Add lint against invalid runtime symbol definitions

Urgau · Urgau · commit 856305bdd62c · 2026-04-20T08:47:58.000+02:00
diff --git a/Cargo.lock b/Cargo.lock
@@ -4175,6 +4175,7 @@ dependencies = [
  "rustc_parse_format",
  "rustc_session",
  "rustc_span",
+ "rustc_symbol_mangling",
  "rustc_target",
  "rustc_trait_selection",
  "smallvec",
diff --git a/compiler/rustc_lint/Cargo.toml b/compiler/rustc_lint/Cargo.toml
@@ -22,6 +22,7 @@ rustc_middle = { path = "../rustc_middle" }
 rustc_parse_format = { path = "../rustc_parse_format" }
 rustc_session = { path = "../rustc_session" }
 rustc_span = { path = "../rustc_span" }
+rustc_symbol_mangling = { path = "../rustc_symbol_mangling" }
 rustc_target = { path = "../rustc_target" }
 rustc_trait_selection = { path = "../rustc_trait_selection" }
 smallvec = { version = "1.8.1", features = ["union", "may_dangle"] }
diff --git a/compiler/rustc_lint/src/lib.rs b/compiler/rustc_lint/src/lib.rs
@@ -69,6 +69,7 @@ mod precedence;
 mod ptr_nulls;
 mod redundant_semicolon;
 mod reference_casting;
+mod runtime_symbols;
 mod shadowed_into_iter;
 mod static_mut_refs;
 mod traits;
@@ -112,6 +113,7 @@ use precedence::*;
 use ptr_nulls::*;
 use redundant_semicolon::*;
 use reference_casting::*;
+use runtime_symbols::*;
 use rustc_hir::def_id::LocalModDefId;
 use rustc_middle::query::Providers;
 use rustc_middle::ty::TyCtxt;
@@ -241,6 +243,7 @@ late_lint_methods!(
             AsyncFnInTrait: AsyncFnInTrait,
             NonLocalDefinitions: NonLocalDefinitions::default(),
             InteriorMutableConsts: InteriorMutableConsts,
+            RuntimeSymbols: RuntimeSymbols,
             ImplTraitOvercaptures: ImplTraitOvercaptures,
             IfLetRescope: IfLetRescope::default(),
             StaticMutRefs: StaticMutRefs,
diff --git a/compiler/rustc_lint/src/lints.rs b/compiler/rustc_lint/src/lints.rs
@@ -848,6 +848,33 @@ pub(crate) enum UseLetUnderscoreIgnoreSuggestion {
     },
 }
 
+// runtime_symbols.rs
+#[derive(Diagnostic)]
+pub(crate) enum RedefiningRuntimeSymbolsDiag<'tcx> {
+    #[diag(
+        "invalid definition of the runtime `{$symbol_name}` symbol used by the standard library"
+    )]
+    #[note(
+        "expected `{$expected_fn_sig}`
+    found    `{$found_fn_sig}`"
+    )]
+    #[help(
+        "either fix the signature or remove any attributes like `#[unsafe(no_mangle)]`, `#[unsafe(export_name = \"{$symbol_name}\")]`, or `#[link_name = \"{$symbol_name}\"]`"
+    )]
+    FnDef { symbol_name: String, expected_fn_sig: Ty<'tcx>, found_fn_sig: Ty<'tcx> },
+    #[diag(
+        "invalid definition of the runtime `{$symbol_name}` symbol used by the standard library"
+    )]
+    #[note(
+        "expected `{$expected_fn_sig}`
+    found    `static {$symbol_name}: {$static_ty}`"
+    )]
+    #[help(
+        "either fix the signature or remove any attributes `#[unsafe(no_mangle)]` or `#[unsafe(export_name = \"{$symbol_name}\")]`"
+    )]
+    Static { symbol_name: String, static_ty: Ty<'tcx>, expected_fn_sig: Ty<'tcx> },
+}
+
 // drop_forget_useless.rs
 #[derive(Diagnostic)]
 #[diag("calls to `std::mem::drop` with a reference instead of an owned value does nothing")]
diff --git a/compiler/rustc_lint/src/runtime_symbols.rs b/compiler/rustc_lint/src/runtime_symbols.rs
@@ -0,0 +1,195 @@
+use rustc_hir::def_id::{DefId, LocalDefId};
+use rustc_hir::{self as hir, FnSig, ForeignItemKind, LanguageItems};
+use rustc_infer::infer::DefineOpaqueTypes;
+use rustc_middle::ty::{self, Instance, Ty};
+use rustc_session::{declare_lint, declare_lint_pass};
+use rustc_span::Span;
+use rustc_trait_selection::infer::TyCtxtInferExt;
+
+use crate::lints::RedefiningRuntimeSymbolsDiag;
+use crate::{LateContext, LateLintPass, LintContext};
+
+declare_lint! {
+    /// The `invalid_runtime_symbol_definitions` lint checks the signature of items whose
+    /// symbol name is a runtime symbols expected by `core`.
