[libc-commits] [libc] [libc] Add tmpnam implementation (PR #204901)
via libc-commits
libc-commits at lists.llvm.org
Fri Jun 19 17:55:18 PDT 2026
llvmorg-github-actions[bot] wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-libc
Author: Shubh Pachchigar (shubhe25p)
<details>
<summary>Changes</summary>
Implements tmpnam per the POSIX specification and adds unit tests.
Assisted by: Claude
Addresses: #<!-- -->191280
---
Full diff: https://github.com/llvm/llvm-project/pull/204901.diff
8 Files Affected:
- (modified) libc/config/linux/x86_64/entrypoints.txt (+1)
- (modified) libc/include/llvm-libc-macros/stdio-macros.h (+12)
- (modified) libc/include/stdio.yaml (+6)
- (modified) libc/src/stdio/CMakeLists.txt (+15)
- (added) libc/src/stdio/tmpnam.cpp (+89)
- (added) libc/src/stdio/tmpnam.h (+37)
- (modified) libc/test/src/stdio/CMakeLists.txt (+12)
- (added) libc/test/src/stdio/tmpnam_test.cpp (+150)
``````````diff
diff --git a/libc/config/linux/x86_64/entrypoints.txt b/libc/config/linux/x86_64/entrypoints.txt
index ce88a6749d9dc..a684f8930494b 100644
--- a/libc/config/linux/x86_64/entrypoints.txt
+++ b/libc/config/linux/x86_64/entrypoints.txt
@@ -1356,6 +1356,7 @@ if(LLVM_LIBC_FULL_BUILD)
libc.src.stdio.stdin
libc.src.stdio.stdout
libc.src.stdio.ungetc
+ libc.src.stdio.tmpnam
# stdlib.h entrypoints
libc.src.stdlib._Exit
diff --git a/libc/include/llvm-libc-macros/stdio-macros.h b/libc/include/llvm-libc-macros/stdio-macros.h
index 96f0e6933ade6..211d00b83a9e5 100644
--- a/libc/include/llvm-libc-macros/stdio-macros.h
+++ b/libc/include/llvm-libc-macros/stdio-macros.h
@@ -55,4 +55,16 @@ extern FILE *stderr;
#define SEEK_END 2
#endif
+#ifndef L_tmpnam
+#define L_tmpnam 20
+#endif
+
+#ifndef TMP_MAX
+#define TMP_MAX 238328
+#endif
+
+#ifndef P_tmpdir
+#define P_tmpdir "/tmp"
+#endif
+
#endif // LLVM_LIBC_MACROS_STDIO_MACROS_H
diff --git a/libc/include/stdio.yaml b/libc/include/stdio.yaml
index 4b12698e2484d..aaa1fec8eac61 100644
--- a/libc/include/stdio.yaml
+++ b/libc/include/stdio.yaml
@@ -396,6 +396,12 @@ functions:
- type: const char *__restrict
- type: const char *__restrict
- type: '...'
+ - name: tmpnam
+ standards:
+ - stdc
+ return_type: char *
+ arguments:
+ - type: char *
- name: ungetc
standards:
- stdc
diff --git a/libc/src/stdio/CMakeLists.txt b/libc/src/stdio/CMakeLists.txt
index feee8d60d1c60..f8375a2a7905a 100644
--- a/libc/src/stdio/CMakeLists.txt
+++ b/libc/src/stdio/CMakeLists.txt
@@ -243,6 +243,21 @@ add_entrypoint_object(
.${LIBC_TARGET_OS}.remove
)
+add_entrypoint_object(
+ tmpnam
+ SRCS
+ tmpnam.cpp
+ HDRS
+ tmpnam.h
+ DEPENDS
+ libc.hdr.stdio_macros
+ libc.hdr.errno_macros
+ libc.src.stdio.snprintf
+ libc.src.__support.CPP.atomic
+ libc.hdr.unistd_macros
+ libc.src.__support.OSUtil.osutil
+)
+
add_entrypoint_object(
rename
ALIAS
diff --git a/libc/src/stdio/tmpnam.cpp b/libc/src/stdio/tmpnam.cpp
new file mode 100644
index 0000000000000..ce6687feed175
--- /dev/null
+++ b/libc/src/stdio/tmpnam.cpp
@@ -0,0 +1,89 @@
+//===----------------------------------------------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+///
+/// \file
+/// Declaration of tmpnam, a POSIX function that generate a string that is a
+/// valid pathname that does not name an existing file. The function is
+/// potentially capable of generating {TMP_MAX} different strings, but any or
+/// all of them may already be in use by existing files and thus not be suitable
+/// return values.
