[tor-bugs] #17983 [Tor]: Build tor with -fwrapv by default

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 7 05:18:40 UTC 2016 

#17983: Build tor with -fwrapv by default
-------------------------+------------------------------------
 Reporter:  teor         |          Owner:
     Type:  enhancement  |         Status:  new
 Priority:  Medium       |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor          |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+------------------------------------

Comment (by teor):

 Replying to [comment:7 teor]:
 > Replying to [comment:6 nickm]:
 > > I've just heard an alternative proposal: that we should build (most
 of?) Tor with -ftrapv rather than -fwrapv.
 > >
 > > Rationale: Chandler from the LLVM project looked at wrapping signed
 arithmetic in some really huge codebases, to see if there was much buggy
 code that assumed that wrapping would happen.  What he found instead: that
 in (nearly?) every case, no overflow behavior would have been correct: the
 code was buggy for any possible semantics of signed overflow.  In these
 cases, using -fwrapv turns buggy undefined behavior into other buggy (but
 defined) behavior, rather than making any code correct.
 > I think this is an excellent idea!
 ...
 > It's also worth noting that --enable-gcc-hardening and the hardened Tor
 Browser series both build with -fwrapv. Maybe we should come up with a
 consistent approach?

 --enable-gcc-hardening (including -fwrapv) is the default in the tor
 configure script.

 So we're going to replace the current use of -fwrapv with -ftrapv?

 When I build master on OS X 10.11.2 with clang `Apple LLVM version 7.0.2
 (clang-700.1.81)` with:
   `./configure ... --disable-gcc-hardening CC="clang -ftrapv"`, or
   `./configure ... --disable-gcc-hardening CC="clang -arch i386 -ftrapv"`:
   * all the unit tests pass with no traps
   * all the chutney tests in make test-network-all pass with no traps

 So I think we can add -ftrapv with low impact on the current tor codebase.

 (Now do we do this as part of --enable-expensive-hardening, or as part of
 --enable-gcc-hardening, or as the default?)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17983#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list