Download Raw Diff

Details

Reviewers

dschuff
mclow.lists
danalbert

Commits

rG57148cbcbdad: libc++: add NaCl and PNaCl support for std::random_device
rCXX223068: libc++: add NaCl and PNaCl support for std::random_device
rL223068: libc++: add NaCl and PNaCl support for std::random_device

Summary

The NaCl sandbox doesn't allow opening files under /dev, but it offers an API which provides the same capabilities. This is the same random device emulation that nacl_io performs for POSIX support, but nacl_io is an optional library so libc++ can't assume that device emulation will be performed. Note that NaCl only supports /dev/urandom, not /dev/random.

This patch also cleans up some of the preprocessor #endif, and fixes the test for Win32 (it accepts any token, and would therefore never throw regardless of the token provided).

Diff Detail

Repository: rL LLVM

Event Timeline

jfb updated this revision to Diff 16707.Nov 27 2014, 1:20 PM

jfb retitled this revision from to libc++: add NaCl and PNaCl support for std::random_device.

jfb updated this object.

jfb edited the test plan for this revision. (Show Details)

jfb added reviewers: dschuff, mclow.lists, danalbert.

jfb added a subscriber: Unknown Object (MLST).

Herald added a subscriber: jfb. · View Herald TranscriptNov 27 2014, 1:20 PM

EricWF added a subscriber: EricWF.Nov 27 2014, 1:30 PM

The purpose of the token is to permit different sources of randomness. Seeing as how you don't allow anything other than nacl_secure_random_init, perhaps you should just make the default token be the empty string in the <random> header.

Checking for an invalid token would just be a simple !__token.empty().

src/random.cpp
79 ↗	(On Diff #16707)	This read a little funny to me, maybe: random_device failed to obtain enough bytes

The purpose of the token is to permit different sources of randomness. Seeing as how you don't allow anything other than nacl_secure_random_init, perhaps you should just make the default token be the empty string in the <random> header.

That would be a breaking change if we do decide to support other sources of
randomness. What we have now emulates the token it accepts (its POSIX
meaning), so it's the right thing IMO.

I'd really prefer a different identifier other than __native_client__.
IMHO, that's too "generic".

Something that mentioned NaCl and/or PNaCl.
_LIBCPP_USING_NACL_RANDOM, maybe?

Rephrase error message.

Add _LIBCPP_USING_NACL_RANDOM to __config, and use that instead of __native_client__.

In D6442#9, @mclow.lists wrote:

I'd really prefer a different identifier other than __native_client__.
IMHO, that's too "generic".

Something that mentioned NaCl and/or PNaCl.
_LIBCPP_USING_NACL_RANDOM, maybe?

Done, let me know if what I implemented was what you were suggesting.

src/random.cpp
79 ↗	(On Diff #16707)	Changed.

Fix missing parens.

Your changes look good; but now I'm wondering if you want to accept both "/dev/random" and "/dev/urandom" as valid tokens.

Now I'm wondering what bozo checked in the windows implementation w/o noticing that it broke this test on Windows. Oh - that was me.

Should the windows implementation also accept only "/dev/random" and "/dev/urandom" as valid tokens?

That would enable us to make the test portable; and help people to write cross-platform code.

include/__config
118 ↗	(On Diff #16750)	I don't think you need to actually set `_LIBCPP_USING_NACL_RANDOM` to a value. #define _LIBCPP_USING_NACL_RANDOM is sufficient.
test/numerics/rand/rand.device/ctor.pass.cpp
34 ↗	(On Diff #16750)	I don't really like this; it's leaking implementation information into the test framework.

Define macro without setting a value.

In D6442#17, @mclow.lists wrote:

Your changes look good; but now I'm wondering if you want to accept both "/dev/random" and "/dev/urandom" as valid tokens.

I don't want /dev/random because the NaCl interface I'm using doesn't guarantee "very high quality randomness" and doesn't block when such randomness isn't available. User code that expects such randomness should hard-fail (and fall back as makes sense for them), instead of getting lower quality randomness. NaCl has, for example, SSH clients that rely on similar (non-C++) random device interfaces, and knowing that the source of randomness is bad is pretty important to them (not that OpenSSL and friends have a great track record).

Should the windows implementation also accept only "/dev/random" and "/dev/urandom" as valid tokens?