+///
+/// The tmpnam() function generates a different string each time it is called
+/// from the same process, up to {TMP_MAX} times. If it is called more than
+/// {TMP_MAX} times, it returns nullptr. If called with a null pointer argument,
+// the tmpnam() function need not be thread-safe; however, such calls shall
+// avoid data races with calls to tmpnam() with a non-null argument and with
+// calls to all other functions.See:
+/// https://pubs.opengroup.org/onlinepubs/9799919799/functions/tmpnam.html
+///
+//===----------------------------------------------------------------------===//
+
+#include "src/stdio/tmpnam.h"
+#include "hdr/errno_macros.h"
+#include "hdr/stdio_macros.h"
+#include "hdr/unistd_macros.h"
+#include "src/__support/CPP/atomic.h"
+#include "src/__support/OSUtil/linux/syscall_wrappers/access.h"
+#include "src/__support/OSUtil/linux/syscall_wrappers/getrandom.h"
+#include "src/__support/macros/config.h"
+#include "src/stdio/snprintf.h"
+
+namespace LIBC_NAMESPACE_DECL {
+
+static char tmpbuf[L_tmpnam];
+static cpp::Atomic<size_t> tmpnam_budget = TMP_MAX;
+
+/* partially thread-safe */
+LLVM_LIBC_FUNCTION(char *, tmpnam, (char *s)) {
+ if (s == nullptr)
+ s = tmpbuf;
+
+ // here if the s is null then use tmpbuf and if sizeof
+ // POSIX portable filename character set, sorted by ASCII value.
+ // See
+ // https://pubs.opengroup.org/onlinepubs/9799919799/basedefs/V1_chap03.html#tag_03_265
+ const char charset[] = "-._0123456789"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz";
+
+ int prefix_size = LIBC_NAMESPACE::snprintf(s, L_tmpnam, "%s/", P_tmpdir);
+
+ int is_unique = 0;
+ while (is_unique == 0) {
+ size_t curr_budget = tmpnam_budget.load(cpp::MemoryOrder::RELAXED);
+
+ do {
+ if (curr_budget == 0)
+ break;
+ } while (
+ !tmpnam_budget.compare_exchange_strong(curr_budget, curr_budget - 1));
+
+ if (curr_budget == 0)
+ break;
+
+ for (size_t i = prefix_size; i < L_tmpnam - 1; i++) {
+ uint8_t rand_byte;
+ auto ret = linux_syscalls::getrandom(&rand_byte, 1, 0);
+ if (!ret.has_value()) {
+ /* return nullptr when getrandom fails but consume tmpnam budget */
+ return nullptr;
+ }
+ s[i] = charset[rand_byte % (sizeof(charset) - 1)];
+ }
+ s[L_tmpnam - 1] = '\0';
+ auto res = linux_syscalls::access(s, F_OK);
+ is_unique = res.has_value() ? res.value()
+ : res.error(); /* this could be 0 or ENOENT */
+ }
+
+ if (is_unique == ENOENT)
+ return s;
+
+ return nullptr; /* if we exhaust budget we return */
+}
+} // namespace LIBC_NAMESPACE_DECL
diff --git a/libc/src/stdio/tmpnam.h b/libc/src/stdio/tmpnam.h
new file mode 100644
index 0000000000000..8f0d771edc50f
--- /dev/null
+++ b/libc/src/stdio/tmpnam.h
@@ -0,0 +1,37 @@
+//===----------------------------------------------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+///
+/// \file
+/// Declaration of tmpnam, a POSIX function that generate a string that is a
+/// valid pathname that does not name an existing file. The function is
+/// potentially capable of generating {TMP_MAX} different strings, but any or
+/// all of them may already be in use by existing files and thus not be suitable
+/// return values.
