Announcement

**Eric Pearson** · 3 Jan 2000, 09:00 AM

Chris --

> There is absolutely NO way that adding a single line
> of code that is a sub call to a dummy procedure (no
> code in the sub), can cause a bug in my software. This
> is impossible !

I'm not making any judgements about whether or not there is a bug in the compiler, but your statement simply isn't true. There is a very well documented mechanism throught which a program can corrupt memory, but do it in such a way that Windows does not detect it. Then, when something small and unrelated in the program is changed, the location of the corruption is moved to a place where Windows can detect it, and you get a GPF.

I have experienced this effect with PB/DOS, PB/CC, and PB/DLL, and the cause was never a compiler bug.

-- Eric

-------------
Perfect Sync: Perfect Sync Development Tools
Email: mailto:[email protected][email protected]</A>

**Chris Boss** · 3 Jan 2000, 09:09 AM

Eric;

Could you explain this more in depth ?

If I understand you correctly, an error must have already occured which does not seem to cause an obvious problem and then by adding a simple procedure call (even if a dummy), then the error now manifests itself.

At first glance, my assumption would be very reasonable, but I do see what you mean.

How in the world would you track down such an error ?

What kind of things did you do wrong in your programs that caused such an error ?

While this does NOT convince me that there isn't a bug in the compiler (it is naive to think that the PB compiler is 100% bug free), all in all the PB compiler has shown itself to be very stable and I am willing to give it the benefit of the doubt.

Do you think the problem is with somehow overwriting memory in the DGroup area and when a new line of code is added, memory locations shift and now the memory overwrite causes a problem ?

**Dave Navarro** · 3 Jan 2000, 10:06 AM

Chris,

I really don't appreciate your telling the world that there is a serious bug in PB/DLL without first contacting us privately to verify if it's true.

We have received absolutely zero/none/nada messages from you on this topic and no code to prove your claim.

It is possible that what you claim is true, but it is not your place to scare the living daylights out of everyone based on an assumption and without positive proof.

Next time, I'll simply delete your message and restrict your access to post messages on the Web BBS. I would appreciate it if you would act more responsibly in the future.

In the meantime, please email your source code to [email protected] so that we can verify your claim and see if we can help you out with your problem.

--Dave

ps. I changed the topic of this message.

-------------
PowerBASIC Support
mailto:[email protected][email protected]</A>

**Chris Boss** · 3 Jan 2000, 10:23 AM

Sorry dave;

I should have been more careful in the "title" of my thread.

While it seems "very likely" there is a real problem here and I was following up on a discussion started by Tim Wisseman (while his thread title doesn't sound so bad, the context of his thread is just as "serious" as mine).

If you prefer please change my thread Title to something more acceptable like "Bug or not a Bug" or something. I have no problem with that.

Since my problem seems VERY similiar to Tim Wisseman's, I didn't think of emailing support first (probably should have), since Tim already made an effort to get this problem "verified".

Eric Pearsons comments have some validity (i am examining it now) and I may be wrong.

I "APOLOGIZE" for any poor judgement !

**Dave Navarro** · 3 Jan 2000, 10:33 AM

Thanks for the apology Chris.

The thing you have to remember is that only about 10% of the people who read the messages in these forums actually participate. And lots of "potential" customers read the messages.

When they see something like "Serious bug in PowerBASIC", it scares them away. Many will not even bother to read the message to see precisely what the problem is or if a solution was found. They simply see the subject and go away.

We certainly want to fix any problems in our product. But we need your help in order to do that. We can't fix anything simply based on a description and a small code snippet.

You can't expect a mechanic to fix your car over the telephone based on just a description of the problem, can you? Our mechanics need to take your code out for a test drive before we can fix the problem.

Thanks for any help you can provide.

--Dave

-------------
PowerBASIC Support
mailto:[email protected][email protected]</A>

**Chris Boss** · 3 Jan 2000, 10:37 AM

Now back to my problem.

