It is implemented as asm!("ret"); hint::unreachable_unchecked(), which is unconditionally UB to execute. It is completely valid for the codegen backend to outline the inline asm into another function (causing the unreachable_unchecked() to be hit which is UB and possibly have a corrupt stack due to missing stack pointer adjustments before returning. An example of a codegen backend that does this is cg_clif as Cranelift doesn't have a builtin assembler) or to ignore the #[inline(always)] on fn ret(), causing a regular return from a diverging function, which is UB too.
And aarch64_cpu::asm::eret should probably be marked as unsafe. And unless the exception/interrupt entrypoint resets the EL1 stack pointer back to the original value, there is no guarantee that you won't get a stack overflow eventually due to stack pointer adjustments being skipped.
It is implemented as
asm!("ret"); hint::unreachable_unchecked(), which is unconditionally UB to execute. It is completely valid for the codegen backend to outline the inline asm into another function (causing theunreachable_unchecked()to be hit which is UB and possibly have a corrupt stack due to missing stack pointer adjustments before returning. An example of a codegen backend that does this is cg_clif as Cranelift doesn't have a builtin assembler) or to ignore the#[inline(always)]onfn ret(), causing a regular return from a diverging function, which is UB too.And
aarch64_cpu::asm::eretshould probably be marked as unsafe. And unless the exception/interrupt entrypoint resets the EL1 stack pointer back to the original value, there is no guarantee that you won't get a stack overflow eventually due to stack pointer adjustments being skipped.