Hacking Tor: An Incomplete Guide ================================ Getting started --------------- For full information on how Tor is supposed to work, look at the files in https://gitweb.torproject.org/torspec.git/tree For an explanation of how to change Tor's design to work differently, look at https://gitweb.torproject.org/torspec.git/blob_plain/HEAD:/proposals/001-process.txt For the latest version of the code, get a copy of git, and git clone https://git.torproject.org/git/tor We talk about Tor on the tor-talk mailing list. Design proposals and discussion belong on the tor-dev mailing list. We hang around on irc.oftc.net, with general discussion happening on #tor and development happening on #tor-dev. How we use Git branches ----------------------- Each main development series (like 0.2.1, 0.2.2, etc) has its main work applied to a single branch. At most one series can be the development series at a time; all other series are maintenance series that get bug-fixes only. The development series is built in a git branch called "master"; the maintenance series are built in branches called "maint-0.2.0", "maint-0.2.1", and so on. We regularly merge the active maint branches forward. For all series except the development series, we also have a "release" branch (as in "release-0.2.1"). The release series is based on the corresponding maintenance series, except that it deliberately lags the maint series for most of its patches, so that bugfix patches are not typically included in a maintenance release until they've been tested for a while in a development release. Occasionally, we'll merge an urgent bugfix into the release branch before it gets merged into maint, but that's rare. If you're working on a bugfix for a bug that occurs in a particular version, base your bugfix branch on the "maint" branch for the first supported series that has that bug. (As of June 2013, we're supporting 0.2.3 and later.) If you're working on a new feature, base it on the master branch. How we log changes ------------------ When you do a commit that needs a ChangeLog entry, add a new file to the "changes" toplevel subdirectory. It should have the format of a one-entry changelog section from the current ChangeLog file, as in o Major bugfixes: - Fix a potential buffer overflow. Fixes bug 99999; bugfix on 0.3.1.4-beta. To write a changes file, first categorize the change. Some common categories are: Minor bugfixes, Major bugfixes, Minor features, Major features, Code simplifications and refactoring. Then say what the change does. If it's a bugfix, mention what bug it fixes and when the bug was introduced. To find out which Git tag the change was introduced in, you can use "git describe --contains ". If at all possible, try to create this file in the same commit where you are making the change. Please give it a distinctive name that no other branch will use for the lifetime of your change. To verify the format of the changes file, you can use "make check-changes". When we go to make a release, we will concatenate all the entries in changes to make a draft changelog, and clear the directory. We'll then edit the draft changelog into a nice readable format. What needs a changes file?:: A not-exhaustive list: Anything that might change user-visible behavior. Anything that changes internals, documentation, or the build system enough that somebody could notice. Big or interesting code rewrites. Anything about which somebody might plausibly wonder "when did that happen, and/or why did we do that" 6 months down the line. Why use changes files instead of Git commit messages?:: Git commit messages are written for developers, not users, and they are nigh-impossible to revise after the fact. Why use changes files instead of entries in the ChangeLog?:: Having every single commit touch the ChangeLog file tended to create zillions of merge conflicts. Useful tools ------------ These aren't strictly necessary for hacking on Tor, but they can help track down bugs. Jenkins ~~~~~~~ https://jenkins.torproject.org Dmalloc ~~~~~~~ The dmalloc library will keep track of memory allocation, so you can find out if we're leaking memory, doing any double-frees, or so on. dmalloc -l ~/dmalloc.log (run the commands it tells you) ./configure --with-dmalloc Valgrind ~~~~~~~~ valgrind --leak-check=yes --error-limit=no --show-reachable=yes src/or/tor (Note that if you get a zillion openssl warnings, you will also need to pass --undef-value-errors=no to valgrind, or rebuild your openssl with -DPURIFY.) Coverity ~~~~~~~~ Nick regularly runs the coverity static analyzer on the Tor codebase. The preprocessor define __COVERITY__ is used to work around instances where coverity picks up behavior that we wish to permit. clang Static Analyzer ~~~~~~~~~~~~~~~~~~~~~ The clang static analyzer can be run on the Tor codebase using Xcode (WIP) or a command-line build. The preprocessor define __clang_analyzer__ is used to work around instances where clang picks up behavior that we wish to permit. clang Runtime Sanitizers ~~~~~~~~~~~~~~~~ To build the Tor codebase with the clang Address and Undefined Behavior sanitizers, see the file contrib/clang/sanitize_blacklist.txt. Preprocessor workarounds for instances where clang picks up behavior that we wish to permit are also documented in the blacklist file. Running lcov for unit test coverage ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lcov is a utility that generates pretty HTML reports of test code coverage. To generate such a report: ----- ./configure --enable-coverage make make coverage-html $BROWSER ./coverage_html/index.html ----- This will run the tor unit test suite `./src/test/test` and generate the HTML coverage code report under the directory ./coverage_html/. To change the output directory, use `make coverage-html HTML_COVER_DIR=./funky_new_cov_dir`. Coverage diffs using lcov are not currently implemented, but are being investigated (as of July 2014). Running the unit tests ~~~~~~~~~~~~~~~~~~~~~~ To quickly run all the tests distributed with Tor: ----- make check ----- To run the fast unit tests only: ----- make test ----- To selectively run just some tests (the following can be combined arbitrarily): ----- ./src/test/test [] ... ./src/test/test .. [..] ... ./src/test/test : [:argument_names in boldface. * * \code * place_example_code(); * between_code_and_endcode_commands(); * \endcode */ 3. Make sure to escape the characters "<", ">", "\", "%" and "#" as "\<", "\>", "\\", "\%", and "\#". 