crates/asm: fix aarch64 stack alignment, add bcmp/memcmp, gate entry for tests

amaanq · amaanq · commit 26c070700a85 · 2026-03-27T17:53:36.000-04:00
aarch64 logical instructions encode register 31 as xzr, not sp, so
`and sp, sp, #-16` is invalid. Use a temp register (x9) instead.

Add bcmp and memcmp implementations needed for -static linking without
libc (riscv64 codegen emits calls to bcmp for byte comparisons).

Gate _start, entry_rust, and the extern main declaration behind
cfg(not(test)) so cargo test can provide its own test harness main.
diff --git a/crates/asm/src/lib.rs b/crates/asm/src/lib.rs
@@ -55,212 +55,47 @@ pub unsafe extern "C" fn memset(s: *mut u8, c: i32, n: usize) -> *mut u8 {
   s
 }
 
-/// Calculates the length of a null-terminated string.
+/// Compares two byte sequences.
 ///
 /// # Safety
 ///
-/// `s` must be a valid pointer to a null-terminated string.
+/// `s1` and `s2` must be valid pointers to memory of at least `n` bytes.
 #[unsafe(no_mangle)]
-pub const unsafe extern "C" fn strlen(s: *const u8) -> usize {
-  let mut len = 0;
-  while unsafe { *s.add(len) } != 0 {
-    len += 1;
-  }
-  len
-}
-
-/// Function pointer type for the main application entry point.
-/// The function receives argc and argv and should return an exit code.
-pub type MainFn = unsafe extern "C" fn(i32, *const *const u8) -> i32;
-
-static mut MAIN_FN: Option<MainFn> = None;
-
-/// Register the main function to be called from the entry point.
-/// This must be called before the program starts (e.g., in a constructor).
-pub fn register_main(main_fn: MainFn) {
-  unsafe {
-    MAIN_FN = Some(main_fn);
+pub unsafe extern "C" fn bcmp(s1: *const u8, s2: *const u8, n: usize) -> i32 {
+  for i in 0..n {
+    let a = unsafe { *s1.add(i) };
+    let b = unsafe { *s2.add(i) };
+    if a != b {
+      return i32::from(a) - i32::from(b);
+    }
   }
+  0
 }
 
-/// Rust entry point called from `_start` assembly.
-///
-/// The `stack` pointer points to:
-/// `[rsp]`     = argc
-/// `[rsp+8]`   = argv[0]
-/// etc.
+/// Compares two byte sequences.
 ///
 /// # Safety
 ///
-/// The `stack` pointer must point to valid stack memory set up by the kernel
-/// AND the binary must define a `main` function with the following signature:
-///
-/// ```rust,ignore
-/// unsafe extern "C" fn main(argc: i32, argv: *const *const u8) -> i32`
-/// ```
+/// `s1` and `s2` must be valid pointers to memory of at least `n` bytes.
 #[unsafe(no_mangle)]
-pub unsafe extern "C" fn entry_rust(stack: *const usize) -> i32 {
-  // Read argc and argv from stack
-  let argc = unsafe { *stack };
-  let argv = unsafe { stack.add(1).cast::<*const u8>() };
-
-  // SAFETY: argc is unlikely to exceed i32::MAX on real systems
-  let argc_i32 = i32::try_from(argc).unwrap_or(i32::MAX);
-
-  // Call the main function (defined by the binary crate)
-  unsafe { main(argc_i32, argv) }
-}
-
-// External main function that must be defined by the binary using this crate.
-// Signature: `unsafe extern "C" fn main(argc: i32, argv: *const *const u8) ->
-// i32`
-unsafe extern "C" {
-  fn main(argc: i32, argv: *const *const u8) -> i32;
+pub unsafe extern "C" fn memcmp(s1: *const u8, s2: *const u8, n: usize) -> i32 {
+  unsafe { bcmp(s1, s2, n) }
 }
 
