Add mkstemp shim for unix

LegNeato · LegNeato · commit 06e581a252e2 · 2022-07-08T02:42:48.000-04:00
diff --git a/src/shims/unix/foreign_items.rs b/src/shims/unix/foreign_items.rs
@@ -163,6 +163,11 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
                 // fadvise is only informational, we can ignore it.
                 this.write_null(dest)?;
             }
+            "mkstemp" => {
+                let [template] = this.check_shim(abi, Abi::C { unwind: false }, link_name, args)?;
+                let result = this.mkstemp(template)?;
+                this.write_scalar(Scalar::from_i32(result), dest)?;
+            }
 
             // Time related shims
             "gettimeofday" => {
diff --git a/src/shims/unix/fs.rs b/src/shims/unix/fs.rs
@@ -4,7 +4,7 @@ use std::fs::{
     read_dir, remove_dir, remove_file, rename, DirBuilder, File, FileType, OpenOptions, ReadDir,
 };
 use std::io::{self, ErrorKind, Read, Seek, SeekFrom, Write};
-use std::path::Path;
+use std::path::{Path, PathBuf};
 use std::time::SystemTime;
 
 use log::trace;
@@ -17,6 +17,11 @@ use crate::*;
 use shims::os_str::os_str_to_bytes;
 use shims::time::system_time_to_duration;
 
+// <https://github.com/lattera/glibc/blob/895ef79e04a953cac1493863bcae29ad85657ee1/sysdeps/posix/tempname.c#L203>
+const TEMPFILE_ATTEMPTS_MIN: u32 = 62 * 62 * 62;
+// <https://github.com/lattera/glibc/blob/895ef79e04a953cac1493863bcae29ad85657ee1/sysdeps/posix/tempname.c#L36>
+const TEMPFILE_ATTEMPTS_GLIBC: u32 = 238328;
+
 #[derive(Debug)]
 struct FileHandle {
     file: File,
@@ -1659,6 +1664,145 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
             }
         }
     }
+
+    fn mkstemp(&mut self, template_op: &OpTy<'tcx, Tag>) -> InterpResult<'tcx, i32> {
+        use rand::distributions::{Distribution, Uniform};
+        #[cfg(target_family = "unix")]
+        use std::ffi::OsStr;
+        use std::ffi::OsString;
+        #[cfg(target_family = "unix")]
+        use std::os::unix::{ffi::OsStrExt, fs::OpenOptionsExt};
+        #[cfg(target_family = "windows")]
+        use std::os::windows::{
+            ffi::{OsStrExt, OsStringExt},
+            fs::OpenOptionsExt,
+        };
+
+        let this = self.eval_context_mut();
+
+        let template = this.read_os_str_from_c_str(this.read_pointer(template_op)?)?.to_os_string();
+
+        // Reject if isolation is enabled.
+        if let IsolatedOp::Reject(reject_with) = this.machine.isolated_op {
+            this.reject_in_isolation("`mkstemp`", reject_with)?;
+            let eacc = this.eval_libc("EACCES")?;
+            this.set_last_error(eacc)?;
+            return Ok(-1);
+        }
+
+        #[cfg(target_family = "unix")]
+        let opaque_iter = {
+            template.as_bytes().iter().as_slice()
+            // Rust encodes characters differently between platforms.
+        };
+
+        #[cfg(target_family = "windows")]
+        let opaque_iter = {
+            template.encode_wide() // Rust encodes characters differently between platforms.
+        };
+
+        let pos = opaque_iter
+            // Operate on groups of 6 ...
+            .windows(6)
+            // ... starting from the end ...
+            .rev()
+            // ... count the groups ...
+            .enumerate()
+            // ... and see if last group matches the template.
+            .position(|(w, x)| w == 0 && matches!(x, b"XXXXXX"));
+
+        if pos.is_none() {
+            let einval = this.eval_libc("EINVAL")?;
+            this.set_last_error(einval)?;
+            return Ok(-1);
+        }
+
+        let pos = pos.expect("checked above");
+
+        // At this point we know we have 6 ASCII 'X' characters as a suffix.
+
+        // From <https://github.com/lattera/glibc/blob/895ef79e04a953cac1493863bcae29ad85657ee1/sysdeps/posix/tempname.c#L175>
+        let substitutions = &[
+            'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q',
+            'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
+            'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y',
+            'Z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
+        ];
+        // Create the random distribution of substitutions.
+        let between = Uniform::from(0..substitutions.len());
+        let mut rng = this.machine.rng.clone();
+
+        // The file is opened with specific options, the implementation of which depends on
+        // the host OS.
+        let mut fopts = OpenOptions::new();
+        fopts.read(true).write(true).create_new(true);
+
+        #[cfg(target_family = "unix")]
+        {
+            fopts.mode(0o600);
+            // Do not allow others to read or modify this file.
+            fopts.custom_flags(libc::O_EXCL);
+        }
+        #[cfg(target_family = "windows")]
+        {
+            // Do not allow others to read or modify this file.
+            fopts.share_mode(0);
+        }
+
+        // If the generated file already exists, we will try again this many times.
+        let attempts = if this.eval_context_ref().tcx.sess.target.os == "linux" {
+            TEMPFILE_ATTEMPTS_GLIBC
+        } else {
+            TEMPFILE_ATTEMPTS_MIN
+        };
+
+        for _ in 0..attempts {
+            let unique_suffix: OsString = between
+                .sample_iter(rng.get_mut())
+                .take(6)
+                .map(|idx| substitutions[idx])
+                .collect::<String>()
+                .into();
+
+            #[cfg(target_family = "unix")]
+            let mut base = OsStr::from_bytes(&template.as_bytes()[..pos]).to_os_string();
+
+            #[cfg(target_family = "windows")]
+            let mut base =
+                OsString::from_wide(opaque_iter.take(pos).collect::<Vec<u16>>().as_slice());
+
+            base.push(unique_suffix);
+
+            let possibly_unique = std::env::temp_dir().join::<PathBuf>(base.into());
+
+            let file = fopts.open(&possibly_unique);
+
+            match file {
+                Ok(f) => {
+                    let fh = &mut this.machine.file_handler;
+                    let fd = fh.insert_fd(Box::new(FileHandle { file: f, writable: true }));
+                    return Ok(fd);
+                }
+                Err(e) =>
+                    match e.kind() {
+                        // If the random file already exists, keep trying.
+                        ErrorKind::AlreadyExists => continue,
+                        // Any other errors are returned to the caller.
+                        _ => {
+                            // "On error, -1 is returned, and errno is set to
+                            // indicate the error"
+                            this.set_last_error_from_io_error(e.kind())?;
+                            return Ok(-1);
+                        }
+                    },
+            }
+        }
+
+        // We ran out of attempts to create the file, return an error.
+        let eexist = this.eval_libc("EEXIST")?;
+        this.set_last_error(eexist)?;
+        Ok(-1)
+    }
 }
 
 /// Extracts the number of seconds and nanoseconds elapsed between `time` and the unix epoch when
diff --git a/tests/pass/libc.rs b/tests/pass/libc.rs
@@ -311,11 +311,50 @@ fn test_posix_gettimeofday() {
     assert_eq!(is_error, -1);
 }
 
+fn test_posix_mkstemp() {
+    use std::ffi::CString;
+    use std::ffi::OsStr;
+    use std::fs::File;
+    use std::os::unix::ffi::OsStrExt;
+    use std::os::unix::io::FromRawFd;
+    use std::path::Path;
+
+    let valid_template = "fooXXXXXX";
+    // C needs to own this as `mkstemp(3)` says:
+    // "Since it will be modified, `template` must not be a string constant, but
+    // should be declared as a character array."
+    let ptr = CString::new(valid_template).unwrap().into_raw();
+    let fd = unsafe { libc::mkstemp(ptr) };
+    // Take ownership back in Rust to not leak memory.
+    let slice = unsafe { CString::from_raw(ptr) };
+    assert!(fd > 0);
+    let osstr = OsStr::from_bytes(slice.to_bytes());
+    let path: &Path = osstr.as_ref();
+    let name = path.file_name().unwrap().to_string_lossy();
+    assert!(name.contains("foo"));
+    let file = unsafe { File::from_raw_fd(fd) };
+    assert!(file.set_len(0).is_ok());
+
+    let invalid_templates = vec!["foo", "barXX", "XXXXXXbaz", "whatXXXXXXever", "X"];
+    for t in invalid_templates {
+        let ptr = CString::new(t).unwrap().into_raw();
+        let fd = unsafe { libc::mkstemp(ptr) };
+        let _ = unsafe { CString::from_raw(ptr) };
+        // "On error, -1 is returned, and errno is set to
+        // indicate the error"
+        assert_eq!(fd, -1);
+        let e = std::io::Error::last_os_error();
+        assert_eq!(e.raw_os_error(), Some(libc::EINVAL));
+        assert_eq!(e.kind(), std::io::ErrorKind::InvalidInput);
+    }
+}
+
 fn main() {
     #[cfg(any(target_os = "linux", target_os = "freebsd"))]
     test_posix_fadvise();
 
     test_posix_gettimeofday();
+    test_posix_mkstemp();
 
     #[cfg(any(target_os = "linux"))]
     test_sync_file_range();
