Auto merge of #1256 - JOE1994:rw_widestr_helpers, r=RalfJung

bors · bors · commit 15dd15861c37 · 2020-03-24T07:09:40.000Z
helper functions for env_var emulation in Windows Moving some of the changes submitted in PR #1225, in order to prevent the original PR from bloating too much.
diff --git a/src/helpers.rs b/src/helpers.rs
@@ -1,4 +1,4 @@
-use std::ffi::OsStr;
+use std::ffi::{OsStr, OsString};
 use std::{iter, mem};
 use std::convert::TryFrom;
 
@@ -456,6 +456,18 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         }
     }
 
+    /// Dispatches to appropriate implementations for reading an OsString from Memory,
+    /// depending on the interpretation target.
+    /// FIXME: Use `Cow` to avoid copies
+    fn read_os_str_from_target_str(&self, scalar: Scalar<Tag>) -> InterpResult<'tcx, OsString> {
+        let target_os = self.eval_context_ref().tcx.sess.target.target.target_os.as_str();
+        match target_os {
+            "linux" | "macos" => self.read_os_str_from_c_str(scalar).map(|x| x.to_os_string()),
+            "windows" => self.read_os_str_from_wide_str(scalar),
+            unsupported => throw_unsup_format!("OsString support for target OS `{}` not yet available", unsupported),
+        }
+    }
+
     /// Helper function to read an OsString from a null-terminated sequence of bytes, which is what
     /// the Unix APIs usually handle.
     fn read_os_str_from_c_str<'a>(&'a self, scalar: Scalar<Tag>) -> InterpResult<'tcx, &'a OsStr>
@@ -471,14 +483,37 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         fn bytes_to_os_str<'tcx, 'a>(bytes: &'a [u8]) -> InterpResult<'tcx, &'a OsStr> {
             let s = std::str::from_utf8(bytes)
                 .map_err(|_| err_unsup_format!("{:?} is not a valid utf-8 string", bytes))?;
-            Ok(&OsStr::new(s))
+            Ok(OsStr::new(s))
         }
 
         let this = self.eval_context_ref();
         let bytes = this.memory.read_c_str(scalar)?;
         bytes_to_os_str(bytes)
     }
 
+    /// Helper function to read an OsString from a 0x0000-terminated sequence of u16,
+    /// which is what the Windows APIs usually handle.
+    fn read_os_str_from_wide_str<'a>(&'a self, scalar: Scalar<Tag>) -> InterpResult<'tcx, OsString>
+    where
+        'tcx: 'a,
+        'mir: 'a,
+    {
+        #[cfg(windows)]
+        pub fn u16vec_to_osstring<'tcx, 'a>(u16_vec: Vec<u16>) -> InterpResult<'tcx, OsString> {
+            Ok(std::os::windows::ffi::OsStringExt::from_wide(&u16_vec[..]))
+        }
+        #[cfg(not(windows))]
+        pub fn u16vec_to_osstring<'tcx, 'a>(u16_vec: Vec<u16>) -> InterpResult<'tcx, OsString> {
+            let s = String::from_utf16(&u16_vec[..])
+                .map_err(|_| err_unsup_format!("{:?} is not a valid utf-16 string", u16_vec))?;
+            Ok(s.into())
+        }
+
+        let u16_vec = self.eval_context_ref().memory.read_wide_str(scalar)?;
+        u16vec_to_osstring(u16_vec)
+    }
+
+
     /// Helper function to write an OsStr as a null-terminated sequence of bytes, which is what
     /// the Unix APIs usually handle. This function returns `Ok((false, length))` without trying
     /// to write if `size` is not large enough to fit the contents of `os_string` plus a null
@@ -518,6 +553,66 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
         Ok((true, string_length))
     }
 
