Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

use SecRandomCopyBytes on macOS in Miri #60156

Merged
merged 2 commits into from
May 2, 2019
Merged

Conversation

RalfJung
Copy link
Member

This is a hack to fix rust-lang/miri#686: on macOS, rustc will open /dev/urandom to initialize a HashMap. That's quite hard to emulate properly in Miri without a full-blown implementation of file descriptors. However, Miri needs an implementation of SecRandomCopyBytes anyway to support getrandom, so using it here should work just as well.

This will only have an effect when libstd is compiled specifically for Miri, but that will generally be the case when people use cargo miri.

This is clearly a hack, so I am opening this to start a discussion about whether we are okay with such a hack or not.

Cc @oli-obk

@rust-highfive
Copy link
Collaborator

r? @Kimundi

(rust_highfive has picked a reviewer for you, use r? to override)

@rust-highfive rust-highfive added the S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. label Apr 21, 2019
@rust-highfive

This comment has been minimized.

@oli-obk
Copy link
Contributor

oli-obk commented Apr 22, 2019

We can revisit once we are able to open /dev/random with miri

@RalfJung
Copy link
Member Author

Another case where we might want to use cfg(miri) is HashBrown: since that one got merged, Miri does not support HashMap any more.

[01:38:01] error[E0080]: constant evaluation error: tried to call a function with ABI RustIntrinsic using caller ABI PlatformIntrinsic
[01:38:01]    --> /checkout/src/libcore/../stdsimd/crates/core_arch/src/x86/sse2.rs:820:27
[01:38:01]     |
[01:38:01] 820 |     transmute::<i8x16, _>(simd_eq(a.as_i8x16(), b.as_i8x16()))
[01:38:01]     |                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ tried to call a function with ABI RustIntrinsic using caller ABI PlatformIntrinsic
[01:38:01]     |
[01:38:01]     = note: inside call to `std::arch::x86_64::_mm_cmpeq_epi8` at /cargo/registry/src/gh.neting.cc-1ecc6299db9ec823/hashbrown-0.3.0/src/raw/sse2.rs:83:23
[01:38:01]     = note: inside call to `hashbrown::raw::imp::Group::match_byte` at /cargo/registry/src/gh.neting.cc-1ecc6299db9ec823/hashbrown-0.3.0/src/raw/mod.rs:853:28
[01:38:01]     = note: inside call to `hashbrown::raw::RawTable::<(i32, i32)>::find::<[closure@DefId(8/1:34 ~ hashbrown[269a]::map[0]::{{impl}}[2]::insert[0]::{{closure}}[0]) 0:&i32]>` at /cargo/registry/src/gh.neting.cc-1ecc6299db9ec823/hashbrown-0.3.0/src/map.rs:844:33
[01:38:01]     = note: inside call to `hashbrown::map::HashMap::<i32, i32, std::collections::hash_map::RandomState>::insert` at /checkout/src/libstd/collections/hash/map.rs:821:9
[01:38:01] note: inside call to `std::collections::HashMap::<i32, i32>::insert` at $DIR/hashmap.rs:7:5
[01:38:01]    --> $DIR/hashmap.rs:7:5
[01:38:01]     |
[01:38:01] 7   |     map.insert(0, 0);
[01:38:01]     |     ^^^^^^^^^^^^^^^^

Cc @Amanieu

@Amanieu
Copy link
Member

Amanieu commented Apr 25, 2019

There is already a cfg(miri) here. Maybe the cfg isn't being passed when building sysroot crates?

@RalfJung
Copy link
Member Author

RalfJung commented Apr 25, 2019

Ah... yes we'd probably have to add that here.

@RalfJung
Copy link
Member Author

@rust-lang/libs what do you think, is it reasonable to use cfg(miri) in libstd itself (like it turns out hashbrown already does)?

@sfackler
Copy link
Member

If we're going to go the cfg(miri) route, it seems like we could do that at a higher level and replace the top-level randomness interface entirely? That way miri wouldn't have to emulate SecRandomCopyBytes and getrandom and whatever Windows uses, etc.

@RalfJung
Copy link
Member Author

Probably. However, then we'd have to figure out what it is that Miri would have to hook instead.

Also, Miri would still need to emulate all of these for the getrandom crate (or that one would have to be patched as well). Right now, SecRandomCopyBytes and whatever Windows uses are already implemented in Miri.

@Centril
Copy link
Contributor

Centril commented Apr 28, 2019

r? @oli-obk

@rust-highfive rust-highfive assigned oli-obk and unassigned Kimundi Apr 28, 2019
@alexcrichton
Copy link
Member

I'd agree with @sfackler that this seems like something where over time we'll want dedicated support for this rather than a few #[cfg] here and there. For now though I don't think we've crossed that threshold so if @RalfJung prefers to take this route it seems reasonable. We should remain watchful though in the sense that if we find we're taking a lot of these PRs we may want to add a first-class miri target sorta

@RalfJung
Copy link
Member Author

RalfJung commented May 1, 2019

We should remain watchful though in the sense that if we find we're taking a lot of these PRs we may want to add a first-class miri target sorta

Alternatively, maybe Miri can reuse some of the work for WASI here. The constraints of both seem to be similar.

For now though, I think this is good enough.

@bors r=oli-obk,alexcrichton

@bors
Copy link
Contributor

bors commented May 1, 2019

📌 Commit 16ad977 has been approved by oli-obk,alexcrichton

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels May 1, 2019
@bors
Copy link
Contributor

bors commented May 2, 2019

⌛ Testing commit 16ad977 with merge 758dc9a...

bors added a commit that referenced this pull request May 2, 2019
use SecRandomCopyBytes on macOS in Miri

This is a hack to fix rust-lang/miri#686: on macOS, rustc will open `/dev/urandom` to initialize a `HashMap`. That's quite hard to emulate properly in Miri without a full-blown implementation of file descriptors.  However, Miri needs an implementation of `SecRandomCopyBytes` anyway to support [getrandom](https://crates.io/crates/getrandom), so using it here should work just as well.

This will only have an effect when libstd is compiled specifically for Miri, but that will generally be the case when people use `cargo miri`.

This is clearly a hack, so I am opening this to start a discussion about whether we are okay with such a hack or not.

Cc @oli-obk
@bors
Copy link
Contributor

bors commented May 2, 2019

☀️ Test successful - checks-travis, status-appveyor
Approved by: oli-obk,alexcrichton
Pushing 758dc9a to master...

@bors bors added the merged-by-bors This PR was explicitly merged by bors. label May 2, 2019
@bors bors merged commit 16ad977 into rust-lang:master May 2, 2019
@RalfJung RalfJung mentioned this pull request May 13, 2019
Centril added a commit to Centril/rust that referenced this pull request May 14, 2019
fix Miri

This reverts rust-lang#60156, which turned out to be a dead end (see rust-lang#60469).

r? @oli-obk
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
merged-by-bors This PR was explicitly merged by bors. S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Implement libstd HashMap seeding on OS X
9 participants