First, Dave, you have to realize that sometimes your customers have code they cannot release in complete detail since it is a commercial product. I DID post a HUGE chunk of my code (that I thought pertained to my problem), but obviously it is NOT enough for anyone to recompile an test.

The problems that both Tim and I have experienced seem difficult to reproduce in a small chucnk of code.

I posted the above code because I thought "maybe" the problem is associated with the "structure" of my Select case (many layers).

Erics comments have encouraged me to look at other possibilities.

Here is what I have found so far:

The lock up occurs somewhere after the following code in my NewForm procedure:

' this code is in the procedure that locks up
for N&=1 to %App_Max_Menu
App_F.FMenuItems(N&)=string$(32," ")
next N&
' The UDT is again access after the above code and locks up

You will notice that it is putting data into a fix string array within a UDT.

The UDT is below:

Type FormData
FVersion as Long
FName as string*16
FTitle as string*128
FColor as long
FProps as string*16
FWidth as Single
FHeight as Single
FNumCtrls as Long
FMenu as long
FMenuItems(1 to 100) as string*32
End Type

Global App_F as FormData

Now if I change the code in the for next loop to either:

for N&=1 to %App_Max_Menu
App_F.FMenuItems(N&)=""
next N&

or

for N&=1 to %App_Max_Menu
App_F.FMenuItems(N&)=string$(32," ")+""
next N&

The lockup disappears and the program works fine (even though this does not guarantee it won't come back after I add more code).

If what Eric says is true, then the slight changes I tried may just be moving the code a few bytes in memory and the problem is still there or it actually fixes the problem.

I don't do anything out of the ordinary with putting data into the UDT. The above code is the first time the UDT is even acessed in the program, so there isn't some other routine that is trashing the memory.

**Semen Matusovski** · 3 Jan 2000, 10:42 AM

Dave --
PB/CC' files (which I received on diskette in August) are dated June, 1; PB/DLL (downloaded Dec, 3) - July, 2.
It's real dates ?
Microsoft makes first patches after three-four monthes.
Which plans do you have for PB CC 2.0 & DLL 6.0 ?

**Dave Navarro** · 3 Jan 2000, 10:43 AM

The same problem as before applies...

If I can't take my car to my mechanic because I don't want him to see the modifications I've made, I can't expect him to fix my car.

You can describe things and make all the assumptions that you want but until we can run the compiler itself through a debugger while it compiles code that causes the problem, there is nothing we can do about it.

Put together a non-disclosure agreement and email it to me. I'll have our lawyers take a look at it and if they have no problems with it, we'll sign it so that you can send us your code.

We've done the same thing with many government agencies and Fortune 100 companies in the past.

--Dave

-------------
PowerBASIC Support
mailto:[email protected][email protected]</A>

**Daniel Modler** · 3 Jan 2000, 11:10 AM

Chris,

I think Eric is right. I have experienced that kind of problem very often in PDE. That's what I *wanted* to tell in my last thread (extended debugging...). I actually managed to identify the code lines which "seemed" to cause the bug. They were completely "harmless"! If you want to find the bug, try to deactivate as many modules as possible and check EZGUI extensively if the bug persists. It's hard, but it's possible. I know I'm annoying everyone with it, but MemCheck! is a very good tool and you can download it - especially in cases like yours it's very, very helpful!

Regards

-------------
Daniel
[email protected]

**Chris Boss** · 3 Jan 2000, 11:12 AM

Thanks for the offer and I'll take it into consideration (I have other parties that would have to give Ok on this, since I licensed to software already to another company).

I want to see if I can find the answers myself first and if possible to create a test program for verification. I am also looking into what Eric suggested, to see if it is possible that his comments apply to my problem.

I will try to give you as much info as is possible and practical. Hopefully, in what source code I do post and the comments I make, someone may notice something I have overlooked. If all else fails, I may have no choice but to send you my source code.

**Chris Boss** · 3 Jan 2000, 11:26 AM

Daniel;

Give me an example of a "harmless" peice of code, that still caused problems in PDE.

I need to "define" the problem more accurately at this point.

