non-deterministically truncate reads/writes

RalfJung · RalfJung · commit ea405ae5c673 · 2025-07-19T14:15:23.000+02:00
diff --git a/src/shims/unix/fd.rs b/src/shims/unix/fd.rs
@@ -4,6 +4,7 @@
 use std::io;
 use std::io::ErrorKind;
 
+use rand::Rng;
 use rustc_abi::Size;
 
 use crate::helpers::check_min_vararg_count;
@@ -257,6 +258,11 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> {
         let count = usize::try_from(count).unwrap(); // now it fits in a `usize`
         let communicate = this.machine.communicate();
 
+        // Non-deterministically decide to further reduce the count, simulating a partial read (but
+        // never to 0, that has different behavior).
+        let count =
+            if count >= 2 && this.machine.rng.get_mut().random() { count / 2 } else { count };
+
         // Get the FD.
         let Some(fd) = this.machine.fds.get(fd_num) else {
             trace!("read: FD not found");
@@ -265,7 +271,7 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> {
 
         trace!("read: FD mapped to {fd:?}");
         // We want to read at most `count` bytes. We are sure that `count` is not negative
-        // because it was a target's `usize`. Also we are sure that its smaller than
+        // because it was a target's `usize`. Also we are sure that it's smaller than
         // `usize::MAX` because it is bounded by the host's `isize`.
 
         let finish = {
@@ -323,6 +329,11 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> {
         let count = usize::try_from(count).unwrap(); // now it fits in a `usize`
         let communicate = this.machine.communicate();
 
+        // Non-deterministically decide to further reduce the count, simulating a partial write (but
+        // never to 0, that has different behavior).
+        let count =
+            if count >= 2 && this.machine.rng.get_mut().random() { count / 2 } else { count };
+
         // We temporarily dup the FD to be able to retain mutable access to `this`.
         let Some(fd) = this.machine.fds.get(fd_num) else {
             return this.set_last_error_and_return(LibcError("EBADF"), dest);
diff --git a/tests/pass-dep/libc/libc-fs.rs b/tests/pass-dep/libc/libc-fs.rs
@@ -74,8 +74,11 @@ fn test_dup_stdout_stderr() {
     unsafe {
         let new_stdout = libc::fcntl(1, libc::F_DUPFD, 0);
         let new_stderr = libc::fcntl(2, libc::F_DUPFD, 0);
-        libc::write(new_stdout, bytes.as_ptr() as *const libc::c_void, bytes.len());
-        libc::write(new_stderr, bytes.as_ptr() as *const libc::c_void, bytes.len());
+        // We write byte-for-byte as that's the easiest way to deal with partial writes...
+        for b in bytes.iter() {
+            assert_eq!(libc::write(new_stdout, &raw const *b as *const libc::c_void, 1), 1);
+            assert_eq!(libc::write(new_stderr, &raw const *b as *const libc::c_void, 1), 1);
+        }
     }
 }
 
@@ -92,16 +95,24 @@ fn test_dup() {
         let new_fd2 = libc::dup2(fd, 8);
 
         let mut first_buf = [0u8; 4];
-        libc::read(fd, first_buf.as_mut_ptr() as *mut libc::c_void, 4);
-        assert_eq!(&first_buf, b"dup ");
+        let first_len = libc::read(fd, first_buf.as_mut_ptr() as *mut libc::c_void, 4);
+        assert!(first_len > 0);
+        let first_len = first_len as usize;
+        assert_eq!(first_buf[..first_len], bytes[..first_len]);
+        let remaining_bytes = &bytes[first_len..];
 
         let mut second_buf = [0u8; 4];
-        libc::read(new_fd, second_buf.as_mut_ptr() as *mut libc::c_void, 4);
-        assert_eq!(&second_buf, b"and ");
+        let second_len = libc::read(new_fd, second_buf.as_mut_ptr() as *mut libc::c_void, 4);
+        assert!(second_len > 0);
+        let second_len = second_len as usize;
+        assert_eq!(second_buf[..second_len], remaining_bytes[..second_len]);
+        let remaining_bytes = &remaining_bytes[second_len..];
 
         let mut third_buf = [0u8; 4];
-        libc::read(new_fd2, third_buf.as_mut_ptr() as *mut libc::c_void, 4);
-        assert_eq!(&third_buf, b"dup2");
+        let third_len = libc::read(new_fd2, third_buf.as_mut_ptr() as *mut libc::c_void, 4);
+        assert!(third_len > 0);
+        let third_len = third_len as usize;
+        assert_eq!(third_buf[..third_len], remaining_bytes[..third_len]);
     }
 }
 
@@ -145,7 +156,7 @@ fn test_ftruncate<T: From<i32>>(
     let bytes = b"hello";
     let path = utils::prepare("miri_test_libc_fs_ftruncate.txt");
     let mut file = File::create(&path).unwrap();
-    file.write(bytes).unwrap();
+    file.write_all(bytes).unwrap();
     file.sync_all().unwrap();
     assert_eq!(file.metadata().unwrap().len(), 5);
 
