Viewing Issue Advanced Details
ID Category [?] Severity [?] Reproducibility Date Submitted Last Update
06323 Debugger Critical (emulator) Always Jul 25, 2016, 21:27 Jul 26, 2016, 03:47
Tester Tafoid View Status Public Platform MAME (Official Binary)
Assigned To AJR Resolution Fixed OS Windows Vista/7/8 (64-bit)
Status [?] Resolved Driver psikyosh.cpp
Version 0.175 Fixed in Version 0.176 Build Normal
Summary 06323: gunbird2, s1945iii: Crash when attempting to use -cheat
Description MAME crashes upon attempting to load the cheats for these games which refer to eeprom region

Exception at EIP=0000000002A368C5 (debugger_cpu::expression_validate(void*, char const*, expression_space)+0x00f5): ACCESS VIOLATION
While attempting to read memory at 0000000000000040
RAX=0000000000000000 RBX=000000000ACE3140 RCX=0000000000227EA6 RDX=0000000000187A78
RSI=0000000016FE8758 RDI=0000000000227FC8 RBP=0000000000227F80 RSP=0000000000227F00
 R8=0000000000000000 R9=0000000000000000 R10=0000000000227EA0 R11=0000000000000006
R12=0000000000227FC0 R13=0000000000227FBC R14=0000000000228087 R15=00000000177FB3D0
Stack crawl:
  0000000000227EC0: 0000000002A368C5 (debugger_cpu::expression_validate(void*, char const*, expression_space)+0x00f5)
  0000000000227F70: 0000000003B3469D (std::_Function_handler<expression_error::error_code (void*, char const*, expression_space), std::_Bind<std::_Mem_fn<expression_error::error_code (debugger_cpu::*)(void*, char const*, expression_space)> (debugger_cpu*, std::_Placeholder<1>, std::_Placeholder<2>, std::_Placeholder<3>)> >::_M_invoke(std::_Any_data const&, void*&&, char const*&&, expression_space&&)+0x002d)
  0000000000228010: 0000000002A52118 (parsed_expression::parse_memory_operator(parsed_expression::parse_token&, char const*)+0x0168)
  00000000002280D0: 0000000002A526C2 (parsed_expression::parse_symbol_or_number(parsed_expression::parse_token&, char const*&)+0x0162)
  0000000000228150: 0000000002A52F56 (parsed_expression::parse_string_into_tokens()+0x0416)
  00000000002281A0: 0000000002A56B61 (parsed_expression::parse(char const*)+0x00c1)
  0000000000228260: 00000000018084F9 (cheat_script::script_entry::script_entry(cheat_manager&, symbol_table&, char const*, xml_data_node&, bool)+0x00f9)
  0000000000228300: 0000000001808FB2 (cheat_script::cheat_script(cheat_manager&, symbol_table&, char const*, xml_data_node&)+0x0362)
  00000000002283D0: 00000000018099F2 (cheat_entry::cheat_entry(cheat_manager&, symbol_table&, char const*, xml_data_node&)+0x0362)
  0000000000228630: 000000000180CB9E (cheat_manager::load_cheats(char const*)+0x027e)
  00000000002288D0: 000000000180D3FB (cheat_manager::reload()+0x044b)
  0000000000228990: 000000000180D853 (cheat_manager::cheat_manager(running_machine&)+0x0303)
  0000000000228A40: 00000000017C623C (mame_machine_manager::create_custom(running_machine&)+0x033c)
  0000000000228B20: 0000000002ADF1E6 (running_machine::start()+0x08e6)
  0000000000228BA0: 0000000002ADF7AB (running_machine::run(bool)+0x010b)
  000000000022F500: 00000000017C7A4A (mame_machine_manager::execute()+0x015a)
  000000000022F950: 0000000001815679 (cli_frontend::execute(int, char**)+0x0d09)
  000000000022F9C0: 00000000017C6C35 (emulator_info::start_frontend(emu_options&, osd_interface&, int, char**)+0x0035)
  000000000022FDF0: 00000000017302F4 (utf8_main(int, char**)+0x0124)
  000000000022FE50: 0000000002EEE03F (wmain+0x007f)
  000000000022FF20: 000000000040140C (__tmainCRTStartup+0x025c)
  000000000022FF50: 000000000040153B (mainCRTStartup+0x001b)
  000000000022FF80: 0000000076F159BD (BaseThreadInitThunk+0x000d)
  000000000022FFD0: 000000007704A2E1 (RtlUserThreadStart+0x0021)
Steps To Reproduce mame s1945 -cheat (with latest cheat package)
Note that using the cheat plugin invoked with mame s1945iii -plugins -plugin cheat does not crash and the plugin skips/blanks out the selection in question

Additional Information This seems to be due to the fact that the memory is no longer being treated as "space memory" via the debugger so no changes can be done via debugger commands (and cheat.xml files). You still seem to be able to adjust and input new values into the memory view window, but if you send a command such as "eeprom.b@002f=ff" which previously worked, you will now cause an exception. Also, the debugger no longer lists the type of eeprom it is supposed to be (as a device). What was in the drop down of the memory window as: "Serial EEPROM 93C56 (256x8) ':eeprom' eeprom space memory", is now listed as "Region ':eeprom'". losing all it's identificaton.

The eeprom changes here done here:
Regression Version 0.175
Affected Sets / Systems gunbird2, s1945iii
Attached Files
There are no relationsihp linked to this issue.
User avatar
Jul 26, 2016, 03:30
Given the removal of the memory interface from the EEPROM device, the cheat should no longer work (and the memory window behavior is to be expected), but it also shouldn't cause a null pointer exception. The probable cause of the crash is calling device->memory().has_space(AS_X) without checking to see if the device even has a memory interface.

I've submitted a pull request to correct this, after confirming that it causes the stated command to produce an expression error (which the cheat engine will catch).