#tor-dev log

13:43:50 <nickm> #startmeeting
13:43:50 <MeetBot> Meeting started Wed Jan 14 13:43:50 2015 UTC.  The chair is nickm. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:43:50 <MeetBot> Useful Commands: #action #agreed #help #info #idea #link #topic.
13:44:04 <nickm> Hi dgoulet, Yawning , asn_ , athena !
13:44:10 <nickm> Hi all!
13:44:22 <Yawning> aloha
13:44:33 <asn_> hello!
13:44:54 <asn_> over the past week
13:44:59 <asn_> i opened a few tickets related to hsdirs
13:45:14 <asn_> like #14149 and #14150 and #14202
13:45:24 <asn_> i'm currently fighting with #14090 which is really pissing me off
13:45:36 <asn_> basically, our laplace unittets broke again. this time on raspery pi.
13:45:41 <nickm> oy.
13:45:43 <nickm> why?
13:46:00 <asn_> because that part of the code is weird
13:46:11 <asn_> and that specific unittest is provocative.
13:46:20 <asn_> because it calls log(0)
13:46:24 <asn_> which returns HUGE_VAL
13:46:31 <asn_> and then it gets casted into double. and then it gets casted into int64_t
13:46:34 <asn_> and then it is tested.
13:46:39 <nickm> well that's just weird
13:46:42 <nickm> Why woiuld you do that?
13:46:49 <nickm> *would
13:46:55 <asn_> hm.
13:47:01 <asn_> i think it happened like this
13:47:16 <asn_> because log() returns double. but then we want an integer out of this. so we cast it to int64.
13:47:27 <asn_> but when log() returns infinity (or neg infinity) things get messy.
13:47:45 <asn_> i'm trying to understand why this crashes raspbery pi and not other 32-bit systems.
13:47:51 <asn_> maybe raspery pi has doubles that are 32-bits?
13:48:27 <asn_> i'm trying to get my head around log's HUGE_VAL, and the limits of doubles and int64's.
13:48:34 <asn_> but doubles are quite unspecified from what I see.
13:49:25 <nickm> If you want to cast a double safely to an int64, you need to check whether it's about INT64_MAX before you cast.
13:50:39 <asn_> this is the code of the function that returns double:
13:50:40 <asn_> return mu - b * (p > 0.5 ? 1.0 : -1.0)
13:50:40 <asn_> * tor_mathlog(1.0 - 2.0 * fabs(p - 0.5));
13:50:44 <asn_> which then gets casted to int64.
13:50:53 <asn_> the problem is when p is 0. which causes tor_mathlog(0).
13:50:58 <asn_> mu is also 0 always.
13:51:14 <nickm> sounds like you need to fix that code.
13:51:17 <nickm> how about this:
13:51:46 <asn_> b is a small positive integer.
13:52:08 <asn_> so it's basically: return - 8 * HUGE_VAL . which gets interpeted as a double, and then cast to int64.
13:52:22 <nickm> double result = mu - b * (p > 0.5 ? 1.0 : -1.0)
13:52:23 <nickm> * tor_mathlog(1.0 - 2.0 * fabs(p - 0.5));
13:52:23 <nickm> if (result >= INT64_MAX)
13:52:23 <nickm> return INT64_MAX;
13:52:25 <nickm> else if (result <= INT64_MIN)
13:52:28 <nickm> return INT64_MIN;
13:52:31 <nickm> else
13:52:32 <nickm> return (int64_t) result;
13:52:35 <nickm> would that work?
13:53:30 <asn_> maybe. i'm not sure.
13:54:00 <nickm> The portability issue could be because of undefined/implementation-defined behavior issues
13:54:26 <nickm> I don't know what the standard says about casting a double greater than INT64_MAX to an int64_t, but you probably shouldn't. :)
13:54:46 <asn_> i'm currently afraid that doubles in that platform are smaller than int64s.
13:55:15 <Yawning> that should not happen]
13:55:26 <asn_> ok.
13:55:29 <asn_> that's good.