-#[cfg(target_arch = "x86_64")]
-mod entry {
-  use core::arch::naked_asm;
-
-  /// Entry point that receives stack pointer directly from kernel.
-  /// On `x86_64` Linux at program start:
-  ///
-  ///   - `[rsp]`     = argc
-  ///   - `[rsp+8]`   = argv[0]
-  ///   - `[rsp+16]`  = argv[1]
-  ///   - ...
-  ///   - `[rsp+8n]`  = NULL
-  ///   - `[rsp+8n+8]` = envp[0]
-  ///
-  /// # Safety
-  ///
-  /// This is a naked function with no prologue or epilogue. It directly
-  /// manipulates the stack pointer (`rsp`) and assumes it was called by the
-  /// kernel with a valid stack containing argc and argv. The function:
-  ///
-  ///   - Reads from `[rsp]` without validating the pointer
-  ///   - Modifies `rsp` directly (16-byte alignment)
-  ///   - Does not preserve any registers
-  ///   - Does not return normally (exits via syscall)
-  ///
-  /// This function MUST only be used as the program entry point (`_start`).
-  /// Calling it from any other context is undefined behavior. This has been
-  /// your safety notice. I WILL put UB in your Rust program.
-  #[unsafe(no_mangle)]
-  #[unsafe(naked)]
-  pub unsafe extern "C" fn _start() {
-    naked_asm!(
-      // Move stack pointer to first argument register
-      "mov rdi, rsp",
-      // Align stack to 16-byte boundary (System V AMD64 ABI requirement)
-      "and rsp, -16",
-      // Call into Rust code
-      "call {entry_rust}",
-      // Move return code to syscall argument
-      "mov rdi, rax",
-      // Exit syscall
-      "mov rax, 60",  // SYS_exit
-      "syscall",
-      entry_rust = sym super::entry_rust,
-    );
-  }
-}
-
-#[cfg(target_arch = "aarch64")]
-mod entry {
-  use core::arch::naked_asm;
-
-  /// Entry point that receives stack pointer directly from kernel.
-  /// On `aarch64` Linux at program start, the stack layout is identical
-  /// to x86_64:
-  ///
-  ///   - `[sp]`      = argc
-  ///   - `[sp+8]`    = argv[0]
-  ///   - ...
-  ///
-  /// # Safety
-  ///
-  /// This is a naked function with no prologue or epilogue. It directly
-  /// manipulates the stack pointer (`sp`) and assumes it was called by the
-  /// kernel with a valid stack containing argc and argv. The function:
-  ///
-  ///   - Reads from `[sp]` without validating the pointer
-  ///   - Modifies `sp` directly (16-byte alignment)
-  ///   - Does not preserve any registers
-  ///   - Does not return normally (exits via SVC instruction)
-  ///
-  /// This function MUST only be used as the program entry point (`_start`).
-  /// Calling it from any other context is undefined behavior.
-  #[unsafe(no_mangle)]
-  #[unsafe(naked)]
-  pub unsafe extern "C" fn _start() {
-    naked_asm!(
-      // Move stack pointer to first argument register
-      "mov x0, sp",
-      // Align stack to 16-byte boundary (AArch64 ABI requirement)
-      "and sp, sp, -16",
-      // Call into Rust code
-      "bl {entry_rust}",
-      // Move return code to syscall argument
-      "mov x0, x0",
-      // Exit syscall
-      "mov x8, 93",  // SYS_exit
-      "svc #0",
-      entry_rust = sym super::entry_rust,
-    );
-  }
-}
-
-#[cfg(target_arch = "riscv64")]
-mod entry {
-  use core::arch::naked_asm;
-
-  /// Entry point that receives stack pointer directly from kernel.
-  /// On `riscv64` Linux at program start, the stack layout is identical
-  /// to x86_64:
-  ///
-  ///   - `[sp]`      = argc
-  ///   - `[sp+8]`    = argv[0]
-  ///   - ...
-  ///
-  /// # Safety
-  ///
-  /// This is a naked function with no prologue or epilogue. It directly
-  /// manipulates the stack pointer (`sp`) and assumes it was called by the
-  /// kernel with a valid stack containing argc and argv. The function:
-  ///
-  ///   - Reads from `[sp]` without validating the pointer
-  ///   - Modifies `sp` directly (16-byte alignment)
-  ///   - Does not preserve any registers
-  ///   - Does not return normally (exits via ECALL instruction)
-  ///
-  /// This function MUST only be used as the program entry point (`_start`).
-  /// Calling it from any other context is undefined behavior.
-  #[unsafe(no_mangle)]
-  #[unsafe(naked)]
-  pub unsafe extern "C" fn _start() {
-    naked_asm!(
-      // Move stack pointer to first argument register
-      "mv a0, sp",
-      // Align stack to 16-byte boundary (RISC-V ABI requirement)
-      "andi sp, sp, -16",
-      // Call into Rust code
-      "call {entry_rust}",
-      // Move return code to syscall argument
-      "mv a0, a0",
-      // Exit syscall
-      "li a7, 93",  // SYS_exit
-      "ecall",
-      entry_rust = sym super::entry_rust,
-    );
+/// Calculates the length of a null-terminated string.
+///
+/// # Safety
+///
+/// `s` must be a valid pointer to a null-terminated string.
+#[unsafe(no_mangle)]
+pub const unsafe extern "C" fn strlen(s: *const u8) -> usize {
+  let mut len = 0;
+  while unsafe { *s.add(len) } != 0 {
+    len += 1;
   }
+  len
 }
 