+    ///
+    /// ### Example
+    ///
+    /// ```rust,compile_fail
+    /// #[unsafe(no_mangle)]
+    /// pub fn strlen() {} // invalid definition of the `strlen` function
+    /// ```
+    ///
+    /// {{produces}}
+    ///
+    /// ### Explanation
+    ///
+    /// Up-most care is required when defining runtime symbols assumed and
+    /// used by the standard library. They must follow the C specification, not use any
+    /// standard-library facility or undefined behavior may occur.
+    ///
+    /// The symbols currently checked are `memcpy`, `memmove`, `memset`, `memcmp`,
+    /// `bcmp` and `strlen`.
+    ///
+    /// [^1]: https://doc.rust-lang.org/core/index.html#how-to-use-the-core-library
+    pub INVALID_RUNTIME_SYMBOL_DEFINITIONS,
+    Deny,
+    "invalid definition of a symbol used by the standard library"
+}
+
+declare_lint_pass!(RuntimeSymbols => [INVALID_RUNTIME_SYMBOL_DEFINITIONS]);
+
+static EXPECTED_SYMBOLS: &[ExpectedSymbol] = &[
+    ExpectedSymbol { symbol: "memcpy", lang: LanguageItems::memcpy_fn },
+    ExpectedSymbol { symbol: "memmove", lang: LanguageItems::memmove_fn },
+    ExpectedSymbol { symbol: "memset", lang: LanguageItems::memset_fn },
+    ExpectedSymbol { symbol: "memcmp", lang: LanguageItems::memcmp_fn },
+    ExpectedSymbol { symbol: "bcmp", lang: LanguageItems::bcmp_fn },
+    ExpectedSymbol { symbol: "strlen", lang: LanguageItems::strlen_fn },
+];
+
+#[derive(Copy, Clone, Debug)]
+struct ExpectedSymbol {
+    symbol: &'static str,
+    lang: fn(&LanguageItems) -> Option<DefId>,
+}
+
+impl<'tcx> LateLintPass<'tcx> for RuntimeSymbols {
+    fn check_item(&mut self, cx: &LateContext<'tcx>, item: &'tcx hir::Item<'tcx>) {
+        // Bail-out if the item is not a function/method or static.
+        match item.kind {
+            hir::ItemKind::Fn { sig, ident: _, generics, body: _, has_body: _ } => {
+                // Generic functions cannot have the same runtime symbol as we do not allow
+                // any symbol attributes.
+                if !generics.params.is_empty() {
+                    return;
+                }
+
+                // Try to the overridden symbol name of this function (our mangling
+                // cannot ever conflict with runtime symbols, so no need to check for those).
+                let Some(symbol_name) = rustc_symbol_mangling::symbol_name_from_attrs(
+                    cx.tcx,
+                    rustc_middle::ty::InstanceKind::Item(item.owner_id.to_def_id()),
+                ) else {
+                    return;
+                };
+
+                check_fn(cx, &symbol_name, sig, item.owner_id.def_id);
+            }
+            hir::ItemKind::Static(..) => {
+                // Compute the symbol name of this static (without mangling, as our mangling
+                // cannot ever conflict with runtime symbols).