13:55:44 <Yawning> there's architectures that have doubles that are > 64 bit
13:56:04 <asn_> and there are no archs with doubles less than 64 bit?
13:56:07 <Yawning> and therre's essoteric shit that we probably won't run on anyway
13:56:11 <asn_> 32 bits specifically.
13:56:13 <nickm> The bit width of the double isn't what matters here I think; it's whether the maximum value is > INT64_MAX
13:56:18 <Yawning> not that I'm aware of
13:57:00 <nickm> If there are at least 8 bits of exponent (including sign), you can represent a value greater than INT64_MAX
13:57:01 <Yawning> asn_: if they implement IEEE-754, double is 64 bit by definition
13:57:20 <Yawning> nickm: indeed
13:57:23 <nickm> and I've never heard of anybody having less exponent than that
13:57:25 <asn_> i see.
13:57:33 <asn_> and then there is also the HUGE_VAL thing that log() returns.
13:57:51 <Yawning> (Eg; Cray style single precision is 64 bit)
13:57:58 <asn_> i would like to assume that this is DBL_MAX (and -HUGE_VAL is DBL_MIN), but I'm not sure if this is correct.
13:58:05 <Yawning> (But I'm probably the only person here that ever used that shit)
14:00:54 <nickm> ah, yeah.
14:01:05 <nickm> When a finite value of real floating type is converted to an integer type other than _Bool,
14:01:08 <nickm> the fractional part is discarded (i.e., the value is truncated toward zero). If the value of
14:01:11 <nickm> the integral part cannot be represented by the integer type, the behavior is undefined
14:01:16 <nickm> So, programs just aren't allowed to do that.
14:01:33 <nickm> If it ever works, it's an accident; we should fix it.
14:01:47 <nickm> makes sense?
14:01:52 <asn_> i think so.
14:01:53 <Yawning> yes
14:01:57 <asn_> so basically
14:02:06 <asn_> the overflow check that currently happens in add_laplace_noise()
14:02:13 <asn_> should happen in sample_laplace_distribution() instead
14:02:21 <asn_> in a fashion like the one you suggested some minutes ago.
14:02:34 <asn_> and the problem here appears in archs where doubles are bigger than int64s.
14:02:34 <nickm> oh
14:02:41 <nickm> It's not "bigger"
14:02:52 <nickm> It's "capable of representing bigger values".
14:02:53 <asn_> wider?
14:03:00 <asn_> ack
14:03:20 <asn_> i wonder how I can learn if this is the case for raspberrys.
14:03:40 <nickm> I'd suggest you not  worry.
14:03:44 <nickm> This is undefined behavior.
14:03:51 <nickm> The compiler is allowed to do literally anythign it wants.
14:04:10 <nickm> investigating what the compiler actually does in this case is typically not a great use of your time.
14:04:41 <asn_> but if doubles can represent the same values as int64s, the integral part of a double _can_ be represented by an int64, so it's not undefined behavior, right?
14:05:38 <nickm> no
14:05:45 <nickm> Doubles can represent more values than int64s can
14:05:56 <nickm> Did you ever check out how floating point actually works?  It's kind of interesting
14:06:03 <nickm> (a larger range of values)
14:06:48 <Yawning> sign * mantissa * base ^ exponent
14:06:51 <asn_> i used to understand stuff like mantissas etc. in the past. i don't remember as much these days.
14:07:05 <nickm> what yawning said.
14:07:08 <asn_> ok.
14:07:10 <nickm> where sign is either -1 or +1
14:07:19 <Yawning> you can do interesting bitflipping shit  to make code go really fast by understanding this well
14:07:20 <nickm> and exponent is a signed binary integer  (typically)
14:07:21 <Yawning> >.>
14:07:22 <nickm> and base is 2
14:07:27 <nickm> (typically)
14:07:54 <nickm> and mantissa is a binary fraction in the range [1, 2)
14:07:57 <nickm> (typically)
14:08:08 <asn_> Yawning: would you be willing to review the patch I prepare for that ticket tomorrow or so?
