Opened 5 months ago

Last modified 5 weeks ago

#30801 new task

Investigate running CI with hardened dependencies vs running CI with valgrind

Reported by: nickm Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Normal Keywords: tor-ci, 042-deferred-20190918
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In #30674, we investigated why running with --enable-fragile-hardening had missed a memory leak that valgrind could successfully catch. The answer turned out to be that we had not compiled our dependencies with sanitizers enabled -- so they didn't catch memory leaks that happened inside our dependencies.

Assuming we want CI to catch this kind of bug (and we do!) the alternatives seem to be: build our dependencies with sanitizers, or run with valgrind.

Teor made the following notes about deployment and evaluations:

Hardened dependencies:

  1. We know we can harden dependencies
  2. Hardened dependencies may cause CI failures due to bugs in dependencies
  3. Hardened dependencies may be slower
  4. We probably won't rebuild libc and other large libraries in hardened mode
  5. We don't know if valgrind or hardened builds provide better coverage of the kinds of coding errors we typically make
  6. It might be complicated to configure builds for all our dependencies
  7. We can't harden our chutney, stem, and sbws CIs, because they use pre-built binaries

Valgrind:

  1. We don't know if valgrind runs well in Travis CI
  2. Valgrind may cause CI failures due to bugs in dependencies
  3. Valgrind may be slower
  4. Valgrind instruments all the code, no matter which library it's in
  5. We don't know if valgrind or hardened builds provide better coverage of the kinds of coding errors we typically make
  6. Valgrind is simple to configure
  7. We can run valgrind on the pre-built binaries in our chutney, stem, and sbws CIs

We should come to a decision here and take action.

Child Tickets

Change History (1)

comment:1 Changed 5 weeks ago by nickm

Keywords: 042-deferred-20190918 added
Milestone: Tor: 0.4.2.x-finalTor: unspecified

Deferring various tickets from 0.4.2 to Unspecified.

Note: See TracTickets for help on using tickets.