I wouldn't offer /dev/random unless the implementation actually meets the expectations of users.

That would enable us to make the test portable; and help people to write cross-platform code.

I think the lack of platform portability should go back to WG21 LEWG ;-)

Agreed that the test is now ugly... but hey it's correct!

include/__config
118 ↗	(On Diff #16750)	Done.

Return ENOENT instead of ENODEV as suggested by @majnemer.

mclow.lists accepted this revision.Dec 1 2014, 10:27 AM

mclow.lists edited edge metadata.

This revision is now accepted and ready to land.Dec 1 2014, 10:27 AM

Closed by commit rL223068 (authored by @jfb).

Diff 16776

libcxx/trunk/include/__config

	Show First 20 Lines • Show All 105 Lines • ▼ Show 20 Lines
	# define _LIBCPP_LITTLE_ENDIAN 1			# define _LIBCPP_LITTLE_ENDIAN 1
	# define _LIBCPP_BIG_ENDIAN 0			# define _LIBCPP_BIG_ENDIAN 0
	# else			# else
	# define _LIBCPP_LITTLE_ENDIAN 0			# define _LIBCPP_LITTLE_ENDIAN 0
	# define _LIBCPP_BIG_ENDIAN 1			# define _LIBCPP_BIG_ENDIAN 1
	# endif			# endif
	#endif // __sun__			#endif // __sun__

				#if defined(__native_client__)
				// NaCl's sandbox (which PNaCl also runs in) doesn't allow filesystem access,
				// including accesses to the special files under /dev. C++11's
				// std::random_device is instead exposed through a NaCl syscall.
				# define _LIBCPP_USING_NACL_RANDOM
				#endif // defined(__native_client__)

	#if !defined(_LIBCPP_LITTLE_ENDIAN) \|\| !defined(_LIBCPP_BIG_ENDIAN)			#if !defined(_LIBCPP_LITTLE_ENDIAN) \|\| !defined(_LIBCPP_BIG_ENDIAN)
	# include <endian.h>			# include <endian.h>
	# if __BYTE_ORDER == __LITTLE_ENDIAN			# if __BYTE_ORDER == __LITTLE_ENDIAN
	# define _LIBCPP_LITTLE_ENDIAN 1			# define _LIBCPP_LITTLE_ENDIAN 1
	# define _LIBCPP_BIG_ENDIAN 0			# define _LIBCPP_BIG_ENDIAN 0
	# elif __BYTE_ORDER == __BIG_ENDIAN			# elif __BYTE_ORDER == __BIG_ENDIAN
	# define _LIBCPP_LITTLE_ENDIAN 0			# define _LIBCPP_LITTLE_ENDIAN 0
	# define _LIBCPP_BIG_ENDIAN 1			# define _LIBCPP_BIG_ENDIAN 1
	▲ Show 20 Lines • Show All 588 Lines • Show Last 20 Lines

libcxx/trunk/include/random

	Show First 20 Lines • Show All 3,469 Lines • ▼ Show 20 Lines
	}			}

	typedef shuffle_order_engine<minstd_rand0, 256> knuth_b;			typedef shuffle_order_engine<minstd_rand0, 256> knuth_b;

	// random_device			// random_device

	class _LIBCPP_TYPE_VIS random_device			class _LIBCPP_TYPE_VIS random_device
	{			{
	#if !defined(_WIN32)			#if !(defined(_WIN32) \|\| defined(_LIBCPP_USING_NACL_RANDOM))
	int __f_;			int __f_;
	#endif // defined(_WIN32)			#endif // !(defined(_WIN32) \|\| defined(_LIBCPP_USING_NACL_RANDOM))
	public:			public:
	// types			// types
	typedef unsigned result_type;			typedef unsigned result_type;

	// generator characteristics			// generator characteristics
	static _LIBCPP_CONSTEXPR const result_type _Min = 0;			static _LIBCPP_CONSTEXPR const result_type _Min = 0;
	static _LIBCPP_CONSTEXPR const result_type _Max = 0xFFFFFFFFu;			static _LIBCPP_CONSTEXPR const result_type _Max = 0xFFFFFFFFu;