@@ -402,25 +413,33 @@ fn test_read_and_uninit() {
         unsafe {
             let fd = libc::open(cpath.as_ptr(), libc::O_RDONLY);
             assert_ne!(fd, -1);
-            let mut buf: MaybeUninit<[u8; 2]> = std::mem::MaybeUninit::uninit();
-            assert_eq!(libc::read(fd, buf.as_mut_ptr().cast::<std::ffi::c_void>(), 2), 2);
+            let mut buf: MaybeUninit<u8> = std::mem::MaybeUninit::uninit();
+            assert_eq!(libc::read(fd, buf.as_mut_ptr().cast::<std::ffi::c_void>(), 1), 1);
             let buf = buf.assume_init();
-            assert_eq!(buf, [1, 2]);
+            assert_eq!(buf, 1);
             assert_eq!(libc::close(fd), 0);
         }
         remove_file(&path).unwrap();
     }
     {
         // We test that if we requested to read 4 bytes, but actually read 3 bytes, then
         // 3 bytes (not 4) will be overwritten, and remaining byte will be left as-is.
-        let path = utils::prepare_with_content("pass-libc-read-and-uninit-2.txt", &[1u8, 2, 3]);
+        let data = [1u8, 2, 3];
+        let path = utils::prepare_with_content("pass-libc-read-and-uninit-2.txt", &data);
         let cpath = CString::new(path.clone().into_os_string().into_encoded_bytes()).unwrap();
         unsafe {
             let fd = libc::open(cpath.as_ptr(), libc::O_RDONLY);
             assert_ne!(fd, -1);
             let mut buf = [42u8; 5];
-            assert_eq!(libc::read(fd, buf.as_mut_ptr().cast::<std::ffi::c_void>(), 4), 3);
-            assert_eq!(buf, [1, 2, 3, 42, 42]);
+            let res = libc::read(fd, buf.as_mut_ptr().cast::<std::ffi::c_void>(), 4);
+            assert!(res > 0 && res < 4);
+            for i in 0..buf.len() {
+                assert_eq!(
+                    buf[i],
+                    if i < res as usize { data[i] } else { 42 },
+                    "wrong result at pos {i}"
+                );
+            }
             assert_eq!(libc::close(fd), 0);
         }
         remove_file(&path).unwrap();
diff --git a/tests/pass/shims/fs.rs b/tests/pass/shims/fs.rs
@@ -17,6 +17,7 @@ mod utils;
 fn main() {
     test_path_conversion();
     test_file();
+    test_file_partial_reads_writes();
     test_file_create_new();
     test_metadata();
     test_seek();
@@ -53,7 +54,7 @@ fn test_file() {
     file.write(&mut []).unwrap();
     assert_eq!(file.metadata().unwrap().len(), 0);
 
-    file.write(bytes).unwrap();
+    file.write_all(bytes).unwrap();
     assert_eq!(file.metadata().unwrap().len(), bytes.len() as u64);
     // Test opening, reading and closing a file.
     let mut file = File::open(&path).unwrap();
@@ -70,6 +71,28 @@ fn test_file() {
     remove_file(&path).unwrap();
 }
 
+fn test_file_partial_reads_writes() {
+    let path = utils::prepare_with_content("miri_test_fs_file.txt", b"abcdefg");
+
+    // Ensure we sometimes do incomplete writes.
+    let got_short_write = (0..16).any(|_| {
+        let _ = remove_file(&path); // FIXME(win): we get errors if the file already exists?
+        let mut file = File::create(&path).unwrap();
+        file.write(&[0; 4]).unwrap() != 4
+    });
+    assert!(got_short_write);
+    // Ensure we sometimes do incomplete reads.
+    let got_short_read = (0..16).any(|_| {
+        let mut file = File::open(&path).unwrap();
+        let mut buf = [0; 4];
+        file.read(&mut buf).unwrap() != 4
+    });
+    assert!(got_short_read);
+
+    // Clean up
+    remove_file(&path).unwrap();
+}
+
 fn test_file_clone() {
     let bytes = b"Hello, World!\n";
     let path = utils::prepare_with_content("miri_test_fs_file_clone.txt", bytes);
diff --git a/tests/pass/shims/pipe.rs b/tests/pass/shims/pipe.rs
@@ -4,8 +4,8 @@ use std::io::{Read, Write, pipe};
 
 fn main() {
     let (mut ping_rx, mut ping_tx) = pipe().unwrap();
-    ping_tx.write(b"hello").unwrap();
+    ping_tx.write_all(b"hello").unwrap();
     let mut buf: [u8; 5] = [0; 5];
-    ping_rx.read(&mut buf).unwrap();
+    ping_rx.read_exact(&mut buf).unwrap();
     assert_eq!(&buf, "hello".as_bytes());
 }
