Failed attempt: shouldn't directly write a u64 for eventfd pointer mplace

Author: tiif

src/shims/unix/fd.rs

@@ -31,6 +31,7 @@ pub trait FileDescription: std::fmt::Debug + Any {
         _self_ref: &FileDescriptionRef,
         _communicate_allowed: bool,
         _bytes: &mut [u8],
+        _len: usize,
         _ptr: Pointer,
         _dest: &MPlaceTy<'tcx>,
         _ecx: &mut MiriInterpCx<'tcx>,
@@ -132,6 +133,7 @@ impl FileDescription for io::Stdin {
         _self_ref: &FileDescriptionRef,
         communicate_allowed: bool,
         bytes: &mut [u8],
+        _len: usize,
         ptr: Pointer,
         dest: &MPlaceTy<'tcx>,
         ecx: &mut MiriInterpCx<'tcx>,
@@ -583,9 +585,10 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> {
         // because it was a target's `usize`. Also we are sure that its smaller than
         // `usize::MAX` because it is bounded by the host's `isize`.
 
-        let mut bytes = vec![0; usize::try_from(count).unwrap()];
+        let len = usize::try_from(count).unwrap();
+        let mut bytes = vec![0; len];
         match offset {
-            None => fd.read(&fd, communicate, &mut bytes, buf, dest, this)?,
+            None => fd.read(&fd, communicate, &mut bytes, len, buf, dest, this)?,
             Some(offset) => {
                 let Ok(offset) = u64::try_from(offset) else {
                     let einval = this.eval_libc("EINVAL");
@@ -679,6 +682,39 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> {
         }
     }
 
+
+    /// This function either writes to the user supplied buffer and to dest place, or return error.
+    // TODO: this is only used for eventfd
+    fn read_byte_helper_ev(
+        &mut self,
+        buf_place: &MPlaceTy<'tcx>,
+        read_val: Option<u64>,
+        result: io::Result<usize>,
+        dest: &MPlaceTy<'tcx>,
+    ) -> InterpResult<'tcx> {
+        let this = self.eval_context_mut();
+        // `File::read` never returns a value larger than `count`, so this cannot fail.
+        match result.map(|c| i64::try_from(c).unwrap()) {
+            // try to pass this the write_ptr inside write
+            // Pass the pointer inside the write function.
+            Ok(read_bytes) => {
+                // If reading to `bytes` did not fail, we write those bytes to the buffer.
+                // Crucially, if fewer than `bytes.len()` bytes were read, only write
+                // that much into the output buffer!
+                // Write to the user supplied buffer.
+                this.write_int(read_val.unwrap(), buf_place)?;
+                // Write to the function return value place.
+                this.write_int(read_bytes, dest)?;
+                return Ok(());
+            }
+            Err(e) => {
+                this.set_last_error_from_io_error(e)?;
+                this.write_int(-1, dest)?;
+                return Ok(());
+            }
+        }
+    }
+
     /// This function either writes the number of written bytes to dest place or return error.
     fn write_byte_helper(
         &mut self,

src/shims/unix/fs.rs

@@ -35,6 +35,7 @@ impl FileDescription for FileHandle {
         _self_ref: &FileDescriptionRef,
         communicate_allowed: bool,
         bytes: &mut [u8],
+        _len: usize,
         ptr: Pointer,
         dest: &MPlaceTy<'tcx>,
         ecx: &mut MiriInterpCx<'tcx>,

src/shims/unix/linux/eventfd.rs

@@ -62,23 +62,27 @@ impl FileDescription for Event {
         &self,
         self_ref: &FileDescriptionRef,
         _communicate_allowed: bool,
-        bytes: &mut [u8],
+        _bytes: &mut [u8],
+        len: usize,
         ptr: Pointer,
         dest: &MPlaceTy<'tcx>,
         ecx: &mut MiriInterpCx<'tcx>,
     ) -> InterpResult<'tcx> {
+        // eventfd read at the size of u64.
+        let buf_place = ecx.ptr_to_mplace(ptr, ecx.machine.layouts.u64);
         // Check the size of slice, and return error only if the size of the slice < 8.
-        let Some(bytes) = bytes.first_chunk_mut::<U64_ARRAY_SIZE>() else {
+        if len < U64_ARRAY_SIZE {
             let result = Err(Error::from(ErrorKind::InvalidInput));
-            ecx.read_byte_helper(ptr, bytes.to_vec(), result, dest)?;
+            ecx.read_byte_helper_ev(&buf_place, None, result, dest)?;
             return Ok(());
-        };
+        }
+
         // Block when counter == 0.
         let counter = self.counter.get();
         if counter == 0 {
             if self.is_nonblock {
                 let result = Err(Error::from(ErrorKind::WouldBlock));
-                ecx.read_byte_helper(ptr, bytes.to_vec(), result, dest)?;
+                ecx.read_byte_helper_ev(&buf_place, None, result, dest)?;
                 return Ok(());
             } else {
                 //FIXME: blocking is not supported
@@ -87,18 +91,13 @@ impl FileDescription for Event {
         } else {
             // Synchronize with all prior `write` calls to this FD.
             ecx.acquire_clock(&self.clock.borrow());
-            // Return the counter in the host endianness using the buffer provided by caller.
-            *bytes = match ecx.tcx.sess.target.endian {
-                Endian::Little => counter.to_le_bytes(),
-                Endian::Big => counter.to_be_bytes(),
-            };
+            let result = Ok(U64_ARRAY_SIZE);
+            ecx.read_byte_helper_ev(&buf_place, Some(counter), result, dest)?;
             self.counter.set(0);
             // When any of the event happened, we check and update the status of all supported event
             // types for current file description.
             ecx.check_and_update_readiness(self_ref)?;
 
-            let result = Ok(U64_ARRAY_SIZE);
-            ecx.read_byte_helper(ptr, bytes.to_vec(), result, dest)?;
             return Ok(());
         }
     }

src/shims/unix/unnamed_socket.rs

@@ -127,6 +127,7 @@ impl FileDescription for AnonSocket {
         _self_ref: &FileDescriptionRef,
         _communicate_allowed: bool,
         bytes: &mut [u8],
+        _len: usize,
         ptr: Pointer,
         dest: &MPlaceTy<'tcx>,
         ecx: &mut MiriInterpCx<'tcx>,