If I understand Eric correctly, the only possible reason a program could lockup by the addition of some "dummy" code, is if the error was alwas there and it was overwriting memory in Dgroup (where variables are stored), but the error did not manifest itself until the code segment somehow gets shifted by the addition of new lines of code.

Its time to play "Sherlock Holmes" !

Lets assume this is correct.

The only two culprits would be either an error was written in the Basic Language which did something with a variables memory location or an API function was given bad data and it caused the problem.

My program is an EXE (EZGUI Visual Designer) which makes absolutely NO API calls. The EXE does make dozens of calls into my EZGUI DLL, which does make API calls.

I use NO assembler at all in either the EXE or the DLL and only Basic commands. No pointers are used in the DLL except a few needed by the WM_NOTIFY message.

I suspect the EXE is the problem since, it has its own data segment which is isolated from the EZGUI DLLs data segment (it has its own).

If the EXE is the problem then since I use NO assembler or API calls, it would have to be an error with just Basic statements. The offending Global array is NOT accessed beyond its bounds, so I don't see how its memory gets trashed in anyway. It almost seems as if the array can be accessed in a few lines of code and then a few lines later the same array is accessed and the pointer may be bad to it. There are NO EZGUI calls in the immediate area of the offending code.

**Eric Pearson** · 3 Jan 2000, 11:47 AM

Chris --

(You made an additional post while I was writing this off line, and it is clear now that you understand what I was saying. But I'll leave this message on the board for the benefit of lurkers.)

> Could you explain this more in depth ?

Sure. Let's assume that your program uses a certain amount of numeric and string data, and that a corresponding amount of memory has been allocated to it (by Windows) for code and data storage. If your program accesses that memory in any way -- on purpose or accidentally -- Windows will not complain. It has no way of knowing whether or not the technique you are using to modify the memory is intentional or not. But if your program accesses memory that has not been allocated to it, you'll see a GPF error message. (Microsoft uses the term "Application Error" now, but the old term "General Protection Fault" is more descriptive of the error so many programmers still use it. It means that a program violated the Windows memory protection scheme that keeps apps from interfering with each other.)

Let's say that somewhere in your program you are saving a value in a numeric array, and that you are using a subscript that is too large. If you are using $DEBUG ERROR OFF, then PowerBASIC will not check your subscript, it will simply calculate the memory location that would be used if that array element really did exist, and store a value there. If that location corresponded to a block of memory that was legal for your program to use, nothing would happen (except that the value that your program intended to store in that location would be corrupted). No GPF would be tripped.

If your program was changed in a very subtle way -- maybe it got 16 bytes larger when you added some code -- then the location of the corruption might be moved. And if it got moved to a memory location that was not allocated to your program, an Application Error would be generated at runtime.

Here's how you can be fooled into thinking that one part of a program is failing when the problem is really elsewhere...

Imagine that the memory location that is being corrupted is not really "data", but a pointer to data, like a string pointer. (A string pointer tells PowerBASIC where a particular string is located.) Windows would not complain at all when your program corrupted the value, because your program can legally change that block of memory. But much later on, when your program went to use that string, it might generate a GPF because the pointer pointed to a memory location that was not legal for your program to access. Or it might point to a location that was legal, and you might get garbage data. Or it might point to a midpoint of the string, or... or... or...

Those are just a few generic and probably over-simplified examples. Many different things can cause memory to be corrupted, and many different things can be corrupted.

Back in the days when PB/DOS was my primary tool, I made an error that corrupted memory and the resulting error message said "the modem is out of paper". It took me hours and hours to find the problem, and it had nothing to do with the modem or the printer. As I recall, I was loading a file into an array, and because the user had used the DOS COPY command to copy the file, CHR$(26) had been appened to the file, making it one byte too big. I was absolutely 100% certain that PowerBASIC was at fault -- after all, how could a line of code that was using the serial port trip an "out of paper" error, but it was a simple programming error.

> it is naive to think that the PB compiler is 100% bug free

I agree, and I feel certain that everybody on this forum, including the PowerBASIC staff, agrees. After all, we are (relatively) sane, rational people. {G} But IMO it is also naive to assume that your code is 100% bug free and that it could not possibly be at fault.

