[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #17983 [Tor]: Build tor with -fwrapv by default

Subject: Re: [tor-bugs] #17983 [Tor]: Build tor with -fwrapv by default
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Mon, 04 Jan 2016 01:37:16 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 03 Jan 2016 20:37:25 -0500
In-reply-to: <044.bec091d75ca3d23977e7cee1ff1f2f3c@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <044.bec091d75ca3d23977e7cee1ff1f2f3c@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#17983: Build tor with -fwrapv by default
-------------------------+------------------------------------
 Reporter:  teor         |          Owner:
     Type:  enhancement  |         Status:  new
 Priority:  Medium       |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor          |        Version:
 Severity:  Normal       |     Resolution:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
  Sponsor:               |
-------------------------+------------------------------------

Comment (by teor):

 Replying to [comment:2 nickm]:
 > What's the performance impact?

 It disables certain optimisations in both gcc and clang.
 http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html

 That said, the Linux kernel does it.

 > My only other concern here would be that programmers would start
 assuming -fwrapv semantics, with dangerous results when -fwrapv is
 missing.

 Wrapping (whether via -fwrapv or compiler/processor-specific behaviour)
 can also cause dangerous results by itself.

 The conformant way to resolve this issue is to:
 * replace signed integers by unsigned integers (where possible)
   * we'll need to be careful of C's integer promotion rules here, as
 unsigned integers can be promoted to a larger signed integer type
 * modify code that uses signed integers so it doesn't overflow (where
 possible)
 * add -fwrapv to CFLAGS for files which upstream doesn't want to modify
 (like the donna sources)
 * always check for signed integer wrapping (before invoking potentially
 undefined behaviour), and check for unsigned integer wrapping where it's
 undesirable. In these cases, if the calculation wraps, we can:
   * implement explicit wrapping for signed integers (unsigned integers
 implicitly wrap)
   * replace an overflow/underflow by a default value
   * implement saturated add/subtract, where an overflow/underflow simply
 stays at the max/min value for the type
   * log a warning or assert

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17983#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #17983 [Tor]: Build tor with -fwrapv by default
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #13421 [Wiki]: GoodBadISP's Revamp
Next by Author: Re: [tor-bugs] #17682 [Tor]: safe_timer_diff is unsafe under wrapping
Previous by thread: Re: [tor-bugs] #17983 [Tor]: Build tor with -fwrapv by default
Next by thread: Re: [tor-bugs] #17983 [Tor]: Build tor with -fwrapv by default
Index(es):
- Author
- Thread