+///
+/// The tmpnam() function generates a different string each time it is called
+/// from the same process, up to {TMP_MAX} times. If it is called more than
+/// {TMP_MAX} times, the behavior is implementation-defined. The implementation
+/// shall behave as if no function defined in this volume of POSIX.1-2024 calls
+/// tmpnam(). If called with a null pointer argument, the tmpnam() function need
+/// not be See:
+/// https://pubs.opengroup.org/onlinepubs/9799919799/functions/tmpnam.html
+///
+//===----------------------------------------------------------------------===//
+
+#ifndef LLVM_LIBC_SRC_STDIO_TMPNAM_H
+#define LLVM_LIBC_SRC_STDIO_TMPNAM_H
+
+#include "src/__support/macros/config.h"
+
+namespace LIBC_NAMESPACE_DECL {
+
+char *tmpnam(char *s);
+
+} // namespace LIBC_NAMESPACE_DECL
+
+#endif // LLVM_LIBC_SRC_STDIO_TMPNAM_H
diff --git a/libc/test/src/stdio/CMakeLists.txt b/libc/test/src/stdio/CMakeLists.txt
index 9737dcba7f904..9e5a2b001b12b 100644
--- a/libc/test/src/stdio/CMakeLists.txt
+++ b/libc/test/src/stdio/CMakeLists.txt
@@ -599,6 +599,18 @@ add_libc_test(
libc.src.stdio.setvbuf
)
+add_libc_test(
+ tmpnam_test
+ SUITE
+ libc_stdio_unittests
+ SRCS
+ tmpnam_test.cpp
+ DEPENDS
+ libc.src.stdio.tmpnam
+ libc.src.__support.CPP.string_view
+ libc.hdr.stdio_macros
+)
+
# Create an output directory for any temporary test files.
file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/testdata)
diff --git a/libc/test/src/stdio/tmpnam_test.cpp b/libc/test/src/stdio/tmpnam_test.cpp
new file mode 100644
index 0000000000000..23e645b3c4e69
--- /dev/null
+++ b/libc/test/src/stdio/tmpnam_test.cpp
@@ -0,0 +1,150 @@
+//===----------------------------------------------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+///
+/// \file
+/// Tests for tmpnam
+/// See: https://pubs.opengroup.org/onlinepubs/9799919799/functions/tmpnam.html
+///
+//===----------------------------------------------------------------------===//
+#include "src/stdio/tmpnam.h"
+
+#include "hdr/stdio_macros.h"
+#include "src/__support/CPP/string_view.h"
+#include "src/__support/macros/config.h"
+#include "test/UnitTest/Test.h"
+
+#include <stddef.h> // size_t
+
+namespace {
+
+using LIBC_NAMESPACE::cpp::string_view;
+
+// The portable filename character set the implementation draws from, plus the
+// '/' that appears in the P_tmpdir prefix. Any byte in a returned name must be
+// one of these.
+constexpr char kAllowed[] = "-._/"
+ "0123456789"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz";
+
+bool only_allowed_chars(string_view sv) {
+ for (char c : sv) {
+ bool found = false;
+ for (size_t i = 0; kAllowed[i] != '\0'; ++i) {
+ if (c == kAllowed[i]) {
+ found = true;
+ break;
+ }
+ }
+ if (!found)
+ return false;
+ }
+ return true;
+}
+
+} // namespace
+
+// Caller-supplied buffer: the spec requires the return value to be exactly the
+// argument pointer, the string to be null-terminated within L_tmpnam bytes,
+// and the result to begin with the temp-dir prefix.
+TEST(LlvmLibcTmpnamTest, NonNullBufferReturnsSamePointer) {
+ char buf[L_tmpnam];
+ char *result = LIBC_NAMESPACE::tmpnam(buf);
+ ASSERT_EQ(result, buf);
+}
+
+TEST(LlvmLibcTmpnamTest, NonNullBufferIsNullTerminated) {
+ char buf[L_tmpnam];
+ char *result = LIBC_NAMESPACE::tmpnam(buf);
+ ASSERT_NE(result, static_cast<char *>(nullptr));
+ // A NULL must appear within the buffer bounds.
