<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 2013-Jan-7 14:08 , Mark Cave-Ayland
wrote:<br>
</div>
<blockquote cite="mid:50EB1D36.4030905@ilande.co.uk" type="cite">
<blockquote type="cite" style="color: #990000;">.
<br>
</blockquote>
<br>
Ah I see. So for example if on SPARC that was in the middle of a
CIF interpret call or similar, then you'd be dropped back to the
OpenBoot prompt at this point too? I didn't pick up on that from
Artyom's original email.
<br>
</blockquote>
<br>
Yup. Either drop to the ok prompt or fully reset the machine,
depending on other settings.<br>
<br>
<blockquote cite="mid:50EB1D36.4030905@ilande.co.uk" type="cite">Unfortunately
the sad truth is that BootX is written to rely on this (ahem)
feature to work if booting from anything that isn't the network:
<br>
<br>
0 value screenIH
<br>
0 value cursorAddr
<br>
0 value cursorX
<br>
0 value cursorY
<br>
0 value cursorW
<br>
0 value cursorH
<br>
0 value cursorFrames
<br>
0 value cursorPixelSize
<br>
0 value cursorStage
<br>
0 value cursorTime
<br>
0 value cursorDelay
<br>
<br>
...
<br>
<br>
: slw_spin_init
<br>
dup FFFF and to cursorH 10 >> drop
<br>
dup FFFF and to cursorW 10 >> to cursorPixelSize
<br>
dup FFFF and to cursorY 10 >> d# 1000 swap / to
cursorDelay
<br>
dup FFFF and to cursorX 10 >> to cursorFrames
<br>
to cursorAddr
<br>
to screenIH
<br>
['] slw_spin to spin ;
<br>
<br>
And slw_spin_init is invoked from DrawSplashScreen() like this:
<br>
<br>
if (gBootFileType != kNetworkDeviceType) {
<br>
SpinInit(0, 0, NULL, 0, 0, 0, 0, 0, 0, 0);
<br>
}
</blockquote>
<br>
The key error here (as I see it) is:<br>
<br>
dup FFFF and to cursorY 10 >> d# 1000 swap / to cursorDelay<br>
<br>
Where is that code? It looks like it's the third argument to
"slw_spin_init" that is being used as a divisor, and it should be
checked for zero.<br>
<br>
I think this code (commenting to relate arguments to lines of code)
looks like:<br>
<tt><br>
</tt><tt> : slw_spin_init
( arg7 arg6 arg5 arg4 arg3 arg2 arg1 -- )</tt><tt><br>
</tt><tt>
dup FFFF and to cursorH 10 >> drop</tt><tt>
</tt><tt>( arg7 arg6 arg5 arg4 arg3 arg2 )<br>
</tt><tt> dup FFFF and to cursorW 10 >> to
cursorPixelSize ( </tt><tt><tt>arg7 arg6 arg5 arg4 arg3</tt>
)</tt><tt><br>
</tt><tt>
dup FFFF and to cursorY 10 >> d# 1000 swap / to
cursorDelay </tt><tt><tt>( </tt><tt><tt>arg7 arg6 arg5 arg4</tt>
)</tt></tt><tt><br>
</tt><tt>
dup FFFF and to cursorX 10 >> to cursorFrames
</tt><tt>( </tt><tt><tt>arg7 arg6 arg5</tt> )</tt><tt><br>
</tt><tt>
to cursorAddr
</tt><tt>( </tt><tt><tt>arg7 arg6</tt> )</tt><tt><br>
</tt><tt>
to screenIH
</tt><tt>( </tt><tt><tt>arg7</tt> )</tt><tt><br>
</tt><tt>
['] slw_spin to spin ;
( )</tt><tt><br>
</tt><tt>
</tt>;<br>
<br>
So it looks like this code depends on arg3 being non-zero. I assume
the arguments are coming from right-to-left, which is backwards from
other c-to-forth implementations I've seen (usually the c call is
procedure(arg1, arg2, arg3, ...) ), but that would not seem to fit
here, since arg5 appears to require a pointer. Note that not all
architectures use 0 == NULL; some use other values, so I wonder if
this is a bug originating from some such usage combined with
argument order confusion.<br>
<br>
The better fix would be to check for zero in slw_spin_init. Or are
you saying that both the call to SpinInit() <i>and</i> the
slw_spin_init( -- ) forth code are in BootX, code we aren't allowed
to touch? If that's the case, indeed, a program which deliberately
sets up a divide by zero expecting it to work has to be hacked
around. To quote from that PPC 8360 article:<br>
<br>
"I've inherited legacy code like this before & I feel your pain.
You want to shake your fist at the people who installed such
bone-headed behavior, but right now shaking your fist doesn't help
you ship product. You need a solution. Good luck."<br>
<br>
</body>
</html>