Another guru to debug

[deimos]

EDIT:

For anyone who stumbles across this: if gcc is inserting traps in your code, it means your code isn't handling things that shouldn't happen. In my case it was null pointers due to a pool of objects being exhausted. The compiler is trying to help, and you should listen to it.

--

I have a guru that I can reproduce consistently. It must be caused by my keyboard handling code as it happens when you hold down two keys at the same time for a few seconds. They don't need to be keys that are used by the code, so I suspect I suspect my keyboard handling code rather than the code that acts on what keys are pressed.

Is there anything I can do in the WinUAE debugger to get more information? The things I know how to do, such as memory breakpoints, don't seem to be helping.

5 examples:

Error: 8000 0027 Task: 00258AE8
Error: 8000 0027 Task: 00258AE0
Error: 8000 0027 Task: 00258B78
Error: 8000 0027 Task: 00258B30
Error: 8000 0027 Task: 00258B00

[meynaf]

The guru you get indicates TRAP #7 instructions executing.
But it may also indicate that the code branches to data (which is likely text in this case). You may want to check your indirect JMP/JSR.

[deimos]

Quote:

Originally Posted by meynaf

The guru you get indicates TRAP #7 instructions executing.
But it may also indicate that the code branches to data (which is likely text in this case). You may want to check your indirect JMP/JSR.

The majority of your reply went over my head, sorry.

TRAP #7 doesn't sound like something I'd do. Branching to data? Would that imply I've written over something? I would hope the memory watchpoints I've tried would catch that. I'm not sure what indirect JMP/JSR means in this context - I'm mostly a bad C coder today.

[Toni Wilen]

Set breakpoint to trap #7 vector (use 'i' to list them). Then when it triggers, use H <number of lines> to see what happened.

[deimos]

Quote:

Originally Posted by Toni Wilen

Set breakpoint to trap #7 vector (use 'i' to list them). Then when it triggers, use H <number of lines> to see what happened.

Ok, I think I did that right, after the TRAP #7 triggers, H shows me:

Code:

 2 0025F31E 6700 01c4                BEQ.W #$01c4 == $0025f4e4 (T)
 2 0025F322 0c00 ffff                CMP.B #$ff,D0
 2 0025F326 6700 0134                BEQ.W #$0134 == $0025f45c (T)
 2 0025F32A 3639 0026 564a           MOVE.W $0026564a [0000],D3
 2 0025F330 3279 0026 564e           MOVEA.W $0026564e [000e],A1
 2 0025F336 3c79 0026 564c           MOVEA.W $0026564c [0064],A6
 2 0025F33C 3a39 0027 fc70           MOVE.W $0027fc70 [0064],D5
 2 0025F342 3839 0027 fc6e           MOVE.W $0027fc6e [0064],D4
 2 0025F348 3439 0027 fc74           MOVE.W $0027fc74 [000e],D2
 2 0025F34E 45f9 0027 fc6a           LEA.L $0027fc6a,A2
 2 0025F354 47f9 0025 afec           LEA.L $0025afec,A3
 2 0025F35A 0c00 0078                CMP.B #$78,D0
 2 0025F35E 6700 009c                BEQ.W #$009c == $0025f3fc (T)
 2 0025F362 1200                     MOVE.B D0,D1
 2 0025F364 5e01                     ADD.B #$07,D1
 2 0025F366 0c01 0001                CMP.B #$01,D1
 2 0025F36A 6300 0090                BLS.W #$0090 == $0025f3fc (T)
 2 0025F36E 5701                     SUB.B #$03,D1
 2 0025F370 0c01 0002                CMP.B #$02,D1
 2 0025F374 6300 0086                BLS.W #$0086 == $0025f3fc (T)
 2 0025F378 4a00                     TST.B D0
 2 0025F37A 6d00 00fa                BLT.W #$00fa == $0025f476 (F)
 2 0025F37E 7e01                     MOVE.L #$01,D7
 2 0025F380 1200                     MOVE.B D0,D1
 2 0025F382 0201 007f                AND.B #$7f,D1
 2 0025F386 0200 0070                AND.B #$70,D0
 2 0025F38A 0c00 0060                CMP.B #$60,D0
 2 0025F38E 6700 00fa                BEQ.W #$00fa == $0025f48a (T)
 2 0025F392 4a43                     TST.W D3
 2 0025F394 6700 012c                BEQ.W #$012c == $0025f4c2 (T)
 2 0025F4C2 33fc 0000 0026 564a      MOVE.W #$0000,$0026564a [0000]
 2 0025F4CA 33c9 0026 564e           MOVE.W A1,$0026564e [000e]
 2 0025F4D0 33c4 0027 fc6e           MOVE.W D4,$0027fc6e [0064]
 2 0025F4D6 33c2 0027 fc74           MOVE.W D2,$0027fc74 [000e]
 2 0025F4DC 31fc 0000 0008           MOVE.W #$0000,$0008 [0000]
 2 0025F4E2 4e47                     TRAP #$07
 2 00F80A8A 61da                     BSR.B #$da == $00f80a66

But all of that looks completely foreign to me.

