Is everything OK?
45 KON The registers, stack, and code look OK.
BAL So I trace a few instructions, up to the JSR.
40 KON You crash immediately after the first trace with a bus error at $0104B0CA.
BAL Well that address is garbage. Was it in any register or on the stack before I traced?
35 KON Nope.
BAL What happened to the stack?
30 KON There's 56 extra bytes on it now.
BAL What? Is my machine possessed?
KON It's just a computer.
BAL Some interrupt nastiness happening?
25 KON When you crash, you're at interrupt level 1.
BAL Now we're getting somewhere. Does MacsBug enable interrupts when I trace?
20 KON Yes.
BAL So where's the level 1 interrupt vector kept?
15 KON $64.
BAL I DM it and see if it's OK.
10 KON It's $104B07C. Pretty close to where you crashed.
BAL So it sounds like someone is trashing the interrupt vectors, and all the interrupts are
held pending when I'm in MacsBug. As soon as I do anything that returns control to
the Macintosh, I blow up. So I step spy on $64 and see who trashes it.
0 KON It's a routine that assumed a buffer was being allocated but wasn't. So the buffer
pointer was NIL, and the routine wrote all over low memory, including the exception
vectors.
BAL Nasty.
KON Yeah. So how could you catch this before the vectors get trashed?
BAL Doesn't EvenBetterBusError catch writes to NIL?
KON Only at VBL time, and the chances of a VBL interrupt happening before the VBL
vector gets trashed are mighty slim.
BAL You could initialize pointer variables to a bus error number like $50FFC001 instead of
NIL. If you did that, you'd crash at the write and know immediately what was wrong.
KON Cool.
KONSTANTIN OTHMER AND BRUCE LEAK As a mere lad, Bruce pulled the programmer's key out of the stone and swore
allegiance to the Lady of the Leak. Years later, while good King Bruce was doing penance for his wandering ways, young
KON of Locksley had to defend the crown against the Mongol hordes attempting to draw directly to the screen. Upon his
return, King Bruce declared, "Let there be time," and there was. Today young KON and his sovereign do battle against the
forces of evil lurking in your local heap.*
SCORING
- 100-110 Be honest.
- 75-95 Next time we find a bug, we're calling you .
- 50-70 So this has happened to you!
- 25-45 No doubt about it, these puzzles are tough.
- 0-20 Well, maybe next time . . . *
Thanks to Scott Douglass for reviewing this column.*