+                let Some(symbol_name) = rustc_symbol_mangling::symbol_name_from_attrs(
+                    cx.tcx,
+                    rustc_middle::ty::InstanceKind::Item(item.owner_id.to_def_id()),
+                ) else {
+                    return;
+                };
+
+                let def_id = item.owner_id.def_id;
+                let static_ty = cx.tcx.type_of(def_id).instantiate_identity();
+
+                check_static(cx, &symbol_name, static_ty, item.span);
+            }
+            hir::ItemKind::ForeignMod { abi: _, items } => {
+                for item in items {
+                    let item = cx.tcx.hir_foreign_item(*item);
+
+                    let did = item.owner_id.def_id;
+                    let instance = Instance::new_raw(
+                        did.to_def_id(),
+                        ty::List::identity_for_item(cx.tcx, did),
+                    );
+                    let symbol_name = cx.tcx.symbol_name(instance);
+
+                    match item.kind {
+                        ForeignItemKind::Fn(fn_sig, _idents, _generics) => {
+                            check_fn(cx, &symbol_name.name, fn_sig, did);
+                        }
+                        ForeignItemKind::Static(..) => {
+                            let def_id = item.owner_id.def_id;
+                            let static_ty = cx.tcx.type_of(def_id).instantiate_identity();
+                            check_static(cx, &symbol_name.name, static_ty, item.span);
+                        }
+                        ForeignItemKind::Type => return,
+                    }
+                }
+            }
+            _ => return,
+        }
+    }
+}
+
+fn check_fn(cx: &LateContext<'_>, symbol_name: &str, sig: FnSig<'_>, did: LocalDefId) {
+    let Some(expected_symbol) = EXPECTED_SYMBOLS.iter().find(|es| es.symbol == symbol_name) else {
+        // The symbol name does not correspond to a runtime symbols, bail out
+        return;
+    };
+
+    let Some(expected_def_id) = (expected_symbol.lang)(&cx.tcx.lang_items()) else {
+        // Can't find the corresponding language item, bail out
+        return;
+    };
+
+    // Get the two function signatures
+    let lang_sig = cx.tcx.normalize_erasing_regions(
+        cx.typing_env(),
+        cx.tcx.fn_sig(expected_def_id).instantiate_identity(),
+    );
+    let user_sig = cx
+        .tcx
+        .normalize_erasing_regions(cx.typing_env(), cx.tcx.fn_sig(did).instantiate_identity());
+
+    // Compare the two signatures with an inference context
+    let infcx = cx.tcx.infer_ctxt().build(cx.typing_mode());
+    let cause = rustc_middle::traits::ObligationCause::misc(sig.span, did);
+    let result = infcx.at(&cause, cx.param_env).eq(DefineOpaqueTypes::No, lang_sig, user_sig);
+
+    // If they don't match, emit our own mismatch signatures
+    if let Err(_terr) = result {
+        // Create fn pointers for diagnostics purpose
+        let expected = Ty::new_fn_ptr(cx.tcx, lang_sig);
+        let actual = Ty::new_fn_ptr(cx.tcx, user_sig);
+
+        cx.emit_span_lint(
+            INVALID_RUNTIME_SYMBOL_DEFINITIONS,
+            sig.span,
+            RedefiningRuntimeSymbolsDiag::FnDef {
+                symbol_name: symbol_name.to_string(),
+                found_fn_sig: actual,
+                expected_fn_sig: expected,
+            },
+        );
+    }
+}
+
+fn check_static<'tcx>(cx: &LateContext<'tcx>, symbol_name: &str, static_ty: Ty<'tcx>, sp: Span) {
+    let Some(expected_symbol) = EXPECTED_SYMBOLS.iter().find(|es| es.symbol == symbol_name) else {
+        // The symbol name does not correspond to a runtime symbols, bail out
+        return;
+    };
+
+    let Some(expected_def_id) = (expected_symbol.lang)(&cx.tcx.lang_items()) else {
+        // Can't find the corresponding language item, bail out
+        return;
+    };
+
+    // Unconditionally report a mismatch, a static cannot ever be a function definition
+
+    let lang_sig = cx.tcx.normalize_erasing_regions(
+        cx.typing_env(),
+        cx.tcx.fn_sig(expected_def_id).instantiate_identity(),
+    );
+
+    let expected = Ty::new_fn_ptr(cx.tcx, lang_sig);
+
+    cx.emit_span_lint(
+        INVALID_RUNTIME_SYMBOL_DEFINITIONS,
+        sp,
+        RedefiningRuntimeSymbolsDiag::Static {
+            static_ty,
+            symbol_name: symbol_name.to_string(),
+            expected_fn_sig: expected,
+        },
+    );
+}
diff --git a/tests/ui/lint/runtime-symbols.rs b/tests/ui/lint/runtime-symbols.rs
@@ -0,0 +1,54 @@
+// This test checks the runtime symbols lint.