-// Re-export the entry point
-#[cfg(target_arch = "x86_64")] pub use entry::_start;
-#[cfg(target_arch = "aarch64")] pub use entry::_start;
-#[cfg(target_arch = "riscv64")] pub use entry::_start;
-
 /// Direct syscall to open a file
 ///
 /// # Returns
diff --git a/microfetch/src/main.rs b/microfetch/src/main.rs
@@ -3,13 +3,77 @@
 
 extern crate alloc;
 
+use core::arch::naked_asm;
 use core::panic::PanicInfo;
 
 use microfetch_alloc::BumpAllocator;
 // Re-export libc replacement functions from asm crate
 pub use microfetch_asm::{memcpy, memset, strlen};
 use microfetch_asm::{sys_exit, sys_write};
 
+// ---------------------------------------------------------------------------
+// Program entry point: _start → entry_rust → main
+//
+// These live in the binary crate (not the asm library) because #[no_mangle]
+// _start in an .rlib would conflict with Scrt1.o when any dependent crate
+// builds a test harness.
+// ---------------------------------------------------------------------------
+
+/// Rust entry point called from the arch-specific `_start` trampolines below.
+#[unsafe(no_mangle)]
+unsafe extern "C" fn entry_rust(stack: *const usize) -> i32 {
+  let argc = unsafe { *stack };
+  let argv = unsafe { stack.add(1).cast::<*const u8>() };
+  let argc_i32 = i32::try_from(argc).unwrap_or(i32::MAX);
+  unsafe { main(argc_i32, argv) }
+}
+
+#[cfg(target_arch = "x86_64")]
+#[unsafe(no_mangle)]
+#[unsafe(naked)]
+unsafe extern "C" fn _start() {
+  naked_asm!(
+    "mov rdi, rsp",
+    "and rsp, -16",
+    "call {entry_rust}",
+    "mov rdi, rax",
+    "mov rax, 60",
+    "syscall",
+    entry_rust = sym entry_rust,
+  );
+}
+
+#[cfg(target_arch = "aarch64")]
+#[unsafe(no_mangle)]
+#[unsafe(naked)]
+unsafe extern "C" fn _start() {
+  naked_asm!(
+    "mov x0, sp",
+    "mov x9, sp",
+    "and x9, x9, #-16",
+    "mov sp, x9",
+    "bl {entry_rust}",
+    "mov x8, #93",
+    "svc #0",
+    entry_rust = sym entry_rust,
+  );
+}
+
+#[cfg(target_arch = "riscv64")]
+#[unsafe(no_mangle)]
+#[unsafe(naked)]
+unsafe extern "C" fn _start() {
+  naked_asm!(
+    "mv a0, sp",
+    "andi sp, sp, -16",
+    "call {entry_rust}",
+    "mv a0, a0",
+    "li a7, 93",
+    "ecall",
+    entry_rust = sym entry_rust,
+  );
+}
+
 // Global allocator
 #[global_allocator]
 static ALLOCATOR: BumpAllocator = BumpAllocator::new();
