Alt-Break

What can Alt-Break rescue from?

I’m experimenting with a multi-tasking, multi-socket secure server BASIC test app using AcornSSL. (It does very little.) Just occasionally, the RasPi locks up when a client makes a connection to it. The mouse cursor still moves, but Alarm doesn’t move the clock. Alt-Break allows me to stop my app, which is the first one offered. You’d think it was an infinite loop in BASIC, but I can’t see the possibility in the code. I expect it to be calling AcornSSL_Handshake at the time, judging by the last log line and what ought to be the next log line. But can Alt-Break rescue from an infinite loop in a module? Or is there any other state in a module that Alt-Break can rescue from? Yes, that’s a hugely general question, I realise.

I have to say that, if there is an infinite loop within AcornSSL_Handshake, I can’t see it – but it’s not a simple run of code.

And, of course, it is my modified version of AcornSSL that I’m using.

I think it’s a Wimp provided function aimed at terminating errant Wimp tasks. But if the actual problem is elsewhere (as you mention, in a module) then all bets are off and you might end up with either a stuck app that can’t be killed or some sort of crash.

Yeah, it’s here: https://gitlab.riscosopen.org/RiscOS/Sources/Desktop/Wimp/-/raw/master/s/Watchdog

I think it’s a Wimp provided function aimed at terminating errant Wimp tasks.

Yup. Part of the spaghetti

Is there any tool that will tell me where the PC was when the task was terminated?

The app in question is in BASIC. Does the fact that Alt-Break allows the task to be terminated, tell us that a SWI is definitely NOT being executed at the time, i.e. the PC is NOT in module code; or can we not say that?

I’m experimenting with a multi-tasking, multi-socket secure server BASIC test app using AcornSSL.

Can you escape from the ‘loop’ in the server by terming the client, wherever that may be?

Good question – thank you! It may be some time before I can reproduce the problem.

Would you believe it, the second connection caused it to fail. The client is Firefox on a Linux box on the same desk. I closed Firefox and ran sockstat. The socket that FF had opened, was no longer in existence. However, my server was still locked.

How are you detecting that the connection has been closed?

What can Alt-Break rescue from?

An infinite loop in user mode.

But can Alt-Break rescue from an infinite loop in a module?

Not if it’s in supervisor mode.

The reason is, when you press alt-break the watchdog sets a transient callback to show the error box. But in a loop in supervisor mode such callbacks won’t get called back.

You can try it out by making two Absolute files in Zap (save everything – this will freeze your Pi).

B &8000

SWI "OS_EnterOS"
B &8004

They both loop, but you can only use Alt-Break to get out of the first one.

Is there any tool that will tell me where the PC was when the task was terminated?

Sadly not. We talked about this a while ago; that thread might give you some hints on debugging. Since you’re in BASIC, Reporter and TRACE sound useful.

Does the fact that Alt-Break allows the task to be terminated, tell us that a SWI is definitely NOT being executed at the time, i.e. the PC is NOT in module code; or can we not say that?

Yes, definitely. If you were in a loop in a SWI, then there is something on the supervisor stack, transient callbacks won’t happen, and the error box wouldn’t appear.

My thanks to everyone for your help.

My mistake was a simple one: I assumed that SWI AcornSSL_Handshake would return status codes in R0, but would never generate an error. It turns out that it can return an error, with V set, and I wasn’t handling it. Although I haven’t quite worked out the full sequence of steps, it boils down to an infinite loop in the error handler, now fixed.

I’ve got to dig into the AcornSSL source to find out why AcornSSL_Handshake can return an error, with a view to stopping it doing so.

Well, my noddy server was good enough to have the Qualys SSL Labs SSL Server Test run on it, and was awarded a “B” rating. Not bad for a first attempt. I saw “No SNI”, which makes me think all I have to do is call the SO_ACORNSSL_HOSTNAME option. We’ll see.

AcornSSL still supports TLS 1.0 and lots of weak ciphers.

My site doesn’t support CAA yet. Yet another thing to try.

Further on.

Good: since adding the call to set socket option SO_ACORNSSL_HOSTNAME, I think it supports SNI.

Bad: adding a CAA record is only possible if I upgrade to a non-free dynamic DNS service, and I’m too mean to spend the money.