Migrate all in-repo crates to edition 2024

Most of this just means wrapping the bodies of `mem` functions in
`unsafe` and updating `no_mangle` / `extern`.

Author: tgross35

Cargo.toml

@@ -7,7 +7,7 @@ readme = "README.md"
 repository = "https://github.com/rust-lang/compiler-builtins"
 homepage = "https://github.com/rust-lang/compiler-builtins"
 documentation = "https://docs.rs/compiler_builtins"
-edition = "2021"
+edition = "2024"
 description = """
 Compiler intrinsics used by the Rust compiler. Also available for other targets
 if necessary!

crates/panic-handler/Cargo.toml

@@ -2,7 +2,7 @@
 name = "panic-handler"
 version = "0.1.0"
 authors = ["Alex Crichton <[email protected]>"]
-edition = "2021"
+edition = "2024"
 publish = false
 
 [dependencies]

examples/intrinsics.rs

@@ -17,7 +17,7 @@ extern crate panic_handler;
 
 #[cfg(all(not(thumb), not(windows), not(target_arch = "wasm32")))]
 #[link(name = "c")]
-extern "C" {}
+unsafe extern "C" {}
 
 // Every function in this module maps will be lowered to an intrinsic by LLVM, if the platform
 // doesn't have native support for the operation used in the function. ARM has a naming convention
@@ -626,7 +626,7 @@ fn run() {
 
     something_with_a_dtor(&|| assert_eq!(bb(1), 1));
 
-    extern "C" {
+    unsafe extern "C" {
         fn rust_begin_unwind(x: usize);
     }
 
@@ -647,14 +647,14 @@ fn something_with_a_dtor(f: &dyn Fn()) {
     f();
 }
 
-#[no_mangle]
+#[unsafe(no_mangle)]
 #[cfg(not(thumb))]
 fn main(_argc: core::ffi::c_int, _argv: *const *const u8) -> core::ffi::c_int {
     run();
     0
 }
 
-#[no_mangle]
+#[unsafe(no_mangle)]
 #[cfg(thumb)]
 pub fn _start() -> ! {
     run();
@@ -664,23 +664,23 @@ pub fn _start() -> ! {
 #[cfg(windows)]
 #[link(name = "kernel32")]
 #[link(name = "msvcrt")]
-extern "C" {}
+unsafe extern "C" {}
 
 // ARM targets need these symbols
-#[no_mangle]
+#[unsafe(no_mangle)]
 pub fn __aeabi_unwind_cpp_pr0() {}
 
-#[no_mangle]
+#[unsafe(no_mangle)]
 pub fn __aeabi_unwind_cpp_pr1() {}
 
 #[cfg(not(windows))]
 #[allow(non_snake_case)]
-#[no_mangle]
+#[unsafe(no_mangle)]
 pub fn _Unwind_Resume() {}
 
 #[cfg(not(windows))]
 #[lang = "eh_personality"]
-#[no_mangle]
+#[unsafe(no_mangle)]
 pub extern "C" fn eh_personality() {}
 
 #[cfg(all(windows, target_env = "gnu"))]

src/macros.rs

@@ -255,7 +255,7 @@ macro_rules! intrinsics {
 
         #[cfg(all(any(windows, target_os = "uefi"), target_arch = "x86_64", not(feature = "mangled-names")))]
         mod $name {
-            #[no_mangle]
+            #[unsafe(no_mangle)]
             #[cfg_attr(not(all(windows, target_env = "gnu")), linkage = "weak")]
             extern $abi fn $name( $($argname: $ty),* )
                 -> $crate::macros::win64_128bit_abi_hack::U64x2
@@ -320,7 +320,7 @@ macro_rules! intrinsics {
 
         #[cfg(all(target_vendor = "apple", any(target_arch = "x86", target_arch = "x86_64"), not(feature = "mangled-names")))]
         mod $name {
-            #[no_mangle]
+            #[unsafe(no_mangle)]
             #[cfg_attr(not(all(windows, target_env = "gnu")), linkage = "weak")]
             $(#[$($attr)*])*
             extern $abi fn $name( $($argname: u16),* ) $(-> $ret)? {
@@ -356,7 +356,7 @@ macro_rules! intrinsics {
 
         #[cfg(all(target_vendor = "apple", any(target_arch = "x86", target_arch = "x86_64"), not(feature = "mangled-names")))]
         mod $name {
-            #[no_mangle]
+            #[unsafe(no_mangle)]
             #[cfg_attr(not(all(windows, target_env = "gnu")), linkage = "weak")]
             $(#[$($attr)*])*
             extern $abi fn $name( $($argname: $ty),* ) -> u16 {
@@ -397,7 +397,7 @@ macro_rules! intrinsics {
 