+ bool terminated = false;
+ for (size_t i = 0; i < L_tmpnam; ++i) {
+ if (result[i] == '\0') {
+ terminated = true;
+ break;
+ }
+ }
+ ASSERT_TRUE(terminated);
+}
+
+TEST(LlvmLibcTmpnamTest, ResultHasTempDirPrefix) {
+ char buf[L_tmpnam];
+ char *result = LIBC_NAMESPACE::tmpnam(buf);
+ ASSERT_NE(result, static_cast<char *>(nullptr));
+ string_view sv(result);
+ string_view prefix(P_tmpdir);
+ // P_tmpdir may not carry a trailing slash; the implementation always
+ // emits one separator, so check the directory portion is present at the head.
+ ASSERT_TRUE(sv.starts_with(prefix));
+}
+
+TEST(LlvmLibcTmpnamTest, ResultUsesOnlyPortableChars) {
+ char buf[L_tmpnam];
+ char *result = LIBC_NAMESPACE::tmpnam(buf);
+ ASSERT_NE(result, static_cast<char *>(nullptr));
+ ASSERT_TRUE(only_allowed_chars(string_view(result)));
+}
+
+// Null argument: the result lives in an internal static object; the returned
+// pointer must be non-null and carry the same structural guarantees.
+TEST(LlvmLibcTmpnamTest, NullBufferReturnsInternalObject) {
+ char *result = LIBC_NAMESPACE::tmpnam(nullptr);
+ ASSERT_NE(result, static_cast<char *>(nullptr));
+ string_view sv(result);
+ ASSERT_TRUE(sv.starts_with(string_view(P_tmpdir)));
+ ASSERT_TRUE(only_allowed_chars(sv));
+}
+
+// The core contract: the generated name must not already exist on disk.
+// We re-check existence here via the public access() entry point if available.
+TEST(LlvmLibcTmpnamTest, ResultLengthWithinBound) {
+ char buf[L_tmpnam];
+ char *result = LIBC_NAMESPACE::tmpnam(buf);
+ ASSERT_NE(result, static_cast<char *>(nullptr));
+ string_view sv(result);
+ ASSERT_LT(sv.size(), static_cast<size_t>(L_tmpnam));
+ // Must be strictly longer than the prefix: a prefix with no random suffix
+ // would mean the generator produced an empty suffix.
+ ASSERT_GT(sv.size(), string_view(P_tmpdir).size());
+}
+
+// Successive calls should produce distinct strings.
+TEST(LlvmLibcTmpnamTest, SuccessiveCallsDiffer) {
+ char a[L_tmpnam];
+ char b[L_tmpnam];
+ char *ra = LIBC_NAMESPACE::tmpnam(a);
+ char *rb = LIBC_NAMESPACE::tmpnam(b);
+ ASSERT_NE(ra, static_cast<char *>(nullptr));
+ ASSERT_NE(rb, static_cast<char *>(nullptr));
+ ASSERT_FALSE(string_view(ra) == string_view(rb));
+}
+
+// Two calls with a null argument must return the SAME pointer (the address of
+// the single internal static object) The contents, however, are overwritten by
+// the second call.
+TEST(LlvmLibcTmpnamTest, NullCallsShareObjectButDifferInContent) {
+ char *first = LIBC_NAMESPACE::tmpnam(nullptr);
+ ASSERT_NE(first, static_cast<char *>(nullptr));
+
+ // Snapshot the first result before it is overwritten.
+ char snapshot[L_tmpnam];
+ size_t i = 0;
+ for (; i < L_tmpnam && first[i] != '\0'; ++i)
+ snapshot[i] = first[i];
+ snapshot[i < L_tmpnam ? i : L_tmpnam - 1] = '\0';
+
+ char *second = LIBC_NAMESPACE::tmpnam(nullptr);
+ ASSERT_NE(second, static_cast<char *>(nullptr));
+
+ // Same backing object: identical address.
+ ASSERT_EQ(first, second);
+
+ // But the generated string changed
+ ASSERT_FALSE(string_view(snapshot) == string_view(second));
+}
``````````
</details>
https://github.com/llvm/llvm-project/pull/204901
More information about the libc-commits
mailing list