From e7c4a453484da043e2affdd8320151beafec94b1 Mon Sep 17 00:00:00 2001
From: Joshua Nelson <github@jyn.dev>
Date: Mon, 26 Jun 2023 16:27:16 +0000
Subject: [PATCH] require naked functions to be unsafe again

they dereference raw pointers, so the caller needs to make sure the
pointer is valid.

note that this requires changing `maybe_use_optimized_c_shim` to support
unsafe functions.
---
 library/compiler-builtins/src/aarch64.rs | 8 ++++----
 library/compiler-builtins/src/macros.rs  | 8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/library/compiler-builtins/src/aarch64.rs b/library/compiler-builtins/src/aarch64.rs
index 1aaa1a69472b..ddbec6d327bd 100644
--- a/library/compiler-builtins/src/aarch64.rs
+++ b/library/compiler-builtins/src/aarch64.rs
@@ -131,7 +131,7 @@ macro_rules! compare_and_swap {
         intrinsics! {
             #[maybe_use_optimized_c_shim]
             #[naked]
-            pub extern "C" fn $name (
+            pub unsafe extern "C" fn $name (
                 expected: int_ty!($bytes), desired: int_ty!($bytes), ptr: *mut int_ty!($bytes)
             ) -> int_ty!($bytes) {
                 // We can't use `AtomicI8::compare_and_swap`; we *are* compare_and_swap.
@@ -162,7 +162,7 @@ macro_rules! compare_and_swap_i128 {
         intrinsics! {
             #[maybe_use_optimized_c_shim]
             #[naked]
-            pub extern "C" fn $name (
+            pub unsafe extern "C" fn $name (
                 expected: i128, desired: i128, ptr: *mut i128
             ) -> i128 {
                 unsafe { core::arch::asm! {
@@ -192,7 +192,7 @@ macro_rules! swap {
         intrinsics! {
             #[maybe_use_optimized_c_shim]
             #[naked]
-            pub extern "C" fn $name (
+            pub unsafe extern "C" fn $name (
                 left: int_ty!($bytes), right_ptr: *mut int_ty!($bytes)
             ) -> int_ty!($bytes) {
                 unsafe { core::arch::asm! {
@@ -218,7 +218,7 @@ macro_rules! fetch_op {
         intrinsics! {
             #[maybe_use_optimized_c_shim]
             #[naked]
-            pub extern "C" fn $name (
+            pub unsafe extern "C" fn $name (
                 val: int_ty!($bytes), ptr: *mut int_ty!($bytes)
             ) -> int_ty!($bytes) {
                 unsafe { core::arch::asm! {
diff --git a/library/compiler-builtins/src/macros.rs b/library/compiler-builtins/src/macros.rs
index e3a381928c64..b11114f12388 100644
--- a/library/compiler-builtins/src/macros.rs
+++ b/library/compiler-builtins/src/macros.rs
@@ -204,7 +204,7 @@ macro_rules! intrinsics {
     (
         #[maybe_use_optimized_c_shim]
         $(#[$($attr:tt)*])*
-        pub extern $abi:tt fn $name:ident( $($argname:ident:  $ty:ty),* ) $(-> $ret:ty)? {
+        pub $(unsafe $(@ $empty:tt)? )? extern $abi:tt fn $name:ident( $($argname:ident:  $ty:ty),* ) $(-> $ret:ty)? {
             $($body:tt)*
         }
 
@@ -212,7 +212,7 @@ macro_rules! intrinsics {
     ) => (
         #[cfg($name = "optimized-c")]
         #[cfg_attr(feature = "weak-intrinsics", linkage = "weak")]
-        pub extern $abi fn $name( $($argname: $ty),* ) $(-> $ret)? {
+        pub $(unsafe $($empty)? )? extern $abi fn $name( $($argname: $ty),* ) $(-> $ret)? {
             extern $abi {
                 fn $name($($argname: $ty),*) $(-> $ret)?;
             }
@@ -224,7 +224,7 @@ macro_rules! intrinsics {
         #[cfg(not($name = "optimized-c"))]
         intrinsics! {
             $(#[$($attr)*])*
-            pub extern $abi fn $name( $($argname: $ty),* ) $(-> $ret)? {
+            pub $(unsafe $($empty)? )? extern $abi fn $name( $($argname: $ty),* ) $(-> $ret)? {
                 $($body)*
             }
         }
@@ -419,7 +419,7 @@ macro_rules! intrinsics {
     (
         #[naked]
         $(#[$($attr:tt)*])*
-        pub $(unsafe)? extern $abi:tt fn $name:ident( $($argname:ident:  $ty:ty),* ) $(-> $ret:ty)? {
+        pub unsafe extern $abi:tt fn $name:ident( $($argname:ident:  $ty:ty),* ) $(-> $ret:ty)? {
             $($body:tt)*
         }