[openssl-dev] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6

Richard Levitte levitte at openssl.org
Sun Mar 20 01:47:36 UTC 2016

In message <CAH8yC8kGyPm0q8bU6tdzEM9+_3_cASfZp1DUMjRZfZVFx1_jiA at mail.gmail.com> on Sat, 19 Mar 2016 21:11:03 -0400, Jeffrey Walton <noloader at gmail.com> said:

noloader> > Point is, if any of the the assertions are triggered into faulting,
noloader> > there's a but in the library and it shouldn't get released.  That's
noloader> > the whole point.  The tests are supposed to catch those and basically
noloader> > raise a big red flag.
noloader> >
noloader> > Are you telling me that according to Apple's App Store policies,
noloader> > assertions must not be used?
noloader> I don't know what Apple's policies are with respect to assert. But
noloader> Posix assert calls abort, and the abort is a violation of Apple
noloader> submission policies.

Ok, good to know.

noloader> The project should probably disgorge the debugging and diagnostics
noloader> (asserts) from the data egress (abort, crash dumps and error reports).
noloader> Then you can use asserts and not worry about data security violations.
noloader> I'm aware of some projects that do it, like OWASP
noloader> (http://www.owasp.org/index.php?title=C-Based_Toolchain_Hardening&setlang=es#ASSERT)
noloader> and Crypto++ (http://github.com/weidai11/cryptopp/blob/master/trap.h).

I'm listening, and that Crypto++ file answered a question I meant to
ask (how to do the SIGTRAP thing on Windows).

noloader> I tried to find the pedigree of Posix's "let's crash a program while
noloader> its being debugged" philosophy a few years ago. I could not find it.

It may have been as simple as SIGTRAP not existing everywhere, while
the abort() call was simple to implement in diverse ways on different
platforms (my old UNIX programmer's manual from Bell Labs tells me it
uses the IOT instruction on PDP11...).

So I'd say the answer lies in the deeper recesses of history

Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-dev mailing list