[ross]

How do you handle the keyboard?
This trap #7 doesn't make much sense to me

Can you post an exe?

[deimos]

Quote:

Originally Posted by ross

How do you handle the keyboard?
This trap #7 doesn't make much sense to me

Can you post an exe?

Sure, it's basically the same exe as before, I think the bug has existed for a while.

The easiest way to reproduce it is to hit and hold cursor up and cursor left at the same time. The jet will turn for a few seconds before freezing and then you'll guru a couple of seconds after that. If you don't get your timing right, keep mashing keys - I can only get it to happen when I have more than one key down.

I'll gather up the source code so you can see the keyboard code.

Edit: all source code now attached too.

[Toni Wilen]

It looks like something overwrites 0025F4DE-> (MOVE.W #$0000,$0008 looks wrong too)

[deimos]

Quote:

Originally Posted by Toni Wilen

It looks like something overwrites 0025F4DE-> (MOVE.W #$0000,$0008 looks wrong too)

If I set a memory breakpoint for there before running my code it does break, but before my code starts for proper.

Code:

>g
Memwatch 0: break at 0025F4DE.W  W  00000026 PC=00F97CF6 CPUDW (000)
  D0 000000CE   D1 00004126   D2 0000012D   D3 00264DD0
  D4 00006110   D5 00000000   D6 00000006   D7 00000214
  A0 00259520   A1 0025A2A4   A2 0025B3B8   A3 0025A48C
  A4 0025A6A4   A5 002595CC   A6 0020CAF0   A7 00259518
USP  00259518 ISP  00202220
T=00 S=0 M=0 X=0 N=0 Z=0 V=0 C=0 IMASK=0 STP=0
Prefetch fff2 (ILLEGAL) 51ca (DBcc) Chip latch 00000008
00F97CF6 d7b2 1800                ADD.L D3,(A2, D1.L*1, $00) == $0025f4de [00265662]
00F97CFA 51ca fff2                DBF .W D2,#$fff2 == $00f97cee (F)
Next PC: 00f97cfe
>H100
 0 0025A930 00ff                     ILLEGAL
 0 00F82494 6624                     BNE.B #$24 == $00f824ba (T)
-1 00F813A8 60e6                     BT .B #$e6 == $00f81390 (T)
 0 00F97CFA 51ca fff2                DBF .W D2,#$fff2 == $00f97cee (F)
 0 00FDCD06 3000                     MOVE.W D0,D0
-1 00F813A8 60e6                     BT .B #$e6 == $00f81390 (T)
 0 00F97CFA 51ca fff2                DBF .W D2,#$fff2 == $00f97cee (F)
 0 00F97CFA 51ca fff2                DBF .W D2,#$fff2 == $00f97cee (F)

I don't recognise any of that, an if I start it again it runs until I crash it without hitting that breakpoint again.

[ross]

I do not see any code overwritten.
Seems already in hunk data.

But I inspecting better.

[ross]

Yes this wrong code is already there, at absolute offset $4174 in exe.

§4174: 31fc 0000 0008 MOVE.W #$0000,$0008
§417a: 4e47 TRAP #$07

[deimos]

So, I'm bouncing off to somewhere I shouldn't? Any idea why?

[ross]

Quote:

Originally Posted by deimos

So, I'm bouncing off to somewhere I shouldn't? Any idea why?

The first thing to understand is why that code is there from the beginning.
In any case I have freeze in all conditions, I just need to press a button in any direction.
A500 Quickstat config, 512 or 515+512.

[meynaf]

I confirm there is no overwrite of code. Also it does not look like data at all.

Comparing with keyboard.c the generated asm code is hard to follow and even sometimes looks incorrect.
Seems the compiler made a complete mess

[deimos]

Quote:

Originally Posted by meynaf

I confirm there is no overwrite of code. Also it does not look like data at all.

Comparing with keyboard.c the generated asm code is hard to follow and even sometimes looks incorrect.
Seems the compiler made a complete mess

That's called optimisation.

[meynaf]

Quote:

Originally Posted by deimos

That's called optimisation.

In theory yes. In practice optimisation can sometimes fail bad. Does it still crash if you turn it off ?

[deimos]

Quote:

Originally Posted by meynaf

In theory yes. In practice optimisation can sometimes fail bad. Does it still crash if you turn it off ?

I'll run that test in the morning. Right now I have to play go fish with the in laws. Sorry.

Edit: I won.

[deimos]

Quote:

Originally Posted by ross

The first thing to understand is why that code is there from the beginning.
In any case I have freeze in all conditions, I just need to press a button in any direction.
A500 Quickstat config, 512 or 515+512.

Ok, that's different to what I get if I run it in the default for my development environment, which is A500 with extra 1/2 meg slow.

[deimos]

Quote:

Originally Posted by ross

Yes this wrong code is already there, at absolute offset $4174 in exe.

§4174: 31fc 0000 0008 MOVE.W #$0000,$0008
§417a: 4e47 TRAP #$07

Is this in a code section or a data section?

[meynaf]

Quote:

Originally Posted by deimos

Is this in a code section or a data section?

It's located in first code section.