Auto merge of #935 - christianpoveda:blacklist-env-vars, r=RalfJung

Exclude environment variables from host communication

related issue: #933

r? @RalfJung

Author: bors

README.md

@@ -160,6 +160,8 @@ Several `-Z` flags are relevant for Miri:
 * `-Zmiri-disable-isolation` disables host host isolation.  As a consequence,
   the program has access to host resources such as environment variables and
   randomness (and, eventually, file systems and more).
+* `-Zmiri-env-exclude=<var>` keeps the `var` environment variable isolated from 
+  the host. Can be used multiple times to exclude several variables.
 * `-Zmir-opt-level` controls how many MIR optimizations are performed.  Miri
   overrides the default to be `0`; be advised that using any higher level can
   make Miri miss bugs in your program because they got optimized away.

benches/helpers/miri_helper.rs

@@ -28,6 +28,7 @@ impl rustc_driver::Callbacks for MiriCompilerCalls<'_> {
                 let config = miri::MiriConfig {
                     validate: true,
                     communicate: false,
+                    excluded_env_vars: vec![],
                     args: vec![],
                     seed: None,
                 };

src/bin/miri-rustc-tests.rs

@@ -51,6 +51,7 @@ impl rustc_driver::Callbacks for MiriCompilerCalls {
                                 let config = MiriConfig {
                                     validate: true,
                                     communicate: false,
+                                    excluded_env_vars: vec![],
                                     args: vec![],
                                     seed: None,
                                 };
@@ -69,6 +70,7 @@ impl rustc_driver::Callbacks for MiriCompilerCalls {
                 let config = MiriConfig {
                     validate: true,
                     communicate: false,
+                    excluded_env_vars: vec![],
                     args: vec![],
                     seed: None
                 };

src/bin/miri.rs

@@ -135,6 +135,7 @@ fn main() {
     let mut rustc_args = vec![];
     let mut miri_args = vec![];
     let mut after_dashdash = false;
+    let mut excluded_env_vars = vec![];
     for arg in std::env::args() {
         if rustc_args.is_empty() {
             // Very first arg: for `rustc`.
@@ -175,6 +176,9 @@ fn main() {
                     seed = Some(u64::from_be_bytes(bytes));
 
                 },
+                arg if arg.starts_with("-Zmiri-env-exclude=") => {
+                    excluded_env_vars.push(arg.trim_start_matches("-Zmiri-env-exclude=").to_owned());
+                },
                 _ => {
                     rustc_args.push(arg);
                 }
@@ -200,7 +204,13 @@ fn main() {
 
     debug!("rustc arguments: {:?}", rustc_args);
     debug!("miri arguments: {:?}", miri_args);
-    let miri_config = miri::MiriConfig { validate, communicate, args: miri_args, seed };
+    let miri_config = miri::MiriConfig {
+        validate,
+        communicate,
+        excluded_env_vars,
+        seed,
+        args: miri_args,
+    };
     let result = rustc_driver::report_ices_to_stderr_if_any(move || {
         rustc_driver::run_compiler(&rustc_args, &mut MiriCompilerCalls { miri_config }, None, None)
     }).and_then(|result| result);

src/eval.rs

@@ -22,6 +22,9 @@ pub struct MiriConfig {
     pub validate: bool,
     /// Determines if communication with the host environment is enabled.
     pub communicate: bool,
+    /// Environment variables that should always be isolated from the host.
+    pub excluded_env_vars: Vec<String>,
+    /// Command-line arguments passed to the interpreted program.
     pub args: Vec<String>,
     /// The seed to use when non-determinism or randomness are required (e.g. ptr-to-int cast, `getrandom()`).
     pub seed: Option<u64>,
@@ -40,7 +43,7 @@ pub fn create_ecx<'mir, 'tcx: 'mir>(
         MemoryExtra::new(StdRng::seed_from_u64(config.seed.unwrap_or(0)), config.validate),
     );
     // Complete initialization.
-    EnvVars::init(&mut ecx);
+    EnvVars::init(&mut ecx, config.excluded_env_vars);
 
     // Setup first stack-frame
     let main_instance = ty::Instance::mono(ecx.tcx.tcx, main_id);

src/shims/env.rs

@@ -15,11 +15,14 @@ pub struct EnvVars {
 impl EnvVars {
     pub(crate) fn init<'mir, 'tcx>(
         ecx: &mut InterpCx<'mir, 'tcx, Evaluator<'tcx>>,
+        excluded_env_vars: Vec<String>,
     ) {
         if ecx.machine.communicate {
             for (name, value) in std::env::vars() {
-                let var_ptr = alloc_env_var(name.as_bytes(), value.as_bytes(), ecx.memory_mut());
-                ecx.machine.env_vars.map.insert(name.into_bytes(), var_ptr);
+                if !excluded_env_vars.contains(&name) {
+                    let var_ptr = alloc_env_var(name.as_bytes(), value.as_bytes(), ecx.memory_mut());
+                    ecx.machine.env_vars.map.insert(name.into_bytes(), var_ptr);
+                }
             }
         }
     }

tests/run-pass/env-exclude.rs

@@ -0,0 +1,6 @@
+// ignore-windows: TODO env var emulation stubbed out on Windows
+// compile-flags: -Zmiri-disable-isolation -Zmiri-env-exclude=MIRI_ENV_VAR_TEST
+
+fn main() {
+    assert!(std::env::var("MIRI_ENV_VAR_TEST").is_err());
+}