         #[cfg(all(target_arch = "arm", not(feature = "mangled-names")))]
         mod $name {
-            #[no_mangle]
+            #[unsafe(no_mangle)]
             #[cfg_attr(not(all(windows, target_env = "gnu")), linkage = "weak")]
             $(#[$($attr)*])*
             extern $abi fn $name( $($argname: $ty),* ) $(-> $ret)? {
@@ -407,7 +407,7 @@ macro_rules! intrinsics {
 
         #[cfg(all(target_arch = "arm", not(feature = "mangled-names")))]
         mod $alias {
-            #[no_mangle]
+            #[unsafe(no_mangle)]
             #[cfg_attr(not(all(windows, target_env = "gnu")), linkage = "weak")]
             $(#[$($attr)*])*
             extern "aapcs" fn $alias( $($argname: $ty),* ) $(-> $ret)? {
@@ -474,7 +474,7 @@ macro_rules! intrinsics {
         #[cfg(all(feature = "mem", not(feature = "mangled-names")))]
         mod $name {
             $(#[$($attr)*])*
-            #[no_mangle]
+            #[unsafe(no_mangle)]
             #[cfg_attr(not(all(windows, target_env = "gnu")), linkage = "weak")]
             unsafe extern $abi fn $name( $($argname: $ty),* ) $(-> $ret)? {
                 super::$name($($argname),*)
@@ -499,7 +499,7 @@ macro_rules! intrinsics {
         pub mod $name {
             #[naked]
             $(#[$($attr)*])*
-            #[cfg_attr(not(feature = "mangled-names"), no_mangle)]
+            #[cfg_attr(not(feature = "mangled-names"), unsafe(no_mangle))]
             #[cfg_attr(not(all(windows, target_env = "gnu")), linkage = "weak")]
             pub unsafe extern $abi fn $name( $($argname: $ty),* ) $(-> $ret)? {
                 $($body)*
@@ -566,10 +566,10 @@ macro_rules! intrinsics {
         #[cfg(not(feature = "mangled-names"))]
         mod $name {
             $(#[$($attr)*])*
-            #[no_mangle]
+            #[unsafe(no_mangle)]
             #[cfg_attr(not(all(windows, target_env = "gnu")), linkage = "weak")]
             $(unsafe $($empty)?)? extern $abi fn $name( $($argname: $ty),* ) $(-> $ret)? {
-                super::$name($($argname),*)
+                $(unsafe $($empty)?)? { super::$name($($argname),*) }
             }
         }
 

src/mem/impls.rs

@@ -33,12 +33,16 @@ const WORD_COPY_THRESHOLD: usize = if 2 * WORD_SIZE > 16 {
     16
 };
 
+/// `x` must be valid for a read of `usize`.
 #[cfg(feature = "mem-unaligned")]
 unsafe fn read_usize_unaligned(x: *const usize) -> usize {
+    type Arr = [u8; core::mem::size_of::<usize>()];
     // Do not use `core::ptr::read_unaligned` here, since it calls `copy_nonoverlapping` which
     // is translated to memcpy in LLVM.
-    let x_read = (x as *const [u8; core::mem::size_of::<usize>()]).read();
-    core::mem::transmute(x_read)
+    // SAFETY: x is valid for reads by preconditions.
+    let x_read = unsafe { (x as *const Arr).read() };
+    // SAFETY: Same-sized POD cast
+    unsafe { core::mem::transmute::<Arr, usize>(x_read) }
 }
 
 #[inline(always)]
@@ -47,7 +51,7 @@ pub unsafe fn copy_forward(mut dest: *mut u8, mut src: *const u8, mut n: usize)
     unsafe fn copy_forward_bytes(mut dest: *mut u8, mut src: *const u8, n: usize) {
         let dest_end = dest.wrapping_add(n);
         while dest < dest_end {
-            *dest = *src;
+            unsafe { *dest = *src };
             dest = dest.wrapping_add(1);
             src = src.wrapping_add(1);
         }
@@ -60,7 +64,7 @@ pub unsafe fn copy_forward(mut dest: *mut u8, mut src: *const u8, mut n: usize)
         let dest_end = dest.wrapping_add(n) as *mut usize;
 
         while dest_usize < dest_end {
-            *dest_usize = *src_usize;
+            unsafe { *dest_usize = *src_usize };
             dest_usize = dest_usize.wrapping_add(1);
             src_usize = src_usize.wrapping_add(1);
         }
@@ -108,7 +112,7 @@ pub unsafe fn copy_forward(mut dest: *mut u8, mut src: *const u8, mut n: usize)
         let dest_end = dest.wrapping_add(n) as *mut usize;
 