14:08:19 <asn_> Yawning: and I can take some stuff from your review pile, as an exchange :)
14:08:27 <Yawning> sec
14:09:04 <Yawning> probably, will it be large?
14:09:17 <asn_> no
14:09:34 <asn_> shouldn't be at least.
14:09:41 <Yawning> http://perso.ens-lyon.fr/jean-michel.muller/goldberg.pdf
14:09:58 <Yawning> that's kind of old but should cover most stuff
14:10:23 <asn_> ok
14:10:26 <asn_> so thanks both of you.
14:10:39 <asn_> i will look into this, and try to have a patch ready tomorrow or the day after.
14:10:44 <nickm> great
14:10:47 <Yawning> you can ignore everywhere that talks about IEEE 854 since no one uses that shit
14:10:54 <asn_> i also have to:
14:10:54 <Yawning> ^_^
14:10:56 <asn_> ** REVIEW #7555 #14195, #14193, #12485, #13397
14:11:06 <asn_> and that's that from me.
14:11:16 <nickm> ok
14:11:22 <nickm> what's next for somebody else?
14:11:43 <Yawning> uh, tent has an implementation now, and a rough handshake spec
14:11:47 <nickm> neat
14:11:48 <Yawning> people can look at it and comment
14:11:52 <nickm> I should read the handshake spec a little
14:12:04 <nickm> does it provide evertying we wanted on our big list yet?
14:12:13 <Yawning> it needs to be changed into a real language
14:12:15 <Yawning> uh, most of it
14:12:26 <Yawning> no negotiation of primitives is the only thing I think
14:12:28 <Yawning> it doesn't do
14:12:31 <nickm> (I dreamed I was designing TLS-like handshakes last night)
14:12:34 <Yawning> it could easily with 1 more round trip but
14:12:48 <Yawning> (https://github.com/nmathewson/tentp-draft)
14:12:57 <Yawning> not sure if we want that
14:13:21 <Yawning> the spec is split between a handshake spec and what I called obfs5 which is how to make said handshake indistinguishable from random noise
14:13:34 <nickm> ok, I'll try to have a look soon, though I expect to be hyperfocused on Tor 0.2.6 for my coding for a couple of weeks
14:13:43 <nickm> sensible
14:13:55 <Yawning> obfs5 is elligator based, the handshake is primitive agnostic
14:14:06 <Yawning> though I sketeched out how ntor would be used as an example
14:14:56 <Yawning> the basic correctness first transport layer implementation I threw together is fairly sweet
14:15:04 <Yawning> I think the code is really easy to follow, but ymmv
14:16:04 <asn_> added a summary of our discussion here https://trac.torproject.org/projects/tor/ticket/14090#comment:5 .
14:16:12 <nickm> thansk
14:17:23 <nickm> Yawning: nice and short; I like it
14:17:34 <Yawning> rasp pi has hardware floating point right?
14:18:31 <nickm> dunno
14:18:34 <mkstn> Yawning: yep
14:18:56 <nickm> Yawning: I forget; did you pick out a set of Tor 0.2.6.x needs-review tickets to look at?  I'm kinda hoping I can draft reviewers for them all
14:19:09 <Yawning> nickm: not yet I shal do som
14:19:12 <Yawning> *so
14:19:30 <nickm> (so I don't need to dump the whole load on athena, and so I don't need to rationalize, "Well, I'm a different nickm now from the guy who wrote this code...")
14:19:41 <dgoulet> nickm: FYI, I did not and can't tell you when I'll be able to do that this week :S ... so feel free to assign any to me or "the rest" :)
14:19:58 <nickm> dgoulet: understood!
14:20:28 <nickm> Yawning: so what's your plan for the coming week?
14:20:44 <Yawning> catch up on pt paperwork, pick out said review stuff and do the rewview
14:20:48 <Yawning> catch up on e-mail
14:20:53 <Yawning> cuddle the cat
14:20:56 <nickm> grand
14:21:37 <Yawning> change the handshake draft into something that looks more like a spec rahter than "commiting what was in my head to a text document"
14:22:46 <nickm> sounds good to me.
