[tor-bugs] #17983 [Tor]: Build tor with -fwrapv by default

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 4 01:37:16 UTC 2016 

#17983: Build tor with -fwrapv by default
-------------------------+------------------------------------
 Reporter:  teor         |          Owner:
     Type:  enhancement  |         Status:  new
 Priority:  Medium       |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor          |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+------------------------------------

Comment (by teor):

 Replying to [comment:2 nickm]:
 > What's the performance impact?

 It disables certain optimisations in both gcc and clang.
 http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html

 That said, the Linux kernel does it.

 > My only other concern here would be that programmers would start
 assuming -fwrapv semantics, with dangerous results when -fwrapv is
 missing.

 Wrapping (whether via -fwrapv or compiler/processor-specific behaviour)
 can also cause dangerous results by itself.

 The conformant way to resolve this issue is to:
 * replace signed integers by unsigned integers (where possible)
   * we'll need to be careful of C's integer promotion rules here, as
 unsigned integers can be promoted to a larger signed integer type
 * modify code that uses signed integers so it doesn't overflow (where
 possible)
 * add -fwrapv to CFLAGS for files which upstream doesn't want to modify
 (like the donna sources)
 * always check for signed integer wrapping (before invoking potentially
 undefined behaviour), and check for unsigned integer wrapping where it's
 undesirable. In these cases, if the calculation wraps, we can:
   * implement explicit wrapping for signed integers (unsigned integers
 implicitly wrap)
   * replace an overflow/underflow by a default value
   * implement saturated add/subtract, where an overflow/underflow simply
 stays at the max/min value for the type
   * log a warning or assert

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17983#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list