+    /// Helper function to write an OsStr as a 0x0000-terminated u16-sequence, which is what
+    /// the Windows APIs usually handle. This function returns `Ok((false, length))` without trying
+    /// to write if `size` is not large enough to fit the contents of `os_string` plus a null
+    /// terminator. It returns `Ok((true, length))` if the writing process was successful. The
+    /// string length returned does not include the null terminator.
+    fn write_os_str_to_wide_str(
+        &mut self,
+        os_str: &OsStr,
+        mplace: MPlaceTy<'tcx, Tag>,
+        size: u64,
+    ) -> InterpResult<'tcx, (bool, u64)> {
+        #[cfg(windows)]
+        fn os_str_to_u16vec<'tcx>(os_str: &OsStr) -> InterpResult<'tcx, Vec<u16>> {
+            Ok(std::os::windows::ffi::OsStrExt::encode_wide(os_str).collect())
+        }
+        #[cfg(not(windows))]
+        fn os_str_to_u16vec<'tcx>(os_str: &OsStr) -> InterpResult<'tcx, Vec<u16>> {
+            // On non-Windows platforms the best we can do to transform Vec<u16> from/to OS strings is to do the
+            // intermediate transformation into strings. Which invalidates non-utf8 paths that are actually
+            // valid.
+            os_str
+                .to_str()
+                .map(|s| s.encode_utf16().collect())
+                .ok_or_else(|| err_unsup_format!("{:?} is not a valid utf-8 string", os_str).into())
+        }
+
+        let u16_vec = os_str_to_u16vec(os_str)?;
+        // If `size` is smaller or equal than `bytes.len()`, writing `bytes` plus the required
+        // 0x0000 terminator to memory would cause an out-of-bounds access.
+        let string_length = u64::try_from(u16_vec.len()).unwrap();
+        if size <= string_length {
+            return Ok((false, string_length));
+        }
+
+        let this = self.eval_context_mut();
+
+        // Store the UTF-16 string.
+        let char_size = Size::from_bytes(2);
+        for (idx, c) in u16_vec.into_iter().chain(iter::once(0x0000)).enumerate() {
+            let place = this.mplace_field(mplace, idx as u64)?; 
+            this.write_scalar(Scalar::from_uint(c, char_size), place.into())?;
+        }
+        Ok((true, string_length))
+    }
+
+    /// Dispatches to appropriate implementations for allocating & writing OsString in Memory,
+    /// depending on the interpretation target.
+    fn alloc_os_str_as_target_str(
+        &mut self,
+        os_str: &OsStr,
+        memkind: MemoryKind<MiriMemoryKind>,
+    ) -> InterpResult<'tcx, Pointer<Tag>> {
+        let target_os = self.eval_context_ref().tcx.sess.target.target.target_os.as_str();
+        match target_os {
+            "linux" | "macos" => Ok(self.alloc_os_str_as_c_str(os_str, memkind)),
+            "windows" => Ok(self.alloc_os_str_as_wide_str(os_str, memkind)),
+            unsupported => throw_unsup_format!("OsString support for target OS `{}` not yet available", unsupported),
+        }
+    }
+
     fn alloc_os_str_as_c_str(
         &mut self,
         os_str: &OsStr,
@@ -528,7 +623,21 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
 
         let arg_type = this.tcx.mk_array(this.tcx.types.u8, size);
         let arg_place = this.allocate(this.layout_of(arg_type).unwrap(), memkind);
-        self.write_os_str_to_c_str(os_str, arg_place.ptr, size).unwrap();
+        assert!(self.write_os_str_to_c_str(os_str, arg_place.ptr, size).unwrap().0);
+        arg_place.ptr.assert_ptr()
+    }
+
+    fn alloc_os_str_as_wide_str(
+        &mut self,
+        os_str: &OsStr,
+        memkind: MemoryKind<MiriMemoryKind>,
+    ) -> Pointer<Tag> {
+        let size = u64::try_from(os_str.len()).unwrap().checked_add(1).unwrap(); // Make space for `0x0000` terminator.
+        let this = self.eval_context_mut();
+
+        let arg_type = this.tcx.mk_array(this.tcx.types.u16, size);
+        let arg_place = this.allocate(this.layout_of(arg_type).unwrap(), memkind);
+        assert!(self.write_os_str_to_wide_str(os_str, arg_place, size).unwrap().0);
         arg_place.ptr.assert_ptr()
     }
 }
diff --git a/src/shims/env.rs b/src/shims/env.rs
@@ -13,7 +13,7 @@ use rustc_mir::interpret::Pointer;
 #[derive(Default)]
 pub struct EnvVars<'tcx> {
     /// Stores pointers to the environment variables. These variables must be stored as
-    /// null-terminated C strings with the `"{name}={value}"` format.
+    /// null-terminated target strings (c_str or wide_str) with the `"{name}={value}"` format.
     map: FxHashMap<OsString, Pointer<Tag>>,
 