+
+//@ edition: 2021
+//@ normalize-stderr: "\*const [iu]8" -> "*const U8"
+
+#![allow(clashing_extern_declarations)] // we are volontary testing differents defs
+
+use core::ffi::{c_char, c_int, c_void};
+
+fn invalid() {
+    #[no_mangle]
+    pub extern "C" fn memcpy(dest: *mut c_void, src: *const c_void, n: i64) -> *mut c_void {
+        std::ptr::null_mut()
+    }
+    //~^^^ ERROR invalid definition of the runtime `memcpy` symbol
+
+    #[no_mangle]
+    pub fn memmove() {}
+    //~^ ERROR invalid definition of the runtime `memmove` symbol
+
+    extern "C" {
+        pub fn memset();
+        //~^ ERROR invalid definition of the runtime `memset` symbol
+
+        pub fn memcmp();
+        //~^ ERROR invalid definition of the runtime `memcmp` symbol
+    }
+
+    #[export_name = "bcmp"]
+    pub fn bcmp_() {}
+    //~^ ERROR invalid definition of the runtime `bcmp` symbol
+
+    #[no_mangle]
+    pub static strlen: () = ();
+    //~^ ERROR invalid definition of the runtime `strlen` symbol
+}
+
+fn valid() {
+    extern "C" {
+        fn memcpy(dest: *mut c_void, src: *const c_void, n: usize) -> *mut c_void;
+
+        fn memmove(dest: *mut c_void, src: *const c_void, n: usize) -> *mut c_void;
+
+        fn memset(s: *mut c_void, c: c_int, n: usize) -> *mut c_void;
+
+        fn memcmp(s1: *const c_void, s2: *const c_void, n: usize) -> c_int;
+
+        fn bcmp(s1: *const c_void, s2: *const c_void, n: usize) -> c_int;
+
+        fn strlen(s: *const c_char) -> usize;
+    }
+}
+
+fn main() {}
diff --git a/tests/ui/lint/runtime-symbols.stderr b/tests/ui/lint/runtime-symbols.stderr
@@ -0,0 +1,63 @@
+error: invalid definition of the runtime `memcpy` symbol used by the standard library
+  --> $DIR/runtime-symbols.rs:12:5
+   |
+LL |     pub extern "C" fn memcpy(dest: *mut c_void, src: *const c_void, n: i64) -> *mut c_void {
+   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+   |
+   = note: expected `unsafe extern "C" fn(*mut c_void, *const c_void, usize) -> *mut c_void`
+           found    `extern "C" fn(*mut c_void, *const c_void, i64) -> *mut c_void`
+   = help: either fix the signature or remove any attributes like `#[unsafe(no_mangle)]`, `#[unsafe(export_name = "memcpy")]`, or `#[link_name = "memcpy"]`
+   = note: `#[deny(invalid_runtime_symbol_definitions)]` on by default
+
+error: invalid definition of the runtime `memmove` symbol used by the standard library
+  --> $DIR/runtime-symbols.rs:18:5
+   |
+LL |     pub fn memmove() {}
+   |     ^^^^^^^^^^^^^^^^
+   |
+   = note: expected `unsafe extern "C" fn(*mut c_void, *const c_void, usize) -> *mut c_void`
+           found    `fn()`
+   = help: either fix the signature or remove any attributes like `#[unsafe(no_mangle)]`, `#[unsafe(export_name = "memmove")]`, or `#[link_name = "memmove"]`
+
+error: invalid definition of the runtime `memset` symbol used by the standard library
+  --> $DIR/runtime-symbols.rs:22:9
+   |
+LL |         pub fn memset();
+   |         ^^^^^^^^^^^^^^^^
+   |
+   = note: expected `unsafe extern "C" fn(*mut c_void, i32, usize) -> *mut c_void`
+           found    `unsafe extern "C" fn()`
+   = help: either fix the signature or remove any attributes like `#[unsafe(no_mangle)]`, `#[unsafe(export_name = "memset")]`, or `#[link_name = "memset"]`
+
+error: invalid definition of the runtime `memcmp` symbol used by the standard library
+  --> $DIR/runtime-symbols.rs:25:9
+   |
+LL |         pub fn memcmp();
+   |         ^^^^^^^^^^^^^^^^
+   |
+   = note: expected `unsafe extern "C" fn(*const c_void, *const c_void, usize) -> i32`
+           found    `unsafe extern "C" fn()`
+   = help: either fix the signature or remove any attributes like `#[unsafe(no_mangle)]`, `#[unsafe(export_name = "memcmp")]`, or `#[link_name = "memcmp"]`
+
+error: invalid definition of the runtime `bcmp` symbol used by the standard library
+  --> $DIR/runtime-symbols.rs:30:5
+   |
+LL |     pub fn bcmp_() {}
+   |     ^^^^^^^^^^^^^^
+   |
+   = note: expected `unsafe extern "C" fn(*const c_void, *const c_void, usize) -> i32`
+           found    `fn()`
+   = help: either fix the signature or remove any attributes like `#[unsafe(no_mangle)]`, `#[unsafe(export_name = "bcmp")]`, or `#[link_name = "bcmp"]`
+
+error: invalid definition of the runtime `strlen` symbol used by the standard library
+  --> $DIR/runtime-symbols.rs:34:5
+   |
+LL |     pub static strlen: () = ();
+   |     ^^^^^^^^^^^^^^^^^^^^^^^^^^^
+   |
+   = note: expected `unsafe extern "C" fn(*const U8) -> usize`
+           found    `static strlen: ()`
+   = help: either fix the signature or remove any attributes `#[unsafe(no_mangle)]` or `#[unsafe(export_name = "strlen")]`
+
+error: aborting due to 6 previous errors
+