	▲ Show 20 Lines • Show All 3,240 Lines • Show Last 20 Lines

libcxx/trunk/src/random.cpp

//===-------------------------- random.cpp --------------------------------===//		//===-------------------------- random.cpp --------------------------------===//
//		//
// The LLVM Compiler Infrastructure		// The LLVM Compiler Infrastructure
//		//
// This file is dual licensed under the MIT and the University of Illinois Open		// This file is dual licensed under the MIT and the University of Illinois Open
// Source Licenses. See LICENSE.TXT for details.		// Source Licenses. See LICENSE.TXT for details.
//		//
//===----------------------------------------------------------------------===//		//===----------------------------------------------------------------------===//

#if defined(_WIN32)		#if defined(_WIN32)
// Must be defined before including stdlib.h to enable rand_s().		// Must be defined before including stdlib.h to enable rand_s().
#define _CRT_RAND_S		#define _CRT_RAND_S
#include <stdio.h>		#include <stdio.h>
#endif		#endif // defined(_WIN32)

#include "random"		#include "random"
#include "system_error"		#include "system_error"

#ifdef __sun__		#if defined(__sun__)
#define rename solaris_headers_are_broken		#define rename solaris_headers_are_broken
#endif		#endif // defined(__sun__)
#if !defined(_WIN32)		#if !defined(_WIN32)
#include <fcntl.h>		#include <fcntl.h>
#include <unistd.h>		#include <unistd.h>
#endif // defined(_WIN32)		#endif // !defined(_WIN32)
#include <errno.h>		#include <errno.h>
		#if defined(_LIBCPP_USING_NACL_RANDOM)
		#include <nacl/nacl_random.h>
		#endif // defined(_LIBCPP_USING_NACL_RANDOM)

_LIBCPP_BEGIN_NAMESPACE_STD		_LIBCPP_BEGIN_NAMESPACE_STD

#if defined(_WIN32)		#if defined(_WIN32)

random_device::random_device(const string&)		random_device::random_device(const string&)
{		{
}		}

random_device::~random_device()		random_device::~random_device()
{		{
}		}

unsigned		unsigned
random_device::operator()()		random_device::operator()()
{		{
unsigned r;		unsigned r;
errno_t err = rand_s(&r);		errno_t err = rand_s(&r);
if (err)		if (err)
__throw_system_error(err, "random_device rand_s failed.");		__throw_system_error(err, "random_device rand_s failed.");
return r;		return r;
}		}
#else
		#elif defined(_LIBCPP_USING_NACL_RANDOM)

		random_device::random_device(const string& __token)
		{
		if (__token != "/dev/urandom")
		__throw_system_error(ENOENT, ("random device not supported " + __token).c_str());
		int error = nacl_secure_random_init();
		if (error)
		__throw_system_error(error, ("random device failed to open " + __token).c_str());
		}

		random_device::~random_device()
		{
		}

		unsigned
		random_device::operator()()
		{
		unsigned r;
		size_t n = sizeof(r);
		char* p = reinterpret_cast<char*>(&r);
		size_t bytes_written;
		int error = nacl_secure_random(&r, n, &bytes_written);
		if (error != 0)
		__throw_system_error(error, "random_device failed getting bytes");
		else if (bytes_written != n)
		__throw_runtime_error("random_device failed to obtain enough bytes");
		return r;
		}

		#else // !defined(_WIN32) && !defined(_LIBCPP_USING_NACL_RANDOM)

random_device::random_device(const string& __token)		random_device::random_device(const string& __token)
: __f_(open(__token.c_str(), O_RDONLY))		: __f_(open(__token.c_str(), O_RDONLY))
{		{
if (__f_ < 0)		if (__f_ < 0)
__throw_system_error(errno, ("random_device failed to open " + __token).c_str());		__throw_system_error(errno, ("random_device failed to open " + __token).c_str());
}		}

random_device::~random_device()		random_device::~random_device()
Show All 18 Lines	while (n > 0)
__throw_system_error(errno, "random_device got an unexpected error");		__throw_system_error(errno, "random_device got an unexpected error");
continue;		continue;
}		}
n -= static_cast<size_t>(s);		n -= static_cast<size_t>(s);
p += static_cast<size_t>(s);		p += static_cast<size_t>(s);
}		}
return r;		return r;
}		}
#endif // defined(_WIN32)
		#endif // defined(_WIN32) \|\| defined(_LIBCPP_USING_NACL_RANDOM)

double		double
random_device::entropy() const _NOEXCEPT		random_device::entropy() const _NOEXCEPT
{		{
return 0;		return 0;
}		}