     /// Place where the `environ` static is stored. Lazily initialized, but then never changes.
@@ -29,7 +29,7 @@ impl<'tcx> EnvVars<'tcx> {
             for (name, value) in env::vars() {
                 if !excluded_env_vars.contains(&name) {
                     let var_ptr =
-                        alloc_env_var_as_c_str(name.as_ref(), value.as_ref(), ecx);
+                        alloc_env_var_as_target_str(name.as_ref(), value.as_ref(), ecx)?;
                     ecx.machine.env_vars.map.insert(OsString::from(name), var_ptr);
                 }
             }
@@ -38,21 +38,23 @@ impl<'tcx> EnvVars<'tcx> {
     }
 }
 
-fn alloc_env_var_as_c_str<'mir, 'tcx>(
+fn alloc_env_var_as_target_str<'mir, 'tcx>(
     name: &OsStr,
     value: &OsStr,
     ecx: &mut InterpCx<'mir, 'tcx, Evaluator<'tcx>>,
-) -> Pointer<Tag> {
+) -> InterpResult<'tcx, Pointer<Tag>> {
     let mut name_osstring = name.to_os_string();
     name_osstring.push("=");
     name_osstring.push(value);
-    ecx.alloc_os_str_as_c_str(name_osstring.as_os_str(), MiriMemoryKind::Machine.into())
+    Ok(ecx.alloc_os_str_as_target_str(name_osstring.as_os_str(), MiriMemoryKind::Machine.into())?)
 }
 
 impl<'mir, 'tcx> EvalContextExt<'mir, 'tcx> for crate::MiriEvalContext<'mir, 'tcx> {}
 pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx> {
     fn getenv(&mut self, name_op: OpTy<'tcx, Tag>) -> InterpResult<'tcx, Scalar<Tag>> {
         let this = self.eval_context_mut();
+        let target_os = this.tcx.sess.target.target.target_os.as_str();
+        assert!(target_os == "linux" || target_os == "macos", "`{}` is only available for the UNIX target family");
 
         let name_ptr = this.read_scalar(name_op)?.not_undef()?;
         let name = this.read_os_str_from_c_str(name_ptr)?;
@@ -74,17 +76,17 @@ pub trait EvalContextExt<'mir, 'tcx: 'mir>: crate::MiriEvalContextExt<'mir, 'tcx
 
         let name_ptr = this.read_scalar(name_op)?.not_undef()?;
         let value_ptr = this.read_scalar(value_op)?.not_undef()?;
-        let value = this.read_os_str_from_c_str(value_ptr)?;
+        let value = this.read_os_str_from_target_str(value_ptr)?;
         let mut new = None;
         if !this.is_null(name_ptr)? {
-            let name = this.read_os_str_from_c_str(name_ptr)?;
+            let name = this.read_os_str_from_target_str(name_ptr)?;
             if !name.is_empty() && !name.to_string_lossy().contains('=') {
                 new = Some((name.to_owned(), value.to_owned()));
             }
         }
         if let Some((name, value)) = new {
-            let var_ptr = alloc_env_var_as_c_str(&name, &value, &mut this);
-            if let Some(var) = this.machine.env_vars.map.insert(name.to_owned(), var_ptr) {
+            let var_ptr = alloc_env_var_as_target_str(&name, &value, &mut this)?;
+            if let Some(var) = this.machine.env_vars.map.insert(name, var_ptr) {
                 this.memory
                     .deallocate(var, None, MiriMemoryKind::Machine.into())?;
             }