4. To document structure members, you can use two forms: struct foo { /** You can put the comment before an element; */ int a; int b; /**< Or use the less-than symbol to put the comment * after the element. */ }; 5. To generate documentation from the Tor source code, type: $ doxygen -g To generate a file called 'Doxyfile'. Edit that file and run 'doxygen' to generate the API documentation. 6. See the Doxygen manual for more information; this summary just scratches the surface. Doxygen comment conventions ^^^^^^^^^^^^^^^^^^^^^^^^^^^ Say what functions do as a series of one or more imperative sentences, as though you were telling somebody how to be the function. In other words, DO NOT say: /** The strtol function parses a number. * * nptr -- the string to parse. It can include whitespace. * endptr -- a string pointer to hold the first thing that is not part * of the number, if present. * base -- the numeric base. * returns: the resulting number. */ long strtol(const char *nptr, char **nptr, int base); Instead, please DO say: /** Parse a number in radix base from the string nptr, * and return the result. Skip all leading whitespace. If * endptr is not NULL, set *endptr to the first character * after the number parsed. **/ long strtol(const char *nptr, char **nptr, int base); Doxygen comments are the contract in our abstraction-by-contract world: if the functions that call your function rely on it doing something, then your function should mention that it does that something in the documentation. If you rely on a function doing something beyond what is in its documentation, then you should watch out, or it might do something else later. Putting out a new release ------------------------- Here are the steps Roger takes when putting out a new Tor release: 1) Use it for a while, as a client, as a relay, as a hidden service, and as a directory authority. See if it has any obvious bugs, and resolve those. 1.5) As applicable, merge the maint-X branch into the release-X branch. 2) Gather the changes/* files into a changelog entry, rewriting many of them and reordering to focus on what users and funders would find interesting and understandable. 2.1) Make sure that everything that wants a bug number has one. Make sure that everything which is a bugfix says what version it was a bugfix on. 2.2) Concatenate them. 2.3) Sort them by section. Within each section, sort by "version it's a bugfix on", else by numerical ticket order. 2.4) Clean them up: Standard idioms: "Fixes bug 9999; bugfix on 0.3.3.3-alpha." One space after a period. Make stuff very terse Make sure each section name ends with a colon Describe the user-visible problem right away Mention relevant config options by name. If they're rare or unusual, remind people what they're for Avoid starting lines with open-paren Present and imperative tense: not past. 'Relays', not 'servers' or 'nodes' or 'Tor relays'. "Stop FOOing", not "Fix a bug where we would FOO". Try not to let any given section be longer than about a page. Break up long sections into subsections by some sort of common subtopic. This guideline is especially important when organizing Release Notes for new stable releases. If a given changes stanza showed up in a different release (e.g. maint-0.2.1), be sure to make the stanzas identical (so people can distinguish if these are the same change). 2.5) Merge them in. 2.6) Clean everything one last time. 2.7) Run ./scripts/maint/format_changelog.py to make it prettier. 3) Compose a short release blurb to highlight the user-facing changes. Insert said release blurb into the ChangeLog stanza. If it's a stable release, add it to the ReleaseNotes file too. If we're adding to a release-0.2.x branch, manually commit the changelogs to the later git branches too. 4) In maint-0.2.x, bump the version number in configure.ac and run scripts/maint/updateVersions.pl to update version numbers in other places, and commit. Then merge maint-0.2.x into release-0.2.x. (NOTE: TO bump the version number, edit configure.ac, and then run either make, or 'perl scripts/maint/updateVersions.pl', depending on your version.) 5) Make dist, put the tarball up somewhere, and tell #tor about it. Wait a while to see if anybody has problems building it. Try to get Sebastian or somebody to try building it on Windows. 6) Get at least two of weasel/arma/sebastian to put the new version number in their approved versions list. 7) Sign the tarball, then sign and push the git tag: gpg -ba git tag -u tor-0.2.x.y-status git push origin tag tor-0.2.x.y-status 8a) scp the tarball and its sig to the dist website, i.e. /srv/dist-master.torproject.org/htdocs/ on dist-master. When you want it to go live, you run "static-update-component dist.torproject.org" on dist-master. 8b) Edit "include/versions.wmi" and "Makefile" to note the new version. 9) Email the packagers (cc'ing tor-assistants) that a new tarball is up. The current list of packagers is: {weasel,gk,mikeperry} at torproject dot org {blueness} at gentoo dot org {paul} at invizbox dot io {ondrej.mikle} at gmail dot com {lfleischer} at archlinux dot org 10) Add the version number to Trac. To do this, go to Trac, log in, select "Admin" near the top of the screen, then select "Versions" from the menu on the left. At the right, there will be an "Add version" box. By convention, we enter the version in the form "Tor: 0.2.2.23-alpha" (or whatever the version is), and we select the date as the date in the ChangeLog. 11) Forward-port the ChangeLog. 12) Wait up to a day or two (for a development release), or until most packages are up (for a stable release), and mail the release blurb and changelog to tor-talk or tor-announce. (We might be moving to faster announcements, but don't announce until the website is at least updated.) 13) If it's a stable release, bump the version number in the maint-x.y.z branch to "newversion-dev", and do a "merge -s ours" merge to avoid taking that change into master. Do a similar 'merge -s theirs' merge to get the change (and only that change) into release. (Some of the build scripts require that maint merge cleanly into release.)