bjoernager/rust
bjoernager/rust
1
Fork 0
Code Activity

Rollup merge of #114412 - RalfJung:libc-symbols, r=pnkfelix

Browse source 
document our assumptions about symbols provided by the libc

LLVM makes assumptions about `memcmp`, `memmove`, and `memset` that go beyond what the C standard guarantees -- see https://reviews.llvm.org/D86993. Since we use LLVM, we are inheriting these assumptions.

With https://github.com/rust-lang/rust/pull/114382 we are also making a similar assumption about `memcmp`, so I added that to the list.

Fixes https://github.com/rust-lang/unsafe-code-guidelines/issues/426.
This commit is contained in:
Matthias Krüger 2023-09-05 15:16:47 +02:00 committed by GitHub
commit cbab5adf8a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

18
library/core/src/lib.rs
View file

@ -20,11 +20,19 @@
// FIXME: Fill me in with more detail when the interface settles // FIXME: Fill me in with more detail when the interface settles
//! This library is built on the assumption of a few existing symbols: //! This library is built on the assumption of a few existing symbols:
//! //!
//! * `memcpy`, `memcmp`, `memset`, `strlen` - These are core memory routines which are //! * `memcpy`, `memmove`, `memset`, `memcmp`, `bcmp`, `strlen` - These are core memory routines
//! often generated by LLVM. Additionally, this library can make explicit //! which are generated by Rust codegen backends. Additionally, this library can make explicit
//! calls to these functions. Their signatures are the same as found in C. //! calls to `strlen`. Their signatures are the same as found in C, but there are extra
//! These functions are often provided by the system libc, but can also be //! assumptions about their semantics: For `memcpy`, `memmove`, `memset`, `memcmp`, and `bcmp`, if
//! provided by the [compiler-builtins crate](https://crates.io/crates/compiler_builtins). //! the `n` parameter is 0, the function is assumed to not be UB. Furthermore, for `memcpy`, if
//! source and target pointer are equal, the function is assumed to not be UB.
//! (Note that these are [standard assumptions](https://reviews.llvm.org/D86993) among compilers.)
//! These functions are often provided by the system libc, but can also be provided by the
//! [compiler-builtins crate](https://crates.io/crates/compiler_builtins).
//! Note that the library does not guarantee that it will always make these assumptions, so Rust
//! user code directly calling the C functions should follow the C specification! The advice for
//! Rust user code is to call the functions provided by this library instead (such as
//! `ptr::copy`).
//! //!
//! * `rust_begin_panic` - This function takes four arguments, a //! * `rust_begin_panic` - This function takes four arguments, a
//! `fmt::Arguments`, a `&'static str`, and two `u32`'s. These four arguments //! `fmt::Arguments`, a `&'static str`, and two `u32`'s. These four arguments