14:22:52 * Guest1917 is here
14:22:57 <athena> oh hai meeting
14:23:03 <nickm> dgoulet: So, you're in meetings and sponsorR stuff all week?
14:23:18 <nickm> and I'll imagine you'll be recovering early next week
14:23:23 <nickm> athena: ohai!
14:23:30 <nickm> hi teor__
14:23:33 <dgoulet> nickm: yeah... pretty full time from 9h to 18hish and then meetings
14:23:38 <nickm> ow
14:23:40 <athena> been revising that #12585 patch and doing some code reviews this week
14:23:45 <nickm> well, good luck and say hi to everybody for me
14:23:54 <nickm> athena: cool.  What's next?
14:23:55 <dgoulet> nickm: I'm in the same time zone so I think I'll be just fine next week :)
14:24:00 <dgoulet> athena: hello!
14:24:04 <athena> going to do more code reviews and #11485 next
14:24:11 <nickm> athena: (thanks for the 12585 fixups; I merged them, I think.)
14:24:14 <Yawning> dgoulet: re TFO and that patch, what he's doing looks correct
14:24:31 <athena> yeah, i think you did
14:24:46 <Yawning> enabling TFO is "use sendto() with a flag instead of connect()"
14:24:47 <dgoulet> Yawning: ah good to know! I haven't tested it, not too familiar with tfo :S thanks!
14:25:32 <Yawning> it basically adds payload earlier in the handshake
14:25:40 <nickm> cool; 11485 will be neat
14:25:43 <Yawning> I personally think it's evil and should be destroyed but the web people like it
14:26:14 <teor__> hi nickm, I am chaos and scattered thoughts
14:26:23 <Yawning> (I likewise think that huge initial windows are evil and should be destroyed)
14:26:24 <nickm> hi teor__!  I hear you are busy.
14:27:00 <nickm> athena: that and reviews will be handy together.
14:27:13 <nickm> I'll be surprised if I get #12498 actually done for this release, but we can hope.
14:27:31 <nickm> I think I'm going to prioritize some work on #13989
14:27:35 <nickm> for my next thikng
14:27:56 <nickm> (And mikeperry pointed out that #5462 is probably the same)
14:28:57 <teor__> nickm: yeah, a few days of chaos, and then hopefully some calm over the weekend. Maybe some time to kill Friday, too.
14:29:24 <teor__> By the way, I am working on #13192 and #14090 with Karsten. Just need to rip some workarounds out of a patch and assert instead.
14:29:53 <nickm> teor__: asn is looking at 14090 too.
14:29:56 <nickm> so there' sthat
14:29:59 <nickm> *there's that
14:30:21 <teor__> Then maybe #9321 as I did a review and ran into a 32-bit crasher. But I have a weird setup with -ftrapv
14:30:51 <nickm> I'm going to have to review #9321 soon again too, and hopefully merge it rsn
14:31:10 <nickm> I wonder if I should put out another alpha in a couple of days; we've merged a lot since the start  of the year
14:31:53 <teor__> If we merge #13111 we'll need to change #9321 slightly to take FN_EMPTY into account.
14:32:06 <teor__> Notes are in both
14:32:57 <teor__> I like the idea of another alpha to test the HS changes, but that's a tor/chutney combination thing
14:33:11 <nickm> I think I did merge #13111
14:34:08 <nickm> After this meeting, I'd like to brainstorm about #13989.  A bunch of people think it's a big security win, and not too hard to implement, assuming we get the design right
14:34:11 <teor__> Yeah it's closed, so we'll need to make a call on FN_EMPTY guardfraction files in #9321
14:35:55 <teor__> Yeah, it would be like the criteria for a sane consensus - "do we have stable enough guards?"
14:37:39 <nickm> anybody else have something for this meeting?  Anything we should be thinking about?
14:37:55 * nickm kinda wants to keep these to 1 hour or less out of respect for everyone's time.
14:39:05 * teor__ is ok
14:39:14 <nickm> #endmeeting