-- Eric

-------------
Perfect Sync: Perfect Sync Development Tools
Email: mailto:[email protected][email protected]</A>

[This message has been edited by Eric Pearson (edited January 03, 2000).]

**Eric Pearson** · 3 Jan 2000, 12:07 PM

> If I understand Eric correctly, the only possible reason
> a program could lockup by the addition of some "dummy"
> code, is if the error was alwas there and it was
> overwriting memory in Dgroup (where variables are
> stored), but the error did not manifest itself until
> the code segment somehow gets shifted by the addition
> of new lines of code.

The only possible reason? No, it could also be a compiler bug. {GGG} All I was trying to say was that it is possible for it to be something other than a compiler bug, and I described one possible scenario.

The most difficult GPF that I ever tracked down turned out to be a Windows bug. It had nothing to do with my code or PowerBASIC. Lots of things are possible...

-- Eric

-------------
Perfect Sync: Perfect Sync Development Tools
Email: mailto:[email protected][email protected]</A>

**Chris Boss** · 3 Jan 2000, 01:30 PM

Tim emailed me a copy of his "BIG" test program (or at least the code that generates the BIG program).

I cut the generated code down to size (source 50 KB, compiles to 28 KB), made some modifications and I believe it possibly demonstrates a bug when working with UDTs. The source is small enough for others to examine it and test it out.

You can download the test program at:

http://ezgui.com/pbbug.zip

The code was compiled on a Win 95 machine using PB 5.0.

In the zip file you will find the following:

test1.bas ' test program source code
compile.bat ' batch file to compile outside of IDE
test1.exe ' program compiled with bug
test1NG.exe ' program compiled with bug
test1OK.exe ' program compiled without bug

In the beginning of the bas file you will see these two lines of code:

%UseMsg = 1 ' Set to 1 to display messageboxs for Checks
%AddUDTS = 1 ' Set to 1 to create extra UDTs

If %ADDUDTS is set to 1 then some extra UDTS are defined as Globals.
if %ADDUDTS is set to 0 then those extra UDTS are not defined

In the compiled version that works OK, 4 message boxes will appear at different locations in the code while executed.

In the compiled version that is buggy, only 2 of the message boxes will appear. The program does NOT produce a GPF either. It just never executes the last two message boxes. Also if you use CTRL-ALT-DEL and display the Task Manager, you will find that the buggy version NEVER terminates.

Now, I don't know what will have if you use PB 6 or PB CC and you may get a GPF.

The test program does demonstrate that something is amiss.

While it could be the code, the code was generated by another program (which incremented each line) and the code looks OK to me.

The only difference between buggy version and the OK version is that the buggy one defines some extra UDTs (but doesn't access them).

The creation of some more UDTs shouldn't cause the program to do what it does.

The buggy versions seems to enter an infinite loop, since it doesn't GPF or terminate. This is exactly what was happeing with my software. I didn't get a GPF at all. It just would stop execution of the program and enter "La La land" (meaning, I don't know what it was doing).

The test program above does indicate a "possibility" of a problem.

What is needed now, is "VERIFICATION" !

Please everyone who can (including Dave, Lance) and test it out. Tell me if there is an actual error in the code or if the compiler seems to have a problem with it.

It is to everyones advantage to "not point fingers" at anyone, but to work together to verify if this is a bug or not. If it is not, then Tim and I will have learned a valuable lesson. If it is a bug, then the guys at PB will fix it "lickity split" !

I just want to know "why" it doesn't work ?

**Chris Boss** · 3 Jan 2000, 01:32 PM

Note: The test program download is only 21KB in size.

**Scott Turchin** · 3 Jan 2000, 02:04 PM

I just popped into this review at the last minute.

Lets say Hypothetically that there is an issue in the compiler/editor.

First thing, while this BBS is a great place to ask questions, get advice, share source, I take the approach that NTBUGTRAQ takes when finding issues in company software:

One should ALWAYS try to contact the manufacturer first, determine IF there is an issue, and give them a chance to correct it before going public with it.