         while dest_usize < dest_end {
-            *dest_usize = read_usize_unaligned(src_usize);
+            unsafe { *dest_usize = read_usize_unaligned(src_usize) };
             dest_usize = dest_usize.wrapping_add(1);
             src_usize = src_usize.wrapping_add(1);
         }
@@ -117,24 +121,26 @@ pub unsafe fn copy_forward(mut dest: *mut u8, mut src: *const u8, mut n: usize)
     if n >= WORD_COPY_THRESHOLD {
         // Align dest
         // Because of n >= 2 * WORD_SIZE, dst_misalignment < n
-        let dest_misalignment = (dest as usize).wrapping_neg() & WORD_MASK;
-        copy_forward_bytes(dest, src, dest_misalignment);
-        dest = dest.wrapping_add(dest_misalignment);
-        src = src.wrapping_add(dest_misalignment);
-        n -= dest_misalignment;
-
-        let n_words = n & !WORD_MASK;
-        let src_misalignment = src as usize & WORD_MASK;
-        if likely(src_misalignment == 0) {
-            copy_forward_aligned_words(dest, src, n_words);
-        } else {
-            copy_forward_misaligned_words(dest, src, n_words);
+        unsafe {
+            let dest_misalignment = (dest as usize).wrapping_neg() & WORD_MASK;
+            copy_forward_bytes(dest, src, dest_misalignment);
+            dest = dest.wrapping_add(dest_misalignment);
+            src = src.wrapping_add(dest_misalignment);
+            n -= dest_misalignment;
+            let n_words = n & !WORD_MASK;
+            let src_misalignment = src as usize & WORD_MASK;
+            if likely(src_misalignment == 0) {
+                copy_forward_aligned_words(dest, src, n_words);
+            } else {
+                copy_forward_misaligned_words(dest, src, n_words);
+            }
+            dest = dest.wrapping_add(n_words);
+            src = src.wrapping_add(n_words);
+            n -= n_words;
         }
-        dest = dest.wrapping_add(n_words);
-        src = src.wrapping_add(n_words);
-        n -= n_words;
     }
-    copy_forward_bytes(dest, src, n);
+
+    unsafe { copy_forward_bytes(dest, src, n) };
 }
 
 #[inline(always)]
@@ -147,7 +153,7 @@ pub unsafe fn copy_backward(dest: *mut u8, src: *const u8, mut n: usize) {
         while dest_start < dest {
             dest = dest.wrapping_sub(1);
             src = src.wrapping_sub(1);
-            *dest = *src;
+            unsafe { *dest = *src };
         }
     }
 
@@ -160,7 +166,7 @@ pub unsafe fn copy_backward(dest: *mut u8, src: *const u8, mut n: usize) {
         while dest_start < dest_usize {
             dest_usize = dest_usize.wrapping_sub(1);
             src_usize = src_usize.wrapping_sub(1);
-            *dest_usize = *src_usize;
+            unsafe { *dest_usize = *src_usize };
         }
     }
 
@@ -180,13 +186,13 @@ pub unsafe fn copy_backward(dest: *mut u8, src: *const u8, mut n: usize) {
         // cfg needed because not all targets will have atomic loads that can be lowered
         // (e.g. BPF, MSP430), or provided by an external library (e.g. RV32I)
         #[cfg(target_has_atomic_load_store = "ptr")]
-        let mut prev_word = core::intrinsics::atomic_load_unordered(src_aligned);
+        let mut prev_word = unsafe { core::intrinsics::atomic_load_unordered(src_aligned) };
         #[cfg(not(target_has_atomic_load_store = "ptr"))]
-        let mut prev_word = core::ptr::read_volatile(src_aligned);
+        let mut prev_word = unsafe { core::ptr::read_volatile(src_aligned) };
 
         while dest_start < dest_usize {
             src_aligned = src_aligned.wrapping_sub(1);
-            let cur_word = *src_aligned;
+            let cur_word = unsafe { *src_aligned };
             #[cfg(target_endian = "little")]
             let resembled = prev_word << (WORD_SIZE * 8 - shift) | cur_word >> shift;
             #[cfg(target_endian = "big")]
@@ -208,7 +214,7 @@ pub unsafe fn copy_backward(dest: *mut u8, src: *const u8, mut n: usize) {
         while dest_start < dest_usize {
             dest_usize = dest_usize.wrapping_sub(1);
             src_usize = src_usize.wrapping_sub(1);
-            *dest_usize = read_usize_unaligned(src_usize);
+            unsafe { *dest_usize = read_usize_unaligned(src_usize) };
         }
     }
 