_LIBCPP_END_NAMESPACE_STD		_LIBCPP_END_NAMESPACE_STD

libcxx/trunk/test/numerics/rand/rand.device/ctor.pass.cpp

	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//
	//			//
	// The LLVM Compiler Infrastructure			// The LLVM Compiler Infrastructure
	//			//
	// This file is dual licensed under the MIT and the University of Illinois Open			// This file is dual licensed under the MIT and the University of Illinois Open
	// Source Licenses. See LICENSE.TXT for details.			// Source Licenses. See LICENSE.TXT for details.
	//			//
	//===----------------------------------------------------------------------===//			//===----------------------------------------------------------------------===//

	// <random>			// <random>

	// class random_device;			// class random_device;

	// explicit random_device(const string& token = "/dev/urandom");			// explicit random_device(const string& token = implementation-defined);

				// For the following ctors, the standard states: "The semantics and default
				// value of the token parameter are implementation-defined". Implementations
				// therefore aren't required to accept any string, but the default shouldn't
				// throw.

	#include <random>			#include <random>
	#include <cassert>			#include <cassert>
	#include <unistd.h>			#include <unistd.h>

	int main()			bool is_valid_random_device(const std::string &token) {
	{			#if defined(_WIN32)
	try			return true;
	{			#elif defined(_LIBCPP_USING_NACL_RANDOM)
	std::random_device r("wrong file");			return token == "/dev/urandom";
	assert(false);			#else // !defined(_WIN32) && !defined(_LIBCPP_USING_NACL_RANDOM)
				// Not an exhaustive list: they're the only tokens that are tested below.
				return token == "/dev/urandom" \|\| token == "/dev/random";
				#endif // defined(_WIN32) \|\| defined(_LIBCPP_USING_NACL_RANDOM)
	}			}
	catch (const std::system_error& e)
	{			void check_random_device_valid(const std::string &token) {
				std::random_device r(token);
				}

				void check_random_device_invalid(const std::string &token) {
				try {
				std::random_device r(token);
				assert(false);
				} catch (const std::system_error &e) {
	}			}
	{
	std::random_device r;
	}			}

				int main() {
				{ std::random_device r; }

	{			{
	int ec;			int ec;
	ec = close(STDIN_FILENO);			ec = close(STDIN_FILENO);
	assert(!ec);			assert(!ec);
	ec = close(STDOUT_FILENO);			ec = close(STDOUT_FILENO);
	assert(!ec);			assert(!ec);
	ec = close(STDERR_FILENO);			ec = close(STDERR_FILENO);
	assert(!ec);			assert(!ec);
	std::random_device r;			std::random_device r;
	}			}

	{			{
	std::random_device r("/dev/urandom");;			std::string token = "wrong file";
				if (is_valid_random_device(token))
				check_random_device_valid(token);
				else
				check_random_device_invalid(token);
	}			}

				{
				std::string token = "/dev/urandom";
				if (is_valid_random_device(token))
				check_random_device_valid(token);
				else
				check_random_device_invalid(token);
				}

	{			{
	std::random_device r("/dev/random");;			std::string token = "/dev/random";
				if (is_valid_random_device(token))
				check_random_device_valid(token);
				else
				check_random_device_invalid(token);
	}			}
	}			}

This is an archive of the discontinued LLVM Phabricator instance.

libc++: add NaCl and PNaCl support for std::random_device
ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 16776

libcxx/trunk/include/__config

libcxx/trunk/include/random

libcxx/trunk/src/random.cpp

libcxx/trunk/test/numerics/rand/rand.device/ctor.pass.cpp

This is an archive of the discontinued LLVM Phabricator instance.

libc++: add NaCl and PNaCl support for std::random_deviceClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 16776

libcxx/trunk/include/__config

libcxx/trunk/include/random

libcxx/trunk/src/random.cpp

libcxx/trunk/test/numerics/rand/rand.device/ctor.pass.cpp

libc++: add NaCl and PNaCl support for std::random_device
ClosedPublic