[tor-bugs] #30674 [Core Tor/Tor]: Find out why ubsan/asan CI didn't catch #30629

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed May 29 22:01:29 UTC 2019 

#30674: Find out why ubsan/asan CI didn't catch #30629
-------------------------------------------------+-------------------------
 Reporter:  nickm                                |          Owner:  nickm
     Type:  defect                               |         Status:
                                                 |  accepted
 Priority:  Medium                               |      Milestone:  Tor:
                                                 |  0.4.1.x-final
Component:  Core Tor/Tor                         |        Version:  Tor:
                                                 |  0.4.1.1-alpha
 Severity:  Normal                               |     Resolution:
 Keywords:  041-should,  memory-safety,          |  Actual Points:
  valgrind                                       |
Parent ID:  #30629                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by teor):

 Here are my initial thoughts:

 Hardened dependencies:
 1. We know we can harden dependencies
 2. Hardened dependencies may cause CI failures due to bugs in dependencies
 3. Hardened dependencies may be slower
 4. We probably won't rebuild libc and other large libraries in hardened
 mode
 5. We don't know if valgrind or hardened builds provide better coverage of
 the kinds of coding errors we typically make
 6. It might be complicated to configure builds for all our dependencies
 7. We can't harden our chutney, stem, and sbws CIs, because they use pre-
 built binaries

 Valgrind:
 1. We don't know if valgrind runs well in Travis CI
 2. Valgrind may cause CI failures due to bugs in dependencies
 3. Valgrind may be slower
 4. Valgrind instruments all the code, no matter which library it's in
 5. We don't know if valgrind or hardened builds provide better coverage of
 the kinds of coding errors we typically make
 6. Valgrind is simple to configure
 7. We can run valgrind on the pre-built binaries in our chutney, stem, and
 sbws CIs

 if it works, and it's acceptably fast, valgrind is better than hardened
 builds.

 So I think we should try valgrind in tor's CI, and see how well it works.
 If it doesn't work, we should fall back to hardened builds.
 If it works really well, we should consider using it in our other CIs.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30674#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list