@@ -218,24 +224,26 @@ pub unsafe fn copy_backward(dest: *mut u8, src: *const u8, mut n: usize) {
     if n >= WORD_COPY_THRESHOLD {
         // Align dest
         // Because of n >= 2 * WORD_SIZE, dst_misalignment < n
-        let dest_misalignment = dest as usize & WORD_MASK;
-        copy_backward_bytes(dest, src, dest_misalignment);
-        dest = dest.wrapping_sub(dest_misalignment);
-        src = src.wrapping_sub(dest_misalignment);
-        n -= dest_misalignment;
-
-        let n_words = n & !WORD_MASK;
-        let src_misalignment = src as usize & WORD_MASK;
-        if likely(src_misalignment == 0) {
-            copy_backward_aligned_words(dest, src, n_words);
-        } else {
-            copy_backward_misaligned_words(dest, src, n_words);
+        unsafe {
+            let dest_misalignment = dest as usize & WORD_MASK;
+            copy_backward_bytes(dest, src, dest_misalignment);
+            dest = dest.wrapping_sub(dest_misalignment);
+            src = src.wrapping_sub(dest_misalignment);
+            n -= dest_misalignment;
+
+            let n_words = n & !WORD_MASK;
+            let src_misalignment = src as usize & WORD_MASK;
+            if likely(src_misalignment == 0) {
+                copy_backward_aligned_words(dest, src, n_words);
+            } else {
+                copy_backward_misaligned_words(dest, src, n_words);
+            }
+            dest = dest.wrapping_sub(n_words);
+            src = src.wrapping_sub(n_words);
+            n -= n_words;
         }
-        dest = dest.wrapping_sub(n_words);
-        src = src.wrapping_sub(n_words);
-        n -= n_words;
     }
-    copy_backward_bytes(dest, src, n);
+    unsafe { copy_backward_bytes(dest, src, n) };
 }
 
 #[inline(always)]
@@ -244,7 +252,7 @@ pub unsafe fn set_bytes(mut s: *mut u8, c: u8, mut n: usize) {
     pub unsafe fn set_bytes_bytes(mut s: *mut u8, c: u8, n: usize) {
         let end = s.wrapping_add(n);
         while s < end {
-            *s = c;
+            unsafe { *s = c };
             s = s.wrapping_add(1);
         }
     }
@@ -262,7 +270,7 @@ pub unsafe fn set_bytes(mut s: *mut u8, c: u8, mut n: usize) {
         let end = s.wrapping_add(n) as *mut usize;
 
         while s_usize < end {
-            *s_usize = broadcast;
+            unsafe { *s_usize = broadcast };
             s_usize = s_usize.wrapping_add(1);
         }
     }
@@ -271,24 +279,25 @@ pub unsafe fn set_bytes(mut s: *mut u8, c: u8, mut n: usize) {
         // Align s
         // Because of n >= 2 * WORD_SIZE, dst_misalignment < n
         let misalignment = (s as usize).wrapping_neg() & WORD_MASK;
-        set_bytes_bytes(s, c, misalignment);
+        unsafe { set_bytes_bytes(s, c, misalignment) };
         s = s.wrapping_add(misalignment);
         n -= misalignment;
 
         let n_words = n & !WORD_MASK;
-        set_bytes_words(s, c, n_words);
+        unsafe { set_bytes_words(s, c, n_words) };
         s = s.wrapping_add(n_words);
         n -= n_words;
     }
-    set_bytes_bytes(s, c, n);
+    unsafe { set_bytes_bytes(s, c, n) };
 }
 
+/// `memcmp` implementation. `s1` and `s2` must be valid for `n`.
 #[inline(always)]
 pub unsafe fn compare_bytes(s1: *const u8, s2: *const u8, n: usize) -> i32 {
     let mut i = 0;
     while i < n {
-        let a = *s1.wrapping_add(i);
-        let b = *s2.wrapping_add(i);
+        // SAFETY: `i < n`, thus the reads are valid by preconditions.
+        let (a, b) = unsafe { (*s1.wrapping_add(i), *s2.wrapping_add(i)) };
         if a != b {
             return a as i32 - b as i32;
         }
@@ -297,10 +306,12 @@ pub unsafe fn compare_bytes(s1: *const u8, s2: *const u8, n: usize) -> i32 {
     0
 }
 
+/// `strlen` implementation. `s` must be valid for reads up to and including a null character.
 #[inline(always)]
 pub unsafe fn c_string_length(mut s: *const core::ffi::c_char) -> usize {
     let mut n = 0;
-    while *s != 0 {
+    // SAFETY: safe to read until after the first `*s == 0`
+    while unsafe { *s } != 0 {
         n += 1;
         s = s.wrapping_add(1);
     }