use SecRandomCopyBytes on macOS in Miri

diff --git a/src/libstd/sys/unix/rand.rs b/src/libstd/sys/unix/rand.rs
index 77f1439e17b10324c7d67d25ab036d7755a27922..e923b9aa29b0117d0d4144f9539e4ba0fd245241 100644 (file)
--- a/src/libstd/sys/unix/rand.rs
+++ b/src/libstd/sys/unix/rand.rs
@@ -13,6 +13,7 @@ pub fn hashmap_random_keys() -> (u64, u64) {
 
 #[cfg(all(unix,
           not(target_os = "ios"),
+          not(all(target_os = "macos", miri)),
           not(target_os = "openbsd"),
           not(target_os = "freebsd"),
           not(target_os = "fuchsia")))]
@@ -106,7 +107,9 @@ pub fn fill_bytes(v: &mut [u8]) {
 // once per thread in `hashmap_random_keys`. Therefore `SecRandomCopyBytes` is
 // only used on iOS where direct access to `/dev/urandom` is blocked by the
 // sandbox.
-#[cfg(target_os = "ios")]
+// HACK: However, we do use this when running in Miri on macOS; intercepting this is much
+// easier than intercepting accesses to /dev/urandom.
+#[cfg(any(target_os = "ios", all(target_os = "macos", miri)))]
 mod imp {
     use crate::io;
     use crate::ptr;