Now, being that it was a source code question, (Although the title gave it away), even sometimes it's not WHAT you say to someone, about someone, etc, it's HOW you say it..The guys (And gals if there are any) at PB are awesome and have always been a cut above everyone else for their response time in the tech support area, so give them some credit...

Given all that, I ran the test1.exe on NT 4.0, SP6a and it dr watsoned on me.

Access violation (0xc0000005) at address 0x00405cc
Test1NG.exe did the same.

Test1OK.exe ran fine in NT.

I recompiled it in PB/DLL 6.0 and received a Dr Watson identical to the first test1.exe

Code:

function: <nosymbols>
        004046b5 c7458001000000   mov   dword ptr [ebp-0x80],0x1 ss:0116e8a2=????????
        004046bc ffc6             inc     esi
        004046be 8b857cffffff     mov     eax,[ebp+0xffffff7c]   ss:0012fe18=00000001
        004046c4 8b4d80           mov     ecx,[ebp-0x80]         ss:0116e8a2=????????
        004046c7 83e901           sub     ecx,0x1
        004046ca c1e102           shl     ecx,0x2
        004046cd 0381807a4000     add     eax,[ecx+0x407a80]     ds:00407a80=00000000
        004046d3 8b4d80           mov     ecx,[ebp-0x80]         ss:0116e8a2=????????
        004046d6 83e901           sub     ecx,0x1
        004046d9 c1e102           shl     ecx,0x2
FAULT ->004046dc 8981807a4900     mov     [ecx+0x497a80],eax     ds:00497a80=00000000
        004046e2 ff4580           inc     dword ptr [ebp-0x80]   ss:0116e8a2=????????
        004046e5 837d8002         cmp   dword ptr [ebp-0x80],0x2 ss:0116e8a2=????????
        004046e9 7ed1             jle     004046bc
        004046eb c7458001000000   mov   dword ptr [ebp-0x80],0x1 ss:0116e8a2=????????
        004046f2 ffc6             inc     esi
        004046f4 8b857cffffff     mov     eax,[ebp+0xffffff7c]   ss:0012fe18=00000001
        004046fa 8b4d80           mov     ecx,[ebp-0x80]         ss:0116e8a2=????????
        004046fd 83e901           sub     ecx,0x1
        00404700 c1e102           shl     ecx,0x2
        00404703 0381887a4000     add     eax,[ecx+0x407a88]     ds:00407a88=00000000
        00404709 8b4d80           mov     ecx,[ebp-0x80]         ss:0116e8a2=????????

-------------
Scott Turchin

**Dave Navarro** · 3 Jan 2000, 02:26 PM

Has anyone tried running the code in the debugger?

The debugger will actually tell you what line is causing a GPF when one occurs.

--Dave

-------------
PowerBASIC Support
mailto:[email protected][email protected]</A>

**Lance Edmonds** · 3 Jan 2000, 03:28 PM

Chris, is the "example" code (hyperlinked above) a rehash of Tim's code, or is this a cut down version of your own code? If you followed the other thread you will know that R&D are already aware of Tim's report.

-------------
Lance
PowerBASIC Support
( mailto:[email protected][email protected]</A> )

**Chris Boss** · 3 Jan 2000, 07:23 PM

Lance;

My test program is a cut down version of Tims that I believe will be easier to work with. It only uses code up to where I found execution was stopping. All the extra code Tims version was using was useless since it wasn't being executed at all. Execution was stopping at about the first 5% of the program.

I thoroughly tested Tims version and then created mine so it would demonstrate the problem in the least possible code.

This should make it easier for both PBs R&D and others to test it out.

I added compiler directives to allow chnaging the code easier to demonstrate the difference between the good version and the bad version.

The zip file is only 21 KB so anyone can try it out. Any debugging info anyone has from different debugging tools will be helpful.

Announcement

Possible bug in PB5 compiler

Possible bug in PB5 compiler

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment