1 use std::collections::HashMap;
2 use std::convert::{TryFrom, TryInto};
3 use std::fs::{remove_file, File, OpenOptions};
4 use std::io::{Read, Write};
5 use std::path::PathBuf;
6 use std::time::SystemTime;
8 use rustc::ty::layout::{Align, LayoutOf, Size};
10 use crate::stacked_borrows::Tag;
12 use helpers::immty_from_uint_checked;
13 use shims::time::system_time_to_duration;
16 pub struct FileHandle {
21 pub struct FileHandler {
22 handles: HashMap<i32, FileHandle>,
26 impl Default for FileHandler {
27 fn default() -> Self {
29 handles: Default::default(),
30 // 0, 1 and 2 are reserved for stdin, stdout and stderr.
36 impl<'mir, 'tcx> EvalContextExt<'mir, 'tcx> for crate::MiriEvalContext<'mir, 'tcx> {}
37 pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx> {
40 path_op: OpTy<'tcx, Tag>,
41 flag_op: OpTy<'tcx, Tag>,
42 ) -> InterpResult<'tcx, i32> {
43 let this = self.eval_context_mut();
45 this.check_no_isolation("open")?;
47 let flag = this.read_scalar(flag_op)?.to_i32()?;
49 let mut options = OpenOptions::new();
51 let o_rdonly = this.eval_libc_i32("O_RDONLY")?;
52 let o_wronly = this.eval_libc_i32("O_WRONLY")?;
53 let o_rdwr = this.eval_libc_i32("O_RDWR")?;
54 // The first two bits of the flag correspond to the access mode in linux, macOS and
55 // windows. We need to check that in fact the access mode flags for the current platform
56 // only use these two bits, otherwise we are in an unsupported platform and should error.
57 if (o_rdonly | o_wronly | o_rdwr) & !0b11 != 0 {
58 throw_unsup_format!("Access mode flags on this platform are unsupported");
60 let mut writable = true;
62 // Now we check the access mode
63 let access_mode = flag & 0b11;
65 if access_mode == o_rdonly {
68 } else if access_mode == o_wronly {
70 } else if access_mode == o_rdwr {
71 options.read(true).write(true);
73 throw_unsup_format!("Unsupported access mode {:#x}", access_mode);
75 // We need to check that there aren't unsupported options in `flag`. For this we try to
76 // reproduce the content of `flag` in the `mirror` variable using only the supported
78 let mut mirror = access_mode;
80 let o_append = this.eval_libc_i32("O_APPEND")?;
81 if flag & o_append != 0 {
85 let o_trunc = this.eval_libc_i32("O_TRUNC")?;
86 if flag & o_trunc != 0 {
87 options.truncate(true);
90 let o_creat = this.eval_libc_i32("O_CREAT")?;
91 if flag & o_creat != 0 {
95 let o_cloexec = this.eval_libc_i32("O_CLOEXEC")?;
96 if flag & o_cloexec != 0 {
97 // We do not need to do anything for this flag because `std` already sets it.
98 // (Technically we do not support *not* setting this flag, but we ignore that.)
101 // If `flag` is not equal to `mirror`, there is an unsupported option enabled in `flag`,
102 // then we throw an error.
104 throw_unsup_format!("unsupported flags {:#x}", flag & !mirror);
107 let path = this.read_os_str_from_c_str(this.read_scalar(path_op)?.not_undef()?)?;
109 let fd = options.open(&path).map(|file| {
110 let mut fh = &mut this.machine.file_handler;
112 fh.handles.insert(fh.low, FileHandle { file, writable }).unwrap_none();
116 this.try_unwrap_io_result(fd)
121 fd_op: OpTy<'tcx, Tag>,
122 cmd_op: OpTy<'tcx, Tag>,
123 _arg1_op: Option<OpTy<'tcx, Tag>>,
124 ) -> InterpResult<'tcx, i32> {
125 let this = self.eval_context_mut();
127 this.check_no_isolation("fcntl")?;
129 let fd = this.read_scalar(fd_op)?.to_i32()?;
130 let cmd = this.read_scalar(cmd_op)?.to_i32()?;
131 // We only support getting the flags for a descriptor.
132 if cmd == this.eval_libc_i32("F_GETFD")? {
133 // Currently this is the only flag that `F_GETFD` returns. It is OK to just return the
134 // `FD_CLOEXEC` value without checking if the flag is set for the file because `std`
135 // always sets this flag when opening a file. However we still need to check that the
136 // file itself is open.
137 if this.machine.file_handler.handles.contains_key(&fd) {
138 Ok(this.eval_libc_i32("FD_CLOEXEC")?)
140 this.handle_not_found()
143 throw_unsup_format!("The {:#x} command is not supported for `fcntl`)", cmd);
147 fn close(&mut self, fd_op: OpTy<'tcx, Tag>) -> InterpResult<'tcx, i32> {
148 let this = self.eval_context_mut();
150 this.check_no_isolation("close")?;
152 let fd = this.read_scalar(fd_op)?.to_i32()?;
154 if let Some(handle) = this.machine.file_handler.handles.remove(&fd) {
155 // We sync the file if it was opened in a mode different than read-only.
157 // `File::sync_all` does the checks that are done when closing a file. We do this to
158 // to handle possible errors correctly.
159 let result = this.try_unwrap_io_result(handle.file.sync_all().map(|_| 0i32));
160 // Now we actually close the file.
162 // And return the result.
165 // We drop the file, this closes it but ignores any errors produced when closing
166 // it. This is done because `File::sync_call` cannot be done over files like
167 // `/dev/urandom` which are read-only. Check
168 // https://github.com/rust-lang/miri/issues/999#issuecomment-568920439 for a deeper
174 this.handle_not_found()
180 fd_op: OpTy<'tcx, Tag>,
181 buf_op: OpTy<'tcx, Tag>,
182 count_op: OpTy<'tcx, Tag>,
183 ) -> InterpResult<'tcx, i64> {
184 let this = self.eval_context_mut();
186 this.check_no_isolation("read")?;
188 let fd = this.read_scalar(fd_op)?.to_i32()?;
189 let buf = this.read_scalar(buf_op)?.not_undef()?;
190 let count = this.read_scalar(count_op)?.to_machine_usize(&*this.tcx)?;
192 // Check that the *entire* buffer is actually valid memory.
193 this.memory.check_ptr_access(
195 Size::from_bytes(count),
196 Align::from_bytes(1).unwrap(),
199 // We cap the number of read bytes to the largest value that we are able to fit in both the
200 // host's and target's `isize`. This saves us from having to handle overflows later.
201 let count = count.min(this.isize_max() as u64).min(isize::max_value() as u64);
203 if let Some(handle) = this.machine.file_handler.handles.get_mut(&fd) {
204 // This can never fail because `count` was capped to be smaller than
205 // `isize::max_value()`.
206 let count = isize::try_from(count).unwrap();
207 // We want to read at most `count` bytes. We are sure that `count` is not negative
208 // because it was a target's `usize`. Also we are sure that its smaller than
209 // `usize::max_value()` because it is a host's `isize`.
210 let mut bytes = vec![0; count as usize];
214 // `File::read` never returns a value larger than `count`, so this cannot fail.
215 .map(|c| i64::try_from(c).unwrap());
219 // If reading to `bytes` did not fail, we write those bytes to the buffer.
220 this.memory.write_bytes(buf, bytes)?;
224 this.set_last_error_from_io_error(e)?;
229 this.handle_not_found()
235 fd_op: OpTy<'tcx, Tag>,
236 buf_op: OpTy<'tcx, Tag>,
237 count_op: OpTy<'tcx, Tag>,
238 ) -> InterpResult<'tcx, i64> {
239 let this = self.eval_context_mut();
241 this.check_no_isolation("write")?;
243 let fd = this.read_scalar(fd_op)?.to_i32()?;
244 let buf = this.read_scalar(buf_op)?.not_undef()?;
245 let count = this.read_scalar(count_op)?.to_machine_usize(&*this.tcx)?;
247 // Check that the *entire* buffer is actually valid memory.
248 this.memory.check_ptr_access(
250 Size::from_bytes(count),
251 Align::from_bytes(1).unwrap(),
254 // We cap the number of written bytes to the largest value that we are able to fit in both the
255 // host's and target's `isize`. This saves us from having to handle overflows later.
256 let count = count.min(this.isize_max() as u64).min(isize::max_value() as u64);
258 if let Some(handle) = this.machine.file_handler.handles.get_mut(&fd) {
259 let bytes = this.memory.read_bytes(buf, Size::from_bytes(count))?;
260 let result = handle.file.write(&bytes).map(|c| i64::try_from(c).unwrap());
261 this.try_unwrap_io_result(result)
263 this.handle_not_found()
267 fn unlink(&mut self, path_op: OpTy<'tcx, Tag>) -> InterpResult<'tcx, i32> {
268 let this = self.eval_context_mut();
270 this.check_no_isolation("unlink")?;
272 let path = this.read_os_str_from_c_str(this.read_scalar(path_op)?.not_undef()?)?;
274 let result = remove_file(path).map(|_| 0);
276 this.try_unwrap_io_result(result)
281 path_op: OpTy<'tcx, Tag>,
282 buf_op: OpTy<'tcx, Tag>,
283 ) -> InterpResult<'tcx, i32> {
284 let this = self.eval_context_mut();
286 if this.tcx.sess.target.target.target_os.to_lowercase() != "macos" {
287 throw_unsup_format!("The `stat` shim is only available for `macos` targets.")
290 let path_scalar = this.read_scalar(path_op)?.not_undef()?;
291 let path: PathBuf = this.read_os_str_from_c_str(path_scalar)?.into();
293 let buf = this.deref_operand(buf_op)?;
295 // `stat` always follows symlinks. `lstat` is used to get symlink metadata.
296 let metadata = match FileMetadata::new(this, path, true)? {
297 Some(metadata) => metadata,
298 None => return Ok(-1),
301 let mode: u16 = metadata.mode.to_u16()?;
303 let (access_sec, access_nsec) = metadata.accessed.unwrap_or((0, 0));
304 let (created_sec, created_nsec) = metadata.created.unwrap_or((0, 0));
305 let (modified_sec, modified_nsec) = metadata.modified.unwrap_or((0, 0));
307 let dev_t_layout = this.libc_ty_layout("dev_t")?;
308 let mode_t_layout = this.libc_ty_layout("mode_t")?;
309 let nlink_t_layout = this.libc_ty_layout("nlink_t")?;
310 let ino_t_layout = this.libc_ty_layout("ino_t")?;
311 let uid_t_layout = this.libc_ty_layout("uid_t")?;
312 let gid_t_layout = this.libc_ty_layout("gid_t")?;
313 let time_t_layout = this.libc_ty_layout("time_t")?;
314 let long_layout = this.libc_ty_layout("c_long")?;
315 let off_t_layout = this.libc_ty_layout("off_t")?;
316 let blkcnt_t_layout = this.libc_ty_layout("blkcnt_t")?;
317 let blksize_t_layout = this.libc_ty_layout("blksize_t")?;
318 let uint32_t_layout = this.libc_ty_layout("uint32_t")?;
320 // We need to add 32 bits of padding after `st_rdev` if we are on a 64-bit platform.
321 let pad_layout = if this.tcx.sess.target.ptr_width == 64 {
324 this.layout_of(this.tcx.mk_unit())?
328 immty_from_uint_checked(0u128, dev_t_layout)?, // st_dev
329 immty_from_uint_checked(mode, mode_t_layout)?, // st_mode
330 immty_from_uint_checked(0u128, nlink_t_layout)?, // st_nlink
331 immty_from_uint_checked(0u128, ino_t_layout)?, // st_ino
332 immty_from_uint_checked(0u128, uid_t_layout)?, // st_uid
333 immty_from_uint_checked(0u128, gid_t_layout)?, // st_gid
334 immty_from_uint_checked(0u128, dev_t_layout)?, // st_rdev
335 immty_from_uint_checked(0u128, pad_layout)?, // padding for 64-bit targets
336 immty_from_uint_checked(access_sec, time_t_layout)?, // st_atime
337 immty_from_uint_checked(access_nsec, long_layout)?, // st_atime_nsec
338 immty_from_uint_checked(modified_sec, time_t_layout)?, // st_mtime
339 immty_from_uint_checked(modified_nsec, long_layout)?, // st_mtime_nsec
340 immty_from_uint_checked(0u128, time_t_layout)?, // st_ctime
341 immty_from_uint_checked(0u128, long_layout)?, // st_ctime_nsec
342 immty_from_uint_checked(created_sec, time_t_layout)?, // st_birthtime
343 immty_from_uint_checked(created_nsec, long_layout)?, // st_birthtime_nsec
344 immty_from_uint_checked(metadata.size, off_t_layout)?, // st_size
345 immty_from_uint_checked(0u128, blkcnt_t_layout)?, // st_blocks
346 immty_from_uint_checked(0u128, blksize_t_layout)?, // st_blksize
347 immty_from_uint_checked(0u128, uint32_t_layout)?, // st_flags
348 immty_from_uint_checked(0u128, uint32_t_layout)?, // st_gen
351 this.write_packed_immediates(&buf, &imms)?;
358 dirfd_op: OpTy<'tcx, Tag>, // Should be an `int`
359 pathname_op: OpTy<'tcx, Tag>, // Should be a `const char *`
360 flags_op: OpTy<'tcx, Tag>, // Should be an `int`
361 _mask_op: OpTy<'tcx, Tag>, // Should be an `unsigned int`
362 statxbuf_op: OpTy<'tcx, Tag>, // Should be a `struct statx *`
363 ) -> InterpResult<'tcx, i32> {
364 let this = self.eval_context_mut();
366 this.check_no_isolation("statx")?;
368 if this.tcx.sess.target.target.target_os.to_lowercase() != "linux" {
369 throw_unsup_format!("The `statx` shim is only available for `linux` targets.")
372 let statxbuf_scalar = this.read_scalar(statxbuf_op)?.not_undef()?;
373 let pathname_scalar = this.read_scalar(pathname_op)?.not_undef()?;
375 // If the statxbuf or pathname pointers are null, the function fails with `EFAULT`.
376 if this.is_null(statxbuf_scalar)? || this.is_null(pathname_scalar)? {
377 let efault = this.eval_libc("EFAULT")?;
378 this.set_last_error(efault)?;
382 // Under normal circumstances, we would use `deref_operand(statxbuf_op)` to produce a
383 // proper `MemPlace` and then write the results of this function to it. However, the
384 // `syscall` function is untyped. This means that all the `statx` parameters are provided
385 // as `isize`s instead of having the proper types. Thus, we have to recover the layout of
386 // `statxbuf_op` by using the `libc::statx` struct type.
387 let statxbuf_place = {
388 // FIXME: This long path is required because `libc::statx` is an struct and also a
389 // function and `resolve_path` is returning the latter.
391 .resolve_path(&["libc", "unix", "linux_like", "linux", "gnu", "statx"])?
393 let statxbuf_ty = this.tcx.mk_mut_ptr(statx_ty);
394 let statxbuf_layout = this.layout_of(statxbuf_ty)?;
395 let statxbuf_imm = ImmTy::from_scalar(statxbuf_scalar, statxbuf_layout);
396 this.ref_to_mplace(statxbuf_imm)?
399 let path: PathBuf = this.read_os_str_from_c_str(pathname_scalar)?.into();
400 // `flags` should be a `c_int` but the `syscall` function provides an `isize`.
402 this.read_scalar(flags_op)?.to_machine_isize(&*this.tcx)?.try_into().map_err(|e| {
403 err_unsup_format!("Failed to convert pointer sized operand to integer: {}", e)
405 // `dirfd` should be a `c_int` but the `syscall` function provides an `isize`.
407 this.read_scalar(dirfd_op)?.to_machine_isize(&*this.tcx)?.try_into().map_err(|e| {
408 err_unsup_format!("Failed to convert pointer sized operand to integer: {}", e)
410 // we only support interpreting `path` as an absolute directory or as a directory relative
411 // to `dirfd` when the latter is `AT_FDCWD`. The behavior of `statx` with a relative path
412 // and a directory file descriptor other than `AT_FDCWD` is specified but it cannot be
413 // tested from `libstd`. If you found this error, please open an issue reporting it.
414 if !(path.is_absolute() || dirfd == this.eval_libc_i32("AT_FDCWD")?) {
416 "Using statx with a relative path and a file descriptor different from `AT_FDCWD` is not supported"
420 // the `_mask_op` paramter specifies the file information that the caller requested.
421 // However `statx` is allowed to return information that was not requested or to not
422 // return information that was requested. This `mask` represents the information we can
423 // actually provide in any host platform.
425 this.eval_libc("STATX_TYPE")?.to_u32()? | this.eval_libc("STATX_SIZE")?.to_u32()?;
427 // If the `AT_SYMLINK_NOFOLLOW` flag is set, we query the file's metadata without following
429 let follow_symlink = flags & this.eval_libc("AT_SYMLINK_NOFOLLOW")?.to_i32()? == 0;
431 let metadata = match FileMetadata::new(this, path, follow_symlink)? {
432 Some(metadata) => metadata,
433 None => return Ok(-1),
436 // The `mode` field specifies the type of the file and the permissions over the file for
437 // the owner, its group and other users. Given that we can only provide the file type
438 // without using platform specific methods, we only set the bits corresponding to the file
439 // type. This should be an `__u16` but `libc` provides its values as `u32`.
440 let mode: u16 = metadata
444 .unwrap_or_else(|_| bug!("libc contains bad value for constant"));
446 // We need to set the corresponding bits of `mask` if the access, creation and modification
447 // times were available. Otherwise we let them be zero.
448 let (access_sec, access_nsec) = metadata.accessed.map(|tup| {
449 mask |= this.eval_libc("STATX_ATIME")?.to_u32()?;
450 InterpResult::Ok(tup)
451 }).unwrap_or(Ok((0, 0)))?;
453 let (created_sec, created_nsec) = metadata.created.map(|tup| {
454 mask |= this.eval_libc("STATX_BTIME")?.to_u32()?;
455 InterpResult::Ok(tup)
456 }).unwrap_or(Ok((0, 0)))?;
458 let (modified_sec, modified_nsec) = metadata.modified.map(|tup| {
459 mask |= this.eval_libc("STATX_MTIME")?.to_u32()?;
460 InterpResult::Ok(tup)
461 }).unwrap_or(Ok((0, 0)))?;
463 let __u32_layout = this.libc_ty_layout("__u32")?;
464 let __u64_layout = this.libc_ty_layout("__u64")?;
465 let __u16_layout = this.libc_ty_layout("__u16")?;
467 // Now we transform all this fields into `ImmTy`s and write them to `statxbuf`. We write a
468 // zero for the unavailable fields.
470 immty_from_uint_checked(mask, __u32_layout)?, // stx_mask
471 immty_from_uint_checked(0u128, __u32_layout)?, // stx_blksize
472 immty_from_uint_checked(0u128, __u64_layout)?, // stx_attributes
473 immty_from_uint_checked(0u128, __u32_layout)?, // stx_nlink
474 immty_from_uint_checked(0u128, __u32_layout)?, // stx_uid
475 immty_from_uint_checked(0u128, __u32_layout)?, // stx_gid
476 immty_from_uint_checked(mode, __u16_layout)?, // stx_mode
477 immty_from_uint_checked(0u128, __u16_layout)?, // statx padding
478 immty_from_uint_checked(0u128, __u64_layout)?, // stx_ino
479 immty_from_uint_checked(metadata.size, __u64_layout)?, // stx_size
480 immty_from_uint_checked(0u128, __u64_layout)?, // stx_blocks
481 immty_from_uint_checked(0u128, __u64_layout)?, // stx_attributes
482 immty_from_uint_checked(access_sec, __u64_layout)?, // stx_atime.tv_sec
483 immty_from_uint_checked(access_nsec, __u32_layout)?, // stx_atime.tv_nsec
484 immty_from_uint_checked(0u128, __u32_layout)?, // statx_timestamp padding
485 immty_from_uint_checked(created_sec, __u64_layout)?, // stx_btime.tv_sec
486 immty_from_uint_checked(created_nsec, __u32_layout)?, // stx_btime.tv_nsec
487 immty_from_uint_checked(0u128, __u32_layout)?, // statx_timestamp padding
488 immty_from_uint_checked(0u128, __u64_layout)?, // stx_ctime.tv_sec
489 immty_from_uint_checked(0u128, __u32_layout)?, // stx_ctime.tv_nsec
490 immty_from_uint_checked(0u128, __u32_layout)?, // statx_timestamp padding
491 immty_from_uint_checked(modified_sec, __u64_layout)?, // stx_mtime.tv_sec
492 immty_from_uint_checked(modified_nsec, __u32_layout)?, // stx_mtime.tv_nsec
493 immty_from_uint_checked(0u128, __u32_layout)?, // statx_timestamp padding
494 immty_from_uint_checked(0u128, __u64_layout)?, // stx_rdev_major
495 immty_from_uint_checked(0u128, __u64_layout)?, // stx_rdev_minor
496 immty_from_uint_checked(0u128, __u64_layout)?, // stx_dev_major
497 immty_from_uint_checked(0u128, __u64_layout)?, // stx_dev_minor
500 this.write_packed_immediates(&statxbuf_place, &imms)?;
505 /// Function used when a handle is not found inside `FileHandler`. It returns `Ok(-1)`and sets
506 /// the last OS error to `libc::EBADF` (invalid file descriptor). This function uses
507 /// `T: From<i32>` instead of `i32` directly because some fs functions return different integer
508 /// types (like `read`, that returns an `i64`).
509 fn handle_not_found<T: From<i32>>(&mut self) -> InterpResult<'tcx, T> {
510 let this = self.eval_context_mut();
511 let ebadf = this.eval_libc("EBADF")?;
512 this.set_last_error(ebadf)?;
517 /// Extracts the number of seconds and nanoseconds elapsed between `time` and the unix epoch when
518 /// `time` is Ok. Returns `None` if `time` is an error. Fails if `time` happens before the unix
520 fn extract_sec_and_nsec<'tcx>(
521 time: std::io::Result<SystemTime>
522 ) -> InterpResult<'tcx, Option<(u64, u32)>> {
523 time.ok().map(|time| {
524 let duration = system_time_to_duration(&time)?;
525 Ok((duration.as_secs(), duration.subsec_nanos()))
529 /// Stores a file's metadata in order to avoid code duplication in the different metadata related
531 struct FileMetadata {
534 created: Option<(u64, u32)>,
535 accessed: Option<(u64, u32)>,
536 modified: Option<(u64, u32)>,
541 ecx: &mut MiriEvalContext<'mir, 'tcx>,
544 ) -> InterpResult<'tcx, Option<FileMetadata>> {
545 let metadata = if follow_symlink {
546 std::fs::metadata(path)
548 // FIXME: metadata for symlinks need testing.
549 std::fs::symlink_metadata(path)
552 let metadata = match metadata {
553 Ok(metadata) => metadata,
555 ecx.set_last_error_from_io_error(e)?;
560 let file_type = metadata.file_type();
562 let mode_name = if file_type.is_file() {
564 } else if file_type.is_dir() {
570 let mode = ecx.eval_libc(mode_name)?;
572 let size = metadata.len();
574 let created = extract_sec_and_nsec(metadata.created())?;
575 let accessed = extract_sec_and_nsec(metadata.accessed())?;
576 let modified = extract_sec_and_nsec(metadata.modified())?;
578 // FIXME: Provide more fields using platform specific methods.
579 Ok(Some(FileMetadata { mode, size, created, accessed, modified }))